IT Security Basics Chapter 1

Security Basics

Introduction to Security

• Security threats: risks that can potentially harm computer systems, organizations, and web service providers
• Consequences of security threats: financial damages, leak of information, theft of private data, and disruption of services

Types of Security Threats

• Malicious Code (Malware)
  • Malicious code: application security threat that cannot be efficiently controlled by conventional antivirus software alone
  • Types of malicious code: attack scripts, viruses, worms, Trojan horses, backdoors, and malicious active content
  • Sources of malware: expert hackers, virus creation software, and criminals
• Hacking
  • Hacking: an attempt to exploit a computer system or private network inside a computer
  • Main goal of hacking: to gain some sort of benefit or satisfaction, such as profits, destruction of property, or private information
• Natural Disasters
  • Natural disasters: extreme, sudden events caused by environmental factors that injure people and damage property
  • Examples: floods, hurricanes, tornadoes, volcanic eruptions, earthquakes, and tsunamis
• Theft
  • Theft: physical removal of an object that is capable of being stolen without the consent of the owner and with the intention of depriving the owner of it permanently

Sources of Security Threats

• Internal Threats
  • Originate from within the organization
  • Examples: employees, contractors, or suppliers who could exploit a system to cause damage or steal data
• External Threats
  • Originate from outside the organization
  • Examples: physical threats, socio-economic threats, network security threats, communication threats, and human threats
• Structured Threats
  • Organized efforts to breach a specific network or organization
  • Examples: targeted attacks on a specific company or individual
• Unstructured Threats
  • Random and usually the result of an attacker identifying a vulnerability by scanning the network
  • Examples: automated attacks using scripts and tools available on the internet

Methods of Security Attacks

• Reconnaissance Attack
  • Gathering information about a target before launching an actual attack
  • Examples: port scanning, DNS reconnaissance, and network mapping
• Access Attack
  • Attempting to access another user's account or network device through improper means
  • Examples: hacking, brute force attacks, and unauthorized access
• Denial of Service (DoS) Attack
  • Flooding a system or network with traffic to make it unavailable to users
  • Examples: targeted attacks on a website or network
• Distributed Denial of Service (DDoS) Attack
  • Multiple compromised systems used to target a single system, causing a Denial of Service (DoS) attack
  • Examples: attacks on high-profile websites or organizations
• Malicious Code Attack
  • Using malicious code to cause undesired effects, security breaches, or damage to a system
  • Examples: viruses, worms, Trojan horses, and backdoors

Social Engineering

• Social Engineering +Manipulating people to give up confidential information
  • Examples: phishing, pretexting, and vishing
• Phishing
  • Tricking individuals into giving up confidential information through email or other online means
  • Examples: fraudulent emails, fake websites, and scams
• Vishing
  • Using the telephone to scam individuals into surrendering private information
  • Examples: fraudulent phone calls, scams, and identity theft### Introduction to Security
• Information security protects information from a wide range of threats
• It preserves an organization's value

Goals of Security

Confidentiality

• Protecting information from unauthorized access, use, disclosure, disruption, modification, or destruction
• Ensuring that only authorized individuals can access important information
• Examples: keeping credit card numbers secure during online transactions, only allowing authorized parties to view sensitive information

Integrity

• Guarding against improper information modification or destruction
• Ensuring that the information is correct and no unauthorized person or malicious software has altered the data
• Examples: preventing attackers from changing the amount of a purchase, ensuring data is accurate and reliable

Availability

• Ensuring timely and reliable access to and use of information
• Ensuring that data is accessible to authorized users
• Examples: ensuring that data is not "locked up" so tight that no one can access it, having backups in place to ensure data availability

Attackers and Hackers

• Attacker: an individual or organization performing malicious activities
• Hacker: a skilled computer expert, but the term has become associated with a "security hacker" who uses technical knowledge to break into computer systems
• Types of hackers:
  • Cracker: an individual who attempts to gain unauthorized access to network resources with malicious intent
  • Phreaker: an individual who manipulates the phone network to cause it to perform a function that is normally not allowed
  • Script kiddies: unskilled individuals who use scripts or programs developed by others to attack computer systems and networks
  • Cybercriminals: individuals who commit crimes involving computers and networks
  • Spammer: an individual who sends large numbers of unsolicited e-mail messages
  • White hat: an individual who uses their abilities to find vulnerabilities in systems or networks and reports them to the owners
  • Black hat: an individual who uses their knowledge of computer systems to break into systems or networks that they are not authorized to use

Network Scanning

• Nmap (Network Mapper): a free, open-source tool for vulnerability scanning and network discovery
• Types of scans:
  • TCP scan: checks for open ports and services
  • UDP scan: checks for open UDP ports
  • SYN scan: a type of TCP scan that sends a SYN packet to a target to determine if a port is open
  • ACK scan: determines if a port is filtered or not
  • FIN scan: a type of TCP scan that sends a FIN packet to a target to determine if a port is open
  • NULL scan: a type of TCP scan that sends a packet with no flags set to a target to determine if a port is open
  • XMAS scan: a type of TCP scan that sets multiple flags in a packet to a target to determine if a port is open
  • RPC scan: discovers machines that respond to Remote Procedure Call (RPC) services

Netstat

• A program that displays active Internet connections, routing tables, and interface statistics
• Can be used to show active connections, routing tables, and interface statistics
• Available in Windows and Linux operating systems

NetScan

• A powerful, flexible network monitoring system that extracts information directly from the control and user plane
• Offers continuous monitoring of 100% of transactions in real-time
• Captures, processes, consolidates, and stores data for real-time or historic reporting

Data Wiping

• Deleting files from a hard drive does not remove them completely from the computer
• Data wiping, also known as secure erase, is a software-based method of overwriting data to prevent recovery
• Methods of data wiping:
  • ICMP (ping)
  • Script
  • AWS scan

Hard Drive Destruction

• Destroying a hard drive is the best option for companies with sensitive data
• Methods of hard drive destruction:
  • Drilling holes through a drive's platters
  • Shattering the platters with a hammer
  • Safely disposing of the pieces

Hard Drive Recycling

• Hard drives that do not contain sensitive data can be reformatted and used in other computers

• Types of formatting:

  • Standard format: a high-level format that creates a boot sector and sets up a file system
  • Low-level format: a low-level format that marks the surface of the disk with sector markers to indicate where data will be stored physically on the disk### Confidentiality, Integrity, and Availability

• The CIA triad consists of three primary components: confidentiality, integrity, and availability.

Hackers vs Attackers

• A hacker is a skilled computer expert who uses their technical knowledge to overcome a problem.
• An attacker, on the other hand, is an individual or organization performing malicious activities, such as attempting to destroy, expose, alter, disable, steal, or gain unauthorized access to or make unauthorized use of an asset.

Types of Hackers

• Black Hat: a malicious hacker who uses their skills for illegal or unethical purposes.
• White Hat: a security hacker who uses their skills to help organizations protect themselves against threats.
• Phreaker: a hacker who specializes in telecommunication systems and networks.
• Cracker: a malicious hacker who uses their skills to break into secure systems.
• Script Kiddies: inexperienced hackers who use pre-existing scripts and tools to launch attacks.
• Spammer: a hacker who sends large amounts of spam or unwanted emails.
• Cybercriminal: a hacker who uses their skills to commit crimes, such as stealing sensitive information or money.