Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

105 Common information security threats

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige

Hier ansehen

1 von 31 Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie 105 Common information security threats (20)

Anzeige

Aktuellste (20)

Anzeige

105 Common information security threats

  1. 1. www.huawei.com Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Common Information Security Threats
  2. 2. Page 2 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Foreword  Information systems are often vulnerable and have sensitive, confidential information that needs to be communicated. Therefore, they are under threat in various scenarios and through various means.  This class uses some case studies about common attacks to introduce possible threats to the information system.
  3. 3. Page 3 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Objectives  Upon completion of this course, you will be able to:  Categorize information security threats.  Describe common information security threat means.
  4. 4. Page 4 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
  5. 5. Page 5 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Endless Security Incidents  On May 12, 2017, the WannaCry ransomware attack broke out at about 8:00 p.m and spread worldwide. Computers infected with WannaCry were vulnerable to attacks once turned on.  In 2017, the traffic of users of multiple software applications in China was hijacked during software upgrade. The users thought they were upgrading the software while they were actually installing viruses.  More than 90% of telecommunication fraud is targeted fraud conducted using precise information of citizens.  In Feb. 2018, the popular online game "Final Fantasy XIV" suffered a three-hour DDoS attack.  On Nov. 10, 2016, five major Russian banks suffered from a DDoS attack lasting for two days. Attack through malicious code Personal information breach Communication process hijacking DDoS attack Security Incident
  6. 6. Page 6 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Beginning of the Cyberwar - Stuxnet  In February 2011, Iran suddenly announced it was to unload fuel from its first nuclear power station. Previously, the industry said Iran needed only one year to be capable of quickly creating nuclear weapons. However, the Stuxnet attack ruined one fifth of the centrifuges of Iran, postponing the research for at least two years, during which time the global landscape changed. Infected over 45,000 networks worldwide Computer worm First worm capable of targeted attack of physical (energy) infrastructure facilities Employed multiple attack means Most sophisticated cyber weapon in history Stuxnet Exploited mobile media to implant viruses
  7. 7. Page 7 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Evolution of Information Security Attacks Forms of attack largely unchanged Current attackers still use viruses, phishing, etc. to target vulnerabilities, much the same as in the past. More sophisticated attack means A major attack usually requires sophisticated deployment, long-term incubation, and a combination of multiple attack methods to achieve the ultimate goal. Diverse attack purposes The attack targets range from targeting personal computers to being used to influence economy, politics, war, energy, and even the global landscape.
  8. 8. Page 8 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Security Threat Categories Threats to Data Transmission and Device Security Threats to Cyber Security Threats to Application Security  OS vulnerabilities  Viruses (such as Trojan horses and worms)  Phishing websites  Data breaches  DDoS attacks  Network intrusion  Communication traffic hijacking  Man-in-the-middle (MITM) attacks  Unauthorized login to the system  Weak security protection for Wireless Networks
  9. 9. Page 9 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
  10. 10. Page 10 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. DDoS Attacks Against Dyn DNS Service in the United States  On October 21, 2016, the DNS service from Dyn in the U.S. was hit by DDoS attacks from about 11:00 a.m. to 5:00 p.m. UTC. The attacks paralyzed nearly half the networks in the United States.  These large-scale DDoS attacks were launched from botnets formed by IoT devices, which were infected with Mirai malware. IPC DVR Router IoT devices that launch attacks
  11. 11. Page 11 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Process of a Mirai Attack Scan for open Telnet service ports (23/2323) on the network Crack the IoT device passwords through brute force and implant the Mirai malware into the devices for remote control Look for zombies Load the attack module Load the DNS DDoS attack module Launch a DDoS attack trough the botnet, making customers' websites inaccessible Build a botnet Launch an attack What means were used in this attack?
  12. 12. Page 12 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Scanning  Scanning is a potential attack action. It does not directly interrupt network devices. However, it gathers relevant network information before an attack. Address scanning An attacker sends ICMP packets to destination addresses or uses TCP/UDP packets to initiate connections with certain IP addresses. By checking whether there are response packets, the attacker can determine which target systems are alive and connected to the target network. Port scanning An attacker probes the network structure by scanning ports to identify ports open to the attack target, so as to determine the attack mode. The attacker usually uses the Port Scan software to initiate connections to a series of TCP or UDP ports on a wide range of hosts. Based on the response packets, the attacker can determine whether the hosts use these ports for providing services.
  13. 13. Page 13 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Spoofing Attack - Obtaining the Control Permission  Attackers can obtain the control permission by brute force cracking of passwords. Also, attackers can launch spoofing attacks such as IP spoofing to obtain access and control permissions.  IP spoofing: An attacker may send packets with forged source IP addresses to target hosts to obtain superior access and control permissions. B: 192.168.0.6 A: 192.168.0.1 Sniffer 192.168.0.1 Request Sniffed Paralyze
  14. 14. Page 14 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved.  DDoS attacks:  Exhaust network bandwidth  Exhaust server resources Launching a DDoS Attack Zombies Control traffic Attacker Botnet Jump server Attack traffic Attack target
  15. 15. Page 15 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Defense Measures for Cyber Attacks  Firewalls: Deploying firewalls at the intranet egresses of medium- and large-sized enterprises and data centers can efficiently defend against common DDoS attacks and traditional single-packet attacks.  Anti-DDoS devices: Anti-DDoS solutions provide professional anti-DDoS services for carriers, enterprises, data centers, portal websites, online games, online videos, and DNS services. • Anti-DDoS devices Protection through professional equipment • Firewall
  16. 16. Page 16 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
  17. 17. Page 17 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Worm Attack Against Weibo  Sina Weibo (the Chinese Twitter) was once hit by a worm that affected over 30,000 users in less than an hour. The attack process was as follows: The attacker created a user account, infected it with the worm, and sent the malicious link to a public section. Users clicked the malicious link with enticing titles and got their accounts infected. Exploit a web page vulnerability Spread the worm Infected user accounts automatically posted and sent out private messages to their followers. Infected messages increased exponentially, infecting a large number of user accounts. Phishing Take down the website
  18. 18. Page 18 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Threats Brought by Vulnerabilities  Vulnerabilities are defects in the implementation of hardware, software, or protocols or in system security policies. They allow attackers to access or damage systems without authorization.  If system vulnerabilities are not fixed in time, the following attacks may occur: Malicious code propagation Cross-site scripting (XSS) Injection Data breach
  19. 19. Page 19 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Phishing  "Phishing" is cyber fraud. It is the fraudulent attempt to obtain users' private information such as bank or credit card account and password, often for malicious reasons, by using the URL or web page content of an authentic website as disguise, or exploiting vulnerabilities of authentic website server programs to insert dangerous HTML code into some web pages of the website. Before accessing a website, check whether its address is an encrypted link starting with https. What? Refund? Dear customer, due to issues with the payment system, please log in to the XX website for a refund.
  20. 20. Page 20 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Malicious Code  Malicious code is computer code that is deliberately developed or constructed to cause threats or potential threats to a network or system. The most common malicious code includes viruses, Trojan horses, worms, and backdoors.  Malicious code is also called malware, which includes adware, spyware, and malicious shareware. Malware refers to software that is installed and run on a user's computer or other devices without explicitly notifying the user or obtaining the user's consent. Trojan horse Worm Virus Backdoor
  21. 21. Page 22 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Defense Measures for Application Attacks Regular vulnerability fixing • Patching • Vulnerability scanning • Constantly looking out for suspicious websites and links Improving information security awareness • Antivirus software • WAF Protection through professional equipment • Firewalls Regular vulnerability fixing Protection through professional equipment Improving information security awareness
  22. 22. Page 23 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
  23. 23. Page 24 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Interception of User Communications  The National Security Agency (NSA) U.S. listened to encrypted communication between Google (including Gmail) and Yahoo users on the cloud.  The NSA exploited the encryption/decryption flaw of Google's front end server to circumvent the server and directly listen to backend plaintext data. Google's front end encryption/decryption device Public Internet Google Cloud
  24. 24. Page 25 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Tumblr User Information Breaches  More than half of the accounts and passwords of the microblogging website Tumblr were stolen by hackers.  Hackers invaded the Tumblr server in a certain way and stole information of Tumblr users. Tumblr stated that the breach would not cause damage to users because the database information was encrypted. However, the facts showed that the user information was encrypted using weak algorithms. After obtaining the encrypted user information, the hackers were able to quickly crack a large amount of user information. Why are information breaches so frequent?
  25. 25. Page 26 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Threats in Communication Process User identity not authenticated Users using weak passwords Device security risks Transmission security risks MITM attacks Data transmission not encrypted or inadequately encrypted Servers with vulnerabilities What security risks will occur during communications?
  26. 26. Page 27 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. MITM Attack  Man-in-the-middle (MITM) attack: A type of indirect intrusion attacks. In MITM attacks, an attacker uses a variety of technical means to virtually place a controlled computer between two computers in the network. This controlled computer is called a man in the middle.  Consequences of MITM attacks  Information tampering  Information theft Man in the middle User A User B
  27. 27. Page 28 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Information Not Encrypted or Inadequately Encrypted  If information is not encrypted, information security may be compromised. However, even if data is encrypted, information may also be stolen and cracked. Threat prevention suggestions Encrypt information before storage. Encrypt information before transmission. Use strong encryption algorithms.
  28. 28. Page 29 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Authentication Attack  An attacker obtains a user's identity authentication information by certain means, and uses the identity information to steal sensitive information or carry out illegal acts. It is a common form of attack.  Prevention suggestions  Install genuine antivirus software.  Use strong passwords.  Reduce the relevance between different passwords.
  29. 29. Page 30 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Quiz 1. Which of the following are threats to application security? A. Injection attack B. XSS C. IP spoofing attack D. Port scanning 2. Which of the following are device security risks? A. Servers with vulnerabilities B. Users using weak passwords C. Data transmission inadequately encrypted D. User identity not authenticated
  30. 30. Page 31 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Summary  Current Situation of Information Security Threats  Threats to Network Security  Threats to Application Security  Threats to Data Transmission and Device Security
  31. 31. Page 32 Copyright © 2018 Huawei Technologies Co., Ltd. All rights reserved. Thank You www.huawei.com

×