THE NEED FOR SECURITY

CONTINUATION OF LECTURE NO. 2

 COMPROMISES TO
INTELLECTUAL PROPERTY

 Intellectual property is “the ownership of ideas and

control over the tangible or virtual representation of
those ideas”
 Many organizations are in business to create intellectual
property
 trade secrets
 copyrights
 trademarks
 patents

2
 COMPROMISES TO
INTELLECTUAL PROPERTY

 Most common IP breaches involve software piracy

 Watchdog organizations investigate:
 Software & Information Industry Association (SIIA)
 Business Software Alliance (BSA)
 Enforcement of copyright has been attempted with technical
security mechanisms

3
 FORCES OF NATURE

 Forces of nature, force majeure, or acts of God are dangerous because they are
unexpected and can occur with very little warning
 Can disrupt not only the lives of individuals, but also the storage, transmission, and
use of information
 Include fire, flood, earthquake, and lightning as well as volcanic eruption and insect
infestation
 Since it is not possible to avoid many of these threats, management must implement
controls to limit damage and also prepare contingency plans for continued
operations
4
 TECHNICAL HARDWARE FAILURES
OR ERRORS

 Technical hardware failures or errors occur when a manufacturer

distributes to users equipment containing flaws
 These defects can cause the system to perform outside of expected
parameters, resulting in unreliable service or lack of availability
 Some errors are terminal, in that they result in the unrecoverable loss of
the equipment
 Some errors are intermittent, in that they only periodically manifest
themselves, resulting in faults that are not easily repeated
5
 TECHNICAL HARDWARE FAILURES
OR ERRORS

 This category of threats comes from purchasing software with unrevealed faults
 Large quantities of computer code are written, debugged, published, and sold only to
determine that not all bugs were resolved
 Sometimes, unique combinations of certain software and hardware reveal new bugs
 Sometimes, these items aren’t errors, but are purposeful shortcuts left by
programmers for honest or dishonest reasons

6
 TECHNOLOGICAL OBSOLESCENCE

 When the infrastructure becomes antiquated or outdated, it leads to

unreliable and untrustworthy systems
 Management must recognize that when technology becomes outdated,
there is a risk of loss of data integrity to threats and attacks
 Ideally, proper planning by management should prevent the risks from
technology obsolesce, but when obsolescence is identified, management
must take action

7
 ATTACKS

 An attack is the deliberate act that exploits vulnerability

 It is accomplished by a threat-agent to damage or steal an organization’s information
or physical asset
 An exploit is a technique to compromise a system
 A vulnerability is an identified weakness of a controlled system whose controls are not present or
are no longer effective
 An attack is then the use of an exploit to achieve the compromise of a controlled system

8
 This kind of attack includes the
MALICIOUS CODE
execution of viruses, worms,
Trojan horses, and active web
scripts with the intent to
destroy or steal information
 The state of the art in
attacking systems in 2002 is
the multi-vector worm using
up to six attack vectors to
exploit a variety of
vulnerabilities in commonly
found information system
devices
9
10
 ATTACK DESCRIPTIONS

 IP Scan and Attack – Compromised system scans random or local range of IP

addresses and targets any of several vulnerabilities known to hackers or left over
from previous exploits
 Web Browsing - If the infected system has write access to any Web pages, it makes
all Web content files infectious, so that users who browse to those pages become
infected
 Virus - Each infected machine infects certain common executable or script files on
all computers to which it can write with virus code that can cause infection

11
 ATTACK DESCRIPTIONS

 Unprotected Shares - using file shares to copy viral component to all reachable
locations
 Mass Mail - sending e-mail infections to addresses found in address book
 Simple Network Management Protocol - SNMP vulnerabilities used to
compromise and infect
 Hoaxes - A more devious approach to attacking computer systems is the
transmission of a virus hoax, with a real virus attached
12
 ATTACK DESCRIPTIONS

 Back Doors - Using a known or previously unknown and newly discovered access
mechanism, an attacker can gain access to a system or network resource
 Password Crack - Attempting to reverse calculate a password
 Brute Force - The application of computing and network resources to try every
possible combination of options of a password
 Dictionary - The dictionary password attack narrows the field by selecting specific
accounts to attack and uses a list of commonly used passwords (the dictionary) to
guide guesses
13
 ATTACK DESCRIPTIONS

 Denial-of-service (DoS) –
 attacker sends a large number of connection or information requests to a target
 so many requests are made that the target system cannot handle them
successfully along with other, legitimate requests for service
 may result in a system crash, or merely an inability to perform ordinary functions
 Distributed Denial-of-service (DDoS) - an attack in which a
coordinated stream of requests is launched against a target from many
locations at the same time
14
15
 ATTACK DESCRIPTIONS

 Spoofing - technique used to gain unauthorized access whereby the

intruder sends messages to a computer with an IP address indicating
that the message is coming from a trusted host
 Man-in-the-Middle - an attacker sniffs packets from the network,
modifies them, and inserts them back into the network
 Spam - unsolicited commercial e-mail - while many consider spam a
nuisance rather than an attack, it is emerging as a vector for some
attacks
16
17 Principles of Information Security - Chapter 2
18 Principles of Information Security - Chapter 2
 ATTACK DESCRIPTIONS

 Mail-bombing - another form of e-mail attack that is also a DoS, in which

an attacker routes large quantities of e-mail to the target
 Sniffers - a program and/or device that can monitor data traveling over a
network. Sniffers can be used both for legitimate network management
functions and for stealing information from a network
 Social Engineering - within the context of information security, the
process of using social skills to convince people to reveal access credentials
or other valuable information to the attacker

19
 ATTACK DESCRIPTIONS

 “People are the weakest link.You can have the best technology; firewalls,
intrusion-detection systems, biometric devices ... and somebody can call
an unsuspecting employee. That's all she wrote, baby. They got
everything.”
 “brick attack” – the best configured firewall in the world can’t stand up
to a well placed brick

20
 ATTACK DESCRIPTIONS

 Buffer Overflow –
 application error occurs when more data is sent to a buffer than it
can handle
 when the buffer overflows, the attacker can make the target system
execute instructions, or the attacker can take advantage of some
other unintended consequence of the failure
 Usually the attacker fill the overflow buffer with executable program
code to elevate the attacker’s permission to that of an administrator.
21
 ATTACK DESCRIPTIONS
 Ping of Death Attacks --
 A type of DoS attack
 Attacker creates an ICMP packet that is larger than the maximum
allowed 65,535 bytes.
 The large packet is fragmented into smaller packets and reassembled at
its destination.
 Destination user cannot handle the reassembled oversized packet,
thereby causing the system to crash or freeze.

22
 ATTACK DESCRIPTIONS

 Timing Attack –
 relatively new
 works by exploring the contents of a web browser’s cache
 can allow collection of information on access to password-protected sites
 another attack by the same name involves attempting to intercept cryptographic
elements to determine keys and encryption algorithms

23
 SUMMARY

 Unlike any other aspect of IT, information security’s primary mission to ensure
things stay the way they are
 Information security performs four important functions:

 Protects organization’s ability to function

 Enables safe operation of applications implemented on organization’s IT systems

 Protects data the organization collects and uses

 Safeguards the technology assets in use at the organization
24
 SUMMARY

 Threat: object, person, or other entity representing a constant danger to

an asset

 Management effectively protects its information through policy,

education, training, and technology controls

 Attack: a deliberate act that exploits vulnerability

25
READINGS AND ASSIGNMENT
 Check out the following White House site for the document on “The National Strategy to Secure
Cyberspace”
 http://www.whitehouse.gov/pcipb/priority_1.pdf
 As your hand-in exercise:
 read this document
 Using a minimum of about 3 pages ( double spaced) write about how this document enhances national
security.
 Due February 1, 2007.
 Must have a cover page with a title, class, and name
 Must have references.

26