Lecture 5 - Securing IS

21CSIS01P
Introduction to Information Systems
Securing Information Systems
Lecture 5
Dr. Yasmine Afify

yasmine.afify@bue.edu.eg
Why Computer Incidents Are So
Prevalent
• Increased computing environment complexity increases
vulnerability
• Personal computers connect to networks with millions
of other computers capable of sharing information
• Workers in many organizations operate in a cloud
computing environment in which software and data
storage are services provided via the cloud
Cybersecurity is an increasingly critical business need. As

technology becomes further intertwined with our professional
and personal lives, the cybersecurity specialist’s mission of
keeping business and personal data safe impacts more people
than ever before. 2
Why Computer Incidents Are So
Prevalent (cont’d.)
• Increased reliance on commercial software with
known vulnerabilities
– Patch
• “Fix” to eliminate the vulnerabilities/problem
• Users are responsible for obtaining and installing
• Delays expose users to security breaches
• Zero-day attack
– Takes place before the security community or
software developer knows about the vulnerability or
has been able to fix it.
Ethics in Information Technology, Fourth Edition 3

Types of Attacks
• Computers as well as smartphones can be target
• Types of attacks
– Virus
– Worm
– Trojan horse
– Distributed denial of service
– Rootkit
– Spam
– Phishing
– Social engineering

Viruses
• Pieces of programming code

• Often attached to executable files, so that when the
infected file is opened, the virus executes
• Deliver a “payload” which cause unexpected and
undesirable behavior
• Spread by actions of the “infected” computer user
• Infected e-mail document attachments
• Downloads of infected programs
• Visits to infected Web sites

Worms
• Standalone SW that do not
require a host program or
human help to propagate
• Reside in active memory of a
computer
• Duplicate themselves
• Whereas a virus requires a
host program to run, worms
can run by themselves.

Trojan Horses
• Malicious code hidden inside seemingly harmless
programs
• Users are tricked into installing them
• Delivered via email attachment, downloaded from a
Web site, or contracted via a removable media device
• Trojans are found in image files, audio files or games.
It differs from a virus because it binds itself to non-
executable files
• Logic bomb: Executes when triggered by certain
event, such as typing a specific series of keystrokes or
by a specific time or date

Client-Server Model

Distributed Denial-of-Service (DDoS)
Attacks
9
Distributed Denial-of-Service (DDoS)
Attacks
• Does not involve a break-in at the target computer
• Malicious hacker takes over many computers on the

Internet and causes them to flood a target machine with
demands for data and other small tasks
• The computers that are taken over are called zombies
• Target machine is busy responding to a flood of

automated requests to the extent that legitimate users
cannot access target machine

Rootkits
• Set of programs that enables its user to gain
administrator-level access to a computer without
the end user’s consent or knowledge
• Attacker can gain full control of the system and
even hide the presence of the rootkit
• Fundamental problem in detecting a rootkit is that
the operating system currently running cannot be
trusted to provide valid test results

Spam
• Abuse of email systems to send unsolicited
email to large numbers of people
– Low-cost commercial advertising for
questionable products
– Method of marketing also used by many
legitimate organizations
12
Phishing
• Legitimate-looking emails lead users to fake Web

sites to try to get the recipient to reveal personal
data
• Smishing
– Phishing via short text messages
• Vishing
– Phishing via voice mail messages

14
Social Engineering
• Social engineering involves psychologically
manipulating people into revealing information or
taking inappropriate actions.
• Very often victims have no idea they have done
something wrong until the fraud is later exposed.
• Social engineering attacks are highly targeted on a
small number of potential victims.
• While phishing schemes typically rely on email,
attachments and webpages to capture private data,
social engineering might use these, the phone or
any number of different methods.
15
Example Social Engineering Attack
A social engineering attack technique used in 2016 in

a recent article.
• “In one of the more recent incarnations of this
scam, the criminals posing as lawyers contact
targeted company executives claiming that they are
handling important, confidential or extremely time-
sensitive matters and use psychological pressure
to trick the company executive into wiring the funds
to the scammers.”
16
Types of Attackers
• Attackers include:
– Adventure seekers wanting a challenge
– Common criminals looking for financial gain
– Industrial spies trying to gain an advantage
– Terrorists seeking to cause destruction
• Different objectives and access to varying
resources
• Willing to take different levels of risk to accomplish
an objective

Hackers and Crackers
• Hackers
– Test limitations of systems out of intellectual curiosity
• Some smart and talented; “white hacking”
• Others unskilled; termed “script kiddies”
• Crackers
– Cracking is a form of hacking with clear criminal
activity such as: Steal data and corrupt systems

Malicious Insiders
• Major security concern for companies
• Usually due to weaknesses in internal control
procedures
• Collusion: Cooperation between an insider and an
outsider
• Insiders are not necessarily employees, they can
also be consultants and contractors
• Extremely difficult to detect or stop because
attacker is authorized to access the very systems
they abuse
• Careless insiders have potential to cause damage
Industrial Espionage
• Industrial Espionage: Use illegal means to obtain
trade secrets (information not available to the
public) from competitors
• Competitive intelligence (NOT an attack)

– Legally obtained information gathered using
sources available to the public
– Information is gathered from financial reports,
trade journals, social audits and printed
interviews with company officials

Hacktivists and Cyberterrorists
• Hacktivist
– Hacking to gather information in order to achieve a
political or social goal
• Cyberterrorist
– Attacks computers or networks in an attempt to
threaten or force a government to advance certain
political or social objectives
– Seeks to cause harm rather than gather information
– Destroys infrastructure components of financial
utilities and emergency response units
Cybersecurity Tracks
22
Cybersecurity Tracks
• Defensive Track: Uses a reactive approach to security that
focuses on prevention, detection, and response to attacks. It
uses more traditional methods to keep networks safe from
cyber crime. The tactics rely on a thorough understanding of a
system environment and how to analyze it to detect potential
network flaws. This analysis influences the development and
deployment of preventive and protective measures that
discourage or outright stop cyber attacks.
• Offensive Track: Deploys a proactive approach to security

through the use of ethical hacking. It uses ethical hacking
techniques to mimic cyber attacks. This method exploits
security vulnerabilities and can eliminate the guesswork of
what may happen during an attack. 23
Ethical Hacking
• Ethical hacking involves an authorized attempt to gain

unauthorized access to a computer system, application, or
data. Carrying out an ethical hack involves duplicating
strategies and actions of malicious attackers. This practice
helps to identify security vulnerabilities which can then be
resolved before a malicious attacker has the opportunity to
exploit them.
• Also known as “white hats,” ethical hackers are security
experts that perform these assessments. The proactive work
they do helps to improve an organization’s security posture.
With prior approval from the organization or owner of the IT
asset, the mission of ethical hacking is opposite from
malicious hacking. 24
Key Concepts of Ethical Hacking
Hacking experts follow four key protocol concepts:
• Stay legal. Obtain proper approval before accessing and

performing a security assessment.
• Define the scope. Determine the scope of the assessment so that
the ethical hacker’s work remains legal and within the
organization’s approved boundaries.
• Report vulnerabilities. Notify the organization of all vulnerabilities
discovered during the assessment. Provide remediation advice for
resolving these vulnerabilities.
• Respect data sensitivity. Depending on the data sensitivity,
ethical hackers may have to agree to a non-disclosure agreement,
required by the assessed organization.
25
Skills and Certifications
• An ethical hacker should have a wide range of computer skills.
They often specialize, becoming subject matter experts (SME) on
a particular area within the ethical hacking domain.
• All ethical hackers should have:

 Expertise in scripting languages.
 Proficiency in operating systems.
 A thorough knowledge of networking.
 A solid foundation in the principles of information security.
• Some of the most well-known and acquired certifications include:

 EC Council: Certified Ethical Hacking Certification
 Offensive Security Certified Professional (OSCP) Certification
 CompTIA Security+
 Cisco’s CCNA Security
26
 SANS GIAC
Exercise: True/False
1. Phising is a low-cost method of marketing also
used by many legitimate organizations.
2. Competitive intelligence is to smartly use legal
means to obtain trade secrets from competitors.
√
3. Users are responsible for obtaining and installing
trojans to eliminate SW vulnerabilities.
4. Collusion is cooperation between a contractor and
an outsider. √
5. Increased computing environment complexity
increases vulnerability to security incidents. √
28
Exercise: Complete
1. ------------ cause harm by destroying infrastructure
components of financial utilities and emergency
response units.
2. ------------ reside in active memory of a computer and
duplicate themselves.
3. In general, ------------ are attached to files, so that
when the infected file is opened, it executes.
4. ------------ attack takes place before the security
community knows about the vulnerability and fixes it.
5. ------------ are malicious code hidden inside seemingly
harmless programs, users are tricked into installing.
29
Exercise: Replace with Scientific Term
1. Legitimate-looking emails which lead users to fake
web sites to get recipient to reveal personal data.
2. Use hacking to achieve a political or social goal.
3. The computers taken over in DDoS attacks.
4. A form of hacking with clear criminal activity to steal
data and corrupt systems.
5. An authorized attempt to gain unauthorized access
to a computer system, application, or data.
6. Test limitations of systems out of intellectual
curiosity, some are smart and talented.
30
Exercise: Match
Column A Column B
1. Viruses A. Target machine is busy responding to
E stream of automated requests by zombies
D 2. Competitive B. Perpetrators who are authorized to access
intelligence the very systems they abuse
3. Denial-of-service C. Set of programs that enables administrator
A attack level access to a computer thus attacker
gains full control of system
B 4. Malicious D. Legally obtained information gathered
insiders using sources available to the public
F 5. Trojan horses E. Spread by the action of the “infected”
computer user
C 6. Rootkits F. Logic bomb that executes when triggered

by certain event
31
Exercise: Differentiate
• Smishing and vishing
• Hacker and cracker
• Virus and worm
• Hacktivist and cyberterrorist
• Rootkits and denial-of-service attacks
• Offensive and defensive cybersecurity tracks
• Malicious insider and industrial spy
32

Lecture 5 - Securing IS

Uploaded by

Copyright:

Available Formats

You might also like

Lecture 5 - Securing IS

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lecture 5 - Securing IS

Uploaded by

Copyright:

Available Formats

21CSIS01P

Introduction to Information Systems

Securing Information Systems

Dr. Yasmine Afify

Cybersecurity is an increasingly critical business need. As

Ethics in Information Technology, Fourth Edition 3

Ethics in Information Technology, Fourth Edition 4

• Pieces of programming code

Ethics in Information Technology, Fourth Edition 5

Ethics in Information Technology, Fourth Edition 6

Ethics in Information Technology, Fourth Edition 7

Ethics in Information Technology, Fourth Edition 8

• Malicious hacker takes over many computers on the

• The computers that are taken over are called zombies

• Target machine is busy responding to a flood of

Ethics in Information Technology, Fourth Edition 10

Ethics in Information Technology, Fourth Edition 11

• Legitimate-looking emails lead users to fake Web

Ethics in Information Technology, Fourth Edition 13

A social engineering attack technique used in 2016 in

Ethics in Information Technology, Fourth Edition 17

Ethics in Information Technology, Fourth Edition 18

• Competitive intelligence (NOT an attack)

Ethics in Information Technology, Fourth Edition 20

• Offensive Track: Deploys a proactive approach to security

• Ethical hacking involves an authorized attempt to gain

• Stay legal. Obtain proper approval before accessing and

• All ethical hackers should have:

• Some of the most well-known and acquired certifications include:

C 6. Rootkits F. Logic bomb that executes when triggered

You might also like