Professional Documents
Culture Documents
Introduction
Learning Objectives
Defense mechanisms
Security Goals
Confidentiality
Integrity
Avaliability
Security Services
Confidentiality (privacy)
Authentication (who created or sent the data)
Integrity (has not been altered)
Non-repudiation (the order is final)
Access control (prevent misuse of resources)
Availability (permanence, non-erasure)
Denial of Service Attacks
Virus that deletes files
2005 Cisco Systems, Inc. All rights reserved.
Network Vulnerabilities
Technology
Configuration
Policy
10
Threat CapabilitiesMore
Dangerous and Easier to Use
11
Network Threats
There are four general categories of security threats to the
network:
Unstructured threats
Structured threats
External threats
Internal threats
Internet
Ex
ex tern
plo al
i ta
t io
n
Dial-in
exploitation
Internal
exploitation
Compromised
host
12
13
Security Attacks
14
Security Attacks
Interruption: This is an attack on availability
Interception: This is an attack on confidentiality
Modification: This is an attack on integrity
Fabrication: This is an attack on authenticity
15
16
17
Methods of Defense
Perimeter defenses: fw, nips, anti-x, apt, etc.
Encryption
Software Controls: hips, dlp, restriction policies,
vulnerability analysis, security monitoring.
Hardware Controls (smartcards, tokens)
Physical Controls
Information Security Policy & Information Security
Management Systems
18