Network Security July 1

Post on 19-Oct-2014

371 views 2 download

Tags:

description

 

Transcript of Network Security July 1

Network SecurityJuly 1, 2013

Who are the enemies?HackersUnaware StaffDisgruntled StaffSnoops

HackersComputer enthusiasts

who breaks in and leave their footprints

Crackers-more malicious, crashing entire computer system, stealing, damaging, confidential data, defacing web pages and disrupting business

Some amateur hackers merely locate hacking tools online and deploy them without much understanding of how they work or their effects.

Unaware employeesEmployees can unconsciously

cause other security breaches including the accidental contraction and spreading of computer viruses.

Unaware employeesEmployees who transport data

via floppy disks can unwittingly infect their corporate networks with viruses they picked up from computers in copy centers or libraries.

According to survey, “Ninety-one percent of

respondents detected employee abuse of Internet access privileges.”

—Annual Computer Security Institute and FBI Survey, 2001

Disgruntled StaffAngry employees, often those

who have been reprimanded, fired, or laid off, might vindictively infect their corporate networks with viruses or intentionally delete crucial files.

Snoops

Employees known as “snoops” partake in corporate espionage, gaining unauthorized access to confidential data in order to provide competitors with otherwise inaccessible information.

Others are simply satisfying their personal curiosities by accessing private information, such as financial data, a romantic e-mail correspondence between coworkers, or the salary of a colleague.

Some of these activities might be relatively harmless, but others, such as previewing private financial, patient, or human resources data, are far more serious, can be damaging to reputations, and can cause financial liability for a company.

Computer Security

Attributes

Attack Methods Technology for Internet Security

Confidentiality Eavesdropping, Hacking, Phishing, DoS and IP Spoofing

IDS, Firewalling, Cryptographic Systems, IP Sec and SSL

Integrity Viruses, Worms, Trojans, Eavesdropping, DoS, IP Spoofing

IDS, Firewall, Anti-Malware, Software, IPSec and SSL

Privacy Email bombing, Spamming, Hacking, DoS and Cookies

IDS, Firewall, Anti-Malware, Software, IPSec and SSL

Availability DoS, Email, bombing, Spamming and system boot record infectors

IDS, Anti Malware Software and Firewall

Attack MethodsEavesdroppingVirusesWormsTrojansPhishingIP Spoofing AttacksDenial of Service

EavesdroppingInterception of communications

by an unauthorized partyPassive eavesdropping is when

the person only secretly listens to the networked messages.

Active eavesdropping is when the intruder listens and inserts something into the communication stream.

VirusesViruses are self‐replication

programs that use files to infect and propagate

WormsA worm is similar to a virus

because they both are self‐replicating, but the worm does not require a file to allow it to propagate.

TrojansTrojans appear to be benign

programs to the user, but will actually have some malicious purpose.

PhishingPhishing is an attempt to obtain

confidential information from an individual, group, or organization

Phishers trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information.

IP SpoofingSpoofing means to have the

address of the computer mirror the address of a trusted computer in order to gain access to other computers.

With the current IP protocol technology, Ipspoofed packets cannot be eliminated

Denial of Service (DoS)Denial of Service is an attack

when the system receiving too many requests cannot return communication with the requestors