Please enable JavaScript.

Coggle requires JavaScript to display documents.

CHAPTER 1:INTRODUCTION TO SECURITY, consists of mostly inexperienced…

- - - - confidentialit -only authorized parties can view the information.
        
        Integrity - the information is correct and no unauthorized person or malicious software has altered the data. Example the online purchase from RM10000.00 to RM1.00 would violate the integrity of the information.
        
        Availability. - information has value if the authorized parties who are assured of its integrity can access the information. Availability ensures that data is accessible to authorized users.
        
        1.1.3. Differentiate between Attackers and Hackers.
        Attacker = Black Hat
        work for themselves
        easily be identified because their actions
        are malicious.
        Hacker = White Hat
        Hired by companies
        share what they have discovered and
        never intentionally damage data.
        
        part 3 : 1.4 VARIOUS TOOLS IN INFORMATION
        SECURITY
        
        Function of the following tools
        • Network Mapper (Nmap)
        most important tools available for cybersecurity professionals, network engineers, and system administrators.
        
        1 more item...
- - - - Various threats to computer security
        -Malicious code
        -Hacking
        -Natural Disaster
        -Theft
        
        Malicious Code:
        -The effect is caused by an agent, with the intention to cause damage.
        -Agent for malicious code is the writer of the code, or an person who causes its distribution.
        -Various kinds of malicious code. include virus ,Trojan horse worm and many others.
        
        Hacking
        -Source of threat to security in computer. Defined as unauthorized access to the computer system by a hacker.
        -Hackers are persons who learn about the computer system in detail. They write program referred to as hacks.
        -May use modem or cable to hack the targeted computers.
        
        Natural Disaster
        -Threatened by natural or environmental disaster. Be it at home, stores ,offices and also automobiles. Example of natural or environmental disasters: Flood, Fire, Earthquakes , storms and tornados
        
        Theft
        Two types of computer theft:
        -Used to steal money ,goods information and resources.
        -Stealing of computer , especially notebook and PDAs
      - Risk of network intrusion:
        -Once the hacker gains access to the network ,four types of threat may arise:
        -Information theft
        -Identity theft
        -Data loss/manipulation
        -Disruption of service
        
        Information Theft (Breaking into a computer to obtain confidential information. Example, stealing an organization's proprietary information such as research and development information)
        
        Identity theft(Stolen for the purpose of taking over someone's identity. Can legal documents , apply for credit and make authorized online purchases.
        
        Data loss/manipulation(Breaking into a computer to destroy or after data records. Example of data manipulation ,breaking into a records system to change information ,such as price of an item
        
        Disruption of service(Preventing legitimate users from accessing services to which they should be entitled)
- - - - DDoS use attack methods similar to standard DoS attack but operates on a much large scale.
    - - -Kind of harmful computer code designed to create system vulnerabilities leading to back doors and other potential damages to files and computing systems.
        
        Viruses
        
        -Malicious software that is attached to another program to execute a particular unwanted function on thne user workstation.
        
        Trojan Horses
        
        An application written to look like something else that in fact is an attack tool.
        
        Worms
        
        -it uses a malicious software to spread itself, relying on security failures on the target computer to access it.
        -worms cause harm to the network
      - Characteristics
        
        WORMS - replicated itself & propagated without human intrusion
        
        TROJAN HORSE - does not replicated itself.
        
        VIRUS - replicates itself, & propagated with human.
      - Distribution
        
        WORMS - through email or file transfer.
        
        TROJAN HORSE - by opening an email attachment or downloading & running a file from the internet.
        
        VIRUS - via email attachments, download files, instant messages or via diskette, CD or USB devices
      - Effect to system
        
        WORMS - system hang or slow
        
        TROJAN HORSE - create a back door into a system allowing hackers to gain access.
        
        VIRUS - can erase files & applications, crash your system
    - - -Often implemented by a hacker as a means of denying a service that is normally available to a user organization
        -Involve either crashing the system or slowing it down to the point that it is unusable.
- - - - Doesn't remove them completely in the computer if deleting files for hard drives.
      - Data is not completely removed until the hard drive stores other data in the same location.
      - Should be fully erased to prevent the possibility of recovery using specialized software.
      - Also known as secure erase is a software-based method of overwriting the data.
        
        Often performed on hard drives containing sensitives data that are considered confidential
        
        Such as financial information.
    - - The drive can be reformatted, and a new operating system can be installed
        
        a) Standard format
        
        Also called high-level formatting, a boot sector is created and a file system is set up on the disk.
        
        Can only be performed after a low-level format has been completed.
        
        Low-level format
        
        The surface of this disk is marked with sector markers to indicate where data will be stored physically on the disks and tracks are created.
        
        Most often performed at the factory after the hard drive is built.
- - - - Data can still be recovered using advanced data forensic software.
      - To fully ensure that data cannot be recovered from a hard drive, carefully shatter the platters with a hammer and safely dispose of the pieces.
      - Drilling holes through a drive's platters is not the most effective method of hard drive destruction
      - To destroy software media (floppy disks and CDs), use a shredding these materials.
      - Hard Drive Recycling
        
        Hard drives that do not contain sensitive data can be reformatted and used in other computer.
- - - - Pretexting -Target is typically contacted over the telephone. For example, if an attacker knows the target's social security number, they may use that information to gain the trust of their target.
      - Phishing -They typically contact the target individual (the phishee) via email. The phisher might ask for the verification or information, such as password or username in order prevent some terrible consequence from occurring.
      - Vishing
        -A new form of social engineering that uses Voice over(VoIP) .With vishing, an unsuspecting user is sent a voice mail instructing them to call a number which appears to be a legitimate telephone-banking service. The call is when intercepted by a thief. Bank account numbers or password entered over the phone for verification are then stolen.
- - - - Examples:
        
        Sniffing (eavesdropping program that monitors information travelling over network)
        
        Spoofing (misrepresenting oneself by using fake e-mail addresses or masquerading as someone else)