×
Log in to StudySoup
Get Full Access to UNF - CHEM 1120 - Class Notes - Week 3
Join StudySoup for FREE
Get Full Access to UNF - CHEM 1120 - Class Notes - Week 3

Already have an account? Login here
×
Reset your password

UNF / Chemistry / CHEM 1120 / what information security position reports to the ciso and supervises

what information security position reports to the ciso and supervises

what information security position reports to the ciso and supervises

Description

School: University of North Florida
Department: Chemistry
Course: Fundamental of Information Security
Term: Summer 2017
Tags: Security
Cost: 25
Name: Chapter 1-2
Description: Notes from the first chapters, regarding cyber attacks and information security.
Uploaded: 06/30/2017
32 Pages 133 Views 0 Unlocks
Reviews



Highlight (yellow) - What Is Information Security?




Highlight (orange) - What Is Information Security?




Highlight (pink) - What Is Information Security?



Notebook for CompTIA Security+ Guide to Network  Security Fundamentals  Ciampa, Mark  Chapter 1: Introduction to Security Highlight (orange) - Page 3 need to defend against these attacks directed toward our technology  devices has created an element of IT that is now at the very core of the  industry. Known as infIf you want to learn more check out utd rhet 1302
We also discuss several other topics like sls 1101
We also discuss several other topics like chqrle
Don't forget about the age old question of eng3101
Don't forget about the age old question of the hydrologic cycle includes all of the following processes except
We also discuss several other topics like What is the degree to which a single event is similar to its parent population?
ormation security, Highlight (orange) - Page 3 focused on protecting the electronic information of organizations and  users. Highlight (yellow) - Page 3 Two broad categories of information security personnel are responsible  for this protection. Highlight (yellow) - Page 3 Information security managerial personnel administer and manage plans,  policies, and people. Information security technical personnel are  concerned with designing, configuring, installing, and maintaining  technical security equipment. Highlight (pink) - Page 3 Chief information security officer (CISO). This person reports directly to  the chief information officer (CIO) (large organizations may have more  layers of management between this person and the CIO). This person is  responsible for assessing, managing, and implementing security. Highlight (orange) - Page 3 Security manager. The security manager reports to the CISO and  supervises technicians, administrators, and security staff. Typically, a  security manager works on tasks identified by the CISO and resolves  issues identified by technicians.Highlight (yellow) - Page 4 Security administrator. The security administrator has both technical  knowledge and managerial skills. A security administrator manages daily  operations of security technology, and may analyze and design security  solutions within a specific entity as well as identifying users’ needs. Highlight (pink) - Page 4 Security technician. This position is generally an entry-level position for a  person who has the necessary technical skills. Technicians provide  technical support to configure security hardware, implement security  software, and diagnose and troubleshoot problems. Highlight (pink) - Page 4 verify security competency, a vast majority of organizations use the  Computing Technology Industry Association (CompTIA) Security+  certification. Highlight (orange) - Page 4 CompTIA Security+ certification is a vendor-neutral credential that  requires passing the current certification exam SY0-401. Highlight (pink) - Challenges of Securing Information > Page 5 silver bullet is a specific and fail-safe solution that very quickly and easily  solves a serious problem. Highlight (orange) - Challenges of Securing Information > Page 5 casual observer it may seem that there should be such a silver bullet for  securing computers, such as installing a better hardware device or using a  more secure software application. Highlight (pink) - Challenges of Securing Information > Page 5 Attackers penetrated the network of a credit card processing company  that handles prepaid debit cards. Highlight (orange) - Challenges of Securing Information > Page 5 manipulated the balances and limits on just five prepaid cards. These  cards were then distributed to “cell managers” in different countries who  were responsible Highlight (pink) - Challenges of Securing Information > Page 5 The parents discovered that the voice was coming from the electronic  baby monitor in Allyson’s room that contained a camera, microphone, and  speaker connected to their home Wi-Fi network.Highlight (orange) - Challenges of Securing Information > Page 6 Twitter account of the Associated Press (AP) was broken into and a  fictitious tweet was posted claiming there were “two explosions in the  White House and [the U.S. President] is injured.” Highlight (pink) - Challenges of Securing Information > Page 6 Malware called Ploutus that infects a bank’s ATM demonstrates how  vulnerable these cash-dispensing machines can be. Highlight (orange) - Challenges of Securing Information > Page 6 serial server is a device that connects to a remote system through the  Internet (technically it provides remote access to serial ports over TCP/IP)  so that Highlight (orange) - Challenges of Securing Information > Page 6 remote systems that use serial servers include not only traffic stoplight  systems but also a wide variety of industrial control applications, point of  sale (POS) terminals in retail stores, energy management devices, fueling  stations, hospital medical device monitors, and oil and gas monitoring  stations. Highlight (pink) - Challenges of Securing Information > Page 6 Indonesia has now overtaken China as the number one source of attack  traffic. About 38 percent of all attacks now come from Indonesia. China Highlight (pink) - Challenges of Securing Information > Page 6 These three countries, combined with seven others, now account for 89  percent of all attack traffic. The Highlight (pink) - Challenges of Securing Information > Page 6 security researcher demonstrated how easy it would be to manipulate any  aircraft in the sky. This is because the computers that control today’s  airplanes are not protected from attacks. Highlight (pink) - Challenges of Securing Information > Page 7 Researchers have found similar weaknesses in the systems used by  ocean vessels. Ships share information about their current position and  course with other ships in the area as well as with offshore installations  like harbors, and this information can be tracked via the Internet. Highlight (pink) - Challenges of Securing Information > Page 7Web browsers typically send User Agent Strings to a web server that  identify such items as the browser type and the underlying operating  system so that the web server can respond appropriately Highlight (orange) - Challenges of Securing Information > Page 7 Attackers can use a web browser to send the User Agent String  “xmlset_roodkcableoj28840ybtide” to specific wireless routers in order to  access the router’s settings through a “backdoor” and bypass all security. Highlight (pink) - Challenges of Securing Information > Page 7 Online sites like Craigslist and eBay are very popular for buyers and  sellers of items from electronics to automobiles. Highlight (pink) - Challenges of Securing Information > Page 7 A computer cluster for cracking passwords was configured that comprised  five servers and 25 graphics cards that can generate 350 billion password  guesses (candidates) per second. Highlight (pink) - Challenges of Securing Information > Page 7 Apple has admitted that Mac computers on its own campus became  infected. Apple employees visited an infected website for software  developers and their computers then became infected. Highlight (orange) - Challenges of Securing Information > Page 8 number of security breaches that have exposed users’ digital data to  attackers continues to rise. Highlight (yellow) - Challenges of Securing Information > Page 8 2005 through early 2014 over 666 million electronic data records in the  U.S. Highlight (orange) - Challenges of Securing Information > Page 8 been breached, exposing to attackers a range of personal electronic data,  such as address, Social Security numbers, health records, and credit card  numbers.15 Highlight (pink) - Challenges of Securing Information > Page 8 University of Washington Medicine, WA An employee opened an email  attachment containing malicious software that infected the employee’s  computer and compromised the information on it. Patient names, Social  Security numbers, phone numbers, addresses, and medical record  numbers dating back five years may have been affected. 90,000Highlight (yellow) - Challenges of Securing Information > Page 8 Maricopa County Community College District, AZ An unspecified data  breach may have exposed the information of current and former students,  employees, and vendors. Names, Social Security numbers, bank account  information, and dates of birth, as well as student academic information,  may have been viewed by unauthorized parties. 2.49 million Highlight (pink) - Challenges of Securing Information > Page 8 University of California, San Francisco, CA The theft of a physician’s  laptop from a car may have resulted in the exposure of patient  information, including patient names, Social Security numbers, dates of  birth, and medical record numbers. 8294 Highlight (orange) - Challenges of Securing Information > Page 8 Redwood Memorial Hospital, CA A USB flash drive was discovered  missing that contained patient names, report ID numbers, test indications,  ages, heights, weights, and clinical summaries of test findings for patients  who were seen over a period of 12 years. 1039 Highlight (yellow) - Challenges of Securing Information > Page 8 Anthem Blue Cross, CA The Social Security numbers and tax  identification numbers of California doctors were posted in the online  provider directory. 24,500 Highlight (pink) - Challenges of Securing Information > Page 8 New York City Police Department, NY A former police detective pleaded  guilty to paying attackers to steal passwords associated with the email  accounts of other officers. At least 43 email accounts and one cellular  phone account were hacked. 30 Highlight (orange) - Challenges of Securing Information > Page 8 Adobe Systems, San Jose, CA The email addresses, encrypted  passwords and password hints from Adobe Systems customers were  stolen from a backup system about to be decommissioned. 152 million Highlight (yellow) - Challenges of Securing Information > Page 8 Target Corporation, Minneapolis, MN The credit and debit card numbers,  expiration dates, and 3-digit CVV (“Card Verification Value”) numbers of  customers who made purchases during a 3-week period were stolen. 110  million Highlight (yellow) - Challenges of Securing Information > Page 9 Universally connected devices. ItHighlight (yellow) - Challenges of Securing Information > Page 9 also makes it easy for an attacker halfway around world to silently launch  an attack against a connected device. Highlight (orange) - Challenges of Securing Information > Page 9 Increased speed of attacks. With Highlight (orange) - Challenges of Securing Information > Page 9 modern tools at their disposal, attackers can quickly scan millions of  devices to find weaknesses and launch attacks with unprecedented  speed. Most attack tools initiate new attacks without any human  participation, Highlight (orange) - Challenges of Securing Information > Page 9 Greater sophistication of attacks. Attacks are becoming more complex,  making it more difficult to detect and defend against them. Highlight (pink) - Challenges of Securing Information > Page 9 Availability and simplicity of attack tools. Whereas in the past an attacker  needed to have an extensive technical knowledge of networks and  computers as well as the ability to write a program to generate the attack,  that is no longer the case. Highlight (orange) - Challenges of Securing Information > Page 10 Faster detection of vulnerabilities. Weakness in hardware and software  can be more quickly uncovered and exploited with new software tools and  techniques. Highlight (pink) - Challenges of Securing Information > Page 10 Delays in security updating. Hardware and software vendors are  overwhelmed trying to keep pace with updating their products against  attacks. Highlight (pink) - Challenges of Securing Information > Page 10 Weak security update distribution. While vendors of mainstream products,  such as Microsoft, Apple, and Adobe, have a system for notifying users of  security updates for many of their products and distributing them on a  regular basis, Highlight (pink) - Challenges of Securing Information > Page 10 Distributed attacks. Attackers can use hundreds of thousands of  computers under their control in an attack against a single server or  network. ThisHighlight (pink) - Challenges of Securing Information > Page 10 network (called BYOD or bring your own device). This trend of allowing  employees to use their own personal devices to connect to the corporate  network has made it difficult for IT departments to provide adequate  security for an almost endless array of devices that they do not own. Highlight (orange) - Challenges of Securing Information > Page 10 User confusion. Increasingly, users are called upon to make difficult  security decisions regarding their computer systems, sometimes with little  or no information to guide them. Highlight (pink) - What Is Information Security? > Page 11 security is defined as the state of being free from danger, while at other  times security is said to be the protection of property. Highlight (orange) - What Is Information Security? > Page 11 another interpretation of security is the degree of resistance from harm. Highlight (yellow) - What Is Information Security? > Page 11 difference in these definitions actually hinges upon whether the focus is  on the process (how to achieve security) or the goal (what it means to  have security). Highlight (pink) - What Is Information Security? > Page 11 Universally connected devices Attackers from anywhere in the world can  send attacks. Highlight (pink) - What Is Information Security? > Page 11 Increased speed of attacks Attackers can launch attacks against millions  of computers within minutes. Greater sophistication of attacks Attack tools  vary their behavior so the same attack appears differently each time. Highlight (yellow) - What Is Information Security? > Page 11 Availability and simplicity of attack tools Attacks are no longer limited to  highly skilled attackers. Highlight (yellow) - What Is Information Security? > Page 11 Faster detection of vulnerabilities Attackers can discover security holes in  hardware or software more quickly. Highlight (orange) - What Is Information Security? > Page 11 Delays security updating Vendors are overwhelmed trying to keep pace  updating their products against the latest attacks.Highlight (orange) - What Is Information Security? > Page 11 Weak security update distribution Many software products lack a means  to distribute security updates in a timely fashion. Highlight (pink) - What Is Information Security? > Page 11 Distributed attacks Attackers use thousands of computers in an attack  against a single computer or network. Highlight (pink) - What Is Information Security? > Page 11 Introduction of BYOD Organizations are having difficulty providing security  for a wide array of personal devices. Highlight (orange) - What Is Information Security? > Page 11 User confusion Users are required to make difficult security decisions with  little or no instruction. Highlight (orange) - What Is Information Security? > Page 12 security may be defined as the necessary steps to protect a person or  property from harm. Highlight (yellow) - What Is Information Security? > Page 12 harm may come from one of two sources: either from a direct action that  is intended to inflict damage or from an indirect and unintentional action. Highlight (yellow) - What Is Information Security? > Page 12 Security usually includes both preventive measures and rapid response. Highlight (yellow) - What Is Information Security? > Page 12 security is increased, convenience is often decreased. That is, the more  secure something is, the less convenient it may become to use (security is  said to be “inversely proportional” to convenience). Highlight (orange) - What Is Information Security? > Page 12 security may be understood as sacrificing convenience for safety. Another  way to think of security is giving up short-term comfort for long-term  protection. Highlight (orange) - What Is Information Security? > Page 13 information security is frequently used to describe the tasks of securing  information that is in a digital format. This Highlight (yellow) - What Is Information Security? > Page 13digital information is manipulated by a microprocessor (such as on a  personal computer), stored on a storage device (like a hard drive or USB  flash drive), and transmitted over a network (such as a local area network  or the Internet). Highlight (orange) - What Is Information Security? > Page 13 Information security cannot completely prevent successful attacks or  guarantee that a system is totally secure, Highlight (orange) - What Is Information Security? > Page 13 protect information that provides value to people and organizations. Highlight (orange) - What Is Information Security? > Page 13 Confidentiality ensures that only authorized parties can view the  information. Providing confidentiality can involve several different security  tools, ranging from software to “scramble” the credit Highlight (orange) - What Is Information Security? > Page 13 Integrity ensures that the information is correct and no unauthorized  person or malicious software has altered the data. Highlight (orange) - What Is Information Security? > Page 13 Availability ensures that data is accessible to authorized users. This  means that the information cannot be “locked up” so tight that no one can  access it. Highlight (orange) - What Is Information Security? > Page 14 Authentication ensures that the individual is who she claims to be (the  authentic or genuine person) and not an imposter. Highlight (orange) - What Is Information Security? > Page 14 Authorization is providing permission or approval to specific technology  resources. Highlight (orange) - What Is Information Security? > Page 14 Accounting provides tracking of events. This may include a record of who  accessed the web server, from what location, and at what specific time. Highlight (yellow) - What Is Information Security? > Page 14 third objective of information security is to protect the integrity,  confidentiality, and availability of information on the devices that store,  manipulate, and transmit the information.Highlight (yellow) - What Is Information Security? > Page 14 Information security is achieved through a process that is a combination of  three entities. Highlight (orange) - What Is Information Security? > Page 14 protected in three layers: products, people, and policies and procedures.  These Highlight (yellow) - What Is Information Security? > Page 14 layers interact with each other: procedures enable people to understand  how to use products to protect information. Highlight (yellow) - What Is Information Security? > Page 14 as that which protects the integrity, confidentiality, and availability of  information on the devices that store, manipulate, and transmit the  information through products, people, and procedures. Highlight (yellow) - What Is Information Security? > Page 14 an asset, which is defined as an item that has value. Highlight (orange) - What Is Information Security? > Page 15 a threat, which is a type of action that has the potential to cause harm. Highlight (yellow) - What Is Information Security? > Page 15 Information security threats are events or actions that represent a danger  to information assets. Highlight (pink) - What Is Information Security? > Page 15 threat by itself does not mean that security has been compromised;  rather, it simply means that the potential for creating a loss is real. Highlight (pink) - What Is Information Security? > Page 15 Products Form the security around the data. May be as basic as door  locks or as complicated as network security equipment. Highlight (yellow) - What Is Information Security? > Page 15 People Those who implement and properly use security products to  protect data. Highlight (yellow) - What Is Information Security? > Page 15 Policies and procedures Plans and policies established by an organization  to ensure that people correctly use the products.Highlight (orange) - What Is Information Security? > Page 16 threat agent is a person or element that has the power to carry out a  threat. For Highlight (orange) - What Is Information Security? > Page 17 a vulnerability, which is a flaw or weakness that allows a threat agent to  bypass security. An Highlight (orange) - What Is Information Security? > Page 17 through a threat vector, or the means by which an attack can occur. Highlight (yellow) - What Is Information Security? > Page 17 what is the probability (threat likelihood) that the threat will Highlight (orange) - What Is Information Security? > Page 17 risk is a situation that involves exposure to some type of danger. Highlight (orange) - What Is Information Security? > Page 17 Risk avoidance involves identifying the risk but making the decision to not  engage in the activity. Highlight (pink) - What Is Information Security? > Page 17 Acceptance simply means that the risk is acknowledged but no steps are  taken to address it. Highlight (orange) - What Is Information Security? > Page 17 Risk mitigation is the attempt to address the risks by making risk less  serious. Highlight (orange) - What Is Information Security? > Page 17 be an example of risk deterrence. Risk deterrence involves understanding  something about the attacker and then informing him of the harm that may  come his way if he attacks an asset. Highlight (orange) - What Is Information Security? > Page 17 purchasing insurance so that the insurance company absorbs the loss  and pays if the scooter is stolen. This is known as risk transference. Highlight (orange) - What Is Information Security? > Page 18 preventing data from being stolen is often cited by organizations as a  primary objective of their information security. Highlight (orange) - What Is Information Security? > Page 18Identity theft involves stealing another person’s personal information, such  as a Social Security number, and then using the information to  impersonate the victim, generally for financial gain. Highlight (yellow) - What Is Information Security? > Page 19 Health Insurance Portability and Accountability Act (HIPAA), health care  enterprises must guard protected health care information and implement  policies and procedures to safeguard it, whether it be in paper or  electronic format. Highlight (pink) - What Is Information Security? > Page 19 Sarbanes-Oxley Act (Sarbox) is an attempt to fight corporate corruption.  Sarbox covers the corporate officers, auditors, and attorneys of publicly  traded companies. Highlight (orange) - What Is Information Security? > Page 19 the Gramm-Leach-Bliley Act (GLBA) passed in 1999 protects private data.  GLBA requires banks and financial institutions to alert customers of their  policies and practices in disclosing customer information. Highlight (yellow) - What Is Information Security? > Page 19 Payment Card Industry Data Security Standard (PCI DSS) is a set of  security standards that all companies that process, store, or transmit  credit card information must follow. Highlight (orange) - What Is Information Security? > Page 19 California’s Database Security Breach Notification Act was the first state  electronic privacy Highlight (yellow) - What Is Information Security? > Page 19 law that covers Highlight (yellow) - What Is Information Security? > Page 20 any state agency, person, or company that does business in California. Highlight (orange) - What Is Information Security? > Page 20 to inform California residents within 48 hours if a breach of personal  information has or is believed to have occurred. Highlight (yellow) - What Is Information Security? > Page 20 defines cyberterrorism as any “premeditated, politically motivated attack  against information, computer systems, computer programs, and data which results in violence against noncombatant targets by subnational  groups or clandestine agents.”20 Highlight (orange) - Who Are the Attackers? > Page 21 term hacker referred to a person who used advanced computer skills to  attack computers. Highlight (yellow) - Who Are the Attackers? > Page 21 Black hat hackers were those attackers who violated computer security for  personal gain Highlight (yellow) - Who Are the Attackers? > Page 21 or to inflict malicious damage Highlight (orange) - Who Are the Attackers? > Page 21 White hat hackers were described as “ethical attackers”: with an  organization’s permission they would attempt to probe a system for any  weaknesses and then privately provide information back to that  organization about any uncovered vulnerabilities. Highlight (yellow) - Who Are the Attackers? > Page 21 gray hat hackers who would attempt to break into a computer system  without the organization’s permission (an illegal activity) but not for their  own advantage; instead, they would publically disclose the vulnerability in  order to shame the organization into taking action. Highlight (orange) - Who Are the Attackers? > Page 21 cybercriminals is often used to describe individuals who launch attacks  against other users and their computers (another generic word is simply  attackers). Highlight (yellow) - Who Are the Attackers? > Page 21 cybercriminals are a loose network of attackers, identity thieves, and  financial fraudsters who are highly motivated, less risk-averse, well funded, and tenacious. Highlight (orange) - Who Are the Attackers? > Page 21 cybercriminals exploit vulnerabilities to steal information or launch attacks  that can generate income. Highlight (yellow) - Who Are the Attackers? > Page 21 targeted attacks against financial networks and the theft of personal  information are sometimes known as cybercrime.Highlight (yellow) - Who Are the Attackers? > Page 21 Cybercriminals steal and use stolen data, credit card numbers, online  financial account information, or Social Security numbers to profit from its  victims or send Highlight (yellow) - Who Are the Attackers? > Page 22 Cybercriminals attempt to steal research on a new product from a  business so that they can sell it to an unscrupulous foreign supplier who  will then build an imitation model of the product to sell worldwide. Highlight (orange) - Who Are the Attackers? > Page 22 attacks by these well-resourced and trained cybercriminals often result in  multiyear intrusion campaigns targeting highly sensitive economic,  proprietary, or national security information. Highlight (yellow) - Who Are the Attackers? > Page 22 new class of attacks called Advanced Persistent Threat (APT).  Cybercriminals are successful with APTs because they use advanced  tools and techniques Highlight (orange) - Who Are the Attackers? > Page 22 Script kiddies are individuals who want to attack computers yet they lack  the knowledge of computers and networks needed to do so. Highlight (orange) - Who Are the Attackers? > Page 23 script kiddies can acquire entire exploit kits from other attackers to easily  craft an attack. Highlight (orange) - Who Are the Attackers? > Page 23 as brokers, these attackers sell their knowledge of a vulnerability to other  attackers or even governments. Highlight (orange) - Who Are the Attackers? > Page 23 serious threat to an organization actually comes from an unlikely source:  its employees, contractors, and business partners, often called insiders. Highlight (orange) - Who Are the Attackers? > Page 23 malicious insider attacks consist of the sabotage or theft of intellectual  property. Highlight (yellow) - Who Are the Attackers? > Page 24 cyberterrorists, their motivation is ideological, attacking for the sake of  their principles or beliefs. CyberterroristsHighlight (yellow) - Who Are the Attackers? > Page 24 Another group motivated by ideology is hactivists. Unlike Highlight (yellow) - Who Are the Attackers? > Page 24 Instead of using an army to march across the battlefield to strike an  adversary, governments are using state-sponsored attackers for  launching computer attacks against their foes. Highlight (orange) - Who Are the Attackers? > Page 24 malware known as Flame appears to target computers in Middle Eastern  countries. Highlight (yellow) - Attacks and Defenses > Page 25 most infamous government-backed malware to date was called Stuxnet.  This malware actively targeted Windows computers that managed large scale Highlight (yellow) - Attacks and Defenses > Page 25 industrial-control systems used at military installations, oil pipeline control  systems, manufacturing environments, and nuclear power plants. Highlight (yellow) - Attacks and Defenses > Page 25 estimated that more than 300,000 Iranian citizens were having their email  messages read without their knowledge by the Iranian government  seeking to locate and crack down on dissidents. Highlight (orange) - Attacks and Defenses > Page 26 A kill chain is a military term used to describe the systematic process to  target and engage an enemy. Highlight (orange) - Attacks and Defenses > Page 26 the Cyber Kill Chain® it outlines these steps of an Highlight (orange) - Attacks and Defenses > Page 26 Reconnaissance. The first step in an attack is to probe for any information  about the system: the type of hardware used, version of operating system  software, and even personal information about the users. Highlight (orange) - Attacks and Defenses > Page 26 Weaponization. The attacker creates an exploit (like a virus) and  packages it into a deliverable payload (like a Microsoft Excel spreadsheet)  that can be used against theHighlight (yellow) - Attacks and Defenses > Page 26 Delivery. At this step the weapon is transmitted to the target, such as by  an email attachment or through an infected web server. Highlight (pink) - Attacks and Defenses > Page 26 Exploitation. After the weapon is delivered to the victim, the exploitation  stage triggers the intruders’ exploit. Generally Highlight (pink) - Attacks and Defenses > Page 26 Installation. At this step the weapon is installed to either attack the  computer or install a remote “backdoor” so the attacker can access the  system. Highlight (yellow) - Attacks and Defenses > Page 26 Command and Control. Many times the compromised system connects  back to the attacker so that the system can be remotely controlled by the  attacker and receive future instructions. Highlight (orange) - Attacks and Defenses > Page 26 Actions on Objectives. Now the attackers can start to take actions to  achieve their original objectives, such as stealing user passwords or  launching attacks against other computers. Highlight (yellow) - Attacks and Defenses > Page 27 Defenses Against Attacks Although multiple defenses may be necessary Highlight (yellow) - Attacks and Defenses > Page 27 these precious stones are protected by layers of security. If one layer is  penetrated—such as the thief getting into the building—several more  layers must still be breached, and each layer is often more difficult or  complicated than Highlight (yellow) - Attacks and Defenses > Page 28 information security must be created in layers. If only one defense  mechanism is in place, an attacker only has to circumvent that single  defense. Highlight (orange) - Attacks and Defenses > Page 28 Limiting access to information reduces the threat against it. This means  that only those personnel who must use the data should have access to it. Highlight (orange) - Attacks and Defenses > Page 28 The key is that access must be restricted to the bare minimum.Highlight (orange) - Attacks and Defenses > Page 28 Just as it is important to protect data with layers of security, the layers  also must be different (diverse). Highlight (orange) - Attacks and Defenses > Page 29 technique is sometimes called security by obscurity: obscuring to the  outside world what is on the inside makes attacks that much more difficult. Highlight (yellow) - Review Questions > Page 32 d. Highlight (yellow) - Review Questions > Page 32 d. Highlight (yellow) - Review Questions > Page 32 b. Highlight (yellow) - Review Questions > Page 33 a. Highlight (yellow) - Review Questions > Page 33 d. Highlight (yellow) - Review Questions > Page 33 a. Highlight (yellow) - Review Questions > Page 33 b. Highlight (yellow) - Review Questions > Page 33 a. Highlight (yellow) - Review Questions > Page 33 c. Highlight (yellow) - Review Questions > Page 33 a. Highlight (yellow) - Review Questions > Page 34 b. Highlight (yellow) - Review Questions > Page 34 d.Highlight (yellow) - Review Questions > Page 34 a. Highlight (yellow) - Review Questions > Page 34 d. Highlight (yellow) - Review Questions > Page 34 b. Highlight (yellow) - Review Questions > Page 34 c. Highlight (yellow) - Hands-On Projects > Page 35 c. Highlight (yellow) - Hands-On Projects > Page 35 b. Highlight (yellow) - Hands-On Projects > Page 35 c. Highlight (yellow) - Hands-On Projects > Page 35 d. Part I: Threats Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 51 Malware is software that enters a computer system without the user’s  knowledge or consent and then performs an unwanted and usually  harmful action. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 51 malware is most often used as a general term that refers to a wide variety  of damaging software programs. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 52 detect malware on an infected computer, a software scanning tool can  search for the malware,Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 52 Oligomorphic malware changes its internal code to one of a set number of  predefined mutations whenever it is executed. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 52 oligomorphic malware has only a limited number of mutations, it will  eventually change back into a previous version that may then be detected  by a scanner. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 52 Malware code that completely changes from its original form whenever it  is executed is known as polymorphic malware. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 52 malware containing “scrambled” code that, when the malware is activated,  is “unscrambled” before it is executed. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 52 Metamorphic malware can actually rewrite its own code and thus appears  different each time it is executed. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 52 Different types of malware have emerged over time as a result of security  defenses becoming more sophisticated and the corresponding attacks  becoming progressively more complex. Highlight (pink) - Chapter 2: Malware and Social Engineering Attacks  > Page 52 One method of classifying the various types of malware is by using the  primary trait that the malware possesses. These traits are circulation,  infection, concealment, and payload capabilities. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 52 Circulation. Some malware has as its primary trait spreading rapidly to  other systems in order to impact a large number of users.Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 52 by using the network to which all the devices are connected, through USB  flash drives that are shared among users, or by sending the malware as  an email attachment. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 52 Infection. Once the malware reaches a system through circulation, then it  must “infect” or embed itself into that system. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 52 Concealment. Some malware has as its primary trait avoiding detection by  concealing its presence from scanners. Polymorphic malware attempts Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 52 Payload capabilities. When payload capabilities are the primary focus of  malware, the focus is on what nefarious action(s) the malware performs.  Does Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 53 biological virus is an agent that reproduces inside a cell. When a cell is  infected by a virus, the virus takes over the operation of that cell,  converting it into a virtual factory to make more copies of it. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 53 computer virus (virus) is malicious computer code that, like its biological  counterpart, reproduces itself on the same computer. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 53 all viruses “infect” by inserting themselves into a computer file. A virus that  infects an executable program file is simply called a program virus. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 53 One of the most common data file viruses is a macro virus that is written  in a script known as a macro.Highlight (pink) - Chapter 2: Malware and Social Engineering Attacks  > Page 53 macro is a series of instructions that can be grouped together as a single  command. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 53 One basic type of infection is the appender infection. The virus first  attaches or appends itself to the end of the infected file. It then inserts at  the beginning of the file a “jump” instruction that points to the end of the  file, which is the beginning of the virus code. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 55 Most viruses today go to great lengths to avoid detection; this type of virus  is called an armored virus. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 55 Swiss cheese infection. Instead of having a single “jump” instruction to the  “plain” virus code, some armored viruses perform two actions to make  detection more difficult. Highlight (pink) - Chapter 2: Malware and Social Engineering Attacks  > Page 55 code into different pieces and inject these pieces throughout the infected  program code. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 55 Split infection. Instead of inserting pieces of the decryption engine  throughout the program code, some viruses split the malicious code itself  into several parts (along with one main body of code), and then these  parts are placed at random positions throughout the program code. Highlight (pink) - Chapter 2: Malware and Social Engineering Attacks  > Page 56 viruses today are much more harmful. Viruses have performed the  following actions: ● Caused a computer to crash repeatedly ● Erased files  from a hard drive ● Turned off the computer’s security settings ●  Reformatted the hard diskHighlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 56 A virus can only replicate itself on the host computer on which it is  located; it cannot automatically spread to another computer by itself. Highlight (pink) - Chapter 2: Malware and Social Engineering Attacks  > Page 57 worm is a malicious program that uses a computer network to replicate  (worms are sometimes called network viruses). Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 57 worm is designed to enter a computer through the network and then take  advantage of vulnerability in an application or an operating system on the  host computer. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 57 Early worms were relatively benign and designed simply to spread quickly  and not corrupt the systems they infected. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 57 worms slowed down the network through which they were transmitted by  replicating so quickly that they consumed all network resources. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 58 computer Trojan horse (or just Trojan) is an executable program that  masquerades as performing a benign activity but also does something  malicious. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 58 A rootkit is a set of software tools used to hide the actions or presence of  other types of software. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 58 Rootkits do this by changing the operating system to force it to ignore their  malicious files or activity.Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 58 Rootkits also hide or remove all traces of evidence that may reveal the  malware, such as log entries. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 59 approach used by rootkits is to alter or replace operating system files with  modified versions that are specifically designed to ignore malicious  evidence. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 59 a rootkit often substitutes its own files and routines in the operating  system with malicious copies, it can be very difficult to detect the  presence of a rootkit; Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 59 destructive power of malware is to be found in its payload capabilities. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 59 primary payload capabilities are to collect data, delete data, modify  system security settings, and launch attacks. Actual list of files Files  displayed to user Name Date modified Type Archive Figures Research  File folder File folder File folder File folder 8/12/2014 8:32 AM 6/16/2016  4:59 AM 11/3/2015 6:52 AM 1/6/2014 11:27 AM Name Date modified  Type Rootbit Files Archive Figures Research File folder File folder File  folder 8/12/2014 8:32 AM 11/3/2015 6:52 AM 1/6/2014 11:27 AM Figure  2-4 Computer infected with rootkit Part I Threats 59 Copyright 2015  Cengage Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 60 types of malware are designed to collect important data from the user’s  computer and make it available at the attacker. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 60 malware includes spyware, adware, and ransomware.Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 60 Spyware is a general term used to describe software that secretly spies  on users by collecting information without their consent. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 60 Anti-Spyware Coalition defines spyware as tracking software that is  deployed without adequate notice, consent, or control by the user.3 Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 60 nefarious spyware is a keylogger that silently captures and stores each  keystroke that a user types on the computer’s keyboard. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 60 keylogger can be a small hardware device or a software program. As a  hardware device, the keylogger is inserted between the computer  keyboard connection and USB port, as Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 61 Hardware keyloggers are often installed on public access computers,  such as those in a school’s open computer lab or a public library. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 61 Software keyloggers are programs installed on the computer that silently  capture sensitive information. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 61 Software keylogger programs act like rootkits and conceal themselves so  that they cannot be detected by the Highlight (pink) - Chapter 2: Malware and Social Engineering Attacks  > Page 61 Adware delivers advertising content in a manner that is unexpected and  unwanted by the user. Once Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 62Some adware goes beyond affecting the user’s computer experience. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 62 Ransomware prevents a user’s device from properly operating until a fee  is paid. One type of ransomware locks up a user’s computer and then  displays a message that purports to come from a law enforcement  agency. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 63 Ransomware malware is highly profitable. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 63 payload of other types of malware deletes data on the computer. This may  involve deleting important user data files, such as documents or photos,  or erasing vital Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 63 operating system files so that the computer will no longer properly  function. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 64 logic bomb is computer code that is typically added to a legitimate  program but lies dormant until it is triggered by a specific logical event. Highlight (pink) - Chapter 2: Malware and Social Engineering Attacks  > Page 64 Logic bombs are difficult to detect before they are triggered. This is  because logic bombs are often embedded in very large computer  programs, some containing tens of thousands of lines of code, and a  trusted employee can easily insert a few lines of computer code into a  long program without anyone detecting it. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 65 some types of malware attempts to modify the system’s security settings  so that more insidious attacks can be made.Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 65 backdoor gives access to a computer, program, or service that  circumvents any normal security protections. Highlight (pink) - Chapter 2: Malware and Social Engineering Attacks  > Page 65 Backdoors that are installed on a computer allow the attacker to return at  a later time and bypass security settings. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 65 viruses is software that will allow the infected computer to be placed under  the remote control of an attacker. Highlight (pink) - Chapter 2: Malware and Social Engineering Attacks  > Page 65 infected robot (bot) computer is known as a zombie. When hundreds,  thousands, or even hundreds of thousands of zombie computers Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 65 are gathered into a logical computer network, they create a botnet under  the control of the attacker (bot herder). Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 65 zombie computers wait for instructions through a command and control  (C&C or C2) structure from the bot herders regarding which computers to  attack and how. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 65 botnet C&C mechanism used today is the Hypertext Transport Protocol  (HTTP), which is the standard protocol for Internet usage. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 65 By using HTTP, botnet traffic may be more difficult to detect and block. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 66Spamming Botnets are widely recognized as the primary source of spam  email. A botnet consisting of thousands of zombies enables an attacker to  send massive amounts of spam. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 66 Spreading malware Botnets can be used to spread malware and create  new zombies and botnets. Zombies have the ability to download and  execute a file sent by the attacker. Highlight (pink) - Chapter 2: Malware and Social Engineering Attacks  > Page 66 Manipulating online polls Because each zombie has a unique Internet  Protocol (IP) address, each “vote” by a zombie will have the same  credibility as a vote cast by a real person. Online games can be  manipulated in a similar way. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 66 Denying services Botnets can flood a web server with thousands of  requests and overwhelm it to the point that it cannot respond to legitimate  requests. Highlight (pink) - Chapter 2: Malware and Social Engineering Attacks  > Page 67 Social engineering is a means of gathering information for an attack by  relying on the weaknesses of individuals. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 67 Social engineering attacks can involve psychological approaches as well  as physical procedures. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 67 social engineering attacks rely on psychology, which is the mental and  emotional approach rather than the physical. Highlight (pink) - Chapter 2: Malware and Social Engineering Attacks  > Page 67 social engineering relies on an attacker’s clever manipulation of human  nature in order to persuade the victim to provide information or take  actions. SeveralHighlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 68 Social engineering psychological approaches often involve impersonation,  phishing, spam, hoaxes, typo squatting, and watering hole attacks. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 68 Social engineering impersonation means to masquerade as a real or  fictitious character and then play out the role of that person on a victim. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 68 Phishing is sending an email or displaying a web announcement that  falsely claims to be from a legitimate enterprise in an attempt to trick the  user into surrendering private information. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 70 Several variations on phishing attacks are: Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 70 pharming automatically redirects the user to the fake site. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 70 phishing involves sending millions of generic email messages to users,  spear phishing targets only specific users. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 70 type of spear phishing is whaling. Instead of going after the “smaller fish,”  whaling targets the “big fish,” namely, wealthy individuals or senior  executives Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 70 vishing (voice phishing), an attacker calls a victim who, upon answering,  hears a recorded message that pretends to be from the user’s bank  stating that her credit card has experienced fraudulent activity or that her  bank account has had unusual activity.Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 71 amount of spam, or unsolicited email, that goes through the Internet  continues to escalate. Google Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 72 A hoax is a false warning, often contained in an email message claiming  to come from the IT department. Highlight (pink) - Chapter 2: Malware and Social Engineering Attacks  > Page 72 hoax purports that there is a “deadly virus” circulating through the Internet  and that the recipient should erase specific files or change security  configurations, and then forward the message Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 72 These fake sites exist because attackers purchase the domain names of  sites that are spelled similarly to actual sites. This is called typo squatting  or URL hijacking. Highlight (pink) - Chapter 2: Malware and Social Engineering Attacks  > Page 72 similar manner a watering hole attack is directed toward a smaller group  of specific individuals, such as the major executives working for a  manufacturing company. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 73 Dumpster diving involves digging through trash receptacles to find  information that can be useful in an attack. Highlight (orange) - Chapter 2: Malware and Social Engineering  Attacks > Page 73 is that they cannot always control how many people enter the building  when access is allowed; once an authorized person opens the door,  virtually any number of individuals can follow behind and also enter. This  is known as tailgating. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 74shoulder surfing, it can be used in any setting in which a user “casually  observes” someone entering an authorized code on a keypad. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 78 c. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 78 a. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 78 b. ransomware Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 78 a. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 78 c. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 78 d. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 79 b. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 79 b. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 79 b. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 79 b.Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 79 c. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 80 d. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 80 d. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 80 b. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 80 b. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 80 d. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 80 c. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 81 a. Highlight (yellow) - Chapter 2: Malware and Social Engineering  Attacks > Page 81 c. Highlight (pink) - Chapter 3: Application and Networking-Based  Attacks > Page 92 some of these schools even advertise “job placement” for their graduates:  instructors will vouch for star pupils in order to help them join advanced  underground attacker communities that otherwise would be difficult to  access. Today’s Attacks and Defenses 92 Chapter 3 Application and Networking-Based Attacks Copyright 2015 Cengage Learning. All Rights  Reserved. May Part V: Mobile Security Highlight (yellow) - Chapter 9: Wireless Network Security > Page 364 Bluesnarfing is an attack that accesses unauthorized information from a  wireless device through a Bluetooth connection, often between cell  phones and laptop computers. Highlight (orange) - Chapter 9: Wireless Network Security > Page 368 AP has two basic functions. First, it acts as the “base station” for the  wireless network. All wireless devices with a wireless NIC transmit to the  AP, which in turn, redirects the signal Highlight (yellow) - Chapter 9: Wireless Network Security > Page 368 second function of an AP is to act as a bridge between the wireless and  wired networks. Highlight (yellow) - Chapter 9: Wireless Network Security > Page 368 to the wired network by a cable, allowing all the wireless devices to  access through the AP the wired network (and Highlight (yellow) - Chapter 9: Wireless Network Security > Page 370 Whereas a rogue AP is set up by an internal user, an evil twin is an AP  that is set up by an attacker. This AP is designed to mimic an authorized  AP, so a user’s mobile device

Page Expired
5off
It looks like your free minutes have expired! Lucky for you we have all the content you need, just sign up here