CHAPTER 1:INTRODUCTION TO SECURITY

Chapter 1 Part 2

Four primary classes of threats:

Structured threats

  • come from hackers that are more highly motivated and technically competent.
    -know system vulnerabilities, and can understand and develop exploit-code and scripts.
    -understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses.
    -often involved with the major fraud and theft cases reported to law enforcement agencies

consists of mostly inexperienced individuals using
easily available hacking tools such as shell scripts
and password crackers.

Chapter 1 Part 2

chapter 1 part 1
1.1.1. Introduction to security
security is frequently used to describe the tasks of securing information that is in a digital format. Manipulated by microprocessor.

I

only executed with the intent of testing and challenging a hacker's s
skills can still do serious damage to a company

Infromation security may be defined as that which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate and transmit the information through products, people, and procedures.

Example: if an external company Web site is hacked, the integrity of the company is damaged.

If the external Web site is separate from the internal information that sits behind a protective firewall

Common terms to be aware of include the following:

as protecting information and in formation systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide;
-integrity
-confidentiality
-availability

1.1.2. Goals of security: Confidenatiality;integrity; availability

confidentialit -only authorized parties can view the information.

Integrity - the information is correct and no unauthorized person or malicious software has altered the data. Example the online purchase from RM10000.00 to RM1.00 would violate the integrity of the information.

Availability. - information has value if the authorized parties who are assured of its integrity can access the information. Availability ensures that data is accessible to authorized users.

1.1.3. Differentiate between Attackers and Hackers.
Attacker = Black Hat
work for themselves
easily be identified because their actions
are malicious.
Hacker = White Hat
Hired by companies
share what they have discovered and
never intentionally damage data.

Virus- a program capable of replicating with little or no user intervation and the replicated programs also replicate.

Worm- A form of virus that spreads by creating duplicates of itself on other drives, systems, or networks.

Trojan Horse- an apparently useful or amusing program, possibly a game or screensaver, but in the background it could be performing other tasks, such as deleting or changing data, or capturing passwords or keystrokes.

1.3. Explain Methods of Security Attacks

1.3.1 Various types of Security Attacks

a. Reconnaissance Attack


  • primary step of computer attack.
  • involve unauthorized discovery of targeted system to gather information
    about vulnerabilities.
  • the hacker surveys a network and collects data for a future attack.

Can consist of the following:

  1. Ping sweeps (tell the attacker, which IP adresses are alive)
  2. Port scans (art of scanning to determine what network services or ports are active on the live IP addresses)
  3. Internet information queries (queries the ports to determine the application and operating system of targeted host.
  4. Packet sniffers (to capture data being transmitted on a network)

Examples:

  1. Sniffing (eavesdropping program that monitors information travelling over network)
  2. Spoofing (misrepresenting oneself by using fake e-mail addresses or masquerading as someone else)

b. Access Attack

  • an attempt to access another user account or network device through improper means.

A. Password Attack

  • can be implemented using brute-force attack.

Access attack can consist of the:

click to edit

click to edit

Methods for computing passwords:
a) dictionary cracking
b) Brute-force computation

Brute-force attack is another type of attack
that may result in denial of services.

B. Man-in-the-Middle Attack
-requires that the hacker have access to network packets
that come across a network

Nur Ain binti Mohd Shairol Nizam :

Nur Ain binti Zaidi

click to edit

C. Phishing

  • a type of social engineering attack that involves
    using e-mail or other types of messages in an attempt
    to trick others into providing sensitive information.

PART 1:SECURITY THREATS

1.2 TYPES OF SECURITY THREATS: ~A threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system.
~A threat is something that may or may not happen, but has the potential to cause serious damage.
~Threats can lead to attacks on computer systems, networks and more.

1.2.2. Sources of Security
Threats

NUR SUHAILA WIDANI BINTI ELLY

Various threats to computer security
-Malicious code
-Hacking
-Natural Disaster
-Theft

Malicious Code:
-The effect is caused by an agent, with the intention to cause damage.
-Agent for malicious code is the writer of the code, or an person who causes its distribution.
-Various kinds of malicious code. include virus ,Trojan horse worm and many others.

Hacking
-Source of threat to security in computer. Defined as unauthorized access to the computer system by a hacker.
-Hackers are persons who learn about the computer system in detail. They write program referred to as hacks.
-May use modem or cable to hack the targeted computers.

Natural Disaster
-Threatened by natural or environmental disaster. Be it at home, stores ,offices and also automobiles. Example of natural or environmental disasters: Flood, Fire, Earthquakes , storms and tornados

Theft
Two types of computer theft:
-Used to steal money ,goods information and resources.
-Stealing of computer , especially notebook and PDAs

Risk of network intrusion:
-Once the hacker gains access to the network ,four types of threat may arise:
-Information theft
-Identity theft
-Data loss/manipulation
-Disruption of service

Information Theft (Breaking into a computer to obtain confidential information. Example, stealing an organization's proprietary information such as research and development information)

Identity theft(Stolen for the purpose of taking over someone's identity. Can legal documents , apply for credit and make authorized online purchases.

Data loss/manipulation(Breaking into a computer to destroy or after data records. Example of data manipulation ,breaking into a records system to change information ,such as price of an item

Disruption of service(Preventing legitimate users from accessing services to which they should be entitled)

click to edit

1.2.2 Sources of Security Threats cont..

External threats

Internal threats

-Can arise from individuals or organizations working outside of a company.
-They do not have authorized access to the computer systems or network, and they work their way into a network mainly from the Internet or dialup access servers.

-Occur when someone has authorized access to the network with either an account on a server or physical access to the network.

1.3.1 Various types of Security Attacks cont..

Distributed Denial of Service (DDoDS) Attack

Malicious Code Attack

Denial of Service (DoS) Attack

-Often implemented by a hacker as a means of denying a service that is normally available to a user organization
-Involve either crashing the system or slowing it down to the point that it is unusable.

DDoS use attack methods similar to standard DoS attack but operates on a much large scale.

Unstructured threats

-Kind of harmful computer code designed to create system vulnerabilities leading to back doors and other potential damages to files and computing systems.

click to edit

Viruses

Trojan Horses

Worms

-it uses a malicious software to spread itself, relying on security failures on the target computer to access it.
-worms cause harm to the network

-Malicious software that is attached to another program to execute a particular unwanted function on thne user workstation.

  • An application written to look like something else that in fact is an attack tool.

Characteristics

Distribution

Effect to system

click to edit

WORMS - replicated itself & propagated without human intrusion

TROJAN HORSE - does not replicated itself.

VIRUS - replicates itself, & propagated with human.

click to edit

WORMS - through email or file transfer.

TROJAN HORSE - by opening an email attachment or downloading & running a file from the internet.

VIRUS - via email attachments, download files, instant messages or via diskette, CD or USB devices

click to edit

WORMS - system hang or slow

TROJAN HORSE - create a back door into a system allowing hackers to gain access.

VIRUS - can erase files & applications, crash your system

ALYNNA USUN ROBERT

Chapter 1 part 3 & 4

NUR SUHAILA WIDANI BINTI ELLY

1.5 ACCESS TO DATA AND EQUIPMENT

Chapter 1 part 4

1.5.1 Data Wiping

  • Doesn't remove them completely in the computer if deleting files for hard drives.
  • Data is not completely removed until the hard drive stores other data in the same location.
  • Should be fully erased to prevent the possibility of recovery using specialized software.
  • Also known as secure erase is a software-based method of overwriting the data.
  • Often performed on hard drives containing sensitives data that are considered confidential

Such as financial information.

1.5.3 Hard Drive Recycling

The drive can be reformatted, and a new operating system can be installed

a) Standard format

Low-level format

Also called high-level formatting, a boot sector is created and a file system is set up on the disk.

Can only be performed after a low-level format has been completed.

The surface of this disk is marked with sector markers to indicate where data will be stored physically on the disks and tracks are created.

Most often performed at the factory after the hard drive is built.

Two types of formatting can be performed:

part 3 : 1.4 VARIOUS TOOLS IN INFORMATION
SECURITY

Function of the following tools
• Network Mapper (Nmap)
most important tools available for cybersecurity professionals, network engineers, and system administrators.

allows you to scan networked devices and determine what ports are open so that you can learn.

-Netstat

Netstat is command line utility to view of active ports of your machine and their status. this helps user to understand which ports are open, closed or listening for incoming connections.

Common attacks may include port 21 (FTP) and port 23
(telnet).

Netscan

Netscan is a software to perform network scanning to determine the active device and its corresponding IP and can also monitor the local computer network (LAN)

NetScan sometimes categorized as a hacking
tool.

Alynna Usun Robert

1.5.2Hard Drive Destruction

Chapter 1 part 4

Companies with sensitive data should always establish clear policies for hard drive disposal.

It is important to be aware that formatting and reinstalling an operating system on a computer does not ensure that information cannot be recovered.

Destroying the hard drive is the best option for companies with sensitive data.

Hard Drive Destruction Cont

Data can still be recovered using advanced data forensic software.

To fully ensure that data cannot be recovered from a hard drive, carefully shatter the platters with a hammer and safely dispose of the pieces.

Drilling holes through a drive's platters is not the most effective method of hard drive destruction

To destroy software media (floppy disks and CDs), use a shredding these materials.

Hard Drive Recycling

Hard drives that do not contain sensitive data can be reformatted and used in other computer.

Nur Ain binti Mohd Shairol Nizam

1.3.2 Social Engineering
-A social engineer is a person who is able to gain access to equipment or a network by tricking people into providing the necessary access information

To protect against social engineering is never give out a password, always ask for the ID of the unknown person and Restrict access of visitors.

Three of the most commonly used techniques in social engineering are Pretexting, Phishing and Vishing.

Pretexting -Target is typically contacted over the telephone. For example, if an attacker knows the target's social security number, they may use that information to gain the trust of their target.

Phishing -They typically contact the target individual (the phishee) via email. The phisher might ask for the verification or information, such as password or username in order prevent some terrible consequence from occurring.

Vishing
-A new form of social engineering that uses Voice over(VoIP) .With vishing, an unsuspecting user is sent a voice mail instructing them to call a number which appears to be a legitimate telephone-banking service. The call is when intercepted by a thief. Bank account numbers or password entered over the phone for verification are then stolen.