Upload
rebekah-joyner
View
44
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Fundamentals of Information Systems Security Lesson 3 Malicious Attacks, Threats, and Vulnerabilities. Learning Objective. Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure. Key Concepts. - PowerPoint PPT Presentation
Citation preview
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Fundamentals of Information Systems Security
Lesson 3
Malicious Attacks, Threats, and Vulnerabilities
Page 2Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Page 2Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Learning Objective
Describe how malicious attacks, threats, and vulnerabilities impact an IT infrastructure.
Page 3Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Page 3Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Key Concepts
Attacks, threats, and vulnerabilities in a typical IT infrastructure
Common security countermeasures typically found in an IT infrastructure
Risk assessment approach to securing an IT infrastructure
Risk mitigation strategies to shrink the information security gap
Page 4Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Page 4Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
DISCOVER: CONCEPTS
Page 5Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Page 5Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Definitions
• Probability that an intentional or unintentional act will harm resourcesRisk
• Accidental or intentional event that negatively impacts company resourcesThreat
• Inherent weakness that may enable threats to harm system or networksVulnerability
Page 6Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Page 6Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Types of Threats
Brute-force password attacks
Dictionary password attacks
IP address spoofingHijackingReplay attacksMan-in-the-middle attacks
Page 7Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Page 7Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Types of Threats
MasqueradingSocial engineeringPhishingPhreakingPharming
Page 8Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Page 8Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Types of Vulnerabilities
Insecure servers or services
Exploitable applications and protocols
Unprotected system or network resources
Traffic interception and eavesdropping
Lack of preventive and protective measures against malware or automated attacks
Page 9Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Page 9Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Identify the CriminalCriminal Profile #1Victimizes people through unsolicited
e-mail messages to get victim’s moneyDoes not rely on intrusive methods to
commit crimes Is motivated by financial gain
Page 10Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Page 10Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Identify the Criminal (Continued)Criminal Profile #2Enters systems without permission to raise
awareness of security issuesDoes not work for the company or its clientsDoes not intend harm, just tries to be
“helpful” Is motivated by impulse
Page 11Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Page 11Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Identify the Criminal (Continued)Criminal Profile #3 Engages in illegal black market
transactions on the InternetTraffics drugs, weapons, or banned
materials Is motivated by financial gain
Page 12Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Page 12Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Identify the Criminal (Continued)Criminal Profile #4 Enters systems without permission to take
advantage of security issuesDoes not work for the company or its clientsDoes not intend to help, only wants to
cause harm Is motivated by peer acceptance
Page 13Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Page 13Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Identify the Criminal (Continued)Criminal Profile #5 Intrudes upon systems to verify and
validate security issuesWorks for the company or one of its clientsDoes not intend harm, just tries to be
“helpful”
Page 14Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Page 14Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
SummaryThreats are controllable.Risks are manageable.Vulnerabilities are unavoidable.All of these negatively affect the C-I-A
triad.Not all threats are intentional.
Page 15Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Page 15Fundamentals of Information Systems Security© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.comAll rights reserved.
Virtual Lab
Performing a Vulnerability Assessment