handout2 Flashcards
Mirai
malware that infects smart devices and turn them into remotely controlled bots, it is known as botnets and used to launch DDOS attacks
Stuxnet
Computer worm originally aimed at Iran nuclear facilities, it targeted PLCs (Programmable logic controllers ) and it was capable of crippling hardware
What is internet
Networks of networks
Network
Collection of interconnected devices
Securing the network infrastructure is having
CIA
1- Confidentiality
2- Integrity
3- Availability
Security
State of well being of information and infrastructure in which the possibility of successful yet undetected theft, distortion, or tampering of information is kept low or tolerable
Information Security
Operations that protect information and information systems
Five layers that we must protect
First layer (physical) Second layer (link) Third layer (network) Fourth layer (Transport) Fifth layer (application)
The layers are from botttom to top
PLNTA
physical > Link >Network > Transport > application
Asset
Resource that we need to protect
Threat
Potential violation of security
Vulnerabilitty
Weakness in the security
Risk
Potential damage or misuse of an asset
Attack
action that violates security
Authenticity/Authentication
Sender/receiver wants to confirm identity of each other
Authorization
Confirming what a user or entity is allowed to do
Confidentiality
Concealment of information or resources
Only sender and intended receiver should understand message content
Integrity
preventing unauthorized changes-trustworthiness of data
Non repudiation
When a message is received, the receiver can prove that the sender sent the message
When a message is sent , the sender can prove that the receiver received the message
Access control
Refers to what entities can use specific information or resources
Availability
Services must be available to entities
Interception
Unauthorized access to information
Fabrication
Unauthorized assumption of others identity
Availability attacks
Destroy hardware or software
or Modify software
Passive attacks
Learn or make use of information of the system without affecting system resources
Active attacks
Attempts to alter system resources or affect their operation
Example attacks on the internet ISP
Propagating false routing entries Domain name hijacking link flooding configuration change Packet interception