Information Security Quiz 1
Asset
Data comprised in an Information System.
Data Encryption
Encryption is a widely established method of protecting data in motion (transit), but now it is also increasingly accepted as a way to preserve the integrity of the data at rest as well. The process of encryption involves altering the data present in the files into bits of unreadable character that cannot be deciphered unless a decode key is provided.
threats vs. attacks
(intentional/unintentional, potential to cause damage, may manipulate information, potential of attack). (intentional, attempt to cause damage, definite chance of manipulation of information, and intended target to harmed).
Most common cyber attacks
- Man in the Middle Attack -Eavesdropping attack, happens when an attacker enters into a two party transaction-Once the traffic is interrupted by an attacker, they can steal the data and security can be compromised •Denial of Service Attack -A denial-of-service attack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests. Attackers can also use multiple compromised devices to launch this attack. This is known as a distributed-denial-of-service (DDoS) attack
How could Equifax Data Breach been avoided
-3rd party monitoring their security systems and quality assurance -CEO and CIO should have prioritized on security -Training employees on how to manage to systems securely -Encryption-Security cannot be thought off as an afterthought
Malware
-A term for malicious software's such as viruses, ransomware, spyware, trojan horse -Consists of code developed by cyber attackers, intended to cause damage to information systems to gain unauthorized access to a network -Delivered in the form of a link or file attachment over an email. It requires a user to click on the link or open the file to execute malware -Malware threats have been very active since 1970s with the organizations coming under attack thousands of time
Spam
-An unsolicited message in an email is the best example of a spam -Spam is the most efficient and cost effective means to send messages across from a sender's perspective -They possess links, which if opened, installs malicious software on your computer system
Layers of the TCP/IP Model
-Application -Transport -Network -Datalink -Physical
Botnet
-Botnet malware is a network of computers that have been hijacked or compromised, giving hackers the ability to control infected computers or mobile devices remotely. When the malware is launched on your computer or mobile device, it recruits your infected device into a botnet, and the hacker is now able to control your device and access all your data in the background without your knowledge. -A botnet can consist of as few as ten computers or hundreds of thousands, and when bots come together, they are a force to be reckoned with. If a botnet hits your corporate website, it can make millions of requests at once ultimately overloading the servers knocking the website offline, slow web traffic, or affect performance. As many businesses are aware, a website that is offline or has a long lag time can be very costly, resulting in a loss of customers or a damaged reputation.
Functions of cryptography
-Confidentiality -Authentication -Integrity -Non-repudiation -Key exchange
How to ensure information access is secure
-Create Firewalls: Firewalls could include both hardware and software based defenses that are created to block unsolicited protocols, connections, unauthorized network activity and other malicious attempts while you are linked to an external network (typically the Internet). -Install Proxy Servers: A proxy server is designed to control what the outside world sees of your network. This is a type of smoke screen that can disguise your actual network and present a minimal Internet connection. -Use Routers: Control network through routers, which like a firewall, could include an access list to deny or permit access into your network. -Implement Network Controls: This implementation is done at the local level, and includes authentication in the form of login and password. -Install Software Controls: These can block any malware from penetrating your equipment. If a malware enters the system, these controls will work to eliminate the infection and restore the system to its pre-infestation condition. -Use Data Encryption
Phishing
-Created by cybercriminals in an attempt to steal sensitive information. Phishing schemes mostly is the start of a successful cyber attack -Phishing can be disguised in multiple ways -Banks, common web service with the purpose of requesting you to enter your login credentials and verify your account details -Phishing has evolved from emails. Now, hackers even employ a phishing attack by sending text messages, making phone calls, over mobile applications and on social media
Features of data encryption
-In the manual encryption process, the user employs a software program to initiate the data encryption. In case of transparent encryption, the data gets encrypted automatically with no intervention from the user. -The symmetric encryption process takes place by substituting characters with a key that becomes the only means to decrypt the bits of data. Conversely, the process of symmetric encryption is employed when two keys are involved: a private key and a public key.
Denial of Service (DoS)
-Occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. Services affected may include email, websites, online accounts (e.g., banking), or other services that rely on the affected computer or network. A denial-of-service condition is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can cost an organization both time and money while their resources and services are inaccessible.
Distributed Denial of Service (DDoS)
-Occurs when multiple machines are operating together to attack one target. DDoS attackers often leverage the use of a botnet—a group of hijacked internet-connected devices to carry out large scale attacks. Attackers take advantage of security vulnerabilities or device weaknesses to control numerous devices using command and control software. Once in control, an attacker can command their botnet to conduct DDoS on a target. In this case, the infected devices are also victims of the attack.
Cryptanalysis
-Science of analyzing and breaking encryption schemes.
Computer Worm
-They possess a self replicating trait. Therefore, they can create multiple copies and spread quickly in the system without the need of human interaction -Worms spread through tricking internet users and exploit known loopholes in a software -Potential danger -Using mobile phones
Features of cloud security
-Ubiquitous -Scalable -Integrated -Comprehensive -Intelligent
Categories of threats
1. Capable of exploiting vulnerabilities 2. Represent potential security harm to an asset
Categories of vulnerabilities
1. Corrupted (loss of integrity) 2. Leaky (loss of confidentiality) 3. Unavailable or very slow (loss of availability)
Classification of Threats
1. Disclosure 2. Deception 3. Disruption 4. Usurpation
5 most common types of threats
1. Malware 2. Computer Worm 3. Spam 4. Phishing 5. Botnet
Categories of attacks
1. Passive - they attempt to learn or make use of information from the system that does not affect system resources. 2. Active - attempt to alter system resources or affect their operation. 3. Insider - initiated by an entity inside the security parameter. 4. Outsider - initiated from outside the perimeter.
Different layers of OSI model
1. Physical layer 2. Datalink layer 3. Network layer 4. Transport layer 5. Session layer 6. Presentation layer 7. Application layer
Challenges of confidentiality
1. The challenge is that it is easy to breach confidentiality, particularly in larger organizations. Therefore, all employees of a company or members of an organization must be made aware of their duty and responsibility to maintain confidentiality regarding the information shared with them as part of their work. 2. Confidentiality is sanctimonious, and easy to breach. For example, if an employee in an organization allows someone to have a glimpse of his computer screen, which may at the moment be displaying some confidential information, he may have already committed a confidentiality breach
Risks
A combination of threats, vulnerabilities and assets is risk.
Importance of network security system
A good network security system helps business reduce the risk of falling victim of data theft and sabotage.
Vulnerabilities
A loophole in a computer system which leaves it open to attack. It is the weakness of a system which leaves information security exposed to threat.
Security Policy
A provision made to deal with information threats in an organization and how to handle situations which occur due to threats.
Countermeasures
An action to prevent or reduce potential threats to computer systems, information systems and operating systems is a countermeasure. Some of the popular countermeasure tools include firewalls and anti-virus software's.
Attacks
An attempt to obtain, manipulate, destroy, implant or reveal an information without authorized access or permission is an attack. An attack can be attempted on individual or organization level computer systems.
Threats
Any incident which can damage functioning of a computer system is a threat. They create loss of confidentiality, integrity and availability. They can be accidental or deliberate in nature.
layers of information security
Application Access -The layer of application access indicates that access to user applications must be restricted on a need-to-know basis. Infrastructure Access -The layer of infrastructure access indicates that access to various components of the information infrastructure (such as servers) must be restricted on a need-to-know basis. Physical Access -The layer of physical access indicates that physical access to systems, servers, data centers, or other physical objects that store vital information must be restricted on a need-to-know basis. Data-in-Motion -The layer of data-in-motion indicates that data access must be restricted while it is in the process of transfer (or in motion).
Types of Security
Computers, Internet, Database, Network, Cloud, Information.
Three elements of information security
Confidentiality, Integrity, Availability.
Application Layer
Human computer interaction layer where applications can access the network services.
Principle of Confidentiality
Information must remain out of bounds or hidden from individuals or organizations that do not have the authorization to access it. This principle essentially dictates that information must solely be accessed by people with legitimate privileges.
Importance of computer security
It keeps your information protected. Also, it is important for your computer's overall health; proper computer security helps prevent viruses and malware, which allows programs to run quicker and smoother.
public key cryptography
Public Key Cryptography or Asymmetric encryption is a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key
Cryptology
Study of secret writing. This includes cryptography and cryptanalysis
Principle of integrity of information
The second principle involves the integrity of information. The information or data must have a level of integrity that prevents it from getting easily breached.
Principle of Availability
The third guiding principle relates to information availability and underscores the importance of securing information in a location where unauthorized entities cannot access it, and data breaches can be minimized.
What happened with Equifax
They were exploitated/attacked. There was vulnerability issues like expired certificate, lack of accountability, phising threat, and poor communication with consumers.
How do computer devices communicate
Through 2 Models. -OSI Model -TCP/IP Model
Cyberattack
a malicious and deliberate attempt by an individual or organization to breach the information system of another individual or organization. Usually, the attacker seeks some type of benefit from disrupting the victim's network.
Importance of internet security
a top priority for both businesses and governments, a good internet security protects financial details of business or agency's servers and network hardware. Insufficient internet security can threaten to collapse an e-commerce business or any other operation where data gets routed over the Web.
Availability
concerned with improper denial of access to information.
Confidentiality
concerned with unauthorized disclosure of information.
Integrity
concerned with unauthorized modification of information.
The role of database security
covers and enforces security on all aspects and components of databases. This includes -Data stored in database -Database server -Database management system (DBMS) -Other database workflow applications
Internet Security
covers security for transactions made over the Internet. It encompasses browser security, the security of data entered through a web form, and overall authentication and protection of data sent via Internet protocol.
Network Layer
decides which physical path the data will take
Datalink Layer
defines the format of data on the network
Presentation Layer
ensures that data is in a usable format and is where data encryption occurs.
disruption
hinders operation of system -Example: Program Manager
Open Systems Interconnection (OSI) model
is a conceptual model created by the International Organization for Standardization which enables diverse communication systems to communicate using standard protocols.
Feature of database security
is generally planned, implemented and maintained by a database administrator and or other information security professional.
Internet Protocol (IP)
is the address system of the Internet and has the core function of delivering packets of information from a source device to a target device. IP is the primary way in which network connections are made, and it establishes the basis of the Internet. IP does not handle packet ordering or error checking. Such functionality requires another protocol, typically TCP.
Session Layer
maintains connection and is responsible for controlling ports and sessions
Information Security
often referred to as InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.
Cloud Security
refers to an array of policies, technological procedures, services, and solutions designed to support safe functionality when building, deploying, and managing cloud-based applications and associated data. Whether operating in public, private, or hybrid cloud environments, cloud security creates and maintains preventative strategies and actions to combat any threat to networked systems and applications
Database Security
refers to the collective measures used to protect and secure a database or database management software from illegitimate use and malicious threats and attacks.
disclosure
reveals sensitive data. -Example: Snooping
Cryptography
science of secret writing
Network Security
security is any activity designed to protect the usability and integrity of your network and data. -It includes both hardware and software technologies -It targets a variety of threats -It stops them from entering or spreading on your network -Effective network security manages access to the network
Computer Security
the protection of computer systems and information from theft, harm, and unauthorized use. It is the process of preventing and detecting unauthorized use of your computer system.
Transport Layer
transmits data using transmission protocols including TCP and UDP
Physical Layer
transmits raw bit stream over the physical medium
usurpation
unauthorized access to control system services -Example: Denial of Service
deception
user receives data which resembles original data, but is a fake duplicate -Example: Repudiation, Masquerade
Hash Functions
•Algorithms which use no key •Fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered •Hash algorithms provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus •Hash functions are also commonly employed by many operating systems to encrypt passwords
Symmetric Encryption
•Block Cipher -Plaintexts is processed in blocks of bits -Operations is performed and block is converted to ciphertexts -Block size is fixed, multiples of 8 bits -Padding bits for efficiency: by redundant information-Example: DES and AES encrypt 64 and 128 bit block respectively •Stream Cipher -Plaintexts is processed one bit at a time -Operations are performed to obtain 1 bit of ciphertext -Act as block cipher of 1 bit block size
Traditional cipher schemes
•Caesar Cipher (Shift Cipher) -Each letter (in Plain text) is converted to another letter (in Cipher Text) -Each alphabet is shifted by a certain number of places-Sender receiver agree on Secret shift number (between 0 to 25) -Usually Caesar cipher is used for shifting alphabets up to 3 places -Disadvantage: Not secure system•26 possible keys needed to figure out •Vigenere Cipher (Unbreakable Cipher) -Alphabet is substituted by number -Key is selected to perform number of shifts, to convert plain text -Designed by modifying Caesar cipher to reduce effect of cryptanalysis on ciphertext and make a strong cryptosystem -More secure than Caesar cipher-Historically used to protect sensitive political and military information-Types: Vernam Cipher and One time pad
cryptographic algorithm
•Categorized on the basis of number of keys -Secret Key Cryptography or Symmetric encryption •Used for Privacy and Confidentiality -Public Key Cryptography or Asymmetric encryption •Used for authentication, non-repudiation and key exchange -Hash Functions •Used for integrity
Cryptographic Attacks
•Cryptographic attacks are made by Cryptanalysts to break into your cryptosystem and decode plaintext from cipher texts •Attackers focus on vulnerabilities of your system by targeting cipher texts and plain texts
Data Encryption Standard (DES)
•Developed by IBM and adopted by NIST in 1977 •DES is a product cipher with 56 bit key and 64 bit block size for plaintext and ciphertext respectively •Efficient for hardware implementation •Encryption and Decryption algorithms are public. Design principles are classified
Countermeasure to Dos/DDoS attack
•DoS protection service -Detects abnormal traffic flows -Redirects traffic away from your network -DoS traffic is cleared and clean traffic is passed on your network •Disaster recovery plan -Ensures convenient and efficient communication, mitigation, and recovery process in the occurrence of an attack •Other measures -Install and maintain antivirus software -Install firewall and configure to restrict inappropriate traffic
Preserving Information Integrity effectively
•Encrypt your data: If you ensure data encryption, a third party will be unable to read or use it, even if the data becomes available to them. •Use two-factor authentication: If access to your data requires two-factor authentication, it will bolster the safety of your confidential information and reduce the risk of data leaks.• Encrypt interactions: As a first step, you must configure your communication program or IM to use Transport Layer Security (TSL) or Secure Socket Layer (SSL). Secondly, disable the feature that allows logging into conversation history. Thirdly, create encryption for your Internet traffic because it could be intercepted. •Protect your keys: Safeguard your keys with a foolproof system in place. In many cases, access to your keys can be equal to access to your data. •Create information backup and ensure it is safe: Data backup should be available and accessible, but in encrypted form and stored away in a secure location
Ways to achieve security
•Policy -Requirements to be implemented -Covers software, hardware, personnel, physical and procedural components -Specify goal •Mechanism -How to implement •Assurance -To ensure how well the policy has been implemented -Low assurance mechanism: Easy to implement -High assurance mechanism: Difficult to implement •Evaluation-Process of measuring assurance
Security Techniques
•Prevention -To prevent attackers from security policy violation -Access Control •Detection -Detects violation of security policy by attackers -Intrusion detection -Incident handling •Recovery -Stop attack, assess and repair damage -Continue normal functioning of the system, as if no attack took place •Tolerance-Last option •By Obscurity -Hide inner functioning of a system -Bad idea? -Less applicable in the times of vendor independent open standards -Less applicable due to widespread computer knowledge and expertise •By Legislation -Instructing our users on how to behave -Bad idea? -Example: •Not share passwords •Not write down passwords •Not open attachments from unknown parties
Detecting Dos/DDos attack
•Slow network performance •Unavailability to access a website
Features of Public Key cryptography
•Solves the key distribution problem with a reliable channel for communication of public keys •Needs reliable dissemination of one public key •Scales well for large scale systems •Practically used algorithms in the market today-RSA-Diffie Hellman-Digital Signature Algorithm (DSA)
Principles for Information Security Practitioners
•Support the business •Defend the business •Promote responsible security behavior
Keys Used in Cryptography
•Symmetric Key Cryptography -Secret Key -Same algorithm, same key used for encryption/decryption •Asymmetric Key Cryptography -Private Key -Public Key -One algorithm is used for encryption and decryption with a pair of keys -One key must be private
Encryption Techniques
•Traditional Ciphers -Substitution Letters/Numbers/Symbols of plaintexts are replaced by other letters/numbers/symbols -Transposition •Letters/Numbers/Symbols in plaintexts is changed with another
Why an OSI model
•Useful for troubleshooting network problems. •Resolves unnecessary computation of the system.