UNIT 3 latest 11.9.2024.pdf
Document Details
Uploaded by Deleted User
2024
Tags
Full Transcript
INFORMATION SYSTEM SECURITY UNIT 3 Content 01 Malicious Software 02 Computer Crimes 03 Information System Control 04 Information Resource Control OUTCOMES OUTCOME 4 OUTCOME 1...
INFORMATION SYSTEM SECURITY UNIT 3 Content 01 Malicious Software 02 Computer Crimes 03 Information System Control 04 Information Resource Control OUTCOMES OUTCOME 4 OUTCOME 1 Identify information Identify malicious resources control software OUTCOME 2 OUTCOME 3 Categorize computer Identify crimes information system control THREAT TO INFORMATION SECURITY A threat to information security is any potential danger that could exploit vulnerabilities in a system, network, or data, leading to unauthorized access, disruption, damage, or loss of information. These threats can come from various sources and manifest in numerous ways, posing risks to the confidentiality, integrity, and availability of information. OUTCOME 1 Malicious Software Identify malicious software 1.MALICIOUS SOFTWARE MALICIOUS SOFTWARE (MALWARE) Malicious software, commonly referred to as malware, is any software intentionally designed to cause harm to a computer system, network, or data. Malware can disrupt normal operations, steal sensitive information, or exploit system vulnerabilities. It encompasses a variety of types and forms, each with its own specific goals and methods of attack. MALICIOUS SOFTWARE (MALWARE) 01 VIRUSES 02 WORMS 03 TROJAN HORSE 04 SPYWARE VIRUSES Definition: A virus is a type of malware that attaches itself to legitimate files or programs and spreads to other files and systems when the infected file or program is executed. Characteristics: Propagation: Spreads by replicating itself through infected files or emails. Activation: Requires user interaction to activate, such as opening an infected file or running an infected program. Effects: Can corrupt or delete files, steal information, or disrupt system operations. Examples: Melissa virus, ILOVEYOU virus. Definition: WORMS A worm is a type of malware that replicates itself to spread to other computers, often through network connections, without needing to attach itself to a host file. Characteristics: Propagation: Spreads automatically over networks, often exploiting vulnerabilities in operating systems or software. Activation: Does not require user interaction to spread; can propagate independently. Effects: Can consume network bandwidth, overload systems, and deliver payloads that cause damage or steal information. Examples: WannaCry, Blaster Worm. Definition: TROJAN HORSE A Trojan horse (or Trojan) is a type of malware that disguises itself as a legitimate or benign program to trick users into installing it. Once installed, it can perform malicious actions. Characteristics: Deception: Appears as a legitimate or desirable software but contains hidden malicious functions. Activation: Requires user action to install or execute, such as downloading and running a seemingly useful application. Effects: Can create backdoors for unauthorized access, steal information, or install additional malware. Examples: Zeus Trojan, Emotet. SPYWARE Definition: Spyware is a type of malware designed to secretly monitor and collect information about a user's activities without their consent. Characteristics: Surveillance: Monitors user activity, such as keystrokes, browsing habits, and personal information. Activation: Often bundled with other software or disguised as legitimate applications. Effects: Can lead to privacy invasion, identity theft, and unauthorized data collection. Examples: CoolWebSearch, Gator. OUTCOME 2 COMPUTER CRIMES Categorize computer crimes 2. COMPUTER CRIME COMPUTER CRIME Computer crime, also known as cybercrime, refers to illegal activities that involve the use of computers and digital technology. These crimes can target individuals, organizations, or governments, and they typically involve unauthorized access, data theft, damage, or disruption. HACKERS SPOOFING AND SNIFFING DENIAL OF SERVICE ATTACK COMPUTER CRIME IDENTITY THEFT CLICK FRAUD CYBERTERRORISM AND CYBER WARFARE HACKERS In the context of computer crimes, a "hacker" is someone who uses technical skills to gain unauthorized access to computer systems, networks, or data. Hackers can have various motives and methods, and their activities can range from benign or constructive to highly malicious. TYPES OF HACKERS BLACK HAT HACKERS WHITE HAT HACKERS GREY HAT HACKERS Definition: These hackers fall between Definition: These are individuals Definition: Also known as ethical black hats and white hats. They may who use their hacking skills for hackers, these individuals use their exploit vulnerabilities without malicious purposes, such as stealing skills to improve security by finding permission but typically do not have data, causing harm, or disrupting and fixing vulnerabilities. malicious intentions. services. Motives: To protect systems and data Motives: Often driven by curiosity or Motives: Financial gain, sabotage, or by identifying weaknesses before the desire to demonstrate a personal satisfaction. malicious hackers can exploit them. vulnerability without causing harm. Activities: Engaging in cybercrimes Activities: Conducting penetration Activities: Hacking into systems to like data theft, ransomware attacks, testing, security assessments, and find vulnerabilities and then notifying and system breaches. vulnerability research. the organization, sometimes without Examples: Hackers involved in high- Examples: Security consultants authorization. profile data breaches or working with organizations to Examples: Hackers who discover and ransomware campaigns. enhance cybersecurity. disclose security flaws but do not exploit them for personal gain. SPOOFING & SNIFFING SPOOFING Focuses on identity deception to gain unauthorized access or information. SNIFFING Focuses on monitoring and analyzing network data to collect sensitive information. COMPARISON SPOOFING SNIFFING Primary Purpose: To deceive systems or users by pretending Primary Purpose: To monitor and analyze data traffic to be a legitimate or trusted entity to gain unauthorized passing through a network to collect sensitive access or information. information. Example: Tricking users into clicking on malicious links or Example: Capturing and analyzing unencrypted data providing personal information by pretending to be a packets to obtain login credentials or personal data. legitimate bank or organization. Methods: Using software or hardware to capture and Methods: Involves altering or falsifying seemingly legitimate analyze data traffic on a network. information such as IP addresses, email addresses, or DNS Primary Impact: Can reveal sensitive information data. transmitted over a network, especially if the data is Primary Impact: Can lead to fraud, identity theft, or unencrypted. This can lead to data theft or exposure unauthorized access to systems or data. Often used to exploit of personal information. vulnerabilities in security systems or applications. DENIAL OF SERVICE ATTACK Denial of Service (DoS) is a type of cyber attack aimed at making a computer, network, or service unavailable to its intended users by overwhelming it with a flood of illegitimate requests or data. This can lead to the target system being unable to handle legitimate requests, effectively causing it to crash or become inaccessible. TYPES OF DOS HTTP FLOOD PING FLOOD SLOWLORIS An attacker targets a website by Imagine an attacker sending a This attack involves opening multiple sending a large volume of HTTP massive number of ICMP Echo connections to a web server and requests to overwhelm the web Request packets (ping requests) to a keeping them open by sending server’s resources. target server. partial HTTP requests. For example, they might send The server gets overwhelmed trying The server keeps these connections numerous requests for complex to respond to all these requests, and open, consuming resources and web pages that require significant legitimate users experience delays or preventing it from handling processing power, causing the are unable to connect to the server. legitimate requests from other users. server to slow down or crash. IDENTITY THEFT Identity theft is a crime where someone illegally obtains and uses another person's personal information, such as Social Security numbers, credit card details, or bank account information, without their permission. The purpose is often to commit fraud or other criminal activities, such as making unauthorized purchases, opening accounts, or applying for loans in the victim's name. METHOD IMPACT PREVENTIVE Skimming: Devices called skimmers Financial Loss: Victims may experience Monitor Your Accounts: Regularly are placed on ATMs or gas station direct financial losses due to check bank and credit card pumps to capture card information unauthorized transactions or accounts statements for unauthorized when you swipe your credit or debit opened in their name. Recovering transactions. card. these funds can be time-consuming Use Strong Passwords: Create Data Breaches: Hackers gain access and challenging. complex passwords and change to large databases of personal Credit Damage: Identity theft can them regularly. information from companies or severely damage a person's credit Enable Two-Factor institutions, which they then use to score if the thief accumulates debt Authentication: Add an extra layer steal identities. under the victim’s name, leading to of security to your online Mail Theft: Stealing credit card problems securing loans, mortgages, or accounts. statements, tax returns, or other even renting an apartment. personal documents from a person’s mailbox. CLICK FRAUD Click fraud is a type of online fraud where individuals or automated systems artificially inflate the number of clicks on online ads. This is done to generate revenue for the fraudster or to deplete the advertising budget of a competitor. Click fraud is a significant issue in online advertising, particularly in pay-per-click (PPC) advertising models, where advertisers pay each time their ad is clicked. TYPES IMPACT DETECT & PREVENT Manual Click Fraud: In this scenario, individuals or groups manually click on Reduced Advertising Effectiveness: Monitor Click Patterns: Look for ads repeatedly to drain the advertiser’s Click fraud can skew performance unusual patterns in click data, such as budget. This is often done by metrics, making it difficult for high click-through rates from specific competitors or malicious parties advertisers to accurately assess the IP addresses or geographic locations seeking to cause financial harm. effectiveness of their campaigns and that don’t align with your target Automated Click Fraud: Here, bots or make informed decisions. audience. automated scripts are used to click on Increased Advertising Costs: As fraud Use Click Fraud Detection Tools: ads. These automated systems can drives up costs, advertisers may have to Many ad platforms and third-party generate a high volume of fraudulent pay more per click to maintain their ad services offer tools to help detect and clicks in a short period, making it placements, leading to increased prevent click fraud by analyzing harder to detect. expenses. traffic patterns and identifying Competitor Click Fraud: Competitors Distrust in Ad Platforms: Persistent suspicious activity. may engage in click fraud to exhaust click fraud issues can lead to a lack of Set Click Limits: Some ad networks the advertising budget of a rival trust in online advertising platforms, allow you to set limits on the number company, reducing their visibility and potentially driving advertisers to seek of clicks from a single IP address or effectiveness. alternative methods or platforms. over a specific period to mitigate potential fraud. CYBER TERRORISM & CYBER WARFARE COMPARISON CYBER TERRORISM CYBER WARFARE Definition: Cyber warfare is conducted by nation-states or state- Definition: Cyber terrorism involves the use of digital attacks by sponsored actors to achieve strategic objectives. It involves the individuals or groups to cause fear, disrupt society, or coerce use of digital attacks to disrupt or damage another country’s governments or organizations. The goal is often to create infrastructure, intelligence, or military capabilities. psychological or physical harm, rather than just economic Characteristics: damage. Intent: The aim is usually political or strategic. It’s about Characteristics: gaining a tactical or strategic advantage in conflicts or Intent: The primary aim is to cause terror or panic. The rivalries between nations. attackers often seek to influence public perception or political Targets: Often aimed at critical national infrastructure, outcomes. military systems, or economic systems that are vital to a Targets: Can include critical infrastructure, public services, or nation's security and stability. any system that impacts public safety and security. Examples: Attacks on a country’s power grid or financial Examples: Attacks on hospital systems, power grids, or systems to weaken its economic stability or military transportation networks that create chaos or endanger lives. readiness. Methods: Methods: Malware and ransomware attacks designed to paralyze Cyber espionage to steal sensitive information or intellectual essential services. property. Denial-of-service attacks that overwhelm and disrupt Attacks on military networks or communication systems to operations. disrupt operations. Data breaches that expose sensitive information to incite fear Infrastructure attacks that cause widespread disruptions and or disrupt trust. have long-term consequences. OUTCOME 3 Information Systems Control Identify information system control 3. INFORMATION SYSTEM CONTROL INFORMATION SYSTEM CONTROL GENERAL CONTROLS APPLICATION CONTROLS General controls are the Application controls are specific to foundational policies, individual software applications procedures, and practices that and are designed to ensure the ensure the overall security, accuracy, completeness, and integrity, and reliability of validity of the data processed by information systems and data. those applications. Unlike application controls, Unlike general controls, which which are specific to particular cover the overall system software applications, general environment, application controls controls apply across the entire focus on the particular information system functionality of software environment. applications to prevent, detect, and correct errors and irregularities. OUTCOME 4 Information Resources Control Identify information resources control 4. INFORMATION RESOURCE CONTROL Authentication Firewall INFORMATION Intrusion Detection System RESOURCE CONTROL Antivirus and Anti Spyware Software Unified Threat Management Systems 1.AUTHENTICATION AUTHENTICATION DEFINITION : Authentication in information security is the process of verifying the identity of a user, system, or entity attempting to access a resource or system. The goal of authentication is to ensure that only authorized individuals or systems can access protected resources, and it forms a critical component of the broader concept of access control. METHODS: Password-Based Authentication: The user provides a password or passphrase to prove their identity. This is the most common method but can be vulnerable to attacks such as brute force or phishing. Two-Factor Authentication (2FA): Combines two different factors, typically a password (something you know) and a one-time code sent to a mobile device (something you have). This adds an extra layer of security. Multi-Factor Authentication (MFA): Extends 2FA by using more than two authentication factors. For example, a combination of password, a one-time code, and a fingerprint. Biometric Authentication: Uses biometric identifiers, such as fingerprints, face recognition, or retina scans, to verify identity. It is highly secure but can be expensive and raises privacy concerns. Token-Based Authentication: Uses physical or digital tokens, such as smart cards or authentication apps, to generate and provide time-sensitive codes for authentication. AUTHENTICATION ADVANTAGES : Access Control: Ensures that only authorized individuals can access sensitive data and resources, helping to prevent unauthorized access and breaches. Security: Protects against unauthorized access and potential misuse of systems and data. Compliance: Helps organizations meet regulatory and industry standards that require strong authentication mechanisms. User Accountability: Provides a way to track and log user activities, which is important for auditing and accountability. DISADVANTAGES : Password Management: Users often struggle with creating and managing strong, unique passwords, leading to security vulnerabilities. Phishing Attacks: Attackers can trick users into providing their authentication credentials through deceptive methods. Biometric Privacy: While biometric authentication can be secure, it raises concerns about the privacy and storage of biometric data. Token Security: Physical tokens can be lost or stolen, and digital tokens can be intercepted if not transmitted securely. 2. FIREWALL FIREWALL A firewall is a security device or software that acts as a barrier between a trusted internal network and untrusted external networks, such as the internet. It monitors, filters, and controls network traffic based on a set of predetermined security rules to prevent unauthorized access, data breaches, and other security threats. Firewalls can be implemented in various forms: Hardware Firewall: A physical device placed between a network and its connection to the internet or another external network. Software Firewall: A program installed on a computer or server that filters network traffic based on software rules. Combined Firewall: A device or solution that includes both hardware and software components. The primary purpose of a firewall is to enforce network security policies by allowing or blocking data packets based on criteria such as IP addresses, port numbers, protocols, and application types. 3. INTRUSION DETECTION SYSTEM INTRUSION DETECTION SYSTEM An Intrusion Detection System (IDS) is a security technology designed to monitor network traffic or system activities for signs of suspicious or malicious behavior. It aims to detect unauthorized access, policy violations, or other potentially harmful activities within a network or on a system. 4. ANTIVIRUS & ANTI SPYWARE SOFTWARE ANTIVIRUS & ANTI SPYWARE SOFTWARE Antivirus Software Purpose: Antivirus software is designed to detect, prevent, and remove malicious software (malware) such as viruses, worms, trojans, and more. It focuses on protecting the system from various forms of malware that can harm computers and networks. Antispyware Software Purpose: Antispyware software focuses specifically on detecting and removing spyware and other types of potentially unwanted programs (PUPs). Spyware is a type of malware designed to secretly gather information about a user or system, often without their consent. ANTIVIRUS & ANTI SPYWARE SOFTWARE Key Differences: 1. Scope: Antivirus software covers a broad range of malware types, while antispyware software is specialized in dealing with spyware and related threats. 2. Detection Methods: While both may use signature-based and heuristic detection, antispyware software often includes more advanced techniques for identifying and mitigating privacy threats. 3. Integration: Many modern security suites combine antivirus and antispyware functionalities into a single product, offering comprehensive protection against both types of threats. 5. UNIFIED THREAT MANAGEMENT SYSTEMS UNIFIED THREAT MANAGEMENT SYSTEMS Unified Threat Management (UTM) systems are comprehensive security solutions designed to provide an integrated approach to network security. By combining multiple security functions into a single platform, UTMs aim to simplify the management of network protection and enhance overall security effectiveness. END OF TOPIC 3 Thank You