PRESENTATION TO:

Southern Tier
Library System
Funded through Federal Library Services and Technology Act Funds,
Funds, Awarded
to the New York State Library by the Federal Institute of Museum
Museum and Library
Services. Administered by the Southern Tier Library System.

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Today’s Workshop

I. Introduction: Headlines, Paradox &

Challenge
II. Information Security Attacks and Hackers
III. Types of Computer and Network Attacks
IV. Countermeasures (Personnel and
Technology)
V. Miscellaneous tips
VI. Discussion and Conclusion

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Section I

Headlines, Paradox
and Challenges

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

What is Information Security ?

The concepts, techniques, technical

measures, and administrative
measures used to protect information
assets from deliberate or inadvertent
unauthorized acquisition, damage,
disclosure, manipulation, modification,
loss, or use

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Who are the Hackers ???

z 33% of hackers are internal to the site hacked

– i.e. disgruntled employees
z The external hacker community is comprised of
two groups:
– Benevolent Hackers – Tend to use
their talents to increase the level of
expertise and awareness of
Information Security
– Malicious Hackers – Main purpose
is to disrupt, steal, or damage data
information in static or transport mode
z 96% of external hackers are males between 16
and 24
Percentage compiled by FBI, 2002

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Section III

Types of Computer Attacks

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Types of attacks

z Denial of Service (DoS) Attacks

z Website Defacement
z Viruses and Worms
z Data sniffing and Spoofing
z Unauthorized Access
z Malicious Code and Trojans
z Port-scanning and Probing
z Wireless Attacks

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Website Defacement

z Increasing tremendously – Experts no longer

keep record of defaced sites – Could not keep up
z 60% of larger U.S. business expect to be attacked
next year – Only 45% prepared to respond
z Attacker probes web services through normal
Internet connection
z Attacker modifies HTML or JAVA code, which
changes website or web storefront
z Conducted using free “hacking” software easily
downloaded from Internet

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Viruses and Worms

z Well over 10,000 viruses and worms

z Computer Virus
– Simply a string of malicious “code” that requires
a host to infect
– Requires user interaction to infect
– Infects user files and directories
– E-mail file attachments major source of
spreading
– i.e. “Melissa” and “I Love You”
z Computer Worm
– A virus with enough malicious “code” to replicate
itself without the need of a host
– Penetrates hosts and slows network traffic
– i.e. “Code Red” and “Nimda”

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Data Sniffing and Spoofing

z Sniffing
– Data packets are intercepted in transit by various
software programs that are free
– Attackers are normally undetected
– Typical services that are sniffed are: TELNET, FTP,
SMTP (E-mail) packets if unencrypted
z Spoofing
– Acting on behalf of another person or entity
– Data packets can be actively sniffed and modified to
include a random source
– Attacks routinely occur from spoofed sources to hide the
original identity

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Unauthorized Access

z Can be accomplished by any connection to a

computer or network using most services
(TELNET, FTP, HTTP, Web, E-mail, etc.)
z Must somehow compromise authentication
(password, token, PIN, Smart card) to gain
access
z Once access is gained malicious activity can
occur
z Unless internal auditing and access control is
implemented, access can be undetected for years

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Malicious Code and Trojans (Backdoors)

z Malicious Code
– Can take many forms
– Unauthorized code that has been introduced
to an Operating System (OS)
– Programs that outwardly appear harmless,
however, have a hostile code built-in
z Trojans (Backdoors)
– Users may install programs that contain Trojans
embedded within the code / Hidden from user
– Many well-known computer games contain Trojans
that allow remote users to gain access
– Permit an attacker to access resources on target –
i.e. computer or server

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Port-scanning and Probing

z Port-scanning
– Technique that identifies vulnerable network ports or
services (i.e. TELNET, FTP, E-mail, Web, etc)
– Works by identifying as many targets as possible and
tracking the ones that are receptive
– Scanning software is free and commonly accessible via
the web
z Probing
– Once vulnerable ports are identified, the port can be
probed with malicious intent
– Probing software is free and commonly accessible via
the web

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Wireless Attacks

z Wireless Equivalent Privacy (WEP) protocol

cannot be trusted for security
z Attackers can easily eavesdrop or spoof wireless
traffic
z Hackers external to your building may be able to
intercept and view all of your wireless traffic,
despite encryption
z Hacker tools free and easily accessible via the
web: AirSnort, WEPCrack, THC-RUT

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Section IV

Countermeasures –
Personnel and Technology

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Countermeasures

z Personnel
– Security Policy and Procedures
– Training and Awareness
– Physical Security
– Dedicated Management
z Technology
– Firewalls
– Intrusion Detection
– Virus Protection
– Authentication and Authorization
– Encryption
– Auditing and Assessment (Third Party)
– Data and Information Backup

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Personnel – Security Policy and Procedures

z Information Security Policies are the foundation, the

bottom line, of information security within an
organization
– Ensure that they are comprehensive enough
– Ensure that they are always up-to-date
– Ensure they are complete
– Ensure they are delivered effectively and
available to all staff
z Having a Security Policy document in itself is not
enough.... The contents MUST be implemented to be
effective
z Security Policy is the bedrock for auditing, assessment,
controls, training, and legislation within an organization
z Will mitigate the following attacks:
– Internal attacks (i.e. disgruntled employees)

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Personnel – Training and Awareness

z Staff members play a critical role in protecting the integrity,

confidentiality, and availability of IT systems and networks
z Training in security awareness and accepted computer
practices should be mandatory for all staff
z Initial security training, followed by annual refresher training
z Awareness should be ongoing through:
– Promotional trinkets
– Motivational slogans
– Videotapes
– Posters and Flyers
z Will mitigate the following attacks:
– Internal attacks (i.e. disgruntled employees)

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Personnel – Physical Security

z Organizations should define physical security zones

and implement appropriate preventative and
detective controls in each zone to protect against
the risks of:
– Physical penetration by malicious or unauthorized people
– Damage from environmental contaminants, and
– Electronic penetration through active or passive electronic
emissions
z Will mitigate the following attacks:
– Internal attacks (i.e. disgruntled employees)

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Personnel – Dedicated Management

z Organizations need to demonstrate that they have

Information Security controls in place through
dedicated staff
z Provide the framework to initiate, implement,
maintain, and manage Information Security
z Single Point of Contact for:
– Training and Awareness
– Policies and Procedures
– Physical Security Controls
– Technical Security Controls
– Administrative Security Controls
z Will mitigate the following attacks:
– Internal attacks (i.e. disgruntled employees)

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Technology - Firewalls

z A system or group of systems that enforce a network

access control policy
z Filters data packets in and out of intended target
z Strength relies on configuration
z Governs the flow of data into and out of a Local Area
Network
z Separates a private network (LAN) from the public
Internet
z Will mitigate the following attacks:
– Denial of Services (DoS) Attacks
– Unauthorized Access
– Port-scanning and Probing

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Technology – Intrusion Detection Systems

z Complements firewalls to detect if internal assets

are being hacked or exploited
z Network-based Intrusion Detection
– Monitors real-time network traffic for malicious activity
– Similar to a network sniffer
– Sends alarms for network traffic that meets certain
attack patterns or signatures
z Host-based Intrusion Detection
– Monitors computer or server files for anomolies
– Sends alarms for network traffic that meets a
predetermined attack signature
z Will mitigate the following attacks:
– Denial of Service (DoS) attacks
– Website Defacements
– Malicious Code and Trojans

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Technology – Virus Protection

z Software should be installed on all network servers,

as well as computers
z Shall include the latest versions, as well as signature
files (detected viruses)
z Should screen all software coming into your
computer or network system (files, attachments,
programs, etc.)
z Will mitigate the following attacks:
– Viruses and Worms
– Malicious Code and Trojans

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Technology – Authentication and Authorization

z Authentication
– Comes in (3) forms: What you have, know, or are
– Have – Smartcard, token
– Know – Password or PIN
– Are – Fingerprint, Retina scan
– Two factor authentication is the strongest – (2) out of
the (3) listed means (i.e. ATM card)
– Password (most common)
z Should be at least (8) mixed characters and numbers
z Should be changed at least every (90) days
z Should have a timeout of (3) attempts
z Authorization
– What an individual has access to once authenticated
z Will mitigate the following attacks:
– Unauthorized access

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Technology - Encryption

z Protects data in transit or stored on disk

z The act of ciphering and enciphering data through the
use of shared software keys, data cannot be accessed
without the appropriate software keys
z Common use of encryption includes the following
technologies:
– Virtual Private Networking (VPN) – Used to secure data transfer across
the Internet
– Secure Sockets Layer – Used to secure client to server web-based
transactions
– S-MIME – Used to secure e-mail transactions
– Wireless Equivalency Privacy (WEP) protocol – Used to secure
wireless transactions
z Will mitigate the following attacks:
– Data sniffing and spoofing
– Wireless attacks

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Technology – Assessment and Auditing

z Assessment (Risk and Vulnerability)

– Process by which an organization identifies what needs to be done to
achieve sufficient security
– Involves identifying and analyzing threats, vulnerabilities, attacks, and
corrective actions
– Key driver in the Information Security process
– Should be conducted by a third-party
– Include manual and automated (vulnerability scanners) methods
z Auditing
– Compare the state of a network or system against a set of standards
or policy
z Will mitigate the following attacks:
– Identify weaknesses and vulnerabilities
that address all of the mentioned attacks

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Technology – Data and Information Backups

z Must have for disaster recovery and business

continuity
z Should include daily and periodic (weekly) backups
z Should be stored off-site, at least (20) miles away from
geographic location, and have 24X7 access
z Should be kept for at least (30) days while rotating
stockpile
z Will mitigate the following attacks:
– Used to respond and replace
information that is compromised
by all the mentioned attacks

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Section V

Miscellaneous Tips

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Miscellaneous Tips

z Perform a Vulnerability Assessment

– Provided by a third-party consultant
z Use Anti-virus software
– Should be present on every server and computer
– Consider extending license for home use
– Get virus updates regularly
z Install a firewall
– Block unused services, ports, and protocols
z Teach all users “Safe Internet Skills”
z Use strong authentication (8 character password,
token, smartcard, strong PIN)
z Use encryption (VPN, Secure e-mail, etc.) for
sensitive information

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900

Section VI

Discussion and
Conclusion

www.lrkimball.com - infosec@lrkimball.com - 412-201-4900