Suche senden
Hochladen
105 Common information security threats
•
Als PPTX, PDF herunterladen
•
0 gefällt mir
•
270 views
S
SsendiSamuel
Folgen
105 Common information security threats
Weniger lesen
Mehr lesen
Bildung
Melden
Teilen
Melden
Teilen
1 von 31
Jetzt herunterladen
Empfohlen
Information security management system
Information security management system
Arani Srinivasan
Information Security Awareness
Information Security Awareness
Net at Work
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
Information security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
What is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
Empfohlen
Information security management system
Information security management system
Arani Srinivasan
Information Security Awareness
Information Security Awareness
Net at Work
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
Information security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
What is ISO 27001 ISMS
What is ISO 27001 ISMS
Business Beam
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
Hafiz Sheikh Adnan Ahmed
IBM Security Strategy Overview
IBM Security Strategy Overview
xband
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
Security Policies and Standards
Security Policies and Standards
primeteacher32
ISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Smart Assessment
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
McAfee SIEM solution
McAfee SIEM solution
hashnees
Information security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2
ShivamSharma909
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
PECB
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
Maganathin Veeraragaloo
Iso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
NA Putra
SIEM Architecture
SIEM Architecture
Nishanth Kumar Pathi
Implementing ISO27001 2013
Implementing ISO27001 2013
scttmcvy
106 Threat defense and information security development trends
106 Threat defense and information security development trends
SsendiSamuel
A Review Paper on Cyber-Security
A Review Paper on Cyber-Security
IRJET Journal
Weitere ähnliche Inhalte
Was ist angesagt?
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
Hafiz Sheikh Adnan Ahmed
IBM Security Strategy Overview
IBM Security Strategy Overview
xband
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
Security Policies and Standards
Security Policies and Standards
primeteacher32
ISO 27005 Risk Assessment
ISO 27005 Risk Assessment
Smart Assessment
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
McAfee SIEM solution
McAfee SIEM solution
hashnees
Information security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2
ShivamSharma909
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
PECB
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
Maganathin Veeraragaloo
Iso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
NA Putra
SIEM Architecture
SIEM Architecture
Nishanth Kumar Pathi
Implementing ISO27001 2013
Implementing ISO27001 2013
scttmcvy
Was ist angesagt?
(20)
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
IBM Security Strategy Overview
IBM Security Strategy Overview
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Basic introduction to iso27001
Basic introduction to iso27001
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
Security Policies and Standards
Security Policies and Standards
ISO 27005 Risk Assessment
ISO 27005 Risk Assessment
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
McAfee SIEM solution
McAfee SIEM solution
Information security: importance of having defined policy & process
Information security: importance of having defined policy & process
CompTIA Security+ SY0-601 Domain 2
CompTIA Security+ SY0-601 Domain 2
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
Iso 27001 isms presentation
Iso 27001 isms presentation
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
SIEM Architecture
SIEM Architecture
Implementing ISO27001 2013
Implementing ISO27001 2013
Ähnlich wie 105 Common information security threats
106 Threat defense and information security development trends
106 Threat defense and information security development trends
SsendiSamuel
A Review Paper on Cyber-Security
A Review Paper on Cyber-Security
IRJET Journal
Module 1.pdf
Module 1.pdf
Sitamarhi Institute of Technology
module 1 Cyber Security Concepts
module 1 Cyber Security Concepts
Sitamarhi Institute of Technology
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
IRJET Journal
ENSA_Module_3.pptx
ENSA_Module_3.pptx
SkyBlue659156
Global Technologies and Risks Trends
Global Technologies and Risks Trends
Charles Mok
Cyber security
Cyber security
Bhavin Shah
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
Erik Ginalick
5 network-security-threats
5 network-security-threats
ReadWrite
Cybersecurity2021
Cybersecurity2021
PrabhatChoudhary11
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
rausdeen anfas
Mim Attack Essay
Mim Attack Essay
Haley Johnson
Cyber Security PPT.pptx
Cyber Security PPT.pptx
AbhishekDas794104
Web Attack Survival Guide
Web Attack Survival Guide
- Mark - Fullbright
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
alinainglis
Cyber Security.docx
Cyber Security.docx
TanushreeChakraborty27
Cyber crime & security
Cyber crime & security
aravindanvaithilinga
R20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptx
MADARAUCHIHA278827
R20BM564.pptx
R20BM564.pptx
MADARAUCHIHA278827
Ähnlich wie 105 Common information security threats
(20)
106 Threat defense and information security development trends
106 Threat defense and information security development trends
A Review Paper on Cyber-Security
A Review Paper on Cyber-Security
Module 1.pdf
Module 1.pdf
module 1 Cyber Security Concepts
module 1 Cyber Security Concepts
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
ENSA_Module_3.pptx
ENSA_Module_3.pptx
Global Technologies and Risks Trends
Global Technologies and Risks Trends
Cyber security
Cyber security
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
5 network-security-threats
5 network-security-threats
Cybersecurity2021
Cybersecurity2021
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
E-COMMERCE SECURITY, FRAUD ISSUES AND PROTECTIONS
Mim Attack Essay
Mim Attack Essay
Cyber Security PPT.pptx
Cyber Security PPT.pptx
Web Attack Survival Guide
Web Attack Survival Guide
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
54 Chapter 1 • The Threat EnvironmentFIGURE 1-18 Cyberwar .docx
Cyber Security.docx
Cyber Security.docx
Cyber crime & security
Cyber crime & security
R20BM564_NAWARAJSUNARPPT.pptx
R20BM564_NAWARAJSUNARPPT.pptx
R20BM564.pptx
R20BM564.pptx
Mehr von SsendiSamuel
104 Common network devices
104 Common network devices
SsendiSamuel
103 Basic network concepts
103 Basic network concepts
SsendiSamuel
102 Information security standards and specifications
102 Information security standards and specifications
SsendiSamuel
101 Basic concepts of information security
101 Basic concepts of information security
SsendiSamuel
Chapter 06: cloud computing trends
Chapter 06: cloud computing trends
SsendiSamuel
Chapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization features
SsendiSamuel
Chapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basics
SsendiSamuel
Chapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computing
SsendiSamuel
Chapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computing
SsendiSamuel
Chapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualization
SsendiSamuel
Mehr von SsendiSamuel
(10)
104 Common network devices
104 Common network devices
103 Basic network concepts
103 Basic network concepts
102 Information security standards and specifications
102 Information security standards and specifications
101 Basic concepts of information security
101 Basic concepts of information security
Chapter 06: cloud computing trends
Chapter 06: cloud computing trends
Chapter 05: introduction to virtualization features
Chapter 05: introduction to virtualization features
Chapter 04: Storage virtualization basics
Chapter 04: Storage virtualization basics
Chapter 03: Network basics for cloud computing
Chapter 03: Network basics for cloud computing
Chapter 01: A brief introduction to cloud computing
Chapter 01: A brief introduction to cloud computing
Chapter 02: Introduction to compute virtualization
Chapter 02: Introduction to compute virtualization
Kürzlich hochgeladen
microwave assisted reaction. General introduction
microwave assisted reaction. General introduction
Maksud Ahmed
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
sanyamsingh5019
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
christianmathematics
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
Maestría en Comunicación Digital Interactiva - UNR
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
TechSoup
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Sapana Sha
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
chloefrazer622
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Krashi Coaching
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
Sapna Thakur
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
agholdier
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
discovermytutordmt
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
eniolaolutunde
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
Thiyagu K
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
Chameera Dedduwage
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
National Information Standards Organization (NISO)
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
TechSoup
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
National Information Standards Organization (NISO)
Kürzlich hochgeladen
(20)
microwave assisted reaction. General introduction
microwave assisted reaction. General introduction
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
105 Common information security threats
1.
www.huawei.com Copyright © 2018
Huawei Technologies Co., Ltd. All rights reserved. Common Information Security Threats
2.
Page 2 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Foreword Information systems are often vulnerable and have sensitive, confidential information that needs to be communicated. Therefore, they are under threat in various scenarios and through various means. This class uses some case studies about common attacks to introduce possible threats to the information system.
3.
Page 3 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Objectives Upon completion of this course, you will be able to: Categorize information security threats. Describe common information security threat means.
4.
Page 4 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
5.
Page 5 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Endless Security Incidents On May 12, 2017, the WannaCry ransomware attack broke out at about 8:00 p.m and spread worldwide. Computers infected with WannaCry were vulnerable to attacks once turned on. In 2017, the traffic of users of multiple software applications in China was hijacked during software upgrade. The users thought they were upgrading the software while they were actually installing viruses. More than 90% of telecommunication fraud is targeted fraud conducted using precise information of citizens. In Feb. 2018, the popular online game "Final Fantasy XIV" suffered a three-hour DDoS attack. On Nov. 10, 2016, five major Russian banks suffered from a DDoS attack lasting for two days. Attack through malicious code Personal information breach Communication process hijacking DDoS attack Security Incident
6.
Page 6 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Beginning of the Cyberwar - Stuxnet In February 2011, Iran suddenly announced it was to unload fuel from its first nuclear power station. Previously, the industry said Iran needed only one year to be capable of quickly creating nuclear weapons. However, the Stuxnet attack ruined one fifth of the centrifuges of Iran, postponing the research for at least two years, during which time the global landscape changed. Infected over 45,000 networks worldwide Computer worm First worm capable of targeted attack of physical (energy) infrastructure facilities Employed multiple attack means Most sophisticated cyber weapon in history Stuxnet Exploited mobile media to implant viruses
7.
Page 7 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Evolution of Information Security Attacks Forms of attack largely unchanged Current attackers still use viruses, phishing, etc. to target vulnerabilities, much the same as in the past. More sophisticated attack means A major attack usually requires sophisticated deployment, long-term incubation, and a combination of multiple attack methods to achieve the ultimate goal. Diverse attack purposes The attack targets range from targeting personal computers to being used to influence economy, politics, war, energy, and even the global landscape.
8.
Page 8 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Security Threat Categories Threats to Data Transmission and Device Security Threats to Cyber Security Threats to Application Security OS vulnerabilities Viruses (such as Trojan horses and worms) Phishing websites Data breaches DDoS attacks Network intrusion Communication traffic hijacking Man-in-the-middle (MITM) attacks Unauthorized login to the system Weak security protection for Wireless Networks
9.
Page 9 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
10.
Page 10 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. DDoS Attacks Against Dyn DNS Service in the United States On October 21, 2016, the DNS service from Dyn in the U.S. was hit by DDoS attacks from about 11:00 a.m. to 5:00 p.m. UTC. The attacks paralyzed nearly half the networks in the United States. These large-scale DDoS attacks were launched from botnets formed by IoT devices, which were infected with Mirai malware. IPC DVR Router IoT devices that launch attacks
11.
Page 11 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Process of a Mirai Attack Scan for open Telnet service ports (23/2323) on the network Crack the IoT device passwords through brute force and implant the Mirai malware into the devices for remote control Look for zombies Load the attack module Load the DNS DDoS attack module Launch a DDoS attack trough the botnet, making customers' websites inaccessible Build a botnet Launch an attack What means were used in this attack?
12.
Page 12 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Scanning Scanning is a potential attack action. It does not directly interrupt network devices. However, it gathers relevant network information before an attack. Address scanning An attacker sends ICMP packets to destination addresses or uses TCP/UDP packets to initiate connections with certain IP addresses. By checking whether there are response packets, the attacker can determine which target systems are alive and connected to the target network. Port scanning An attacker probes the network structure by scanning ports to identify ports open to the attack target, so as to determine the attack mode. The attacker usually uses the Port Scan software to initiate connections to a series of TCP or UDP ports on a wide range of hosts. Based on the response packets, the attacker can determine whether the hosts use these ports for providing services.
13.
Page 13 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Spoofing Attack - Obtaining the Control Permission Attackers can obtain the control permission by brute force cracking of passwords. Also, attackers can launch spoofing attacks such as IP spoofing to obtain access and control permissions. IP spoofing: An attacker may send packets with forged source IP addresses to target hosts to obtain superior access and control permissions. B: 192.168.0.6 A: 192.168.0.1 Sniffer 192.168.0.1 Request Sniffed Paralyze
14.
Page 14 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. DDoS attacks: Exhaust network bandwidth Exhaust server resources Launching a DDoS Attack Zombies Control traffic Attacker Botnet Jump server Attack traffic Attack target
15.
Page 15 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Defense Measures for Cyber Attacks Firewalls: Deploying firewalls at the intranet egresses of medium- and large-sized enterprises and data centers can efficiently defend against common DDoS attacks and traditional single-packet attacks. Anti-DDoS devices: Anti-DDoS solutions provide professional anti-DDoS services for carriers, enterprises, data centers, portal websites, online games, online videos, and DNS services. • Anti-DDoS devices Protection through professional equipment • Firewall
16.
Page 16 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
17.
Page 17 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Worm Attack Against Weibo Sina Weibo (the Chinese Twitter) was once hit by a worm that affected over 30,000 users in less than an hour. The attack process was as follows: The attacker created a user account, infected it with the worm, and sent the malicious link to a public section. Users clicked the malicious link with enticing titles and got their accounts infected. Exploit a web page vulnerability Spread the worm Infected user accounts automatically posted and sent out private messages to their followers. Infected messages increased exponentially, infecting a large number of user accounts. Phishing Take down the website
18.
Page 18 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Threats Brought by Vulnerabilities Vulnerabilities are defects in the implementation of hardware, software, or protocols or in system security policies. They allow attackers to access or damage systems without authorization. If system vulnerabilities are not fixed in time, the following attacks may occur: Malicious code propagation Cross-site scripting (XSS) Injection Data breach
19.
Page 19 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Phishing "Phishing" is cyber fraud. It is the fraudulent attempt to obtain users' private information such as bank or credit card account and password, often for malicious reasons, by using the URL or web page content of an authentic website as disguise, or exploiting vulnerabilities of authentic website server programs to insert dangerous HTML code into some web pages of the website. Before accessing a website, check whether its address is an encrypted link starting with https. What? Refund? Dear customer, due to issues with the payment system, please log in to the XX website for a refund.
20.
Page 20 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Malicious Code Malicious code is computer code that is deliberately developed or constructed to cause threats or potential threats to a network or system. The most common malicious code includes viruses, Trojan horses, worms, and backdoors. Malicious code is also called malware, which includes adware, spyware, and malicious shareware. Malware refers to software that is installed and run on a user's computer or other devices without explicitly notifying the user or obtaining the user's consent. Trojan horse Worm Virus Backdoor
21.
Page 22 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Defense Measures for Application Attacks Regular vulnerability fixing • Patching • Vulnerability scanning • Constantly looking out for suspicious websites and links Improving information security awareness • Antivirus software • WAF Protection through professional equipment • Firewalls Regular vulnerability fixing Protection through professional equipment Improving information security awareness
22.
Page 23 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Contents 1. Current Situation of Information Security Threats 2. Threats to Network Security 3. Threats to Application Security 4. Threats to Data Transmission and Device Security
23.
Page 24 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Interception of User Communications The National Security Agency (NSA) U.S. listened to encrypted communication between Google (including Gmail) and Yahoo users on the cloud. The NSA exploited the encryption/decryption flaw of Google's front end server to circumvent the server and directly listen to backend plaintext data. Google's front end encryption/decryption device Public Internet Google Cloud
24.
Page 25 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Tumblr User Information Breaches More than half of the accounts and passwords of the microblogging website Tumblr were stolen by hackers. Hackers invaded the Tumblr server in a certain way and stole information of Tumblr users. Tumblr stated that the breach would not cause damage to users because the database information was encrypted. However, the facts showed that the user information was encrypted using weak algorithms. After obtaining the encrypted user information, the hackers were able to quickly crack a large amount of user information. Why are information breaches so frequent?
25.
Page 26 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Threats in Communication Process User identity not authenticated Users using weak passwords Device security risks Transmission security risks MITM attacks Data transmission not encrypted or inadequately encrypted Servers with vulnerabilities What security risks will occur during communications?
26.
Page 27 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. MITM Attack Man-in-the-middle (MITM) attack: A type of indirect intrusion attacks. In MITM attacks, an attacker uses a variety of technical means to virtually place a controlled computer between two computers in the network. This controlled computer is called a man in the middle. Consequences of MITM attacks Information tampering Information theft Man in the middle User A User B
27.
Page 28 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Information Not Encrypted or Inadequately Encrypted If information is not encrypted, information security may be compromised. However, even if data is encrypted, information may also be stolen and cracked. Threat prevention suggestions Encrypt information before storage. Encrypt information before transmission. Use strong encryption algorithms.
28.
Page 29 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Authentication Attack An attacker obtains a user's identity authentication information by certain means, and uses the identity information to steal sensitive information or carry out illegal acts. It is a common form of attack. Prevention suggestions Install genuine antivirus software. Use strong passwords. Reduce the relevance between different passwords.
29.
Page 30 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Quiz 1. Which of the following are threats to application security? A. Injection attack B. XSS C. IP spoofing attack D. Port scanning 2. Which of the following are device security risks? A. Servers with vulnerabilities B. Users using weak passwords C. Data transmission inadequately encrypted D. User identity not authenticated
30.
Page 31 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Summary Current Situation of Information Security Threats Threats to Network Security Threats to Application Security Threats to Data Transmission and Device Security
31.
Page 32 Copyright ©
2018 Huawei Technologies Co., Ltd. All rights reserved. Thank You www.huawei.com
Jetzt herunterladen