Transcript Security+ Guide to Network Security Fundamentals, Third
Security+ Guide to Network Security Fundamentals, Third Edition
Chapter 1 Introduction to Security
Objectives
Describe the challenges of securing information Define information security and explain why it is important Identify the types of attackers that are common today List the basic steps of an attack Describe the five steps in a defense Explain the different types of information security careers and how the Security+ certification can enhance a security career Security+ Guide to Network Security Fundamentals, Third Edition 2
Challenges of Securing Information
There is ________________ to securing information This can be seen through the different types of attacks that users face everyday Difficult and costly to defend against attacks ___________________________________ on computer security and the cost is rising Attacks include: ________________________ attacks due to ___________________ Phishing scams Attacks due to __________________ etc Security+ Guide to Network Security Fundamentals, Third Edition 3
4
Difficulties in Defending against Attacks
Difficulties include the following: _______________________ Greater sophistication of attacks ________________________________ Attackers can ____________________________ and more ______________________________ _______________ attack an attack that occurs when an attacker _______________________________________ _______________________________________ Zero days of warning Delays in patching hardware and software products Most attacks are now _________________, instead of coming from only one source User confusion Security+ Guide to Network Security Fundamentals, Third Edition 5
Difficulties in Defending against Attacks (summary)
Security+ Guide to Network Security Fundamentals, Third Edition 6
Defining Information Security
Information security involves the tasks of __________________________________ On PC’s, DVD’s, USB’s etc ______________________________________ Also ensures that ______________________ __________________________________ Cannot completely prevent attacks or guarantee that a system is totally secure Security+ Guide to Network Security Fundamentals, Third Edition 7
Defining Information Security
(continued)
Information security is intended to protect valuable information with the following characteristics:
____________________
ensures that ________ ____________________ can view the information
__________
ensures that the information is correct and _____________________________________
______________________
ensures that ________ ____________________________________ Security+ Guide to Network Security Fundamentals, Third Edition 8
Comprehensive Definition of Information Security
That which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures
Security+ Guide to Network Security Fundamentals, Third Edition 9
Information Security Terminology
_____________
Something that has a ____________
______________
An event or object that may ___________________ in place and result in ____________________________
_______________________
A _______________ that has the __________________________ Includes __________________ such as flood, earthquake etc Includes man-made agents such a a _______________
____________________________
_____________ that allows a threat agent to _______________
_______________________
a security weakness a weakness is known as
__________ _______________________
The ______________ that a threat agent will _________________ Realistically, risk cannot ever be entirely eliminated Security+ Guide to Network Security Fundamentals, Third Edition 10
Five
Main Goals of Information Security
1.
__________________________________ The theft of data is one of the ____________________ _________________ due to an attack Example- data containing company research, list of customers, list of salaries etc Individuals can also be victims of data thievery 2.
_________________________________
Identity theft
____________ involves __________________________ to establish bank or credit card accounts Cards are then left unpaid, leaving the victim with the debts and ruining their credit rating Best defense is to protect data from being stolen place in the first Security+ Guide to Network Security Fundamentals, Third Edition 11
Five
Main Goals of Information Security
(continued)
3.
______________________________ A number of federal and state laws have been enacted to protect the privacy of electronic data _________________________________ ______________________________________ Examples of laws:
HIPAA
- deals with the protection of health information
Sarbanes-Oxley-
fights corporate corruption Security+ Guide to Network Security Fundamentals, Third Edition 12
Five
Main Goals of Information Security
(continued)
4.
____________________________ _______________________________ such as time and money away from normal activities 5.
________________________________
Cyberterrorism
_____________________________________________ _____________________________________________ ___________________________________________ Prime targets Utility, telecommunications, and financial services companies Security+ Guide to Network Security Fundamentals, Third Edition 13
Who Are the Attackers?
_________
Generic sense: _______________________ or attempts to break into ________________ Narrow sense: a ____________________ _________________________ only to expose security flaws Possess ___________________________ Some hackers believe it is ethical- although illegal to break into another person’s computer system as long as they do not commit theft, vandalism, or breach any confidentiality Security+ Guide to Network Security Fundamentals, Third Edition 14
Who Are the Attackers?
___________
Want to _____________________________ _____________________________ _______________________ Download _________________________ (scripts) from Web sites and use it to break into computers Script kiddies tend to be computer users who have almost unlimited amounts of leisure time, and therefore are often considered more dangerous than hackers Security+ Guide to Network Security Fundamentals, Third Edition 15
Who Are the Attackers?
__________
Computer
spy
A _____________________________________ ________________________________ Spies are hired to attack a _____________ ______________ that contains sensitive information and _____________________ without drawing any attention to their actions Possess _____________________________ Security+ Guide to Network Security Fundamentals, Third Edition 16
Who Are the Attackers?
__________
One of the
____________________________
to a business actually comes from its employees Reasons: An employee might want to ________________________ in their security ______________________ against the company may be intent on retaliating ________________________________ __________________________________ into stealing from employer Security+ Guide to Network Security Fundamentals, Third Edition 17
Who Are the Attackers?
_____________
A ______________________________ _______________ who are highly motivated and ____________________ , ___________ , and tenacious Launch
______________________
against financial networks, utility companies etc Cybercriminals have a more focused goal:
____________________!
Security+ Guide to Network Security Fundamentals, Third Edition 18
Cybercrime
___________________________________ , unauthorized access to information , and the __________________________ Financial cybercrime is often divided into two categories Trafficking in stolen credit card numbers and financial information Using spam to commit fraud Security+ Guide to Network Security Fundamentals, Third Edition 19
Cyberterrorists
Motivation may be defined as ideology, or ________ _________________________________ May lie dormant for a period of time then strike without warning Goals of a cyberattack by cyberterrorists: To ___________________________ misinformation and propaganda and spread To _______________________________________ To __________________________ into systems and networks that result in critical infrastructure outages and corruption of vital data Security+ Guide to Network Security Fundamentals, Third Edition 20
Steps of an Attack
There are a wide variety of attacks that can be launched against a computer or network The ________________ are used in most attacks 1. ______________________ this essential in ____________________________________ version of software etc.
___________________ is 2. _______________________ ex: breaking passwords 3. ________________________ AKA _________________ 4. ______________________________ use of compromised system to attack other networks or computers 5. ~ Allows attacker to _____________________________ more easily ___________________________ steal data, launch a DoS attack ex: delete or modify files, Security+ Guide to Network Security Fundamentals, Third Edition 21
Security+ Guide to Network Security Fundamentals, Third Edition 22
Defenses against Attacks
Protecting computers against the previous steps in an attack calls for __________ fundamental security principles: _________________________________ withstand an attack to Security+ Guide to Network Security Fundamentals, Third Edition 23
Fundamental Security Principles:
Layering
Security system must have layers , making it
____________________________________ _______________________
of defenses One defense mechanism may be relatively easy for an attacker to circumvent A _________________________ can also be _________________________________ Layered security provides the
___________ ______________________________
Security+ Guide to Network Security Fundamentals, Third Edition 24
Fundamental Security Principles:
Limiting
Limiting access threat against it to information reduces the ____________________________________ __________________________ In addition, the amount of access granted to someone should be limited to ______________ ______________________________ Some ways to limit access are technology based, while others are procedural Security+ Guide to Network Security Fundamentals, Third Edition 25
Fundamental Security Principles:
Diversity
________________________________ If attackers penetrate one layer, they cannot use the same techniques layers to break through all other Using diverse layers of defense means that ____________________________________ ________________________________ Example- use of security products from different vendors Security+ Guide to Network Security Fundamentals, Third Edition 26
Fundamental Security Principles:
Obscurity
AKA “ Security by Obscurity” _________________________________________ _________________________________________ can be an important way to protect information An example of obscurity would be _____________ _______________________, software, and network connection a computer uses An attacker who knows that information can more easily determine the weaknesses of the system to attack it Security+ Guide to Network Security Fundamentals, Third Edition 27
Fundamental Security Principles:
Simplicity
Information security complex is by its very nature Complex security systems can be hard to understand, troubleshoot, and feel secure about As much as possible, a ________________ ____________________________________ __________________ for a potential attacker Complex security schemes are often compromised by employees themselves to make them easier for (trusted) users to work with Security+ Guide to Network Security Fundamentals, Third Edition 28
Summary
Attacks against information security have grown exponentially in recent years There are several reasons why it is difficult to defend against today’s attacks Information security may be defined as that which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures The main goals of information security are to prevent data theft, thwart identity theft, avoid the legal consequences of not securing information, maintain productivity, and foil cyberterrorism Security+ Guide to Network Security Fundamentals, Third Edition 29
Summary (continued)
The types of people behind computer attacks are generally divided into several categories There are five general steps that make up an attack: probe for information, penetrate any defenses, modify security settings, circulate to other systems, and paralyze networks and devices The demand for IT professionals who know how to secure networks and computers from attacks is at an all-time high Security+ Guide to Network Security Fundamentals, Third Edition 30