Recommended
More Related Content
What's hot
What's hot (20)
Similar to Ethical hacking-Introduction to information security.
Similar to Ethical hacking-Introduction to information security. (20)
Recently uploaded
Recently uploaded (20)
Ethical hacking-Introduction to information security.
- 2. INFORMATION SECURITY: ATTACKS AND VULNERABILITIES Introduction to information security
- 3. TERMINOLOGIES: • Information security – The state of being protected against the unauthorized use of information, especially electronic data, or the measures taken to achieve this. • Asset – 1. An asset is any item of economic value owned by an individual or corporation. 2. Assets can be real—such as routers, servers, hard drives, and laptops—or assets can be virtual, such as formulas, databases and spreadsheets. • Access Control- 1. Access control (AC) is the selective restriction of access to a place or resource. 2. The act of accessing may mean consuming, entering, or using. 3. Permission to access a resource is called authorization.
- 4. • CIA : • Confidentiality- Confidentiality addresses the secrecy and privacy of information. • Integrity- 1. Integrity provides for the correctness of information. It allows users of information to have confidence in its correctness. 2. Integrity must be protected in two modes: storage and transit. • Availability- 1. Availability simply means that when a legitimate user needs the information, it should be available. 2. Denial of service (DoS) is an attack against availability.
- 5. • Authentication- 1. The process of identifying an individual, usually based on a username and password. 2. Authentication merely ensures that the individual is who he or she claims to be but says nothing about the access rights of the individual. • Authorization- Authorization is the function of specifying access rights/privileges to resources. • Risk- Risk is the probability or likelihood of the occurrence or realization of a threat.
- 6. • Threat- 1. A threat sets the stage for risk and is any agent, condition, or circumstance that could potentially cause harm, loss, or damage. 2. Threats can result in destruction, disclosure, modification, corruption of data, or denial of service. • Vulnerability- 1. A vulnerability is a weakness in the system design, implementation, software, or code, or the lack of a mechanism. 2. If the organization is vulnerable to any of these threats, there is an increased risk of successful attack. • Attack- An attack is an action that is done on a system to get its access and extract sensitive data.
- 7. • Attack Surface- 1. The attack surface of a software environment is the sum of the different points where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment. 2. Keeping the attack surface as small as possible is a basic security measure. • Malware- Malware is any software intentionally designed to cause damage to a computer, server or Computer network. • Risk Assessment- A risk assessment is a process to identify potential security hazards and evaluate what would happen if a hazard or unwanted event were to occur.
- 8. • Security-Functionality-Ease of Use Triangle- 1. There is an inter dependency between these three attributes. 2. When security goes up, usability and functionality come down. 3. Any organization should balance between these three qualities to arrive at a balanced information system. 4. The relationship between the concepts of security, functionality and ease of use. 5. The use of a triangle is because an increase or decrease in any one of the factors will have an impact on the presence of the other two. Functionality Easy to use Security