Chapter 1: Introduction to Security

MIND MAP

Get Started. It's Free
or sign up with your email address
Chapter 1: Introduction to Security by Mind Map: Chapter 1: Introduction to Security

1. Type of Security Threats

1.1. Threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system

1.1.1. Unstructured threats

1.1.1.1. For example, if an external company Web site is hacked, the integrity of the company is damaged.

1.1.1.2. Virus, Worm, Trojan horse

1.1.1.3. Consist of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers.

1.1.2. Structured threats

1.1.2.1. Come from hackers that are more highly motivated and technically competent.

1.1.2.2. These people know system vulnerabilities, and can understand and develop exploit-code and scripts.

1.1.2.3. They understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses

1.1.3. External threats

1.1.3.1. They do not have authorized access to the computer systems or network.

1.1.3.2. They work their way into a network mainly from the Internet or dialup access servers.

1.1.3.3. Can arise from individuals or organizations working outside of a company

1.1.4. internal threats

1.1.4.1. Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network.

2. Social Engineering

2.1. A social engineer is a person who is able to gain access to equipment or a network by tricking people into providing the necessary access information.

2.2. To protect against social engineering: ~Never give out a password. ~Always ask for the ID of the unknown person. ~Restrict access of visitors. ~Escort all visitors. ~Never post your password. ~Lock your computer when you leave your desk. ~Do not let anyone follow you through a door that requires an access card.

3. Data Wiping

3.1. Deleting files from a hard drive does not remove them completely from the computer.

3.2. This data is not completely removed until the hard drive stores other data in the same location, overwriting the previous data.

3.3. Hard drives should be fully erased (data wiped) to prevent the possibility of recovery using specialized software.

3.4. Data wiping, also known as secure erase is a software-based method of overwriting the data that aims to completely destroy all electronic data residing on a hard disk drive or other digital media.

4. Hard Drive Recycling

4.1. The drive can be reformatted, and a new operating system can be installed.

4.2. Types of Formatting

4.2.1. Standard format

4.2.1.1. Also called high-level formatting, a boot sector is created and a file system is set up on the disk. A standard format can only be performed after a low-level format has been completed.

4.2.2. level format

4.2.2.1. The surface of the disk is marked with sector markers to indicate where data will be stored physically on the disk, and tracks are created. Low-level formatting is most often performed at the factory after the hard drive is built.

5. Signature File Updates

5.1. Factors that determine the most effective security equipment to use to

5.2. A signature is a set of unique data, or bits of code, that allow it to be identified.

5.3. Anti-virus software uses a virus signature to find a virus in a computer file system, allowing to detect, quarantine and remove the virus.

5.4. in the anti-virus software, the virus signature is referred to as a definition file or DAT file.

6. To fully ensure that data cannot be recovered from a hard drive, carefully shatter the platters with a hammer and safely dispose of the pieces

7. Goals Of Information Security

7.1. Confidentiality

7.1.1. he state of keeping or being kept secret or private

7.2. Integrity

7.2.1. Assurance that data is not altered or destroyed in an unauthorized manner

7.3. Availaibility

7.3.1. Continuous operation of computing systems

8. Type of attacks to computer security

8.1. Physical

8.1.1. Events or attacks that steal, damage, or destroy equipment, such as servers, switches, and wiring

8.2. Data

8.2.1. Events or attacks that remove, corrupt, deny access to authorized users, allow access to unauthorized users, or steal information

9. Information Security

9.1. -defined as that which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures.

10. Hard drive Destruction

10.1. It is important to be aware that formatting and reinstalling an operating system on a computer does not ensure that information cannot be recovered.

10.2. Drilling holes through a drive’s platters is not the most effective method of hard drive destruction.

11. Malicious Software Protection Programs

11.1. Malware is malicious software that is installed on a computer without the knowledge or permission of the user.

11.2. Anti-malware available

11.2.1. Virus protection

11.2.1.1. An antivirus program typically runs automatically in the background and monitors for problems. When a virus is detected, the user is warned, and the program attempts to quarantine or delete the virus.

11.2.2. Spyware protection

11.2.2.1. Antispyware programs scan for keyloggers, which capture your keystrokes, and other malware so that it can be removed from the computer.

11.2.3. Adware protection

11.2.3.1. Anti-adware programs look for programs that display advertising on your computer.

11.2.4. phishing protection

11.2.4.1. Anti phishing programs block the IP addresses of known phishing websites and warn the user about suspicious websites.

12. Malicious Computer & Network Equipment Protection Methods

12.1. Physical security is as important as data security. Network infrastructure can be protected by: - Secured telecommunications rooms, equipment cabinets, and cages - Cable locks and security screws for hardware devices - Wireless detection for unauthorized access points - Hardware firewalls - Network management system that detects changes in wiring and patch panels