Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Chapter 1 - Introduction PDF

    Încărcat de

    Raul Cuzco
    48 vizualizări18 pagini
    Security Systems and Technologies Introduction (c) 2005 Cisco Systems, Inc. All rights reserved. Trends that Affect security Increase of network attacks Increased sophistication of attacks Increased dependence on the network Lack of trained personnel Lack of awareness Lack of security policies Wireless access Legal and Governmental Policy Issues Organizations that operate vulnerable networks will face increasing and substantial liability.

    Descriere originală:

    Titlu original

    Chapter 1 - Introduction .pdf

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Security Systems and Technologies Introduction (c) 2005 Cisco Systems, Inc. All rights reserved. Trends that Affect security Increase of network attacks Increased sophistication of attacks Increased dependence on the network Lack of trained personnel Lack of awareness Lack of security policies Wireless access Legal and Governmental Policy Issues Organizations that operate vulnerable networks will face increasing and substantial liability.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    48 vizualizări18 pagini

    Chapter 1 - Introduction PDF

    Încărcat de

    Raul Cuzco
    Security Systems and Technologies Introduction (c) 2005 Cisco Systems, Inc. All rights reserved. Trends that Affect security Increase of network attacks Increased sophistication of attacks Increased dependence on the network Lack of trained personnel Lack of awareness Lack of security policies Wireless access Legal and Governmental Policy Issues Organizations that operate vulnerable networks will face increasing and substantial liability.

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 18

    Security Systems and Technologies

    Introduction

    2005 Cisco Systems, Inc. All rights reserved.

    Learning Objectives

    The Need for Network Security

    Information Security Objectives

    Introduction to Vulnerabilities, Threats, and Attacks

    Defense mechanisms

    2005 Cisco Systems, Inc. All rights reserved.

    The Closed Network

    2005 Cisco Systems, Inc. All rights reserved.

    The Network Today

    2005 Cisco Systems, Inc. All rights reserved.

    Network Security Models

    2005 Cisco Systems, Inc. All rights reserved.

    Trends that Affect Security


    Increase of network attacks
    Increased sophistication of attacks
    Increased dependence on the network
    Lack of trained personnel
    Lack of awareness
    Lack of security policies
    Wireless access
    Legislation
    Litigation

    2005 Cisco Systems, Inc. All rights reserved.

    Legal and Governmental


    Policy Issues

    Organizations that operate vulnerable


    networks will face increasing and substantial
    liability.
    US Federal legislation mandating security
    includes the following:
    GLB financial
    services legislation
    Government Information
    Security Reform Act
    HIPAA
    CIPA

    2005 Cisco Systems, Inc. All rights reserved.

    Security Goals

    Confidentiality

    Integrity

    2005 Cisco Systems, Inc. All rights reserved.

    Avaliability

    Security Services
    Confidentiality (privacy)
    Authentication (who created or sent the data)
    Integrity (has not been altered)
    Non-repudiation (the order is final)
    Access control (prevent misuse of resources)
    Availability (permanence, non-erasure)
    Denial of Service Attacks
    Virus that deletes files
    2005 Cisco Systems, Inc. All rights reserved.

    Network Vulnerabilities
    Technology
    Configuration
    Policy

    2005 Cisco Systems, Inc. All rights reserved.

    10

    Threat CapabilitiesMore
    Dangerous and Easier to Use

    2005 Cisco Systems, Inc. All rights reserved.

    11

    Network Threats
    There are four general categories of security threats to the
    network:
    Unstructured threats
    Structured threats
    External threats
    Internal threats

    Internet
    Ex
    ex tern
    plo al
    i ta
    t io
    n

    Dial-in
    exploitation

    Internal
    exploitation

    Compromised
    host

    2005 Cisco Systems, Inc. All rights reserved.

    12

    2005 Cisco Systems, Inc. All rights reserved.

    13

    Security Attacks

    2005 Cisco Systems, Inc. All rights reserved.

    14

    Security Attacks
    Interruption: This is an attack on availability
    Interception: This is an attack on confidentiality
    Modification: This is an attack on integrity
    Fabrication: This is an attack on authenticity

    2005 Cisco Systems, Inc. All rights reserved.

    15

    Four Classes of Network Attacks


    Reconnaissance attacks
    Access attacks
    Denial of service attacks
    Worms, viruses, and Trojan horses

    2005 Cisco Systems, Inc. All rights reserved.

    16

    Specific Attack Types


    All of the following can be used to compromise your system:
    Packet sniffers
    IP weaknesses
    Password attacks
    DoS or DDoS
    Man-in-the-middle attacks
    Application layer attacks
    Trust exploitation
    Port redirection
    Malware

    2005 Cisco Systems, Inc. All rights reserved.

    17

    Methods of Defense
    Perimeter defenses: fw, nips, anti-x, apt, etc.
    Encryption
    Software Controls: hips, dlp, restriction policies,
    vulnerability analysis, security monitoring.
    Hardware Controls (smartcards, tokens)
    Physical Controls
    Information Security Policy & Information Security
    Management Systems

    2005 Cisco Systems, Inc. All rights reserved.

    18

    S-ar putea să vă placă și