SECURITY BASIC AND IT PROFESSIONALS, Only authorized users that can freely…
SECURITY BASIC AND IT PROFESSIONALS
1.INTRODUCTION TO SECURITY
set of practices intended to keep data secure for being hacked
TYPES OF SECURITY THREATS
Harmful computer programming scripts designed to create or exploit system
Hacking refers to activities that seek to compromise digital devices,
Any security incident in which sensitive
These can best be thought of as threats caused by Mother Nature—floods
TYPES OF SECURITY ATTACKS
Reconnaissance Attack (sniffing, spoofing)
Denial of Service Attack (DOS)
Distributed Denial of Service Attack (DDOS)
Malicious Code Attack (worms, viruses, Trojan horses)
GOALS OF SECURITY
Encryption services can protect your data at rest
etection on any modification of data by unauthorised parties.
A person who breaks into other people's computers with malicious intentions.
2.SECURITY POLICIES AND PROCEDURES
a document that outlines specific requirements or rules that must be met.
Security Policy Requirements
operating systems should be placed in appendices or in separate configuration procedures.
provide a mechanism to assess the risk to the organization and to develop a contingency plan
define acceptable encryption algorithms for use within the organization
Identification and Authentication
define how users will be identified
define the standard requirement for access controls to be placed on electronic files.
specify the rules for connection
specify where security programs that look for malicious code
define the types of events to be audited on all systems.
Minimum length – 8 Characters
Maximum length – 14 Characters
Minimum complexity – no dictionary words included
Password are case sensitive but username is NOT case sensitive
Unique password – should not less than 24
Maximum password age – 60 days
Minimum password age – 2 days
Store password using reversible encryption
encoding messages or information in such a way that only authorized parties can access it.
Types of ENCRYPTION:
form of computerized cryptography using a singular encryption key to guise an electronic message.
form of Encryption where keys come in pairs. What one key encrypts, only the other can decrypt.
transformation of a string of characters into a usually shorter fixed-length value
algorithm that can perform encryption or decryption.
inverse of encryption
methods of deciphering cipher text without knowing key.
SECURITY TROUBLESHOOTING & SOLUTIONS
Identify the problem.
Establish a plan of action to resolve the problem and implement the solution.
Verify full functionality and, if applicable, implement preventive measures.
Document your findings, actions, and outcomes.
Establish a theory of probable cause.
Test your theories to determine the cause of the problem
Only authorized users that can freely access the systems
any software or person that deliberately attempts to avoid security services
Access Attack (hacking, brute force)