CHAPTER 1 Edit

CHAPTER 1
INTRODUCTION TO SECURITY
ITE PC v4.1
Chapter 1 © 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public 1
 End of this class, students able to:
 1.1.1 Describe Information Security
 1.1.2 Identify Goals of Security - CIA
 1.1.3 Differentiate between Attackers and Hackers
 1.2.1 Explain types of security threats (malicious
code, hacking, natural disaster, theft)
 1.2.2 Identify sources of security threats (external,
internal, unstructured, structured)
ITE PC v4.1
 1.1: APPLY SECURITY
ITE PC v4.1
Information Security
• Consists of the provisions
and policies adopted by the information
system administrator to prevent and Definition:
monitor unauthorized access, misuse,
modification, or denial of the computer
network and network-accessible
resources.
• The authorization to access the data in a network, which

is controlled by the network administrator.
ITE PC v4.1
 Purpose : Protect information
 Emerging
 Physically : Strong walls, technologies,
well-guarded door to secure LANs and WANs :
access – closed network e-business, mobile
commerce,
The need wireless networks
Information – creating untold
number of security
System Security risks
Firewall : intrusion detection,

authentication, authorization
and vulnerability assessment Keeping the bad guys out :
system increasingly complex ways
of letting good guys in
ITE PC v4.1
Users can perform only
authorized tasks
Users can obtain only authorized
information
Expectation of security
measures
Users cannot cause damage to

the data, applications, or
operating environment of a
system.
ITE PC v4.1
Goals of security
a) Confidentiality
b) Integrity
c) Availability
ITE PC v4.1
ITE PC v4.1
(a) Confidentiality
 Confidentiality is defined as the level of protection of
transmitted data from passive attacks.
 The communication over the network are accessible only by

authorized users.
 The types of access include: reading, viewing, printing and

transferring of information within the network itself.
 Protecting the information from disclosure to unauthorized

parties.
ITE PC v4.1
(b) Integrity
 Information integrity means the information being
transferred in free from modifications.
 Integrity of information refers to protecting information

from being modified by unauthorized parties
ITE PC v4.1
(c) Availability
 Availability is defined as the state of the network where

the resources are always available to authorized users
upon demand.
 Availability of information refers to ensuring that

authorized parties are able to access the information
when needed
ITE PC v4.1
 Differentiate between Attackers and
Hackers
 Attackers
- Any software or person that deliberately attempts to
evade security services and violate the security policy of
the networked system
- -Such a person or computer program intentionally
attempts to gain unauthorized access to information
resources.
- They sometimes, also prevent legitimate access to that
resource.
- Such an unauthorized activity user specially crafted
codes or techniques and is called an attack.
ITE PC v4.1
Types of attacks to computer security
a) Physical attack
b) Data attack
ITE PC v4.1
(a) Physical attack
 Physical attacks are attacks that involve penetrating the
physical security protecting information systems.
 In a facility with low physical security or public access, it
can be as simple as walking into a building and sitting
down at a computer system.
4) Damage
a) Walk-in 2) Sneak-in 3) Break-in
equipment
ITE PC v4.1
Physical attack : Examples
 Walk-in – where there is no physical security or public
access, the attacker may choose to simply walk into the
building and find a system to access or attempt to
penetrate. They may also plug in a rogue device that
can collect information or provide access from outside
the building (wireless rogue AP), or reset a device to
known standard configurations that are not safe.
 Sneak-in – when there is some kind of restricted
access, the attacker may try to find ways around the
protection, such as a rear door/ pintu belakang or
loading dock that has poor security, or tail-gating
somebody through a security badge reader controlled
door, using fake credentials, etc.
ITE PC v4.1
 Break-in – it’s also possible for the attacker to resort to
standard burglar techniques such as breaking through
cheap locks, door hinges or windows, picking locks,
disabling security devices such as alarms or door
controls.
 Damage equipment – in some attacks the mission of
the attacker might be simply to disable some key piece
of equipment by damaging it or destroying it.
ITE PC v4.1
(b) Data attack
 Hacker attempts to make changes to data on the target
or data in route to the target.
 Examples : manipulation of personal finance
information, stock tickers or even a company's earnings
report for financial gain.
 Credit card numbers, bank account numbers, secret
keys, or personal data may all reside in memory and be
vulnerable to this type of attack.
ITE PC v4.1
Hackers
- A person who breaks into other people's computers with
malicious intentions.
- Such a person explorer computer and networks to
discover his capabilities. He is a malicious intruder, thus,
who tries to discover information by gaining unauthorized
access.
- Not only viruses, the hacker may write other harmful
programs that affect the working of network or create
damages in your system.
ITE PC v4.1
Hackers
 A hacker is an individual who uses computer,
networking or other skills to overcome a technical
problem.
 The term hacker may refer to anyone with technical
skills, but it often refers to a person who uses his or her
abilities to gain unauthorized access to systems or
networks in order to commit crimes. A hacker may, for
example, steal information to hurt people via identity
theft, damage or bring down systems and, often, hold
those systems hostage to collect ransom.
ITE PC v4.1
Types of hacker
 White hats
 Black hats
 Gray hats
 Blue hats
 Elite
ITE PC v4.1
EXERCISE (GROUP DISCUSSION):
 Find the definition and example with picture of each

type of hacker (White hats, Black hats, Gray hats,
Blue hats, Elite)
 i-think map

ITE PC v4.1
Attackers Vs Hacker

Who is an Attacker ?

Who is a Hacker?
ITE PC v4.1
Attackers
 Any software or person that deliberately attempts to evade
security services and violate the security policy of the networked
system is called attacker. Such a person or computer program
intentionally attempts to gain unauthorized access to
information resources. They sometimes, also prevent legitimate
access to that resource. Such an unauthorized activity user
specially crafted codes or techniques and is called an attack. Two
types of attacks are:
 Passive Attack
 Active Attack
ITE PC v4.1
Active Attack and Passive attack
 Active Attack - an active attack modification data
stream or creation of false stream is also involved along
with watching of transmission.
 In a Passive attack the attacker only looks and
watches the transmission and does not try to modify or
change the data packets.
ITE PC v4.1
 1.2: Demonstrate Security Threats
ITE PC v4.1
Types of security threats
a) Malicious code
b) Hacking
c) Natural disaster
d) Theft
ITE PC v4.1
Exercise (group discussion):
 Find the definition and example with picture of each
type of security threat as below:
a) Malicious code
b) Hacking
c) Natural disaster
d) Theft
 Do in i-think map
ITE PC v4.1
Sources Of Security Threats
 a. External
 b. Internal
 c. Unstructured
 d. Structured
ITE PC v4.1
ITE PC v4.1
(a) Security threats : External
 External threats can arise from individuals or
organizations working outside of a company.
 They do not have authorized access to the computer
systems or network.
 They work their way into a network mainly from the
Internet or dialup access servers.
ITE PC v4.1
(b) Security threats : Internal
 Internal threats occur when someone has authorized
access to the network with either an account on a
server or physical access to the network.
 According to the FBI, internal access and misuse
account for 60 percent to 80 percent of reported
incidents.
ITE PC v4.1
(c) Security threats : Unstructured
 Unstructured threats consist of mostly inexperienced
individuals using easily available hacking tools such as
shell scripts and password crackers.
 Testing and challenging a hacker’s skills.
 For example, if an external company website is hacked,
the integrity of the company is damaged. Even if the
external website is separate from the internal
information that sits behind a protective firewall, the
public does not know that. All the public knows is that
the site is not a safe environment to conduct business.
ITE PC v4.1
(d) Security threats : Structured
 Structured threats come from hackers who are more
highly motivated and technically competent.
 Hackers know system vulnerabilities and can
understand and develop exploit code and scripts.
 They understand, develop, and use sophisticated
hacking techniques to penetrate unsuspecting
businesses.
 These groups are often involved with the major fraud
and theft cases reported to law enforcement agencies.
ITE PC v4.1
 End of subtopic 1.1 and 1.2
ITE PC v4.1

CHAPTER 1 Edit

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CHAPTER 1 Edit

Uploaded by

Copyright:

Available Formats

CHAPTER 1

• The authorization to access the data in a network, which

Firewall : intrusion detection,

Users cannot cause damage to

 The communication over the network are accessible only by

 The types of access include: reading, viewing, printing and

 Protecting the information from disclosure to unauthorized

 Integrity of information refers to protecting information

 Availability is defined as the state of the network where

 Availability of information refers to ensuring that

 Find the definition and example with picture of each

You might also like