INTRODUCTION OF SECURITY
MALICIOUS
SOFTWARE
Virus
Steal information
Delete data
Software code
Passive transmission
Trojan Horse
Can open a backdoor
Disguised as a useful program
Conscript host for botnet
Non self-replicating
DATA AND EQUIPMENT
Data Wiping
is the process of logically removing data
from a read / write medium so that it can
no longer be read
Performed externally by physically connecting
storage media to a hardware bulk-wiping device
or internally by booting a PC from a CD or network
It is a non destructive process that enables the
medium to be safely reused without loss of
storage capacity or leakage of data
Social Engineering
Is the art of manipulating people so they give
up confidential information
GOAL OF SECURITY
CONFIDENTIALITY
Is the protection of information
from unauthorized access.
Ensure that only authorized people
are allowed to access the information.
INTERGITY
Is the condition where information is kept
accurate and consistent unless authorized
changes are made.
Is maintain when the information remains
unchanged during storage, transmission.
AVAILABILTY
The Situation where informaation is
available when and where it is rightly
needed.
Is maintained when all component of the
information system are working properly.
TYPE OF SECURITY THREATS
UNSTRUCTURED THREATS
Consist of inexperienced individuals
using hacking tools
For example, in an external company
Website is hacked, the integrity of
the company is damage.
STRUCTURED THREATS
Consist of expert individuals that know
system vulnerabilities and can understand
and develop exploit code and scripts
They understand, develop and use sophisticated hacking technique to penetrate unsuspecting businesses.
These group always involved with the major fraud and theft cases reported to law enforcement agencies.
EXTERNAL THREATS
External threats come from individuals or
organization who works outside of a company.
These people does not have any authorize access
to the company system or network.
INTERNAL THREATS
Internal threats occur when someone has authorized
access to the network with either an account on a server or physical access to the network.
Hacking Tools
Shell Scripts
Password cracker
Beware of
Virus
Worm
Trojan Horse
Examples
Disgruntled employee
An opportunistic employee
Past employee
DEFINITION
Commonly knows as malware
is any software that brings harm
to a computer system.
Difference Between Virus,
Worm & Trojan Horse
Virus
A computer virus attaches itself it
travels to a program or file enabling
it to spread from one computer to
another, leaving infection.
Worms
A computer worm it a self-contained
program (or set programs) that is able
to spread functional copies of itself or
segments to other computer system
(usually via network connections)
Trojan Horse
A Trojan is software that appears to
perform a desirable function for the user
prior to run or install, but steals
information or harms the system.