Part 1. Fundamentals of Computer Networks Security and Information Assurance PDF

SYSTEM AND INFORMATION
SECURITY Part 1:
Fundamentals of Computer Network

Security
& Information assurance
10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 1

Introduction to Computer
Security

Introduction
 The Internet has transformed our lives in
many good ways.
 Unfortunately, this vast network and its
associated technologies also have brought in
their wake, the increasing number of security
threats.
 The most effective way to protect yourself
from these threats and attacks is to be aware
of standard cybersecurity practices.
 This presents an introduction to computer
security and its key concepts.

What is computer security?
 Computer security basically is the protection of
computer systems and information from harm,
theft, and unauthorized use.
 It is the process of preventing and detecting
unauthorized use of your computer system.
 Often people confuse computer security
with other related terms like information
security and cybersecurity.
 One way to ascertain the similarities and
differences among these terms is by asking
what is being secured

Nuances in three terms
 Information security is securing information
from unauthorized access, modification & deletion
 Computer Security means securing a standalone
machine by keeping it updated and patched
 Cybersecurity is defined as protecting computer
systems, which communicate over the
computer networks
 It’s important to understand the distinction
between these words, though there
isn’t necessarily a clear consensus on the meanings
and the degree to which they overlap or are
interchangeable.
Computer security
 So, Computer security can be defined as controls that
are put in place to provide confidentiality, integrity, and
availability for all components of computer systems.
Components of computer system
 The components of a computer system that needs to be
protected are:
 Hardware, the physical part of the computer, like the system
memory and disk drive
 Firmware, permanent software that is etched into a
hardware device’s nonvolatile memory and is mostly
invisible to the user
 Software, the programming that offers services,
like operating system, word processor, internet browser
etc 10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 6
Information ASSURANCE

Data & Information
 Data are the factual elements that describe
objects or events.
 They represent the raw numbers and raw text
you gather from your investigations.
 Information represents data that have been
processed in order to provide you with some
insight into their meaning.
 In other words, the data have been analyzed,
summarized and processed into a more
understandable and useful format.
 Converting your data into information may lead
to graphs, charts and text or tables summarizing
facts

Data, Information, Knowledge,
Wisdom and Theory

Information assurance -
Definition
 Information assurance (IA) is about protecting your
information assets from destruction, degradation,
manipulation and exploitation by an opponent (DoD,1996).
 Actions taken that protect and defend information and
information systems by ensuring their availability,
integrity, authentication, confidentiality and
nonrepudiation. This includes providing for restoration of
information systems by incorporating protection, detection
and reaction capabilities.
 “Information assurance is the confidence that the
information assets will protect the information they handle
and will function as they need to, when they need to, under
the control of legitimate users.”

Information security -
Definition
 “The protection of information against unauthorized
disclosure, transfer, modification, or destruction,
whether accidental or intentional.”
 BS7799/ISO17799 defines information security as the
preservation of confidentiality, integrity and
availability of information.
 Information security and Information Assurance are
concerned with both intentional and unintentional
attacks.
 Information assurance covers those areas that are
not covered by the information security such as
perception management.
Threat & Risk
 In information security, an exposure is a form of possible
loss or harm against an information asset. That information
asset may be either logically based (i.e. 1’s and 0’s inside a
computer) or physically based (i.e. hardware).
 Examples of exposure include unauthorized disclosure of
data, modification of data or denial of legitimate access to
the information asset.
 This type of exposure is often referred to as risk.
 ISO13335 defines risk and threat as: “Risk is the potential that
a given threat will exploit vulnerabilities of an asset or group
of assets and thereby cause harm to the organization.
 The threat is the potential cause of an incident that may result
in harm to a system or organization.”

Threat
A party with potential to do a harm to a system

or organization

Vulnerability assessment
Some questions to ask

Vulnerability Assessment(2)

RISK
Risk= Threat * vulnerability

Risk= Impact (vulnerability getting exploited) * frequency

NIST RISK MANAGEMENT
FRAMEWORK (SP 800-37)

Risk Management Steps

ISO27005 OVERVIEW (2)

Characteristics of Information
Assurance
 Information assurance can be considered
at three levels:
◦ physical,
◦ information infrastructure and
◦ perceptual.

Characteristics of the Physical Level

Characteristics of Information
Structure Level

Characteristics of the perception
level

Information Assurance /
Information Operations
 Information assurance is sometimes referred to as information
operations (IOs) that protect and defend information systems by
ensuring their availability, integrity, authentication, confidentiality and non-
repudiation.
 This includes providing for restoration of information systems by
incorporating protection, detection and reaction capabilities.
 Information assurance is concerned with the containment of, and recovery
from, an attack.
 It also defines how attacks are to be detected through the use of a set of
indicators and warnings, and how once an attack has occurred we should
respond to the attack.
 In addition, the IA deals with deterring attacks and the application of
legislation designed to address issues of privacy, computer-related crime,
computer forensics and the like.
 The term “IO” is used to refer to actions taken to affect an opponent’s
information and information systems while defending one’s own
information and information systems.10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 26
Information Security in Context

Information Security in Context
(2)
 The owner possesses a set of assets that have value to the
owner.
 The owner may be aware of a set of vulnerabilities that could
lead to the loss of an asset.
 In order to protect the asset, the owner imposes a set of
protection and defensive countermeasures on the asset in
the belief that by doing so that owner is protecting the asset
from possible loss, exploitation, abuse or damage by a threat-
agent.
 The threat-agents are the parties that give rise to the threats to
the assets of the system.
 An asset can be a physical component of a system, such as a
hard disk, or it can be a logical component of a system such as
a file stored on a hard disk. 10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 28
The Process of Risk Management

Interruption, Interception,
Modification and Fabrication
The following factors adversely impact the Information Assurance:
Interruption:
• In an interruption, an information asset of the system becomes
unusable, unavailable or lost.
• For example, the physical theft or physical destruction of a
computer system would be viewed as an interruption.
• The removal of information or software from an information system
would also be viewed as an interruption.
Interception:
• An interception means that some unauthorized party has gained
access to an information asset.
• The party can be a program, computer system or person.
• For example, recording a telephone conversation or monitoring a
computer network can be viewed as interception .
Interruption, Interception,
Modification and Fabrication
Modification:
• Modification of an asset means that some
unauthorized party tampers with the asset.
• For example, the unauthorized installation of
monitoring software or hardware, or the
unauthorized insertion, manipulation or deletion
of information can be viewed as modification.
Fabrication:
• Fabrication of an asset means the counterfeiting
of an asset.
• For example, an intruder may insert spurious
transactions into a computer network.

Nature of the Threat
 All a person needs to enter the world of Information Warfare
(IW) is motive, means and opportunity.
◦ A motive is a function of the players’ concerns, commitments
and beliefs.
◦ Means are determined capabilities and availability of
technical and information-based resources.
◦ An opportunity is a function of access and also includes other
factors such as perception and belief.
 For example,
◦ Many individuals may believe in their cause so much that they are prepared to
go to prison for it.
◦ However, most do not believe they will be caught.
 Although anyone can engage in offensive IW, in general offensive
players in the world of IW come in six types: insiders,
hackers, criminals, corporations, governments and
terrorists 10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 32
Security threats.

Defense mechanisms localization

IT security mechanisms
locations.

Firewalls

Three layers of
network security measures.

The Hacking Process

Why Is Computer and Network
Security Important?
 It is crucial for organizations to define why
they want to achieve computer security to
determine how they will achieve it.
 It is also a useful tool to employ when
seeking senior management's authorization
for security-related expenditures.
 Computer and network security is
important for the following reasons:

To protect company assets:
 One of the primary goals of computer and network
security is the protection of company assets.
 The assets are comprised of the "information" that
is housed on a company's computers and networks.
Information is a vital organizational asset.
 Network and computer security is concerned, above
all else, with the protection, integrity, and availability
of information.
 Information can be defined as data that is organized
and accessible in a coherent and meaningful manner.

To gain a competitive
advantage:
 Developing and maintaining effective security measures
can provide an organization with a competitive
advantage over its competitors.
 Network security is particularly important in the arena
of Internet financial services and e-commerce. It can
mean the difference between wide acceptance of a
service and a mediocre customer response.
For example, how many people do you know who would
use a bank's Internet banking system if they knew
that the system had been successfully hacked in the
past? Not many.
They would go to the competition for their Internet
banking services. 10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 41
To comply with regulatory
requirements and fiduciary
responsibilities:
 Corporate officers of every company have a

responsibility to ensure the safety and soundness
of the organization.
 Part of that responsibility includes ensuring the
continuing operation of the organization.
Accordingly, organizations that rely on computers
for their continuing operation must develop
policies and procedures that address
organizational security requirements.
To comply with regulatory requirements
and fiduciary responsibilities (followed):
 Such policies and procedures are necessary not only to protect
company assets but also to protect the organization from liability.
 For-profit organizations must also protect shareholders'
investments and maximize return.
 Many organizations are subject to governmental regulation,
which often stipulates requirements for the safety and security of an
organization.
 For example, most financial institutions are subject to federal
regulation.
  Failure to comply with federal guidelines can result in the seizure
of a financial institution by federal regulators. In some cases,
corporate officers who have not properly performed their
regulatory and fiduciary responsibilities are personally liable for any
losses incurred by the financial institution that employs them.
To keep your job:
 Finally, to secure one's position within an organization and to ensure
future career prospects, it is important to put into place measures that
protect organizational assets.
Security should be part of every network or systems administrator's job.
Failure to perform adequately can result in termination.
 Termination should not be the automatic result of a security failure, but if,
after a thorough postmortem, it is determined that the failure was the
result of inadequate policies and procedures or failure to comply with
existing procedures, then management needs to step in and make some
changes.
 One thing to keep in mind is that network security costs money: to hire,
train, and retain personnel; to buy hardware and software to secure an
organization's networks; and to pay for the increased overhead and
degraded network and system performance that results from firewalls,
filters, and intrusion detection systems (IDSs).
 As a result, network security is not cheap. However, it is probably cheaper
than the costs associated with having an organization's network
compromised 10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 44
 Security Trinity

The Security Trinity
 The three legs of the "security trinity," prevention, detection, and
response, comprise the basis for network security. The security trinity
should be the foundation for all security policies and measures that an
organization develops and deploys.
Prevention/Protection
 The foundation of the security trinity is prevention. To provide some level
of security, it is necessary to implement measures to prevent the
exploitation of vulnerabilities. In developing network security
schemes, organizations should emphasize preventative measures over
detection and response: It is easier, more efficient, and much more cost-
effective to prevent a security breach than to detect or respond to one.
 Remember that it is impossible to devise a security scheme that will
prevent all vulnerabilities from being exploited, but companies should
ensure that their preventative measures are strong enough to
discourage potential criminals-so they go to an easier target.

The Security Trinity (2)
Detection
 Once preventative measures are implemented,
procedures need to be put in place to detect
potential problems or security breaches; in the event
preventative measures fail.
 It is very important that problems be detected
immediately. The sooner a problem is detected the
easier it is to correct and cleanup.
Response/Reaction
 Organizations need to develop a plan that identifies
the appropriate response to a security breach. The
plan should be in writing and should identify who is
responsible for what actions and the varying
responses and levels of escalation.

The Security Trinity (3)
 Before beginning a meaningful discussion on
computer and network security, we need to define
what it entails.
◦ First, network security is not a technical problem; it is a
business and people problem. The technology is the
easy part. The difficult part is developing a security
plan that fits the organization's business operation
and getting people to comply with the plan.
◦ Next, companies need to answer some fundamental
questions, including the following:
• How do you define network security?
• How do you determine what is an adequate
level of security?
 To answer these questions, it is necessary to
determine what you are trying to protect.

 Information Security
Network security is concerned, above all else, with
the security of company information assets. We often
lose sight of the fact that it is the information and
our ability to access that information that we
are really trying to protect-and not the
computers and networks. A simple definition for
information security:
Information security = Confidentiality
+ Integrity
+ Availability
+ authentication

Security Trinity (4)
There can be no information security without
confidentiality; this ensures that unauthorized users
do not intercept, copy, or replicate information.
At the same time, integrity is necessary so that
organizations have enough confidence in the accuracy of
the information to act upon it.
 Moreover, information security requires organizations
to be able to retrieve data; security measures are
worthless if organizations cannot gain access to the
vital information they need to operate when they
need it.
Finally, information is not secure without
authentication determining whether the end user is
authorized to have access. 10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 50
Security trinity (5)
 Among the many elements of information security are ensuring
adequate physical security; hiring proper personnel; developing,
and adhering to, procedures and policies; strengthening and
monitoring networks and systems; and developing secure
applications. It is important to remember that information security
is not just about protecting assets from outside hackers.
 The majority of the time threats are internal to an organization:
"We have found the enemy and it is us."
 Information security is also about procedures and policies that
protect information from accidents, incompetence, and natural
disasters. Such policies and procedures need to address the
following:
• Backups, configuration controls, and media controls;
• Disaster recovery and contingency planning;
• Data integrity. 10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 51
 It is also important to remember that network security is not
absolute. All security is relative.
 Network security should be thought of as a spectrum that runs from very
unsecure to very secure. The level of security for a system or
network is dependent on where it lands along that spectrum
relative to other systems.
 It is either more secure or less secure than other systems relative to that
point. There is no such thing as an absolutely secure network or
system.
 Network security is a balancing act that requires the deployment of
"proportionate defenses.“ The defenses that are deployed or
implemented should be proportionate to the threat.
 Organizations determine what is appropriate in several ways, described as
follows.
• Balancing the cost of security against the value of the assets they are
protecting;
• Balancing the probable against the possible;
• Balancing business needs against10/21/2019
securityPrepared
needs.by ZIRARUSHYA Pierre Celestin 52
General Security Risk Assessment

 Organizations must determine how much it would cost to have each
system or network compromised - in other words, how much it would
cost in “dollars” to lose information or access to the system or
to experience information theft.
 By assigning a dollar value to the cost of having a system or network
compromised, organizations can determine the upper limit they should be
willing to pay to protect their systems.
 For many organizations this exercise is not necessary, because the systems
are the lifeblood of the business. Without them, there is no organization.
 Organizations also need to balance the cost of security against the cost
of a security breech.
 Generally, as the investment in security increases, the expected losses
should decrease.
 Companies should invest no more in security than the value of the
assets they are protecting.
 This is where cost benefit analysis comes into play.
 Moreover, organizations must balance possible threats against probable
threats:
 As it is impossible to defend against every possible type of attack, it is
necessary to determine what types of threats or attacks have the greatest
probability of occurring and then protect against them.
 For example, it is possible that an organization could be subjected to van
Eck Monitoring or a high-energy radio frequency (HERF) attack , but the
probability is low.
 It is also important to balance business needs with the need for security,
assessing the operational impact of implementing security measures.
 Security measures and procedures that interfere with the operation of an
organization are of little value.
 Those types of measures are usually ignored or circumvented by company
personnel, so they tend to create, rather than plug, security holes.
Whenever possible, security measures should complement the operational
and business needs of an organization.
WHAT MAKE A NETWORK
VULNERABLE
 An isolated home user or a stand-alone office with a
few employees is an unlikely target for many attacks. But
add a network to the mix and the risk rises sharply.
Consider how a network differs from a stand-alone
environment:
 Anonymity. An attacker can mount an attack from
thousands of miles away and never come into direct
contact with the system, its administrators, or users.
The potential attacker is thus safe behind an electronic
shield.
 The attack can be passed through many other hosts in
an effort to disguise the attack's origin.

 Many points of attack both targets and origins.
A simple computing system is a self-contained
unit. Access controls on one machine preserve the
confidentiality of data on that processor. However,
when a file is stored in a network host remote from
the user, the data or the file itself may pass through
many hosts to get to the user.
 One host's administrator may enforce rigorous
security policies, but that administrator has no
control over other hosts in the network. Thus, the
user must depend on the access control
mechanisms in each of these systems. An attack
can come from any host to any host, so that a large
network offers many points of vulnerability.
WHAT MAKE A NETWORK
VULNERABLE (2)
 Sharing. Because networks enable
resource and workload sharing, more
users have the potential to access
networked systems than on single
computers. Perhaps worse, access is
afforded to more systems, so that access
controls for single systems may be
inadequate in networks.

WHAT MAKE A NETWORK
VULNERABLE (3)
 Complexity of system. operating system is a complicated piece
of software. Reliable security is difficult, if not impossible, on a large
operating system, especially one not designed specifically for
security. A network combines two or more possibly dissimilar
operating systems. Therefore, a network operating/control system
is likely to be more complex than an operating system for a single
computing system. Furthermore, the ordinary desktop computer
today has greater computing power than did many office
computers in the last two decades.
 The attacker can use this power to advantage by causing the
victim's computer to perform part of the attack's computation.
 And because an average computer is so powerful, most users do
not know what their computers are really doing at any moment.
 This complexity diminishes confidence in the network's security.
WHAT MAKE A NETWORK VULNERABLE (4)
 Unknown perimeter. A network's expandability also implies
uncertainty about the network boundary. One host may be a node
on two different networks, so resources on one network are
accessible to the users of the other network as well.
 Although wide accessibility is an advantage, this unknown or
uncontrolled group of possibly malicious users is a security
disadvantage.
 A similar problem occurs when new hosts can be added to the
network. Every network node must be able to react to the possible
presence of new, untrustable hosts.
 Figure below points out the problems in defining the boundaries of
a network. Notice, for example, that a user on a host in network D
may be unaware of the potential connections from users of
networks A and B. And the host in the middle of networks A and B
in fact belongs to A, B, C, and E. If there are different security rules
for these networks, to what rules is that host subject?
WHAT MAKE A NETWORK VULNERABLE
Unclear Network Boundaries

 Unknown path. Figure below illustrates that there may
be many paths from one host to another.
◦ Suppose that a user on host A1 wants to send a message to a user
on host B3.
◦ That message might be routed through hosts C or D before
arriving at host B3.
◦ Host C may provide acceptable security, but not D.
 Network users seldom have control over the routing of
their messages.
 Thus, a network differs significantly from a stand-alone,
local environment. Network characteristics significantly
increase the security risk.

COMPUTRER NETWORK
& INFORMATION
SECURITY THREATS

Computer security threats
 In simple language, computer security is making sure
information and computer components are usable but
still protected from people or software that shouldn’t
access it or modify it.
 Computer security threats
 Computer security threats are possible dangers that
can possibly hamper the normal functioning of your
computer.
 In the present age, cyber threats are constantly
increasing as the world is going digital. The most
harmful types of computer security are the following:
Threats and Solutions
 Information security must protect at its core the
data/information of the organization.
 However, surrounding the data are several layers.
These are the operating system, the
applications software, the computer and its
resources, the network, and the users.
 Each of these layers has different threats, and each
will have its own forms of security.
 As some threats occur at multiple levels, we will
address the threats rather than the layers.
 However, information security is not complete
without protecting every layer.
1.Social engineering
 Social engineering is a threat that targets users.
 The idea is that a user is a weak link in that he or she can
be tricked, and often fairly easily.
 A simple example of a social engineering attack works
like this:
◦ You receive a phone call at home one evening. The voice
identifies itself as IT and says that “because of a server
failure, they need your password to recreate your
account. Without your password, all of your data may be
lost”.You tell them your password.
 Now they can break into your account because they
are not IT but in fact someone with malicious intent.
Social engineering (2)
 Social engineering has been used to
successfully obtain people’s passwords, bank
account numbers, credit card numbers, social
security numbers, PIN (personal
identification number) values, and other
confidential information.
 In a social setting, you are far more likely to
divulge information that a clever hacker
could then use to break your password: Pets’
name for pets lovers, loved ones, name, etc.
2. Phishing
 A variation on social engineering is to trick a user by faking
information electronically.
 Phishing involves e-mails to people to redirect them to a website
to perform some operation.
◦ The website, however, is not what it seems.
◦ For instance, someone might mock up a website to make it look
like a credit card company’s site.
◦ Now an e-mail is sent to some of the credit card company
customers informing them that they need to log into their
accounts or else the accounts will be closed.
◦ The link enclosed in the e-mail, however, directs them to the
mocked up website.
 The user clicks on the link and is taken to the phony website.
There, the user enters secure information (passwords, credit
card number, etc.) but unknowingly, this information is made
available to the wrong person.10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 68
Phishing and botnet
 Disguising as a trustworthy person or business,
phishers attempt to steal sensitive financial or
personal information through fraudulent email or
instant messages.
 Phishing is unfortunately very easy to execute.
 You are deluded into thinking it’s the legitimate mail
and you may enter your personal information.
• A botnet is a group of computers connected to the

internet, that have been compromised by a hacker using a
computer virus.
• An individual computer is called ‘zombie computer’. The
result of this threat is the victim’s computer, which is the
bot will be used for malicious activities and for a larger
scale attack like DDoS.
3. Protocol attacks
 Another class of threat attacks the computer system itself whether
the attack targets the network, application software, or operating
system.
 In a protocol attack, one attempts to obtain access to a
computer system by exploiting a weakness or flaw in a protocol.
 There are, for instance, known security problems in TCP/IP
(Transmission Control Protocol/Internet Protocol).
 One approach is called TCP Hijacking, in which an attacker spoofs
a host computer in a network using the host computer’s IP address,
essentially cutting that host off from its network.
 Many forms of protocol attacks are used as a form of
reconnaissance in order to obtain information about a computer
network, as a prelude to the actual attack.
Protocol attacks (2)
 An ICMP (Internet Control Message Protocol)
attack might use the ping program to find out the
IP addresses of various hosts in a computer
network.
 Once an attacker has discovered the IP addresses,
other forms of attack might be launched.
 A smurf attack combines IP spoofing and an
ICMP (ping) attack where the attacker spoofs
another device’s IP address to appear to be a part
of the network.
 Thus, the attacker is able to get around some of
the security mechanisms that might defeat a
normal ICMP attack.

4. Software exploits
 Software exploits vary depending on the
software in question.
 Two very popular forms of exploits are SQL
injections and buffer overflows.
 In the SQL injection, an attacker issues an SQL
command to a web server as part of the URL.
 The web server, which can accept queries as part
of the URL, is not expecting an SQL command.
 A query in a URL follows a “?” and includes a field
and a value, such as
ww.mysite.com/products.php?productid =
1.

Software exploits (2)
 In the previous case, the web page products.php most likely
accesses a database to retrieve the entry productid = 1.
 An SQL injection can follow the query to operate on that
database. For instance, the modified URL
www.mysite.com/products.php?product = 1; DROP
TABLE products would issue the SQL command DROP
TABLE products, which would delete the relation from the
database. If not protected against, the web server might pass
the SQL command onto the database.
 This SQL command could potentially do anything to the
database from returning secure records to deleting records
to changing the values in the records.

Software exploits (3)
 The buffer overflow is perhaps one of the oldest forms of
software exploit and is well known so that software engineers
should be able to protect against this when they write software.
 However, that is not always the case, and many pieces of software
are still susceptible to this attack.
 A buffer is merely a variable (typically an array) that stores a
collection of values and is of limited size.
 If the software does not ensure that insertions into the buffer are
limited to its size, then it is possible to insert into the buffer a
sufficient amount so that the memory locations after the array are
filled as well.
 Since memory stores both data and code, one could attempt to
overflow a buffer with malicious code.
 Once stored in memory, the processor could potentially execute
this code and thus perform the operations inserted by the attacker.
5.Intrusion
 Intrusion and other forms of active attacks commonly revolve
around first gaining unauthorized access into the computer
system.
 To gain entrance, the attacker must attempt to find a security
hole in the operating system or network, or obtain access by using
someone else’s account.
 To do so, the attacker will have to know a user’s account name and
password.
 As stated above, there are social engineering and phishing means of
obtaining passwords. Other means include writing a program that
continually attempts to log in to a user’s account by trying every
word of the dictionary.
 Another approach is to simply spy on a person to learn the
person’s password, perhaps by watching the person type it in.
 Another means of obtaining a password is through packet sniffing.
Intrusion (2)
 Aside from guessing people’s passwords,
there are other weaknesses in operating
systems that can be exploited to gain
entrance to the system.
 Once inside, the intruder then can unleash
their attack.
 The active attack could potentially do
anything from deleting data files, copying data
files, and altering data files to leaving behind
malicious code of some kind or creating a
backdoor account (a hidden account that
allows the attacker to log in at any time).
6.Insider Attack
 An even simpler approach to breaking through the
security of an IT system is through an inside job.
 If you know someone who has authorized access and
either can be bribed or influenced, then it is possible that
the attacker can delete, copy, or alter files, insert
malware, or otherwise learn about the nature of the
computer system through the person.
 This is perhaps one of the weakest links in any computer
system because the people are granted access in part
because they are being trusted.
 That trust, if violated, can cause more significant
problems than any form of intrusion.
7.Malware
 Malware is one of the worst types of attacks perpetrated on
individual users.
 The original form of malware was called a Trojan horse.
 The Trojan horse pretends to be one piece of software but is in fact
another.
 Imagine that you download an application that you think will be
very useful to you. However, the software, while pretending to be
that application, actually performs malicious operations on your file
system.
 A variation of the Trojan horse is the computer virus.
 The main differences are that the virus hides inside another,
executable, file, and has the ability to replicate itself so that it can
copy itself from one computer to another through a floppy disk
(back when we used them), flash drive, or e-mail attachment.
VIRUS
 A computer virus is a malicious
program which is loaded into the
user’s computer without user’s
knowledge.
 It replicates itself and infects the files
and programs on the user’s PC.
 The ultimate goal of a virus is to
ensure that the victim’s computer
will never be able to operate
properly or even at all.
WORMS
• A computer worm is a
software program that can
copy itself from one
computer to another,
without human interaction.

Worms
 Unlike a computer virus, which requires users to spread infected
files to other users, a worm is a harmful program that resides in the
active memory of the computer and duplicates itself.
 Worms differ from viruses in that they can propagate without
human intervention, sending copies of themselves to other
computers by e-mail or Internet Relay Chat (IRC).
 The negative impact of a worm attack on an organization’s
computers can be considerable:
◦ lost data and programs, lost productivity due to workers being
unable to use their computers;
◦ additional lost productivity as workers attempt to recover data
and programs, and
◦ lots of effort for IT workers to clean up the mess and restore
everything to as close to normal as possible.
Malware (2)
 Still other forms of malware are network worms that
attack computer networks.
 Spyware is often downloaded unknown to the user when
accessing websites.
 The spyware might spy on your browsing behavior at a
minimum, or report back to a website sensitive information
such as a credit card number that you entered into a web
form.
 Still another form of malware will hijack some of your
software. For instance, it might redirect your DNS
information to go to a different DNS, which rather than
responding with correct IP addresses provides phony
addresses that always take your web browser to the wrong
location(s).
Malware (3)
 One final form of attack that is common today,
particularly to websites, is the denial of service
attack.
 In the denial of service attack, one or more
attackers attempts to flood a server with so many
incoming messages that the server is unable to
handle normal business.
 One of the simplest ways to perform a denial of
service attack is to submit thousands or millions
(or more) HTTP requests.
 However, this only increases the traffic; it does
not necessarily restrict the server from
responding to all requests over time.

Malware (4)
 The above discussion is by no means a
complete list of the types of attacks that
have been tried. And, of course, new types
of attacks are being thought of every
year.
 What we need, to promote information
security, are protection mechanisms to
limit these threats to acceptable risks.
 Solutions are brought in from several
different approaches.

8. Rootkits
 A rootkit is a set of programs that enables its user to gain
administrator level access to a computer without the end user’s
consent or knowledge.
 Once installed, the attacker can gain full control of the system and even
obscure the presence of the rootkit from legitimate system administrators.
 Attackers can use the rootkit to execute files, access logs, monitor user
activity, and change the computer’s configuration.
 Rootkits are one part of a blended threat, consisting of the dropper,
loader, and rootkit.
 The dropper code gets the rootkit installation started and can be
activated by clicking on a link to a malicious Web site in an e-mail or
opening an infected .pdf file.
 The dropper launches the loader program and then deletes itself.
 The loader loads the rootkit into memory; at that point the computer has
been compromised.
 Rootkits are designed so cleverly that it is difficult to even discover if
they are installed on a computer. 10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 85
Rootkit & Keyloggers
 A rootkit is a computer program designed to
provide continued privileged access to a
computer while actively hiding its presence.
 Once a rootkit has been installed, the controller
of the rootkit will be able to remotely execute
files and change system configurations on the
host machine.
• Also known as a keystroke logger, keyloggers can
track the real-time activity of a user on his computer.
• It keeps a record of all the keystrokes made by user
keyboard.
• Keylogger is also a very powerful threat to steal
people’s login credential such as username and
password.
Note
 The above mentioned are perhaps the most
common security threats that you’ll come across.
 Apart from these, there are others like spyware,
wabbits, scareware, bluesnarfing and many
more.
 Fortunately, there are ways to protect yourself
against these attacks.
 https://securitytrails.com/blog/top-10-common-
network-security-threats-explained

Threats and Solutions

Solution to attacks
 First, the organization’s users must be
educated.
 By learning about social engineering,
phishing, and forms of spying, the users
can learn how to protect their passwords.
 Additionally, IT policies must ensure that
users only use strong passwords, and
change their passwords often.

Solution to attacks (2)
 In some cases, organizations use a different approach than
the password, which is sometimes referred to as “what you
know”. Instead, two other approaches are “what you have”
and “who you are”.
 In the former case, the access process includes possession of
some kind of key. The most common form of key is a key
card (swipe card). Perhaps this can be used along with a
password so that you must physically possess the key and
know the password to log in.
 In the latter case, the “who you are” constitutes some
physical aspect that cannot be reproduced. Biometrics are
used here; whether in the form of a fingerprint, voice
identification match, or even a lip print, the metric cannot
be duplicated.
Attack Solutions
Target Vulnerability Control
For further details click here

"Top 10 List" of Good Computing Practices
 Use passwords that can't be easily guessed, and protect your
passwords.
 Minimize storage of sensitive information.
 Beware of scams.
 Protect information when using the Internet and email.
 Make sure your computer is protected with anti-virus and all
necessary security "patches" and updates.
 Secure laptop computers and mobile devices at all times: Lock
them up or carry them with you.
 Shut down, lock, log off, or put your computer and other devices to
sleep before leaving them unattended, and make sure they require a
secure password to start up or wake-up.
 Don't install or download unknown or unsolicited programs/apps.
 Secure your area before leaving it unattended.
 Make backup copies of files or data you are not willing to lose.
Demos: Data breaches (1) and
internet threat scenario(2)
 https://informationisbeautiful.net/visualizat
ions/worlds-biggest-data-breaches-hacks/
 https://www.fireeye.com/cyber-
map/threat-map.html

Part 1. Fundamentals of Computer Networks Security and Information Assurance PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Part 1. Fundamentals of Computer Networks Security and Information Assurance PDF

Uploaded by

Copyright:

Available Formats

SYSTEM AND INFORMATION

Fundamentals of Computer Network

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 1

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 2

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 3

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 4

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 7

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 8

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 9

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 10

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 12

A party with potential to do a harm to a system

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 13

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 15

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 16

Risk= Threat * vulnerability

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 17

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 18

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 19

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 21

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 22

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 23

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 24

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 25

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 27

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 29

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 31

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 33

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 34

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 35

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 36

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 37

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 38

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 39

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 40

 Corporate officers of every company have a

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 45

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 46

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 47

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 48

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 49

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 53

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 56

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 58

Unclear Network Boundaries

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 61

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 62

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 63

• A botnet is a group of computers connected to the

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 71

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 72

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 73

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 80

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 83

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 84

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 87

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 88

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 89

Target Vulnerability Control

For further details click here

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 91

10/21/2019 Prepared by ZIRARUSHYA Pierre Celestin 94