SAMREV.docx
Transcript
**COMPUTER SECURITY** - refers to the practice of protecting computer systems, networks, and data from unauthorized access, attacks, and damage. - is also known as cyber security or IT security - Is the protection of computer systems from the theft or damage to their hardware, software or...
**COMPUTER SECURITY** - refers to the practice of protecting computer systems, networks, and data from unauthorized access, attacks, and damage. - is also known as cyber security or IT security - Is the protection of computer systems from the theft or damage to their hardware, software or information **DIFFERENT ELEMENTS IN COMPUTER SECURITY** - **CONFIDENTIALITY -** is the concealment of information or resources - **INTEGRITY -** is the trustworthiness of data in the systems or resources by the point of view of preventing unauthorized and improper changes - **AVAILABILITY -** refers to the ability to access data of a resource when it is needed, as such the information has value only if the authorized people can access at right time **TYPES OF ATTACKERS** - **HACKERS -** are individuals with advanced technical skills who seek to exploit vulnerabilities in computer systems for various purposes. - **INSIDERS -** are individuals who already have authorized access to a system or organization\'s resources. - **STATE-SPONSORED ACTORS** - actors are like highly trained and well-equipped cyber spies who work for a country\'s government. **The security vs. usability trade-off** Is a balancing act between implementing strong security measures and ensuring user- friendliness and ease of use. As security measures become more stringent, they can sometimes lead to inconveniences for users. **SECURITY ATTACKS -** are deliberate actions or techniques employed by malicious actors to exploit vulnerabilities in computer systems, networks, applications, or data in order to compromise their confidentiality, integrity, availability, or other security aspects. **TYPES OF SECURITY ATTACKS** **1. MALWARE ATTACKS -** Infect systems and spread to compromise data, steal information, or disrupt operations. EX. (COMPUTER VIRUS, RANSOMEWARE) **2. PHISHING ATTACKS -** The act of fooling a computer user into submitting personal information by creating a counterfeit it website that looks like a real (trusted) site. **3. DENIAL-OF-SERVICE (DoS) ATTCAKS -** Is a malicious attempt to overwhelm a web property with traffic in order to disrupt its normal operations. EX. (Website DDoS Attack) **4.** **MAN-IN-THE-MIDDLE (MitM) ATTACKS - I**t allows attackers to eavesdrop on the communication between two targets. EX. (SNEAKY NOTE-PASSER) **5. SQL INJECTION ATTACKS -** This attack targets databases by injecting malicious SQL code into input fields, potentially allowing attackers to access, modify, or delete data. EX (UNAUTHORIZED ACCESS) **6.** **CROSS-SITE SCRIPTING (XSS) -** Attackers inject malicious scripts into web applications, which are then executed in the browsers of users visiting the compromised site, potentially stealing their data or session information. EX. (HARMFUL COMMENT) **7.** **DATA BREACHES -** Unauthorized access to sensitive data stored by organizations, often resulting in the exposure of personal information, financial data, or intellectual property. (EX. RETAIL STORE DATA BREACH) **8.** **INSIDER THREATS -** Attacks carried out by individuals with authorized access to systems, often involving misuse of privileges for personal gain or malicious intent. EX. (DISGRUNTED EMPLOYEE) **9.** **SOCIAL ENGINEERING ATTACKCS -** Manipulating people into revealing confidential information or performing actions that compromise security, often exploiting human psychology and trust. EX. TECH SUPPORT SCAM. **SECURITY MECHANISM -** Security mechanisms are tools, techniques, and processes designed to protect computer systems, networks, data, and information from unauthorized access, attacks, and other security threats. **TYPES OF SECURITY MECHANISM** **1. ACCESS CONTROL -** This mechanism ensures that only authorized users have the appropriate level of access to resources. It includes user authentication (verifying identity), authorization (determining access privileges), and access enforcement (restricting unauthorized access). **EXAMPLE** - User authentication through usernames and passwords. - Role-based access control (RBAC) where access is based on predefined roles and responsibilities. - Mandatory access control (MAC) where access is determined by a central authority, often used in government and military environments. **A. ROLE-BASED ACCESS CONTROL (RBAC)** **B. MANDAROTY ACCESS CONTROL (MAC)** **2. ENCRYPTION -** Encryption converts data into a scrambled format using cryptographic algorithms. Only authorized parties with the correct decryption key can transform the data back into its original form. This safeguards sensitive information even if it\'s intercepted. **EXAMPLE** - Transport Layer Security (TLS) used to secure data transmitted over the internet (e.g., HTTPS). - File-level encryption where files are individually encrypted, such as BitLocker for Windows and FileVault for macOS. - End-to-end encryption in messaging apps like WhatsApp, ensuring only the sender and receiver can read messages. **3. FIREWALLS -** Firewalls are network security devices that monitor and control incoming and outgoing network traffic based on predetermined security rules. They act as barriers between trusted internal networks and untrusted external networks. **EXAMPLE** - **Network firewalls** that filter and control traffic between networks based on IP addresses, ports, and protocols. - **Host-based firewalls** that protect individual devices from unauthorized network traffic. - **Application firewalls** that analyze and filter traffic at the application layer, identifying and blocking malicious content. **4. INTRUSION DETECTION AND PREVENTION SYSTEMS (IDPS) -** IDPS monitor network traffic for signs of suspicious or malicious activities. They can detect and respond to potential intrusion attempts, helping prevent security breaches. **EXAMPLE** - **Network-based IDPS** that analyze network traffic to detect abnormal patterns and signs of intrusion. - **Host-based IDPS** that monitor activities on a specific device for signs of compromise. - **Anomaly-based IDPS** that identify deviations from normal network behavior. **5. VULNERABILITY ASSESSMENT -** This mechanism involves regularly scanning systems and networks for vulnerabilities and weaknesses. It helps identify areas that require security improvements and patching. **EXAMPLE** - Vulnerability scanning tools like Nessus or OpenVAS that identify known vulnerabilities in systems and applications. - Penetration testing where ethical hackers simulate attacks to identify weaknesses in a system\'s defenses. **6.** **SECURITY POLICIES -** Security policies are guidelines and rules that outline how an organization should handle security. They provide a framework for employees and users to understand their roles and responsibilities in maintaining security. **EXAMPLE** - Acceptable Use Policy (AUP) that defines acceptable behavior and usage of resources by employees. - Password Policy that outlines rules for creating strong passwords and enforcing regular changes. - Data Classification Policy that categorizes data based on its sensitivity and prescribes how it should be handled. **7.** **MULTI-FACTOR AUTHENTICATION (MFA) -** MFA adds an extra layer of security by requiring users to provide multiple forms of verification (such as a password and a fingerprint) before granting access. **EXAMPLE** - Requiring a combination of a password, fingerprint, and SMS code to access an online account. - Using a smart card or physical token in addition to a password to authenticate. **8**. **AUDIT TRAILS -** Audit trails record and track activities and events on a system. This allows administrators to review and investigate any security incidents or breaches. - Logging user activities on a server, including login attempts, file accesses, and changes made. - Tracking administrative actions and configuration changes to monitor for unauthorized modifications. **9. BACKUP AND DISASTER RECOVERY** - Regularly backing up data and having a disaster recovery plan in place ensures that systems and data can be restored after security incidents or disasters. **EXAMPLE** - Regularly scheduled data backups to ensure data can be restored in case of data loss. - Business continuity plans that outline how an organization will continue operating after a disaster. **10.** **APPLICATION SECURITY -** Ensuring that software applications are developed, tested, and deployed with security in mind to prevent vulnerabilities that can be exploited by attackers. **EXAMPLE** - Code reviews and static analysis to identify vulnerabilities during the development phase. - Using security libraries and frameworks to prevent common vulnerabilities like SQL injection and cross-site scripting (XSS). **SYMMETTRIC ENCRYPTION --** also known as **"PRIVATE KEY"** encryption - is a type of encryption key management solution where only one key is used to both encrypt and decrypt electronic data. **TYPES OF SYMMETRIC ENCRYPTION ALGORITHMS** - **BLOCK ALGORITHMS - S**et lengths of bits are encrypted in blocks of electronic data with the use of a specific secret key - **STREAM ALGORITHMS -** Data is encrypted as it streams instead of being retained in the system's memory. **BLOCK CIPHER --** FIXED SIZE **STREAM --** one bit or byte at a time **CIPHERTEXT --** Scrambled word **Example of symmetric encryption algorithms** AES (Advanced Encryption Standard) - **block cipher** DES (Data Encryption Standard) - **block cipher** IDEA (International Data Encryption Algorithm) **- block cipher** Blowfish (Drop-in replacement for DES or IDEA) - **block cipher** RC4 (Rivest Cipher 4) - **stream cipher** RC5 (Rivest Cipher 5) - **block cipher** RC6 (Rivest Cipher 6) - **block cipher** **TWO REQUIREMENTS FOR SECURE USE OF SYMMETRIC ENCRYPTION** **CRYPTOGRAPHY -** is the technique of coding data, ensuring that only the person who is meant to see the information--and has the key to break the code--can read it. **TYPES OF CRYPTOGRAPHIC ALGORITHM** **IMPORTANCE OF CRYTOGGRAPHY** - CONFIDENTIALITY - INTEGRITY OF DATA - AUTHENTICATION - NON-REPUDATION **TYPES OF ATTACKS ON ENCRYPTED MESSAGES** **1. BRUTE FORCE ATTACK -** Attackers try all possible keys to decrypt the ciphertext **2. KNOWN-PLAINTEXT ATTACK -** Attackers exploit the knowledge of a set of plaintext-ciphertext pairs to deduce the encryption key. **3. CHOSEN-PLAINTEXT ATTACK -** Attackers can choose specific plaintexts and observe their corresponding ciphertexts to gather information about the encryption process and potentially deduce the key. **4. FREQUENCY ANALYSIS -** This attack exploits the fact that certain letters or patterns appear with predictable frequencies in natural language. **5. RANDOM NUMBERS** - are generated without any predictable pattern. **6. TRUE RANDOMNESS -** You use a hardware random number generator, which collects unpredictable data from physical processes like electronic noise. **7. NON-RANDOM OR PREDICTABLE VALUES -** you attempt to create an encryption key using predictable values, like the current time and date. **8. PSEUDORANDOM NUMBERS -** generated using algorithms that appear random but are actually determined by an initial value **WHO USES CRYPTANALYSIS?** - Hackers - Government - Companies (cybersecurity products &services) researchers/academe
