SlideShare a Scribd company logo

Chapter 2-Risk in IT Infrastructure- Overview

Download as PPTX, PDF
F
Fadi763971

There are a lot of similarities between different IT organizations. • For example, any IT organization will have users and computers. There are seven domains of a typical IT infrastructure.

Education
1 of 19
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Chapter 2 Risk in IT Infrastructure
What Are the Major Components of Risk to an IT Infrastructure? Figure 1.­ 1 Domains of a typical IT infrastructure
Seven Domains of a Typical IT Infrastructure • There are a lot of similarities between different IT organizations. • For example, any IT organization will have users and computers. • There are seven domains of a typical IT infrastructure. • Figure 1.­ 1 shows the seven domains of a typical IT infrastructure. • When considering risk management, you can examine each of these domains separately. Each domain represents a possible target for an attacker.
Cont… • Some attackers have the skills and aptitudes to con users so they focus on the User Domain. Other attackers may be experts in specific applications so they focus on the System/Application Domain. • An attacker only needs to be able to exploit vulnerabilities in one domain of the seven domains. • However, a business must provide protection in each of the domains. A weakness in any one of the domains can be exploited by an attacker even if the other six domains have no vulnerabilities.
(1) Risk on the User Domain • The User Domain includes people. They can be users, employees, contractors, or consultants. The old phrase that says a chain is only as strong as its weakest link applies to IT security too. People are often the weakest link in IT security. • Business could have the strongest technical and physical security available. However, if personnel don’t understand the value of security, the security can be bypassed. For example, technical security can require strong and complex passwords that can’t be easily cracked. • However, a social engineer can convince an employee to give up the password. This called “Social Engineering”.
Cont… • Some users assume that no one will ever think of looking at the sticky note under their keyboard. • Users can visit risky Web sites, and download and execute infected software. They may unknowingly bring viruses from home via universal serial bus (USB) thumb drives. When they plug in the USB drive the work computer becomes infected. This in turn can infect other computers and the entire network.
(2) Risk on Workstation Domain • The workstation is the end user’s computer. The workstation is susceptible to malicious software, also known as malware. • The workstation is vulnerable if it is not kept up to date with recent patches. • If antivirus software isn’t installed, the workstation is also vulnerable. • If a system is infected, the malware can cause significant harm. Some malware infects a single system. • Other malware releases worm components that can spread across the network. • Antivirus companies regularly update virus definitions as new malware is discovered.
Cont… • In addition to installing the antivirus software, companies must also update software regularly with new definitions. If the antivirus software is installed and up to date, the likelihood of a system becoming infected is reduced. • Bugs and vulnerabilities are constantly being discovered in operating systems and applications. Some of the bugs are harmless. Others represent significant risks. • Microsoft and other software vendors regularly release patches and fixes that can be applied. When systems are kept updated, these fixes help keep the systems protected. When systems aren’t updated, the threats can become significant.
(3) Risk on LAN Domain • The LAN Domain is the area that is inside the firewall. It can be a few systems connected together in a small home office network. It can also be a large network with thousands of computers. • Each individual device on the network must be protected or all devices can be at risk. • Network devices such as hubs, switches, and routers are used to connect the systems together on the local area network (LAN). The internal LAN is generally considered a trusted zone. Data transferred within the LAN isn’t protected as thoroughly as if it were sent outside the LAN. • As an example, sniffing attacks occur when an attacker uses a protocol analyzer to capture data packets.
Cont… • A protocol analyzer is also known as a sniffer. An experienced attacker can read the actual data within these packets. • If hubs are used instead of switches, there is an increased risk of sniffing attacks. An attacker can plug into any port in the building and potentially capture valuable data. • If switches are used instead of hubs, the attacker must have physical access to the switch to capture the same amount of data. Most organizations protect network devices in server rooms or wiring closets. • NOTE: Many organizations outlaw the use of hubs within the LAN. Switches are more expensive. However, they reduce the risk of sniffing attacks.
(4) Risk on LAN-to-WAN Domain • The LAN­ -to-­ WAN Domain connects the local area network to the wide area network (WAN). The LAN Domain is considered a trusted zone since it is controlled by a company. • The WAN Domain is considered an untrusted zone because it is not controlled and is accessible by attackers. • The area between the trusted and untrusted zones is protected with one or more firewalls. This is also called the boundary, or the edge. • Security here is referred to as boundary protection or edge protection.
Cont… • The public side of the boundary is often connected to the Internet and has public Internet Protocol (IP) addresses. These IP addresses are accessible from anywhere in the world, and attackers are constantly probing public IP addresses. • They look for vulnerabilities and when one is found, they pounce. • A high level of security is required to keep the LAN-­ to-­ WAN Domain safe.
(5) Risk on Remote Access Domain • Mobile workers often need access to the private LAN when they are away from the company. • Remote access is used to grant mobile workers this access. • Remote access can be granted via direct dial­ up connections or using a virtual private network (VPN) connection. • A VPN provides access to a private network over a public network. • The public network used by VPNs is most commonly the Internet. Since the Internet is largely untrusted and has known attackers, remote access represents a risk.
Cont.. • Attackers can access unprotected connections. They can also try to break into the remote access servers. Using a VPN is an example of a control to lessen the risk. But VPNs have their vulnerabilities, too. • Vulnerabilities exist at two stages of the VPN connection: (1) The first stage is authentication. Authentication is when the user provides credentials to prove identity. If these credentials can be discovered, the attacker can later use them to impersonate the user. (2) The second stage is when data is passed between the user and the server. If the data is sent in clear text, an attacker can capture and read the data.
Cont.. NOTE: VPN connections use tunneling protocols to reduce the risk of data being captured. A tunneling protocol will encrypt the traffic sent over the network. This makes it more difficult for attackers to capture and read data.
(6) Risk on WAN Domain • For many businesses, the WAN is the Internet. However, a business can also lease semi-private lines from private telecommunications companies. • These lines are semiprivate because they are rarely leased and used by only a single company. Instead, they are shared with other unknown companies. • As mentioned in the LAN­ -to-­ WAN Domain, the Internet is an untrusted zone. Any host on the Internet with a public IP address is at significant risk of attack.
Cont… • Moreover, it is fully expected that any host on the Internet will be attacked. • Semiprivate lines aren’t as easily accessible as the Internet. However, a company rarely knows who else is sharing the lines. • These leased lines require the same level of security provided to any host in the WAN Domain. • A significant amount of security is required to keep hosts in the WAN Domain safe.
(7) Risk on System/Application Domain • The System/Application Domain refers to servers that host server level applications. • Mail servers receive and send e­ mail for clients. Database servers host databases that are accessed by users, applications, or other servers. • Domain Name System (DNS) servers provide names to IP addresses for clients. • You should always protect servers using best practices: Remove unneeded services and protocols. Change default passwords. • Regularly patch and update the server systems. Enable local firewalls.
Cont… • One of the challenges with servers in the System/Application Domain is that the knowledge becomes specialized. People tend to focus on areas of specialty. • For example, common security issues with an e­ mail server would likely be known only by technicians who regularly work with the e­ mail servers. • NOTE: You should lock down a server using the specific security requirements needed by the hosted application. An e-mail server requires one set of protections while a database server requires a different set.

More Related Content

PPTX
Network security (syed azam)
sayyed azam
 
PPTX
presentation_security_1510578971_320573.pptx
AadityaRauniyar1
 
PPTX
networking principles-network principles and their protocols
lochanraj1
 
PDF
Cryptography and network security.
RAVI RAJ
 
PPTX
A general security rule is that if an individual can physically touch a devic...
Chandravathi Dittakavi
 
PDF
Chapter 9 system penetration [compatibility mode]
Setia Juli Irzal Ismail
 
PPTX
FCT UNIT 5 Foundation of computing technologies.pptx
nandinikhalane
 
PDF
internet-firewalls
Miftakhul Hijriyah
 
Network security (syed azam)
sayyed azam
 
presentation_security_1510578971_320573.pptx
AadityaRauniyar1
 
networking principles-network principles and their protocols
lochanraj1
 
Cryptography and network security.
RAVI RAJ
 
A general security rule is that if an individual can physically touch a devic...
Chandravathi Dittakavi
 
Chapter 9 system penetration [compatibility mode]
Setia Juli Irzal Ismail
 
FCT UNIT 5 Foundation of computing technologies.pptx
nandinikhalane
 
internet-firewalls
Miftakhul Hijriyah
 

Similar to Chapter 2-Risk in IT Infrastructure- Overview (20)

PPTX
Computing safety
Brulius
 
PPT
Complete notes security
Kitkat Emoo
 
PPTX
NETWORK SECURITY
afaque jaya
 
PDF
004_Cybersecurity Fundamentals Network Security.pdf
DaraputriOktiara
 
PPTX
DDOS ATTACKS
Shaurya Gogia
 
PPTX
Cryptography and Network security # Lecture 3
Kabul Education University
 
PPTX
PACE-IT: Common Network Security Issues
Pace IT at Edmonds Community College
 
DOCX
dcu1-distributed-computing-lecture-notes.docx
AmirMohamedNabilSale
 
PPTX
Network security and firewalls
Murali Mohan
 
PPTX
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
PPTX
Security and control in Management Information System
Satya P. Joshi
 
PPTX
Firewall & DMZ.pptx
karthikvcyber
 
PDF
Network security
Sri Manakula Vinayagar Engineering College
 
PPTX
attack vectors by chimwemwe.pptx
JenetSilence
 
PPTX
Security Threats at OSI layers
Department of Computer Science
 
PPTX
Security Threats and Vulnerabilities-2.pptx
AmardeepKumar621436
 
PPT
Network sec 1
Jasleen Kaur
 
PPT
Security and Linux Security
Rizky Ariestiyansyah
 
PPT
Modules1
websec69
 
PPTX
How to stay protected against ransomware
Sophos Benelux
 
Computing safety
Brulius
 
Complete notes security
Kitkat Emoo
 
NETWORK SECURITY
afaque jaya
 
004_Cybersecurity Fundamentals Network Security.pdf
DaraputriOktiara
 
DDOS ATTACKS
Shaurya Gogia
 
Cryptography and Network security # Lecture 3
Kabul Education University
 
PACE-IT: Common Network Security Issues
Pace IT at Edmonds Community College
 
dcu1-distributed-computing-lecture-notes.docx
AmirMohamedNabilSale
 
Network security and firewalls
Murali Mohan
 
Advanced Persistent Threats (APTs) - Information Security Management
Mayur Nanotkar
 
Security and control in Management Information System
Satya P. Joshi
 
Firewall & DMZ.pptx
karthikvcyber
 
Network security
Sri Manakula Vinayagar Engineering College
 
attack vectors by chimwemwe.pptx
JenetSilence
 
Security Threats at OSI layers
Department of Computer Science
 
Security Threats and Vulnerabilities-2.pptx
AmardeepKumar621436
 
Network sec 1
Jasleen Kaur
 
Security and Linux Security
Rizky Ariestiyansyah
 
Modules1
websec69
 
How to stay protected against ransomware
Sophos Benelux
 
Ad

Recently uploaded (20)

PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PPTX
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
PDF
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
102 student loan defaulters named and shamed – Is someone you know on the list?
Kweku Zurek
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
master seminar digital applications in india
ananyaray35
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
Ad

Chapter 2-Risk in IT Infrastructure- Overview

  • 1. Chapter 2 Risk in IT Infrastructure
  • 2. What Are the Major Components of Risk to an IT Infrastructure? Figure 1.­ 1 Domains of a typical IT infrastructure
  • 3. Seven Domains of a Typical IT Infrastructure • There are a lot of similarities between different IT organizations. • For example, any IT organization will have users and computers. • There are seven domains of a typical IT infrastructure. • Figure 1.­ 1 shows the seven domains of a typical IT infrastructure. • When considering risk management, you can examine each of these domains separately. Each domain represents a possible target for an attacker.
  • 4. Cont… • Some attackers have the skills and aptitudes to con users so they focus on the User Domain. Other attackers may be experts in specific applications so they focus on the System/Application Domain. • An attacker only needs to be able to exploit vulnerabilities in one domain of the seven domains. • However, a business must provide protection in each of the domains. A weakness in any one of the domains can be exploited by an attacker even if the other six domains have no vulnerabilities.
  • 5. (1) Risk on the User Domain • The User Domain includes people. They can be users, employees, contractors, or consultants. The old phrase that says a chain is only as strong as its weakest link applies to IT security too. People are often the weakest link in IT security. • Business could have the strongest technical and physical security available. However, if personnel don’t understand the value of security, the security can be bypassed. For example, technical security can require strong and complex passwords that can’t be easily cracked. • However, a social engineer can convince an employee to give up the password. This called “Social Engineering”.
  • 6. Cont… • Some users assume that no one will ever think of looking at the sticky note under their keyboard. • Users can visit risky Web sites, and download and execute infected software. They may unknowingly bring viruses from home via universal serial bus (USB) thumb drives. When they plug in the USB drive the work computer becomes infected. This in turn can infect other computers and the entire network.
  • 7. (2) Risk on Workstation Domain • The workstation is the end user’s computer. The workstation is susceptible to malicious software, also known as malware. • The workstation is vulnerable if it is not kept up to date with recent patches. • If antivirus software isn’t installed, the workstation is also vulnerable. • If a system is infected, the malware can cause significant harm. Some malware infects a single system. • Other malware releases worm components that can spread across the network. • Antivirus companies regularly update virus definitions as new malware is discovered.
  • 8. Cont… • In addition to installing the antivirus software, companies must also update software regularly with new definitions. If the antivirus software is installed and up to date, the likelihood of a system becoming infected is reduced. • Bugs and vulnerabilities are constantly being discovered in operating systems and applications. Some of the bugs are harmless. Others represent significant risks. • Microsoft and other software vendors regularly release patches and fixes that can be applied. When systems are kept updated, these fixes help keep the systems protected. When systems aren’t updated, the threats can become significant.
  • 9. (3) Risk on LAN Domain • The LAN Domain is the area that is inside the firewall. It can be a few systems connected together in a small home office network. It can also be a large network with thousands of computers. • Each individual device on the network must be protected or all devices can be at risk. • Network devices such as hubs, switches, and routers are used to connect the systems together on the local area network (LAN). The internal LAN is generally considered a trusted zone. Data transferred within the LAN isn’t protected as thoroughly as if it were sent outside the LAN. • As an example, sniffing attacks occur when an attacker uses a protocol analyzer to capture data packets.
  • 10. Cont… • A protocol analyzer is also known as a sniffer. An experienced attacker can read the actual data within these packets. • If hubs are used instead of switches, there is an increased risk of sniffing attacks. An attacker can plug into any port in the building and potentially capture valuable data. • If switches are used instead of hubs, the attacker must have physical access to the switch to capture the same amount of data. Most organizations protect network devices in server rooms or wiring closets. • NOTE: Many organizations outlaw the use of hubs within the LAN. Switches are more expensive. However, they reduce the risk of sniffing attacks.
  • 11. (4) Risk on LAN-to-WAN Domain • The LAN­ -to-­ WAN Domain connects the local area network to the wide area network (WAN). The LAN Domain is considered a trusted zone since it is controlled by a company. • The WAN Domain is considered an untrusted zone because it is not controlled and is accessible by attackers. • The area between the trusted and untrusted zones is protected with one or more firewalls. This is also called the boundary, or the edge. • Security here is referred to as boundary protection or edge protection.
  • 12. Cont… • The public side of the boundary is often connected to the Internet and has public Internet Protocol (IP) addresses. These IP addresses are accessible from anywhere in the world, and attackers are constantly probing public IP addresses. • They look for vulnerabilities and when one is found, they pounce. • A high level of security is required to keep the LAN-­ to-­ WAN Domain safe.
  • 13. (5) Risk on Remote Access Domain • Mobile workers often need access to the private LAN when they are away from the company. • Remote access is used to grant mobile workers this access. • Remote access can be granted via direct dial­ up connections or using a virtual private network (VPN) connection. • A VPN provides access to a private network over a public network. • The public network used by VPNs is most commonly the Internet. Since the Internet is largely untrusted and has known attackers, remote access represents a risk.
  • 14. Cont.. • Attackers can access unprotected connections. They can also try to break into the remote access servers. Using a VPN is an example of a control to lessen the risk. But VPNs have their vulnerabilities, too. • Vulnerabilities exist at two stages of the VPN connection: (1) The first stage is authentication. Authentication is when the user provides credentials to prove identity. If these credentials can be discovered, the attacker can later use them to impersonate the user. (2) The second stage is when data is passed between the user and the server. If the data is sent in clear text, an attacker can capture and read the data.
  • 15. Cont.. NOTE: VPN connections use tunneling protocols to reduce the risk of data being captured. A tunneling protocol will encrypt the traffic sent over the network. This makes it more difficult for attackers to capture and read data.
  • 16. (6) Risk on WAN Domain • For many businesses, the WAN is the Internet. However, a business can also lease semi-private lines from private telecommunications companies. • These lines are semiprivate because they are rarely leased and used by only a single company. Instead, they are shared with other unknown companies. • As mentioned in the LAN­ -to-­ WAN Domain, the Internet is an untrusted zone. Any host on the Internet with a public IP address is at significant risk of attack.
  • 17. Cont… • Moreover, it is fully expected that any host on the Internet will be attacked. • Semiprivate lines aren’t as easily accessible as the Internet. However, a company rarely knows who else is sharing the lines. • These leased lines require the same level of security provided to any host in the WAN Domain. • A significant amount of security is required to keep hosts in the WAN Domain safe.
  • 18. (7) Risk on System/Application Domain • The System/Application Domain refers to servers that host server level applications. • Mail servers receive and send e­ mail for clients. Database servers host databases that are accessed by users, applications, or other servers. • Domain Name System (DNS) servers provide names to IP addresses for clients. • You should always protect servers using best practices: Remove unneeded services and protocols. Change default passwords. • Regularly patch and update the server systems. Enable local firewalls.
  • 19. Cont… • One of the challenges with servers in the System/Application Domain is that the knowledge becomes specialized. People tend to focus on areas of specialty. • For example, common security issues with an e­ mail server would likely be known only by technicians who regularly work with the e­ mail servers. • NOTE: You should lock down a server using the specific security requirements needed by the hosted application. An e-mail server requires one set of protections while a database server requires a different set.