Академический Документы
Профессиональный Документы
Культура Документы
WARNING
1. PLAGIARISM OR HIRING OF GHOST WRITER(S) FOR SOLVING THE ASSIGNMENT(S) WILL
DEBAR THE STUDENT FROM AWARD OF DEGREE/CERTIFICATE, IF FOUND AT ANY
STAGE.
2. SUBMITTING ASSIGNMENT(S) BORROWED OR STOLEN FROM OTHER(S) AS ONE’S OWN
WILL BE PENALIZED AS DEFINED IN “AIOU PLAGIARISM POLICY”.
Question No. 1
What does ISO stand for? What do you mean by network security?
ANSWER
ISO
Network Security
Mobile device and wireless security: Wireless devices have all the
potential security flaws of any other networked gadget — but also can
connect to just about any wireless network anywhere, requiring extra
scrutiny.
Web security: You need to be able to control internal staff's web use
in order to block web-based threats from using browsers as a vector
to infect your network.
Question No. 2
Question No. 3
ANSWER
Common types of cyberattacks
Malware
Phishing
Man-in-the-middle attack
Denial-of-service attack
SQL injection
Zero-day exploit
Monitoring
Monitor all systems: Ensure that all networks, systems and services
are included in the monitoring strategy. This may include the use of
the use of network, host based and wireless Intrusion Detection
Systems (IDS). These solutions should provide both signature-based
capabilities to detect known attacks, and heuristic capabilities to
detect unusual system behavior.
Monitor user activity: The monitoring capability should have the ability
to identify the unauthorized or accidental misuse of systems or data.
Critically, it should be able to tie specific users to suspicious activity.
Take care to ensure that all user monitoring complies with all legal or
regulatory constraints.
Question No. 4
ANSWER
Cryptography
Cryptography, not only protects data from theft or alteration, but can
also be used for user authentication. There are, in general, three types
of cryptographic schemes typically used to accomplish these goals:
secret key (or symmetric) cryptography, public-key (or asymmetric)
cryptography, and hash functions, each of which is described below.
In all cases, the initial unencrypted data is referred to as plaintext. It
is encrypted into ciphertext, which will in turn (usually) be decrypted
into usable plaintext.
Kinds of Cryptography
When using symmetric encryption, only one key is used for encryption
and decryption. However, in asymmetric cryptography there is both a
private key and a public key involved in the encryption and decryption
processes. The secret key can be kept by one person or exchanged
with someone else when sending encrypted messages. If only one key
is available for both encryption and decryption, both the sender and
receiver of a message have to have a copy of the secret key to be able
to read the message.
The two types of PKC algorithms are RSA, which is an acronym named
after this algorithm's inventors: Rivest, Shamir and Adelman, and
Digital Signature Algorithm (DSA). PKC encryption evolved to meet the
growing secure communication demands of multiple sectors and
industries, such as the military.
Hash Function
Question No. 5
ANSWER
Accountability
Access Control
Question No. 1
2. Nobody can protect what's important, unless it's been made clear
exactly what is important. Security is not generic. It's important not
to treat every system and asset the same. Some stuff is important
and should be protected at all costs. Some stuff isn't, and therefore
resources shouldn't be expended to protect it. The executive
managers have to decide what's important, and they need to tell the
security team. Help them understand the choices they need to make.
4. The users are the weakest links. The reality is that many serious
data breaches are caused by human error and are not intentional. That
means it's still important to train users on a continual basis about
what they can and can't do.
Confidentiality
Integrity
With data being the primary information asset, integrity provides the
assurance that the data is accurate and reliable. Without integrity, the
cost of collecting and maintaining the data cannot be justified.
Therefore, policies and procedures should support ensuring that data
can be trusted.
Attackers can use many methods to contaminate data. Viruses are the
most frequently reported in the media. However, an internal user,
such as a programmer, can install a back door into the system or a
logic bomb that can be used attack the data. After an attack is
launched, it might be difficult to stop and thus affect the integrity of
the data. Some of the protections that can be used to prevent these
attacks are intrusion detection, encryption, and strict access controls.
Not all integrity attacks are malicious. Users can inadvertently store
inaccurate or invalid data by incorrect data entry, an incorrect decision
made in running programs, or not following procedures. They can also
affect integrity through system configuration errors at their
workstations or even by using the wrong programs to access the data.
To prevent this, users should be taught about data integrity during
their information security awareness training. Additionally, programs
should be configured to test the integrity of the data before storing it
Availability
More than just attackers can affect system and network availability.
The environment, weather, fire, electrical problems, and other factors
can prevent systems and networks from functioning. To prevent these
problems, your organization's physical security policies should specify
various controls and procedures to help maintain availability.
Yet access does not mean that data has to be available immediately.
Availability of information should recognize that not all data has to be
available upon request. Some data can be stored on media that might
require user or operator intervention to access. For example, if your
organization collects gigabytes of data daily, you might not have the
resources to store it all online. This data can be stored on an offline
storage unit, such as a CD jukebox, that does not offer immediate
access.
Question No. 2
ANSWER
Policy statement
Application of policy
(Insert Company) will develop and maintain appropriate plans for the
renewal, purchase, construction and decommissioning of assets. This
includes:
The roles and responsibilities for executing this policy include the
following:
Question No. 3
ANSWER
So, with that in mind, here’s a shortlist of some of the obvious big
data security issues (or available tech) that should be considered.
Endpoints. Security solutions that draw logs from endpoints will need
to validate the authenticity of those endpoints, or the analysis isn’t
going to do much good.
Data mining solutions. These are the heart of many big data
environments; they find the patterns that suggest business strategies.
For that very reason, it’s particularly important to ensure they’re
secured against not just external threats, but insiders who abuse
network privileges to obtain sensitive information – adding yet
another layer of big data security issues.
Application Security
Question No. 4
ANSWER
Malicious Code
Malicious code is the term used to describe any code in any part of a
software system or script that is intended to cause undesired effects,
security breaches or damage to a system. Malicious code describes a
broad category of system security terms that includes attack scripts,
viruses, worms, Trojan horses, backdoors, and malicious active
content.
When one uses the internet, it's the important thing that he takes
some measures to stay secure. Because now the attacks are not just
done on the user by the viruses but they are done through some
applications as well. The applications which one uses everyday might
contain the infections which can damage the system seriously. Here
are some application type's attacks which are being used commonly;
Cross-site scripting:
SQL injection:
XML injection:
One must know that the proper control of the web access content is
something very crucial for someone who is running the server and safe
web server. Directory traversal is the HPTTP exploit which can allow
some hacks to get access to some directories which are restricted
and hence can help them in execution of some commands which are
outside the scope of the root directory of webserver. The webservers
normally contain two levels of the security mechanism. One is the
Root directory while the other is the access control listings. When the
attackers see that some website's security has been compromised
and it vulnerable, he can make use of it to get out of the root directory
and then can get some access to the parts of the system where there
are other files as well. Hence it gives that attacks some abilities to
watch and save the restricted filed. The worst case can be that it may
allow that hackers to launch some of the very powerful attacks on
the web server which might also lead to the full fledge compromise
of that specific system.
Flash Cookies:
Flash cookies are so much like LSO. This is basically a message which
is used in the adobe flash. It is sent from the webserver to some web
browser and then is stored as a single data file in the bowers. They
can behave like some conventional coolies by having the user's
experiences personalized.
Malicious add-ons:
Session hijacking:
This is also known as the cookie hijack. In this case, the computer
session or the key session is simply exploited and hence the access
to some unauthorized area is gained to get some information or the
service in a computer. Specially, this thing is used for the theft of
some magic cookie which is used for the authentication of user to
some remote access.
Header manipulation:
This type vulnerability takes place when there is some data which has
entered the website through some source which isn't trusted and it
used by the HTTP request. If the data which is included into the HTTP
response has been sent to the website users without getting
validated, then too this grave problem can happen.
https://www.examcollection.com/certification-training/security-
plus-application-attacks-and-their-types.html
Question No. 5
The complexity and length of the private key determine how feasible
it is for an interloper to carry out a brute force attack and try out
different keys until the right one is found.
The End