Security threats and mitigation

Unit objectives Describe and explain common security

threats Explain ways to mitigate security

threats

Topic A Topic A: Security threats Topic B: Threat mitigation

Security threats Technology weaknesses Configuration weaknesses Policy weaknesses Human error or malice

Technology weaknesses TCP/IP Operating systems Network equipment

Configuration weaknesses Unsecured accounts System accounts with weak

passwords Internet services Default settings Network equipment Trojan horses Viruses

Human error and malice Human error

– Accident, ignorance, stress Malice

– Dishonesty– Impersonation– Disgruntled employees– Snoops– DoS attacks– Identify theft

Viruses, worms, Trojan horses Worms Trojans Zombies and botnets Rootkits

Activity A-1

Identifying common security threats

Social engineering Hacking people, not computers Goals include fraud, network intrusion,

espionage, identify theft, disruption Shoulder surfing

Dumpster diving Phone directories Organizational charts Policy manuals Calendars Outdated hardware System manuals, network diagrams

Online attacks Instant messenger and e-mail Unwitting employees run code or

applications

Countermeasures Discard items properly User education and awareness

Phishing Fraudulent e-mail appears to be from

a trusted sender Clues Countermeasures

Activity A-2

Discussing social engineering

Denial of service attacks Consume or disable resources by

flooding systems with TCP/IP packets Attacks hit client computers and

servers

TCP 3-way handshake

SYN flood defense

Smurf attacks Floods a host with ICMP packets Uses third-party network Configure routers to drop specific

ICMP packets

Ping of death Outdated attack IP packets manipulated to cause

buffer overflows

Activity A-3

Discussing DoS attacks

Distributed DoS attacks Attacker uses multiple hosts Handlers Zombies

DDoS countermeasures Packet filtering Turn off directed broadcasts Block ports

Activity A-4

Assessing your vulnerability to DDoS attacks

Man-in-the-middle Web spoofing Information theft TCP hijacking ARP poisoning ICMP redirect DNS poisoning

Spoofing IP address spoofing ARP poisoning Web spoofing DNS spoofing

IP address spoofing

1. Attacker identifies a target to be the attack victim and a machine trusted by the victim

2. Attacker determines sequence numbers

3. Victim accepts and responds to spoofed packets

4. Attacker responds

Activity A-5

Port scanning

Topic B Topic A: Security threats Topic B: Threat mitigation

Security policies Acceptable use Due care Privacy Separation of duties Need-to-know information Password management Account expiration Service level agreements How to destroy or dispose of equipment,

media, and printed documents

Acceptable use Defines how computer and network

resources can be used Protects information and limits

liabilities and legal actions Addresses productivity issues Employees should read and sign

document

Due care Diligence or care to exercise in a given

circumstance Identifies risks to organization Assesses risks and measures to be

taken to ensure information security

Privacy Privacy of customer and supplier

information– Contracts– Sales documents– Financial data– Personally identifiable information

Compromised information causes entities to lose trust

Separation of duties Avoids one person having all

knowledge of a process– Potential for abuse– Knowledge leaves with person

Distribute tasks Document all procedures Security divided into multiple elements

– Each element assigned to different people

Need to know Sensitive information accessed only

by those who must access Give IT team just enough permissions

to perform duties Give explicit access to those who

need it

Password management Minimum password length Required characters Reset interval Reuse How users handle Check for weak passwords

Account expiration Unneeded counts disabled or deleted Disable accounts for extended leaves

Service-level agreement Contract between service provider and

end user Defines levels of support Documents penalties Covers disaster recovery plans Contingency plans

Disposal and destruction Degauss magnetic media Zeroize drives Physically destroy media Lock recycle bins Shred or burn documents

Activity B-1

Creating a security policy

Human resources policy Document manual procedures for

automated duties Access policies

– ID badges– Keys– Restricted access areas

Personnel management– Hiring process– Employee review and maintenance– Employee termination

Activity B-2

Creating a human resources policy

Incident response policy

1. Preparation2. Detection 3. Containment4. Eradication5. Recovery6. Follow-up

Preparation Have steps in place Balance easy access with effective

controls Identify steps to be taken Acceptable risks Due diligence

Detection Ask questions and document

responses

Containment Shut down or take equipment offline Increase monitoring

Eradication Clean or delete files Restore data

Recovery Equipment Storage devices Passwords

Follow up Document process Update existing documents

Activity B-3

Creating an incident response and reporting policy

Change management Set of procedures Request for change Approval process RFC scheduled and completed Changes implemented

Configuration management documentation

Wiring schematics Physical network diagram Logical network diagram Baseline Policies, procedures, and

configurations Regulations

Activity B-4

Implementing change management

Education Educate staff about security

– Network administrators– End users

Enables all employees to be part of security team

Enables regular user to see potential security issues or security violation

Customize to provide level of knowledge needed by student– Big picture for end users– Detailed knowledge for administrative users– Exhaustive knowledge for security

administrators

Communication Identify what information can be

shared and with whom Identify what information can never be

shared Prove identity Social engineering threats

User awareness Reason for training Security contacts Who to contact about security incidents Actions to take Policies about system account use Policies about system media use Techniques for sanitizing media and hard

copies Maintaining security of accounts Application and data policies Internet, Web, and e-mail policies

Activity B-5

Identifying the need for user education and training

Types of training On-the-job Classroom Online

Activity B-6

Identifying education opportunities and methods

Unit summary Described and explained common

security threats Explained ways to mitigate security

threats