11MANAGING SECURITYBUS3500 - Abdou Illia, Spring 2007(Week 15, Thursday 4/19/2007)2LEARNING GOALS Discuss the major threats to information systems. Describe protection systems Describe the major components of an information systems security plan.3The Security Problem 2002 Computer Crime and Security Survey 90% of large companies and government agencies reported computer security breach 80% reported sizeable financial loss Only 40% indicated security attacks came from outside the company 85% reported as victim of computer virus24Attack strategy 1 Scanning Ping messages (To know if a potential victim exist) Supervisory messages (To know if victim available) Tracert, Traceroute (to know about security systems) Check the Internet (e.g. www.cert.org) for latest systems vulnerabilities Use Brute Force attack or Dictionary attack Trying millions of usernames and passwords Use Social engineering strategy to get other information Tricking employees to provide passwords, keys and other info.5Attack strategy 2 Examining data that responses reveal Users login names and password IP addresses of potential victims What services servers are running; different services have different weaknesses Potential victim’s operating systems, version number, etc.Deciding types of attacks DoS attacks using servers valid IP addresses Ping of Death on servers with older operating systems Illicit content attacks using identified Open Mail servers System intrusion on improperly configured servers Launch the attacks6Major security threats Denial of Service (DoS) attacks The attacker makes a target (usually a server) deny service to legitimate users Content attack Sending messages with illicit or malicious content System intrusion Getting unauthorized access to a network37Tear Drop DoS Sending a stream of request messages to the target Making the target run very slowly or crash Objective is to have the target deny service to legitimate usersDoS requestsServerAttackerhttp://www.netscantools.com/nstpro_netscanner.htmlLegitimate userLegitimate userLegitimate requestLegitimate request8Ping of Death attacks Take advantage of Some operating systems inability to handle packets larger than 65 536 bytes Attacker sends request message that are larger than 65,536 bytes (i.e. oversized packets) Most operating systems have been fixed to prevent this type of attack from occurring, but occurred recently on Win Server 2003 systems9Defense against Tear Drop DoS Usually, Tear Drop attack messages Include Heading fields that might hide false identityIP-HIP-HTCP-HUDP-H Application Layer MessageApplication Layer MessageDefense systems for protecting against DoS attacks are designed to check message headers. Could be PacketFirewalls or Intrusion Detection Systems (IDS)410Firewall? A security system that implement an access control policy between two networks Usually between the corporate network and an external network. A firewall is configured to decide: The types of messages that enters a network The types of messages that leaves the network11Content attacks Incoming messages with: Malicious content (or malware) Viruses (infect files on a single computer) Worms (Propagate across system by themselves) Trojan horses (programs designed to damage or take control of the host computer) Illicit content Pornography Sexually or racially harassing e-mails Spams (unsolicited commercial e-mails)Q: Besides through emails, how can a computer system be a victimof a virus, worm, or Trojan horse attack.12Trojan horse A computer program That appears as a useful program like a game, a screen saver, etc. But, is really a program designed to damageor take control of the host computer When executed, a Trojan horse could Format disks Delete files Allow a remote computer to take control of the host computer NetBus and SubSeven used to be attackers’ favorite programs for target remote control513Trojan horseNetBus Interface14Question How could a computer system or a network be a victim of malicious or illicit content attacks?15Open Mail Server Most content attack messages are sent through Open Mail Servers Improperly configured Mail Servers that accept fake outgoing email addresses)Q: How can you protect a stand-alone computer or a network against malicious content attacks?616Open Mail Server17Protection against content attacks Antivirus controls Application Firewalls Catch every incoming message to check for illicit content in its data field If illicit content detected, message is blockedApplicationFirewallAttackerTargetLegitimate MessageChecked MessageIllicit Message18System Intrusion Gaining unauthorized access to a computer system by an intruder A hacker is an intruder who breaks into a computer system to learn about it Not to cause damage Not to steal information A cracker is an intruder who breaks into a computer system to cause damage and/or to steal information Script kiddies are people with little programming skills who use publicly available software to breach into systems719Intrusion Detection Systems Software or hardware device that Capture network activity data in log files Generate alarms in case of suspicious activities20Information Security Plan Goal: manage the risks and lessen the possibility that security breach occurs Three main aspects1) Technical Security solution2) Security policies and procedures3) Security education program21Continued…82223Risk Analysis Assess what systems get what levels of security Two approaches Quantitative Estimate probability of threat and monetary loss Qualitative Determines each system’s importance and the possible threats and vulnerabilities Organization then ranks systems24Roles and Responsibilities Determine who is responsible for the two main aspects of system security Information security (digital security) Physical security Chief Security Officer Charged with maintaining both physical and information security in large organizations925Systems Configuration Details how an organization’s information systems should be put together and connected Poorly written software can be a major security vulnerability Software must be updated frequently CERT Advisory Mailing List Microsoft Windows Update
View Full Document