2. Chapter 2 Objectives :
The Students understand vulnerabilities, threats, and attacks in
The Students understand examples of weaknesses, threats, and
The Students understand the trend of attacks in network
3. What is Information System
Security ... ???
Information systems security is the collection of activities that
protect the information system and the data stored in it
Source : Fundamental of Information SystemS Security (David Kim and MG. Solomon)
4. IT security policy framework
contains four main components:
Policy—A policy is a short written statement that the people in charge
of an organiza-tion have set as a course of action or direction. A policy
comes from upper management and applies to the entire organization.
Standard—A standard is a detailed written definition for hardware and
software and how they are to be used. Standards ensure that
consistent security controls are used throughout the IT system.
Procedures—These are written instructions for how to use policies and
standards.- They may include a plan of action, installation, testing, and
auditing of security controls.
Guidelines—A guideline is a suggested course of action for using the
policy, -standards, or procedures. Guidelines can be specific or flexible
6. Vulnerability ... ?
Cyber threats, or simply threats, refer to cybersecurity
circumstances or events with the potential to cause harm by way
of their outcome.
A few examples of common threats include a social-engineering
or phishing attack that leads to an attacker installing a trojan and
stealing private information from your applications, political
activists DDoS-ing your website, an administrator accidentally
leaving data unprotected on a production system causing a data
breach, or a storm flooding your ISP’s data center.
7. Vulnerability ... ?
Networks are typically plagued by one or all of three primary
vulnerabilities or weaknesses:
• Technology weaknesses
• Configuration weaknesses
• Security policy weaknesses
10. Security policy weaknesses
Security Policy Weaknesses Security policy weaknesses can
create unforeseen security threats. The network can pose security
risks to the network if users do not follow the security policy.
11. Threats ... ?
Vulnerabilities simply refer to weaknesses in a system. They
make threat outcomes possible and potentially even more
A system could be exploited through a single vulnerability, for
example, a single SQL Injection attack could give an attacker full
control over sensitive data. An attacker could also chain several
exploits together, taking advantage of more than one vulnerability
to gain more control.
12. Threats ... ?
There are four primary classes of threats to network security :
1. Unstructured threats
Unstructured threats consist of mostly inexperienced individuals using easily available
hacking tools such as shell scripts and password crackers.
2. Structured threats
Structured threats come from hackers who are more highly motivated and technically
3. External threats
External threats can arise from individuals or organizations working outside of a company.
They do not have authorized access to the computer systems or network.
4. Internal threats
Internal threats occur when someone has authorized access to the network with either an
account on a server or physical access to the network.
13. Attacks ... ?
The threats use a variety of tools, scripts, and programs to
launch attacks against networks and network devices.
Typically, the network devices under attack are the endpoints,
such as servers and desktops.
14. Four primary classes of attacks exist:
• Denial of service
• Worms, viruses, and Trojan horses
15. Reconnaissance ?
Reconnaissance is the unauthorized discovery and mapping of
systems, services, or vulnerabilities. It is also known as
information gathering and, in most cases, it precedes an actual
access or denial-of-service (DoS) attack.
16. Access ?
System access is the ability for an unauthorized intruder to gain
access to a device for which the intruder does not have an
account or a password. Entering or accessing systems to which
one does not have authority to access usually involves running a
hack, script, or tool that exploits a known vulnerability of the
system or application being attacked.
17. Denial of service ... ?
Denial of service implies that an attacker disables or corrupts
networks, systems, or services with the intent to deny services to
intended users. DoS attacks involve either crashing the system or
slowing it down to the point that it is unusable.
18. Worms, viruses, and Trojan horses ?
A computer virus is a program that is loaded on your computer without your
knowledge and runs without your permission. A virus is designed to reprovirus
duce itself through legitimate processes in computer programs and operating
systems; therefore, a virus requires a host in order to replicate.
The term, Trojan horse, is usually used to refer to a non-replicating malicious
program which is the main characteristic that distinguishes it from a virus.
Trojan horses often appear as e-mail attachments with enticing names that
induce people to open them.
A worm is a small piece of software that uses security holes within networks to
replicate itself. The worm scans the network for another computer that has a
specific security hole. It copies itself to the new machine exploiting the security
hole, and then starts replicating from that system as well.
Malware — Short for malicious software, malware can refer to any
kind of software, no matter how it's structured or operated, that "is
a designed to cause damage to a single computer, server, or
Phishing — Phishing is a technique by which cybercriminals craft
emails to fool a target into taking some harmful action. The recipient
might be tricked into downloading malware that's disguised as an
important document, for instance, or urged to click on a link that takes
them to a fake website where they'll be asked for sensitive information
like bank usernames and passwords. Many phishing emails are
relatively crude and emailed to thousands of potential victims, but some
are specifically crafted for valuable target individuals to try to get them
to part with useful information
Ransomware — Ransomware is a form of malware that encrypts a
victim's files. The attacker then demands a ransom from the victim to
restore access to the data upon payment. Users are shown instructions
for how to pay a fee to get the decryption key. The costs can range from
a few hundred dollars to thousands, and are typically payable to
cybercriminals in cyptocurrency.
23. Denial of service
Denial of service — A denial of service attack is a brute force method to
try stop some online service from working properly. For instance,
attackers might send so much traffic to a website or so many requests
to a database that it overwhelms those systems ability to function,
making them unavailable to anybody. A distributed denial of service
(DDoS) attack uses an army of computers, usually compromised by
malware and under the control of cybercriminals, to funnel the traffic
towards the targets.
24. Man in the middle
Man in the middle — A man in the middle attack (MITM) is a method
by which attackers manage to interpose themselves secretly
between the user and a web service they're trying to access. For
instance, an attacker might set up a Wi-Fi network with a login
screen designed to mimic a hotel network; once a user logs in, the
attacker can harvest any information that user sends, including
Cryptojacking — Cryptojacking is a specialized attack that involves
getting someone else's computer to do the work of generating
cryptocurrency for you (a process called mining in crypto lingo). The
attackers will either install malware on the victim's computer to
perform the necessary calculations, or sometimes run the code in
26. SQL injection
SQL injection — SQL injection is a means by which an attacker can
exploit a vulnerability to take control of a victim's database. Many
databases are designed to obey commands written in the Structured
Query Language (SQL), and many websites that take information
from users send that data to SQL databases. In a SQL injection
attack, a hacker will, for instance, write some SQL commands into a
web form that's asking for name and address information; if the web
site and database aren't programmed correctly, the database might
try to execute those commands.
27. Zero-day exploits
Zero-day exploits — Zero-days are vulnerabilities in software that
have yet to be fixed. The name arises because once a patch is
released, each day represents fewer and fewer computers open to
attack as users download their security updates. Techniques for
exploiting such vulnerabilites are often bought and sold on the dark
web — and are sometimes discovered by government agencies that
controversially may use them for their own hacking purposes, rather
than releasing information about them for the common benefit.