Skip to main content

L12: Cyber Security Threats | Viruses,Worms,Trojan Horse,Bombs,Trapdoors,Spoofs,E-mail Viruses

L12: Cyber Security Threats | Viruses,Worms,Trojan Horse,Bombs,Trapdoors,Spoofs,E-mail Viruses

Security threat

Whenever an individual or an organization creates a web site or has a web presence, they are vulnerable to security attacks. Security attacks are mainly aimed at stealing, altering or destroying personal and confidential information, stealing the hard drive space, illegally accessing passwords to get to the private account information from the online banking services.

In network security, the three common terms used are as follows:

 ■ Vulnerability—A weakness that is inherent in every network and device. This includes routers, switches, desktops, servers, and even security devices themselves.

Threats—The people eager, willing, and qualified to take advantage of each security weakness, and they continually search for new exploits and weaknesses.

Attacks—The threats use a variety of tools, scripts, and programs to launch attacks against networks and network devices. Typically, the network devices under attack are the endpoints, such as servers and desktops.

1.1 Vulnerabilities

 Vulnerabilities in network security can be summed up as the “soft spots” that are present in every network. The vulnerabilities are present in the network and individual devices that make up the network. Networks are typically plagued by one or all of three primary vulnerabilities or weaknesses:

 ■ Technology weaknesses

■ Configuration weaknesses

Security policy weaknesses (in unit 1notes)

 

1.2 Threats (cover from active attacks in unit1)

 

1.3Attacks Four primary classes of attacks exist:

■ Reconnaissance

■ Access

■ Denial of service

■ Worms, viruses, and Trojan horses

 

Reconnaissance:

 Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities (see Figure 1-13). It is also known as information gathering and, in most cases, it precedes an actual access or denial-of-service (DoS) attack. Reconnaissance is somewhat analogous to a thief casing a neighborhood for vulnerable homes to break into, such as an unoccupied residence, easy-to-open doors, or open windows.

 

Access System:

Access is the ability for an unauthorized intruder to gain access to a device for which the intruder does not have an account or a password. Entering or accessing systems to which one does not have authority to access usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked.

 

Denial of Service (DoS) :

Denial of service implies that an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable. But DoS can also be as simple as deleting or corrupting information. In most cases, performing the attack simply involves running a hack or script. The attacker does not need prior access to the target because a way to access it is all that is usually required. For these reasons, DoS attacks are the most feared.                                                                                                   

 

Virues:

A computer virus is a malicious program that self-replicates by copying itself to another program. In other words, the computer virus spreads by itself into other executable code or documents. The purpose of creating a computer virus is to infect vulnerable systems, gain admin control and steal user sensitive data. Hackers design computer viruses with malicious intent and prey on online users by tricking them.

A virus can be spread by opening an email attachment, clicking on an executable file, visiting an infected website or viewing an infected website advertisement. It can also be spread through infected removable storage devices, such USB drives. Once a virus has infected the host, it can infect other system software or resources modify or disable core functions or applications, as well as copy, delete or encrypt data. Some viruses begin replicating as soon as they infect the host, while other viruses will lie dormant until a specific trigger causes malicious code to be executed by the device or system.

 

Types of Computer Viruses:

computer virus is one type of malware that inserts its virus code to multiply itself by altering the programs and applications. The computer gets infected through the replication of malicious code.

Computer viruses come in different forms to infect the system in different ways. Some of the most common viruses are:

Boot Sector Virus – This type of virus infects the master boot record and it is challenging and a complex task to remove this virus and often requires the system to be formatted. Mostly it spreads through removable media.

Direct Action Virus – This is also called non-resident virus, it gets installed or stays hidden in the computer memory. It stays attached to the specific type of files that it infect. It does not affect the user experience and system’s performance.

Resident Virus – Unlike direct action viruses, resident viruses get installed on the computer. It is difficult to identify the virus and it is even difficult to remove a resident virus.

Multipartite Virus – This type of virus spreads through multiple ways. It infects both the boot sector and executable files at the same time.

Polymorphic Virus – These type of viruses are difficult to identify with a traditional anti-virus program. This is because the polymorphic viruses alters its signature pattern whenever it replicates.

Overwrite Virus – This type of virus deletes all the files that it infects. The only possible mechanism to remove is to delete the infected files and the end-user has to lose all the contents in it. Identifying the overwrite virus is difficult as it spreads through emails.

Spacefiller Virus – This is also called “Cavity Viruses”. This is called so as they fill up the empty spaces between the code and hence does not cause any damage to the file.

 

Worms:

An Internet worm is type of malicious software (malware) that self-replicates and distributes copies of itself to its network. These independent virtual viruses spread through the Internet, break into computers, and replicate without intervention from and unbeknownst to computer users.

A computer worm is a type of malware that spreads copies of itself from computer to computer. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage.

To spread, worms either exploit vulnerability on the target system or use some kind of social engineering to trick users into executing them. A worm enters a computer through a vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided. More advanced worms leverage encryption, wipers, and ransom ware technologies to harm their targets.

 

Trojan horse:

A Trojan is also known as Trojan horse. It is a type of malicious software developed by hackers to gain access to target users' systems. Users are typically tricked by some attractive social media adds who then directed to malicious website thereby loading and executing Trojans on their systems. Cyber-criminals use Trojans to spy on the victim user, gain illegal access to the system to extract sensitive data.

These actions can include:

  • Deletes Data
  • Copies data
  • Modifies Data
  • Blocks Data

Trojan horse is not able to replicate itself, nor can it propagate without an end user's assistance. This is why attackers must use social engineering tactics to trick the end user into executing the Trojan. Typically, the malware programming is hidden in an innocent-looking email attachment or free download. When the user clicks on the email attachment or downloads the free program, the malware that is hidden inside is transferred to the user's computing device. Once inside, the malicious code can execute whatever task the attacker designed it to carry out.

 

Characteristics of a Trojan horse          

 

When a Trojan horse becomes active, it puts sensitive user data at risk and can negatively impact performance. Once a Trojan has been transferred, it can:

  • Give the attacker backdoor control over the computing device.
  • Record keyboard strokes to steal the user's account data and browsing history.
  • Download and install a virus or worm to exploit vulnerability in another program.
  • Install ransomwareto encrypt the user's data and extort money for the decryption key.
  • Activate the computing device's camera and recording capabilities.

 

Bombs:

A logic bomb is a piece of code inserted into an operating system or software application that implements a malicious function after a certain amount of time, or specific conditions are met. Logicbombs are often used with viruses, worms, and trojan horses to time them to do maximum damage before being noticed.

Some logic bombs can be detected and eliminated before they execute through a periodic scan of all computer files, including compressed files, with an up-to-date anti-virus program.

 

Trapdoors:

A computer trapdoor, also known as a back door, provides a secret -- or at least undocumented -- method of gaining access to an application, operating system or online service. Programmers write trapdoors into programs for a variety of reasons. Left in place, trapdoors can facilitate a range of activities from benign troubleshooting to illegal access.

TrapDoor does not spread automatically using its own means. It needs the attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.

Spoofing mean?

Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security.

Email spoofing is one of the best known spoofs. Since core SMTP fails to offer authentication, it is simple to forge and impersonate emails. Spoofed emails may request personal information and may appear to be from a known sender. Such emails request the recipient to reply with an account number for verification. The email spoofer then uses this account number for identity theft purposes, such as accessing the victim's bank account, details changing contact etc.

The attacker (or spoofer) knows that if the recipient receives a spoofed email that appears to be from a known source, it is likely to be opened and acted upon. So a spoofed email may also contain additional threats like Trojans or other viruses. These programs can cause significant computer damage by triggering unexpected activities, remote access, deletion of files and more.

 

Email virus:

An email virus is a virus that is sent with or attached to email communications. While many different types of email viruses work in different ways, there also are a variety of methods used to counteract such challenging cyber attacks.

Email viruses are often connected with phishing attacks in which hackers send out malicious email messages that look as if they are originated from legitimate sources, including the victim's bank, social media, internet search sites or even friends and co-workers. The attacker's goal, in these cases, is to trick users into revealing personal information, such as the victim's usernames, full names and addresses, passwords, Social Security numbers or payment card numbers.

 

Macro Virus:

A macro virus is a computer virus that replaces a macro, which is what enables a program to work and instigates a designated group of actions and commands. When these actions and commands are replaced by a virus, this can cause significant harm to a computer. 

Malicious Software (Malware):

Malicious software, commonly known as malware, is any software that brings harm to a computer system. Malware can be in the form of worms, viruses, Trojans, spyware, adware and rootkits, etc., which steal protected data, delete documents or add software not approved by a user.

Malicious software (malware) is any software that gives partial to full control of your computer to do whatever the malware creator wants. Malware can be a virus, worm, trojan, adware, spyware, root kit, etc. The damage done can vary from something slight as changing the author's name on a document to full control of your machine without your ability to easily find out. Most malware requires the user to initiate it's operation. Some vectors of attack include attachments in e-mails, browsing a malicious website that installs software after the user clicks ok on a pop-up, and from vulnerabilities in the operating system or programs. Malware is not limited to one operating system.

 

Spam

Spam is electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited email. However, if a long-lost brother finds your email address and sends you a message, this could hardly be called spam, even though it is unsolicited. Real spam is generally email advertising for some product sent to a mailing list or newsgroup.

Spam refers to the use of electronic messaging systems to send out unrequested or unwanted messages in bulk.

In addition to wasting people's time with unwanted email, spam also eats up a lot of network bandwidth. Consequently, there are many organizations, as well as individuals, who have taken it upon themselves to fight spam with a variety of techniques. But because the Internet is public, there is really little that can be done to prevent spam, just as it is impossible to prevent junk mail. However, some online services have instituted policies to prevent spammers from spamming their subscribers.

 

Denial-of-Service Attack (DoS)

A denial-of-service attack is a security event that occurs when an attacker takes action that prevents legitimate users from accessing targeted computer systems, devices or other network resources.

In a DoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses. The network or server will not be able to find the return address of the attacker when sending the authentication approval, causing the server to wait before closing the connection. When the server closes the connection, the attacker sends more authentication messages with invalid return addresses. Hence, the process of authentication and server wait will begin again, keeping the network or server busy.

A DoS attack can be done in a several ways. The basic types of DoS attack include:

  1. Flooding the network to prevent legitimate network traffic
  2. Disrupting the connections between two machines, thus preventing access to a service
  3. Preventing a particular individual from accessing a service.
  4. Disrupting a service to a specific system or individual
  5. Disrupting the state of information, such resetting of TCP sessions

Difference between Hackers & attackers:               

A computer hacker is any skilled computer expert that uses their technical knowledge to overcome a problem. While "hacker" can refer to any skilled computer programmer, the term has become associated in popular culture with a "security hacker", someone who, with their technical knowledge, uses bugs or exploits to break into computer systems.

An attacker is any attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset. Thus an attacker is the individual or organization performing these malicious activities.

 

 

E-Commerce Threats:

The exchange or buying and selling of commodities on a large scale involving transportation from place to place is known as commerce. E-Commerce is the application of technology toward the automation of business transaction and workflows, delivery of information, products or services, buying and selling of products over internet.

E-commerce is taking advantage of distance selling the great advantages offered by new information technologies, such as the extension of the offer , the interactivity and immediacy of purchase, with the difference that you can buy and sell to whom you want , and where and when they want. There are increased opportunities to enhancing the business efficiency and reducing the incurred costs by the computer applications of e-commerce as it enables a tighter integration with the several linkages.

The medium of electronic that is referred as the internet has the power and tendency for reducing actual time of transactions and the overall processing time radically. One of the critical issues in e-commerce success is security. Security is directly related to the issue of trust and confidence between buyer and seller and extremely sensitive personal information.

Security is the component that affects e-commerce which includes Computer Security, Data Security and other areas. Security is one of the concern which is affecting customer and organizations trade. Web application which is offering online payment system (net banking, credit card, debit card, PayPal or other token) are at more risk from being targeted and there is big loss if data is being hacked. The e-commerce website those offering online payment are giving guidelines for securing systems and networks available for the ecommerce system

 

There are various types of e-commerce threats. Some are accidental, some are purposeful, and some of them are due to human error. The most common security threats are phishing attacks, money thefts, data misuse, hacking, credit card frauds and unprotected services.

Malicious code threats-These code threats typically involve viruses, worms, Trojan horses.

Inaccurate management-One of the main reason to e-commerce threats is poor management. When security is not up to the mark it poses a very dangerous threat to the networks and systems. Also security threats occur when there are no proper budgets are allocated for purchase of anti-virus software licenses.

Price Manipulation-Modern e-commerce systems often face price manipulation problems. These systems are fully automated; right from the first visit to the final payment getaway. Stealing is the most common intention of price manipulation. It allows an intruder to slide or install a lower price into the URL and get away with all the data.

Wi-Fi Eavesdropping-It is also one of the easiest ways in e-commerce to steal personal data. It is like a “virtual listening” of information which is shared over a Wi-Fi network which is not encrypted. It can happen on public as well as on personal computers.

 

Ways to prevent e-commerce threats

Encryption-It is the process of converting a normal text into an encoded text which cannot be read by anyone except by the one who sends or receives the message.

Having digital certificates

It is a digital certificate which is issued by a reliable third party company. A digital certificate contains the following things the name of the company, the most important digital certificate serial number, expiry date and date of issue.

Perform a security audit-a routine examination of the security procedures of the firm.

L10: Data Security Consideration| Data Backup Rules| Data Archive Storage| Data Disposal in Hindi

L10: Data Security Consideration| Data Backup Rules| Data Archive Storage| Data Disposal in Hindi

Internet Security:

The internet is a network of networks, connecting billions of computers located at various points. Networking helps users to gain a way to information resources like database and to other users.

Internet security is a catch-all term for a very broad issue covering security for transactions made over the Internet. Generally, Internet security encompasses browser security, the security of data entered through a Web form, and overall authentication and protection of data sent via Internet Protocol.

Internet security relies on specific resources and standards for protecting data that gets sent through the Internet. This includes a secure Web setup includes firewalls, which block unwanted traffic, and anti-malware, anti-spyware and anti-virus programs that work from specific networks or devices to monitor Internet traffic for dangerous attachments.

Internet security is generally becoming a top priority for both businesses and governments. Good Internet security protects financial details and much more of what is handled by a business or agency’s servers and network hardware. Insufficient Internet security can threaten to collapse an e-commerce business or any other operation where data gets routed over the Web.

Security and Network Security Goals

Networked systems (simple apps, complex networks, complete IT infrastructures) operate in environments involving different interconnected parties each with their own goals, which may not match with the goals of other parties of the system as whole. As such it is essential to consider, in addition to the functional requirements of systems (i.e. what the systems should achieve) also its security requirements.

Security requirements are expressed in terms of security attributes that express goals that one may want to achieve to call a system ‘secure’. The most commonly used and widely accepted security attributes are Confidentiality, i.e. ‘my information stays secret’, Integrity, i.e. ‘my information stays correct’, and Availability, i.e. ‘I can get at my information’ (sometimes called the C-I-A triad.)

 

Backup

Having a backup these days is mandatory for any organization concerned with their information and data. A file backup is a copy of a file that is stored in a separate location from the original. Backing up is making copies of data which may be used to restore the original after a data loss event. This new copy of data is the Backup. You can have multiple backups of a file if you want to track changes to the file.

Why we Backup?

There are many reasons why your organization may want to back up their data. The primary reason is to recover data after its loss. The loss can occur by accidental deletion, a virus attack, or a software or hardware failure. If any of those things occur and your files are backed up, you can easily restore those files. Preventing events that result in loss of data is most desired, but backing up data provides the protection for data after a system failure. Individual computers being backed up are different than servers being backed up. Individual computer users can back up their own information when desired and using methods they desire, whereas data on organization servers need more formal backup procedures.

 

Types of backup:

Full Backup

Full backup is a method of backup where all the files and folders selected for the backup will be backed up. The advantage of this backup is restores are fast and easy as the complete list of files are stored each time. The disadvantage is that each backup run is time consuming as the entire list of files is copied again. 

FTP Backup

This is a kind of backup where the backup is done via FTP (File Transfer Protocol) over the Internet to an FTP Server. Typically the FTP Server is located in a commercial data centre away from the source data being backed up. 

Cloud Backup

This term is often used interchangeably with Online Backup and Remote Backup.  It is where data is backed up to a service or storage facility connected over the Internet. 

Offsite Backup

When the backup storage media is kept at a different geographic location from the source, this is known as an offsite backup. The backup may be done locally at first but once the storage medium is brought to another location, it becomes an offsite backup.  Examples of offsite backup include taking the backup media or hard drive home, to another office building or to a bank safe deposit box.

Remote Backup

Remote backups are a form of offsite backup with a difference being that you can access, restore or administer the backups while located at your source location or other location. You do not need to be physically present at the backup storage facility to access the backups.

Archival storage of data:

This identifies the different steps involved in the data creation process, from data creation & retention for reuse or archiving. The decisions to retain data include:

  • Effective use of storage resources for data which has long term value.
  • Reduced volume of data making it easier to manage & maintain descriptive metadata records.
  • Reduced storage costs.
  • Efficient & effective file organization for quick use.

The data must be retain in order to satisfy:

  • Needs in the present day
  • Future need
  • Compliance with policies

 

Disposal of data:

Confidential electronic and paper information must be disposed of securely to minimise the risk of unwanted disclosure. Confidential information is information which if improperly disclosed or lost could cause harm or distress. This includes personal data as defined by the Data Protection act, i.e. information about a living individual where that individual could be identified, and other valuable or sensitive information not in the public domain.

Disposal is an important part of records management. Properly done, it ensures that the organization retains records for as long as they are needed and then, when they are no longer needed, destroys them in an appropriate manner or disposes of them in some other way, e.g. by transfer to an archives service. A managed disposal process has several benefits:

  • it avoids unnecessary storage costs incurred by using office or server space to maintain records no longer needed by the organization
  • it supports compliance with the 5th data protection principle if records contain personal information (this principle requires organizations not to keep personal information for longer than necessary)1
  • finding and retrieving information is quicker and easier because there is less to search
  • responding to Freedom of Information (FOI) requests is more efficient.

Making disposal decisions

Making disposal decisions is about deciding two things:

  • how long records should be kept, i.e. their retention period
  • what should happen at the end of that period

Implementing disposal decisions

Making a disposal decision is an important first step but to realize the benefits identified above you need to implement the decisions in a timely and effective way. This means monitoring retention periods and taking appropriate disposal action when they come to an end. This disposal action will be one of the following:

  • destruction of records
  • transfer of records to an in-house or external archives service
  • a further review of records (if necessary)
  • transfer of records to a successor body (if applicable).

Benefits of disposal schedules

The main benefits of disposal schedules are:

  • clear instructions on what happens to records when they are no longer needed to support the business
  • definitive periods of time for which records should be kept and remain accessible
  • consistency in retention of records across the organization
  • evidence of compliance with legal and regulatory requirements for the retention of records

Contents of disposal schedules

The disposal schedule should provide sufficient information for the records covered by each disposal class to be identified and the disposal decision put into effect. What details should be included will vary from organization to organization and will depend on factors such as:

  • Technology – whether the records are in physical or digital format or a hybrid of both (this will determine whether the format of each disposal class needs to be specified in the schedule)
  • Location – if records are held on several sites or in several systems it may be necessary precisely to specify where they are stored
  • Storage arrangements – if records are moved off-site or off-line, it may be necessary to specify when this should take place
  • The size of the organization – if the organization is large enough to be broken down into separate business units, the creating business unit or, alternatively, the function should be specified.

L9: Application Security | Database Security| Email Security| Internet Security in hindi

L9: Application Security | Database Security| Email Security| Internet Security in hindi

Application security:

Application security is the use of software, hardware, and procedural methods to protect applications from external threats. Security is becoming an increasingly important concern during development as applications become more frequently accessible over networks.Actions taken to ensure application security are sometimes called countermeasures.

Database Security:

Database security is the protection of the database against intentional and unintentional threats that may be computer-based or non-computer-based. Database security is the business of the entire organization as all people use the data held in the organization's database and any loss or corruption to data would affect the day-to-day operation of the organization and the performance of the people. Therefore, database security encompasses hardware, software, infrastructure, people and data of the organization. 

  1. Threats to a Database:

A threat is any situation or event, either intentional or unintentional that may affect a system and organization. Whether the threat is intentional or unintentional, the impact may be the same. The threats may be caused by a situation or event that involves a person, action or circumstance that is likely to produce harm to someone or to an organization. The harm may be tangible like loss of hardware, software or data. The harm may also be intangible like loss of credibility or client confidence and trust. Threats to data security may be a direct and intentional threat to the database.

Those who gain unauthorized access to a database like computer hackers may steal or change the data in the database. And they would have to have special knowledge in order to do so.

2.     Data Tampering 

Privacy of communications is essential to ensure that data cannot be modified or viewed in transit. The chances of data tampering are high in case of distributed environments as data moves between sites. In a data modification attack, an unauthorized party on the network intercepts data in transit and changes that data before retransmitting it.

3.     Falsifying User Identities

In a distributed environment, it becomes more feasible for a user to falsify an identity to gain access to sensitive and important information. Criminals attempt to steal users' credit card numbers, and then make purc~1ases against the accounts. Or they steal other personal data, such as bank account numbers and driver's license numbers etc.

4.     Password-Related Threats

In large systems, users must remember multiple passwords for the different applications and services that they use. Users typically respond to the problem of managing multiple passwords in several ways:

  • They may select easy-to-guess password
  • They may also choose to standardize passwords so that they are the same on all machines or websites.

Security Levels

To protect the database, we must take security measures at several levels:

  • Physical:The sites containing the computer systems must be secured against armed or surreptitious entry by intruders.
  • Human:Users must be authorized carefully to reduce the chance of any such user giving access to an intruder in exchange for a bribe or other favors .
  • Operating System: No matter how secure the database system is, weakness in operating system security may serve as a means of unauthorized access to the database.
  • Network:Since almost all database systems allow remote access through terminals or networks, software-level security within the network software is as important as physical security, both on the Internet and in networks private to an enterprise.

 

Data Security methods

Confidentiality

A secure system ensures the confidentiality of data. This means that it allows individuals to see only the data they are supposed to see. Confidentiality has several aspects like privacy of communications, secure storage of sensitive data, authenticated users and authorization of users.

Privacy of Communications

The DBMS should be capable of controlling the spread of confidential personal information such as health, employment, and credit records. It should also keep the corporate data such as trade secrets, proprietary information about products and processes, competitive analyses, as well as marketing and sales plans secure and away from the unauthorized people.

Authentication

One of the most basic concepts in database security is authentication, which is quite simply the process by which it system verifies a user's identity, A user can respond to a request to authenticate by providing a proof of identity, or an authentication token

Eg: If you have ever been asked to show a photo ID (for example, when opening a bank account), you have been presented with a request for authentication. You proved your identity by showing your driver's license (or other photo ID). In this case, your driver's license served as your authentication token.

Authorization

An authenticated user goes through the second layer of security, authorization. Authorization is the process through which system obtains information about the authenticated user, including which database operations that user may perform and which data objects that user may access. Example: an authorization document.

E-mail Security:

Email security describes various techniques for keeping sensitive information in email communication and accounts secure against unauthorized access, loss, or compromise. Email is a popular medium for the spread of malware, spam, and phishing attacks, using sensitive information, open attachments or click on hyperlinks that install malware on the device.

Email security refers to the collective measures used to secure the access and content of an email account or service. It allows an individual or organization to protect the overall access to one or more email addresses/accounts.An email service provider implements email security to secure subscriber email accounts and data from hackers - at rest and in transit.

The Need for Email Security:

Email security is a broad term that encompasses multiple techniques used to secure an email service. From an individual/end user standpoint, proactive email security measures include:

  • Strong passwords
  • Password rotations
  • Spam filters
  • Desktop-based anti-virus/anti-spam applications

Similarly, a service provider ensures email security by using strong password and access control mechanisms on an email server; encrypting and digitally signing email messages when in the inbox or in transit to or from a subscriber email address. It also implements firewall and software-based spam filtering applications to restrict unsolicited, untrustworthy and malicious email messages from delivery to a user’s inbox.

It is very easy to spoof an e-mail message and alter the name in the form field. All attacker requires to modify information within the preference section of his/her mail & restart the application. This is the act of sending spoofed messages that pretend to originate from a source the user trusts and has a business relation with such as a bank.

L8: Security Risk Analysis | Steps in Security Analysis| Types of Risk Analysis in hindi

L8: Security Risk Analysis | Steps in Security Analysis| Types of Risk Analysis in hindi

Security Risk Analysis.

security risk analysis is a procedure for estimating the risk to computer related assets and loss because of manifested threats. The procedure first determines an asset's level of vulnerability by identifying and evaluating the effect of in-place countermeasures. An asset's level of vulnerability to the threat population is determined solely by countermeasures [controls/safeguards] that are in-place at the time the risk analysis is done.

A security risk analysis defines the current environment and makes recommended corrective actions if the residual risk is unacceptable. Risk analysis is a vital part of any ongoing security and risk management program. The risk analysis process should be conducted with sufficient regularity to ensure that each agency's approach to risk management is a realistic response to the current risks associated with its information assets. Management must then decide on whether to accept the residual risk or to implement the recommended actions.

Risk Analysis Terminology :

Asset - Anything with value and in need of protection.

Threat - An action or potential action with the propensity to cause damage.

Vulnerability - A condition of weakness. If there were no vulnerabilities, there would be no concern for threat activity.

Countermeasure - Any device or action with the ability to reduce vulnerability.

Expected Loss - The anticipated negative impact to assets due to threat manifestation.

Impact - Losses as a result of threat activity are normally expressed in one or more impact areas.

 

Security Risk Assessments:

Risk assessment – the process of identifying, analyzing and evaluating risk – is the only way to ensure that the cyber security controls you choose are appropriate to the risks your organization faces.

Without a risk assessment to inform your cyber security choices, you could waste time, effort and resources – there is, after all, little point implementing measures to defend against events that are unlikely to occur or won’t have much material impact on your organization.

A cyber security risk assessment identifies the various information assets that could be affected by a cyber-attack (such as hardware, systems, laptops, customer data and intellectual property), and then identifies the various risks that could affect those assets.

A risk estimation and evaluation is usually performed, followed by the selection of controls to treat the identified risks. It is important to continually monitor and review the risk environment to detect any changes in the context of the organization, and to maintain an overview of the complete risk management process.

When going through the process it’s important to keep in mind that there are different categories of risk that may affect organization. Here’s what they are:

Strategic risk is related to adverse business decisions, or the failure to implement appropriate business decisions in a manner that is consistent with the institution’s strategic goals.

Reputational risk is related to negative public opinion.

Operational risk is related to loss resulting from inadequate or failed internal processes, people, and systems, or from external events.

Transactional risk is related to problems with service or product delivery.

Compliance risk is related to violations of laws, rules, or regulations, or from noncompliance with internal policies or procedures or business standards.

L7: Information Assurance in Cyber Security | Integrity | Availability|Authentication| in Hindi

L7: Information Assurance in Cyber Security  | Integrity | Availability|Authentication| in Hindi

Information Assurance (IA): Information Read More

L6: Threat to Information System | Accidental Threat| Intentional Threat| Passive and Active Attack

L6: Threat to Information System | Accidental Threat| Intentional Threat| Passive and Active Attack

Security attacks may be divided into these two main categories:

  • Passive attacks.
  • Active attacks.

Passive attacks:

Passive attacks attempt to learn or make use of information from the system but do not affect system resources. A passive attack is one where the attacker only monitors the communication channel. A passive attacker only threatens the confidentiality of data. Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted.

Two types of passive attacks are related to message contents and traffic analysis:

  • Eavesdropping. In general, the majority of network communications occur in an unsecured or "cleartext" format, which allows an attacker who has gained access to data paths in the network to "listen in" or interpret (read) the data exchanged over the network. The ability of an eavesdropper to monitor the network is generally the biggest security problem that administrators face in an enterprise. Without strong encryption services that are based on cryptography, the data can be read by others as it traverses the network.
  • Traffic analysis. It refers to the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic.

Active attacks:

Active attacks attempt to alter system resources or affect their operation. This type of attack is one where the adversary attempts to delete, add, or in some other way alter the transmission on the channel. An active attacker threatens data integrity and authentication as well as confidentiality.

Active attacks involve some modification of the data stream or the creation of a false stream and can be divided into six categories:

  • Masquerade. It is a type of attack where the attacker pretends to be an authorized user of a system in order to gain access to it or to gain greater privileges than they are authorized for.
  • Replay. In this kind of attack, valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits them, possibly as part of a masquerade attack.
  • Modification of messages. The attacker removes a message from the network traffic, alters it, and reinserts it.
  • Man in the Middle (MitM). In this kind of attacks, an intruder intercepts communications between two parties, usually an end user and a website. The attacker can use the information accessed to commit identity theft or other types of fraud.
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS). Denial of service implies that an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable. But DoS can also be as simple as deleting or corrupting information. In most cases, performing the attack simply involves running a hack or script. The attacker does not need prior access to the target because a way to access it is all that is usually required. For these reasons, DoS attacks are the most feared.
  • Advanced Persistent Threat (APT). It is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than cause damage to the network or organization. APT attacks target organizations in sectors with high-value information, such as national defense, manufacturing and the financial industry.

From the point of view of the attacker’s location, there exist two different kinds of attackers:

  • Inside attacker or insider,
  • Outside attacker or outsider.

An Insider is, in general, a person who has access to the internal computer network, and is therefore a legitimate user, but attempts to obtain unauthorized access to the data, system resources and services or misuses any authorized data.

An Outsider is generally a person who does not have authorized access to the internal computer network and wishes to enter into that network by using any vulnerable locations or security holes.

Threats

Threat: an object, person, or other entity that represents a constant danger to an asset

Management must be informed of the different threats facing the organization

By examining each threat category, management effectively protects information through policy, education, training, and technology controls

There are four primary classes of threats to network security.

■ Unstructured threats—Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. Even unstructured threats that are only executed with the intent of testing and challenging a hacker’s skills can still do serious damage to a company. For example, if an external company website is hacked, the integrity of the company is damaged. Even if the external website is separate from the internal information that sits behind a protective firewall, the public does not know that. All the public knows is that the site is not a safe environment to conduct business.

■ Structured threats— Structured threats come from hackers who are more highly motivated and technically competent. These people know system vulnerabilities and can understand and develop exploit code and scripts. They understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses. These groups are often involved with the major fraud and theft cases reported to law enforcement agencies.

■ External threats—External threats can arise from individuals or organizations working outside of a company. They do not have authorized access to the computer systems or network. They work their way into a network mainly from the Internet or dialup access servers.

■ Internal threats—Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network

As the types of threats, attacks, and exploits have evolved, various terms have been coined to describe different groups of individuals. Some of the most common terms are as follows:

■ Hacker—Hacker is a general term that has historically been used to describe a computer programming expert. More recently, this term is commonly used in a negative way to describe an individual who attempts to gain unauthorized access to network resources with malicious intent.

■ Cracker—Cracker is the term that is generally regarded as the more accurate word that is used to describe an individual who attempts to gain unauthorized access to network resources with malicious intent.

■ Phreaker—A phreaker is an individual who manipulates the phone network to cause it to perform a function that is normally not allowed. A common goal of phreaking is breaking into the phone network, usually through a payphone, to make free long-distance calls.

■ Spammer—A spammer is an individual who sends large numbers of unsolicited e-mail messages. Spammers often use viruses to take control of home computers to use these computers to send out their bulk messages.

■ Phisher—A phisher uses e-mail or other means in an attempt to trick others into providing sensitive information, such as credit card numbers or passwords. The phisher masquerades as a trusted party that would have a legitimate need for the sensitive information.

■ White hat—White hat is a term used to describe individuals who use their abilities to find vulnerabilities in systems or networks and then report these vulnerabilities to the owners of the system so that they can be fixed.

■ Black hat—Black hat is another term for individuals who use their knowledge of computer systems to break into systems or networks that they are not authorized to use

Types of Information Systems

Types of Information Systems

Types of Information Systems:

  1. Transaction Processing Systems

A transaction processing system provides a way to collect, process, store, display modify or cancel transactions. Most of these systems allow multiple transactions to take place simultaneously. The data that this system collects is usually stored in databases which can be used to produce reports such as billing, wages, inventory summaries, manufacturing schedules, or check registers.

  1. Management Information Systems

A management information system is an information system that uses the data collected by the transaction processing system and uses this data to create reports in a way that managers can use it to make routine business decisions in response to problems. Some of the reports that this information system creates are summary, exception and ad hoc reports. All this is done to increase the efficiency of managerial activity.

  1. Decision Support Systems

A decision support system helps make decisions by working and analyzing data that can generate statistical projections and data models. This system gives support rather than replacing a managers judgement while improving the quality of a managers decision. A DSS helps solve problems while using external data.

  1. Expert Systems and Neural Networks

An expert system, also known as a knowledge-based system, is a computer system that is designed to analyze data and produce recommendations, diagnosis and decisions that are controlled. A neutral system uses computers to foster the way a human brain may process information, learn and remember that information.

  1. Information Systems in Organizations

This information system collects, stores and processes data to give an organization real-time useful and accurate information. This information system encompasses data gathering information from the people and machines that collect, process, output and store data. Also in the networks that transmit and receive data and the procedures that govern the way data is handled.

What is Cyber Secirity, Neeeed of CS and History of CS.

What is Cyber Secirity, Neeeed of CS and History of CS.

Namaskar, 

In Today's lecture, I will cover the Introduction to Cyber Security of subjectCyber Security which is one of the Important subjects of professional courses.

Information systems: Information systems are the software and hardware systems that support data-intensive applications. Such a system may be as simple as a 3x5 card catalogue system on a desk, or a desktop calendar. Or, it may be as complicated as a multi-node computer database system used to manage vast quantities of related information.

The six components that must come together in order to produce an information system are:

  1. Hardware: The term hardware refers to machinery. This category includes the computer itself, which is often referred to as the central processing unit (CPU), and all of its support equipment. Among the support equipment’s are input and output devices, storage devices and communications devices.
  2. Software: The term software refers to computer programs and the manuals (if any) that support them. Computer programs are machine-readable instructions that direct the circuitry within the hardware parts of the system to function in ways that produce useful information from data. Programs are generally stored on some input/output medium, often a disk or tape.
  3. Data: Data are facts that are used by programs to produce useful information. Like programs, data are generally stored in machine-readable form on disk or tape until the computer needs them.
  4. Procedures: Procedures are the policies that govern the operation of a computer system. "Procedures are to people what software is to hardware" is a common analogy that is used to illustrate the role of procedures in a system.
  5. People: Every system needs people if it is to be useful. Often the most overlooked element of the system is the people, probably the component that most influence the success or failure of information systems. This includes "not only the users, but those who operate and service the computers, those who maintain the data, and those who support the network of computers."
  6. Feedback: it is another component of the IS, that defines that an IS may be provided with feedback (Although this component isn't necessary to function).
 
NewsletterFor latest information