Professional Documents
Culture Documents
Presentation_ID
Agenda
SSA CATC
Presentation_ID
SSA CATC
Presentation_ID
National Security Telecommunications and Information Systems Security Committee (NSTISSC) Network security is the protection of information, and systems and hardware that use, store, and transmit that information Network security encompasses those steps that are taken to ensure the confidentiality, integrity, and availability of data or resources
Presentation_ID
The need for network security and its growth are driven by many factors:
1. Internet connectivity is 24/7 and is worldwide 2. Increase in cyber crime 3. Impact on business and individuals 4. Legislation 5. Proliferation of threats 6. Sophistication of threats
Presentation_ID
Business Impact
SSA CATC
1. Decrease in productivity 2. Release of unauthorized sensitive data 3. Threat of trade secrets or formulas 4. Compromise of reputation and trust 5. Loss of communications 6. Loss of time
Presentation_ID 2007 SSA CATC. All rights reserved
Sophistication of Threats
SSA CATC
Inexperienced individuals easily available tools
Presentation_ID
Legislation
SSA CATC
Federal and local government has passed legislation that holds organizations and individuals liable for mismanagement of sensitive data. These laws include: 1.The Health Insurance Portability and Accountability Act of 1996 (HIPAA) 2.The Sarbanes-Oxley Act of 2002 (Sarbox) 3.The Gramm-Leach-Blilely Act (GLBA) 4.US PATRIOT Act 2001
Presentation_ID
Presentation_ID
Presentation_ID
10
Broad document designed to be clearly applicable to an organization's operations used to aid in network design, convey security principles, and facilitate network deployments The network security policy outlines what assets need to be protected and gives guidance on how it should be protected Outlines rules for network access, determines how policies are enforced, and describes the basic architecture of the organization's network security environment Establishes a hierarchy of access permissions, giving employees only the minimal access necessary to perform their work
Presentation_ID
11
A network security policy drives all the steps to be taken to secure network resources Identifies critical assets Guidelines for what users can and cannot do = Acceptable User Policy (AUP)
Presentation_ID
12
Presentation_ID
13
Presentation_ID
14
SSA CATC
Presentation_ID
15
Phases of Attack
Probe phase
Vulnerable targets are identified through Reconnaissance Attacks Ping Sweeps and Port Scans Identify OSs and vulnerable software Hackers can obtain passwords using social engineering, dictionary attack, brute-force attack, network sniffing etc
SSA CATC
Penetrate phase
Exploit code is transferred to the vulnerable target
Persist phase
After the attack is successfully launched the code tries to persist on the target system The goal is to ensure that the attacker code is running and available to the attacker even if the system reboots Back doors, Trojans
Propagate phase
The attacker attempts to extend the attack to other targets by looking for vulnerable neighboring machines
Paralyze phase
Actual damage is done to the system Files can be erased, systems can crash, information can be stolen, and distributed DoS (DDoS) attacks can be launched
Presentation_ID 2007 SSA CATC. All rights reserved
16
Written to appear like a legitimate program, when in fact it is an attack tool Uses the network to send copies of itself to any connected hosts Worms can run independently and spread quickly
Presentation_ID
17
Anti-virus software is the most widely deployed security product on the market today Anti-virus products have update automation options so that new virus definitions and new software updates can be downloaded automatically or on demand Anti-virus products are host-based installed on computers and servers to detect and eliminate viruses however, they do not prevent viruses from entering the network
Presentation_ID
18
Anatomy of a Worm
SSA CATC
Enabling vulnerability a worm installs itself using an exploit mechanism (email attachment, executable file, Trojan Horse) on a vulnerable system Propagation mechanism after gaining access to a device, the worm replicates itself and locates new targets Payload any malicious code that results in some action most often this is used to create a backdoor to the infected host
Presentation_ID 2007 SSA CATC. All rights reserved
19
Worm Mitigation
contain spread of worm into network compartmentalize uninfected parts of your network
SSA CATC
track down each infected machine inside your network disconnect, remove, or block infected machines
Presentation_ID
20
Presentation_ID
21
SSA CATC
Cisco Network Admission Control (NAC) Turnkey solution to control network access It admits only hosts that are authenticated and have had their security posture examined and approved for the network
22
Presentation_ID
SSA CATC
Presentation_ID
23
Types of Attacks
SSA CATC
Reconnaissance Attacks Unauthorized discovery and mapping of systems, services, or vulnerabilities. Reconnaissance attacks often employ the use of packet sniffers and port scanners Access Attacks Exploit known vulnerabilities in authentication services, web services to gain entry to web accounts, confidential databases, and other sensitive information Often employs a dictionary attack to guess system passwords Denial of Service Attacks Send extremely large numbers of requests over a network or the Internet Cause the target device to run suboptimally Attacked device becomes unavailable for legitimate access and use
Presentation_ID
24
Presentation_ID
25
Trust exploitation - uses privileges granted to a system in an unauthorized way Port redirection - a compromised system is used as a jump-off point for attacks against other targets Man-in-the-middle attack - attacker is positioned in the middle of communications between two legitimate entities in order to read or modify the data that passes between the two parties Buffer overflow - program writes data beyond the allocated buffer memory. Buffer overflows usually arise as a consequence of a bug in a C or C++ program = valid data is overwritten or exploited to enable the execution of malicious code
Presentation_ID 2007 SSA CATC. All rights reserved
26
SSA CATC
Presentation_ID
27
Attacker scans for vulnerable devices (handlers) installs Zombie software infects agent devices used to launch attack
Presentation_ID 2007 SSA CATC. All rights reserved
28
Presentation_ID
29
Presentation_ID
30
Presentation_ID
31
Presentation_ID
32
1. Keep patches up to date by installing them weekly or daily, if possible, to prevent buffer overflow and privilege escalation attacks 2. Shut down unnecessary services and ports 3. Use strong passwords and change them often 4. Control physical access to systems 5. Avoid unnecessary web page inputs some websites allow users to enter usernames and passwords (plus additional info)
Presentation_ID
33
6. Perform backups and test the backed up files on a regular basis 7. Educate employees about the risks of social engineering, and develop strategies to validate identities over the phone, via email, or in person 8. Encrypt and password-protect sensitive data 9. Implement security hardware and software such as firewalls, IPSs, virtual private network (VPN) devices, anti-virus software 10. Develop a written security policy for the company
Presentation_ID
34
SSA CATC
Questions?
Presentation_ID
35
Chapter 1 Labs
SSA CATC
Lab-A
Presentation_ID
36