These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.
A rootkit is malware which consists of a program (or combination of several programs) designed to take fundamental control (in Unix terms &quot;root&quot; access, in Windows terms, &quot;Administrator&quot; or &quot;Admin&quot; access) of a computer system, without authorization by the system's owners and legitimate managers
A denial-of-service attack ( DoS attack ) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted, malevolent efforts of a person or persons to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even DNS root servers . Loss of confidentiality E-mails are sent in clear over open networks E-mails stored on potentially insecure clients and mail servers Loss of integrity No integrity protection on e-mails; body can be altered in transit or on mail server
POP, IMAP over ssh, SSL – protokoli PGP – enkripcija I dekripcija
Viruses Programs that can be attached to emails and are spread as files from individual to individual. Viruses are intentionally destructive Worms Self replicating computers programs, similar to computer viruses however do not require other programs or documents to spread. Trojans non-replicating malicious programs which appears harmless or even useful to the user but when executed harms the user’s System Spyware Programs installed on computers which record and send your personal information – includes marketing info( visited sites, lists of your software, your interests ,etc…) Phishing attempt to fraudulently acquire sensitive information, such as password and financial information, through email or an instant message
In computer security, social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. A social engineer runs what used to be called a &quot;con game&quot;. Social Engineering is clever manipulation of the natural human tendency to trust. As a rule, public sector employees care about the jobs they do and try their best to be helpful. “ Social engineering attacks are mostly financially driven, with the attacker looking to obtain confidential information. Some of the common tactics used for such attacks are forging identities, exploiting the inability of people to realize the value of the data held by them or the know-how to protect data. Most users perceive a false sense of security once they install an anti-virus or anti spam solution. That’s why along with providing security solutions, we look to educate our customers on the various current and evolving security threats that take place and how to be immune from them.” said Govind Rammurthy CEO, MicroWorld.
Most common threats to information security Ana Meskovska [email_address] ELSA Conference Strumica, 27.11.2008
Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication
Use of Email messages and Web pages that are replicas of existing sites to fool users into submitting: