Information Security 1 Overview of Security TOPIC DISCUSSION 1 Overview of Security 1.1 CIA Triad 1.2 1.3 1.4 1.5 AAA of Security Security Threats Hackers Threat Actors TOPIC DISCUSSION 2 Malware 2.1 Viruses 2.2 2.3 2.4 2.5 2.6 Worms Rootkits 2.7 Spam Trojans Ransomware Spyware TOPIC DISCUSSION 3 Malware Infections 3.1 Common Delivery Methods 3.2 3.3 3.4 3.5 3.6 Phishing 3.7 3.8 Botnets and Zombies Active Interception and Privilege Backdoors and Logic Bombs Symptoms of Infection Removing Malware Preventing Malware Network Security Network security is a broad term that covers a multitude of technologies, devices and processes. In its simplest term, it is a set of rules and configurations designed to protect the integrity, confidentiality and accessibility of computer networks and data using both software and hardware technologies. Every organization, regardless of size, industry or infrastructure, requires a degree of network security solutions in place to protect it from the ever-growing landscape of cyber threats in the wild today. Network Security Today's network architecture is complex and is faced with a threat environment that is always changing and attackers that are always trying to find and exploit vulnerabilities. These vulnerabilities can exist in a broad number of areas, including devices, data, applications, users and locations. For this reason, there are many network security management tools and applications in use today that address individual threats and exploits and also regulatory non-compliance. When just a few minutes of downtime can cause widespread disruption and massive damage to an organization's bottom line and reputation, it is essential that these protection measures are in place. CIA Triad CIA - Confidentiality, Integrity and Availability The CIA Triad is actually a security model that has been developed to help people think about various parts of IT security. AAA of Security Authentication, authorization, and accounting (AAA) is a method you can use in your network to control which administrators are allowed to connect to which devices (authentication), what they can do on these devices (authorization), and log what they actually did while they were logged in (accounting). Security Threats Security Threat is defined as a risk that which can potentially harm computer systems and organization. The cause could be physical such as someone stealing a computer that contains vital data. The cause could also be non-physical such as a virus attack. Hackers People, not computers, create computer threats. Computer predators victimize others for their own gain. Give a predator access to the Internet — and to your PC — and the threat they pose to your security increases exponentially. Computer hackers are unauthorized users who break into computer systems in order to steal, change or destroy information, often by installing dangerous malware without your knowledge or consent. Their clever tactics and detailed technical knowledge help them access the information you really don’t want them to have. Hackers Ethical Hacker (White hat) Cracker (Black hat) Grey hat Script kiddies Hacktivist Phreaker Threat Actors A threat actor is a person or entity that has the ability or intent to impact the security of other individuals or companies Threat actors can be internal or external to the organization being targeted, and they may or may not possess the technical skillsets needed to infiltrate and compromise networks and corporate data Malware Malware is the collective name for a number of malicious software variants, including viruses, ransomware and spyware. Shorthand for malicious software, malware typically consists of code developed by cyberattackers, designed to cause extensive damage to data and systems or to gain unauthorized access to a network. Malware is typically delivered in the form of a link or file over email and requires the user to click on the link or open the file to execute the malware. Malware Malware has actually been a threat to individuals and organizations since the early 1970s when the Creeper virus first appeared. Since then, the world has been under attack from hundreds of thousands of different malware variants, all with the intent of causing the most disruption and damage as possible. Viruses A computer virus is what most of the media and regular end-users call every malware program reported in the news. Fortunately, most malware programs aren't viruses. A computer virus modifies other legitimate host files (or pointers to them) in such a way that when a victim's file is executed, the virus is also executed Worms Worms have been around even longer than computer viruses, all the way back to mainframe days. Email brought them into fashion in the late 1990s, and for nearly a decade, computer security pros were besieged by malicious worms that arrived as message attachments. One person would open a wormed email and the entire company would be infected in short order Trojans Computer worms have been replaced by Trojan horse malware programs as the weapon of choice for hackers. Trojans masquerade as legitimate programs, but they contain malicious instructions. They've been around forever, even longer than computer viruses, but have taken hold of current computers more than any other type of malware. Ransomware Malware programs that encrypt your data and hold it as hostage waiting for a cryptocurrency pay off has been a huge percentage of the malware for the last few years, and the percentage is still growing. Ransomware has often crippled companies, hospitals, police departments, and even entire cities. Spyware Spyware is most often used by people who want to check on the computer activities of loved ones. Of course, in targeted attacks, criminals can use spyware to log the keystrokes of victims and gain access to passwords or intellectual property. Adware and spyware programs are usually the easiest to remove, often because they aren't nearly as nefarious in their intentions as other types of malware. Find the malicious executable and prevent it from being executed — you're done. Rootkits A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. The term rootkit is a connection of the two words "root" and "kit." Originally, a rootkit was a collection of tools that enabled administrator-level access to a computer or network. Root refers to the Admin account on Unix and Linux systems, and kit refers to the software components that implement the tool. Today rootkits are generally associated with malware – such as Trojans, worms, viruses – that conceal their existence and actions from users and other system processes. Spam Spamming is the point at which a cyber-criminal sends messages intended to profit on fake or phony products. Much of it is sent by botnets, networks of virus-infected computers, complicating the process of tracking down the spammers. According to various estimates, about 80% of all email in the world may be spam Common Delivery Methods Phishing Phishing is a method of trying to gather personal information using deceptive e-mails and websites. Here's what you need to know about this venerable, but increasingly sophisticated, form of cyber attack. Botnets and Zombies News about internet crimes often mentions "bots", "zombies", and "botnets". It's not hard to figure out from the context that these are computer or network security threats. But what exactly are they, how do they work, and what kind of damage can they cause? A bot, short for "robot", is a type of software application or script that performs automated tasks on command. Bad bots perform malicious tasks that allow an attacker to remotely take control over an affected computer. Once infected, these machines may also be referred to as zombies. Active Interception and Privilege Active GSM interception systems allow an attacker to actively interfere in communications between mobile phones and base stations by means of a so-called IMSI-catcher, in essence a transmitter and receiver that simulates the functionality of a GSM base station. Recent attack methods involve spoofing so-called femtocells to feign that you are the user’s mobile network provider, while in fact you are taking over his network traffic. Backdoors and Logic Bombs A backdoor occurs when a programmer provides as a means to grant themselves or others future access to a system. A logic bomb is commonly defined as an attribute or a portion of code running within a program that remains inactive until a specific event or time occurs. Symptoms of Infection Your computer is slowing down Annoying ads are displayed Crashes Pop-up messages Internet traffic suspiciously increases Your browser homepage changed without your input Unusual messages show unexpectedly Your security solution is disabled Your friends say they receive strange messages from you Unfamiliar icons are displayed on your desktop Unusual error messages You can’t access the Control Panel Everything seems to work perfectly on your PC You get the error on the browser You get suspicious shortcut files Preventing Malware Practice safe browsing Use strong passwords and/or password managers Make sure you’re on a secure connection Log out of websites after you’re done Layer your security Use firewall, anti-malware, anti-ransomware, and anti-exploit technology. Preventing Malware Protect vulnerabilities Update your operating system, browsers, and plugins Enable click-to-play plugins Remove software you don’t use (especially legacy programs). Preventing Malware Watch out for social engineering Read emails with an eagle eye Do not call fake tech support numbers Do not believe the cold callers Removing Malware
