CHAPTER 1 : INTRODUCTION TO SECURITY
SBIP NOTES - Chapter 1 : Introduction To Security
1. Information Security
2. - defined as that which protects the integrity, confidentiality, and availability of information on the devices that store, manipulate, and transmit the information through products, people, and procedures.
3. - the term "information security" also can be defined as protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide;
3.1. Integrity
3.1.1. ~Guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity.
3.1.1.1. ~Ensures that the information is correct and no unauthorized person or malicious software has altered the data.
3.2. Confidentiality
3.2.1. ~Preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information.
3.2.1.1. ~Ensures that only authorized parties can view the information.
3.3. Availability
3.3.1. ~Information has value if the authorized parties who are assured of its integrity can access the information.
3.3.1.1. ~Ensuring timely and reliable access to and use of information. Ensures the data is accessible to authorized users.
4. Goals of Security
5. Types of Security Threats
6. - A Threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system
6.1. Unstructured threats
6.1.1. Consist of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers.
6.1.2. For example, if an external company Web site is hacked, the integrity of the company is damaged.
6.1.3. Virus, Worm, Trojan horse
6.2. Structured threats
6.2.1. Come from hackers that are more highly motivated and technically competent.
6.2.2. These people know system vulnerabilities, and can understand and develop exploit-code and scripts.
6.2.3. They understand, develop, and use sophisticated hacking techniques to penetrate unsuspecting businesses.
6.3. External threats
6.3.1. Can arise from individuals or organizations working outside of a company.
6.3.2. They do not have authorized access to the computer systems or network.
6.3.3. They work their way into a network mainly from the Internet or dialup access servers.
6.4. Internal threats
6.4.1. Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network.
7. Type of attacks to computer security
8. Physical
8.1. Events or attacks that steal, damage, or destroy equipment, such as servers, switches, and wiring
9. Data
9.1. Events or attacks that remove, corrupt, deny access to authorized users, allow access to unauthorized users, or steal information
10. Hard Drive Destruction
10.1. It is important to be aware that formatting and reinstalling an operating system on a computer does not ensure that information cannot be recovered.
10.2. Drilling holes through a drive’s platters is not the most effective method of hard drive destruction.
10.3. To fully ensure that data cannot be recovered from a hard drive, carefully shatter the platters with a hammer and safely dispose of the pieces.
10.4. The only way to fully ensure that data cannot be recovered from a hard drive is to carefully shatter the platters with a hammer and safely dispose of the pieces.
10.5. To destroy software media (floppy disks and CDs), use a shredding machine designed for shredding these materials.
11. Social Engineering
11.1. A social engineer is a person who is able to gain access to equipment or a network by tricking people into providing the necessary access information.
11.2. To protect against social engineering: ~Never give out a password. ~Always ask for the ID of the unknown person. ~Restrict access of visitors. ~Escort all visitors. ~Never post your password. ~Lock your computer when you leave your desk. ~Do not let anyone follow you through a door that requires an access card.
12. Data Wiping
12.1. Deleting files from a hard drive does not remove them completely from the computer.
12.2. This data is not completely removed until the hard drive stores other data in the same location, overwriting the previous data.
12.3. Hard drives should be fully erased (data wiped) to prevent the possibility of recovery using specialized software.
12.4. Data wiping, also known as secure erase is a software-based method of overwriting the data that aims to completely destroy all electronic data residing on a hard disk drive or other digital media.
13. Hard Drive Recycling
13.1. Hard drives that do not contain sensitive data can be reformatted and used in other computers.
13.2. The drive can be reformatted, and a new operating system can be installed.
13.3. Types of Formatting
13.3.1. Standard format
13.3.1.1. Also called high-level formatting, a boot sector is created and a file system is set up on the disk. A standard format can only be performed after a low-level format has been completed.
13.3.2. Low-level format
13.3.2.1. The surface of the disk is marked with sector markers to indicate where data will be stored physically on the disk, and tracks are created. Low-level formatting is most often performed at the factory after the hard drive is built.
14. Malicious Software Protection Programs
14.1. Malware is malicious software that is installed on a computer without the knowledge or permission of the user.
14.2. It may take several different anti-malware programs and multiple scans to completely remove all malicious software.
14.3. Anti-malware available
14.3.1. Virus protection
14.3.1.1. An antivirus program typically runs automatically in the background and monitors for problems. When a virus is detected, the user is warned, and the program attempts to quarantine or delete the virus.
14.3.2. Spyware protection
14.3.2.1. Antispyware programs scan for keyloggers, which capture your keystrokes, and other malware so that it can be removed from the computer.
14.3.3. Adware protection
14.3.3.1. Anti-adware programs look for programs that display advertising on your computer.
14.3.4. Phishing protection
14.3.4.1. Anti phishing programs block the IP addresses of known phishing websites and warn the user about suspicious websites.
15. Signature File Updates
15.1. New viruses are always being developed, therefore security software must be continually updated.
15.2. A virus signature is a set of unique data, or bits of code, that allow it to be identified.
15.3. Anti-virus software uses a virus signature to find a virus in a computer file system, allowing to detect, quarantine and remove the virus.
15.4. In the anti-virus software, the virus signature is referred to as a definition file or DAT file.
16. Malicious Computer & Network Equipment Protection Methods
16.1. Physical security is as important as data security. Network infrastructure can be protected by: - Secured telecommunications rooms, equipment cabinets, and cages - Cable locks and security screws for hardware devices - Wireless detection for unauthorized access points - Hardware firewalls - Network management system that detects changes in wiring and patch panels
16.2. ~ Another method of hardware security is to disable the AutoRun feature of the operating system. ~ AutoRun automatically follows the instructions in a special file called autorun.inf when it is found on new media.
16.3. @ Two- factor Authentication - secured using overlapping protection techniques to prevent unauthorized access to sensitive data. @ An example of two-factor authentication is using a password and a smart card to protect an asset.
17. Security Hardware
17.1. There are several methods of physically protecting computer equipment: ~ Use cable locks with equipment. ~ Keep telecommunication rooms locked. ~ Fit equipment with security screws. ~ Use security cages around equipment. ~ Label and install sensors, such as Radio ~ Frequency Identification (RFID) tags, on equipment. ~ Install physical alarms triggered by motion-detection sensors. ~ Use webcams with motion-detection and surveillance software.
17.2. For access to facilities, there are several means of protection: ~ Card keys that store user data, including level of access ~ Biometric sensors that identify physical characteristics of the user, such as fingerprints or retinas ~ Posted security guard ~ Sensors, such as RFID tags, to monitor equipment
17.3. - For users that need to access sensitive network resources, a token can be used to provide two-factor authentication. - A token can be hardware type, such as a pin card or a software type, such as a soft token program. - The token is assigned to a computer and creates a unique code at certain times. - When users access a network resource, they enter a PIN and a number displayed by the token. - The number displayed by the token is created from a calculation made with its internal clock and a random number encoded on the token at the factory. - This number is authenticated against a database that knows the token’s number and can calculate the same number.
17.4. Factors that determine the most effective security equipment to use to secure equipment and data include: ~ How the equipment is used? ~ Where the computer equipment is located? ~ What type of user access to data is required?
17.5. + Service Packs & Security Patches Regular security updates are essential to combat new viruses or worms. + A technician should understand how and when to install patches and updates. + Patches are code updates that manufacturers provide to prevent a newly discovered virus or worm from making a successful attack. + A Service Pack is a combination of patches and updates.
17.6. The following Windows options allow you to control when software is updated:
17.6.1. Automatic
17.6.1.1. Downloads and installs updates automatically without user intervention.
17.6.2. Only download updates
17.6.2.1. Downloads the updates automatically, but the user is required to install them.
17.6.3. Notify me
17.6.3.1. Notifies the user that updates are available and gives the option to download and install.
17.6.4. Turn off automatic updates
17.6.4.1. Prevents any checking for updates.