Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.
-
Upload
geraldine-stevenson -
Category
Documents
-
view
220 -
download
0
Transcript of Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.
![Page 1: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/1.jpg)
Framework
Chapter 1
Panko, Corporate Computer and Network SecurityCopyright 2002 Prentice-Hall
![Page 2: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/2.jpg)
2
Figure 1-1: CSI/FBI Computer Crime and Security Survey
How Bad is the Threat?
Survey conducted by the Computer Security Institute (http://www.gocsi.com).
Based on replies from 503 U.S. Computer Security Professionals.
If fewer than 20 firms reported quantified dollar losses, data for the threat are not shown.
![Page 3: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/3.jpg)
3
Figure 1-1: CSI/FBI Computer Crime and Security Survey
Threat Percent Reporting
an Incident 1997
Percent Reporting
an Incident 2002
Average Annual
Loss per Firm
(x1000) 1997
Average Annual
Loss per Firm
(x1000) 2002
Viruses 82% 85% $76 $283
Laptop Theft
58% 65% $38 $89
![Page 4: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/4.jpg)
4
Figure 1-1: CSI/FBI Computer Crime and Security Survey
Threat Percent Reporting
an Incident 1997
Percent Reporting
an Incident 2002
Average Annual
Loss per Firm
(x1000) 1997
Average Annual
Loss per Firm
(x1000) 2002
Denial of Service
24% 40% $77 $297
System Penetration
20% 40% $132 $226
Unauthorized Access by Insiders
40% 38% NA NA
![Page 5: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/5.jpg)
5
Figure 1-1: CSI/FBI Computer Crime and Security Survey
Threat Percent Reporting
an Incident 1997
Percent Reporting
an Incident 2002
Average Annual
Loss per Firm
(x1000) 1997
Average Annual
Loss per Firm
(x1000) 2002
Theft of Intellectual Property
20% 20% $954 $6,571
Financial Fraud
12% 12% $958 $4,632
Sabotage 14% 8% $164 $541
![Page 6: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/6.jpg)
6
Figure 1-1: CSI/FBI Computer Crime and Security Survey
Threat Percent Reporting
an Incident 1997
Percent Reporting
an Incident 2002
Average Annual
Loss per Firm
(x1000) 1997
Average Annual
Loss per Firm
(x1000) 2002
Telecom Fraud
27% 9% NA NA
Telecom Eaves-dropping
11% 6% NA NA
Active Wiretap
3% 1% NA NA
![Page 7: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/7.jpg)
7
Figure 1-2: Other Empirical Attack Data
Riptech
Analyzed 5.5 billion firewall log entries in 300 firms in five-month period
Detected 128,678 attacks—an annual rate of 1,000 per firm
Only 39% of attacks after viruses were removed were directed at individual firms
![Page 8: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/8.jpg)
8
Figure 1-2: Other Empirical Attack Data
Riptech
23% of all firms experienced a highly aggressive attack in a 6-month period
Only one percent of all attacks, highly aggressive attacks are 26 times more likely to do severe damage than even moderately sophisticated aggressive attacks
![Page 9: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/9.jpg)
9
Figure 1-2: Other Empirical Attack Data
SecurityFocus Data from 10,000 firms in 2001
Attack Frequency
129 million network scanning probes (13,000 per firm)
29 million website attacks (3,000 per firm)
6 million denial-of-service attacks (600 per firm)
![Page 10: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/10.jpg)
10
Figure 1-2: Other Empirical Attack Data
SecurityFocus Attack Targets
31 million Windows-specific attacks 22 million UNIX/LINUX attacks 7 million Cisco IOS attacks All operating systems are attacked!
![Page 11: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/11.jpg)
11
Figure 1-2: Other Empirical Attack Data
U.K. Department of Trade and Industry
Two-thirds of U.K. firms surveyed lost less than $15,000 from their worst incident
But 4% lost more than $725,000
![Page 12: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/12.jpg)
12
Figure 1-2: Other Empirical Attack Data
MessageLabs
One in every 200 to 400 e-mail messages is infected
Most e-mail users are sent infected e-mail several times each year
The percentage of e-mails that are infected is rising
![Page 13: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/13.jpg)
13
Figure 1-2: Other Empirical Attack Data
Honeynet project
Fake networks set up for adversaries to attack
To understand how adversaries attack
Windows 98 PC with open shares and no password compromised 5 times in 4 days
LINUX PCs took 3 days on average to compromise
![Page 14: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/14.jpg)
14
Figure 1-3: Attack Trends
Growing Incident Frequency Incidents reported to the Computer Emergency
Response Team/Coordination Center
1997: 2,134
1998: 3,474 (75% growth from the year before)
1999: 9,859 (164% growth from the year before)
2000: 21,756 (121% growth from the year before)
2001: 52,658 (142% growth from the year before)
Tomorrow?
![Page 15: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/15.jpg)
15
Figure 1-3: Attack Trends
Growing Randomness in Victim Selection
In the past, large firms were targeted
Now, targeting is increasingly random
No more security through obscurity for small firms and individuals
![Page 16: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/16.jpg)
16
Figure 1-3: Attack Trends
Growing Malevolence
Most early attacks were not malicious
Malicious attacks are becoming the norm
![Page 17: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/17.jpg)
17
Figure 1-3: Attack Trends
Growing Attack Automation
Attacks are automated, rather than humanly-directed
Essentially, viruses and worms are attack robots that travel among computers
Attack many computers in minutes or hours
![Page 18: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/18.jpg)
18
Figure 1-4: Framework for Attackers
Elite Hackers
Hacking: intentional access without authorization or in excess of authorization
Cracking versus hacking
Technical expertise and dogged persistence
Use attack scripts to automate actions, but this is not the essence of what they do
![Page 19: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/19.jpg)
19
Figure 1-4: Framework for Attackers
Elite Hackers
White hat hackers This is still illegal Break into system but notify firm or vendor of
vulnerability
Black hat hackers Do not hack to find and report vulnerabilities Gray hat hackers go back and forth between
the two ways of hacking
![Page 20: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/20.jpg)
20
Figure 1-4: Framework for Attackers
Elite Hackers
Hack but with code of ethics Codes of conduct are often amoral “Do no harm,” but delete log files, destroy
security settings, etc. Distrust of evil businesses and government Still illegal
Deviant psychology and hacker groups to reinforce deviance
![Page 21: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/21.jpg)
21
Figure 1-4: Framework for Attackers
Virus Writers and Releasers
Virus writers versus virus releasers
Only releasing viruses is punishable
![Page 22: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/22.jpg)
22
Figure 1-4: Framework for Attackers
Script Kiddies
Use prewritten attack scripts (kiddie scripts)
Viewed as lamers and script kiddies
Large numbers make dangerous
Noise of kiddie script attacks masks more sophisticated attacks
![Page 23: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/23.jpg)
23
Figure 1-4: Framework for Attackers
Criminals
Many attackers are ordinary garden-variety criminals
Credit card and identity theft
Stealing trade secrets (intellectual property)
Extortion
![Page 24: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/24.jpg)
24
Figure 1-4: Framework for Attackers
Corporate Employees
Have access and knowledge
Financial theft
Theft of trade secrets (intellectual property)
Sabotage
Consultants and contractors
IT and security staff are biggest danger
![Page 25: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/25.jpg)
25
Figure 1-4: Framework for Attackers
Cyberterrorism and Cyberwar
New level of danger
Infrastructure destruction
Attacks on IT infrastructure
Use IT to establish physical infrastructure (energy, banks, etc.)
![Page 26: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/26.jpg)
26
Figure 1-4: Framework for Attackers
Cyberterrorism and Cyberwar
Simultaneous multi-pronged attacks
Cyberterrorists by terrorist groups versus cyberwar by national governments
Amateur information warfare
![Page 27: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/27.jpg)
27
Figure 1-5: Framework for Attacks
Attacks
Physical AccessAttacks
--Wiretapping
Server HackingVandalism
Dialog Attacks--
EavesdroppingImpersonation
Message Alteration
PenetrationAttacks
Social Engineering--
Opening AttachmentsPassword Theft
Information Theft
Scanning(Probing) Break-in
Denial ofService
Malware--
VirusesWorms
![Page 28: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/28.jpg)
28
Figure 1-6: Attacks and Defenses (Study Figure)
Access Control
Access control is the body of strategies and practices that a company uses to prevent improper access
Prioritize assets
Specify access control technology and procedures for each asset
Test the protection
![Page 29: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/29.jpg)
29
Figure 1-6: Attacks and Defenses (Study Figure)
Site Access Attacks and Defenses
Wiretaps (including wireless LANs intrusions
Hacking servers with physical access
![Page 30: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/30.jpg)
30
Figure 1-6: Attacks and Defenses (Study Figure)
Social Engineering
Tricking an employee into giving out information or taking an action that reduces security or harms a system
Opening an e-mail attachment that may contain a virus
Asking for a password claming to be someone with rights to know it
Asking for a file to be sent to you
![Page 31: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/31.jpg)
31
Figure 1-6: Attacks and Defenses (Study Figure)
Social Engineering Defenses
Training
Enforcement through sanctions (punishment)
![Page 32: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/32.jpg)
32
Figure 1-6: Attacks and Defenses (Study Figure)
Dialog Attacks and Defenses Eavesdropping
Encryption for Confidentiality
Imposters and Authentication
Cryptographic Systems
![Page 33: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/33.jpg)
33
Figure 1-7: Eavesdropping on a Dialog
Client PCBob Server
Alice
Dialog
Attacker (Eve) interceptsand reads messages
Hello
Hello
![Page 34: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/34.jpg)
34
Figure 1-8: Encryption for Confidentiality
Client PCBob
ServerAlice
Attacker (Eve) interceptsbut cannot read
“100100110001”
EncryptedMessage
“100100110001”
Original Message
“Hello”
Decrypted Message
“Hello”
![Page 35: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/35.jpg)
35
Figure 1-9: Impersonation and Authentication
Client PCBob
ServerAlice
Attacker(Eve)
I’m Bob
Prove it!(Authenticate Yourself)
![Page 36: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/36.jpg)
36
Figure 1-10: Message Alteration
Client PCBob
ServerAlice
Dialog
Attacker (Eve) interceptsand alters messages
Balance =$1
Balance =$1 Balance =
$1,000,000
Balance =$1,000,000
![Page 37: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/37.jpg)
37
Figure 1-11: Secure Dialog System
Client PCBob Server
Alice
Secure Dialog
Attacker cannot read messages, alter
messages, or impersonate
Automatically HandlesNegation of Security Options
AuthenticationEncryption
Integrity
![Page 38: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/38.jpg)
38
Figure 1-12: Network Penetration Attacks and Firewalls
AttackPacket
Internet
Attacker
HardenedClient PC
HardenedServer Internal
CorporateNetwork
Passed Packet
DroppedPacket
InternetFirewall
Log File
![Page 39: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/39.jpg)
39
Figure 1-13: Scanning (Probing) Attacks
Attack Packets to172.16.99.1, 172.16.99.2, etc.
Internet
Attacker
Corporate Network
Host172.16.99.1
Host172.16.99.2
I’m Here
I’m Here
![Page 40: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/40.jpg)
40
Figure 1-14: Single-Message Break-In Attack
1.Single Break-In Packet
2.Server
Taken OverBy Single Message
Attacker
![Page 41: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/41.jpg)
41
Figure 1-15: Denial-of-Service (DoS) Flooding Attack
Message Flood
ServerOverloaded ByMessage Flood
Attacker
![Page 42: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/42.jpg)
42
Figure 1-16: Intrusion Detection System (IDS)
1.Suspicious
Packet
Internet
Attacker
NetworkAdministrator
HardenedServer
Corporate Network
2. SuspiciousPacket Passed
3. LogSuspicious
Packet
4. Alarm IntrusionDetectionSystem (IDS)
Log File
![Page 43: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/43.jpg)
43
Figure 1-17: Security Management
Security is a Primarily a Management Issue, not a Technology Issue
Top-to-Bottom Commitment Top-management commitment
Operational execution
Enforcement
![Page 44: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/44.jpg)
44
Figure 1-17: Security Management
Comprehensive Security Closing all avenues of attack
Asymmetrical warfare Attacker only has to find one opening
Defense in depth Attacker must get past several defenses to
succeed
Security audits Run attacks against your own network
![Page 45: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/45.jpg)
45
Figure 1-17: Security Management
General Security Goals (CIA) Confidentiality
Attackers cannot read messages if they intercept them
Integrity If attackers change messages, this will be
detected
Availability System is able to server users
![Page 46: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/46.jpg)
46
Figure 1-18: The Plan—Protect—Respond Cycle
Planning Need for comprehensive security (no gaps)
Risk analysis (see Figure 1-19)
Enumerating threats
Threat severity = estimated cost of attack X probability of attack
Value of protection = threat severity – cost of countermeasure
Prioritize countermeasures by value of prioritization
![Page 47: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/47.jpg)
47
Figure 1-19: Threat Severity Analysis
Step Threat
1
2
3
4
5
Cost if attack succeeds
Probability of occurrence
Threat severity
Countermeasure cost
Value of protection
Apply countermeasure?
Priority
6
7
A
$500,000
80%
$400,000
$100,000
$300,000
Yes
1
B
$10,000
20%
$2,000
$3,000
($1,000)
No
NA
C
$100,000
5%
$5,000
$2,000
$3,000
Yes
2
D
$10,000
70%
$7,000
$20,000
($13,000)
No
NA
![Page 48: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/48.jpg)
48
Figure 1-18: The Plan—Protect—Respond Cycle
Planning Security policies drive subsequent specific
actions (see Figure 1-20)
Selecting technology
Procedures to make technology effective
The testing of technology and procedures
![Page 49: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/49.jpg)
49
Figure 1-20: Policy-Driven Technology, Procedures, and Testing
Policy
Technology(Firewall,Hardened
Webserver)
Procedures(Configuration,
Passwords,Etc.)
Protection Testing(Test Security)Attempt to Connect to
Unauthorized Webserver
Only allow authorized personnel to use accounting webserver
![Page 50: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/50.jpg)
50
Figure 1-18: The Plan—Protect—Respond Cycle
Protecting
Installing protections: firewalls, IDSs, host hardening, etc.
Updating protections as the threat environment changes
Testing protections: security audits
![Page 51: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/51.jpg)
51
Figure 1-18: The Plan—Protect—Respond Cycle
Responding
Planning for response (Computer Emergency Response Team)
Incident detection and determination
Procedures for reporting suspicious situations
Determination that an attack really is occurring
Description of the attack to guide subsequent actions
![Page 52: Framework Chapter 1 Panko, Corporate Computer and Network Security Copyright 2002 Prentice-Hall.](https://reader035.fdocuments.us/reader035/viewer/2022062518/56649e9e5503460f94ba03fa/html5/thumbnails/52.jpg)
52
Figure 1-18: The Plan—Protect—Respond Cycle
Responding
Containment Recovery Containment: stop the attack Repair the damage
Punishment Forensics Prosecution Employee Punishment
Fixing the vulnerability that allowed the attack