Download INTRODUCTION TO INFORMATION SYSTEMS TECHNOLOGY

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Airport security wikipedia , lookup

Cross-site scripting wikipedia , lookup

Cryptanalysis wikipedia , lookup

Malware wikipedia , lookup

Information security wikipedia , lookup

Cyberwarfare wikipedia , lookup

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Hacker wikipedia , lookup

Cyber-security regulation wikipedia , lookup

Denial-of-service attack wikipedia , lookup

Unix security wikipedia , lookup

Distributed firewall wikipedia , lookup

Security-focused operating system wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Mobile security wikipedia , lookup

Cybercrime wikipedia , lookup

Social engineering (security) wikipedia , lookup

Cyberattack wikipedia , lookup

Computer security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript
MANAGING SECURITY
(Week 15, Thursday 4/19/2007)
BUS3500 - Abdou Illia, Spring 2007
1
LEARNING GOALS

Discuss the major threats to information
systems.

Describe protection systems

Describe the major components of an
information systems security plan.
2
The Security Problem

2002 Computer Crime and Security Survey




90% of large companies and government
agencies reported computer security breach
80% reported sizeable financial loss
Only 40% indicated security attacks came from
outside the company
85% reported as victim of computer virus
3
Attack strategy 1

Scanning





Use Brute Force attack or Dictionary attack


Ping messages (To know if a potential victim exist)
Supervisory messages (To know if victim available)
Tracert, Traceroute (to know about security systems)
Check the Internet (e.g. www.cert.org) for latest systems
vulnerabilities
Trying millions of usernames and passwords
Use Social engineering strategy to get other
information

Tricking employees to provide passwords, keys and other info.
4
Attack strategy 2

Examining data that responses reveal

Users login names and password

IP addresses of potential victims



Potential victim’s operating systems, version number, etc.
Deciding types of attacks





What services servers are running; different services have
different weaknesses
DoS attacks using servers valid IP addresses
Ping of Death on servers with older operating systems
Illicit content attacks using identified Open Mail servers
System intrusion on improperly configured servers
Launch the attacks
5
Major security threats

Denial of Service (DoS) attacks


Content attack


The attacker makes a target (usually a server) deny
service to legitimate users
Sending messages with illicit or malicious content
System intrusion

Getting unauthorized access to a network
6
Tear Drop DoS

Sending a stream of request messages to the
target

Making the target run very slowly or crash

Objective is to have the target deny service to
legitimate users
Legitimate request
Legitimate user
DoS requests
Server
Legitimate request
Attacker
Legitimate user
http://www.netscantools.com/nstpro_netscanner.html
7
Ping of Death attacks

Take advantage of

Some operating systems inability to handle packets
larger than 65 536 bytes

Attacker sends request message that are larger
than 65,536 bytes (i.e. oversized packets)

Most operating systems have been fixed to
prevent this type of attack from occurring, but
occurred recently on Win Server 2003 systems
8
Defense against Tear Drop DoS

Usually, Tear Drop attack messages

Include Heading fields that might hide false
identity
IP-H
TCP-H
Application Layer Message
IP-H
UDP-H
Application Layer Message
Defense systems for protecting against DoS attacks are
designed to check message headers. Could be Packet
Firewalls or Intrusion Detection Systems (IDS)
9
Firewall?

A security system that implement an access
control policy between two networks


Usually between the corporate network and an
external network.
A firewall is configured to decide:

The types of messages that enters a network

The types of messages that leaves the network
10
Content attacks

Incoming messages with:

Malicious content (or malware)




Viruses (infect files on a single computer)
Worms (Propagate across system by themselves)
Trojan horses (programs designed to damage or take
control of the host computer)
Illicit content



Pornography
Sexually or racially harassing e-mails
Spams (unsolicited commercial e-mails)
Q: Besides through emails, how can a computer system be a victim11
of a virus, worm, or Trojan horse attack.
Trojan horse

A computer program



When executed, a Trojan horse could




That appears as a useful program like a
game, a screen saver, etc.
But, is really a program designed to damage
or take control of the host computer
Format disks
Delete files
Allow a remote computer to take control of
the host computer
NetBus and SubSeven used to be
attackers’ favorite programs for target
remote control
12
Trojan horse
NetBus Interface
13
Question

How could a computer system or a network
be a victim of malicious or illicit content
attacks?
14
Open Mail Server

Most content attack messages are sent through Open
Mail Servers

Improperly configured Mail Servers that accept fake
outgoing email addresses)
Q: How can you protect a stand-alone computer or a network
against malicious content attacks?
15
Open Mail Server
16
Protection against content attacks
Antivirus controls
 Application Firewalls



Catch every incoming message to check for
illicit content in its data field
If illicit content detected, message is blocked
Checked Message
Legitimate Message
Illicit Message
Attacker
Application
Firewall
Target
17
System Intrusion

Gaining unauthorized access to a computer
system by an intruder

A hacker is an intruder who breaks into a
computer system to learn about it


Not to cause damage
Not to steal information

A cracker is an intruder who breaks into a
computer system to cause damage and/or to
steal information

Script kiddies are people with little
programming skills who use publicly available
software to breach into systems
18
Intrusion Detection Systems

Software or hardware device that


Capture network activity data in log files
Generate alarms in case of suspicious
activities
19
Information Security Plan


Goal: manage the risks and lessen the
possibility that security breach occurs
Three main aspects
1) Technical Security solution
2) Security policies and procedures
3) Security education program
20
Continued…
21
22
Risk Analysis
Assess what systems get what levels of
security
 Two approaches


Quantitative


Estimate probability of threat and monetary loss
Qualitative


Determines each system’s importance and the
possible threats and vulnerabilities
Organization then ranks systems
23
Roles and Responsibilities

Determine who is responsible for the two
main aspects of system security



Information security (digital security)
Physical security
Chief Security Officer

Charged with maintaining both physical and
information security in large organizations
24
Systems Configuration


Details how an organization’s information
systems should be put together and connected
Poorly written software can be a major security
vulnerability

Software must be updated frequently



CERT Advisory Mailing List
Microsoft Windows Update
Software can be configured to locate updates
automatically
25
Antivirus Controls
Each virus or worm has a unique program
structure
 Key aspect of relying on antivirus software
is ensuring that antivirus definitions are
up-to-date



Norton Antivirus definitions
Updating can be scheduled regularly and
automatically – Norton LiveUpdate
26
Physical Security
Physical access control – securing the
actual space where computer systems
reside
 Physical controls apply to employees as
well as outsiders
 Types of physical controls




Procedural
Mechanical
Biometric (fingerprints, iris scan, voice
recognition)
27
Network Security

Multiple layers



Passwords
Firewalls
Intrusion detection systems


Policies and procedures



Monitor corporate systems for patterns of suspicious
behavior
How often users must change passwords and prohibit the
reusing of passwords
Prescriptions for length and composition of passwords
Security education
28
Data Access

Details who should be given access to
what data


Access security
Modify security
29
Summary Questions
Malaga
Notes
1) What is an illicit content attack? What is the difference
between a virus, a worm, and a Trojan horse? How
could a stand-alone computer or a network be a victim
of an illicit content attack?
2)
What is an Open Mail server? How could you protect a
stand-alone computer or a network against illicit
content attacks? What does a firewall do?
3) What is meant by systems intrusion? What is the
difference between hackers, crackers, and script
kiddies?
4) What is Social engineering? What is Brute Force attack?
5) What is the goal of an Information Security plan? What
are the three main components of an Information
Security plan?
30