2 - The Need for Security

Information security

is a management issue

Information security

is a people issue

Communities of interest

must argue for information security in terms of impact and cost

Enabling Safe Operation

Organizations must create integrated, efficient, and capable applications

Enabling Safe Operation

Organization need environments that safeguard applications

Enabling Safe Operation

Management must not abdicate to the IT department its responsibility to make choices and enforce decisions

Organizations

-- must create integrated, efficient, and capable applications

data

One of the most valuable assets is --

data

Without --, an organization loses its record of transactions and/or its ability to deliver value to its customers

information security program

An effective -- is essential to the protection of the integrity and value of the organization's data

Protecting Data

An effective information security program is essential to the protection of the integrity and value of the organization's data

Safeguarding Technology Assets

Organizations must have secure infrastructure services based on the size and scope of the enterprise

Safeguarding Technology Assets

Additional security services may have to be provided

Safeguarding Technology Assets

More robust solutions may be needed to replace security programs the organization has outgrown

threats

Management must be informed of the various kinds of -- facing the organization

threat

is an object, person, or other entity that represents a constant danger to an asset

threat

By examining each -- category in turn, management effectively protects its information through policy, education and training, and technology controls

Acts of Human Error or Failures

Includes acts done without malicious intent

Acts of Human Error or Failures

Caused by:

Inexperience

Improper training

Incorrect assumptions

Other circumstances

Employees

are greatest threats to information security - They are closest to the organizational data

controls

Many of these threats can be prevented with --

Loss of Internet service

-- can lead to considerable loss in the availability of information

outsourcer

When an organization outsources its web servers, the -- assumes responsibility for All Internet Services and The hardware and operating system software used to operate the web site

Power Irregularities

Voltage levels can increase, decrease, or cease

spike

momentary increase

surge

prolonged increase

sag

momentary low voltage

brownout

prolonged drop

fault

momentary loss of power

blackout

prolonged loss

Electronic equipment

is susceptible to fluctuations, controls can be applied to manage power quality

Espionage or Trespass

Broad category of activities that breach confidentiality

Shoulder surfing

can occur any place a person is accessing confidential information

Hackers

uses skill, guile, or fraud to steal the property of someone else

Expert hacker

develops software scripts and codes exploits

Expert hacker

usually, a master of many skills

Expert hacker

will often create attack software and share with others

Script kiddies

hackers of limited skill

Script kiddies

use expert-written software to exploit a system

Script kiddies

do not usually fully understand the systems they hack

Cracker

an individual who "cracks" or removes protection designed to prevent unauthorized duplication

Phreaker

hacks the public telephone network

Information extortion

is an attacker or formerly trusted insider stealing information from a computer system and demanding compensation for its return or non-use

Sabotage or Vandalism

Individual or group who want to deliberately sabotage the operations of a computer system or business, or perform acts of vandalism to either destroy an asset or damage the image of the organization

Theft

Illegal taking of another's property - physical, electronic, or intellectual

Theft

The value of information suffers when it is copied and taken away without the owner's knowledge

Physical theft

can be controlled - a wide variety of measures used from locked doors to guards or alarm systems

Electronic theft

is a more complex problem to manage and control - organizations may not even know it has occurred

malware

When an individual or group designs software to attack systems, they create malicious code/software called --

malware

Designed to damage, destroy, or deny service to the target systems

malware

Includes:

macro virus

boot virus

worms

Trojan horses

logic bombs

back door or trap door

denial-of-service attacks

polymorphic

Hoaxes

Virus

is a computer program that attaches itself to an executable file or application.

Virus

It can replicate itself, usually through an executable program attached to an e-mail.

Virus

The keyword is "attaches". A --cannot stand on its own.

Virus

There is no foolproof method of preventing them from attaching themselves to your computer

Antivirus software

compares virus signature files against the programming code of known viruses.

worm

is a computer program that replicates and propagates itself without having to attach itself to a host.

worms

Most infamous -- are Code Red and Nimda.

Code Red and Nimda.

Most infamous worms are -- and --

Trojan Programs

disguise themselves as useful computer programs or applications and can install a backdoor or rootkit on a computer.

Backdoors or rootkits

are computer programs that give attackers a means of regaining access to the attacked computer later.

Spyware program

A -- sends info from the infected computer to the person who initiated the spyware program on your computer

Spyware program

-- can register each keystroke entered.

Adware

Main purpose is to determine a user's purchasing habits so that Web browsers can display advertisements tailored to that user.

Adware

sometimes displays a banner that notifies the user of its presence

Spyware and Adware

Both programs can be installed without the user being aware of their presence

Intellectual property

"the ownership of ideas and control over the tangible or virtual representation of those ideas"

software piracy

Most common IP breaches involve --

Forces of Nature

are dangerous because they are unexpected and can occur with very little warning

Forces of Nature

Can disrupt not only the lives of individuals, but also the storage, transmission, and use of information

Forces of Nature

Include fire, flood, earthquake, and lightning as well as volcanic eruption and insect infestation

Forces of Nature

Since it is not possible to avoid many of these threats, management must implement controls to limit damage and prepare contingency plans for continued operations

Technical Hardware Failures or Errors

occur when a manufacturer distributes to user's equipment containing flaws

defects

These -- can cause the system to perform outside of expected parameters, resulting in unreliable service or lack of availability

terminal

Some errors are --, in that they result in the unrecoverable loss of the equipment

intermittent

Some errors are --, in that they only periodically manifest themselves, resulting in faults that are not easily repeated

unrevealed faults

This category of threats comes from purchasing software with --

attack

is the deliberate act that exploits vulnerability

attack

It is accomplished by a threat-agent to damage or steal an organization's information or physical asset

exploit

is a technique to compromise a system

vulnerability

is an identified weakness of a controlled system whose controls are not present or are no longer effective

attack

is then the use of an exploit to achieve the compromise of a controlled

Modern hacker profile

Age 12-60, male or female, unknown background, with varying technological skill levels; may internal or external to the organization

Traditional hacker profile

Age 13-18, male with limited parental supervision spends all his free time at the computer

Malicious Code

This kind of attack includes the execution of viruses, worms, Trojan horses, and active web scripts with the intent to destroy or steal information

state of the art in attacking systems in 2002

The state of the art in attacking systems in 2002 is the multi-vector worm using up to six attack vectors to exploit a variety of vulnerabilities in commonly found information system devices

IP Scan and Attack

Compromised system scans random or local range of IP addresses and targets any of several vulnerabilities known to hackers or left over from previous exploits

Web Browsing

If the infected system has written access to any Web pages, it makes all Web content files infectious, so that users who browse to those pages become infected

Virus

Each infected machine infects certain common executable or script files on all computers to which it can write with -- code that can cause infection

Unprotected Shares

using file shares to copy viral component to all reachable locations

Mass Mail

sending e-mail infections to addresses found in address book

Simple Network Management Protocol

-- vulnerabilities used to compromise and infect

hoax

A more devious approach to attacking computer systems is the transmission of a virus --, with a real virus attached

Back Doors

Using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource

Password Crack

Attempting to reverse calculate a password

Brute Force

The application of computing and network resources to try every possible combination of options of a password

dictionary

The -- password attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords to guide guesses

Denial-of-service (DoS)

attacker sends many connection or information requests to a target

Denial-of-service (DoS)

so many requests are made that the target system cannot handle them successfully along with other, legitimate requests for service

Denial-of-service (DoS)

may result in a system crash, or merely an inability to perform ordinary functions