The document discusses various topics related to data security and cyber security. It defines data security and cyber security, and notes that cyber security involves protecting networks, computers, programs and data from attacks or unauthorized access. It then discusses several specific cyber security threats such as denial of service attacks, direct access attacks, eavesdropping, spoofing, tampering, privilege escalation, phishing, clickjacking and social engineering. The document concludes with some general advice for improving cyber security like frequently updating software, using antivirus software, strong unique passwords, and practicing safe online behaviors.
The document discusses various topics related to data security and cyber security. It defines data security and cyber security, and notes that cyber security involves protecting networks, computers, programs and data from attacks or unauthorized access. It then discusses several specific cyber security threats such as denial of service attacks, direct access attacks, eavesdropping, spoofing, tampering, privilege escalation, phishing, clickjacking and social engineering. The document concludes with some general advice for improving cyber security like frequently updating software, using antivirus software, strong unique passwords, and practicing safe online behaviors.
The document discusses various topics related to data security and cyber security. It defines data security and cyber security, and notes that cyber security involves protecting networks, computers, programs and data from attacks or unauthorized access. It then discusses several specific cyber security threats such as denial of service attacks, direct access attacks, eavesdropping, spoofing, tampering, privilege escalation, phishing, clickjacking and social engineering. The document concludes with some general advice for improving cyber security like frequently updating software, using antivirus software, strong unique passwords, and practicing safe online behaviors.
The document discusses various topics related to data security and cyber security. It defines data security and cyber security, and notes that cyber security involves protecting networks, computers, programs and data from attacks or unauthorized access. It then discusses several specific cyber security threats such as denial of service attacks, direct access attacks, eavesdropping, spoofing, tampering, privilege escalation, phishing, clickjacking and social engineering. The document concludes with some general advice for improving cyber security like frequently updating software, using antivirus software, strong unique passwords, and practicing safe online behaviors.
“Data Security” Data Security Data Security or Information Security involves protecting information from unauthorized access, use, disruption, modification or destruction, regardless of whether the information is stored electronically or physically. Cyber Security Cyber Security is subset of the larger area of Information Security. Cyber Security is the use of various technologies and processes to protect networks, computers, programs and data from attack, damage or unauthorized access. Since all computer systems rely on operating systems and networks to function, those areas are often targeted for attack and are the main sources of many security vulnerabilities. . . . Computer security, also known as cyber security or IT security, is the protection of computer systems from the theft or damage to the hardware, software or the information on them, as well as from disruption or misdirection of the services they provide.
Cyber security includes controlling physical access
to the hardware, as well as protecting against harm that may come via network access, data and code injection. Also, due to malpractice by operators, whether intentional, accidental, IT security is susceptible to being tricked into deviating from secure procedures through various methods. . . .It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
The field is of growing importance due to the increasing
reliance on computer systems and the Internet in most societies, wireless networks such as Bluetooth and Wi-Fi – and the growth of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things. Vulnerabilities and attacks A vulnerability is a system susceptibility or flaw. Many vulnerabilities are documented in the Common Vulnerabilities and Exposures (CVE) database. An exploitable vulnerability is one for which at least one working attack or "exploit" exists.
To secure a computer system, it is important to understand the
attacks that can be made against it, and these threats can typically be classified into one of the categories below: •Backdoor •Denial-of-service attack •Direct-access attacks •Eavesdropping •Spoofing •Tampering •Privilege escalation •Phishing •Clickjacking •Social engineering Backdoors A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls. They may exist for a number of reasons, including by original design or from poor configuration. They may have been added by an authorized party to allow some legitimate access, or by an attacker for malicious reasons; but regardless of the motives for their existence, they create a vulnerability. Denial-of-service attack (DoS) Denial of service attacks (DoS) are designed to make a machine or network resource unavailable to its intended users. Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once. While a network attack from a single IP address can be blocked by adding a new firewall rule, many forms of Distributed denial of service (DDoS) attacks are possible, where the attack comes from a large number of points – and defending is much more difficult. Such attacks can originate from the zombie computers of a botnet, but a range of other techniques are possible including reflection and amplification attacks, where innocent systems are fooled into sending traffic to the victim. Direct-access attacks An unauthorized user gaining physical access to a computer is most likely able to directly copy data from it. They may also compromise security by making operating system modifications, installing software worms, keyloggers, covert listening devices or using wireless mice. Even when the system is protected by standard security measures, these may be able to be by-passed by booting another operating system or tool from a CDROM or other bootable media. Disk encryption and Trusted Platform Module are designed to prevent these attacks. Eavesdropping Eavesdropping is the act of surreptitiously listening to a private conversation, typically between hosts on a network. For instance, programs such as Carnivore and NarusInsight have been used by the FBI and NSA to eavesdrop on the systems of internet service providers. Even machines that operate as a closed system (i.e., with no contact to the outside world) can be eavesdropped upon via monitoring the faint electro- magnetic transmissions generated by the hardware; TEMPEST is a specification by the NSA referring to these attacks. Spoofing Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security. Tampering Tampering describes a malicious modification of products. So-called "Evil Maid" attacks and security services planting of surveillance capability into routers are examples.
Privilege escalation Privilege escalation describes a situation where an attacker with some level of restricted access is able to, without authorization, elevate their privileges or access level. So for example a standard computer user may be able to fool the system into giving them access to restricted data; or even to "become root" and have full unrestricted access to a system. Phishing Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details directly from users. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Preying on a victim's trust, phishing can be classified as a form of social engineering. Clickjacking Clickjacking, also known as "UI redress attack" or "User Interface redress attack", is a malicious technique in which an attacker tricks a user into clicking on a button or link on another webpage while the user intended to click on the top level page. This is done using multiple transparent or opaque layers. The attacker is basically "hijacking" theclicks meant for the top level page and routing them to some other irrelevant page, most likely owned by someone else. A similar technique can be used to hijack keystrokes. Carefully drafting a combination of stylesheets, iframes, buttons and text boxes, a user can be led into believing that they are typing the password or other information on some authentic webpage while it is being channeled into an invisible frame controlled by the attacker. Social engineering Social engineering aims to convince a user to disclose secrets such as passwords, card numbers, etc. by, for example, impersonating a bank, a contractor, or a customer. A common scam involves fake CEO emails sent to accounting and finance departments. In early 2016, the FBI reported that the scam has cost US businesses more than $2bn in about two years. Attacker motivation As with physical security, the motivations for breaches of computer security vary between attackers. Some are thrill- seekers or vandals, others are activists or criminals looking for financial gain. State-sponsored attackers are now common and well resourced, but started with amateurs such as Markus Hess who hacked for the KGB, as recounted by Clifford Stoll, in The Cuckoo's Egg. A standard part of threat modelling for any particular system is to identify what might motivate an attack on that system, and who might be motivated to breach it. The level and detail of precautions will vary depending on the system to be secured. A home personal computer, bank, and classified military network face very different threats, even when the underlying technologies in use are similar. Advices to be secure
40 4 NOT FOUND
NO SYSTEM IS SAFE
... … Update your OS and other software frequently, if not automatically. Download up-to-date security programs, including antivirus and anti-malware software, anti-spyware, and a firewall. Destroy all traces of your personal info on hardware you plan on selling. Do not use open wifi. Password protect all of your devices. Create difficult passwords and change them frequently. Come up with creative answers for your security questions. Practice smart surfing and emailing. Don’t link accounts. Keep sensitive data off the cloud. Think before you click .
