Security+ Guide to Network

Security Fundamentals,
Fourth Edition

Chapter 1
Introduction to Security
 Objectives

• Describe the challenges of securing information

• Define information security and explain why it is
important
• Identify the types of attackers that are common
today
• List the basic steps of an attack
• Describe the five basic principles of defense

Security+ Guide to Network Security Fundamentals, Fourth Edition 2

 Challenges of Securing Information

• Security figures prominently in 21st century world

– Personal security
– Information security
• Securing information
– No simple solution
– Many different types of attacks
– Defending against attacks often difficult

Security+ Guide to Network Security Fundamentals, Fourth Edition 3

 Today’s Security Attacks

• Advances in computing power

– Make password-breaking easy
• Software vulnerabilities often not patched
– Smartphones a new target

Security+ Guide to Network Security Fundamentals, Fourth Edition 4

 Today’s Security Attacks (cont’d.)

• Examples of recent attacks

– Bogus antivirus software
• Marketed by credit card thieves
– Online banking attacks
– Hacking contest
– Nigerian 419 advanced fee fraud
• Number one type of Internet fraud
– Identity theft using Firesheep
– Malware
– Infected USB flash drive devices

Security+ Guide to Network Security Fundamentals, Fourth Edition 5

Table 1-1 Selected security breaches involving personal information in a one-month period
Security+ Guide to Network Security Fundamentals, Fourth Edition 6
 Difficulties in Defending Against
Attacks
• Universally connected devices
• Increased speed of attacks
• Greater sophistication of attacks
• Availability and simplicity of attack tools
• Faster detection of vulnerabilities

Security+ Guide to Network Security Fundamentals, Fourth Edition 7

 Difficulties in Defending Against
Attacks (cont’d.)
• Delays in patching
– Weak distribution of patches
• Distributed attacks
• User confusion

Security+ Guide to Network Security Fundamentals, Fourth Edition 8

 Table 1-2 Difficulties in defending against attacks

Security+ Guide to Network Security Fundamentals, Fourth Edition 9

 What Is Information Security?

• Before defense is possible, one must understand:

– What information security is
– Why it is important
– Who the attackers are

Security+ Guide to Network Security Fundamentals, Fourth Edition 10

 Defining Information Security

• Security
– Steps to protect person or property from harm
• Harm may be intentional or nonintentional
– Sacrifices convenience for safety
• Information security
– Guarding digitally-formatted information:
• That provides value to people and organizations

Security+ Guide to Network Security Fundamentals, Fourth Edition 11

 Defining Information Security (cont’d.)

• Three types of information protection: often called

CIA
– Confidentiality
• Only approved individuals may access information
– Integrity
• Information is correct and unaltered
– Availability
• Information is accessible to authorized users

Security+ Guide to Network Security Fundamentals, Fourth Edition 12

 Defining Information Security (cont’d.)

• Protections implemented to secure information

– Identification
• Proof of who you are
– Authentication
• Individual is who they claim to be
– Authorization
• Grant ability to access information
– Accounting
• Provides tracking of events

Security+ Guide to Network Security Fundamentals, Fourth Edition 13

 Figure 1-3 Information security components
© Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition 14

 Defining Information Security (cont’d.)

Table 1-3 Information security layers

Security+ Guide to Network Security Fundamentals, Fourth Edition 15

 Information Security Terminology

• Asset
– Item of value
• Threat
– Actions or events that have potential to cause harm
• Threat agent
– Person or element with power to carry out a threat

Security+ Guide to Network Security Fundamentals, Fourth Edition 16

 Table 1-4 Information technology assets

Security+ Guide to Network Security Fundamentals, Fourth Edition 17

 Information Security Terminology
(cont’d.)
• Vulnerability
– Flaw or weakness
• Threat agent can bypass security
• Risk
– Likelihood that threat agent will exploit vulnerability
– Cannot be eliminated entirely
• Cost would be too high
• Take too long to implement
– Some degree of risk must be assumed

Security+ Guide to Network Security Fundamentals, Fourth Edition 18

 Figure 1-4 Information security components analogy
© Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition 19

 Information Security Terminology
(cont’d.)
• Options to deal with risk
– Accept
• Realize there is a chance of loss
– Diminish
• Take precautions
• Most information security risks should be diminished
– Transfer risk to someone else
• Example: purchasing insurance

Security+ Guide to Network Security Fundamentals, Fourth Edition 20

 Understanding the Importance of
Information Security
• Preventing data theft
– Security often associated with theft prevention
– Business data theft
• Proprietary information
– Individual data theft
• Credit card numbers

Security+ Guide to Network Security Fundamentals, Fourth Edition 21

 Understanding the Importance of
Information Security (cont’d.)
• Thwarting identity theft
– Using another’s personal information in unauthorized
manner
• Usually for financial gain
– Example:
• Steal person’s SSN
• Create new credit card account
• Charge purchases
• Leave unpaid

Security+ Guide to Network Security Fundamentals, Fourth Edition 22

 Understanding the Importance of
Information Security (cont’d.)
• Maintaining productivity
– Post-attack clean up diverts resources
• Time and money

Table 1-6 Cost of attacks

Security+ Guide to Network Security Fundamentals, Fourth Edition 23

 Understanding the Importance of
Information Security (cont’d.)
• Foiling cyberterrorism
– Premeditated, politically motivated attacks
– Target: information, computer systems, data
– Designed to:
• Cause panic
• Provoke violence
• Result in financial catastrophe

Security+ Guide to Network Security Fundamentals, Fourth Edition 24

 Understanding the Importance of
Information Security (cont’d.)
• Potential cyberterrorism targets
– Banking
– Military
– Energy (power plants)
– Transportation (air traffic control centers)
– Water systems

Security+ Guide to Network Security Fundamentals, Fourth Edition 25

 Who Are the Attackers?

• Categories of attackers
– Hackers
– Script kiddies
– Spies
– Insiders
– Cybercriminals
– Cyberterrorists

Security+ Guide to Network Security Fundamentals, Fourth Edition 26

 Hackers

• Hacker
– Person who uses computer skills to attack
computers
– Term not common in security community
• White hat hackers
– Goal to expose security flaws
– Not to steal or corrupt data
• Black hat hackers
– Goal is malicious and destructive

Security+ Guide to Network Security Fundamentals, Fourth Edition 27

 Script Kiddies

• Script kiddies
– Goal: break into computers to create damage
– Unskilled users
– Download automated hacking software (scripts)
• Use them to perform malicious acts
– Attack software today has menu systems
• Attacks are even easier for unskilled users
– 40 percent of attacks performed by script kiddies

Security+ Guide to Network Security Fundamentals, Fourth Edition 28

 Spies

• Computer spy
– Person hired to break into a computer:
• To steal information
• Hired to attack a specific computer or system:
– Containing sensitive information
• Goal: steal information without drawing attention to
their actions
• Possess excellent computer skills:
– To attack and cover their tracks

Security+ Guide to Network Security Fundamentals, Fourth Edition 29

 Insiders

• Employees, contractors, and business partners

• 48 percent of breaches attributed to insiders
• Examples of insider attacks
– Health care worker publicized celebrities’ health
records
• Disgruntled over upcoming job termination
– Government employee planted malicious coding
script
– Stock trader concealed losses through fake
transactions
– U.S. Army private accessed sensitive documents
Security+ Guide to Network Security Fundamentals, Fourth Edition 30
 Cybercriminals

• Network of attackers, identity thieves, spammers,

financial fraudsters
• Difference from ordinary attackers
– More highly motivated
– Willing to take more risk
– Better funded
– More tenacious
– Goal: financial gain

Security+ Guide to Network Security Fundamentals, Fourth Edition 31

 Cybercriminals (cont’d.)

• Organized gangs of young attackers

– Eastern European, Asian, and third-world regions

Table 1-7 Characteristics of cybercriminals

Security+ Guide to Network Security Fundamentals, Fourth Edition 32

 Cybercriminals (cont’d.)

• Cybercrime
– Targeted attacks against financial networks
– Unauthorized access to information
– Theft of personal information
• Financial cybercrime
– Trafficking in stolen credit cards and financial
information
– Using spam to commit fraud

Security+ Guide to Network Security Fundamentals, Fourth Edition 33

 Cyberterrorists

• Cyberterrorists
– Ideological motivation
• Attacking because of their principles and beliefs
• Goals of a cyberattack:
– Deface electronic information
• Spread misinformation and propaganda
– Deny service to legitimate computer users
– Commit unauthorized intrusions
• Results: critical infrastructure outages; corruption of
vital data

Security+ Guide to Network Security Fundamentals, Fourth Edition 34

 Attacks and Defenses

• Wide variety of attacks

– Same basic steps used in attack
• To protect computers against attacks:
– Follow five fundamental security principles

Security+ Guide to Network Security Fundamentals, Fourth Edition 35

 Types of Attacks
• Destructive Attack
➢ Typical malware that overwrites data and damage applications

• Disruptive Attack
➢ Interrupt an event, activity or process with the malicious intent

• Cyber-Theft
➢ Use of a cyber-attack to steal financial or PII

• Ransomware Attack
➢ Form of malware in which files are encrypted for ransom

Security+ Guide to Network Security Fundamentals, Fourth Edition 36

 Types of Attacks (contd.)
• Zero-day Attack
➢ Exploits an unknown or unreported vulnerability in any application,
program or OS

• Social Engineering
➢ Manipulation of people to click on malicious link.

• Brute Force Attack

➢ Trial and error method to obtain user’s credentials

Security+ Guide to Network Security Fundamentals, Fourth Edition 37

 Steps of an Attack

• Probe for information

– Such as type of hardware or software used
• Penetrate any defenses
– Launch the attack
• Modify security settings
– Allows attacker to reenter compromised system
easily
• Circulate to other systems
– Same tools directed toward other systems
• Paralyze networks and devices
Security+ Guide to Network Security Fundamentals, Fourth Edition 38
 Figure 1-6
Steps of an attack
© Cengage Learning 2012

Security+ Guide to Network Security Fundamentals, Fourth Edition 39