Scribd
Upload
39 views27 pages

Easttom PPT 01 Final

Slides to help study

Uploaded by

jimishag04
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
39 views27 pages

Easttom PPT 01 Final

Slides to help study

Uploaded by

jimishag04
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

Computer Security

Fundamentals

Chuck Easttom

!"#$%&'()(*+%',-./%0,+(%,(%,(!,1$.%&'(2&/.'0%3
Chapter 1 Objectives

n Identify top threats to a computer network


n Assess the likelihood of an attack
n Define key terms like cracker, sneaker,
firewall, and authentication
n Compare and contrast perimeter and layered
approaches to network security
n Use online resources

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 2


Introduction

n Computer systems and networks are all


around us.
q Online banking
q Automated supermarket checkouts
q Online classes
q Online shopping
q Online travel resources

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 3


Introduction (cont.)

n How is personal information safeguarded?


n What are the vulnerabilities?
n What secures these systems?

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 4


How Seriously Should You Take
Threats to Network Security?

n Which group do you belong to?

q “No one is coming after my computer.”

q “The sky is falling!”

q Middle ground.

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 5


Computing Risk 6
Exposure Factor The Exposure Factor (EF) is the
percentage of value an asset lost due to an incident.
Single Loss Expectancy The Single Loss Expectancy
(SLE) is the cost of a single loss. SLE is the Asset Value
(AV) times the Exposure Factor (EF).
Annual Rate of Occurrence The Annual Rate of
Occurrence (ARO) is the number of losses you suffer per
year.
Annualized Loss Expectancy
The Annualized Loss Expectancy (ALE) is your yearly
cost due to a risk. It is calculated by multiplying the
Single Loss Expectancy (SLE) times the Annual Rate of
Occurrence (ARO).

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security


Basic formulas 7

n SLE = Asset Value (AV) * Exposure Factor (EF)


n Risk = Probability of the Risk * Cost of the Eventuality
n ALE = Single Loss Expectancy (SLE) * Annual Rate of
Occurrence (ARO)
Risk Matrix

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security


Risk

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security


Identifying Types of Threats

n Malware: MALicious softWARE


n Security Breaches
n DoS: Denial of Service attacks
n Web Attacks
n Session Hijacking
n DNS Poisoning
n Insider Threats

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 9


Malware

n Software with a malicious purpose


q Virus

q Trojan horse

q Spyware

q Logic Bomb

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 10


Malware (cont.)

Virus
q One of the two most common types
q Usually spreads through e-mail
q Uses system resources, causing slowdown or
stoppage

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 11


Malware (cont.)
Trojan Horse
q The other most
common kind of
malware
q Named after the
wooden horse of
ancient history

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 12


Malware (cont.)

Spyware
q The most rapidly growing types of malware
n Cookies
n Key logger

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 13


Malware (cont.)

Logic Bomb
q Lays dormant until some logical condition is met,
often a specific date.

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 14


Compromising System Security

Intrusions
q Attacks that break through
system resources
n Hackers
n Crackers
n Social engineering
n War-driving

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 15


Denial of Service Attacks

n The attacker does not


intrude into the system
but just blocks access
by authorized users.

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 16


Web Attacks

n The attacker attempts to


breach a web
application. Common
attacks of this type are
SQL injection and Cross
Site Scripting.

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 17


Session Hijacking

n This is a complex attack


that involves actually
taking over an
authenticated session.

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 18


DNS Poisoning

n This involves altering


DNS records on a DNS
server to redirect client
traffic to malicious
websites, usually for
identity theft.

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 19


Assessing the Likelihood of an Attack
on Your Network
n Viruses
q Catch up on new and refurbished viruses
n Unauthorized use of systems
q DoS attacks
q Intrusions
q Employee misuse

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 20


Basic Security Terminology

People:
q Hackers
n White hats
n Black hats
n Gray hats
q Script kiddies
q Sneakers
q Ethical hackers

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 21


Basic Security Terminology (cont.)

Devices
q Firewall
n Filters network traffic
q Proxy server
n Disguises IP address of internal host
q Intrusion Detection System
n Monitors traffic, looking for attempted attacks

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 22


Basic Security Terminology (cont.)

Activities
q Authentication
q Auditing

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 23


Network Security Paradigms

n How will youprotect your network?


q CIA Triangle
q Least Privileges
q Perimeter security approach
q Layered security approach
q Proactive versus reactive
q Hybrid security method

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 24


How Do Legal Issues Impact Network
Security?
n The Computer Security Act of 1987
n OMB Circular A-130
n See www.alw.nih.gov/Security/FIRST/papers/
legal/statelaw.txt for state computer laws
n Health Insurance Portability and
Accountability Act of 1996, HIPAA

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 25


Online Security Resources

n CERT
q www.cert.org
n Microsoft Security Advisor
q www.microsoft.com/security/default.mspx
n F-Secure
q www.f-secure.com
n SANS
q www.sans.org

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 26


Summary

n Network security is a constantly changing


field.
n You need three levels of knowledge.
q Take the courses necessary to learn the basic
techniques.
q Learn your enterprise system intimately, with all
its strengths and vulnerabilities.
q Keep current in the ever-changing world of threats
and exploits.

© 2019 by Pearson Education, Inc. Chapter 1 Introduction to Computer Security 27

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy