1 / 30

CHAPTER 2: MANAGING RISK: THREATS, VULNERABILITIES, AND EXPLOITS

CHAPTER 2: MANAGING RISK: THREATS, VULNERABILITIES, AND EXPLOITS. CHAPTER 2 TOPICS. This chapter covers the following topics: What are threats and how can they be managed What are vulnerabilities and how can they be managed What are exploits and how can they be managed.

fraizer
Download Presentation

CHAPTER 2: MANAGING RISK: THREATS, VULNERABILITIES, AND EXPLOITS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CHAPTER 2:MANAGING RISK: THREATS,VULNERABILITIES, AND EXPLOITS IS 413D - Risk Analysis Management by Dr Sapiah

  2. CHAPTER 2 TOPICS This chapter covers the following topics: What are threats and how can they be managed What are vulnerabilities and how can they be managed What are exploits and how can they be managed IS 413D - Risk Analysis Management by DrSapiah

  3. UNDERSTANDING & MANAGING THREATS Under this topic, there are two important things that you need to know: What are threats? How to manage threats? IS 413D - Risk Analysis Management by Dr Sapiah

  4. UNDERSTANDING & MANAGING THREATS What Are Threats? Risk can be managed by having thorough knowledge about the following nature of threats: IS 413D - Risk Analysis Management by Dr Sapiah

  5. UNDERSTANDING & MANAGING THREATS What are Unintentional Threats? IS 413D - Risk Analysis Management by Dr Sapiah

  6. UNDERSTANDING & MANAGING THREATS What are Intentional Threats? • Criminals—More opportunities to make money from online attacks have resulted in a growth in criminal activity. • Vandals—Some attackers are intent on doing damage. They damage just for the sake of damaging something. • Saboteurs—Sabotage against a competing company or against another country. The primary goal is to cause a loss of availability. • Disgruntled employees—Dissatisfied employees with countless reasons for dissatisfied. IS 413D - Risk Analysis Management by Dr Sapiah

  7. UNDERSTANDING & MANAGING THREATS What are Intentional Threats? • Activists—Often operate when a company does something the activist doesn’t approve of, they consider it acceptable to attack. • Other nations—International espionage is a constant threat. For example, information about the U.S. president’s helicopter appeared on servers in Iran in 2009. • Hackers—Hackers attempt to breach systems. Depending on the goal of the hacker, the motivation may range from innocent curiosity to malicious intent. IS 413D - Risk Analysis Management by Dr Sapiah

  8. UNDERSTANDING & MANAGING THREATS How to Manage Threats? IS 413D - Risk Analysis Management by Dr Sapiah

  9. UNDERSTANDING & MANAGING THREATS How to Manage Threats? IS 413D - Risk Analysis Management by Dr Sapiah

  10. CHAPTER 2 TOPICS This chapter covers the following topics: What are threats and how can they be managed What are vulnerabilities and how can they be managed What are exploits and how can they be managed IS 413D - Risk Analysis Management by DrSapiah

  11. UNDERSTANDING & MANAGING VULNERABILITIES Under this topic, there are two important things that you need to ask: What are vulnerabilities? How to manage vulnerabilities? IS 413D - Risk Analysis Management by Dr Sapiah

  12. UNDERSTANDING & MANAGING VULNERABILITIES What Are Vulnerabilities? A vulnerability leads to a risk, but by itself it does not become a loss. The loss occurs when a threat exploits the vulnerability. Figure 2-1 shows the flow of a threat to a loss. IS 413D - Risk Analysis Management by Dr Sapiah

  13. UNDERSTANDING & MANAGING VULNERABILITIES What Are Threats/Vulnerabilities? IS 413D - Risk Analysis Management by Dr Sapiah

  14. UNDERSTANDING & MANAGING VULNERABILITIES How to Manage Vulnerabilities? IS 413D - Risk Analysis Management by Dr Sapiah

  15. CHAPTER 2 TOPICS This chapter covers the following topics: What are threats and how can they be managed What are vulnerabilities and how can they be managed What are exploits and how can they be managed IS 413D - Risk Analysis Management by DrSapiah

  16. UNDERSTANDING & MANAGING EXPLOITS Under this topic, there are two important things that you need to ask: What are exploits? How to manage exploits? IS 413D - Risk Analysis Management by Dr Sapiah

  17. UNDERSTANDING & MANAGING EXPLOITS What are exploits? An exploitis the act of exploiting a vulnerability. It does so by executing a command or program against an IT system to take advantage of a weakness. In this context, an exploit primarily attacks a public-facing server. In other words, it attacks servers that are available on the Internet. Common servers are: Web servers Simple Mail Transport Protocol (SMTP) e-mail servers File Transfer Protocol (FTP) servers IS 413D - Risk Analysis Management by Dr Sapiah

  18. UNDERSTANDING & MANAGING EXPLOITS What are exploits? Figure 2-2 shows how these public-facing servers are often configured in a network. They are placed within two firewalls configured as a demilitarized zone (DMZ). IS 413D - Risk Analysis Management by Dr Sapiah

  19. UNDERSTANDING & MANAGING EXPLOITS Type of exploits Buffer overflow - It can occur when an attacker sends more data or different data than a system or application expects. SQL injection attacks – These attackstake advantage of dynamic SQL. Many Web sites require users to enter data in a text box or Web address. Denial of service (DoS) attacks – These attacksare designed to prevent a system from providing a service. Distributed denial of service (DDoS) attacks - These attacks are initiated from multiple clients at the same time. IS 413D - Risk Analysis Management by Dr Sapiah

  20. UNDERSTANDING & MANAGING EXPLOITS How Do Perpetrators Initiate an Exploit? Most exploits are launched by programs developed by attackers. The attackers create and run the programs against vulnerable computers. They could create their own internal secret department with separate divisions. Each division could be assigned specific jobs or tasks. Each of the divisions could work together to launch exploits as soon as they become known. IS 413D - Risk Analysis Management by Dr Sapiah

  21. UNDERSTANDING & MANAGING EXPLOITS This secret department could have the following divisions: IS 413D - Risk Analysis Management by Dr Sapiah

  22. UNDERSTANDING & MANAGING EXPLOITS The following list identifies some sources that attackers can use to gain information about vulnerabilities and exploits Blogs Forums Security newsletters 2600: Hacker quarterly Common Vulnerabilities and Exposures (CVE) list IS 413D - Risk Analysis Management by Dr Sapiah

  23. UNDERSTANDING & MANAGING EXPLOITS Blogs—Many security professionals regularly blog about their findings. When they suspect vulnerabilities, they often discuss them. IS 413D - Risk Analysis Management by Dr Sapiah

  24. UNDERSTANDING & MANAGING EXPLOITS Forums—IT and security professionals often share ideas and problem on different forums. Some of these problems expose vulnerabilities that can be exploited. IS 413D - Risk Analysis Management by Dr Sapiah

  25. UNDERSTANDING & MANAGING EXPLOITS Security newsletters—Many security newsletters are regularly released to anyone on the e-mail list to advertise and promote their products, there is sometimes valuable content about threats and potential vulnerabilities. IS 413D - Risk Analysis Management by Dr Sapiah

  26. UNDERSTANDING & MANAGING EXPLOITS 2600: Hacker quarterly—They frequently include code and details that can be used to exploit vulnerabilities. Common Vulnerabilities and Exposures (CVE) list—When someone discovers a vulnerability it can be submitted to the MITRE Corporation for inclusion in this list. The entry about the vulnerability will include information on resources where more details on the vulnerability can be learned. IS 413D - Risk Analysis Management by Dr Sapiah

  27. UNDERSTANDING & MANAGING EXPLOITS How to Manage Exploits? IS 413D - Risk Analysis Management by Dr Sapiah

  28. UNDERSTANDING & MANAGING EXPLOITS Mitigation Techniques Remove or change defaults - If an operating system or application has any defaults, ensure they are removed or changed as soon as the system is installed, for example, default passwords. Reduce the attack surface - Theattack surface refers to how much can be attacked on a server. For example, if 10 services are running on a server, but you only need 7, you can reduce the attack surface by disabling the remaining 3 services. Keep systems up to date - Use a patch management system to ensure that systems are patched. Patches should be applied as quickly as possible after they are released. IS 413D - Risk Analysis Management by Dr Sapiah

  29. UNDERSTANDING & MANAGING EXPLOITS Mitigation Techniques On Your Server Enable firewalls - Firewalls forming a DMZ filter traffic coming into the DMZ (demilitarized zone)you can also enable individual firewalls on each server as an added layer of protection. Install antivirus software - Antivirus software should be installed on all systems, including servers, even before they are first connected to the network. Many servers require different versions of antivirus software. IS 413D - Risk Analysis Management by Dr Sapiah

  30. SUMMARY Threats are always present and can’t be eliminated. You reduce the potential for a threat to do harm, or you reduce the impact of a threat, but not the threat itself. However, you can take many steps to reduce vulnerabilities. The most important vulnerabilities are those that are likely to match up as a threat/vulnerability pair. Once you identify likely threat/vulnerability pairs, you can implement mitigation techniques. IS 413D - Risk Analysis Management by Dr Sapiah

More Related