1. Goals of Security
1.1. Availability
1.1.1. Ensuring timely and reliable access to and use of information
1.1.2. Information has value if the authorized parties who are assured of its integrity can access the information.
1.1.3. Availability ensures that data is accessible to authorized users.
1.1.4. This means that the information cannot be “locked up” so tight that no one can access it.
1.2. Confidentiality
1.2.1. Preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information.
1.2.2. It is important that only approved individuals are able to access important information.
1.2.3. Confidentiality ensures that only authorized parties can view the information.
1.2.4. Providing confidentiality can involve several different security tools, ranging from software to “scramble” the credit card number stored on the web server to door locks to prevent access to those servers.
1.3. Integrity
1.3.1. Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.
1.3.2. Integrity ensures that the information is correct and no unauthorized person or malicious software has altered the data.
2. Sosial Engineering
2.1. A social engineer is a person who is able to gain access to equipment or a network by tricking people into providing the necessary access information
2.2. To protect against social engineering
2.2.1. Data Wiping
2.2.1.1. Deleting files from a hard drive does not remove them completely from the computer.
2.2.1.2. This data is not completely removed until the hard drive stores other data in the same location, overwriting the previous data.
2.2.1.3. Hard drives should be fully erased (data wiped) to prevent the possibility of recovery using specialized software
2.2.2. Hard Drive Destruction
2.2.2.1. Companies with sensitive data should always establish clear policies for hard drive disposal.
2.2.2.2. It is important to be aware that formatting and reinstalling an operating system on a computer does not ensure that information cannot be recovered.
2.2.2.3. Destroying the hard drive is the best option for companies with sensitive data.
2.2.2.4. To fully ensure that data cannot be recovered from a hard drive, carefully shatter the platters with a hammer and safely dispose of the pieces.
2.2.3. Hard Drive Recycling
2.2.3.1. The drive can be reformatted, and a new operating system can be installed.
2.2.3.2. Two types of formatting can be performed:
2.2.3.2.1. Standard format
2.2.3.2.2. Low-level format
3. Data Wiping
3.1. Deleting files from a hard drive does not remove them completely from the computer.
3.2. Hard drives should be fully erased (data wiped) to prevent the possibility of recovery using specialized software.
3.3. Data wiping is often performed on hard drives containing sensitive data that are considered confidential such as financial information.
4. Hard Drive Recycling
4.1. Standard format
4.1.1. Also called high-level formatting, a boot sector is created and a file system is set up on the disk. A standard format can only be performed after a low-level format has been completed.
4.2. Low-level format
4.2.1. The surface of the disk is marked with sector markers to indicate where data will be stored physically on the disk, and tracks are created. Low-level formatting is most often performed at the factory after the hard drive is built.
5. Malicious Computer & Network Equipment Protection Methods
5.1. Physical security
5.1.1. Secured telecommunications rooms, equipment cabinets, and cages
5.1.2. Cable locks and security screws for hardware devices
5.1.3. Wireless detection for unauthorized access points
5.1.4. Hardware firewalls
5.1.5. Network management system that detects changes in wiring and patch panels
5.2. Disable the AutoRun feature of the operating system.
5.2.1. AutoRun automatically follows the instructions in a special file called autorun.inf when it is found on new media.
5.3. Two- factor Authentication - secured using overlapping protection techniques to prevent unauthorized access to sensitive data
5.4. Security Hardware
5.4.1. Keep telecommunication rooms locked
5.4.2. Use cable locks with equipment
5.4.3. Use security cages around equipment.
5.4.4. Label and install sensors, such as Radio Frequency Identification (RFID) tags, on equipment.
5.4.5. Install physical alarms triggered by motion-detection sensors.
5.5. Service Packs & Security Patches
5.5.1. Regular security updates are essential to combat new viruses or worms.
5.5.2. Patches are code updates that manufacturers provide to prevent a newly discovered virus or worm from making a successful attack.
5.5.3. A Service Pack is a combination of patches and updates.
6. Types of Security Threats
6.1. Unstructured threats
6.1.1. Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers.
6.1.2. Even unstructured threats that are only executed with the intent of testing and challenging a hacker’s skills can still do serious damage to a company.
6.1.3. Example : Virus, worm, trojan horse
6.2. Structured threats
6.2.1. Structured threats come from hackers that are more highly motivated and technically competent
6.2.2. These people know system vulnerabilities, and can understand and develop exploit-code and scripts.
6.2.3. They understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses.
6.2.4. These groups are often involved with the major fraud and theft cases reported to law enforcement agencies.
6.3. External threats
6.3.1. External threats can arise from individuals or organizations working outside of a company.
6.3.2. They do not have authorized access to the computer systems or network.
6.3.3. They work their way into a network mainly from the Internet or dialup access servers.
6.4. Internal threats
6.4.1. Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network.
6.4.2. This could be a disgruntled employee, an opportunistic employee, or an unhappy past employee whose access is still active. In the case of a past network employee, even if their account is gone, they could be using a compromised account or one they set up before leaving for just this purpose.
7. Type of attacks to computer security
7.1. Physical
7.1.1. Events or attacks that steal, damage, or destroy equipment, such as servers, switches, and wiring
7.2. Data
7.2.1. Events or attacks that remove, corrupt, deny access to authorized users, allow access to unauthorized users, or steal information
8. Hard Disk Destruction
8.1. Companies with sensitive data should always establish clear policies for hard drive disposal.
8.2. It is important to be aware that formatting and reinstalling an operating system on a computer does not ensure that information cannot be recovered.
8.3. To fully ensure that data cannot be recovered from a hard drive, carefully shatter the platters with a hammer and safely dispose of the pieces.
9. Malicious Software Protection Programs
9.1. Virus protection
9.1.1. An antivirus program typically runs automatically in the background and monitors for problems. When a virus is detected, the user is warned, and the program attempts to quarantine or delete the virus.
9.2. Spyware protection
9.2.1. Antispyware programs scan for keyloggers, which capture your keystrokes, and other malware so that it can be removed from the computer.
9.3. Adware protection
9.3.1. Anti-adware programs look for programs that display advertising on your computer.
9.4. Phishing protection
9.4.1. Antiphishing programs block the IP addresses of known phishing websites and warn the user about suspicious websites.