Академический Документы
Профессиональный Документы
Культура Документы
Data is the most precious factor of today’s businesses. Top business organizations
spend billions of dollars every year to secure their computer networks and to keep
their business data safe. Imagine the loss of all important research data on which
the company has invested millions of dollars and working for years !
– Confidentiality
– Integrity
– Availability
Confidentiality: Confidentiality is the protection of personal
information. Confidentiality means keeping a client's information between
you and the client, and not telling others including co-workers, friends,
family, etc. Examples of maintaining confidentiality include: individual files
are locked and secured.
—Data integrity: Assures that information and programs are changed only in a
specified and authorized manner
Authenticity:
• The property of being genuine and being able to be verified and trusted;
confidence in the validity of a transmission, a message, or message originator.
• This means verifying that users are who they say they are and that each input
arriving at the system came from a trusted source.
Accountability:
• The security goal that generates the requirement for actions of an entity to be
traced uniquely to that entity.
INTEGRITY:
Integrity, in the context of computer systems, refers to methods of ensuring
that data is real, accurate and safeguarded from unauthorized user
modification.
Integrity models keep data pure and trustworthy by protecting system data
from intentional or accidental changes. Integrity models have three goals:
AVAILABILITY:
Availability keeps data and resources available for authorized use,
especially during emergencies or disasters. Information security
professionals usually address three common challenges to availability:
AUTHENTICATION
Access control:
In the fields of physical security and information security, access
control (AC) is the selective restriction of access to a place or other
resource. The act of accessing may mean consuming, entering, or using. ...
Locks and login credentials are two analogous mechanisms of access
control.
Definition -
Access control is a way of limiting access to a system or to physical or
virtual resources. In computing, access control is a process by which users
are granted access and certain privileges to systems, resources or
information.
In access control systems, users must present credentials before they can
be granted access. In physical systems, these credentials may come in
many forms, but credentials that can't be transferred provide the most
security.
For example, a key card may act as an access control and grant the bearer
access to a classified area. Because this credential can be transferred or
even stolen, it is not a secure way of handling access control.
A more secure method for access control involves two-factor
authentication. The person who desires access must show credentials and
a second factor to corroborate identity. The second factor could be an
access code, a PIN or even a biometric reading.
There are three factors that can be used for authentication:
• The modification includes injecting the original program with a routine to make
copies of the virus program, which can then go on to infect other programs.
A computer virus carries in its instructional code the recipe for making
perfect copies of itself.
• Then, whenever the infected computer comes into contact with an uninfected
piece of software, a fresh copy of the virus passes into the new program.
(ii) Trigger:
(iii) Payload:
• What the virus does, besides spreading.
• The payload may involve damage or may involve benign but noticeable activity.
During its lifetime, a typical virus goes through the following four phases:
• The virus will eventually be activated by some event, such as a date, the presence
of another program or file, or the capacity of the disk exceeding some limit.
• The virus places an identical copy of itself into other programs or into certain
system areas on the disk.
• Each infected program will now contain a clone of the virus, which will itself
enter a propagation phase.
• The virus is activated to perform the function for which it was intended.
• As with the dormant phase, the triggering phase can be caused by a variety of
system events, including a count of the number of times that this copy of the virus
has made copies of itself.
Most viruses carry out their work in a manner that is specific to a particular
operating system and, in some cases, specific to a particular hardware platform.
• Thus, they are designed to take advantage of the details and weaknesses of
particular systems.
2. Worm :It is a program that can replicate itself and send copies from computer to
computer across network connections.
• Upon arrival, the worm may be activated to replicate and propagate again.
A worm actively seeks out more machines to infect and each machine that is
infected serves as an automated launching pad for attacks onother machines.
• An individual who is not authorized to use the computer and who penetrates a
system’s access controls to exploit a legitimate user’s account
ii. Misfeasor:
• A legitimate user who accesses data, programs, or resources for which such
access is not authorized, or who is authorized for such access but misuses his or
her privileges
• An individual who seizes supervisory control of the system and uses this control
to evade auditing and access controls or to suppress audit collection
4. Insiders :
§ The threat may involve fraud, the theft of confidential or commercially valuable
information.
§ They have the access and knowledge necessary to cause immediate damage to an
organization.
Most security is designed to protect against outside intruders and thus lies
at the boundary between the organization and the rest of the world.
Besides employees, insiders also include a number of other individuals
who have physical access to facilities.
6. Terrorists and Information warfare:
Criminal Organizations :
Install backdoors on
Steal sensitive data, spy Disrupt normal
victim’s computer, slow
Purpose on the victim’s computer, computer usage,
down the user’s network
etc. corrupt user data, etc.
etc.
Counter Use of anti-virus software, update patches for operating systems, security
Measures policy on usage of the internet and external storage media, etc.
Attacks
2. Modification of messages –
It means that some portion of a message is altered or that message
is delayed or reordered to produce an unauthorised effect. For
example, a message meaning “Allow JOHN to read confidential file
X” is modified as “Allow Smith to read confidential file X”.
1.
2. Repudiation –
This attack is done by either sender or receiver. The sender or receiver
can deny later that he/she has send or receive a message. For
example, customer ask his Bank “To transfer an amount to someone”
and later on the sender(customer) deny that he had made such a
request. This is repudiation.
3. Replay –
It involves the passive capture of a message and its subsequent the
transmission to produce an authorized effect.
5.Denial of Service –
It prevents normal use of communication facilities. This attack may have a
specific target. For example, an entity may suppress all messages directed
to a particular destination. Another form of service denial is the disruption of
an entire network wither by disabling the network or by overloading it by
messages so as to degrade performance.
2.Traffic analysis –
Suppose that we had a way of masking (encryption) of information, so that
the attacker even if captured the message could not extract any information
from the message.
The opponent could determine the location and identity of communicating
host and could observe the frequency and length of messages being
exchanged. This information might be useful in guessing the nature of the
communication that was taking place.
BACKDOOR
Data theft
Website defacing
Server hijacking
The launching of distributed denial of service (DDoS) attacks
Infecting website visitors (watering hole attacks)
Advanced persistent threat (APT) assaults
Trap doors
Trap doors, also referred to as backdoors, are bits of code embedded
in programs by the programmer(s) to quickly gain access at a later time,
often during the testing or debugging phase. If an unscrupulous
programmer purposely leaves this code in or simply forgets to remove it,
a potential security hole is introduced. Hackers often plant a backdoor
on previously compromised systems to gain later access. Trap doors
can be almost impossible to remove in a reliable manner. Often,
reformatting the system is the only sure way.
Session hijacking
takes place when the attacker pretends to be someone else (or another
computer, device, etc.) on a network in order to trick other computers,
devices or people into performing legitimate actions or giving up sensitive
data. Some common types of spoofing attacks include ARP spoofing, DNS
spoofing and IP address spoofing. These types of spoofing attacks are
typically used to attack networks, spread malware and to access
confidential information and data.
3. IP Spoofing Attack
The most commonly-used spoofing attack is the IP spoofing
attack. This type of spoofing attack is successful when a
malicious attacker copies a legitimate IP address in order to
send out IP packets using a trusted IP address. Replicating the
IP address forces systems to believe the source is trustworthy,
opening any victims up to different types of attacks using the
‘trusted’ IP packets.