Scribd
Upload
60 views27 pages

CISB 420 Introduction

This chapter introduces key concepts in computer security. It identifies common threats like malware, denial of service attacks, and session hijacking. It also defines security terminology regarding hackers, firewalls, and authentication. The chapter compares perimeter and layered approaches to network security and assesses the likelihood of attacks. It emphasizes the importance of ongoing learning given the constantly changing nature of security threats.

Uploaded by

fancy242
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
60 views27 pages

CISB 420 Introduction

This chapter introduces key concepts in computer security. It identifies common threats like malware, denial of service attacks, and session hijacking. It also defines security terminology regarding hackers, firewalls, and authentication. The chapter compares perimeter and layered approaches to network security and assesses the likelihood of attacks. It emphasizes the importance of ongoing learning given the constantly changing nature of security threats.

Uploaded by

fancy242
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 27

Computer Security

Fundamentals

Chuck Easttom

Chapter 1 Introduction to to Computer Security


Chapter 1 Objectives

 Identify top threats to a computer network


 Assess the likelihood of an attack
 Define key terms like cracker, sneaker,
firewall, and authentication
 Compare and contrast perimeter and layered
approaches to network security
 Use online resources

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 2


Introduction

 Computer systems and networks are all


around us.
 Online banking
 Automated supermarket checkouts
 Online classes
 Online shopping
 Online travel resources

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 3


Introduction (cont.)

 How is personal information safeguarded?


 What are the vulnerabilities?
 What secures these systems?

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 4


How Seriously Should You Take
Threats to Network Security?
 Which group do you belong to?

 “No one is coming after my computer.”

 “The sky is falling!”

 Middle ground.

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 5


Computing Risk 6
Exposure Factor The Exposure Factor (EF) is the
percentage of value an asset lost due to an incident.
Single Loss Expectancy The Single Loss Expectancy
(SLE) is the cost of a single loss. SLE is the Asset Value
(AV) times the Exposure Factor (EF).
Annual Rate of Occurrence The Annual Rate of
Occurrence (ARO) is the number of losses you suffer per
year.
Annualized Loss Expectancy
The Annualized Loss Expectancy (ALE) is your yearly
cost due to a risk. It is calculated by multiplying the
Single Loss Expectancy (SLE) times the Annual Rate of
Occurrence (ARO).

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security


Basic formulas 7

 SLE = Asset Value (AV) * Exposure Factor (EF)


 Risk = Probability of the Risk * Cost of the Eventuality
 ALE = Single Loss Expectancy (SLE) * Annual Rate of
Occurrence (ARO)
Risk Matrix

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security


Risk

Mitigation

Avoidance

Transference

Acceptance

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security


Identifying Types of Threats

 Malware: MALicious softWARE


 Security Breaches
 DoS: Denial of Service attacks
 Web Attacks
 Session Hijacking
 DNS Poisoning
 Insider Threats

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 9


Malware
 Software with a malicious purpose
 Virus

 Trojan horse

 Spyware

 Logic Bomb

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 10


Malware (cont.)

Virus
 One of the two most common types
 Usually spreads through e-mail
 Uses system resources, causing slowdown or
stoppage

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 11


Malware (cont.)
Trojan Horse
 The other most
common kind of
malware
 Named after the
wooden horse of Greek
mythology

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 12


Malware (cont.)

Spyware
 The most rapidly growing types of malware
 Cookies
 Key logger

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 13


Malware (cont.)

Logic Bomb
 Lays dormant until some logical condition is met,
often a specific date.

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 14


Compromising System Security

Intrusions
 Attacks that break through
system resources
 Hackers
 Crackers
 Social engineering
 War-driving

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 15


Denial of Service Attacks

 The attacker does not


intrude into the system
but just blocks access
by authorized users.

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 16


Web Attacks

 The attacker attempts to


breach a web
application. Common
attacks of this type are
SQL injection and Cross
Site Scripting.

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 17


Session Hijacking

 This is a complex attack


that involves actually
taking over an
authenticated session.

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 18


DNS Poisoning

 This involves altering


DNS records on a DNS
server to redirect client
traffic to malicious
websites, usually for
identity theft.

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 19


Assessing the Likelihood of an Attack
on Your Network
 Viruses
 Catch up on new and refurbished viruses
 Unauthorized use of systems
 DoS attacks
 Intrusions
 Employee misuse

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 20


Basic Security Terminology

People:
 Hackers
 White hats
 Black hats
 Gray hats
 Script kiddies
 Sneakers
 Ethical hackers

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 21


Basic Security Terminology (cont.)

Devices
 Firewall
 Filters network traffic
 Proxy server
 Disguises IP address of internal host
 Intrusion Detection System
 Monitors traffic, looking for attempted attacks

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 22


Basic Security Terminology (cont.)

Activities
 Authentication
 Auditing

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 23


Network Security Paradigms
 How will you protect your network?
 CIA Triangle, i.e. confidentiality, integrity and
availability
 Least Privileges
 Perimeter security approach
 Layered security approach
 Proactive versus reactive
 Hybrid security method

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 24


How Do Legal Issues Impact Network
Security?
 The Computer Security Act of 1987
 OMB Circular A-130
 See
www.alw.nih.gov/Security/FIRST/papers/ lega
l/statelaw.txt
for state computer laws
 Health Insurance Portability and
Accountability Act of 1996, HIPAA

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 25


Online Security Resources

 CERT
 www.cert.org
 Microsoft Security Advisor
 www.microsoft.com/security/default.mspx
 F-Secure
 www.f-secure.com
 SANS
 www.sans.org

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 26


Summary
 Network security is a constantly changing
field.
 You need three levels of knowledge.
 Take the courses necessary to learn the basic
techniques.
 Learn your enterprise system intimately, with all its
strengths and vulnerabilities.
 Keep current in the ever-changing world of threats
and exploits.

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 27

You might also like