COM503

Advanced Data and Network Security

Ass. Prof. Dr. Ahmed El-Hadad

K-7505
[email protected]

Week 01
 Subject Assessments
• Assessment 1: (30%)
- Mid-term Test (Week-8 Lecture time)
• Assessment 2: (30%)
- Project Assignment (Due by Week 12)
• Assessment 3: (40%)
- Final Exam (After Week-14)
 Subject Outline
1. Introduction to Security
2. Malware and Social Engineering Attacks
3. Application and Networking-Based Attacks
4. Host, Application, and Data Security
5. Basic Cryptography
6. Advanced Cryptography
7. Network Security Fundamentals
8. Midterm
9. Administering a Secure Network
10. Wireless Network Security
11. Mobile Device Security
12. Access Control Fundamentals
13. Authentication and Account Management
14. Revision
Security+ Guide to Network
Security Fundamentals,
Fifth Edition

Chapter 1
INTRODUCTION TO
SECURITY

Ciampa, M. D. (2015). Security+ guide to network security fundamentals. Course

Technology, Cengage Learning.
 Objectives
• Describe the challenges of securing information
• Define information security and explain why it is
important
• Identify the types of attackers that are common
today
• List the basic steps of an attack
• Describe the five basic principles of defense

Security+ Guide to Network Security Fundamentals, Fifth Edition 5

 Challenges of Securing Information
• Today all citizens forced to continually protect
themselves from attacks by invisible foes
• Attacks not just physical but also include attacks on
information technology
• Attacks directed at individuals, schools,
businesses, and governments through desktop
computers, laptops, smartphones, and tablet
computers
• Information security is focused on protecting
electronic information of organizations and users

Security+ Guide to Network Security Fundamentals, Fifth Edition 6

Difficulties in Defending Against Attacks
• Universally connected devices
• Increased speed of attacks
• Greater sophistication of attacks
• Availability and simplicity of attack tools
• Faster detection of vulnerabilities
• Delays in security updating
• Weak security update distribution
• Distributed attacks
• Introduction of BYOD
• User confusion
Security+ Guide to Network Security Fundamentals, Fifth Edition 7
 What Is Information Security?
• Before defense is possible, one must understand:
– What is security
– What information security is
– Information security terminology
– Why it is important

Security+ Guide to Network Security Fundamentals, Fifth Edition 8

 Understanding Security
• “Security” is defined as either the process (how to
achieve security) or the goal (what it means to
have security).
• In reality security is both: it is the goal to be free
from danger as well as the process that achieves
that freedom
• Security is the necessary steps to protect a person
or property from harm.
• This harm may come from one of two sources:
– Direct action
– Indirect and unintentional action
Security+ Guide to Network Security Fundamentals, Fifth Edition 9
 Security and Convenience
• Relationship between security and convenience
• As security is increased, convenience is often
decreased
• Security is “inversely proportional” to convenience
• The more secure something is, the less convenient
it may become to use
• Security is sacrificing convenience for safety or
giving up short-term comfort for long-term
protection

Security+ Guide to Network Security Fundamentals, Fifth Edition 10

 Relationship Security-Convenience
(Figure 1-2)

Security+ Guide to Network Security Fundamentals, Fifth Edition 11

 Defining Information Security
• Information security - Tasks of securing
information in digital format:
– Manipulated by a microprocessor
– Stored on a storage device
– Transmitted over a network
• Protection - Information security cannot completely
prevent successful attacks or guarantee that a
system is totally secure
• Protective measures ward off attacks and prevent
total collapse of the system when a successful
attack does occur
Security+ Guide to Network Security Fundamentals, Fifth Edition 12
 Three Protections
• Information – Provides value to people and
organizations
• Three protections that must be extended over
information (CIA):
– Confidentiality: Ensures only authorized parties can
view information
– Integrity: Ensures information not altered
– Availability: Ensures information accessible when
needed to authorized parties

Security+ Guide to Network Security Fundamentals, Fifth Edition 13

 AAA
• Three additional protections that must be extended
over information (AAA):
– Authentication: Ensures that the individual is who
she claims to be (the authentic or genuine person)
and not an imposter
– Authorization: Providing permission or approval to
specific technology resources
– Accounting: Provides tracking of events

Security+ Guide to Network Security Fundamentals, Fifth Edition 14

 Securing Devices
• Devices - Information security involves more than
protecting the information itself
• Information is:
– Stored on computer hardware
– Manipulated by software
– Transmitted by communications
• Each of these areas must also be protected

Security+ Guide to Network Security Fundamentals, Fifth Edition 15

 Information Security Definition
• Comprehensive definition of information security
involves both the goals and process
• Information security defined as that which protects
the integrity, confidentiality, and availability of
information on the devices that store, manipulate,
and transmit the information through products,
people, and procedures

Security+ Guide to Network Security Fundamentals, Fifth Edition 16

 Information Security Terminology:
Asset
• Asset - An item that has value
• In organization assets have these qualities:
– They provide value to the organization
– They cannot easily be replaced without a significant
investment in expense, time, worker skill, and/or
resources
– They can form part of the organization's corporate
identity.

Security+ Guide to Network Security Fundamentals, Fifth Edition 17

 Information Security Terminology:
Threat
• Threat - Action that has the potential to cause
harm
• Information security threats are events or actions
that represent a danger to information assets
• Threat by itself does not mean that security has
been compromised; rather, it simply means that the
potential for creating a loss is real
• Threat can result in the corruption or theft of
information, a delay in information being
transmitted, or loss of good will or reputation

Security+ Guide to Network Security Fundamentals, Fifth Edition 18

 Information Security Terminology:
Threat Agent
• Threat agent - Person or element that has the
power to carry out a threat
• Threat agent can be:
– Person attempting to break into a secure computer
network
– Force of nature such as a hurricane that could
destroy computer equipment and thus destroy
information
– Malicious software that attacks the computer
network

Security+ Guide to Network Security Fundamentals, Fifth Edition 19

 Information Security Terminology:
Vulnerability
• Vulnerability - Flaw or weakness that allows a
threat agent to bypass security
• Example is software defect in an operating system
that allows an unauthorized user to gain control of
a computer without the user’s knowledge or
permission

Security+ Guide to Network Security Fundamentals, Fifth Edition 20

 Information Security Terminology:
Threat Vector
• Threat vector - means by which an attack can
occur
• Example is attacker, knowing that a flaw in a web
server’s operating system has not been patched, is
using the threat vector (exploiting the vulnerability)
to steal user passwords
• Threat likelihood - probability that threat will come
to fruition

Security+ Guide to Network Security Fundamentals, Fifth Edition 21

Information Security Terminology: Risk
• Risk - situation that involves exposure to some
type of danger.
• Options when dealing with risk:
– Risk avoidance
– Acceptance
– Mitigation
– Deterrence
– Transference

Security+ Guide to Network Security Fundamentals, Fifth Edition 22

 Understanding the Importance of
Information Security: Preventing Theft
• Preventing data theft – Stopping data from being
stolen cited as primary objective of information
security
• Business data theft is stealing proprietary business
information
• Personal data is prime target of attackers is credit
card numbers that can be used to purchase
thousands of dollars of merchandise

Security+ Guide to Network Security Fundamentals, Fifth Edition 23

 Identity Theft
• Thwarting identity theft - Using another’s personal
information in unauthorized manner for financial
gain
• Example:
– Steal person’s SSN
– Create new credit card account
– Charge purchases
– Leave unpaid
• Serious problem for Internal Revenue Service
(IRS)

Security+ Guide to Network Security Fundamentals, Fifth Edition 24

 Cost of Attacks (Table 1-6)
• Maintaining productivity - Post-attack clean up
diverts resources like time and money

Security+ Guide to Network Security Fundamentals, Fifth Edition 25

 Cyberterrorism Targets
• Potential cyberterrorism targets
– Banking
– Military
– Energy (power plants)
– Transportation (air traffic control centers)
– Water systems

Security+ Guide to Network Security Fundamentals, Fifth Edition 26

 Who Are the Attackers?
• Hacker – Older term referred to a person who used
advanced computer skills to attack computers
• Black hat hackers - Attackers who violated
computer security for personal gain or to inflict
malicious damage
• White hat hackers - “Ethical attackers” who
received permission to probe system for any
weaknesses
• Gray hat hackers – Attackers who would break into
a computer system without permission and then
publically disclose vulnerability
Security+ Guide to Network Security Fundamentals, Fifth Edition 27
 Cybercrimminals
• Cybercrimminals - Generic term describes
individuals who launch attacks against other users
and their computers
• A loose network of attackers, identity thieves, and
financial fraudsters who are highly motivated, less
risk-averse, well-funded, and tenacious
• Instead of attacking a computer to show off their
technology skills (fame), cybercriminals have a
more focused goal of financial gain (fortune):
cybercriminals steal information or launch attacks
to generate income
Security+ Guide to Network Security Fundamentals, Fifth Edition 28
 Script Kiddies
• Script kiddies - Unskilled users with goal to break into
computers to create damage
• Download automated hacking software (scripts) to
use to perform malicious acts
• Attack software today has menu systems and
attacks are even easier for unskilled users
• 40 percent of attacks performed by script kiddies

Security+ Guide to Network Security Fundamentals, Fifth Edition 29

 Brokers
• Brokers - Individuals who uncover vulnerabilities do not
report it to the software vendor but instead sell them to
the highest bidder
• These attackers sell their knowledge of a vulnerability
to other attackers or even governments
• Buyers are generally willing to pay a high price because
this vulnerability is unknown

Security+ Guide to Network Security Fundamentals, Fifth Edition 30

 Insiders
• Insiders - Employees, contractors, and business
partners who steal from employer
• Most malicious insider attacks consist of the
sabotage or theft of intellectual property
• Offenders are usually employees who actually
believe that the accumulated data is owned by
them and not the organization
• Others are employees have been pressured into
stealing from their employer through blackmail or
the threat of violence

Security+ Guide to Network Security Fundamentals, Fifth Edition 31

 Cyberterrorists
• Cyberterrorists – Attackers who have ideological
motivation
• Attacking because of their principles and beliefs
• Cyberterrorists can be inactive for several years
and then suddenly strike in a new way
• Targets may include a small group of computers or
networks that can affect the largest number of
users
• Example: computers that control the electrical
power grid of a state or region

Security+ Guide to Network Security Fundamentals, Fifth Edition 32

 Hactivists
• Hactivists – Another group motivated by ideology
• Unlike cyberterrorists who launch attacks against
foreign nations to incite panic, hactivists generally
not as well-defined.
• Attacks can involve breaking into a website and
changing the contents on the site as a means of
making a political statement against those who
oppose their beliefs
• Other attacks can be retaliatory

Security+ Guide to Network Security Fundamentals, Fifth Edition 33

 State-Sponsored Attackers
• State-sponsored attackers – Attackers supported
by governments for launching computer attacks
against their foes
• Attackers target foreign governments or even
citizens of the government who are considered
hostile or threatening

Security+ Guide to Network Security Fundamentals, Fifth Edition 34

Security+ Guide to Network
Security Fundamentals,
Fifth Edition

Chapter 1
INTRODUCTION TO SECURITY