Embed Size (px)
Citation preview
CCYBER YBER TTERRORISM ERRORISM & & IINFORMATIONNFORMATION M MANAGEMENT ANAGEMENT
SSECURITYECURITY
BBY:Y: JJITESH,ITESH,HHARSH & ARSH & AAAYUSHIAYUSHI IT BIT BRANCH RANCH 11stst year year
TermsTerms Cyber Terrorism – The use of net for Cyber Terrorism – The use of net for terrorismterrorism
Cyber Crime – Use of net for criminals Cyber Crime – Use of net for criminals actions.actions.
Cyber Attacks – Email Cyber Attacks – Email bombs,viruses,intentional actionsbombs,viruses,intentional actions
Information Warfare – Formalized govermental Information Warfare – Formalized govermental warfarewarfare
Netwar – Conducting war via net & networksNetwar – Conducting war via net & networks Techno Terrorism – Use of technology by Techno Terrorism – Use of technology by terrorist groupsterrorist groups
The Cyber Threat According to the United Nations
“The rapid transnational expansion of large-scale computer networks and the ability to access many systems through regular telephone lines increases the vulnerability of these systems and the opportunity for misuse or criminal activity. The consequences of computer crime may have serious economic costs as well as serious costs in terms of human security.”
Terrorism & the Internet
The use of the Internet and the computer networks will represent a major challenge in the near future. Such use could include use of the nets not only as a propaganda tool, but also as a means of communication between militants of terrorist organization and between various organizations.”
Dr. Ely Karmon, Intelligence and the Challenge of Terrorism in the 21stCentury
Netwar, Technology & Terrorism
“netwar refers to an emerging mode of conflict and crime at societal levels, involving measures short of traditional war, in which the protagonists use network forms of organization and related doctrines, strategies, and technologies attuned to the information age”–John Arquilla, David Ronfeldt, Michele ZaniniNetworks,Netwarand Information Age Terrorism
Terrorists & Information Technology
Terrorist groups are learning to use IT for decision making and other organizational purposes. They are using the same technology as an offensive weapon to destroy or disrupt.
The Threat is not Traditional
There is a new generation of radicals and activists just beginning to create information-age ideologies, in which identities and loyalties may shift from the nation-state to the transnational level of global civil society.
The Threat is Rising
•An increasing number of terrorist groups are relying on information technology to support such structures.
•Newer groups are more networked than traditional groups.
The Threat Is Real
Governments and their surrogates are using the Internet to harass political opponents and unfriendly neighbors, to go after business trade secrets, and to prepare for outright warfare. The government of Myanmar is blamed for targeting the "Happy 99" E-mail virus at opponents who use the Net to advance their cause.
Governments are Attacking Governments
Hackers from Azerbaijan ( thought to be government agents) tampered with dozens of Armenian-related Web sites, including host computers in the United States. Relations are tense between Azerbaijan and Armenia -it wasn't long before the Armenians retaliated in kind.
The 3rdWorld Is Active
More than a dozen countries–among them Russia, China, Iraq, Iran, and Cuba–are developing significant information-warfare capabilities. A senior CIA official cited a Russian general who compared the disruptive effects of a cyber attack on a transportation or electrical grid to those of a nuclear weapon.
Cyber-Spying Is Occurring
Successful cyber war does not have a face. Tapping into a command-and-control/enterprise management system could yield a gold mine of data about plans, processes and strategies. The longer a cyber spy conceals his/her presence, the longer the intelligence flows.
Private Industry Is A Major Target
Governments, and industry, are hungry for intellectual property, business processes, and methodology will, and are, targeting private industry as much as, or more so, than other governments.
Attacks Are On The Rise
A recent FBI survey found that 90 percent of respondents detected security breaches within the last 12 months. 80 percent acknowledged financial losses due to security breaches.
Attacks Are Easier
Attacks are More Frequent
•Based on FBI investigations and other information, there has recently been an increase in hacker activity specifically targeting systems associated withe-commerceand other internet-hosted sites.
•In most cases, the hacker activity had been ongoing for several months before the victim became aware of the intrusion.
Attacks Are Doubling Every Year
Common Types of Cyber Crimes
•Fraud by computer manipulation •Computer forgery •Damage to or modifications of computer data or programs
•Unauthorized access to computer systems and service
•Unauthorized reproduction of legally protected computer programs
Motivations for Cyber Attack
•Vandalism •Anger (Insiders) •Political •Curiosity •Notoriety •Malice •Personal Gai
Assets That Need Protection
•Software, data and information •Data-processing services •Electronic data-processing equipment
•Electronic data-processing facilities
Potential Cyber Security Risks
•Hosts running unnecessary services •Outdated code •Information leakage •Misappropriated trust relationships
•Misconfiguredfirewall or ACL •Weak passwords
Potential Cyber Security Risks
•MisconfiguredWeb servers •Improperly exported file sharing •MisconfiguredNT servers •Inadequate logging and detecting •Unsecured remote access •Lack of defined security policy
Cyber Vulnerabilities
Policy vulnerabilities -i.e. simple passwords, unauthorized software or hardware, authorization, etc.
•Configuration vulnerabilities -software with known problems, privileges enabled, etc.
•Technology vulnerabilities -old technology, technology with known vulnerabilities, etc.
Cyber Vulnerabilities
Density of information and processes •System accessibility •Complexity •Electronic vulnerability •Vulnerability of electronic data-processing media
•Physical security of building(s). •Human factors
Cyber Vulnerabilities •Insider attacks!
•Software bugs •Human errors and mis-configurations •Enabled/unused services •Susceptibility to denial of service attacks …in network services and architecture, operating systems, applications
The “Hacker”or “Cyber-terrorist”Attack
Five Common Attack Methods •Network packet sniffers •IP spoofing •Password attacks •Denial-of-service attacks •Application layer attacks
Network Packet Sniffers
A packet snifferis a software application that uses a network adapter card in promiscuous mode to capture all network packets that are sent across a local-area network and send that to an application for processing.
IP Spoofing An IP spoofing attackoccurs when an attacker outside your network pretends to be a trusted computer either by using an IP address that is within the range of IP addresses for your network or by using an authorized external IP address that you trust and to which you wish to provide access to specified resources on your network.
Password Attacks
Password attackscan be implemented using brute-force attacks, Trojan horse programs, IP spoofing, and packet sniffers. Password attacks usually refer to repeated attempts to identify a user account and/or password; these repeated attempts are called brute-force attacks.
Denial-of-Service Attacks
Denial-of-serviceattacks are different from most other attacks because they are not targeted at gaining access to your network or the information on your network --They focus on making a service unavailable for normal use.
Distributed Denial of Service (DDoS)
Same methods and tools as DoS •Much larger scale attacks –Elephant hunting
•Uses hundreds or even thousands of attacking points to overwhelm target
•Very difficult to determine difference between DDoSand normal network outage
Application Layer Attacks
Application-layer attacksexploit well-known weaknesses in software commonly found on servers, such as FTP. Attackers can gain access to a computer with the permissions of the account running the application, which is usually a privileged system-level account. Trojan horse program attacks are an example.
Where Attacks Come From
Types of Attacks
Computer Crime 1997-2002
Estimated Dollar Loss (2002)
The Cyber Security Process
Security is the mitigation of riskassociated with providing network connectivity to employees, partners and customers.
•Organizations need to focus on their security requirements to create a Security Policyand then allocate budget accordingly.
•Security is a Processwith Security Policy being the cornerstone of the customers’security architecture.
Security Costs Are A Factor
Four Phases of Cyber Security
Contingency Planning
Contingency planning refers to a coordinated strategy involving plans, procedures, and technical measures that enable the recovery of IT systems, operations, and data after a disruption and generally includes one or more approaches: •Restoring IT operations at an alternate location •Recovering IT operations using alternate equipment
•Performing some or all of the affected business processes using non-IT (manual) means.
Planning Steps for Cyber Security
Business Process Evaluation
Response Team
Best Practice #1
General Management Managers throughout the organization must consider information security a normal part of their responsibility and the responsibility of every employee.
Best Practice #2
Policy
Develop, deploy, review, and enforce security policies that satisfy business objectives.
Best Practice #3
Risk Management Periodically conduct an information security risk evaluation that identifies critical information assets (e.g., systems, networks, data), threats to critical assets, asset vulnerabilities, and risks.
Best Practice #4
Security Architecture & Design
Generate, implement, and maintain an enterprise-(or site-) wide security architecture, based on satisfying business objectives and protecting the most critical information assets.
Best Practice #5
User Issues: Accountability and
Training Establish accountability for user actions, train for accountability and enforce it, as reflected in organizational policies and procedures. Users include all those who have active accounts such as employees, partners, suppliers, and vendors.
Best Practice #6
User Issues: Adequate Expertise
Ensure that there is adequate in-house expertise or explicitly outsourced expertise for all supported technologies (e.g., host and network operating systems, routers, firewalls, monitoring tools, and applications software), including the secure operation of those technologies.
Best Practice #7
System & Network Management: Access Control Establish a range of security controls to protect assets residing on systems and networks.
Best Practice #8
System & Network Management: Software
Integrity Regularly verify the integrity of installed software.
Best Practice #9
System & Network Management: Secure Asset
Configuration
System & Network Management: Backups
Best Practice #10
System & Network Management: Backups
Mandate a regular schedule of backups for both software and data.
Best Practice #11
Authentication & Authorization: Users
Implement and maintain appropriate mechanisms for user authentication and authorization when using network access from inside and outside the organization. Ensure these are consistent with policies, procedures, roles, and levels of restricted access required for specific assets.
Best Practice #12
Authentication & Authorization: Remote and
3rd Parties Protect critical assets when providing network access to users working remotely and to third parties such as contractors and service providers. Use network-, system-, file-, and application-level access controls and restrict access to authorized times and tasks, as required.
Best Practice #13
Monitor & Audit Use appropriate monitoring, auditing, and inspection facilities and assign responsibility for reporting, evaluating, and responding to system and network events and conditions.
Best Practice #14
Physical Security Control physical access to information assets and IT services and resources.
Best Practice #15
Continuity Planning & Disaster Recovery
Develop business continuity and disaster recovery plans for critical assets and ensure that they are periodically tested and found effective.
The Cyber-Threat
(REMEMBER) Information Snooping –You are being monitored.Viruses –You will be attacked.Equipment –Your equipment is subject to physical intrusion and theft.
