200 likes | 214 Views
Understand the importance of network security, types of attacks, and vulnerabilities in networked systems. Learn to categorize and prioritize threats to protect vital information and safeguard resources from malicious damage.
E N D
Unit 32 – Networked Systems Security https://www.tes.com/lessons/k-4i3DlopqkOYA/review-week-unit-32-networked-systems-security
Dictionary.com says: 1. Freedom from risk or danger; safety. 2. Freedom from doubt, anxiety, or fear; confidence. 3. Something that gives or assures safety, as: 1. A group or department of private guards: Call building security if a visitor acts suspicious. 2. Measures adopted by a government to prevent espionage, sabotage, or attack. 3. Measures adopted, as by a business or homeowner, to prevent a crime such as burglary or assault: Security was lax at the firm's smaller plant. …etc. What is Security?
Protect vital information while still allowing access to those who need it • Trade secrets, medical records, etc. • Provide authentication and access control for resources • Guarantee availability of resources Why do we need Security?
Financial institutions and banks • Internet service providers • Pharmaceutical companies • Government and defense agencies • Contractors to various government agencies • Multinational corporations • ANYONE ON THE NETWORK Who is Vulnerable?
http://www.calyptix.com/top-threats/top-7-network-attack-types-in-2015-so-far/http://www.calyptix.com/top-threats/top-7-network-attack-types-in-2015-so-far/ What is the percentage of Denial of Service attacks? Top 7 Network Attacks 2015 (so far)
Internal • Disaffected Staff • Social Engineering • Downloads • External • Internet Connections • Unsecured Wireless Points • Viruses introduce by email Sources of Attacks
Malicious damage can occur through internal means in that it comes from within an organisation, perhaps the result of a disgruntled employee • Breaking or sabotaging equipment • Deleting, altering or making public business- sensitive or embarrassing data Internal Attack
Jeffrey Delisle: Canadian spy passed on UK secrets http://www.bbc.co.uk/news/uk-20112616 Former MI6 man sentenced for secret files leak http://www.bbc.co.uk/news/uk-england-london-1117643 Edward Snowden – whistleblower http://www.bbc.co.uk/news/world-us-canada-22837100
The threat has spread from outside of an organisation, perhaps for self-gain or self-satisfaction, or maybe for a competitor company. Examples are: – hacking – theft – criminal damage – industrial espionage. However, the distinction between internal and external malicious damage is not black and white: the four external damage examples listed could also result from within an organisation and so could be classed as internal External Attack
External attacks involving internet connections will normally be mitigated by the company Internet security policy and rules. The objective is to establish rules and measures to use against attacks over the Internet. External Attack - Internet
Wi-Fi has provided significant benefits for businesses and their customers but it also has generated significant headaches. “Rogue” access points operating without company blessing and potentially installed for industrial espionage are a real threat to a secure corporate computing environment. External Attack - Through unsecured wireless access points
Man arrested over wi-fi 'theft‘ http://news.bbc.co.uk/1/hi/england/london/6958429.stm Two cautioned over wi-fi 'theft‘ http://news.bbc.co.uk/1/hi/england/hereford/worcs/6565079.stm External Attack - Through unsecured wireless access points
Google admits wi-fi data blunder http://news.bbc.co.uk/1/hi/uk/8684639.stm Security warning over wireless networks http://news.bbc.co.uk/1/hi/technology/8309779.stm External Attack - Through unsecured wireless access points
Virus authors adapted to the changing computing environment by creating the e-mail virus. For example, the Melissa virus in March 1999 was spectacular in its attack. Melissa spread in Microsoft Word documents sent via e-mail. How Computer Viruses Work http://computer.howstuffworks.com/virus4.htm External Attack - Virus introduced via email
Categorise the threats into the sources they come from. • Internal • Disaffected Staff • Social Engineering • Downloads • External • Internet Connections • Unsecured Wireless Points • Via email • Other • Both • Threats - • Denial of service, • Back door, • Spoofing, • Mathematical, • Brute force, • Adware. • Theft of data • Ransomware • Data modification • Identity theft • Software exploitation, • Viruses, • Rootkits, • Worms, • Trojans, • spyware, • Eavesdropping • Man in the middle Create a table in which you can categorise the different threats. They may appear in more than one source. Task Order the threats in each category from highest to lowest damage they may cause
Choose 5 types of threats that attack a network, summarise each attack. • Why is it a dangerous type of attack? • When is a company usually susceptible to this type of attack? • Who normally perpetrates this type of attack? • Include a diagram of this attack (if possible) Task Recommend ways the attack can be mitigated
http://www.its.ms.gov/Services/Pages/Security-Quizzes-Tests.aspxhttp://www.its.ms.gov/Services/Pages/Security-Quizzes-Tests.aspx
Read this http://www.securityweek.com/virus-threats is there anything interesting? Discuss
Illustrate the need for security. • Categorise network attacks into different sources • Summarise different security attacks on networks Learning Objectives