Skip to main content

Information Security Overview in securetecho

Information Security Overview in securetecho

information security
  • Source code leaks accelerated malware release cycles                                                 Attackers create new variants of malware variants
     Contains new characteristics, signatures, evasive capabilities, etc.                      Anti-virus/anti-malware cannot d


    etect
  • Old school malware techniques made a comeback                                                      Anti-virus applications、IDS、firewall and cyber-crime techniques                    Forcing an attacker to use artificial and time consuming old malware infection and propagation techniques to evade advanced detection
  • Growth of 64-bit malware increased
  • Malware researcher evasion became more popular
  • Mobile SMS-forwarding malware are becoming ubiquitous
  • Account takeover moved to the victim's device
  • Attacks on corporate and personal data in the cloud increased
  • Exploit kits continued to be a primary threat for Windows
    Ex. window xp
  • Attackers increasingly lure executives and compromise organizations via professional social networks.
  • Java remains highly exploitable and highly exploited - with expanded repercussions.
  • Attackers are more interested in cloud data than your network.
  • The sheer volume of advanced malware is decreasing.
  • Redkit, Neutrino, and other exploit kits struggled for power in the wake of the Blackhole Author Arrest.
  • Mistakes are made in "offensive" security due to misattribution of an attack's source.
  • Cybercriminals are targeting the weakest links in the "data-exchange chain".
  • Major data-destruction attacks are increasing.

Essential Terminology

  • Hack Value: It is notion among hackers that something is worth doing or is interesting.
    information security
  • Vulnerability: Existence of a weaknessdesign, or implementation error that can lead to an unexpected event compromising the security of the system.
  • Exploit: A breach of IT system security through vulnerabilities.
  • Payload: Payload is the part of an exploit code that performs the intended malicious action, such as destroying, creating backdoors, and hijacking computer.
  • Zero-Day Attack: An attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability.
  • Daisy Chaining: It involves gaining access to one network and/or computer and then using the same information to gain access to multiple networks and computers that contain desirable information.
  • DoxingPublishing personally identifiable information about an individual collected from publicly available databases and social media.
  • Bot: A "bot" is a software application that can be controlled remotely to execute or automate predefined tasks.

Elements of Information Security

  • Information security is a state of well-being of information and infrastructure in which the possibility of thefttampering, and disruption of information and services is kept low or tolerable.
  • Confidentiality: Assurance that the information is accessible only to those authorized to have access
    information security
  • Integrity: The trustworthiness of data or resources in terms of preventing improper and unauthorized changes
  • Availability: Assurance that the systems responsible for delivering, storing, and processing information are accessible when required by the authorized users
  • Authenticity: Authenticity refers to the characteristic of a communication, document or any data that ensures the quality of being genuine
  • Non-RepudiationGuarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.

The SecurityFunctionality and Usability  Triangle

  • Level of security in any system can be defined by the strength of three components:
    • Functionality (Features)
    • Security (Restrictions)
    • Usablity (GUI)

Comments

Popular posts from this blog

how to crack wifi password using fern wifi cracker in securetecho

HOW TO HACK wifi USING fern wifi cracker Step 1 –  Go to Backtrack - Exploitation Tools - Wireless Exploitation Tools - WLAN Exploitation - Fern Wi-Fi Cracker.   Now following application will be seen.                                     Step 2 - Now select the interface as wlan0 and Refresh it.   Now click on “OK” after the box appears.    Step 3 –    Now click on “Scan for Access points”    Step 4 –  After that it will show list of Detected signals    Step 5 –     Now click on WEP box                                    Following screen will show like this.    Step 6 –  Now choose the Attack option as you wish to do like,  A. Arp Reques...

Ethical hacking with full description in securetecho

                           ETHICAL HACKING Ethical hacking  refers to the act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious  hackers .  Ethical hacking  is also known as penetration testing. An  ethical  hacker is a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit. TOOLS FOR ETHICAL HACKING:               NMAP. Nmap stands for Network Mapper. ...     Metasploit. Metasploit is one of the most powerful exploit tools. ...     Burp Suit. Burp Suite is a popular platform that is widely used for performing security            testing ...

Define ethical hacking and hacking tipps in securetecho

DEFINE  ETHICAL HACKING WITH FULL DESCRIPTION In the ethical hacking the hacker and the attacker can get the whole information about the customers and he can attack on the any person's computer and he can the access of the other person computer with the whole permissions of the others who can belong to it. he can find the loop holes in the network and the computer. Meta tags analyzer HOW WE CAN ATTACK ON THE WIFI USING FERN WIFI CRACKER                                     Fern pro is a software made for kali linux to test the vulnerbilities in a wifi network and  it is use to penetrate the wifi network. this software use to crack the wifi passwords no matters what type of encryption is.it allow the user to hack any wifi method with its internal GUI mode. it allow the user to attack any wireless network and it can hack any wifi with dictionary attack.    ...