Scribd Logo
Upload

Welcome to Scribd!

  • 2 views

    Chapter Two: Threats and Responses

    Uploaded by

    Abenezer Abrham

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Chapter Two: Threats and Responses

    Uploaded by

    Abenezer Abrham
    2 views22 pages

    Original Title

    Untitled

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    2 views22 pages

    Chapter Two: Threats and Responses

    Uploaded by

    Abenezer Abrham

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 22

    Course Title:Computer System Security and Information System

    CHAPTER TWO
    Threats and Responses
    Threats and Vulnerabilities
    Attacks and Countermeasure
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses

    What is Threats ?
    is a potential violation of security in computing infrastructure OR
    is anything that has the potential to disrupt/disturb or do harm to an
    organization
    When does this happen ?

    circumstance, capability, action or event that could breach security and
    cause loss or damage.
    A Threat represents a potential security harm to an asset
    Cyber security threats encompass a wide range of potentially illegal
    activities on internet.

    ⇒ There are three major types of threats:


    Natural threats : acts of nature that can be unpredictable in terms of onset,
    duration and impact.
    Intentional ⇒ deliberately to Compromise the entire computing system.
    Unintentional ⇒ Accidental or Unintended, oftentimes be attributed to human
    error.
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses

    WHAT IS ATTACKS?

    is a threat that is being carried out ⇒ Threat action


    if (Successful)
    then
    ”leads to an undesirable violation of security”;
    It’s also an activity launched by cybercriminals using one or more
    computers against a single or multiple computers or networks

    Came up with 2 Flavor


    1 Active attack: Any attempt to alter system resources or affect their
    operation.
    2 Passive attack: Any attempt to learn or make use of information from the
    system.
    2 types based on the origin of the attack
    1 Inside attack:
    Initiated by an entity inside the security perimeter (an “insider”).
    The insider is authorized to access system resources but uses them in a way not
    approved by those who granted the authorization.
    2 Outside attack:
    Initiated from outside the perimeter, by an unauthorized or illegitimate user of
    the system (an “outsider”).
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses

    RFC 4949, describes four different type of threats


    1 Unauthorized disclosure
    2 Deception
    3 Disruption
    4 Usurpation

    Threats and their respective Attacks


    Unauthorized disclosure
    A circumstance or condition whereby an intuders gains access to data for
    which they are not authorized. ⇒ Confidentiality threats.
    Attacks (Threat action)
    Exposure: Sensitive data are directly released to an unauthorized entity.
    Interception: An unauthorized entity directly accesses sensitive data traveling
    between authorized sources and destinations.
    Inference: A threat action an unauthorized entity indirectly accesses sensitive
    data by reasoning from characteristics or by-products of communications.
    Intrusion: An unauthorized entity circumvents system’s security protections.
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses

    Deception
    A Situation that may result in an authorized entity receiving false data and
    believing it to be true.
    Some how related with FP and FN
    Attacks as a result of deception
    Falsification: False data deceive an authorized entity.
    Repudiation: An entity deceives another by falsely denying responsibility for
    an act.
    Masquerade: An unauthorized entity gains access to a system or performs a
    malicious act by posing as an authorized entity.

    Disruption
    A circumstance that interrupts or prevents the correct operation of system
    services and functions.
    Its respective attacks
    Incapacitation: Prevents or interrupts system operation by disabling a
    system component.
    Corruption: Undesirably alters system operation by adversely modifying
    system functions or data.
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses

    Usurpation

    is a threat to system integrity.


    attacks can result in this threat consequence:
    Misappropriation: An entity assumes unauthorized logical or physical
    control of a system resource.
    Misuse : occur by means of either malicious logic or a hacker that has
    gained unauthorized access to a system.

    ♣ TOP CYBER THREATS !


    1 Malware
    i Ransomware:
    is malware designed to use encryption to force the target of the attack to pay a
    ransom demand, How ?

    Encrypts the User’s files and demands payment in exchange for the decryption
    key.
    ii Cryptominers
    Malware that uses the victim’s machine to mine cryptocurrency and make a
    profit for the attacker
    iii Mobile Malware
    Malware targeting mobile devices, including malicious applications and attacks
    exploiting SMS and social media apps.
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses


    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses

    Malware ...
    iv Infostealers: Malware that collects sensitive information from an infected
    computer and sends it to the malware operator.
    iiv Banking Trojans: Malware that specifically targets financial information

    2 Phishing

    ”Trick a user into clicking on a malicious link”


    ”Opening an attachment”

    To locate and successfully exploit a vulnerability

    ♣ Types of Phishing:
    ♣ Why Aggressors utilize it
    Regular phishing.
    Stealing Confidential Information
    Spear phishing
    Harvesting Login Information
    Smishing and vishing
    Impersonating
    Whaling
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses

    3 Man-in-the-Middle(MitM)
    is a general term for when a intruders positions himself
    in a conversation between a user and an application.
    Why?

    To either to eavesdrop or to impersonate one
    of the parties
    4 Cyber Vandalism
    Involves editing online content in a malicious manner.
    It involves adding or removing or modifying content which is offensive or is
    in bad taste!
    5 Web Jacking:
    Attackers create a fake website and when the website opens it will direct it
    to another website and harm the user’s system. OR
    is the forceful control of a web server through gaining access and control
    over the website of another
    5 Passwork Attack
    Any attempt to obtain or decrypt user’s passwork for illegal access.
    What are the cyber-crimes of Password Attacks ?
    1 Brute-Force-Attacks
    2 Dictionary Attacks
    3 KeyLogger Attacks
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses

    3 Man-in-the-Middle(MitM)
    is a general term for when a intruders positions himself
    in a conversation between a user and an application.
    Why?

    To either to eavesdrop or to impersonate one
    of the parties
    4 Cyber Vandalism
    Involves editing online content in a malicious manner.
    It involves adding or removing or modifying content which is offensive or is
    in bad taste!
    5 Web Jacking:
    Attackers create a fake website and when the website opens it will direct it
    to another website and harm the user’s system. OR
    is the forceful control of a web server through gaining access and control
    over the website of another
    5 Passwork Attack
    Any attempt to obtain or decrypt user’s passwork for illegal access.
    What are the cyber-crimes of Password Attacks ?
    1 Brute-Force-Attacks
    2 Dictionary Attacks
    3 KeyLogger Attacks
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses

    3 Man-in-the-Middle(MitM)
    is a general term for when a intruders positions himself
    in a conversation between a user and an application.
    Why?

    To either to eavesdrop or to impersonate one
    of the parties
    4 Cyber Vandalism
    Involves editing online content in a malicious manner.
    It involves adding or removing or modifying content which is offensive or is
    in bad taste!
    5 Web Jacking:
    Attackers create a fake website and when the website opens it will direct it
    to another website and harm the user’s system. OR
    is the forceful control of a web server through gaining access and control
    over the website of another
    5 Passwork Attack
    Any attempt to obtain or decrypt user’s passwork for illegal access.
    What are the cyber-crimes of Password Attacks ?
    1 Brute-Force-Attacks
    2 Dictionary Attacks
    3 KeyLogger Attacks
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses

    3 Man-in-the-Middle(MitM)
    is a general term for when a intruders positions himself
    in a conversation between a user and an application.
    Why?

    To either to eavesdrop or to impersonate one
    of the parties
    4 Cyber Vandalism
    Involves editing online content in a malicious manner.
    It involves adding or removing or modifying content which is offensive or is
    in bad taste!
    5 Web Jacking:
    Attackers create a fake website and when the website opens it will direct it
    to another website and harm the user’s system. OR
    is the forceful control of a web server through gaining access and control
    over the website of another
    5 Passwork Attack
    Any attempt to obtain or decrypt user’s passwork for illegal access.
    What are the cyber-crimes of Password Attacks ?
    1 Brute-Force-Attacks
    2 Dictionary Attacks
    3 KeyLogger Attacks
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses

    3 Man-in-the-Middle(MitM)
    is a general term for when a intruders positions himself
    in a conversation between a user and an application.
    Why?

    To either to eavesdrop or to impersonate one
    of the parties
    4 Cyber Vandalism
    Involves editing online content in a malicious manner.
    It involves adding or removing or modifying content which is offensive or is
    in bad taste!
    5 Web Jacking:
    Attackers create a fake website and when the website opens it will direct it
    to another website and harm the user’s system. OR
    is the forceful control of a web server through gaining access and control
    over the website of another
    5 Passwork Attack
    Any attempt to obtain or decrypt user’s passwork for illegal access.
    What are the cyber-crimes of Password Attacks ?
    1 Brute-Force-Attacks
    2 Dictionary Attacks
    3 KeyLogger Attacks
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses

    Denial of Services
    such attacks are designed to deny access to critical services. How?

    By exploiting a vulnerability in an application or by flooding a
    system with more data or requests than it is able to manage.
    Eavasdropping
    SQL injection
    DNS Tunneling
    DNS Spoofing
    Cyber Terrorism
    Cyber Contraband
    Cyber Trespass
    Course Title:Computer System Security and Information System

    CH-2: Threats and Responses

    ♣ What is Countermeasure?
    is any means taken to deal with a security attack.
    devised to prevent a particular type of attack from succeeding.
    When prevention is not possible or down, What then ?

    The goal must be to detect the attack then recover from the effects of the
    attack.
    A countermeasure may itself introduce new vulnerabilities.

    In any case, residual vulnerabilities may remain after the
    imposition of countermeasures.
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses

    Attack Surface
    is the number of all possible points, or attack vectors, where an
    unauthorized user can access a system and extract data.
    Following examples enlarge the attack surface
    Open ports (TCP/UPD...)
    Services available on the inside of a firewall
    Snippet of Code systematically processing incoming data
    Interfaces, SQL, web forms
    An employee with access to sensitive information
    Attack surface may be either and
    Digital Attack Surface
    • Any computing assets (i.e hardware and software) that connect to an
    organization’s network.

    Applications, code, ports, servers, and websites
    Physical Attack Surface

    • Any endpoint devices that an attacker can gain physical access to

    May be desktop computers, hard drives, laptops, mobile phones, and
    Universal Serial Bus (USB) drives.
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses

    Attack surface analysis 7→ measures scale and severity of threats.


    Why we used?
    Identify where security mechanisms are required
    Think about ways to make the attack surface smaller
    Provide guidance for testing, refactoring, maintenance
    ♣ What Components to Secure ?
    any resource that makes computer system.
    such as :
    1 Hardware
    2 Software
    3 Data
    4 Communication lines
    5 Network
    Course Title:Computer System Security and Information System

    CH-2: Threats and Responses

    Hardware : A major threat to computer system hardware is the threat to


    availability.
    Software:includes the operating system, utilities, and application programs.

    Careful software configuration management can maintain high availability.


    Software modification ⇒ is problem that still functions but that behaves
    differently than before, which is a threat to integrity/authenticity.

    as a result of Viruses and Worms
    Data: Security concerns with respect to data are broad, involves
    availability,secrecy, and integrity.
    Availability:destruction of data files, which can occur either accidentally or
    maliciously.
    Secrecy:the unauthorized reading of data files.
    Integrity: Modifications to data files can have consequences ranging from
    minor to disastrous.
    Course Title:Computer System Security and Information System

    CH-02: Threats and Responses


    Countermeasure
    is an action or method that is applied to prevent or reduce potential threats
    to assets

    Computers, servers, networks, operating systems (OS) or
    information systems (IS).
    Countermeasures seen as security functional requirements 7→ To be
    integrated in the specifications in analysis phase
    9 Maintenance
    1 Access Control
    10 Media Protection
    2 Awareness and Training
    11 Physical and Environmental
    3 Audit and Accountability
    Protection
    4 Certification, Accreditation, and
    12 Planning
    Security Assessments
    13 Personnel Security
    5 Configuration Management
    14 Risk Assessment
    6 Contingency Planning
    15 Systems and Services Acquisition
    7 Identification and Authentication
    16 System and Communications
    8 Incident Report
    Protection
    Course Title:Computer System Security and Information System

    CH-2: Threats and Responses

    Network security - important, with rapid growth of interest in Internet.


    Network admins - spend more time on protecting their network than
    setting up.
    They have to make the following determinations:
    Who will have access to data?
    What resources will users have access to?
    When will users access resources?
    Decisions depend on the org you are serving, because some resources can
    be trusted more than others.
    Attacks in network are two
    1 Passive attacks: goal of the attacker is to obtain information that is being
    transmitted.
    Release of message contents: opponent learns contents of sensitive transmissions.
    Traffic analysis. is Subtle because the message is Encrypted.
    Course Title:Computer System Security and Information System

    CH-2: Threats and Responses

    Intruders could determine the location and identity of communicating hosts


    and could observe the frequency and length of messages being exchange.
    Difficult to detect
    2 Active attacks: involve modification of data stream or creation of false
    data:
    2 Subdivided into four categories:
    I Masquerade - when one entity pretends to be another.
    II Replay: passive capture of data and subsequent retransmission.
    III Modification: a legitimate message is altered, delayed or reordered.
    IV DoS: prevents or inhibits the normal use or management of communications
    facilities, or the disruption of an entire network
    Course Title:Computer System Security and Information System

    Questions?!
    End of chapter ...?!

    You might also like