Please enable JavaScript.
Coggle requires JavaScript to display documents.
TOPIC 5: OVERVIEW OF SECURITY - Coggle Diagram
TOPIC 5: OVERVIEW OF SECURITY
Basic Security Terminology
1) Hacker
This process does often mean seeing if a flaw can be exploited to gain access to a system.
A white hat hacker
upon finding some flaw in a system, will report the flaw to the vendor of that system.
a person who simply wants to learn more about the system.
A black hat hacker
Goal is to cause some type of harm.
might steal data, erase files, deface websites
sometimes referred to as crackers
an expert on a particular system or systems
A gray hat hacker
normally a law- abiding citizen, but in some cases will venture into illegal activities.
Script Kiddies
the term for someone who calls himself or herself a hacker but lacks the expertise.
Sneakers
legally breaks into a system in order to assess security deficiencies
someone that is given permission to assess system vulnerabilities
4) Phreaking
"The action of using michievous and mostly illegal ways on order to not pay for some sort of telecommunications bill, order, transfer, or other service" (Ryamond, 2003)
dependent upon specific technology required to compromise phone systems, more than simply knowing certain techniques.
one speciality type of hacking involves breaking into telephone systems
5) Security Devices
Firewalls and proxy servers guard the perimeter by analyzing traffic and blocking traffic that has been disallowed by the administrator.
These two safeguards are often augmented by an intrusion-detection system(IDS)
B) A proxy server
often used with a firewall to hide the internal network's IP address
present a single IP address (its own) to the outside world
An IDS simply monitors traffic, looking for suspicious activity that might indicate an attempted intrusion.
a) A firewall
A firewall filters traffics entering and exiting the network.
a standalone server / a router / sometimes software running on a machine.
a barrier between a network and the outside world.
6) Security Activities
a) Authentication
Determining if the credentials given by a user or another system(such as a username and password) are authorized to access the network resources in question.
b) Auditing
The process of reviewing logs, records, and procedures to determine if these items meet standards.
Basic Security Concepts
1) C.I.A triangle
b) Integrity
the quality or state of being whole, complete, and uncorrupted.
c) Availability
making information available to the authorized users without interference or obstruction.
a) Confidentiality
Only those with sufficient privileges may access certain information.
some threats
Masquerades
Unauthorized users
Hackers
2) Least privileges
each user or service running on your network should have the least number of privileges / access required to do their job.
No one should be granted access to anything unless it is absolutely required for their job.
:pencil2:
By Nurulain Binti Adinan Nasir(065489)