Gregory Peter H.

Getting an Information Security Job For Dummies


Скачать книгу

Fraudster is a broad label that includes people who deceive and steal. How they deceive and what they steal varies, but invariably they perform some kind of a trick to steal money.

      Typical fraud cases in the broad category of cybercrime include the following:

       ✓ Credit card fraud: Fraudsters steal credit card numbers and use them to buy stuff they want. You might still get the frequent flyer miles or other rewards, but you’re out the money, and that hurts.

       ✓ Wire fraud: Fraudsters employ malware that steals login credentials, and target a company with lots of money in the bank, in hopes that they can capture online banking and online wire transfer login codes. If they do, that giant sucking sound is the organization’s money being transferred to an offshore account.

       ✓ Identity theft: These actors use a variety of ways to obtain enough personal information about people to permit the opening of credit cards and lines of credit in the name of the victim. (By the way, they aren't actually stealing your identity; they're borrowing it.)

       Organized crime

      Organized crime used to be known for sex and drug trafficking, illegal gambling, and protection rackets. Today, however, organized crime makes more money perpetrating online fraud and other Internet-based schemes. These organizations are in all corners of the world, but particularly in Eastern Europe, the Middle East, and Africa.

      The sophistication of a lot of today’s malware points to organizations with large, formal research and development budgets. Most of the easy hacks have been written; now more work (and bigger organizations) and better planning are required to build the tools necessary to break into systems and networks.

       Rogue nation-states

      The governments of several countries understand that state sponsorship is one way to develop malware and other techniques to break into networks and steal valuable information.

      Nation-states sponsor cybercriminal activities for a number of reasons, such as to

       Steal political secrets

       Steal military secrets

       Aid local industries through industrial espionage

       Conduct industrial or military sabotage

      If this sounds like traditional espionage – you’re right! Today’s spies have moved into cyberspace to do their work. If the information they want is online, many will use online means to try and steal it.

       Cyberwarfare rules of engagement

      If you’re on the side of the white hats, cyberwarfare is not a lot of fun. If it seems like adversaries have the upper hand, it’s because adversaries have the upper hand.

      Cyberware is said to be asymmetric. In other words, a single individual can wield the same amount of attack effectiveness as the largest country in the world. With the right tools, an individual can cripple a large military organization.

      The following lists some rules of engagement for attackers and defenders:

       Defenders must protect against all types of attacks, whereas an attacker can attack in any manner desired.

       Defenders must protect all systems against attack, whereas an attacker can attack any system of choice.

       Defenders must protect systems at all hours of the day and night, whereas an attacker can attack at a time of his or her choosing.

       Defenders must conform to policies and obey all applicable laws, whereas an attacker can break any law at any time.

      Organizations Hiring InfoSec Professionals

      These days it might be easier to ask, what types of organizations don’t hire information security professionals? Every organization that uses computers and networks must employ people with security skills and knowledge. With the frequency of malware attacks, even a one-person IT department must be knowledgeable about basic security skills.

      The following types of technology activities beg for security skills:

       Providing secure Internet connections

       Managing login credentials and access known as Identity Access Management

       Allowing secure remote access for valid users

       Providing supplier, partner, or customer access via Virtual Private Networks

       Maintaining secure email servers

       Managing and protecting the information on file servers

       Managing laptop computers for a mobile workforce

       Creating secure in-house written software

       Maintaining enterprise application access with user accounts

      When an organization has one or more of the preceding in its technology environment, the organization’s IT department had better have one or more of its IT people with some security skills. Otherwise, a lot is going to go wrong. I present the preceding list again, only this time I've added the consequences of poor security:

       ✓ Internet connection: Attacks from the Internet; malware from watering hole attacks.

       ✓ Login credentials: Attackers who stop at nothing to guess login credentials, including the use of automated tools that can perform brute-force attacks, in which thousands of different passwords per hour are guessed until the right one is found. Then it’s “game over”!

       ✓ Remote access: Brute-force attacks against user accounts, eventually leading to successful break-ins.

       ✓ Supplier, partner, or customer access: Attacks from supplier, partner, or customer organizations. Misuse and abuse by personnel with poor judgment in those organizations.

       ✓ Email server: Incoming spam, malware, and phishing attacks.

       ✓ File server: Access management issues, data loss through lax access permissions; malware hosted on file server.

       ✓ Laptop computers: Stolen laptop computers with loss of data stored on them; attempts to break into organizations based on login information stored on stolen laptops.

       ✓ In-house written software: Exploitable vulnerabilities leading to data loss.

       ✓ Enterprise applications: Access management issues, people with excessive access privileges, terminated employees with still-active user accounts.

      Now, look at the list one last time, to see what technology and security professionals need to do to protect systems and data:

       ✓ Internet connection: Network engineers need to understand how to make edge devices (the routers, firewalls, and other devices at an organization’s outer boundary) resistant to attack. They also need to be able to install and manage firewalls and other protective devices with their complex rulesets to let the good guys in and keep the bad guys out, and to prevent malicious software from getting into the organization.

       ✓ Login credentials: User IDs, passwords, and security tokens are issued only to authorized personnel. In larger organizations, automated tools are used to reduce errors and watch for problems. Many systems can be configured to prevent brute-force attacks.

       ✓ Remote access: Some personnel must have access to an organization’s internal network from any location. A remote access system must be built correctly so that only authorized personnel can get in.

       ✓ Supplier, partner, or customer access: