Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
43 views11 pages

Ethical Hacking (Sem Vi) : Presented By: Ms. Drashti Shrimal

Uploaded by

Sunny Pandey

This document provides an overview of key concepts in information security including assets, access control, confidentiality, integrity and availability (CIA), authentication, authorization, risks, threats, vulnerabilities, attacks and attack vectors. It discusses how security, functionality and ease of use must be balanced. Authentication verifies a user's identity while authorization determines their access privileges to resources.

Copyright:

© All Rights Reserved
Download as PPTX, PDF, TXT or read online from Scribd
Download as pptx, pdf, or txt

Ethical Hacking (Sem Vi) : Presented By: Ms. Drashti Shrimal

Uploaded by

Sunny Pandey
43 views11 pages
This document provides an overview of key concepts in information security including assets, access control, confidentiality, integrity and availability (CIA), authentication, authorization, risks, threats, vulnerabilities, attacks and attack vectors. It discusses how security, functionality and ease of use must be balanced. Authentication verifies a user's identity while authorization determines their access privileges to resources.

Original Title

Lecture 1

Copyright

© © All Rights Reserved

Available Formats

PPTX, PDF, TXT or read online from Scribd

Did you find this document useful?

Is this content inappropriate?

This document provides an overview of key concepts in information security including assets, access control, confidentiality, integrity and availability (CIA), authentication, authorization, risks, threats, vulnerabilities, attacks and attack vectors. It discusses how security, functionality and ease of use must be balanced. Authentication verifies a user's identity while authorization determines their access privileges to resources.

Copyright:

© All Rights Reserved
Download as PPTX, PDF, TXT or read online from Scribd
Download as pptx, pdf, or txt
43 views11 pages

Ethical Hacking (Sem Vi) : Presented By: Ms. Drashti Shrimal

Uploaded by

Sunny Pandey
This document provides an overview of key concepts in information security including assets, access control, confidentiality, integrity and availability (CIA), authentication, authorization, risks, threats, vulnerabilities, attacks and attack vectors. It discusses how security, functionality and ease of use must be balanced. Authentication verifies a user's identity while authorization determines their access privileges to resources.

Copyright:

© All Rights Reserved
Download as PPTX, PDF, TXT or read online from Scribd
Download as pptx, pdf, or txt
You are on page 1/ 11

Ethical Hacking

(SEM VI)
Presented by: Ms. Drashti Shrimal
Unit I
Information Security : Attacks and Vulnerabilities
Topics:
- Introduction to information security :
• Asset,
• Access Control,
• CIA, Authentication, Authorization,
• Risk,
• Threat, Vulnerability,
• Attack, Attack Surface,
• Security-Functionality-Ease of Use Triangle
Asset
• In information security, computer security and network
security, an asset is any data, device, or other component of
the environment that supports information-related activities.
• Assets generally include hardware (e.g. servers and switches),
software (e.g. mission critical applications and support
systems) and confidential information.
• Assets should be protected from illicit access, use, disclosure,
alteration, destruction, and/or theft, resulting in loss to the
organization.
Imp Factors
• Threat: Anything that has potential to cause harm. There are various threats available to
system threats, Network threats, application threats, cloud threats, malicious files threats etc.

• Vulnerability: A weakness or a flaw in the system which an attacker may find and exploit. An
updated OS, Default Passwords, Unencrypted protocols are all good examples of
vulnerabilities.

• Attack: Method followed by a hacker/Individual to break into the system. Denial of service
attack, Misconfiguration attacks, Operating system attacks, Virus, and Worms are all example
of Attacks.

• Attack vectors: Path or means by an attacker gains access to an information system to perform
malicious activities.
S-F-E
• Security - Functionality - Ease of use
• There is an inter dependency
between these three attributes.
When security goes up, usability and
functionality come down. Any
organization should balance between
these three qualities to arrive at a
balanced information system.
Attacks
CIA
CIA
• Confidentiality:
Confidentiality means that only the authorized
individuals/systems can view sensitive or classified
information. The data being sent over the network should
not be accessed by unauthorized individuals.
The attacker may try to capture the data using different
tools available on the Internet and gain access to your
information.
CIA
• Integrity:
The next thing to talk about is integrity. Well, the idea
here is making sure that data has not been modified.
Corruption of data is a failure to maintain data integrity.
To check if our data has been modified or not, we make
use of a hash function.
CIA
• Availability:
This means that the network should be readily available
to its users. This applies to systems and to data. To
ensure availability, the network administrator should
maintain hardware, make regular upgrades, have a plan
for fail-over and prevent bottleneck in a network.
Authenication & Authorization

• In authentication process, the identity of users are


checked for providing the access to the system. While
in authorization process, person’s or user’s authorities
are checked for accessing the resources.
Authentication is done before the authorization
process, whereas authorization process is done after
the authentication process.

You might also like