Please enable JavaScript.
Coggle requires JavaScript to display documents.
INTRODUCTION TO SECURITY, muhammad ukasyah, Hafiy, Afidz - Coggle Diagram
INTRODUCTION TO SECURITY
Ivan Khoo
1.3.1 Various types of Security Attacks
Classes of attack:
Malicious Code Attack
Malicious code is the kind of harmful computer code designed to create system vulnerabilities leading to back doors and other potential damages to files and computing systems.
It's type of threat that may not be blocked by antivirus software on its own.
Worms- It uses a malicious software to spread itself, relying on security failures on the target computer to access it.
Viruses- Malicious software that is attached to another program to execute a particular unwanted function on the user workstation.
Trojan Horses- An application written to look like something else that in fact is an attack tool.
VIRUS: Characteristic- Replicates itself, and propagated with human intrusion
Distribution- Via email attachments, downloaded files,
instant messages or via diskette, CD or USB devices
Effects to system- Vruses can erase files and applications, crash your system
WORMS: Characteristic- Replicates itself, and propagated with human intrusion
Distribution- Through email or file transfer
Effect to system- System hang or slow
TROJAN HORSE: Characteristic- Does not replicate itself
Distribution- By opening an email attachment or downloading and running a fie from the internet
Effect to system- Create a back door into a system allowing hackers to gain access
Reconnaissance Attack
The hacker surveys a network and collects data for a future attack.
Reconnaissance is a primary step of computer attack. It involve unauthorized discovery of targeted system to gather information about vulnerabilities.
Reconnaisscance attacks can consist of the following: Ping sweeps, Port scans, Internet information queries, Packet sniffers
Example: Sniffing and Spoofing
Distributed Denial of Service Attack
DDoS uses attack methods similar to standard DoS attack but operates on a much large scale.
Access Attack
An access is just what it sounds like an attempt to access another user account or network device through improper means.
Access attack can consist of the following: Password Attack, Man-in-the-Middle Attack, Phishing
Password Attacks can be implemented using brute force attack (repeated attempts to identify users passwords).
Methods for computing passwords: Dictionary cracking, Brute-force computation
A Brute Force attack is another type of attack that may result in denial of services.
With brute force attacks, a fast computer is used to try to guess passwords or to decipher an encryption code.
The attacker tries a large number of possibilities in rapid succession to gain access or crack the code.
Brute force attacks can cause a denial of service due to excessive traffic to a specific resource or by locking out user accounts.
A man-in-the-Middle attack requires that the hacker have access to network packets that come across a network.
Phishing is a type of social engineering attack that involves using e-mail or types of messages in an attempt or trick others into providing sensitive information.
Denial of Service Attack
DoS attacks are often implemented by a hacker as a means of denying a service that is normally available to a user or organization.
DoS attacks involve either crashing the system or slowing it down to the point that it is unusable.
1.2.2 Sources of Security Threats
External Threats
Can arise from individuals or organizations working outside of a company.
They do not have authorized access to the computer systems or network.
They work their way into a network mainly from the internet or dialup access server.
Structured Threats
Come from hackers that are more highly motivated and technically competent.
These people know system vulnerabilities, and can understand and develop exploit-code and scripts.
They understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses.
Often involved with the major fraud and theft cases reported to law enforcement agencies.
Internal Threats
This could be a disgruntled employee, an opportunistic employee or an unhappy past employee whose access is still active.
Occur when someone has authorized access to the network either an account on a server or physical access to the network.
Unstructured Threats
Even if the external Website is separate from the internal information that sits behind a protective firewall, the public does not know that. All the public knows is that site is not a safe environment to conduct business.
Unstructured threats consist of mostly inexperienced individuals using easily availabe hacking tools such as shell scripts and password crackers.
Some common terms to be aware
Worm
A form of virus that spreads by creating duplicates of itself on other drives, systems, or networks.
Trojan Horse
An apparently useful or amusing program, possibly a game or screensaver, but in the bacground it could be permofing other tasks, such as deleting or changing data, or capturing passwords or keystrokes.
Virus
A program capable of replicating with little or no user intervention, and the replicated programs also replicate.
Even unstructured threats that are only executed with the intent of testing and challenging a hacker's skills can do serious damage to a company.
For example, if an internal company Website is hacked, the integrity of the company is damaged.
:no_entry:1.2 SECURITY THREATS :lock:
Malicious code
-caused by an agent, with the
intention to cause damage.
-various kinds of malicious code,include virus, Trojan horse, worm and many others.
The agent for malicious code is the writer of
the code,or any person who causes its
distribution.
Theft
Stealing of computer, especially notebook and
PDAs.
Computer is used to steal money, goods,
information and resources
Hacking
A source of threat to security in
computer. It is defined as unauthorized
access to the computer system by a
hacker.
Hackers may use a modem or cable to
hack the targeted computers.
Hackers may use a modem or cable to
hack the targeted computers.
Natural Disaster
Computers are also threatened by natural or
environmental disaster.Be it at home, stores,
offices and also automobiles.
Example
Fire
Earthquake
Flood
Inadequate power supply
Excessive heat
Risk of network intrusion
Information theft
Breaking into computer to obtain confidential information. Information can be used or sold for various purpose. Example: stealing an organization's proprietary information, such as research and development information.
Disruption of service
Preventing legitimate users from accessing
services to which they should be entitled.
Identity theft
A form of information theft where personal information is stolen for the purpose of taking over someone's identity. Using this information an individual can obtain legal documents, apply for credit and make authorized online perchases.
Data loss/manipulation
Breaking into a computer to destroy or after
data records.
Example of data loss: sending
a virus that reformats a computer hard drive.
Example of data manipulation: breaking into
a records system to change information, such
as the price of an item.
1.1 UNDERSTANDING SECURITY
Information security
•The term information security is frequently used to describe the tasks of securing information that is in a digital format.
information security can be best understood by examining its goals and the process of how it is accomplished.
A comprehensive definition of information security involves both the goals and process.
:explode:
C.I.A
**
integrity
Guarding against improper information modification or destruction,and includes ensuring information nonrepudiation and authenticity.
integrity ensures that the information is correct and no unauthorized person or malicious software has altered the data
confidentiality
Confidentiality ensures that only authorized parties can view the information
Providing confidentiality can involve several different security tools,ranging from software to "scramble" the credit card number strored on the web server to door locks to prevent access to those servers.
availability
Ensuring timely and reliable access to and use of information
Information has value if the authorized parties who are assured of its integrity can access the information
DIFFERENTIATE BETWEEN ATTACKERS AND HACKERS
ATTACKERS
referred as Black Hat
work for themselves
can easily be identified because their actions are malicious
HACKERS
referred as White Hat
hired by companies
constantly seek further knowledge,freely share what they have discovered and never intentionally damage data
muhammad ukasyah
Hafiy
Afidz