Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code

Transcription

1 Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code

2 Learning Objective Explain the importance of network principles and architecture to security operations. Explain the means attackers use to compromise systems and networks and defenses used by organizations. Page 2

3 Key Concepts Open Systems Interconnection (OSI) network model and its security lapses Physical and logical network topologies Characteristics of a secure network Impact of malicious code and malware on publicand private-sector organizations Profiling attackers and hackers Security awareness training to harden User domain and teach correct use of IT assets Page 3

4 DISCOVER: CONCEPTS Page 4

5 OSI Network Model The seven-layer OSI reference model organizes protocols and services in levels of ordered operations. The protocol stack or network stack refers to layered network protocols in the OSI model. Lower-level protocols encapsulate higher-level protocols as they descend the protocol stack. Page 5

6 Layer Functions Page 6

7 TCP/IP Explained Internet Protocol (IP) packets contain source addresses and destination addresses to transmit data. IP resides at the lower levels and encapsulates upper-layer packets to send them across the network. Transmission Control Protocol (TCP) builds reliable connection-oriented transmissions. IP encapsulates TCP to connect sources with destinations using certain ports and a specific service protocol. Page 7

8 A Portion of the TCP/IP Suite Page 8

9 TCP/IP Is Insecure It was designed in early 1980s as an open standard. It was created before security was an issue. Common issues with TCP/IP: TCP SYN attack IP spoofing Sequence guessing Source routing Connection hijacking Page 9

10 Insecure vs. Secure Application Layer Protocols Insecure Protocol Secure Protocol File Transfer Protocol (FTP) Secure File Transfer Protocol (SFTP) Hypertext Transfer Protocol (HTTP) Telnet Simple Network Management Protocol (SNMP) v1/2 Secure Hypertext Transfer Protocol (HTTPS) Secure Shell (SSH) SNMPv3 Page 10

11 Encapsulation Page 11

12 Network Topology Considerations It can help enforce security policies. Isolated segments for development and production servers and user groups compartmentalize risk. Security protocols help protect confidentiality and integrity. Page 12

13 Local Area Network Page 13

14 Wide Area Network Page 14

15 Router Placement Page 15

16 Firewalls on a Network Page 16

17 Border Firewall Page 17

18 Screened Subnet Firewall Page 18

19 VPN Access Page 19

20 WLANs Institute of Electrical and Electronics Engineers (IEEE) a/b/g/n Page 20

21 What Is Malicious Code/Malware? A variety of software programs that intrude upon users and systems Any instructions that perform unintended or undesired operations Page 21

22 History of Malware 1971: Creeper virus spreads to Advanced Research Projects Agency Network (ARPANET). Other experimental viruses emerge throughout the 1970s with varying exposure. 1981: Elk cloner becomes the first computer virus to appear in the wild or outside of a computer lab. 1982: The first worm is jointly developed at Xerox s Palo Alto Research Center. Used for distributed calculations, a logic error caused uncontrollable replication that crippled computers. Page 22

23 Forms of Malware Viruses, worms, Trojans, backdoors, rootkits, and others Active content and botnets are modern examples Phishing and pharming attacks represent modern threats Page 23

24 Lifecycle of a Virus Page 24

25 How a File Infector Virus Works Page 25

26 How a Macro Virus Works Page 26

27 How a Stealth Virus Works Page 27

28 How a Slow Virus Works Page 28

29 How a Multipartite Virus Works Page 29

30 How a Retro Virus Works Page 30

31 How a Worm Works Page 31

32 How a SYN Flood Attack Works Page 32

33 How a Smurf Attack Works Page 33

34 Discussion Points Motivations for attacks Types of attackers Goals of attackers Page 34

35 DISCOVER: PROCESS Page 35

36 Network Security Components Routers Switches Dual-homed hosts Tunneling Page 36

37 Securing Network Environments Harden network Use non-routable addresses Isolate users in defined domains and/or separate groups Page 37

38 Remote Access and Wireless User Considerations Isolate wireless users from wired users. Separate remote user groups from local user groups. Page 38

39 DISCOVER: RATIONALE Page 39

40 Discussion Point Discuss the impact of malicious code and malware on businesses and organizations. Page 40

41 Defending Against Network Attacks Set up protective mechanisms at every domain and layer. Establish checkpoints at every network layer and domain category and monitor regularly. Use intrusion detection system/intrusion prevention system (IDS/IPS) and firewall control lists to filter network-driven attacks. Sandbox application-level attacks and scan with antivirus or anti-malware products. Back up data regularly. Page 41

42 End-User Awareness Training It helps prevent incidents and reduce risk. End-users are weakest link in security chain. Security is a special mindset. Consistent application requires good habits. Page 42

43 Summary The seven-layer OSI reference model organizes protocols and services in levels of ordered operations. Malware encompasses a variety of malicious code. Methods for attack progress and new trends emerge as technology improves. Motivations explain why criminals commit acts; motivations vary but personalities generally recur. Computer and network attacks occur in phases. Security awareness training can reduce incidents of attacks. Page 43