SECURING INFORMATION SYSTEMS

Similar documents
Unit 2 Assignment 2. Software Utilities?

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Chapter 10: Security and Ethical Challenges of E-Business

A Review Paper on Network Security Attacks and Defences

Chapter 9. Firewalls

Chapter 4. Network Security. Part I

ACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

Security+ Practice Questions Exam Cram 2 (Exam SYO-101) Copyright 2004 by Que Publishing. International Standard Book Number:

Firewalls 1. Firewalls. Alexander Khodenko

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

COMPUTER NETWORK SECURITY

State of New Mexico Public School Facilities Authority Information Technology (IT) Acceptable Use Policy

Objectives. Classes of threats to networks. Network Security. Common types of network attack. Mitigation techniques to protect against threats

Home Computer and Internet User Security

Guide to Network Security First Edition. Chapter One Introduction to Information Security

Overview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Chapter 11: It s a Network. Introduction to Networking

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Securing Information Systems

5. Execute the attack and obtain unauthorized access to the system.

Chapter 6 Network and Internet Security and Privacy

2. INTRUDER DETECTION SYSTEMS

DoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel

Cyber Security Practice Questions. Varying Difficulty

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

CHAPTER 8 SECURING INFORMATION SYSTEMS

Discovering Computers Living in a Digital World

3.5 SECURITY. How can you reduce the risk of getting a virus?

Introduction to Security. Computer Networks Term A15

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

Securing Information Systems

Firewalls, Tunnels, and Network Intrusion Detection

Lesson-1 Computer Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY

e-commerce Study Guide Test 2. Security Chapter 10

Principles of Information Security, Fourth Edition. Chapter 2 The Need for Security

Technology in Action

CERT-In. Indian Computer Emergency Response Team ANTI VIRUS POLICY & BEST PRACTICES

Systems and Network Security (NETW-1002)

Acceptable Use Policy

Chapter 11: Networks

Security and Authentication

Fundamentals of Information Systems Security Lesson 8 Mitigation of Risk and Threats to Networks from Attacks and Malicious Code

Train employees to avoid inadvertent cyber security breaches

Smeal College of Business - Central Firewall Rules and Policies

Acceptable Use Policy

Computer Security. Assoc. Prof. Pannipa Phaiboonnimit. Adapted for English Section by Kittipitch Kuptavanich and Prakarn Unachak

Network Security. Course notes. Version

NHS South Commissioning Support Unit

Jacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope

GCIH. GIAC Certified Incident Handler.

Airtel PC Secure Trouble Shooting Guide

Denial of Service and Distributed Denial of Service Attacks

The process by which a user can associate specific permissions to each username.

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Quick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.

Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model

Management Information Systems (MMBA 6110-SP) Research Paper: Internet Security. Michael S. Pallos April 3, 2002

E-Commerce Security Pearson Prentice Hall, Electronic Commerce 2008, Efraim Turban, et al.

Introducing the CSC SSM

Intruders. significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:

Spring 2010 CS419. Computer Security. Vinod Ganapathy Lecture 14. Chapters 6 and 9 Intrusion Detection and Prevention

Accounting Information Systems

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Acceptable Use Policy

1/11/11. o Syllabus o Assignments o News o Lecture notes (also on Blackboard)

Malware, , Database Security

Future-ready security for small and mid-size enterprises

Ethical Hacking and Prevention

UTM Firewall Registration & Activation Manual DFL-260/ 860. Ver 1.00 Network Security Solution

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

CTS2134 Introduction to Networking. Module 08: Network Security

M2-R4: INTERNET TECHNOLOGY AND WEB DESIGN

Horry County IT /GIS Policy Acce table Use Com uter S stems

JPCERT/CC Incident Handling Report [January 1, March 31, 2018]

NETWORK SECURITY. Ch. 3: Network Attacks

How Breaches Really Happen

Seqrite Endpoint Security

Lecture 12. Application Layer. Application Layer 1

The Security Problem

Acceptable Use Policy

Employee Security Awareness Training

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

Computer Network Vulnerabilities

Securing Information Systems

Secure Network Design Document

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

Franzes Francisco Manila IBM Domino Server Crash and Messaging

Objectives CINS/F1-01

Training UNIFIED SECURITY. Signature based packet analysis

Cybercrime Criminal Law Definitions and Concepts

Network Fundamentals. Chapter 7: Networking and Security 4. Network Fundamentals. Network Architecture

CHAPTER 8 FIREWALLS. Firewall Design Principles

SCHOOL OF ACCOUNTING AND BUSINESS BSc. (APPLIED ACCOUNTING) GENERAL / SPECIAL DEGREE PROGRAMME

IBM i Version 7.3. Security Intrusion detection IBM

Transcription:

SECURING INFORMATION SYSTEMS (November 7, 2016) BUS3500 - Abdou Illia - Fall 2016 1 LEARNING GOALS Understand security attacks preps Discuss the major threats to information systems. Discuss protection systems 2 The Security Problem 2014 Computer Crime and Security Survey 90% of large companies and government agencies reported computer security breach 80% reported sizeable financial loss Only 40% indicated security attacks came from outside the company 85% reported as victim of computer virus 3 1

Internet (www) operation - Review Web Browser Network Webserver Software Packet Packet Route Router User PC needs: - Workstation Operating System -TCP/IP - Web browser (e.g. Internet Explorer) - Internet access (e.g. thru an ISP) - IP Address (e.g. 128.150.50.9) Webserver needs: - Network (or Server) Operating System -TCP/IP - Domain name (e.g. eiu.edu) - Internet access 4 - IP Address (e.g. 139.67.8.3) Test Your Internet knowledge Your business has 10 employees. You just bought 10 desktop computers and subscribed to Internet DSL service. Which of the following will be needed to connect the computers to the Internet and navigate the World Wide Web? a) A server operating system b) Workstations operating systems c) TCP/IP protocol d) Web browsers e) Domain names 5 TCP/IP-based Communications Requesting a web page from eiu.edu: http://www.eiu.edu Computer 1 (User PC) Web browser Formatting Prg. Packet Creator Signal Generator Get index.php in default folder from eiu.edu 010100100010000010001000100100010010 From: 123.12.2.1:1234 To: 139.67.14.54:80 010100100010000. Transmission media Computer 2 (web server) 6 2

TCP/IP Packet TCP/IP Packets or computer messages have two parts: Communications protocols Actual message to be delivered Source IP Address: 123.12.2.1 Source Program: Web Browser 1234 Destination IP Address: 139.67.14.54 Destination Program: Server Program 80 Formatting scheme: ASCII Get index.php From: server eiu.edu Location: Home directory Protocols tell the receiving computer: - Sender s ID - How to read the message Message to be delivered 7 Received: from hotmail.com (bay103-f21.bay103.hotmail.com [65.54.174.31]) by barracuda1.eiu.edu (Spam Firewall) with ESMTP id B10BA1F52DC for <aillia@eiu.edu>; Wed, 8 Feb 2006 18:14:59-0600 (CST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 8 Feb 2006 16:14:58-0800 Message-ID: <BAY103-F2195A2F82610991D56FEC0B1030@phx.gbl> Received: from 65.54.174.200 by by103fd.bay103.hotmail.msn.com with HTTP; Thu, 09 Feb 2006 00:14:58 GMT X-Originating-IP: [192.30.202.14] X-Originating-Email: [macolas@hotmail.com] X-Sender: macolas@hotmail.com In-Reply-To: <10E30E5174081747AF9452F4411465410C5BB560@excma01.cmamdm.enterprise.corp> X-PH: V4.4@ux1 From: <macolas@hotmail.com> To: aillia@eiu.edu X-ASG-Orig-Subj: RE: FW: Same cell# Subject: RE: FW: Same cell# Date: Thu, 09 Feb 2006 00:14:58 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 09 Feb 2006 00:14:58.0614 (UTC) FILETIME=[DCA31D60:01C62D0D] X-Virus-Scanned: by Barracuda Spam Firewall at eiu.edu X-Barracuda-Spam-Score: 0.00 Hi, I just wanted to let you know that I have received the packet you sent. 8 Test Your TCP/IP knowledge You have received an email from a potential business partner who pretends to be overseas. Which of the following could help determine the location of the computer he/she used to send the message? a) Check the domain name that appears after the @ in the sender s email address b) The destination IP address c) The Source IP address that appears in the communication protocols part of the email From: rlking@gmail.com To: tewilliams@eiu.edu Subject: meeting Hi, I couldn t make it to the meeting because I am overseas in business. 9 3

Attack strategy Scanning Ping messages (To know if a potential target exist, is connected to the network, and is responsive) Supervisory messages (To know if victim available) Tracert, Traceroute (to know about the route that leads to target) Check the Internet (e.g. www.cert.org) for latest systems vulnerabilities Use Brute Force attack or Dictionary attack Trying different usernames and passwords in an attempt to break a password and gain an unauthorized access. Use Social engineering strategy to get other information By tricking employees to provide passwords, keys and other info. over the telephone By phishing i.e. misleading people to provide confidential info through emails, fake websites, etc. 10 Recent Social engineering targeting EIU 11 Attack strategy (cont.) Examining Collected data Users login names and password IP addresses of potential victims What programs are running on target computers Different programs have different weaknesses Potential victim s operating systems, version number, etc. Deciding types of attacks Examples: DoS attacks targeting computers with older operating systems Content attacks using identified Open Mail servers & collected emails System intrusion on improperly configured servers Launch the attacks 12 4

Test Your Attacks Strategy Knowledge An attacker is preparing an attack. He got the IP address of a potential target. Which of the following could he use in order to determine whether or not the potential target exist, is connected to the network, and is maybe responsive? a) Do some scanning using the connected command b) Use the tracert command c) Do some scanning by sending ping messages to the target computer d) None of the above Which of the following has more chance of succeeding? a) An attack launched by a hacker using a computer that is not part of the target corporate network. b) An attack launched by a hacker using a computer that is part of the target corporate network. c) a and b have the same chance of succeeding 13 Major security threats Denial of Service (DoS) attacks The attacker makes a target (usually a server) crash in order to deny service to legitimate users Content attack Sending messages with illicit or malicious content System intrusion Getting unauthorized access to a network 14 Denial of Service (DoS) attacks There are two major types of DoS attacks Single-message DoS attacks Tear-Drop DoS attacks In Single-message DoS Target crashes upon receiving a single deadly attack message In Tear-Drop DoS The target slows down or crashes as a result of receiving more request messages than it can handle. 15 5

Tear Drop DoS Intentionally sending a stream of request messages to a target server in order to Make the target run very slowly or crash Objective is to have the target deny service to legitimate users Legitimate request DoS messages Legitimate user Server Legitimate request Legitimate user http://www.netscantools.com/nstpro_netscanner.html Attacker 16 Single message attacks: Ping of Death Ping of Death attacks take advantage of Some operating systems inability to handle packets larger than 65 536 bytes Attacker sends request messages that are larger than 65,536 bytes (i.e. oversized packets) Most operating systems have been fixed to prevent this type of attack from occurring. But attacks occurred recently on Win Server 2003 systems 17 Defense against DoS attacks Most DoS attack messages Include protocol settings with fake IP addresses or program numbers that do not match the type of message Spoofing: using fake source IP address Program number not consistent with the message supposed to be delivered. Source IP Address: 10.1.2.1 Source Program: Web Browser 1234 Destination IP Address: 139.67.14.54 Destination Program: Server Program 80 Formatting scheme: ASCII Get index.php From: server eiu.edu Location: Home directory Defense systems for protecting against DoS attacks are designed to check messages protocols part for fake or inconsistent settings. Could be Packet Firewalls 18 6

What is a Packet Firewall? A security system that seats between a corporate network and an external network. A firewall examines each message that is to enter or to leave the corporate network. A firewall decides: What messages can enter a network What messages can leave the network 1 If incoming message has fake source IP address, Deny access 2 If incoming message s protocol values indicate a telnet request, Deny access 3 If incoming message s protocol values indicate a file transfer (FTP) request, Allow access 4 If outgoing message s protocol values indicate a request to a prohibited web site, Deny access 19 Test Your Attacks Knowledge An attacker has used a single computer to send a stream of attack messages to a server to the point that the server began to operate very slowly. Which of the following does the attacker attempt? a) An oversize attack b) A Worm attack c) A Denial-of-service attack d) A Ping-of-Death attack An attacker has sent a single oversized attack message to a server loaded with an old operating system. Upon receiving the oversized message, the server crashes. Which of the following happened? a) An oversize attack b) A Worm attack c) A Denial-of-service attack d) A Ping-of-Death attack 20 Content attacks Incoming messages with: Malicious content (or malware) Viruses (infect files on a single computer) Worms (Propagate across system by themselves) Trojan horses (programs that appear to be benign, but do damage or take control of a target computer) Illicit content Pornography Sexually or racially harassing e-mails Spams (unsolicited commercial e-mails) Q: Besides through emails, how can a computer system be a victim of a virus, worm, or Trojan horse attack. 21 7

Trojan horse A computer program That appears as a useful program like a game, a screen saver, etc. But, is really a program designed to do damage or to open the door for a hacker to take control of the host computer When executed, a Trojan horse could Format disks Delete files Allow a remote computer to take control of the host computer. This kind of Trojan is called Back Door. NetBus and SubSeven used to be attackers favorite programs for target remote control 22 Trojan horse NetBus Interface 23 Review Questions What is a type of malware that spreads itself, not just from file to file, but also from computer to computer? a) Computer virus b) Worm c) Trojan horse d) None of the above What is a malware that opens a way into the network for future attacks? a) Open Door b) Worm c) Back Door d) Trojan horse 24 8

Open Mail Server Most content attack messages are sent through Open Mail Servers Improperly configured Mail Servers that accept fake outgoing email addresses) 25 Open Mail Server Question: How can you protect a stand-alone computer or a network against malicious content attacks? 26 Protocol Part Message Protection against content attacks Antivirus controls PC-based antivirus control Network antivirus control Application Firewalls Catch every incoming message to check for illicit content in the Message part If illicit content detected, message is blocked Legitimate Message Checked Message Attacker Illicit Message Application Firewall Target 27 9

System Intrusion System intrusion: Gaining unauthorized access to a computer system by an intruder A hacker is an intruder who breaks into a computer system without authorization. [supposedly] Not causing damage [supposedly] Not stealing information A cracker is an intruder who breaks into a computer system to cause damage and/or to steal information Script kiddies are young people with little programming skills who use publicly available software to breach into systems 28 Summary Questions Book Notes 1) Distinguish between Tear-drop and ping-of-death 15 attacks. 2) What is an illicit content attack? What is the difference between a virus, a worm, and a Trojan horse? How could a stand-alone computer or a network be a victim 21-23 of an illicit content attack? 3) What is an Open Mail server? How could you protect a 25, 26 stand-alone computer or a network against illicit content attacks? 4) What is a packet firewall? An application firewall? 19, 27 5) What is meant by social engineering? Ping messages? 10 29 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback