Security

Get Started. It's Free
or sign up with your email address
Rocket clouds
Security by Mind Map: Security

1. Authentication

1.1. Authentication: Requires users to prove identity so a system knows they are genuine, authorised users. Three categories:

1.2. Something you know: Passwords and PINs are the most common. Must be chosen carefully. Rules:

1.2.1. Rules to complex passwords: more than 12 characters, Upper-case and lower-case letters, numbers, different passwords for each system, change password frequently, avoid real names, dates and words, never write passwords.

1.2.2. Password Authentication: Computers store passwords as crytographic hash from which one can't retrieve the password because it is never stored as the orignal one. When we log in with our password, another hash is created and compared with the original hash. If the two hash match the user is authorised.

1.2.3. Forgotten password: if a webpage has the option to retrieve your password when you forget it, it means the website administrator can access your informationand it may not be secure. If a webpage simply sends a new passwors, it means they7 can't acces the old one.

1.3. Something you have: It is a physiscal object, like a key that serves as authentication using wireless technology or USB port. Security tokens contain niometric data (fingerprints or cryptographic)

1.4. Something you are: Biometrics use a part of a boydy to identify someone (fingerprints, iris, patters, face shape and voice). They are unique are it is quite hard to forge biometric data. They can't be 100% accurate because things such as light, hcanges in body, time of the day, can alter the result. The system must attempt a good match not a exact math, as there will always be a margin of error.

1.4.1. False Negative: system fails to recognise authorised user. User can ttry again. In the other hand a false positive is more dangerous as it authorises an unauthorised user.

1.4.2. Biometrics needs to collect biometric samples from users to identy them. These are analyzed and measured to produce a biometric templete which is stored for the future. When users try to authenticaate a new templete is created and compared with the original one.

1.5. Levels of access: some areas of system might be restrincted to authorised users, generally it is the case of sensitive data, the ones who are authorized are access priviledged. On the other part, other data is open to all authorised users but can be only modyfied by authorised people. Guest users represent people who are only authorised in a vary limited set of resources such as a network's tools (Inthernet and printer).

1.5.1. Home Directories: grant full acces (read, write, delete) to user who owns it, and denies to other users.

1.5.2. System Administrator's account has full access to all items regardless configured permissions.

2. Hacking

2.1. Hacking:Gaining unathorized access to somputer systems, by exploiting weaknesses in security systems. The hacker compromises the system when he enters, meaning information might be stolen. Hackers use a variety of tools:

2.2. Social Engineering (social technique): when someone manipulates a person in order to obtain their password or other sensitive data. They are especially effective on inexperienced users. Hackers tend to watch a person as they write the password or impersonating a real user. Another technique is phishing.

2.3. Packet Sniffer (software): program that captures data as it travels over the network.

2.4. Key Loggers (hardware and software): capture every keystroke typed by users. The hardware key loggers plug into the computer between keyboard and keyboard port. The software ones will run in the background without being noticed.

2.5. Password Cracker (software): is a programm designed to guess passwords. Dictionary attacks use every known word until it fits . Brute force means trying every possible combination of characters. Systems protect form password cracking by limiting number of trying times before blocking account or imposing delay.

2.6. OS fingerprinting tools: give more information about target system (operating system, web server softwarem etc) in order to discover weaknesses.

2.7. Security Updates: software vendors create patches for their system in their updates which can fix security problems. Hackers tend to use vulnerability scanner tools to test non-patched weaknesses.

3. Malicious Software

3.1. Malicious Softwares types:

3.1.1. Virus:programs designed to replicate themselves and cause damage to computer systems. They attatch to programs or emails and are triggered when program or email is opened. The virus spreads through the computer and can be passed to others. At some point viruses cause the damage they were intended to deleting or overwriting files or wiping the hard disk.

3.1.1.1. Macroviruses: written in macro programming languages designed in automate tasks in some software. They can spread easily.

3.1.2. Worms: unlike viruses they spread without any user interaction. In addition to data destruction they consume large amounts of bandwidth.

3.1.3. Spyware: a malware that monitors users activities without their knowledge. They might steal personal files or use key loggers.

3.1.4. Trojan Horses: they trick user into downloading and runnign them by pretending to perform desirable task. They are often spywares or enlists machine into a botnet.

3.1.5. Rootkits: hard to remove malware because of their efficiency when hiding form user and operating system. They activate themselves before operating system is loaded, so even reinstallation will not solve the problem.

3.2. Anti-virus Software tools

3.2.1. Virus Definition File: recognises viruses and needs to beconstantly updated.

3.2.2. On demand scanners: check selected files by users.

3.2.3. Real Time Scanners: scan alll files before opened and run in the background of the computer. They also scan downloaded files from Internet, They might also prevent malicious websites.

3.2.4. Heuristic Scanners: they look for "virus-like" activity. They can find new viruses or modifications of existing ones.

3.2.5. Blacklists: prevent acces to hosting virus websites and prevent form downloading them. Running them ones configures prevention to these websites.

3.3. Getting Infected

3.3.1. Drive-by Downloads: programms downloaded without users consent when visiting a webpage. They are used to spread the drive-by download to other computers.

3.3.2. Denial of Service Attack: bombarding a computer with so many request that it is unable to keep up, making it slow down or crash. Distributed Denial of service attack does the same only with many computers (zombie computers).

3.4. Avoid Malicious Software:

3.4.1. Install antivirus and update it; disallow unsigned codes in browser settings; download software from trustworthy places; do not open unexpected emails; don't click on popuos; mantain backup; educate others.

3.5. Goal: Data destruction. They can delete or overwrite files and even the harmless ones will steal time from a user which will check all their files in order to know if they are in good conditions. Backdoors are a way to inffect computers and convert them into "zombies". A net of zombies is a botnet, they are all in control of the person who introduced the malware. They can perform Distributed Denial of Service attacking other computers.

4. Spam

4.1. Unwanted messages sent to many users at once. They can advertise illegal products, tricking users to send money to a bank account.

4.2. Techniques. the message has to be opened by the user. To achieve this, the message is sent by someone you might know ot with a personal title.

4.3. Impacts: It exposes users to malware infeccted attachments. They can slow down email serveers, can infect a whole network, consume bandwidth

4.4. Finding email adresses: use spam bots to scan over web pages in order to find email adresses. They also try with common name combinations. Finally, some computers are used for storing databases of email adresses.

4.5. Spam Filters: Reduce amount of received spam.

4.5.1. Avoid filters: embed a paragraph form a book or website into spam email to trick Bayesian filters and think it is genuine. They also use images that contain spam.

4.6. Spotting Spam: a popular free email has been used; "To" line in not my email adress; generic greeting; spelling and grammar mistakes; fantastic sounding story.

4.7. Avoid Spam:don't publish email adress on web sites; use BBC when forwarding email to many people; use dispossable email adresses;switch off images in email software; use "report spam" button; never open email from unkown sender; only open expected emails.

5. Phishing

5.1. They attempt to impersonate genuine organisations in order to trick user and obtain sensitive data and information.

5.2. Emails are very official looking; when user logs in, data is sent to criminals; in order to keep hidden, they display an "incorrect password" message and direct them to impersonated webpage.

5.3. Pharming (DNS Poisoning): direct users to a fake website when they enter the URL for the genuine website. This is done by accesing DNS server and changing Ip adress of fake site instead of geniune.

5.4. Smishing and Vishing: use text message or telephone calls to do the same.

5.5. Identity Theft: steals somebody's personal data in order to impersonate them and commit crimes which users can't be proved innocent.

5.6. Avoid Phishing: no genuine organisation will request sensitive date through and email or unsolicited phone call; manually type organization URL; use browsers with antiphishing filters.

6. Encryption

6.1. Encryption: needed to protect data form unathorised access when sent through and untrusted network (ex. Internet)

6.2. Encryption Keys: transform plaintext to ciphertext so not everyone can read it.

6.2.1. Caesar Cipher: changed every letter for a differnt one in the alphabet. But it could be easily guessed by frequency of letters.

6.3. Secret Key Encryption: same key is used ofr encryption and decryption. It is esscential that key continues to be secret.

6.4. Public Key Encryption: uses a key pair: a private key for decryption and public key for ecryption. In this way only corresponding private key can decrypt a message.

6.5. Digital certificates: solve the authentication problems that encryption might leave. Documents are signed with digital signed key.

6.6. Full disk encryption: avoids hard disk data being stolen or used for unwanted purposes.

7. Wireless Security

7.1. wireless networks represent higher risks than Ethernet networks as information is broadcasted to the air, allowing anymody with the right equipment to acces it.

7.2. All information should be encrypted for it not to be understadable if gathered. Encryption standards like WPA2

7.3. Wireless network should be configured with a key. We should also try to hide network 's name (Service Set Identifier- SSI) and instal a MAC Adress filter on wireless routers.

8. Physical security

8.1. Locks on computer labs and cabinets; alarms;

9. Diana Enya Bautista Sánchez