Scribd
Upload
72 views122 pages

Ias 102 Week2 5 Lesson

Hijtbji

Uploaded by

Tiro, Julito III, T.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
72 views122 pages

Ias 102 Week2 5 Lesson

Hijtbji

Uploaded by

Tiro, Julito III, T.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 122

WEEK 2

INFORMATION ASSURANCE AND SECURITY OF NETWORKS


AND COMMUNICATIONS

IAS102 - INFORMATION ASSURANCE AND SECURITY


• Define the OSI reference model
• Understand network types, network protocols
and network security risks
• Understand some basic tools to defined against
network
• Understand wireless networking and the threats
it can pose to network security

2
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

THE OPEN SYSTEM INTERCONNECTION


REFERENCE MODEL
• International Standard or ISO
developed the Open System
Interconnection Model.
• Divide network communication
into seven layers
• Layer 1 to 4 – lower layer
mostly concern themselves
with moving data around
• Layer 5 to 7 – upper layer
contain application level data
3
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

OSI Layer Model


OSI or Open System Interconnection
A networking framework for implementing protocols in seven layers
1. Application Layer – responsible for interacting with end user
2. Presentation Layer – responsible for coding data
3. Session Layer – responsible for maintaining communication
4. Transport Layer – responsible breaking data into packet
5. Network Layer – responsible for logical implementation
6. Data Link Layer – responsible for transmitting information
7. Physical Layer – responsible for physical operation
4
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

OSI Layer Model


OSI Layer Model

5
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Two Types of Network


Wide Area Network
WAN’s connect system over a large
geographical area
Example
 internet
Network of bank cash dispenser
 School network

6
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Two Types of Network


Connectivity options
Cable Modem or Digital Subscriber Line

7
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Two Types of Network


Connectivity options
Direct Fiber Optic Connections

8
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Two Types of Network

Advance Connectivity options


T3 connector Frame Relay Circuit
T1 connector
ISDN Network

9
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Two Types of Network


Router
A Device that connect two or
more networks and selectively
interchange packets of data
You can place routers in two basic
location.
 Border Router
Internal Router

10
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Two Types of Network

11
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Two Types of Network


Router
can use to improve security
 Network Address Translation (NAT)
 Use an alternative public IP address to hide
system real IP address
 Types of NAT
 Static NAT
Dynamic NAT
 Port Address Translation (PAT)

12
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Two Types of Network


Router
 Packet Filtering
 The device whether allow the packet
into the network or deny
 Types of Packet Filtering
 Proxy Filter
 Stateful Packet Filter

13
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Two Types of Network


Local Area Network
 Provide network connectivity for
computers located in the same
geographic area
 Ethernet Networks
 Every networks has switched to a single
technology called Ethernet
 Early Ethernet Networks
 Modern Ethernet Networks

14
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Two Types of Network


LAN Devices: Hubs and Switches
 Hubs
 Simple network devices which contain
numbers of plugs or ports
 Disadvantage of Hub it creates congestion by
transmitting everything it hears
 Switches
 Perform the same basic function however perform
intelligent filtering
 If switches are in promiscuous mode it vulnerable to
security attacks
15
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

TCP/IP and How It Works


TCP/IP

 It stands for Transmission Control Protocol /


Internet Protocol, which communicate with
computers on internet using set of rules.
 Every computer now speaks in standard
language

16
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

TCP/IP and How It Works

These protocol manage the transfer of data


from server to a personal computer from the
beginning of data transfer to the end

17
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

TCP/IP and How It Works


Protocol
 A set of rules that govern the formal of
messages that computers exchange

Network Protocol
 Govern how networking equipment to
deliver data across the network

18
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

TCP/IP and How It Works


Internet Protocol
 Putting data into datagram for
transmission
Datagram
 Is a basic transfer unit associated with a
packet-switched network.
 Header – include both the source and
destination IP address
 Payload – data that being transmitted
19
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

TCP/IP and How It Works

Transmission Protocol Program


 TCP keeps track data segments, or
units of data divided to efficient
routing through network

20
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

TCP/IP and How It Works


Dynamic Host Configuration Protocol (DHCP)
 Provide a computer with IP address, Subnet mask, and other
essential administrator
 It simplifies the network administrator job

21
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

TCP/IP and How It Works


Internet Control Message
Protocol (ICMP)
 It delivers messages between
host about the health of the
network
Packet Internet Groper (PING)
 Commands sends a single
packets

22
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

TCP/IP and How It Works


Tracer Route (Tracert)
 A command uses to identify
the path that packet travel
through a network

Smurf Attack
 ICMP use to create a Denial of
Service attack against network

23
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Network Security Risk


Three Categories of Risk
The three main categories of risk that has different impact on the Availability,
Integrity, and Confidentiality of data carried across the network and also affect
Security of network itself
 Reconnaissance
 Eavesdropping
 Denial of Service

24
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Network Security Risk


Reconnaissance
 Network reconnaissance is gathering
information about a network for use
in a future attack
 Types of Reconnaissance attack
 Logical Reconnaissance
 Physical Reconnaissance

25
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Network Security Risk


Network Eavesdropping
 network eavesdropping, if an attacker
has a physical access to a cable he/she
can simply tap that cable and see all
the data passing through the cable
 Types of eavesdropping attack
 Trivial File Transfer Protocol (TFTP)
 Configuration File Sniffing
 Traffic Analysis
 Conversation Eavesdropping
26
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Network Security Risk


Network Denial of Service
 Attacker simply want user to
deny the use of network
 Primary Methods of Denial of
Service attack
 Flooding a network with traffic
 shutting down a single point of
failure

27
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Network Security Risk


Network Denial of Service
 Common types of DoS and
DDoS attack
 UDP Flood
 ICMP (Ping) Flood
 SYN Flood
 Ping of Death
 Slowloris
 NTP Amplification
 HTTP Flood
 Zero-day DDoS Attacks
28
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Basic Network Security Defense Tools


Basic Network Security Defense Tools
Defense against risks with some basic hardware and software tool;

 Firewall
 Virtual Private Network
 Network Access Control

29
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Basic Network Security Defense Tools


Firewall
 Firewall controls the flow of traffic by
preventing unauthorized network
traffic from entering or leaving a
particular portion of the network
 Types of Firewall
 Packet Filtering
 Stateful Inspection
 Application Proxy
 Border Firewall
 Screened Subnet
 Multilayered Firewall
30
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Basic Network Security Defense Tools


Virtual Private Networks and Remote
Access
 Good way to increase the security
level of data transmit across public
data network
 Three major VPN Technologies
 Point-to-Point Tunneling Protocol (PTTP)
 Secure Socket Layer (SSL)
 IPSec

31
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Basic Network Security Defense Tools


 Network Access Control
 Enable add security requirements before
allowing device to connect to network
 Posture Checking
 Up-to-date Antivirus Software
 Host Firewall Enables
 Operating System Supported
 Operating System Patched

32
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Wireless Networks
Wireless Network
 Wireless network connect device within a home or offices. It allows
user to work from any locations in the building and many other
devices

Wireless Access Points (WAP’s)


Wireless Networks Security Controls

33
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Wireless Networks
Wireless Access Points (WAP’s)
 WAP is the connection between a
wired and wireless network
 Security Types
 Wired Equivalent Privacy (WEP)
 Wi-Fi Protected Access (WPA)
 Wi-Fi Protected Access II (WPA2)

34
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 2 - INFORMATION ASSURANCE AND SECURITY OF NETWORKS AND
TELECOMMUNICATIONS

Wireless Networks
Wireless Network Security Controls
 Use of Encryption to prevent
eavesdropping and adding authentication
to wireless network
 Techniques that added security
 Wireless Encryption
 SSID Beaconing
 Mac Address Filtering

35
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
36
WEEK 3-4
MALICIOUS CODE AND ACTIVITIES

IAS102 - INFORMATION ASSURANCE AND SECURITY


• Discuss the different types of malware
• Understand the malicious code threats
• Understand the anatomy of attack

2
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


There are several types of viruses
as well as many other forms of
malicious code. Each type has a
unique characteristics and
architecture. It must design and
implement effective
countermeasures to detect,
mitigate, and prevent malicious-
code attack. Develop an
understanding of various types of
malicious code and how
each type is used
3
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Virus
 A computer virus is an executable program that
attaches to, or infects, other executable
programs
 Three main types of viruses
 System Infector
 File Infector
 Data Infector

4
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Virus
 Example of Virus
 CryptoLocker
 ILOVEYOU
 MyDoom
 Storm Worm
 Sasser & Netsky
 Anna Kournikva
 Slammer
 Stuxnet

5
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Boot Record Infector
 System Infectors are viruses that target
key hardware and system software
components in a computer

Master Boot Record and System Infector


 Load instructions that bypass the ROM-
based services and execute other types of
Malicious Code and cover its own track

6
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


System Infector
Are viruses that target and software startup function
Example
Alameda virus
Pakistani Brain

7
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


File Infector
 Are viruses that attack and
modify executable program
(like com, exe, sys, and ddl
files)
 Example
 Jerusalem
 Cascade

8
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Data Infector
 Data infector viruses that attack document files containing
embedded macro programming capabilities
 Example
 W97M
 Melissa
 WM. Nice Day

9
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Other Classification of Virus
 Viruses can use a number of techniques to propagate and avoid
detection by anti-virus software
 Some viruses as the following behave differently
 Polymorphic Viruses
 Stealth Viruses
 Slow Viruses
 Retro Viruses
 Cross Platform Viruses
 Multipartite Viruses
10
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Spam

11
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Spam
 Threats in an organization
 Spam consumes computing resources (bandwidth and cpu time)
 Spam diverts IT personnel from activities more critical to network security
Spam e-mail is a potential carrier of malicious code (viruses, hostile active
content etc.)
 Spammers have developed techniques to compromise intermediate system
to facilitate remailing services, masking the real source and constituting a
denial of service attack for victimized system
 Opt out (unsubscribe) features in spam message can represent a new form of
reconnaissance attack to acquire legitimate target address
12
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Worms
 Are self-contained
program designed to
propagate from one host
machine to another
 Types of worms
 Internet Worms
 Email Worms
 Instant Messaging Worms
 File Sharing Worm
 IRC Worms
13
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware

Worms
 Example of worms
 ILOVEYOU
 Michelangelo
 MSBlast

14
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Trojan Horse
 A programmed that masquerade as a useful program while hiding its malicious intent
 Types of Trojan Horse
 Joke Trojan
 NVP Trojan
 IconDance Trojan
 Destructive Trojan
 Feliz Trjan
 AOFree Trojan
 Hey You! AOL Trojan
 Promail Trojan
 Remote Access Trojan
 Back Orifice or BO
 SubSeven
 The Thing

15
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Trojan Horse

16
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Logic Bomb
 Logic bomb is a program
that executes a malicious
function of some kind when
it detects a certain condition

17
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Active Content Vulnerabilities
Active content refers to the
components primarily on web sites
that provide functionality to interact
with users
 Active content threats are
considered mobile code, these
program run on a wide variety of
computer platforms

18
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Botnets
 The attackers infect vulnerable machines with agents that perform
various function at the command of the bot-herder or controller. (a
bot-herder is a hacker who operates a botnet)
 Types of Botnets
 Bot Master
 Zombies
 Spamming through Botnet
 Distributed Denial of Service attack

19
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Denial of Service Attacks
 A cyber-attack in which the
perpetrator seeks to make a
machine or network resource
unavailable to its intended users by
temporarily or indefinitely
disrupting service of a host to the
internet

20
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Denial of Service Attacks
 Types of DOS attack
 Standard DOS attacks
 Distributed DOS attack
 Three parties in DOS attacks
the attacker
the intermediaries (handlers and
agents)
the victim(s)

21
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Denial of Service Attacks
DOS attack
 SYN Flood Attacks  Smurf Attack

22
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware

23
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Spyware
 Spyware is an unsolicited background
process that install itself on users
computer and collects information about
users browsing habits and website
activities
Types of Spyware
Adware
Keyboard Logger
Modem Hijacker
Browser Hijacker
Commercial spyware

24
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Spyware
Example of Spyware
 Caveat
 CoolWebSearch
 Internet Optimizer
 108 Solutions
 HuntBar a.k.a. Win Tools
 Adware.Websearch
High-performance Spyware that continues hide in
PC from 2008

25
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Adware
 Adware programs trigger
such nuisances as pop-up
ads and banners when visit
certain web sites
 Types of Adware
 Fireball
 Appearch
 DollarRevenue
 Gator How adware works
 DeskAd

26
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Adware
 Common examples of
Adware
 108Solution.SearchAssistant
also known as 180Search
Assistant
 Altnet
 CoolWebSearch a.k.a.
CoolWWW
 Ads by Gamevance
Adware threats for Business
dominate on Mac, Android,
 Virtumundo and Windows
27
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Phishing
 Phishing attack tricks into providing logon information on what appears to
be legitimate web sites, in facts web site set up by attacker to obtain
information
 Sophisticated technologies use by attackers
 Spear phishing
 Pharming
 Most common phishing attack
 Email phishing
 Spear phishing
 Whailing
 Smishing and vishing
 Angler phishing Phishing Cycle
28
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Phishing Top Phishing Email Attacks Worldwide in
2018 DouCircle
 Example of Phishing 
 Deactivate scares Save a friend scam
 Look-alike websites  Wire transfer scam
 Nigerian scams  Work mules
 Go directly to jail  Phone forwarding
Tech support scam  SMS phishing
 SEO Trojan  SWATting
 Craiglist money scam Fake crisis notive

29
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Keystroke Loggers
 Keystroke logger captures
keystroke or user entries and
then forward to attackers
and they can enable attacker
to log on information
 Two types of keystroke
logger
Hardware keylogger How does a keylogger work
 software keylogger

30
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Hoaxes and Myths
 Is a message warning
the recipients of non-
existent computer virus
threat. The message is
usually a chain e-mail
that tells the recipients to
forward it to everyone
they know

31
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Hoaxes and Myths
This is a new version of the old chain-letter attack,
Here are some guidelines for recognizing hoaxes, especially virus
hoaxes
Did a legitimate entity ( computer security expert, vendor, etc) send the
alert?
 is there a request to forward the alert to other?
 are there detailed explanations or technical terminology in the alert?
 does the alert follow the generic format of a chain letter?

32
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Home Page Hijacking
 The function of this attack is to change
browser’s homepage to point the
attacker site.
 Two forms of hijacking
 Exploiting a browser vulnerability to reset
the homepage
 Covertly installing a Browser Helper Object
(BHO) Trojan program

33
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Home Page Hijacking
 Example of Homepage hijacking
 Conduit Toolbar
 coupon Saver
 GoSave
 Babylon Toolbar
 CoolWebSearch
 RocketTab
 Ask Toolbar

34
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Main Types of Malware


Web Page Defacement
 Web defacement or web graffiti
refers to someone gaining
unauthorized access to a web
server and altering the index page
of site on the server

35
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Brief History of Malicious Code Threats


History of Malicious Code Threats
 Sneaker Net the manual transmission
 malware spread from computer to computer via diskette.
 From month to in minutes
 1970’s and Early Academic Research and Unix
1970’s - self distributing code (worms)
 1983 – Dr. Fred Cohen
 1984 – “Computer Viruses Theory and Experiments”
1988 – Robert Morris

36
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Brief History of Malicious Code Threats


History of Malicious Code Threats
 1980’s Early PC Viruses
C PC OS was Disc-Based
 Two primary types of malicious code emerged to exploit
 Boot Sector Viruses
 File Infector Viruses
 1990’s early LAN Viruses
 1990’s LAN began to appear in business environment
 Boot sector virus Form 5
 Dark Avenger a.k.a. Eddie 6

37
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Brief History of Malicious Code Threats


History of Malicious Code Threats
1990’s early LAN Viruses
 Introduction of CD-ROMS
 Mid 1990’s Smart Application and the Internet
 Email worms by Morris
 Email worms named Melissa and Loveletter
 Hacking and Cracking
 Denial of Service
 Trojan program like Back Orifice and AIDS
 Polymorphic version like Tequila
38
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

The Brief History of Malicious Code Threats


History of Malicious Code Threats
Mid 1990’s Smart Application and the Internet
StrangeBrew
 1995 - VM/Concept7
 2000 to Present
 added numerous companion tools and plug-ins
 Replication speed of internet worms with companion of high speed
computers
 W32/NIMDA Worm
 Klezworm

39
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

Threats on Business Organization


Types of Threats

Outside the Organization


 Security threat from malware originate from a variety of sources
 Isolated incident
 Unsophisticated perpetrator to complex
 structured attacks against multiple targets by organized group
 make significant effort, mitigate and recover fro these

Within an Organization
 These threat are due to improper or deficient security policy and unsafe user practice
 It security practitioner responsibility to understand threat and to implement effective
countermeasures and practices

40
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

Threats on Business Organization


Malicious code can threaten
business in the following ways
 Attack against
confidentiality and privacy
 Attacks against productivity
and performance
 Attack that create liability
 Attack that damage
reputation

41
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

Threats on Business Organization


Internal Threats from
Employees
 Attackers initiate more
notorious security threats
from outside target
network
 Significant vulnerabilities
exist inside a trusted
network which require I.T.
security practitioner
attention

42
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

Threats on Business Organization


Common vulnerabilities exist of unsafe computing practices by employees

The exchange of untrusted disk media among host system


 The installation of unauthorized, unregistered software (application and
os)
 The unmonitored download of files from the internet
 The uncontrolled dissemination of e-mail attachment
 Security breaches also originate within the victim organization, by current
and former employees
 Breaches often go undetected due to weak personnel and security policies
of ineffective countermeasures

43
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

Threats on Business Organization


Breaches can include the following
 Unauthorized access to system and network resources
 Privilege escalation
 Theft, destruction or unauthorized dissemination of data
 Use of corporate network resources to initiate hostile attack against
outside targets
 Accidental or intentional release of malicious code into internal
network segments not protected by perimeter control and
intrusion detection countermeasure
44
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

Anatomy of Attack
Anatomy of Attack
 To understand threats and
developing practical and effective
countermeasures you must
understand the objectives of
malicious code attacks as what
the attackers are targeting.
What motivates attackers
 the purpose of an attack
 Type of attack
 phrases of an attack

45
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

Anatomy of Attack
What Motivates Attackers
 Attackers are far more
sophisticated, they have four
primary motivation
They want money
 They want to be famous
 They want to impose their
political belief or system on
others
 They are angry and they want
to exact revenge on those who
angered them

46
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

Anatomy of Attack
Purpose of Attack
Denial of Availability
 Data Motivation
 Data Export
 Launch Point
Types of Attacks
 Unstructured Attacks
 Structured Attack
 Direct Attack
 Indirect Attack

47
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

Anatomy of Attack
Phases of Attacks
 To develop an attack
 Attackers need to know the
target of attack
 they develop strategy
 attackers are concerned
about not leaving tracks that
allow investigator to identify
them

48
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

Anatomy of Attack
Phases of Attacks
 Reconnaissance and
Probing
 Access Privilege Escalation
 Covering Your Tracks

49
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

Attack Prevention Tools and Techniques

50
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

Attack Prevention Tools and Techniques


Attack Prevention Tools and Techniques
 It security practitioners must understand how to implement
countermeasures to defend against malicious code attacks
 Application Defenses
 Operating System Defenses
 Network Infrastructure Defenses
 Safe Recovery Techniques and Practices
 Implementing effective Software Best Practices

51
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 3-4 – MALICIOUS CODE ACTIVITIES

Attack Prevention Tools and Techniques


Incident Detection Tools and Techniques
 Intrusion detection tools are an integral component of defense in
depth. Organization should deploy a defense-depth approach as an
early warning system on network
 Implementation has unique capabilities to protect network and host
from malicious activity
 Antivirus Scanning Software
 Content Monitors and Analysis
 Honeypots and Honeynets

52
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
53
WEEK 5

LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN


INFORMATION TECHNOLOGY
IAS102 - INFORMATION ASSURANCE AND SECURITY
• Describe the function of and relationships among laws, regulations
and professional in information assurance and security;

• Differentiate laws and ethics;

• Identify major national laws that affect the practice of information


security; and

• Explain the role of culture as it applies to ethics in information


security.

2
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Law and Ethical in Information Technology


Organizational Liability and Need
for Counsel
 Liability
 Restitution
 Due Care
 Due diligence
 Jurisdiction
 Long arm jurisdiction Organizational Communication
and Leadership Ethics
3
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Law and Ethical in Information Technology


Policy Versus Law
 Policy – function as organization
laws
 It become enforceable, it must
meet the following criteria
dissemination (distribution)
 review (reading)
comprehension (understanding)
compliance (agreement)
uniform enforcement
4
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Law and Ethical in Information Technology


Policy Versus Law
 Law – policies function as law. They
must be crafted and implemented
with the same care to ensure that they
are complete, appropriate and fairly
applied to everyone in the workplace
 Types of Law
 Civil law
 Criminal law
 Private law
 Public law
5
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Relevant U.S. Laws


 United States a leader in the development and implementation of information
security legislation to prevent misuse and exploitation of information and
information technology

General Computer Crime Laws


 Computer fraud and abuse act of 1986 (CFA, ACT)
 National information infrastructure protection act of 1996
 USA patriot act of 2001
 USA patriot improvement and reauthorization act
 Foreign surveillance act of 1978 (FISA)
 Computer security act of 1987

6
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY
Relevant U.S. Laws
General Computer Crime Laws
 The severity of the penalty Web
depends on the value of
information obtained of
 For purpose of commercial
advantage Profit
 For private financial gain
 In further of a criminal act

7
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Relevant U.S. Laws


Privacy
 Privacy
 Clipper Chip
 Privacy of Customer
Information
 Aggregated Information
 Federal Privacy Act of 1974

8
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Relevant U.S. Laws


Privacy
 The following agencies regulates business and
individuals
 Bureau of census
 National archives and records administration congress
 Federal courts with regard to specific issues using
appropriate court orders
 Credit reporting agencies
 Individuals or organization that demonstrate that
information is necessary to protect the health or safety of
that individual
9
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Relevant U.S. Laws


Privacy
1. Electronic Communication Privacy Act of 1986
2. Financial Service Modernization Act or Gramm-Leachlbliley act of 1999
3. Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Principles of HIPAA
consumer control fundamental principles
boundaries on the use of medical information
accountability for the privacy of private information
balance of public responsibility for the use of medical information for the greater
good measured against impact to the individual
security of health information

10
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY
Relevant U.S. Laws
Privacy
 Identity Theft
 the illegal use of someone else’s
personal information like;
 Name
Social security number
Credit card number

11
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY
Relevant U.S. Laws

12
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Relevant U.S. Laws


Export and Espionage Laws
 Economic Espionage Act in 1996
 Prevent trade secrets from being illegally shared
 Security and Freedom through Encryption Act of 1999
 Reinforced an individual’s right to use or sell encryption algorithm
 Prohibit the federal government from requiring the use of encryption
 State that the use of encryption is not probable cause to suspect criminal
activity
 Relax export restrictions by amending the Export Administration Act of 1979
 Provide additional penalties for the use of encryption in the commission of
criminal

13
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY
Relevant U.S. Laws
U.S. Copyright Law
 Intellectual Property
 refers to creations of the mind;
inventions; literary and artistic work; and
symbols, names and images used in
commerce
 Four primary types of intellectual
property
 Patents
 Trademark
 Copyright
 Trade Secrets
 Rights of Publicity
14
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY
Relevant U.S. Laws
U.S. Copyright Law
 Extends privilege to the published word
 Fair use allows copyright materials to be used to support
 news reporting
 teaching
 scholarship and
 as long as use for educational
 or library purposes

15
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Relevant U.S. Laws


Financial Reporting
 It refers to the communication of
financial information, like financial
statement for investors and
creditors
 Section 404 of the Sarbanes-
Oxiety Act
 requires that a company financial
statements and annual report include
Effective on the company internal control

16
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY
Relevant U.S. Laws
Freedom of Information Act of
1966 (FOIA)
 FOIA is a federal law that
generally provides that any
person has right enforceable
in court, to obtain access to
federal agency records

17
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Relevant U.S. Laws


State of Local Regulations
 Restrictions on organizational
computer technology use exist at
international, national state, local
levels
 information security professional
responsible for understanding state
regulations and ensuring
organization is competent with
regulations
18
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

International Laws and Legal Bodies


International Laws and Legal Bodies

It is important for IT professionals and information security


practitioner to realize organization do business on the internet it is
globally. It professionals must be sensitive to the laws and ethical
values of many different cultures, societies and countries.
Council of Europe of Convention on Cybercrime
 Agreement on Trade-Related Aspects of Intellectual Property Rights
 Digital Millennium Copyright Act (DCMA)

19
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY
International Laws and Legal Bodies
Council of Europe Convention on Cybercrime
 Convention on Cybercrime in 2001
 Created an international task force to oversee
a range of security function associated with
internet
 Emphasize prosecution for copy of
information for law
 Acquisition of information for law
enforcement agencies in certain types of
international crimes

20
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

International Laws and Legal Bodies


Agreement on Trade-Related
Aspects of Intellectual Property
Rights
 TRIPS
 Created by the Whole Trade
Organization and negotiated over
the years 1986-1994
 Introduce intellectual property
rules into the multilateral trade
system

21
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

International Laws and Legal Bodies


Digital Millennium Copyright Act
(DMCA)
 Of 1998 endeavors to balance
the interest of internet service
providers and copyright owners
 protects only the internet
service provider and not the
users of its system who infringe
copyright

22
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Ethics and Information Security


Ethics and Information Security
 Professional groups have explicit
rules governing ethical behavior in
the workplace
 Defines as an all encompassing
term that refers to all activities
needed to secure information and
system that support it in to
facilitate its ethical use

23
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY
Ethics and Information Security
 Ethical Differences Across
Cultures
 Ethical Decision
Evaluation
 Ethics and Education
 Deterring Unethical and
Illegal Behavior

24
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Ethics and Information Security


Ethical Differences Across Cultures
 Cultural differences can make difficult
to determine what is and is not ethical
when it comes to the use of computer
 different nationalities have different
perspective
 Three categories of ethical computer
use
 Software License Infringement
 Illicit Use
 Misuse of Corporate Resources
25
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY
Ethics and Information Security
Ethical Decision Evaluation
 Refers to the process of evaluating
and choosing alternatives in a manner
consistent with ethical principles in
making ethical decision, it is
necessary to perceive and eliminate
unethical options and selects the
ethical alternative

26
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Ethics and Information Security


Ethics and Education
 Attitudes towards the ethics
of computer used by many
factors other nationality
 Studies reveal that the
overriding factor in leveling the
ethical perception within a
small population education

27
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Ethics and Information Security


Deterring Unethical and Illegal Behavior
 There are three general causes of unethical and illegal behavior
 Ignorance
 Accident
 Intent
 Security professionals understand the technology aspect of protection but
underestimate the value of policy
 Law and policy and their associated penalties only deter if three condition
are present
 Fear of penalty
 Probability of being caught
 Probability of penalty being administered

28
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

Code of Ethics and Professional Organization


Codes of Ethics and Professional
Organizations
 Many of organizations have
established codes of conduct or codes
 Codes of ethics can have a positive
effect on people judgement regarding
computer use
 Certification or professional
accreditation can deterred ethical
lapses
29
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY
Code of Ethics and Professional Organization
Major IT Professional Organization
 Many of the major IT professional organization maintain their own
codes of ethics
 Association of Computing Machinery (ACM)
 International Information System Security Consortium (ISC)2
 System Administration Networking and Security Institute (SANS)
 Information System Audit and Control Association (ISACA)
 Information System Security association (ISSA)

30
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY
Key U.S. Federal Agencies
Key U.S. Federal Agencies
 U.S. federal agencies are charged with
the protection of American Information
resources and the investigation of
threats to, or attacks on, these
resources
 The Department of Homeland security
(DHS)
 National Security Agency (NSA)

31
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
WEEK 5 : LEGAL, ETHICAL, AND PROFESSIONAL ISSUES IN INFORMATION
TECHNOLOGY

REFERENCES:
Knapp, Kenneth J.(2009) Cyber security and global information assurance: threat analysis and response solutions
(advances in information security and privacy)
Lynn, Theo (et.al) (2021) Data privacy and trust in cloud computing: building trust in the cloud through assurance and
accountability
Principles of Information Security 4th edition Michael E. Whitman, Herbert j. Mattord
Sinha, Sanjib (2018) Beginning ethical hacking with Kali Linux: computational techniques for resolving security issues
Stewart, James Michael (et.al) (ISC)2 certified information systems security professional official study guide
Whitman, Michael E. and Mattord, Herbert J. (2018) Principles of information security (6th ed.)

32
IAS102 – INFORMATION ASSURANCE AND SECURITY 2
33

You might also like