IT System Components 1444 S1

15/11/2022
IT Systems
Components
Lectures
CHAPTER 1
ENDPOINT SECURITY
1
15/11/2022
Endpoint devices in Information Networks.

¢ Endpoint devices are electronic machines or any ICT gadgets
(tools) which has the intelligence of integrating a user to a network
in order to access available network resources.
¢ Although, many mobile devices acting as endpoints now render
almost all networks borderless which increases the vulnerability,
security risks, accessibility among other features.
Importance of Endpoint Security in an

Information Network
¢Securing endpoints refer to the art of Protecting
all network hosts from all network attacks such
as:
¢ Physical damage.
¢ Device and data theft.
¢ Viruses, worms, Trojan, ransomware, malwares, spywares,
¢ Zero-day.
¢The ultimate goal of this security is corporate

network protection which translates to Business
profitability.
4
2
15/11/2022

Information Network
Identifying the strength and vulnerabilities of

endpoint devices.
Endpoint’s
Security involves
Security risks attached to the vulnerabilities.
Defending against them.

Information Network
• Endpoint security, when implemented in a network reduces the vulnerabilities in

the endpoint devices against basic, blended attacks (i.e. multiple malicious
programs packed into a single malicious program) and sophisticated attacks there
by providing the Confidentiality, Integrity and Availability “CIA” in networks.
3
15/11/2022
CIA, the main goals of security in Network

¢ The whole essence of implementing security in network is
to achieve information (or resource):
Confidentiality (‫)اﻟﺴﺮﯾﺔ‬
• Provides privacy on information by encryption.
Integrity(‫)اﻟﺘﮑﺎﻣﻞ‬
Ensures consistency on the content of information.
Availability (‫)اﻻﺗﺎﺣﺔ‬
Provides an “always-on” accessibility to information.
¢ Hint : information = any accessible resource
Endpoint Security via

Confidentiality
q "Confidentiality" simply refers to encryption of data stored on
endpoint, in a storage device or data traversing a network to &
from an endpoint.
q This is achieved by several encryption algorithms such as: DES,
3DES, AES, Ciphers, etc.
4
15/11/2022
Endpoint Security via ntegrity I

q “Integrity” is the consistency found in the state of an object
after which the final state of that object is confirmed to be
same as it’s initial state.
q Therefore, data integrity simply is refers to the consistency in
the data before and after it was transmitted.
Endpoint Security via Availability

q “Availability” is said to be achieved when
a resource is accessible by an end user
at any point it is desired to be accessed.
q With effective and efficient endpoint
security implementation, the reliability
of such endpoint is guaranteed to a
reasonable level from the perspective of
the end users.
q Note: Availability brings smile on the
faces of end users, especially when the
user requirements are met as desired.
10
5
15/11/2022
Endpoint security threats & attacks.

q Trusted endpoints Endpoints can be faced with the
become main targets for following network attacks:
attackers.
Denial of
q Successful compromise Service (DoS).
Ransomware Zero-day
(‫ )اﺧﺘﺮاق‬of an endpoint in
a financial institution Malware,
Distributed
Brute-force. Trojan,
could result to a DoS (DDoS).
Worms.
catastrophic end of such
organization if no remedy Password
Spoofing Port scanning
is implemented rapidly. exploitation
Social
Engineering
11
Endpoint security threats & attacks (Cont.).

q Attackers from the untrusted networks make efforts to compromise internal
endpoints, users (people) among other resources in the network to launch
their attacks successfully.
q Note: There is no successful attack from outside a network without the
influence of an internally trusted network resource.
q Successful compromise of an endpoint frustrates the user’s productivity.
12
6
15/11/2022

Packet Sniffing
Denial of Service (DoS)
Man-in-the Middle / Eavesdropping Trojan House
13

q Any information network is exposed to the following
risks when endpoint security is not implemented:
Unauthorized Unplanned
Sensitive Data High rate of
access to downtime (i.e.
theft valuable data loss.
endpoints unavailability)
Reduced income Uncertain growth Failure of the

Business failure.
for all employees of business. network.
14
7
15/11/2022
Ways to improve the effectiveness of

Endpoint Security
q There are several techniques that have been developed
to provide effective Endpoint Security and some of
these are as follows:
15

Endpoint Security
q In order to improve Endpoint Security, there are 10
goals that must be achieved:
1. Endpoint Security Awareness for Users:
• Enhance the learning of all users by training all employees on how to achieve
endpoint security.
2. Enforcement of Acceptable Use Policy (AUP) on all Endpoints.

• Acceptable Use Policy (AUP) is a set of instructions or guidelines that guard
against abusive use of endpoints in an organization.
• Careful creation AUP and its enforcement is now very important in most
organizations.
3. Practice least-privilege access on Endpoints:
• Assigning only the privilege that is needed by each user to perform his/her duty.
• The severity of the damage caused is reduced and remedied easily when
detected.
16
8
15/11/2022

Endpoint Security
4. Schedule regular software updates on all endpoints:
• Ensure that all software operating on each endpoint are well updated to the
latest security patch or version.
5. Disable unused services on all Endpoints.
• “stealth-mode” or “silent” checks are done to provide information on services

that are active on an endpoint.
• This check is referred to as “Port Scanning” and “Packet Sniffing”.
• A typical result of port scan and packet sniffing provide information on:
service name, port number, IP addresses, OS , OS version, etc.
6. Install Endpoint Protection Toolkit on all endpoints:
• There are many vendors of Endpoint Protection toolkit that are available.
• The toolkit provide a console which grant access to several protection
options.
17
9
15/11/2022
IT Systems
Components
Lec2:Storage Devices
What is a storage device?
A storage device is used in the computers to store the
01
data and instructions.
Provides one of the core functions of the
02
modern computer.
Storage devices, such as disk drives, store your

documents (data files) and programs (executable files)
03
when they are not currently in use for processing.
1
15/11/2022
Types of Storage
There are four type of storage:
q Primary Storage: Main memory – only large storage media
that the CPU can access directly.
q Secondary Storage: extension of main memory that provides
large nonvolatile storage capacity.
q Tertiary Storage:
q Off-line Storage
S to r a
04
Off-lin
S to r a
Se con
S to r a
02
T e r tia
01
03
ge
S to r a
P r im a
e
ge
ge
dary
ge
ry
ry
1) Primary Storage
Also known as main memory.
•Main memory is directly or indirectly connected to
the central processing unit via a memory bus.
•The CPU continuously reads instructions stored
there and executes them as required.
2
15/11/2022
Primary Storage Types
1 Registers
2 Cache
3 RAM
4 ROM
RAM
q It is called Random Access Memory because any
of the data in RAM can be accessed just as fast
as any of the other data.
q There are two types of RAM:
q DRAM (Dynamic Random Access Memory)
q SRAM (Static Random Access Memory)
3
15/11/2022
ROM (Read Only Memory)

q This memory is used as the computer begins to bootup.
q Small programs called firmware are often stored in ROM chips on hardware
devices (like a BIOS chip).
q They contain instructions the computer can use in performing some of the
most basic operations required to operate hardware devices.
q ROM memory cannot be easily or quickly overwritten or modified.
2) Secondary Storage
q It is not directly accessible by the CPU.
q Computer usually uses its input / output channels to
access secondary storage and transfers the desired
data using intermediate area in primary storage.
q Example:
q Hard disk
4
15/11/2022
HDD and SSD
Hard Disk
10
5
15/11/2022
3) Tertiary Storage
• Typically it involves a robotic mechanism which will mount (insert) and
dismount removable mass storage media into a storage device.
• It is a comprehensive computer storage system that is usually very slow ,so
it is usually used to archive data that is not accessed frequently.
• This is primarily useful for extraordinarily large datastores ,accessed
without human operators.
Examples:
• Optical Disc
• Magnetic Tape
11
Optical Drives
• Enables a computer to read different types of
media discs.
• Some drives can only read discs, but recent
drives are both reader and recorders.
• Types of Optical Discs:
• CD
• DVD
• Blu-ray
12
6
15/11/2022
CD, DVD, and Blue-ray -Media

• Early CD-R drives requires that the entire disc be burned in one session, which are
called single-session drives
• Modern CD-R allow users to burn additional data until it is full (called multisession drives)
• Once the data is burned onto the CD-R disc, the data cannot be erased or altered
• CD-RW drives not only allows users to burn data onto a disc, but to burn over existing
data
• DVD: released in 1995, lowest capacity- 4.37 GB of data and highest capacity-16 GB of
data.
o Blu-ray: developed by Sony and has capacity (Single-layer- 25 GB, Dual-layer- 50 GB)
13
Tape Backup Devices
• Older type of removable storage

• Can store large amounts of data
• Can be installed internally or externally
• Use tape magnetic tape medium for storage instead of disks
• Slow - used more for archival storage
14
7
15/11/2022
4) Off-line Storage
• Also known as disconnected or removable storage.
• Is a computer data storage on a medium or a device
that is not under the control of a processing unit.
Examples:
• Floppy Disk
• Zip diskette
• USB Flash drive
• Memory card
15
Floppy Disks (FD)

• Term “floppy disk” first used to refer to the 8” medium used with mini-computers and
mainframes
• Now refers to the 3 1/2" floppy diskette
16
8
15/11/2022
Flash Memory
• Flash memory refers to a particular type of EEPROM, or Electronically

Erasable Programmable Read Only Memory.
• It is a memory chip that maintains stored information without requiring a
power source.
• It is often used in portable electronics, like MP3 players, and in removable
storage devices.
17
Hot Swappable Devices
q A hot swappable device is one which can be attached or detached from a computer
or other electronic device without having to reboot the computer.
q The most common hot swappable devices are universal serial bus (USB) devices.
q Many hot swappable USB devices have all the necessary software built in to the
device, so simply plugging it in to the computer allows the computer to detect the USB
device and start working with it.
q Firewire is another common interface used with hot swappable devices. eSATA also.
18
9
15/11/2022
Non-Hot Swappable Devices
• A non-hot swappable device requires the computer to be

shut-off before removing the device.
• For example, an internal hard drive is a non-hot swappable
device. You cannot remove it with the power on.
19
IT Systems Components
Lecture 3: System architecture
20
10
15/11/2022
What is system architecture?

q A system architecture is the conceptual model that
defines the structure, behavior, and more views of a
system.
qAn architecture description is a formal description and
representation of a system, organized in a way that
supports reasoning about the structures and behaviors
of the system.
21
What is the architecture of a system?

Definition:
An architecture is “the fundamental organization of a system,
represented in:
q System components.
q Components relationships to each other and the environment.
q The principles governing system design and evolution.
22
11
15/11/2022
Design and system architecture

qArchitecture means the conceptual structure and
logical organization of a computer or computer-based
system.
qDesign means a plan or drawing produced to show the
look and function or workings of a system or an object
before it is made.
23
Components of
system architecture
1 Fundamental properties
The
architecture 2 The patterns of relationships
of the
system
involves 3 Connections and constraints
4 Linkages among the components
24
12
15/11/2022
Importance of system architecture

qThe purpose of system architecture activities is to
define a comprehensive solution based on:
• Principles, concepts.
• Properties logically related to and consistent with each
other.
25
Computer System Organization
1 Hardware
2 Operating system
3 Application programs
4 Users
26
13
15/11/2022
Computer System Organization

Computer system can be divided into four
components:
• Hardware: provides basic computing resources
CPU, memory, I/O devices.
• Operating system: Controls and coordinates use of
hardware among various applications and users.
• Application programs – define the ways in which
the system resources are used to solve the
computing problems of the users. Word processors,
compilers, web browsers, database systems, video
games.
• Users: People, machines, other computers
27
Components of a Computer System
Text Editor Compiler Database System
System and application programs
Operating System
Computer Hardware
28
14
15/11/2022
Computer Systems Components

RAM
Cache EPROM
CPU
Computer Systems Components
ROM EEPROM
H /W Storage
Flash Memory
Operating Systems I/O Devices
Magnetic Tapes
Applications
Secondary
Magnetic Disks
Storage
Users
Compact Disks
29
Computer Basic units

The basic units of the computer are:
1. Input Units: used to input the data and instructions into the
computer memory.
2. Output Units: used to output the final results to the user.
3. Memory Unit: used to store the user data and instructions as

well as the final results.
4. Control Unit: used to control the sequence of operations that will
be performed by the processor.
5. Processor: perform all the required operations.
30
15
15/11/2022
System Architecture Checklist
Enterprise
Resource
Planning
Initial (ERP)
Cost and
TCO
01
Scalability
02
Processing
Options 03
Security
Issues 04
05
31
System Architecture Checklist

• Enterprise Resource Planning (ERP):
• The objective of ERP is to establish a company-wide
strategy for using IT resources
• Supply chain management (SCM).
• Initial Cost and Total Cost of Ownership
(TCO):
• During the final design stage, you make decisions
that will have a major impact on the initial costs and
TCO for the new system.
• You should review all previous cost estimates.
32
16
15/11/2022
System Architecture Checklist: Scalability

• Scalability, also called extensibility, refers to a
system’s ability to expand, change or downsize
easily to meet the changing need of a business
enterprise.
• Especially important in implementing systems that are
volume-rated, such as transaction processing systems.
33
System Architecture Checklist: Processing Options

• In planning the architecture, designers also
must consider how the system will process
data - online or in batches.
• Provision must be made for backup and speedy
recovery in the event of system failure.
34
17
15/11/2022
System Architecture Checklist: Security Issues

q Security threats and defenses are a major concern to a
systems analyst.
q The analyst must consider security issues that relate to
system design specifications.
q Web-based systems introduce additional security
concerns.
35
Planning the Architecture

• Server
• Clients
• Mainframe architecture
• Server-based processing
36
18
15/11/2022
Lecture 4: Virtual environments and cloud computing
37
This Lecture covers 3 topics

Private Data center
Data Centers
Lease space
Lecture Topics
Public Cloud.
Cloud Computing Private Cloud. SaaS: Office 365
PaaS: Java or .Net

Cloud Services Servers
plateform.
IaaS: Virtual
Storage
computing
Type1 Networking
Virtualization Hypervisors
Type 2
38
19
15/11/2022
Virtualization
qNow that you are aware of the roles of hardware and
software, the concept of virtualization will be easier to grasp.
qVirtualization is the “layer” of technology that goes between
the physical hardware of a device and the operating system to
create one or more copies of the device.
39
What is Virtualization?
qVirtualization is the ability to run multiple operating systems on a single
physical system and share the underlying hardware resources.
qIt is the process by which one computer hosts the appearance of many
computers.
qVirtualization is used to improve IT throughput and costs by using physical
resources as a pool from which virtual resources can be allocated.
40
20
15/11/2022
Why learn virtualization?
1 Modern computing is more efficient due to virtualization
Virtualization can be used for mobile, personal and

2 cloud computing.
Virtualization
Benefits
3 One major advantage of virtualization is overall reduced
cost: Less (equipment ,energy , and space) is required
4 Increased server uptime Improved disaster recovery

and Legacy support
41
What is a Virtual Machine VM?

qVirtualization creates virtual hardware by replicating
physical hardware.
qThe hypervisor uses virtual hardware to create a virtual
machine (VM).
qA VM is a set of files.
qWith a hypervisor and VMs, one computer can run
multiple OS simultaneously
42
21
15/11/2022
What is a Hypervisor?
qA hypervisor, also known as a virtual machine monitor or VMM, is
software that creates and runs virtual machines (VMs).
qA hypervisor allows one host computer to support multiple guest
VMs by virtually sharing its resources, such as memory and
processing.
qSoftware installed on top of hardware that created virtualization layer:
§ Type 1 Hypervisor – Bare metal hypervisor (VMware ESXi).
§ Type 2 Hypervisor – Hosted hypervisor (VMware Workstation).
43
Type 1 Hypervisors
q Type 1 hypervisors are also called the “bare metal” approach because the
hypervisor is installed directly on the hardware.
q Type 1 hypervisors are usually used on enterprise servers and data center
networking devices.
q With Type 1 hypervisors, the hypervisor is installed directly on the server or
networking hardware. Then, instances of an OS are installed on the hypervisor, as
shown in the figure.
q Type 1 hypervisors have direct access to the hardware resources. Therefore, they
are more efficient than hosted architectures. Type 1 hypervisors improve
scalability, performance, and robustness.
44
22
15/11/2022
Type 2 Hypervisors
• A Type 2 hypervisor is software that creates and runs VM
instances.
• The computer, on which a hypervisor is supporting one or
more VMs, is a host machine. Type 2 hypervisors are also
called hosted hypervisors.
• A big advantage of Type 2 hypervisors is that management
console software is not required.
45
Benefits of hypervisors
qSpeed: Hypervisors allow virtual machines to be created instantly.
qEfficiency: Hypervisors that run several virtual machines on one
physical machine’s resources also allow for more efficient utilization
of one physical server.
qFlexibility: Bare-metal hypervisors allow operating systems and
their associated applications to run on a variety of hardware types.
qPortability: Because the virtual machines that the hypervisor runs
are independent from the physical machine, they are portable.
46
23
15/11/2022
What is a Data Center?

q Hardware infrastructure that supports virtualization.
q Focus is on processing large amounts of data.
q What are the three main components?
03
N e tw o
01
Com p
02
S to r a
u te
rks
ge
47
Compute Systems
q Hardware and operating system software that runs applications.
q Difference between a PC and a server
§ PCs have user-friendly interface and request services.
§ Servers focus on running programs and provide services.
qTypes of servers:
§ Tower.
§ Blade server.
§ Rack-mounted server.
48
24
15/11/2022
Types of Data Center Storage

q Direct-attached storage (DAS) – Storage device is directly attached to a
server (block-level).
q Network Data Storage (NAS) – Storage device is attached to a network,
servers on the network can access device (file-level).
q Storage Area Networks (SAN) – Clustered storage devices on their own
network that servers can connect to (block-level).
49
Networks
qTransfer data across the data center so devices can communicate.
qWhat type of hardware is used for networking?
50
25
15/11/2022
Cloud Definition
Cloud computing is a model for enabling everywhere,
convenient, on-demand network access to a shared
pool of configurable computing resources (e.g.,
networks, servers, storage, applications, and services)
that can be rapidly supplied and released with
minimal management effort or service provider
interaction.
51
Cloud Overview
Cloud computing addresses a variety of data management
issues:
§ Enables access to organizational data anywhere and at any time.
§ Simplify the organization’s IT operations by subscribing only to needed
services.
§ Eliminates or reduces the need for onsite IT equipment, maintenance,
and management.
§ Reduces cost for equipment, energy, physical plant requirements, and
personnel training needs.
§ Enables rapid responses to increasing data volume requirements.
52
26
15/11/2022
CLOUD COMPONENTS
1. Clients:
• Mobile - Thin (Just view, lets servers do all work) – Thick (Laptops, desktop).
• Which is the best? Thin - lower costs, security, power consumption.
2. Data Center – Facility used to house computer systems and associated components.
3. Distributed servers:
• Compute nodes: Provides CPU, Memory, Storage, and Networking resources through virtualized
interfaces.
• Storage nodes: Compute nodes only provide temporary storage space for users/applications
• Administrative nodes: Provides “hidden” back-end services such as security/firewalls.
s e r v e r te d
02
D is tr i
C e n te
03
C l ie n t
D a ta
01
bu
s
rs
s
53
Cloud Services
The three main cloud computing services are as follows:
q Software as a Service (SaaS) - The cloud provider is responsible for access to
applications and services that are delivered over the internet.
• Consumer Applications Such as Google Docs
q Platform as a Service (PaaS) - The cloud provider is responsible for providing
users access to the development tools and services used to deliver the
applications.
• For Developers (one or two programming languages)
q Infrastructure as a Service (IaaS) - The cloud provider is responsible for giving IT
managers access to the network equipment, virtualized network services, and
supporting network infrastructure [on demand creation of server resources].
q IT as a Service (ITaaS): IT Professionals support applications, platforms and
infrastructure.
54
27
15/11/2022
Cloud Services
Consumer
Applications
For
Developers
On demand
Resources
55
Cloud Service Providers
56
28
15/11/2022
Cloud Models
There are four primary cloud models:
q Public clouds - Cloud-based applications and services made available to the general
population.
q Private clouds - Cloud-based applications and services intended for a specific
organization or entity, such as the government.
q Hybrid clouds - A hybrid cloud is made up of two or more clouds (example: part private,
part public), where each part remains a separate object, but both are connected using a
single architecture.
q Community clouds - A community cloud is created for exclusive use by a specific
community. The differences between public clouds and community clouds are the
functional needs that have been customized for the community. For example, healthcare
organizations must remain compliant with policies and laws that require special
authentication and confidentiality.
57
Cloud Computing Vs. Data Center

These are the correct definitions of data center and cloud computing:
q Data center: Typically, a data storage and processing facility run by an in-
house IT department or leased offsite. Data centers are typically very
expensive to build and maintain.
q Cloud computing: Typically, an off-premise service that offers on-demand
access to a shared pool of configurable computing resources. These resources
can be rapidly provisioned and released with minimal management effort.
Data centers are the physical facilities that provide the compute, network, and
storage needs of cloud computing services. Cloud service providers use data
centers to host their cloud services and cloud-based resources.
58
29
15/11/2022
Virtualization and cloud computing

• The terms “cloud computing” and “virtualization” are often used
interchangeably; however, they mean different things.
• Virtualization is the foundation of cloud computing. Without it, cloud
computing, as it is most-widely implemented, would not be possible.
• Virtualization separates the operating system (OS) from the
hardware. Various providers offer virtual cloud services that can
dynamically provision servers as required. These virtualized
instances of servers are created on demand.
59
Advantages of CC
Lower costs Instant
(H.W, S.W, Improved Reduced software
performance software costs
Maintenance) updates
Improved
document Unlimited Increased data Universal
storage document
format reliability
capacity access
compatibility
Excellent Easier group Device

accessibility. collaboration. independence. Mobility
Services in the
pay-per-use Data security.
model.
60
60
30
15/11/2022
Distributed Systems
qOften PLCs figure in a hierarchy of communications.
qAt the lowest level we have input and output devices such as sensors and motors.
qThe next level involves controllers such as small PLCs or small computers, linked
through a network, with the next level of larger PLCs and computers exercising local area
control.
qThe term SCADA, which stands for supervisory control and data acquisition system, is
widely used for such a system.
65
What is SCADA?
qSCADA (Supervisory Control And Data Acquisition) can be defined as a
supervisory computerized system that gathers and processes data and
applies operational controls for distribution-side systems used to control
dispersed assets.
qA SCADA system means a system consisting of several Remote Terminal
Units (RTUs) collecting field data connected back to a master station via a
communications system.
qThe master station displays the acquired/collected data and allows the
operator to perform remote control tasks.
66
33
15/11/2022
What is SCADA?
A SCADA application has two elements:
67
SCADA Hardware
Remote Terminal Unit (RTU) structure
Analogue and digital Input /Output modules
Master site structure.
68
34
15/11/2022
SCADA Software User interface
Access to data 08 02 Graphics display
01
Networking 07 03 Alarms
05
RTU (and PLC) 06 04 Trends

interface
Scalability
69
Real-time Data
§ Real-time data is data that is available as soon as it is
generated and gained/acquired.
§ Instead of being stored, data is forwarded to users as soon
as it's collected and is immediately available, which is
crucial for supporting live and in-the-moment decision
making.
§ This data is powering everything from bank transactions to
GPS and others.
70
35
15/11/2022
Typical SCADA system architecture
71
SCADA Benefits
Improved operation of the plant or process resulting
in savings due to the optimization of the system
Increased productivity of the personnel
Improved safety of the system due to better

information and improved control
Protection of the plant equipment.
72
36
15/11/2022
SCADA Security and Threats

Most common SCADA security issues and threats:
q Legacy software.
q Networking issues.
q Default configuration.
q Unencrypted communications.
q DDoS attacks.
q Malware.
q Web application attacks.
73
Critical Infrastructure (CI)
q A Critical Infrastructure (CI): consists of a set of systems and assets,

whether physical or virtual, which are essential to the nation that any
disruption of their services could have a serious impact on national
security, economic well-being, public health or safety, or any
combination of these.
q A Critical Infrastructure (CI): it is a term used by governments to
describe assets that are essential for the functioning of a society and
economy.
74
37
15/11/2022
CI (cont.)
Critical Infrastructure (CI) can be classified as:
q Energy: energy production sources, storage and distribution (oil,
gas, electricity).
q Information, Communication Technology (ICT): information system
and network protection (e.g., the Internet), provision of mobile
telecommunication, radio and satellite communication and
broadcasting.
q Water Supply: Provision of water; control of quality and quantity.
q Food and Agriculture: Food production and distribution.
q Health Care : Medical and hospital care; medicines, vaccines, and
pharmaceuticals.
75
Lecture 6: Local Network, Wireless, and Internet
76
38
15/11/2022
LANs and WANs

A LAN is a network infrastructure that A WAN is a network infrastructure that
spans a small geographical area. spans a wide geographical area.
LAN WAN
Interconnect end devices in a limited area. Interconnect LANs over wide geographical areas.
Administered by a single organization or Typically administered by one or more service
individual. providers.
Provide high-speed bandwidth to internal devices. Typically provide slower speed links between LANs.
77
The Internet
§ The Internet is a worldwide collection

of interconnected LANs and WANs
(Network of Networks).
§ LANs are connected to each other
using WANs.
§ WANs may use copper wires, fiber
optic cables, and wireless
transmissions.
The Internet is not owned by any
individual or group.
78
39
15/11/2022
Intranets and Extranets

q An Intranetis a private
collection of LANs and WANs
internal to an organization that is
meant to be accessible only to the
organizations members or others
with authorization.
q An organization might use an
extranet to provide secure access
to their network for individuals who
work for a different organization
that need access to their data on
their network.
79
Internet Access Technologies

Connection Description
Cable High bandwidth, always on, internet

offered by cable television service
providers.
DSL High bandwidth, always on, internet

connection that runs over a telephone
line.
Cellular uses a cell phone network to connect
to the Internet.
Satellite major benefit to rural areas without

Internet Service Providers.
Dial-up an inexpensive, low bandwidth option

telephone using a modem.
80
40
15/11/2022
Internet Access Technologies

Type of Description Corporate business connections may
Connection require:
Dedicated These are reserved circuits within
• Higher bandwidth.
Leased the service provider’s network that • Dedicated connections.
Line connect distant offices with private • Managed services.
voice and/or data networking.
Ethernet This extends LAN access technology

WAN into the WAN.
DSL Business DSL is available in various

formats including Symmetric Digital
Subscriber Lines (SDSL).
Satellite This can provide a connection when a

wired solution is not available.
81
What is Wireless LAN?

qIt is a flexible data communications system implemented as an extension to, or as
an alternative for, a wired LAN.
qWireless LANs transmit and receive data over the air, minimizing the need for
wired connections.
qWith wireless LANs, users can access shared information without looking for a
place to plug in, and network managers can set up or augment network without
installing or moving wires.
82
41
15/11/2022
Benefits of Wireless
qA Wireless LAN (WLAN) is a type of
Productivity
wireless network that is commonly used in
Convenie
Scalability.
homes, offices, and campus environments. nce
qWLANs make mobility possible within

WLANs
benefits
the home and business environments. Cost-of-
ownership Mobility
Speed
Installation and
Flexibility
Simplicity.
83
Types of Wireless Networks

qWireless Personal-Area Network (WPAN) : Low power and short-range (20-30ft
or 6-9 meters). Based on IEEE 802.15 standard and 2.4 GHz frequency. Bluetooth
and Zigbee are WPAN examples.
qWireless LAN (WLAN): Medium sized networks up to about 300 feet. Based on
IEEE 802.11 standard and 2.4 or 5.0 GHz frequency.
qWireless MAN (WMAN) – Large geographic area such as city or district. Uses
specific licensed frequencies.
qWireless WAN (WWAN) – Extensive geographic area for national or global

communication. Uses specific licensed frequencies.
84
42
15/11/2022
Types of Wireless Networks

qWIFI (Wireless Fidelity):
§ A WiFi network is simply an internet connection that’s
shared with multiple devices in a home or business via
a wireless router using radio wave.
qWiMAX (Worldwide Interoperability for Microwave
Access)
§ Alternative broadband wired internet connections.
§ IEEE 802.16 WLAN standard for up 30 miles (50 km).
85
Wireless Technologies (Cont.)

qCellular Broadband : Carry both voice and data. Used by phones,
automobiles, tablets, and laptops.
qGlobal System of Mobile (GSM): Internationally recognized
qCode Division Multiple Access (CDMA): Primarily used on the US.
qSatellite Broadband : Typically used in rural locations where cable and
DSL are unavailable.
86
43
15/11/2022
4
WLAN
Components
87
Wireless NICs
q To communicate wirelessly, laptops, tablets, smart phones,
and even the latest automobiles include integrated
wireless NICs that incorporate a radio
transmitter/receiver.
q If a device does not have an integrated wireless NIC, then
a USB wireless adapter can be used.
88
44
15/11/2022
Wireless Home Router

q A home user typically interconnects wireless devices using a small,
wireless router.
q Wireless routers serve as the following:
§ Access point – To provide wires access.
§ Switch – To interconnect wired devices.
§ Router - To provide a default gateway to other networks and the
Internet.
89
Wireless Access Point

q Wireless clients use their wireless NIC to discover nearby
access points (APs).
q Clients then attempt to associate and authenticate with
an AP.
q After being authenticated, wireless users have access to
network resources.
90
45
15/11/2022
802.11 Wireless Topology Modes

q Ad hoc mode - Used to connect clients in peer-to-peer manner
without an AP.
q Infrastructure mode - Used to connect clients to the network using
an AP.
q Tethering - Variation of the ad hoc topology is when a smart phone or
tablet with cellular data access is enabled to create a personal hotspot.
91
Wireless Client and AP Association

q For wireless devices to communicate over a network, they must first associate
with an AP or wireless router.
q Wireless devices complete the following three stage process:
§ Discover a wireless AP
§ Authenticate with the AP
§ Associate with the AP
92
46
15/11/2022
Wireless Client and AP Association

To achieve successful association, a wireless client and
an AP must agree on specific parameters:
qSSID – The client needs to know the name of the network to
connect.
qPassword – This is required for the client to authenticate to
the AP.
qNetwork mode – The 802.11 standard in use.
qSecurity mode – The security parameter settings, i.e. WEP,
WPA, or WPA2.
qChannel settings – The frequency bands in use.
93
Passive and Active Discover Mode

Wireless clients connect to the AP using a passive or active scanning
(probing) process.
• Passive mode – AP openly advertises its service by periodically sending
broadcast beacon frames containing the SSID, supported standards, and
security settings.
• Active mode – Wireless clients must know the name of the SSID. The wireless
client initiates the process by broadcasting a probe request frame on multiple
channels.
Active mode
Passive mode
94
47
15/11/2022
Lecture 7: Network Mapping
95
Ping – Test Connectivity
• The ping command is an IPv4 and IPv6

testing utility that uses ICMP echo
request and echo reply messages to
test connectivity between hosts and
provides a summary that includes the
success rate and average round-trip time
to the destination.
• If a reply is not received within the
timeout, ping provides a message
indicating that a response was not
received.
96
48
15/11/2022
Traceroute – Test the Path

• Traceroute (tracert) is a utility that is
used to test the path between two hosts
and provide a list of hops that were
successfully reached along that path.
• Traceroute provides round-trip time for
each hop along the path and indicates if a
hop fails to respond.
• An asterisk (*) is used to indicate a lost
or unreplied packet.
• This information can be used to locate a

problematic router in the path or may
indicate that the router is configured not to
reply.
97
What is Network Mapping?
qNetwork mapping is the process of visualizing all the devices on your

network, how they're connected, and how the overall network is structured.
98
49
15/11/2022
Why is Network Mapping important?

Network maps are one of the most important components for network admins.
They help them visually analyze every aspect of
01
the network.
Optimize the layout to make the most of it.
02Security needs:
• Predict the cybercriminals hackers before attackers
03
attacked.
• Identify the most likely avenues that hackers and attacker
will attempt to breach and taking steps for protection.
99
Network Mapping
What is network mapping and how does it help network performance?
q Many Network Performance Monitors (NPMs) come equipped with a tool that
generates or displays network maps.
q These maps provide easy-to-understand graphics that show you how the
devices on your network are performing.
q There are three key areas where network maps can help you improve your
network performance.
v is u a l
01
N e tw o
m o n it
d ia g n
02
03
D e v ic
is s u e
N e tw o
iz a t io
rk
o s is
o r in g
e
rk
n
100
50
15/11/2022
What is a network topology mapper?
q When a device fails on the network, how quickly can
you find the source.
q In the face of network failure, IT must act fast.
q A network topology mapper, also known as

a network mapping tool, can display a live diagram
of your physical network elements.
101
Mapping with physical network elements
102
51
15/11/2022
Network mapping tools?

qNetwork mapping software refers to software and hardware
devices that can be used to:
§ Visually map a network's physical interconnectivity.
§ Indicate different node relationships.
qIt uses hardware devices with different network connection methods,
such as switches, routers, computers and mobile devices.
103
What ELSE should a network map include?
qA network map, in its simplest form, is a

Switches
diagram of your network and each device
attached to it.
Hosts Routers
qTraditionally, these network maps were made
network
by network and systems administrators using map
includes
tools like Visio. Access

Firewalls
points
VLANs
104
52
15/11/2022
What Is Geolocation?
q Geolocation is the ability to track a device’s whereabouts using
GPS, cell phone towers, Wi-Fi access points or a combination of these.
q IP Addresses is used to determine country, region, state, city or

postal code.
q Geolocation can be used to determine time zone and exact

positioning coordinates, such as for tracking wildlife or cargo
shipments.
105
IP2Geo
Multi-pronged approach that exploits various “properties” of the

Internet .
q DNS names of router interfaces often indicate location.
q Network delay tends to correlate with geographic distance.
q Hosts that are aggregated for the purposes of Internet routing also
tend to be clustered geographically.
106
53
15/11/2022
IP2Geo
GeoTrack
• Determine location of closest router with a recognizable DNS
name.
GeoPing
• Use delay measurements to estimate location.
GeoCluster
• Extrapolate partial (and possibly inaccurate) IP-to-location
mapping information using BGP prefix clusters.
107
GeoTrack
GeoTrack operation
q Do a traceroute to the target IP address.
q Determine location of last recognizable router along the
path.
Key ideas in GeoTrack
q Partitioned city code database to minimize chance of
false match.
q ISP-specific parsing rules.
q Delay-based correction.
108
54
15/11/2022
GeoTrack
Limitations
q Routers may not respond to traceroute.
q DNS name may not contain location information or

lookup may fail.
q Target host may be behind a proxy or a firewall.
109
Active and Passive Network Measurements
q Active Network Monitoring is also called Synthetic Monitoring. This method

injects test traffic into the network to find faults or issues within the network. It
helps find and report real-time data such as packet loss, jitter*, HTTP response
time, and so on.
q Passive Network Monitoring involves recording and analyzing the actual user
traffic to understand network usage trends.
* “jitter” In electronics and telecommunications, jitter is the deviation from true periodicity of a presumably
periodic signal, often in relation to a reference clock signa
110
55
15/11/2022
Lecture 8 : Network Security Components

(NSC)
111
Hierarchical Design Layers

Three-layer Hierarchical Design
Access Layer
• Provides endpoints and users direct access to the network.
Distribution layer
• Aggregates access layers and provides connectivity to services
Core Layer
• Provides connectivity between distribution layers for large LAN

environments
112
56
15/11/2022
The Three-Layer Network Design Model
q The campus wired LAN uses a

hierarchical design model to
separate the network topology
into modular groups or layers.
q The hierarchical LAN design

includes three layers as shown in
figure.
Hierarchical Design Model
113
The Three-Layer Network Design Model
q Although the hierarchical model

has three layers, some smaller
enterprise networks may
implement a two-tier hierarchical
design.
q In this two-tier hierarchical
design, the core and distribution
layers are collapsed into one
layer, thus reducing cost and
complexity.
Collapsed Core
114
57
15/11/2022
Common Security Architectures
Firewall design is primarily about device interfaces

permitting or denying traffic based on the source, the
destination, and the type of traffic.
The three firewall designs are:
Public Zone-based
Demilitarized Policy
and Zone (DMZ) Firewalls
Private (ZPFs)
115
Public and Private
The public network (or

outside network) is
untrusted, and the private
network (or inside
network) is trusted.
116
58
15/11/2022
Demilitarized Zone (DMZ)

• A firewall design where there
is typically one:
• Inside interface connected to
the private network
• Outside interface connected
to the public network
• DMZ interface
117
Zone-based Policy Firewalls (ZPFs)
• ZPFs use the concept of zones to

provide additional flexibility.
• A zone is a group of one or more
interfaces that have similar
functions or features.
• Zones help to specify where a
Cisco IOS firewall rule or policy
should be applied.
118
59
15/11/2022
3
2
Network Security
Devices
From Network to Security
119
1
Firewalls
A firewall is a system, or group of systems, that enforces an
access control policy between networks.
Common Firewall Properties:
1. Resistant to network attacks
2. The only transit point between internal corporate networks
and external networks because all traffic flows through the
firewall
3. Enforce the access control policy
120
60
15/11/2022
Firewalls Benefits and Limitations

Firewall Benefits Firewall Limitations
Prevent the exposure of sensitive A misconfigured firewall can have serious
hosts, resources, and applications consequences for the network, such as becoming a
to untrusted users. single point of failure.
Sanitize protocol flow, which
The data from many applications cannot be passed
prevents the exploitation of
over firewalls securely.
protocol flaws.
Users might proactively search for ways around the
Block malicious data from servers
firewall to receive blocked material, which exposes
and clients.
the network to potential attack.
Reduce security management
Network performance can slow down.
complexity.
Unauthorized traffic can be tunnelled or hidden as
legitimate traffic through the firewall.
121
Intrusion Prevention and Detection Devices

A networking architecture paradigm shift is required to defend
against fast-moving and evolving attacks.
This must include cost effective and prevention systems such as:
1. Intrusion Detection Systems (IDS)
2. Intrusion Prevention Systems (IPS)
The network architecture integrates these solutions into the entry

and exit points of the network.
The figure shows how an IPS device handles malicious traffic.
122
61
15/11/2022
Traffic Control with ACLs

• An Access Control List (ACL) is a series of
commands that control whether a device forwards
or drops packets based on information found in
the packet header.
• When configured, ACLs perform the following
tasks:
1. Limit network traffic to increase network
performance.
2. Provide traffic flow control.
3. Provide basic level of security for network
access.
4. Filter traffic based on traffic type.
5. Screen hosts to permit or deny access to
network services.
Sample Topology with ACLs applied to routers
R1, R2, and R3.
123
Traffic Control with SNMP

• Simple Network Management Protocol (SNMP) is an
application layer protocol that provides a message
format for communication between managers and
agents.
• It allows network administrators to perform the
following:
1. Manage end devices such as servers,
workstations, routers, switches, and security
appliances, on an IP network.
2. Monitor and manage network performance.
3. Find and solve network problems.
4. Plan for network growth.
124
62
15/11/2022
Traffic Control with NetFlow

• NetFlow is : a Cisco IOS technology that provides
statistics on packets flowing through a Cisco
router or multilayer switch.
• NetFlow provides data to enable It allows network:
1. network and security monitoring.

2. network planning.
3. Traffic analysis to include identification of
network bottlenecks.
4. IP accounting for billing purposes.
PC 1 connects to PC 2 using HTTPS
125
Traffic Control with Port Mirroring

Port mirroring is a feature that allows a switch to make duplicate copies of traffic
passing through a switch, and then sending it out a port with a network monitor attached.
Traffic Sniffing Using a Switch
126
63
15/11/2022
Lecture 9: Intrusion detection and prevention systems
127
Intrusion Detection and Prevention (IDPP)
q Intrusion (‫ )اﻟﺗﺳﻠل‬occurs when attacker attempts to gain entry or

disrupt normal operations of information systems, almost always with
intent to do harm.
q Intrusion detection consists of procedures and systems that

identify system intrusions.
q Intrusion reaction encompasses actions an organization takes

when intrusion is detected.
q Intrusion prevention consists of activities that deter (‫ )ردع‬intrusion.

128
64
15/11/2022
Intrusion Detection and Prevention (Cont.)

q Intrusion correction activities:
§ Finalize restoration of operations to a normal state.
§ Seek to identify source and method of intrusion to ensure that attack cannot occur again.
q Intrusion detection systems (IDSs) work like a burglar alarm [‫]إﻧذار ﺿد اﻟﺳرﻗﺔ‬:
detect violation, activate alarm.
q Intrusion prevention system (IPS) can detect intrusion and launch an active
response.
q Intrusion detection/prevention system (IDPS) describes current anti-intrusion

technologies.
129
IDPS Terminologies (1)
Alert or alarm
• Indication a system has just been attacked or is under attack.
Evasion:
• Process by which attacker changes the format and/or timing of their activities to
avoid being detected by the IDPS.
False attack stimulus [alarm]:
• Event that triggers alarm when no actual attack is in progress.
False negative:
• Failure of an IDPS to react to an actual attack event.
False positive:
• Alert or alarm that occurs in the absence of an actual attack.
130
65
15/11/2022
Why Use an IDPS?

• National Institute of Standards and Technology (NIST) reasons to
acquire and use an IDPS:
Prevent problem behaviors by increasing perceived risk of discovery & punishment.
Detect attacks and security violations not prevented by other security measures.
To detect and deal with the preambles to attacks.
To document existing threat to an organization.
To act as quality control for security design and administration.
To provide useful information about intrusions that do take place.
131
Why Use an IDPS?
• IPS technologies can respond to detected threat by attempting

to prevent it from succeeding while IDS cannot.
Host-based (operates
on hosts )
IDPS operational
Wireless.
categories
Network-based
(functions at the
network level)
Network behavior
analysis (NBA).
132
66
15/11/2022
Why Use an IDPS?
• Several IPS response techniques:
Terminate Block access to

network target from Block all access
connection or offending user to targeted host, Change the
Change the
user session account, IP service, security
attack’s content.
that is being address, or application, or environment.
used for the another attacker other resource.
attack. attribute.
133
Network-Based IDPS
q NIDPSs reside on computer or appliance connected to network segment
and monitor network traffic.
q Compare measured activity to known signatures to determine whether an

attack has occurred or is underway.
q Protocol stack verification: NIDPSs look for invalid data packets.
q Application protocol verification: higher-order protocols (HTTP, FTP,

Telnet) are examined for unexpected packet behavior or improper use.
134
67
15/11/2022
Wireless NIDPS
q Monitors and analyzes wireless network traffic looking for potential problems
with wireless protocols (Layers 2 and 3 of the OSI model).
q Cannot evaluate and diagnose issues with higher-layer protocols like TCP and
UDP.
135
Network Behavior Analysis System
q Examines network traffic to identify problems related to flow of traffic.
q Uses a version of anomaly detection method.
q Typical flow data relevant to intrusion detection and prevention includes:
§ Source and destination IP addresses.
§ Source and destination TCP or UDP ports or ICMP types and codes.
§ Number of packets and bytes transmitted in the session.
§ Starting and ending timestamps for the session.
136
68
15/11/2022
Host-Based IDPS
q Resides on computer or server (the host) and monitors activity only on that
system.
q Also known as system integrity verifiers.
q Benchmark/monitor status of key system files.
q Triggers alert when file attributes change, new files are created, or existing files
are deleted.
137
IDPS - Detection Methods

Signature-based (knowledge-based, misuse-detection) IDPS:
• Examines network traffic in search of patterns that match known signatures.
Statistical anomaly-based (stat, behavior-based) IDPS:
• Compares sampled network activity to established baseline.
Stateful protocol analysis (SPA) IDPS:
• Uses profiles to detect anomalous protocol behavior.
Log file monitor (LFM) IDPS:
• Reviews log files from servers, network devices, and other IDPSs for
signatures indicating an attack or intrusion.
138
69
15/11/2022
IDPS Response Behavior

q Response depends on organization’s policy, objectives, and system
capabilities.
q Responses classified as active or passive:
Active response:
• Definitive action automatically initiated when certain types of alerts are

triggered.
• Include collecting additional data, changing or modifying the
environment, and acting against the intruders.
Passive response:
• Report information they have collected and wait for administrator to act.
139
IDPS Response Behavior

Audible/
visual
Terminate SNMP traps
alarm and
session or
connection plug-ins
Reconfigure E-mail
firewall
Possible message
responses
Launch of IDPSs Page or
phone
program
message
Act against
Log entry
the intruder
Evidentiary
packet
dump
140
70
15/11/2022
Honey Pots, Honey Nets, and Padded Cell Systems

q Honey pots (decoys, lures, fly-traps): decoy systems (‫)أﻧﻈﻤﺔ اﻟﻔﺦ‬
designed to lure (‫ )اﻏﺮاء‬potential attackers away from critical

systems.
q Honey net: collection of honey pots connecting several honey
pot systems on a subnet. Honey pots are designed to:
§ Divert an attacker from critical systems.
§ Collect information about the attacker’s activity.
§ Encourage the attacker to stay on the system long enough for

administrators to document the event and, perhaps, respond.
141
Honey Pots, Honey Nets, and Padded Cell Systems
q Padded cell: honey pot that has been protected so it cannot be easily
compromised—in other words, a hardened honey pot.
q In addition to attracting attackers with tempting data, padded cell
operates in tandem with traditional IDPS.
q When IDPS detects attackers, it seamlessly transfers them to special
simulated environment where they can cause no harm.
q Allows organization to observe and document actions and tactics of

an attacker.
142
71
15/11/2022
Trap and Trace Systems
q Use a combination of techniques to detect an intrusion and then to trace it back to its
source.
q Trap usually consists of a honey pot or padded cell and an alarm.
q Trace feature is process by which organization attempts to determine identity of an

intruder.
q If intruder is someone inside the organization, administrators are within their power to
track the individual and turn him or her over to authorities.
q If intruder is outside security perimeter of the organization, numerous legal issues arise
q Back hack: hacking into a hacker’s system to find out as much as possible about the
hacker.
143
Lecture 10: Cyber Incident Response (CIR)
144
72
15/11/2022
Introduction and Definitions
What is Incident Response?

q The Incident: is “an event or occurrence”
§ Data breach:Information is stolen or taken without the knowledge or
of the system's owner.
§ Cyber attack: unwelcome attempts to steal, expose, alter, disable or
destroy information.
q The Response: is “a reaction to something”
§ The process one uses to handle a cyber attack or data breach.
145
Introduction and Definitions

q A computer security incident is a threat or violation of computer security
policies, acceptable use policies, or standard security practices.
q Examples of these incidents are:
Attackers sending high volumes of connection requests to a web server,

which result in server crash.
Obtaining sensitive data and threatens to release it publicly.
Tricking users into opening email attachments, which are in fact malware
that infect their computers.
146
73
15/11/2022
Cyber incident response definition
q The mitigation of violations of security policies and recommended

practices.
q These incidents may come from:
§ Internal incidents.
§ Cyber attacks.
§ Policy violations.
q These are only examples of where incidents might stem from.
147
Need for Incident Response
q Attacks frequently compromise personal and business data, and it is
critical to respond quickly and effectively when security breaches occur.
q There are many benefits of having an incident response such as:
§ It supports responding to incidents systematically (i.e., following a consistent
incident handling methodology) so that the appropriate actions are taken.
§ Incident response helps personnel to minimize loss or theft of information and
disruption of services caused by incidents.
148
74
15/11/2022
Need for Incident Response (Cont.)
q It provides the ability to use information gained during incident
handling to better prepare for handling future incidents and to provide
stronger protection for systems and data.
q It helps with dealing properly with legal issues that may arise during
incidents.
149
Cyber Incident Response Plan
q A cybersecurity incident response plan (or IR plan) is a set of

instructions designed to help companies prepare for, detect, respond to,
and recover from network security incidents.
150
75
15/11/2022
Cyber Incident Response Plan (Cont.)
q Incident response plan provides the roadmap for implementing the incident
response capability.
q The plan should meet the organization’s unique requirements, which relates
to its mission, size, structure, and functions.
q The plan should include the necessary resources and management support.
q The plan should be implemented and reviewed at least annually to ensure
the organization is following the roadmap and meet their goals for incident
response.
151
Cyber Incident Response Plan (Cont.)

The IR plan should include the following elements:
Mission. Strategies and goals. Senior management

approval.
Organizational How the incident Metrics for

approach to incident response team will measuring the IR
response. communicate with capability and its
others. effectiveness.
Roadmap for How the program fits

maturing the incident into the overall
response capability. organization.
152
76
15/11/2022
Incident Response Life Cycle

The major phases of the incident response process are:
153
1) Preparation:
• This phase addresses primarily pre-incident planning and coordination.

• The organization not only needs to be ready to respond to incidents, but also
preventing incidents by ensuring that systems, networks, and applications
are sufficiently secure.
• Having a properly prepared team and plan is key to a successful response
process.
• The IR team is not mainly responsible for incident prevention, but it is
essential to the success of IR program.
154
77
15/11/2022
2) Detection and analysis:

• This phase is where an event grows from being an event to an incident,
which requires a response effort.
• Depends heavily on the criteria created in the Preparation phase.
• Incidents can occur in countless ways.
• Therefore, different types of incidents require different response
strategies.
• Signs of an incident fall into one of two categories:
(1) Precursors (‫ )اﻻﻧﺬارات‬: a sign that an incident may occur in the future.
(2) Indicator, which is a sign that an incident may have occurred or may be
occurring now.
155
3) Containment, eradication and recovery:
q Containment is important before an incident overwhelms resources or

increases damage.
q An essential part of containment is decision-making (e.g., shut down a
system, disconnect it from a network, disable certain functions).
q Containment strategies vary according to the type of incident.
q Containment goals are: to protect and keep available the critical assets,
determine operational status of resources and to prevent further
compromise.
156
78
15/11/2022
3) Containment, eradication and recovery (Eradication):
q After an incident has been contained, eradication may be

necessary to eliminate components of the incident.
q The primary goals of eradication are:
§ Eliminate the threat from the environment.
§ Restore affected systems to their previous clean state.
§ Prevent further compromise.
157
3) Containment, eradication and recovery (Recovery):
q In recovery, administrators restore systems to:

• Its normal operation,
• Confirm that the systems are functioning normally, and
• Remediate vulnerabilities to prevent similar incidents.
q Recovery may include restoring systems from backups, replacing

compromised files with clean versions, changing passwords, and
strengthening network security.
158
79
15/11/2022
4) Post-incident activity:
• One of the most important parts of incident response is learning and
improving.
• Each IR team should evolve to reflect new threats, improved technology,
and lessons learned.
• The team should hold a “lessons learned” meeting with all involved parties
after a major incident.
• This meeting reviews the incident by reviewing what occurred, what was
done to intervene, and how well intervention worked
159
Lecture 11: Managed services
160
80
15/11/2022
Managed services
What is Managed services?
q The Managed services are the practice of outsourcing the
responsibility for maintaining, and anticipating need for, a range of
processes and functions, ostensibly for the purpose of:
§ Improved operations.
§ Reduced budgetary expenditures through the reduction of directly-
employed staff.
161
Need For Managed Services
q Managed services model can be used in following situations:
The organization has multiple locations of operation.
The organization has large number of workforce.
The resource pool for processes are underutilized.
The skills required for managing operations are specialized.
The cost of operation is going up.
162
81
15/11/2022
Benefits for Managed Services
Customer peace
Single supplier Avoid costs of
of mind- Single point of instead of building own
monitor network contact for all management &
on 24x7×365 issues. multiple reporting
vendors.
basis proactively. systems.
163
Benefits for Managed Services
Ability to interact
More Business Increased ARPU with influence
Lower Total Cost contracts - customers at a
Ownership (TCO) (average revenue
for client. extended per user)
business/application
longevity. decision making
level.
164
82
15/11/2022
The Architecture
q The architecture consists of the following components:
Monitoring Application
Data center server. server
Virtualization Provisioning
components. manager.
165
The Architecture
166
83
15/11/2022
Types
Name Functions Providers
• Software – production support and maintenance.
• Authentication.
• Systems management.
IT managed services
• Data backup and recovery.
Information services • Data storage, warehouse and management.
provider
• Cloud transformation.
• Network monitoring, management and security.
• Supply chain management. Internet service

Business-to- • Communications services (mail, phone, VoIP). provider,
business integration • Internet. Video managed
• Videoconferencing. services provider
• Supply chain planning, monitoring and control. Supply chain
Supply chain
• Sourcing and procurement ( ‫)اﻟﻤﺼ ﺎدر واﻟﻤﺸﺘﺮﯾﺎت‬ managed services
managed services provider
167
Types
Name Functions Providers
• Daily transportation planning.

Managed
• Process execution and enforcement (freight
Transportation transportation
audit/accounting & payment).
services provider
.(‫ اﻟﻤﺤﺎﺳﺒﺔ واﻟﺪﻓﻊ‬/ ‫)ﺗﺪﻗﯿﻖ اﻟﺸﺤﻦ‬
Marketing
• Marketing strategy, planning. managed services
• Integrated marketing / advertising agency provider,
Marketing
services (graphic design, copywriting, PPC, outsourced
social media, web design, SEO) marketing
providers
• Systems operation and support services. Media managed

Media
• Broadcast managed services. services provider
168
84
15/11/2022
Defining Managed IT Services
• Managed Services or Managed IT Services refers to the services offered

by a third-party i.e., IT Managed Service Provider (MSP), who addresses
some or all sorts of IT requirements.
• Managed services can happen on-demand, short term or on a contractual
basis for a long-term duration.
• In other words, this can also be explained as the process of outsourcing a
range of IT needs including infrastructure, applications, security and
maintenance, among others to a third-party provider.
169
Types of Managed IT Services

In these three different categories, IT MSPs provide a wide range of
managed service offerings, including:
Application Management and Support Services (AMS)
Cloud Managed Services
Managed Security Services
Networks and Infrastructure
170
85
15/11/2022
Lecture 12: Software Security
171
Threat, Vulnerability, and Risk
Attackers wants to access our assets such as data and

other intellectual property, servers, computers, smart
phones, tablets, and so on.
172
86
15/11/2022
Threat, Vulnerability, and Risk

To understand network security, it is important to know the following terms:
TERM EXPLANATION
Threat A potential danger to an asset such as data or the network itself.
Vulnerability A weakness in a system or its design that could be exploited by a threat.
Attack An attack surface is the total sum of the vulnerabilities in a given system that are accessible to an
Surface attacker. The attack surface describes different points where an attacker could get into a system,
and where they could get data out of the system.
Exploit The mechanism that is used to leverage a vulnerability to compromise an asset. Exploits may be
remote or local. A remote exploit is one that works over the network without any prior access to
the target system. In a local exploit, the threat actor has some type of user or administrative
access to the end system. It does not necessarily mean that the attacker has physical access to
the end system.
Risk The likelihood that a particular threat will exploit a particular vulnerability of an asset and result
in an undesirable consequence.
173
Hacker vs. Threat Actor

White Hat Hackers:
• Ethical hackers who use their programming skills for good, ethical,
and legal purposes.
Gray Hat Hackers:
• Individuals who commit crimes and unethical things, but not for
personal gain or to cause damage.
Black Hat Hackers:
• Unethical criminals who violate computer and network security for
personal gain.
Note: The term ‘threat actor’ is used when referring to

individuals or groups that could be classified as gray or
black hat hackers.
174
87
15/11/2022
Cybercriminals
• Cybercriminals are threat actors who are motivated to
make money using any necessary means.
• They are financed and sponsored by criminal
organizations through buy and sell personal information
and intellectual property that they steal from victims.
• They target small businesses and consumers, as well as
large enterprises and industries.
• Hence, Cybersecurity is a shared responsibility which all
users must practice to make the internet and networks
safer and more secure.
• Organizations must act and protect their assets, users,
and customers.
• They must develop and practice cybersecurity tasks
such as those mentioned in the figure.
175
Indicators Of Compromise (IOC)

• IOCs are the evidence that an attack has
occurred, and each attack has unique
identifiable attributes.
• IOCs help cybersecurity personnel identify

what has happened in an attack and
develop defenses against the attack.
‫ﻣ ؤ ﺷ ر ا ت ا ﻻ ﺧ ﺗر ا ق‬
Summary of the IOC for a piece of malware
176
88
15/11/2022
Categories of Attacks
• It is important to understand that threat actors use a variety of security tools to carry
out these attacks.
• The following table displays common types of attacks.
Category of Attack Description

When a threat actor captures and listens to network traffic. This is also
Eavesdropping attack
called as sniffing or snooping.
Data modification Occur when a threat actor has captured enterprise traffic and has
altered the data in the packets without the knowledge of the sender or
attack
receiver.
IP address spoofing When a threat actor constructs an IP packet that appears to originate
attack from a valid address inside the corporate intranet.
177
Categories of Attacks
Category of Attack Description
Password-based
Occur when a threat actor obtains the credentials for a valid user account.
attacks
Denial-of-service (DoS) A DoS attack prevents normal use of a computer or network by valid users.
This attack can block traffic, which results in a loss of access to network
attack
resources.
Man-in-the-middle A MiTM attack occurs when threat actors have positioned themselves
attack (MiTM) between a source and destination.
Compromised key Occurs when a threat actor obtains a secret key. A compromised key can be
used to gain access to a secured communication without the sender or
attack
receiver.
A sniffer is an application or device that can read, monitor, and capture
Sniffer attack network data exchanges and read network packets. If the packets are not
encrypted, a sniffer provides a full view of the data inside the packet.
178
89
15/11/2022
Types of Malware
• Malware is a code or software designed to damage, disrupt, steal, or inflict
some other ‘bad’ or illegitimate action on data, hosts, or networks.
• The three most common types of malware are Virus, Worm, and Trojan
horse.
179
Viruses
• A virus is a type of malware that spreads by inserting a
copy of itself into another program.
• After the program is run, viruses spread from one
computer to another, thus infecting the computers.
• A simple virus may install itself at the first line of code
in an executable file.
• Viruses can be harmless, for those that display a
picture on the screen, or they can be destructive.
• They can also modify or delete files on the hard drive.
• Most viruses spread by USB memory drives, CDs,
DVDs, network shares, and email.
• Email viruses are a common type of virus.
180
90
15/11/2022
Trojan Horses
• Trojan horse malware is a software that appears to
be legitimate, but it contains malicious code which
exploits the privileges of the user that runs it.
• Trojans are found attached to online games.
• Users are commonly tricked into loading and
executing the Trojan horse on their systems
• It can cause immediate damage, provide remote
access to the system, or access through a back
door.
181
Worms
• Computer worms are similar to viruses
because they replicate themselves by
independently exploiting vulnerabilities in
networks.
• Worms can slow down networks as they
spread from system to system. Initial Code Red Worm Infection
• Worms can run without a host program.
• However, once the host is infected, the
worm spreads rapidly over the network.
Code Red Infection 19 hours later
182
91
15/11/2022
Ransomware
• Ransomware is a malware that denies
access to the infected computer system or
its data.
• Ransomware frequently uses an
encryption algorithm to encrypt system
files and data.
• Email and malicious advertising, also
known as malvertising(‫)اﻹﻋﻼﻧﺎت اﻟﺧﺑﯾﺛﺔ‬, are
vectors for ransomware campaigns.
• Social engineering is also used, when
cybercriminals pretending to be security
technicians make random calls at homes
and persuade users to connect to a
website that downloads ransomware to
the user’s computer.
183
Common Malware Behaviors

• Computers infected with malware often exhibit one or more of the following symptoms:
Emails are
Appearance of strange Antivirus and firewall Computer screen is spontaneously being
files, programs, or programs are turning off freezing or system is sent without your
desktop icons or reconfiguring settings crashing knowledge to your
contact list
Files have been Increased CPU and/or Problems connecting to Slow computer or web
modified or deleted memory usage networks browser speeds
Connections are made

Unknown processes or Unknown TCP or UDP Strange computer
to hosts on the Internet
services running ports open behavior.
without user action
• Note: Malware behavior is not limited to the above list.
184
92
15/11/2022
Security Objectives: CIA

Confidentiality (or secrecy)
• unauthorized users cannot read information
Integrity
• unauthorized users cannot alter information
Availability
• authorized users can always access information
Non-repudiation for accountability

• authorized users cannot deny actions
Others
• Privacy, anonymity…
185
The evasion methods used by threat actors include:
Evasion Method Description
This evasion technique uses tunneling to hide, or encryption to scramble, malware

Encryption and files. This makes it difficult for many security detection techniques to detect and
tunneling identify the malware. Tunneling can mean hiding stolen data inside of legitimate
packets.
Resource This evasion technique makes the target host too busy to properly use security
exhaustion detection techniques.
This evasion technique splits a malicious payload into smaller packets to bypass
Traffic network security detection. After the fragmented packets bypass the security detection
fragmentation system, the malware is reassembled and may begin sending sensitive data out of the
network.
186
93
15/11/2022
Lecture 13: System Administration
187
What is a system?
System: An organized collection of computers interacting with

a group of users.
Servers PCs
run on
run on
Network
Services Users
help to accomplish work
188
94
15/11/2022
What Does System Administration Mean?
System Administration refers to the management of one or more

hardware and software systems. The task is performed by a system
administrator who:
Monitors and
Monitors allocates system Performs Provides user
system health. resources like backups. access.
disk space.
Manages user Monitors Performs many

accounts. system security. other functions.
189
q Systems administration : Managing computer systems

and the ways people use them in an organization.
q This requires the knowledge of operating systems and

applications, as well as hardware and software
troubleshooting, but also knowledge of the purposes for
which people in the organization use the computers.
190
95
15/11/2022

q System administration is a job done by IT experts for an organization.
q The job is to ensure that computer systems and all related services are
working well. Common tasks include:
Installation of new hardware or software.
Creating and managing user accounts.
Maintaining computer systems such as servers and databases.
Planning and properly responding to system outages and various other problems.
Light programing or scripting to make the system workflows easier as well as

training computer users and assistants.
191
Duties of a System Administrator

A system administrator's responsibilities might include:
Installing OS, Adding, removing, or
applying operating Installing and updating user
configuring new System performance
system updates and account information, tuning.
configuration hardware and resetting passwords,
software.
changes. etc.
Responsibility for
documenting the Performing routine
Responsibility for audits of systems
security. Performing backups.
configuration of the
system. and software.
Introducing and
Analyzing system integrating new Ensuring that the
logs and identifying Troubleshooting any network
reported problems. technologies into
potential issues with existing data center infrastructure is up
computer systems. and running.
environments.
192
96
15/11/2022
Lecture 14: Software Update
193
Software Update: Definition

q An update is new, improved, or fixed software, which replaces older
versions of the same software.
q For example, updating your operating system brings it up-to-date
with the latest drivers, system utilities, and security software.
q Updates are often provided by the software publisher free of
additional charge.
194
97
15/11/2022
Software Update: Definition

q Software updates are everywhere around us, from our phones
offering us security and new features to our laptop or smart TV
annoying us at the worst moment.
q With more and more connected devices around us, the chance that
you've been hit by an update notification is high.
But ????
q What do these software updates do?
q How do they work, and why are they important?
195
Why do I need to update?

q Software updates are important because they often include critical patches to
security holes.
q In fact, many of the more harmful malware attacks we see take advantage of
software vulnerabilities in common applications,
Cybercrime Protection like operating systems and
Fix Bugs and Malware
browsers. Better Security
Benefit from New Features
Decrease Downtime
q Updates fix any problems with software or hardware that were not detected
before the product was released to the public. If you don't update, the computer
could encounter those problems or be vulnerable to attacks.
196
98
15/11/2022
Reasons Why Software Updates Are Important
Cybercrime Protection

Better Security Better Security
Decrease Downtime
Decrease Downtime
197
What happens if I don't update?

Several things can happen if you do not update. The most common symptoms
you encounter if you do not update are:
Fix errors:
• Most updates fix errors, and if you don't update, you'll get those errors.
Security vulnerabilities: Better Security
• Updates also patch security holes.Decrease
If you Downtime
don't update, your information may be
compromised.
Fix conflicts :
• If you don't update, conflicts may happen and cause problems with other programs.
198
99
15/11/2022
Differences between software upgrades and updates
qThe main difference between update and upgrade is that:
q Update is to make and keep something up to date or a better

version of the older one, often to solve glitches or problems.
Better Security
Decrease Downtime
qupgrade is to raise something to a higher standard by adding or
replacing few components.
199
Differences between software upgrades and updates
Point of view Update Upgrade

To raise something to a higher
To make and keep something up to
Definition standard by adding or replacing few
date.
components.
Frequency of
Occurs frequently
Cybercrime Protection Comparatively less
Occurrence Fix Bugs and Malware
Better Security Replaces the older version with a
What Does it Do Modifies the present software
Decrease Downtime
new one
Revises your device, repairs security
Access emerging technology with
Importance loopholes, removes computer bugs,
new features to support industry, etc.
etc.
Charges Usually free of cost. Generally, has charges
A Security update, service packs, Rolling upgrade, non-rolling
Types
critical update, etc. upgrade, cold install, etc.
200
100
15/11/2022
Lecture 15: Vulnerability Monitoring
201
What is Vulnerability ?
q Identify exploitable flaws or weaknesses in organization’s IT
systems or processes.
q Need combination of threat and vulnerability to create a risk to an
asset.
q Outcome should be a list of threats and vulnerabilities with brief
descriptions of how and why they might occur.
202
101
15/11/2022
What is Vulnerability ?
q There are different methodologies for identifying vulnerabilities .

q Specific vulnerabilities can be found by reviewing vendor web sites.
q Public vulnerability archives, such as Common Vulnerabilities and

Exposures (CVE) or the National Vulnerability Database (NVD)
203
In Security ..
• A vulnerability is a weakness All of them are very serious attacks these days.
which allows an attacker to
Viruses, trojan Stolen Customer
reduce a system’s horses… etc. Denial of Service
Data
information assurance. Cybercrime Protection

• This can affect every devices in
Modified
Better SecurityDatabases
Identity Theft and
other threats to Equipment Theft
a system and one of the critical

personal privacy
Decrease Downtime
attack is the z-day attack. Hack-tivism
“means they have “zero Espionage in

cyberspace
“defacing websites
for political
reasons”
days” to fix it or even know
about attack”.
Cyberterrorism …and so on..
204
102
15/11/2022
Levels of Vulnerability/ Threat
1 FOR HARDWARE
The Four
Levels 2 FOR SOFTWARE
Can be
Attacked
3 FOR DATA
4 FOR OTHER (RESOURCES) ..PEOPLE
205
A) Hardware Level of Vulnerability

Add / remove a H/W device
• Ex: Snooping, wiretapping
• Snoop = to look around a place secretly in order to discover things about it or the
people connected with it.
• Ex: Modification, alteration of a system.
Better Security
Physical attacks on H/W (need
Benefit physical
from security:
New Features locks and guards)
Decrease Downtime
• Accidental (dropped PC box) or voluntary (bombing a computer room)
• Theft / destruction
• Damage the machine (spilled coffe, mice, real bugs)
• Steal the machine.
206
103
15/11/2022
B) Software Level of Vulnerability
Software Deletion:
• Easy to delete needed software by mistake.

• To prevent this: use configuration management software
Software Modification Cybercrime Protection

• Trojan Horses, , Viruses, BetterTrapdoors,
Logic Bombs, Security Information Leaks [‫]ﺗﺳرﯾﺑﺎت‬
(via covert channels), ... Benefit from New Features
Decrease Downtime
Software Theft
• Unauthorized copying
• Via P2P, etc. “BitTorrent illegal Copy and movies”
207
C) Data Level of Vulnerability
How valuable is your data?
• Credit card info vs. your home phone number

• Source code.
• Visible data vs. context
Adequate protection Better Security
• Cryptography Decrease Downtime
• Good if intractable for a long time.
Threat of Identity Theft.
• Phishing and other social engineering techniques.
208
104
15/11/2022
Types of Attacks on Data CIA

Disclosure
• Attack on data confidentiality
Unauthorized modification / deception (‫)اﻟﺧداع‬

• E.g., providing wrong data (attack onand
Fix Bugs data integrity)
Malware
Better Security
Disruption Benefit from New Features
Decrease Downtime
• DoS (attack on data availability)
Usurpation
• Unauthorized use of services (attack on data confidentiality, integrity or

availability).
209
Ways of Attacks Data CIA

Examples of Attacks on Data Confidentiality
• Tapping: Taps are specifically designed devices that passively copy network data without altering it.
• Snooping: unauthorized access to another person's or company's data.
Examples of Attacks on Data Integrity

Better
• Modification: salami attack : little bitsSecurity
add up “stolen”.
Benefitof
• E.g., „shave off” the fractions from Newafter
cents Features
interest calculations
Decrease Downtime
• Fabrication: replay data: send the same thing again
• E.g., a computer criminal replays a salary deposit to his account
Examples of Attacks on Data Availability
• Delay vs. “full” DoS
210
105
15/11/2022
D) Vulnerability at Other Exposure Points
Network vulnerabilities / threats
• Networks multiply vulnerabilties and threats, due to their complexity
Access vulnerabilities / threats Cybercrime Protection

Better Security
• Denial of access to legitimate users
Decrease Downtime
People vulnerabilities / threats
• Crucial weak points in security

• too often, the weakest links in a security chain
• Honest insiders subjected to skillful social engineering
• Disgruntled employees
211
Methods of Defense
Five basic approaches to defense of computing systems
Prevent attack Deter attack Better Security
Deflect attack Detect attack
• Block attack / Close Benefit from New Features • During or after.
‫ردع‬ ‫ﺗﺷﺗﯾت‬
Decrease Downtime Recover from
vulnerability
• Make attack • Make another target attack.
harder more attractive than
“impossible” this target.
212
106
15/11/2022
Lecture 16: People and security role
213
Introduction
q Computers and digital devices are a target of attack.
q Networks that computers and devices use should also be secured.
q The success of any information security program lies in policy
development.
q Policy is the foundation of an effective information security program.
q An effective information security training and awareness effort cannot be
initiated without writing information security policies.
214
107
15/11/2022
CIA Triad
We know now!!
• Confidentiality – restrict access to

authorized individuals.
ty
a li
• Integrity – data has not been

In
n ti
te
altered in an unauthorized manner.

de
gr
ity
n fi
Co
• Availability – information can be

accessed and modified by authorized
Availability
individuals in an appropriate
timeframe.
215
Tools for Information Security

Access
Access Control
Authentication Control
Encryption Passwords
Firewalls
Backup Firewalls Better Security
Decrease Downtime
Virtual Private
Networks Physical Virtual Private Networks
Security
(VPN)
Security Encryption
Policies
Backup
216
108
15/11/2022
Importance of Cybersecurity
q The Internet allows an attacker to work from anywhere on the planet.
q Risks caused by poor security knowledge and practice:
§ Identity Theft.
§ Monetary Theft.
§ Legal Ramifications for yourself and
Fixyour
Bugsorganization).
and Malware
Better Security
§ Sanctions [‫ ]اﻟﻌﻘﻮﺑﺎت‬or terminationBenefit
if policies
fromare
NewnotFeatures
followed.
Decrease Downtime
q Top vectors for vulnerabilities available to a cyber criminal are:
§ Web Browser.
§ Web Applications.
§ Excessive User Rights.
217
Cybersecurity is Safety
qSecurity: We must protect our computers and data in the
same way that we secure the doors to our homes.
qSafety: We must behave inProtection
Cybercrime ways that protect us against
Better Security
risks and threats that come with technology.
Decrease Downtime
218
109
15/11/2022
Leading Threats
Viruses Worms
Trojan
Social Fix Bugs and Malware
Horses / Better Security
Logic Bombs Engineering

Decrease Downtime
Botnets /
Rootkits
Zombies
219
Social Engineering
q Social engineering is a manipulation technique that exploits human
error to gain private information, access, or valuables.
q In cybercrime, these “human hacking” scams tend to lure
unsuspecting users into exposing data, spreading malware
Better Security
infections, or giving access to restricted systems.
Decrease Downtime
220
110
15/11/2022
Why Policy?
q A quality information security program begins and ends with policy.
q Although information security policies are the least expensive means
of control to execute, they are often the most difficult to implement.
q Policy controls cost onlyFix
the time
Bugs and effort that the management
and Malware
Better Security
team spends to create, approve and communicate them, and that
Decrease Downtime
employees spend integrating the policies into their daily activities

q Cost of hiring a consultant is minimal compared to technical controls.
221
Guidelines for IT policy
All policies must contribute to the

success of the organization
Management mustFix Bugsensure the
and Malware
adequate sharing of responsibility
Better Security
for proper use of information
Decrease Downtime
systems
End users of information systems

should be involved in the steps of
policy formulation
222
111
15/11/2022
Basic Rules in Shaping a Policy
Policy should never conflict with law.
Policy must be able to stand up in court, if
Better Security
challenged. Benefit from New Features
Decrease Downtime
Policy must be properly supported and

administered.
223
Bull’s Eye Model

q Proven mechanism for prioritizing complex changes.
q Issues are addressed by moving from general to specifics.
q Focus of systemic solutions instead of individual problems.
q Bull’s Eye Model Layers: Better Security
Decrease Downtime
224
112
15/11/2022
Bull’s Eye Model Layers

Policies :
• The outer layer in the bull’s eye diagram.
Networks :
•The place where threats from public networks meet the organization’s networking
infrastructure; in the past, most information security efforts have focused on
networks, and until recently Cybercrime
information security was often thought to be
Protection
synonymous with network security.
Better Security
Systems: Benefit from New Features
Decrease
•Computers used as servers, desktop Downtime
computers, and systems used for process control
and manufacturing systems.
Application :
•All applications systems, ranging from packed applications such as office automation
and e-mail programs, to high-end ERP packages and custom application software
developed by the organization.
225
Lecture 17: Physical (Environmental) Security
226
113
15/11/2022
Information Security TRIAD

• CIA forms the pillars of security efforts.
• The Physical (Environmental) Security Domain supports all three pillars
by considering the physical risks that could happen to our information system,
the environment in which our systems operate, and takes action by applying
risk-based, cost-effective security countermeasures.
Confidentiality :
• Ensures that no one is allowed to physically remove the equipment or to obtain
access to the information through physical access.
Availability :
• Ensures that the system is physically protected from destruction.
Integrity:
• Ensures that the information system is physically protected so that unauthorized
“taps” or equipment (wireless access points, additional routers, etc.) cannot be
inserted into the system.
227
Goals of Physical Security

q Deter - Convince the threat agent not to attack.
q Delay - If they do decide to attack, we want to delay them long

enough to detect the attack and respond to block it before
damage to the information system or information occurs.
q Detect - We need to have the ability to detect the attack. We

can’t delay forever so our ability to detect the attack is important
and must be timely.
q Assess - There is an old saying that the first report is almost

always wrong. Once detected, we need time to assess the
method of the attack, the target, and what should be done.
q Respond - Take the appropriate actions without overreacting.

This is often very difficult and should be covered in the incident
response plan.
228
114
15/11/2022
Layered Defense Model

q Security through ‘layers’ of controls.
q Multi-layered: environment should be considered multi-
layered.
q Starts with the perimeter[‫]ﺣدود ﺧﺎرﺟﯾﺔ‬, then building grounds,
then building entry points, etc.
229
Layered Defense Model
Perimeter
230
115
15/11/2022
Perimeter and Building Boundary Protection

qPerimeter security controls are the first line of
defense.
qProtective barriers can be either natural or
structural.
231
Perimeter Intrusion Detection Systems

qDetects unauthorized access into an area.
232
116
15/11/2022
Building Entry Point Protection

q Locks.
q Lock Components.
233
Guards and Guard Stations

q Guards
q Can provide a deterrent
q Guard Stations
234
117
15/11/2022
Lecture 18: Internet of Things (IoT)
235
What is the Internet of things?

IoT is a dynamic global network infrastructure of physical and virtual
objects having unique identities, which are embedded with software,
sensors, electronic and Network connectivity to facilitate intelligent
applications by collecting and exchanging data.
Local Cloud
Sensors Processing Network Internet Processing
and Storage and Storage
236
118
15/11/2022
IoT Network
237
The goal of IoT
q The main goal of IoT is to configure, control, and network the devices or
things, to the internet, which are traditionally not associated with the
internet i.e., thermostats, utility meters, a Bluetooth-connected headset,
irrigation pumps, and sensors.
238
119
15/11/2022
The characteristics of IoT

Dynamic and self-adapting:
• IoT devices and systems may have the capability to dynamically adapt to the changing contexts and take
actions based on their operating conditions or sensed environment.
Self-configuring:
• allowing many devices to work together to provide certain functionality.
Inter-operable Communication protocols:

• Support several interoperable communication protocols and can communicate with other devices and
infrastructure.
Unique identity:
• Each IoT device has a unique identity and a unique identifier (IP address).
Integrated into the information network:

• That allows them to communicate and exchange data with other devices and systems.
239
The challenges of IoT
240
120
15/11/2022
Applications of IoT
Home Cities Environment Energy
Retail Logistics Agriculture Industry
Health &
Lifestyle
241
The elements of IoT
242
121
15/11/2022
The elements of IoT

Identification
• An explicit identity is needed for each object.
• There are two processes in identification: naming and addressing.
Sensing
• Sensing is the process of collecting information from objects.
• such as RFID tags, Smart sensors, Wearable sensing devices, and
Actuators.
Communication
• Many technologies to facilitate communication, e.g., RFID (Radio
Frequency Identification), NFC (Near Field Communication), Bluetooth,
Wi-Fi, and LTE (Long Term Evolution).
243
The elements of IoT (Cont.)
Computation
• Performed on the collected info
• Provide processing power for IoT applications.
Services
• Identity-related services: get the identity of objects
• Information aggregation: collect info from objects
• Collaborative services: integrate info sources, make decisions, send
appropriate responses, …
• Ubiquitous services: offer immediate responses without the rigidity of time
and place.
• IoT platforms: platforms for hosting, connecting, and integrating IoT services.
244
122
15/11/2022
IoT enabling technologies

The technologies which are cooperative with IoT are as follows:
Wireless sensor Cloud Big Data Embedded Communication

networks computing analytics systems protocols
245
123

IT System Components 1444 S1

Uploaded by

Copyright:

Available Formats

IT System Components 1444 S1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IT System Components 1444 S1

Uploaded by

Copyright:

Available Formats

15/11/2022

Endpoint devices in Information Networks.

Importance of Endpoint Security in an

¢The ultimate goal of this security is corporate

Importance of Endpoint Security in an

Identifying the strength and vulnerabilities of

Defending against them.

Importance of Endpoint Security in an

• Endpoint security, when implemented in a network reduces the vulnerabilities in

CIA, the main goals of security in Network

Endpoint Security via

Endpoint Security via ntegrity I

Endpoint Security via Availability

Endpoint security threats & attacks.

Endpoint security threats & attacks (Cont.).

Endpoint security threats & attacks (Cont.).

Denial of Service (DoS)

Man-in-the Middle / Eavesdropping Trojan House

Endpoint security threats & attacks (Cont.).

Reduced income Uncertain growth Failure of the

Ways to improve the effectiveness of

Ways to improve the effectiveness of

2. Enforcement of Acceptable Use Policy (AUP) on all Endpoints.

3. Practice least-privilege access on Endpoints:

Ways to improve the effectiveness of

5. Disable unused services on all Endpoints.

• “stealth-mode” or “silent” checks are done to provide information on services

6. Install Endpoint Protection Toolkit on all endpoints:

What is a storage device?

A storage device is used in the computers to store the

Provides one of the core functions of the

Storage devices, such as disk drives, store your

Primary Storage Types

ROM (Read Only Memory)

q ROM memory cannot be easily or quickly overwritten or modified.

HDD and SSD

CD, DVD, and Blue-ray -Media

Tape Backup Devices

• Older type of removable storage

Floppy Disks (FD)

• Flash memory refers to a particular type of EEPROM, or Electronically

Hot Swappable Devices

Non-Hot Swappable Devices

• A non-hot swappable device requires the computer to be

What is system architecture?

What is the architecture of a system?

Design and system architecture

4 Linkages among the components

Importance of system architecture

Computer System Organization

Computer System Organization

Components of a Computer System

Text Editor Compiler Database System

System and application programs

Computer Systems Components

Computer Basic units

3. Memory Unit: used to store the user data and instructions as

System Architecture Checklist

System Architecture Checklist

System Architecture Checklist: Scalability