Session:1
(3)Ethical HackingIntroduction to Ethical Hacking
1:5 Information Security & control
What is Information security?
Information security is the practice of defending information from unauthorized access,use,disclosure,disruption,modification,perusal,inspection,recording or destruction information.Information can be physical or electrical one.
Security refers to the policies,procedures and technical measure's used to prevent unauthorized access,alteration,thief or physical damage to information systems.
Control's are methods,policies,and organizational procedures that ensure the safety of the organizations assets; The accuracy and reliability of it's records;and operational adherence to management standards.
Information security (IS) is designed to protect the confidentiality,integrity and availability of computer system data from those with malicious intentions.
Why systems are vulnerable to attack?
=>The potential unauthorized access,abuse or fraud is not limited to a single location but can occur at any access point in the network.
=>With distributed computing used extensively in network systems,you have more points of entry,which can make attacking the system easy.
=>That's why you have to make it everybody's business to protect the system.
Types of Threat's & Vulnerabilities
1-Trojan
2-Virus
3-Worm
Malicious softwares:
A computer virus is a rogue software program that attaches itself to other software programs or data files in order to be executed,usually without user knowledge or permission.
Worms are independent computer programs that copy themselves from one computer to other computers over a network.
Worms &Viruses which are often spread over the Internet from files of downloaded software,from file attached to E-mail transmissions or from compromised E-mail messages and instant messaging.
Trojan Horse In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious. Unexpected changes to computer settings and unusual activity, even when the computer should be idle, are strong indications that a Trojan is residing on a computer.
Cyber Crime's:
Hacker An individual who intends to gain unauthorized access to a computer system.
Computer Crimes by Hacker:
Denial of service attacks(DOS) Hackers flood
a network server or webserver with many thousands of false communications or requests for services to crash the network.
Identity theft An imposter obtains key pieces of personal information,such as driver's license number or credit cards number to impersonate someone else.
Phishing it involves setting up fake websites or sending E-mail or text messages that look like those of legitimate businesses to ask user for confidential personal data.
Cyber Terrorism and Cyber Warfare:
=>Your system can be targeted by person sitting in any part of the world
=>So to summarize information systems are under continuous threats by external intruders.
Internal Threat's:
End user introduce errors by entering faulty days or by not following the proper instructions for processing data and using computer equipment.
Software vulnerability:
A software vulnerability is a glitch, flaw, or weakness present in the software or in an OS (Operating System). The severity of software vulnerabilities advances at an exponential rate. Of course, all systems include vulnerabilities. The thing is whether or not they're exploited to cause damage.
What are three types of software vulnerabilities?
Common types of software flaws that lead to vulnerabilities include:
=>Memory safety violations, such as: Buffer overflows and over-reads.
=>Input validation errors, such as: Code injection.
=>Privilege-confusion bugs, such as:
=>Privilege escalation.
=>Race conditions, such as:
=>Side-channel attack. ...
=>User interface failures, such as:
Information Systems & Controls
1-General controls
2-Application controls
General controls:
=>Include controls which are not specific to application.
=>Software controls
=>Physical hardware controls
Software controls monitor the use of system software and prevent unauthorized access of software programs,system software and computer programs.
Hardware controls ensure,thet computer hardware is physically secure,and check for equipment malfunction.
Computer operation controls the work of the computer department to ensure programmed procedures are consistently and correctly applied to the storage and processing of data.
Data security controls ensure that valuable business data files on either disk or tape are not subject unauthorized access,change or destruction while they are in use or in storage.
Implementation controls audit the systems development process at various points to ensure that the process is properly controlled and managed.
Administrative controls formalize standards,rules,procedures and control disciplines to ensure that the organizations general application control's are probably executed and enforced.
Application control's
Are specific control's unique to each computerized application,such as payroll or order processing.
1-Input controls
2-Processing controls
3-Output controls
Input controls check data for accuracy and completeness when they enter the system.
Processing controls data are complete and accurate during updating.
Output controls the results of computer processing are accurate,complete and probably distributed.
Identify Management & Authentication:
Ways of Authentication:
1-Password
2-Token
3-Smart card
4-Biometric authentication
Password:
A password sometimes called a passcode is a memorized secret used to confirm the identity of a user.
A password is a string of characters used to verify the identity of a user during the authentication process. Passwords are typically used in conjuncture with a username; they are designed to be known only to the user and allow that user to gain access to a device, application or website.
Token:
A security token is a physical device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something.
Smart card:
A smart card is a device that includes an embedded integrated circuit that can be either a secure microcontroller or equivalent intelligence with internal memory or a memory chip alone. The card connects to a reader with direct physical contact or with a remote contactless radio frequency interface.
Biometric authentication:
Biometric authentication is a security process that relies on the unique biological characteristics of an individual to verify that he is who is says he is. Biometric authentication systems compare a biometric data capture to stored, confirmed authentic data in a database.
Biometric recognition (also known as biometrics) refers to the automated recognition of individuals based on their biological and behavioral traits (ISO/IEC JTC1 SC37). Examples of biometric traits include fingerprint, face, iris, palmprint, retina, hand geometry, voice, signature and gait.
Protection Against & Vulnerability:
Firewalls it is generally positioned between the organizations private internal networks and distrusted external network,such as the Internet,although firewalls can also be used to protect one part of a companys network from the rest of the network.
The firewalls acts like a gatekeeper who examines each user's credentials before access is granted to a network.
Antivirus & Antispyware software:
Antivirus software, or anti-virus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. ... However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats.
Encryption & Digital Certificates:
Encryption is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the intended receiver.
Digital certificates are data files used to establish the identify of users and electronic asset's for protection of online transactions.
Security issues for cloud computting and the mobile digital platforms:
Business value of security & control:
These information assets have tremendous value.Inadequate security and control may result in serious legal liability.
An organization can be held liable for needless risk and harm created if the organization fail to take appropriate protective action to prevent loss of confidential information, data corruption or branch of privacy.
A sound security and control framework that protects business information assets can thus produce a high return on investment.
We need to understand those threats and vulnerabilities and make sure proper controls are in place.
Write in by MANOJKUMAR
All The Best
By Cyber Ninja
꧁UNDER SCOPE꧂
-----------------------
Cyber Ninja is a Professional blogging Platform. Here we will provide you only interesting content, which you will like very much. We're dedicated to providing you the best of blogging, with a focus on dependability and daily routine. We're working to turn our passion for blogging into a booming online website.
ConversionConversion EmoticonEmoticon