1. Information security can be best understood by examining its goals and the process of how it is accomplished.
2. The term “information security” also can be defined as protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide; integrity confidentiality availability,
3. Information Security
3.1. The term information security is frequently used to describe the tasks of securing information that is in a digital format
3.2. This digital information is manipulated by a microprocessor (such as on a personal computer), stored on a storage device (like a hard drive or USB flash drive), and transmitted over a network (such as a local area network or the Internet).
4. Information Security cont..
4.1. The goal of information security is to ensure that protective measures are properly implemented to defend against attacks and prevent the total collapse of the system when a successful attack does occur.
4.2. A comprehensive definition of information security involves both the goals and process.
4.3. Information security may be defined as that which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures.
5. Goals of Security: Confidentiality; Integrity; Availability
5.1. Information security is intended to protect information that provides value to people and organizations.
5.2. There are three protections that must be extended over information: confidentiality, integrity, and availability or CIA:
5.3. Confidentiality.
5.3.1. Preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information.
5.3.2. It is important that only approved individuals are able to access important information. For example, the credit card number used to make an online purchase must be kept secure and not made available to other parties.
5.4. Confidentiality. cont..
5.4.1. Confidentiality ensures that only authorized parties can view the information. Providing confidentiality can involve several different security tools, ranging from software to “scramble” the credit card number stored on the web server to door locks to prevent access to those servers
5.5. Integrity.
5.5.1. Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity. Integrity ensures that the information is correct and no unauthorized person or malicious software has altered the data. In the example of the online purchase, an attacker who could change the amount of a purchase from RM10,000.00 to RM1.00 would violate the integrity of the information.
5.6. Availability.
5.6.1. Ensuring timely and reliable access to and use of information. Information has value if the authorized parties who are assured of its integrity can access the information. Availability ensures that data is accessible to authorized users. This means that the information cannot be “locked up” so tight that no one can access it.
6. Types of Security Threats
6.1. A threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system. A threat is something that may or may not happen, but has the potential to cause serious damage. Threats can lead to attacks on computer systems, networks and more.
7. Explain types of Security Threats cont..
7.1. There are four primary classes of threats: unstructured threats structured threats external threats internal threats
7.2. Unstructured threats Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. Even unstructured threats that are only executed with the intent of testing and challenging a hacker’s skills can still do serious damage to a company.
7.3. Unstructured threats (cont..) For example, if an external company Web site is hacked, the integrity of the company is damaged. Even if the external Web site is separate from the internal information that sits behind a protective firewall, the public does not know that. All the public knows is that the site is not a safe environment to conduct business.
7.4. Some common terms to be aware of include the following
7.4.1. Virus
7.4.2. Worm
7.4.3. Trojan horse
7.5. Structured threats Structured threats come from hackers that are more highly motivated and technically competent . These people know system vulnerabilities, and can understand and develop exploit-code and scripts. They understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses. These groups are often involved with the major fraud and theft cases reported to law enforcement agencies.
7.6. External threats External threats can arise from individuals or organizations working outside of a company. They do not have authorized access to the computer systems or network. They work their way into a network mainly from the Internet or dialup access servers.
7.7. Internal threats Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network. This could be a disgruntled employee, an opportunistic employee, or an unhappy past employee whose access is still active. In the case of a past network employee, even if their account is gone, they could be using a compromised account or one they set up before leaving for just this purpose.
8. Type of attacks to computer security
8.1. Physical – Events or attacks that steal, damage, or destroy equipment, such as servers, switches, and wiring Data – Events or attacks that remove, corrupt, deny access to authorized users, allow access to unauthorized users, or steal information
9. PROTECTION AGAINST MALICIOUS SOFTWARE
9.1. ACCESS TO DATA AND EQUIPMENT
9.1.1. ACCESS TO DATA AND EQUIPMENT
9.1.1.1. A social engineer is a person who is able to gain access to equipment or a network by tricking people into providing the necessary access information
9.1.1.2. Social Engineering cont
9.1.1.2.1. To protect against social engineering: Never give out a password. Always ask for the ID of the unknown person. Restrict access of visitors. Escort all visitors. Never post your password. Lock your computer when you leave your desk. Do not let anyone follow you through a door that requires an access card
9.1.1.3. Data Wiping
9.1.1.3.1. Data wiping, also known as secure erase is a software-based method of overwriting the data that aims to completely destroy all electronic data residing on a hard disk drive or other digital media. Data wiping is often performed on hard drives containing sensitive data that are considered confidential such as financial information.
9.1.2. Hard Drive Destruction
9.1.2.1. Companies with sensitive data should always establish clear policies for hard drive disposal. It is important to be aware that formatting and reinstalling an operating system on a computer does not ensure that information cannot be recovered. Destroying the hard drive is the best option for companies with sensitive data.
9.1.2.2. Drilling holes through a drive’s platters is not the most effective method of hard drive destruction. Data can still be recovered using advanced data forensic software. To fully ensure that data cannot be recovered from a hard drive, carefully shatter the platters with a hammer and safely dispose of the pieces.
9.1.2.3. Hard Drive Destruction cont..
9.1.2.3.1. The only way to fully ensure that data cannot be recovered from a hard drive is to carefully shatter the platters with a hammer and safely dispose of the pieces. To destroy software media (floppy disks and CDs), use a shredding machine designed for shredding these materials. Hard Drive Recycling - Hard drives that do not contain sensitive data can be reformatted and used in other computers.
9.1.2.3.2. The drive can be reformatted, and a new operating system can be installed. Two types of formatting can be performed: Standard format - Also called high-level formatting, a boot sector is created and a file system is set up on the disk. A standard format can only be performed after a low-level format has been completed. Low-level format - The surface of the disk is marked with sector markers to indicate where data will be stored physically on the disk, and tracks are created. Low-level formatting is most often performed at the factory after the hard drive is built.
9.2. Malicious Software Protection Programs
9.2.1. Malware is malicious software that is installed on a computer without the knowledge or permission of the user. It may take several different anti-malware programs and multiple scans to completely remove all malicious software. Anti-malware available for these purpose are: Anti-virus, anti-spyware, anti-adware, and phishing programs.
9.2.2. Virus protection
9.2.3. Spyware protection
9.2.4. Adware protection
9.2.5. Phishing protection
9.3. Signature File Updates
9.3.1. New viruses are always being developed, therefore security software must be continually updated. A virus signature is a set of unique data, or bits of code, that allow it to be identified. Anti-virus software uses a virus signature to find a virus in a computer file system, allowing to detect, quarantine and remove the virus. In the anti-virus software, the virus signature is referred to as a definition file or DAT file.
10. PROTECTION PHYSICAL EQUIPMENT
10.1. Malicious Computer & Network Equipment Protection Methods
10.1.1. Physical security is as important as data security. Network infrastructure can be protected by: Secured telecommunications rooms, equipment cabinets, and cages Cable locks and security screws for hardware devices Wireless detection for unauthorized access points Hardware firewalls Network management system that detects changes in wiring and patch panels
10.1.2. Another method of hardware security is to disable the AutoRun feature of the operating system. AutoRun automatically follows the instructions in a special file called autorun.inf when it is found on new media.
10.1.3. On Windows, AutoRun is executed first, unless it is disabled. If AutoRun is not disabled, it follows the instructions in the autorun.inf file. On Windows Vista and Windows 7, AutoRun is not allowed to bypass AutoPlay. However, on Windows XP, AutoRun bypasses AutoPlay and might launch an application without prompting the user.
10.1.4. This is a security risk because it can automatically run a malicious program and compromise the system, so it is recommended to disable AutoRun
10.2. Malicious Computer & Network Equipment Protection Methods cont..
10.2.1. Two- factor Authentication - secured using overlapping protection techniques to prevent unauthorized access to sensitive data. An example of two-factor authentication is using a password and a smart card to protect an asset.
10.3. Security Hardware
10.3.1. There are several methods of physically protecting computer equipment: Use cable locks with equipment. Keep telecommunication rooms locked. Fit equipment with security screws. Use security cages around equipment. Label and install sensors, such as Radio Frequency Identification (RFID) tags, on equipment. Install physical alarms triggered by motion-detection sensors. Use webcams with motion-detection and surveillance software.
10.3.2. Security Hardware cont..
10.3.2.1. For access to facilities, there are several means of protection: Card keys that store user data, including level of access Biometric sensors that identify physical characteristics of the user, such as fingerprints or retinas Posted security guard Sensors, such as RFID tags, to monitor equipment
10.3.2.2. For users that need to access sensitive network resources, a token can be used to provide two-factor authentication. A token can be hardware type, such as a pin card or a software type, such as a soft token program. The token is assigned to a computer and creates a unique code at certain times. When users access a network resource, they enter a PIN and a number displayed by the token. The number displayed by the token is created from a calculation made with its internal clock and a random number encoded on the token at the factory. This number is authenticated against a database that knows the token’s number and can calculate the same number
10.3.2.3. Factors that determine the most effective security equipment to use to secure equipment and data include: How the equipment is used Where the computer equipment is located What type of user access to data is required
10.3.2.4. For instance, a computer in a busy public place, such as a library, requires additional protection from theft and vandalism. In a busy call center, a server may need to be secured in a locked equipment room. Where it is necessary to use a laptop computer in a public place, a security dongle, ensures that the system locks if the user and laptop are separated.
10.3.2.5. Service Packs & Security Patches Regular security updates are essential to combat new viruses or worms. A technician should understand how and when to install patches and updates. Patches are code updates that manufacturers provide to prevent a newly discovered virus or worm from making a successful attack. A Service Pack is a combination of patches and updates.