Information Security and Cyber Threats

Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1of 14

Cyber Security Threats and

Countermeasures
Landscape
Presented by: Anjum Nazir
Sr. Network Security Analyst (UBL)
Security Consultant / Trainer (Geeks Hub)
Presentation Overview
• Key Terminologies
• Traditional Threat Vectors
• Modern Threats - Advance Persistent Threats
(APT)
• Conventional / Advance Security Approach
• Countermeasures
• Key Components of an Effective Security Program
• Questions?
Key Terminologies
• Vulnerability
– Software flaws, bugs, weaknesses, logic design or
implementation errors that could lead to un-expected and
undesirable results
• Exploit
– A piece of code or software that can take advantage of a
bug, vulnerability or weakness of the system leading to un-
authorized access, privilege escalation or denial of service
Key Terminologies (2)
• Attack
– An attack occurs when a system is being
compromised due to vulnerability.
– Many attacks are perpetuated via an exploit.
• Threat
– An environment or situation that could lead to a
potential security breach.
Traditional Threat Vectors
“stealth” / advanced Tools
scanning techniques

High packet spoofing denial of service


DDOS
sniffers
Intruder attacks
Knowledge www
sweepers
attacks
automated probes/scans
GUI
back doors
disabling audits network mgmt. diagnostics
hijacking
Attack burglaries sessions
Sophistication exploiting known vulnerabilities
password cracking
self-replicating code
password guessing Attackers
Low
1980 1985 1990 1995 2000
Source: Carnegie Mellon
Software Engineering Institute
Advanced Persistent Threats
• Advanced
– Attacker adapts to defenders’ efforts
– Can develop or buy Zero-Day exploits
– Higher level of sophistication
• Persistent
– Attacks are objective and specific
– Will continue until goal is reached
– Intent to maintain long term connectivity
• Threats
– Entity/s behind the attack
– Not the malware/exploit/attack alone
Typical Attack
Step • Reconnaissance
1

Step • Initial Intrusion into the Network


2

Step • Establish a Backdoor into the Network


3

Step • Obtain User Credentials


4

Step • Install Various Utilities


5

Step • Privilege Escalation / Lateral Movement / Data Exfiltration


6

Step • Maintain Persistence


7
Observations ..
Countermeasures
Programmatic Building Blocks
Key Components of an Effective Security
Program
Incident Disaster Business
RESPOND Response Recovery Continuity
Intrusion Auditing and
DETECT Reviews Compliance Monitoring
Detection Event Logging
Technical Controls Non-Technical Controls
Physical
PROTECT Controls Net OS DB App
Elec
Personnel
Verbal/
Procedures
Build Up

Comm written
Awareness
EDUCATE Programs
General Training Specialized Training

Asset ID and
DOCUMENT Policies Standards Procedures
Classification
Dedicated Roles and Security Asset Risk Management
MANAGE ISO Responsibilities Skills (Life Cycle Approach)
Strategic Cross-Functional
Charter Funding
PROGRAM Planning Security Oversight
Executive Commitment
Questions?

You might also like