Security Fundamentals Module 2 unit 1 Security Fundamentals

Security basics Confidentiality – keeping data private Allowing only authorized users to access private files. Integrity – any data that is sent between users must have a guarantee that the data has not been tampered with during transmission. Authentication – all systems should prove the identity of users Associate users with a valid account by requesting that they provide data unique to each user

Non-repudiation – once the data has been sent, the sender must not be able to deny sending the data. Ant-replay – this stops users from resending data in an effort to pretend that they are someone else.

Social engineering The use of social tricks or psychology to gain access to secured systems. The goal is to trick people into revealing passwords and other information.

Phishing and pharming  Phishing involves getting a user to enter personal information via a fake website. Paypal Ebay yahoo Pharming involves modifying DNS entries, which causes users to be directed to the wrong website when they visit a certain Web address.

Mitigating Social Engineering What makes attacks effective? Authority Intimidation Consensus / social proof Scarcity Urgency Familiarity / liking Trust What makes attacks ineffective? Policy and standard procedures Education and training Accounting (auditing and surveillance)

Malware Malware A general term for any type of unwanted software that does mischief or permanent damage to your computer. Malware is created by people to intentionally do mischief of damage to your computer Worms A piece of computer code that is able to send itself to many computers by taking control of a computers ability to transport files and information. They get into your computer via email.

Trojans and Spyware Trojans get into your computer via a program then damage and destroy programs and files. Spyware downloads into your computer without you knowing that. It can collect personal information about you such as passwords, credit card numbers and web sites you visit, and transmit this to a third party. It can also change the configuration of your computer, or put advertisements on your computer.

Adware – software that displays banners or pop- up ads on your computer. It downloads to your computer when you access certain internet sites, or when you agree to download it when using certain freeware or shareware.

Antivirus software Software that detects viruses coming into your computer and attempts to get rid of them.

Network Reconnaissance Reconnaissance attack is a kind of information gathering on network system and services. This enables the attacker to discover vulnerabilities or weaknesses on the network. Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities. 

Footprinting Footprinting - Process of collecting information about an organization, its network, its IP address ranges and the people who use them Footprinting is conducted through social engineering and by researching information from printed resources From online resources Footprinting tools/techniques Performing web reconnaissance DNS interrogation

Eavesdropping Network Eavesdropping or network sniffing is a network layer attack consisting of capturing packets from the network transmitted by others' computers and reading the data content in search of sensitive information like passwords, session tokens, or any kind of confidential information. The attack could be done using tools called network sniffers. These tools collect packets on the network and, depending on the quality of the tool, analyse the collected data like protocol decoders or stream reassembling

Man-in-the-Middle The man-in-the middle attack intercepts a communication between two systems. For example, in an http transaction the target is the TCP connection between client and server. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server. Once the TCP connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication.

Man-in-the-Middle

Denial of Service A denial-of-service (DoS) or distributed denial- of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. A DoS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet

Exploits Exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behaviour to occur on computer software, hardware, or something electronic (usually computerized). Such behaviour frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of- service attack.

Management Create a management and inspection plan Log and document management / maintenance / system reconfiguration activities

Incident Response Procedures and guidelines for dealing with security incidents Different goals Re-establish a secure working system Preserve evidence of the incident with the aim of prosecuting the perpetrators Prevent reoccurrence of the incident National Institute of Standards and Technology (NIST) Computer Security Incident Handling Guide Preparation Detection and Analysis Containment, Eradication, and Recovery Post-incident Activity

Patch Management Updates, patches, hotfixes, and service packs Update policies Windows Automatic Updates Windows / Office / Microsoft Update Linux / Mac OS downloadable updates Application updates Firmware

Training / Education