ITAPP-PRESENTATION-MIDTERM-2 PDF

Computer and Network Security Defending Against Cyber Threats COMPUTER SECURITY refers to the protection of computer systems and networks from theft, damage, unauthorized access, and cyber threats. It covers a range of practices, from physical protection of devices to implementing firewalls, encryption, and secure authentication mechanisms to protect data and systems from malicious activities. COMPUTER SECURITY To prevent theft of or damage to the hardware To prevent theft of or damage to the information To prevent disruption of service Key Concepts in Computer and Network Security: Vulnerabilities, Attacks, and Defense Mechanisms Vulnerability Vulnerability is a weakness that allows an attacker to reduce a system's information assurance. attack surface Backdoors refer to hidden methods of bypassing normal authentication or security controls in software or hardware. They allow unauthorized access to a system or application without the user's knowledge or consent. Denial-of-Service Attack a type of cyberattack where an attacker aims to make a network, service, or website unavailable to its intended users by overwhelming it with an excessive amount of traffic or sending malicious requests. 2 Common Types of DoS Attacks DoS Attack A single source sends an overwhelming number of requests to the target, consuming its resources and preventing normal operation Distributed Denial of Service (DDoS) attack is launched from multiple sources, often using a network of compromised devices Direct-Access Attacks occur when an attacker gains physical access to a computer, server, or device to exploit it directly. This type of attack involves manipulating or tampering with the hardware or software of a system to extract data, install malicious programs, or compromise the system's security. Eavesdropping a type of cyberattack or unauthorized surveillance where an attacker secretly listens to private communications or intercepts data being transmitted between two parties. 2 Main Types of Eavesdropping Passive Eavesdropping silently monitoring and capturing data without altering or interfering with the communication process Active Eavesdropping involves interfering with the communication process to gain unauthorized access to information. Spoofing Spoofing of user identity describes a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. Tampering Tampering describes an intentional modification of products in a way that would make them harmful to the consumer. Repudiation Repudiation describes a situation where the authenticity of a signature is being challenged. Information Disclosure Information Disclosure (Privacy breach or Data leak) describes a situation where information, thought of as secure, is released in an untrusted environment. Indirect Attacks refer to cyber attacks where the attacker does not directly target the victim or system but instead uses a third party or intermediary to exploit vulnerabilities. These attacks often rely on social engineering, misconfigured systems, or weaknesses in external components to achieve the attacker's objectives. Computer Crime Any illegal activity that involves a computer, network, or internet-enabled device. This includes crimes committed against individuals, organizations, or governmental entities that utilize technology to execute unlawful actions. ASSIGNMENT: DETAILED Types of Cybercrime in the Philippines and Their Legal Implications Top 10 Cyber Crime Prevention Tips Use Strong Passwords ✓ Passwords that are complex, unique, and difficult to guess, typically containing letters, numbers, and special characters. Cyber Crime Prevention Tips Secure your computer ✓ Implementing security measures to protect the computer system from unauthorized access and malware. Cyber Crime Prevention Tips Be Social-Media Savvy ✓ Understanding the risks of sharing personal information on social media platforms and managing privacy settings. Cyber Crime Prevention Tips Secure Your Mobile Devices ✓ Taking steps to protect smartphones and tablets from unauthorized access and malware. Cyber Crime Prevention Tips Install the Latest Operating System Updates ✓ Keeping software up-to-date to ensure it includes the latest security patches and features. Cyber Crime Prevention Tips Protect Your Data ✓ Implementing measures to secure sensitive data against unauthorized access and loss. Cyber Crime Prevention Tips Secure Your Wireless Network ✓ Configuring Wi-Fi networks to prevent unauthorized access and ensure secure communication. Cyber Crime Prevention Tips Protect your e-identity Safeguarding personal information shared online to prevent identity theft. Cyber Crime Prevention Tips Avoid Being Scammed ✓ Staying vigilant against phishing attacks and scams that aim to deceive users into revealing personal information. Cyber Crime Prevention Tips Confidentiality The principle of confidentiality specifies that only the sender and the intended recipient should be able to access the content of the message. + Access Control Lists PRINCIPLES OF SECURITY Integrity The principle of integrity ensures that the data sent remains unchanged during transmission, so the recipient receives the exact same data that the sender intended, without unauthorized alterations. PRINCIPLES OF SECURITY Availability The principle of availability ensures that systems, applications, and data are accessible to authorized users whenever needed, preventing downtime or delays in access due to system failures or attacks. PRINCIPLES OF SECURITY Authentication The principle of authentication ensures that the system verifies the identity of a user or entity trying to gain access, confirming that they are who they claim to be before granting access to resources. PRINCIPLES OF SECURITY Access Control The principle of access control ensures that only authorized users or systems can access specific resources or data. It involves policies and mechanisms that restrict and manage who can view, modify, or use resources based on their permissions or roles. PRINCIPLES OF SECURITY Defense in Depth The principle of defense in depth ensures that multiple layers of security are implemented so that if one layer is breached, others remain in place to protect the system from further attack. PRINCIPLES OF SECURITY Non-repudiation The principle of non-repudiation ensures that a person or system cannot deny their actions or the receipt of a message, providing proof that the action or transaction actually occurred. PRINCIPLES OF SECURITY Malware Kinds of Malicious Codes MALWARE Malicious code or a rogue program is the general name for unanticipated or undesired effects in programs or program parts, caused by an agent intent on damage. This definition eliminates unintentional errors, although they can also have a serious negative effect. This definition also excludes coincidence, in which two benign programs combine for a negative MALWARE Virus a type of malicious software that attaches itself to a legitimate program or file and spreads to other programs or files when the infected program is executed. MALWARE Virus Transient Resident MALWARE Trojan Horse malicious software that disguises itself as a legitimate or harmless program to trick users into downloading and installing it. Trojans do not replicate themselves. MALWARE Logic Bomb a type of malicious code intentionally embedded in a legitimate program, which remains dormant until a specific condition or trigger occurs MALWARE Trapdoor a feature in a program by which someone can access the program other than by the obvious, direct call, perhaps with special privileges. MALWARE Worm a type of malware that replicates itself to spread to other computers and networks without needing to attach itself to a host program. They spread rapidly and autonomously across network MALWARE

ITAPP-PRESENTATION-MIDTERM-2 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue