IA 2 - UNIT 4 Flashcards
Focuses in protecting computers, networks, program and data from unintended or authorized access, change or destruction.
Cybersecurity
is the environment in which communication over computer networks occurs
Cyberspace
3 Features of Security
- confidentiality
- integrity
- availability
is a crime that involves computer, the network that may been used in the commission of a crime or it may be the target
Cybercrime
It includes cybersquatting, cybersex, child pornography, identity theft, illegal access to data and libel..
CybercrimePrevention Act of 2012,
officially recorded as Republic Act No. 10175
Types of Malwares
- trojan
- virus
- worm
- spyware
- ransomare
- adware
- rootkit
- keylogger
- remote access
SECURITY TOOLS
- Network Security Monitoring
- Encryption
- Web Vulnerability Scanning
- Penetration Testing
- Packet Sniffers And Password Auditing
identifying intrusions and detecting threats from both outside and within the organization.
Network Security Monitoring
process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot
Encryption
- software program which performs automatic black box testing on a web application and identifies security vulnerabilities.
- Scanners do not access the source code, they only perform functional testing and try to find security vulnerabilities.
Web Vulnerability Scanning
- also called pen testing or ethical hacking,
- is the practice of testing a computer system, network or web application to find security vulnerabilities that an attacker could exploit.
- So it can be automated with software applications or performed manually.
Penetration Testing
7 Best Cyber Security Penetration Testing Tools
- metasploit
- nmap
- wireshark
- aircrack-ng
- John the Ripper
- Nessus
- Burpsuite
- It is a small program that listens to all traffic in the attached network(s), builds data streams out of TCP/IP packets,
- and extracts user names and passwords from those streams that contain protocols that send clear text passwords.
Packet Sniffers And Password Auditing
Security Devices
- Video Management Platforms
- Video Surveillance
- Video Recording Devices
- Intrusion detection system (IDS)
- Intrusion prevention systems (IPS)
- Access Control Devices
- Firewalls
- Unified Threat Management
- Antivirus
surveillance systemcapable of capturing images andvideosthat can be compressed, stored or sent over communication networks
Video Surveillance
Records and stores recorded footages
Video Recording Devices
- a device or software application that monitors a network for malicious activity or policy violations.
- Any malicious activity or violation is typically reported or collected centrally using a security information and event management system
Intrusion
detection system (IDS)
- a network security device that can not only detect intruders, but also prevent them from successfully launching any known attack.
- combine the abilities of firewalls and intrusion detection systems.
Intrusion prevention systems
- They prevent access to sensitive resources.
- For high protection of properties and resources, possession of well-designed and technically sound access control devices has become a trend
Access Control Devices
- It is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
- have been a first line of defense in network security for over 25 years.
Firewalls
- It is a category of security appliances which integrates a range of security features into a single appliance.
- appliances combine firewall, gateway anti-virus, and intrusion detection and prevention capabilities into a single platform.
Unified Threat Management
Also known as anti-malware, it is a computer program used to prevent, detect and remove malware
Antivirus
In securing one’s systems,
actions must be taken in three
areas
- prevention
- detection
- response
involves those actions taken to discover failures in prevention (realizing that 100% prevention is never possible);
detection
involves all those actions one must take to attempt to prevent unauthorized access to a system
PREVENTION
is generally considered to include recovery measures, but might also include efforts to uncover what has been done to the system in the attack and how it was done
Response
Types of Intrusion
- PHYSICAL INTRUSION
- TARGET INTRUSION
- RANDOM INTRUSION
occurs when an intruder has physical access to a machine
PHYSICAL INTRUSION
occurs on a particular system (or host machine) and can be initiated by an authorized user with an account, an unauthorized user masquerading as an authorized user (e.g., with a stolen password)
TARGET INTRUSION
a system is attacked simply due to the fact that a door was left open for access into the system and that door was discovered by happenstance over the network when intruders were looking for access into randomly selected potential systems
RANDOM INTRUSION
- works in a similar way, baiting a trap for hackers.
- It’s a sacrificial computer system that’s intended to attract cyberattacks, like a decoy.
- It mimics a target for hackers, and uses their intrusion attempts to gain information about cybercriminals and the way they are operating or to distract them from other targets
HONEYPOT
- technique that hackers use to entice victims into risky circumstances.
- Although it can take many forms, they usually entail developing a false identity or online presence to win over an unsuspecting victim
HONEY TRAP
is a centralized collection of honeypots and
analysis tools
HONEY FARM
DIFFERENT TYPES OF HONEYPOT AND
HOW THEY WORK
- spam trap
- decoy database
- malware honeypot
- spider honeypot
place a fake email address in a hidden location where only an automated address harvester will be able to find it
spam trap
can be set up to monitor software vulnerabilities and spot attacks exploiting insecure system architecture or using SQL injection, SQL services exploitation, or privilege abuse
DECOY DATABASE
- is intended to trap webcrawlers (‘spiders’) by creating web pages and links only accessible to crawlers.
- Detecting crawlers can help you learn how to block malicious bots, as well as ad-network crawlers.
SPIDER
HONEYPOT
a single service or computer on a network,
that is configured to act as a decoy, attracting and
trapping would-be attackers
honeypot
- collection of high-interaction honeypots designed to capture extensive information on threats.
- It is a combination of several honeypots to represent a
network subnet
HONEYNET
provide real operating systems and services with real content with which attacker can interact.
high-interaction
honeypots
is one that uses emulated services and signatures to respond to an attacker’s probes.
low-interaction
honeypot
LEGAL RISK OF DEPLOYMENT
- Entrapment
- Wiretapping
- The Patriotic Act
- Pen Trap Act
- is defined as enticing the other party to commit an act that he/she was not already predisposed to do.
- the action of tricking someone into committing a crime in order to secure their prosecution
- his style of investigation constitutes entrapment
ENTRAPMENT
was enacted to limit the ability for any individual to intercept communications
The Wiretap Act
allows the government to monitor electronic
communication when in conjunction with an ongoing
investigation
THE PATRIOT ACT
This statute prohibits the capture of non-content related
data like the information contained in the IP-packet
headers
PEN TRAP ACT
TWO ISSUES THAT MUST BE ADDRESSED WHEN
DEVELOPING AND DEPLOYING A HONEY NET
- data control
- data capture
- is crucially important to the implementation of a honey net.
- The key to protecting the rest of your network is to provide a mechanism for catching and mitigating all outbound packets.
Data control
- The honey net won’t help you if you don’t record the data and set alerts.
- The data can also be utilized for forensic investigation to understand more about the attack in addition to capturing traffic for event notification
Data Capture
The word steganography is derived from
the Greek words
steganos (meaning hidden or covered) and the Greek root graph
(meaning to write)
The term was first used in the 14th
century by the German mathematician —— as the title
for his book ——-
Johannes Trithemius (1606)
Steganographia
- approach allows the last bit in a byte to be altered.
- While one might think that this would significantly alter the colors in an image file, it does not.
- In fact, the change is indiscernible to the human eye.
least significant bit
(LSB)
- is hiding and protecting the content of information
- messages can be transported by themselves
cryptography
- hides the presence of information itself
- to hide information, the secret content has to be hidden in a cover message
- refers to the technique of hiding secret messages into media such as text, audio, image and video without any suspicion
steganography
is the art and
science of detection of the
presence of steganography
steganalysis
the scientific bridge between law and computer science that
allows digital evidence to be collected in a legally sound manner
COMPUTER FORENSICS
- a branch of forensic science that focuses on identifying, acquiring, processing, analysing, and reporting on data stored electronically
- dependent on the integrity, dependability, and admissibility of digital evidence in judicial proceedings
- process of locating, safeguarding, analyzing, and documenting digital evidence
DIGITAL
FORENSIC
digital forensic investigation process
- identification
- documentation
- preservation
- analysis
- presentation
digital forensic investigation process - identification
identify purpose of investigation & resource required
digital forensic investigation process - documentation
document the crime scene with the help of photographic sketches
digital forensic investigation process - preservation
isolate from network, secure and preserve the device
digital forensic investigation process - analysis
identify tools and techniques to use and interpret the analysis results
digital forensic investigation process - presentation
report the findings in a legally acceptable manner
PREREQUISITES OF A
COMPUTER
FORENSIC EXAMINER
- forensic skills
- forensic techniques and tools
- media and file system forensics
The foremost common forensic
skill is
scientific method in which it ensures that the examiner is merely a finder of facts.
the expert must by supported by forensically sound skills, tools, and methods.
FORENSIC TECHNIQUES AND TOOLS
Successful forensic analysis requires a thorough
knowledge of file types and digital media
used to store data and the file structures
used on those devices
MEDIA AND FILE SYSTEM FORENSICS
types of digital forensics
- media forensics
- network forensics
- wireless forensics
- database forensics
- software forensics
- email forensics
- memory forensics
- mobile phone forensics
