Skip to main content

Information Security Overview in securetecho

Information Security Overview in securetecho

information security
  • Source code leaks accelerated malware release cycles                                                 Attackers create new variants of malware variants
     Contains new characteristics, signatures, evasive capabilities, etc.                      Anti-virus/anti-malware cannot d


    etect
  • Old school malware techniques made a comeback                                                      Anti-virus applications、IDS、firewall and cyber-crime techniques                    Forcing an attacker to use artificial and time consuming old malware infection and propagation techniques to evade advanced detection
  • Growth of 64-bit malware increased
  • Malware researcher evasion became more popular
  • Mobile SMS-forwarding malware are becoming ubiquitous
  • Account takeover moved to the victim's device
  • Attacks on corporate and personal data in the cloud increased
  • Exploit kits continued to be a primary threat for Windows
    Ex. window xp
  • Attackers increasingly lure executives and compromise organizations via professional social networks.
  • Java remains highly exploitable and highly exploited - with expanded repercussions.
  • Attackers are more interested in cloud data than your network.
  • The sheer volume of advanced malware is decreasing.
  • Redkit, Neutrino, and other exploit kits struggled for power in the wake of the Blackhole Author Arrest.
  • Mistakes are made in "offensive" security due to misattribution of an attack's source.
  • Cybercriminals are targeting the weakest links in the "data-exchange chain".
  • Major data-destruction attacks are increasing.

Essential Terminology

  • Hack Value: It is notion among hackers that something is worth doing or is interesting.
    information security
  • Vulnerability: Existence of a weaknessdesign, or implementation error that can lead to an unexpected event compromising the security of the system.
  • Exploit: A breach of IT system security through vulnerabilities.
  • Payload: Payload is the part of an exploit code that performs the intended malicious action, such as destroying, creating backdoors, and hijacking computer.
  • Zero-Day Attack: An attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability.
  • Daisy Chaining: It involves gaining access to one network and/or computer and then using the same information to gain access to multiple networks and computers that contain desirable information.
  • DoxingPublishing personally identifiable information about an individual collected from publicly available databases and social media.
  • Bot: A "bot" is a software application that can be controlled remotely to execute or automate predefined tasks.

Elements of Information Security

  • Information security is a state of well-being of information and infrastructure in which the possibility of thefttampering, and disruption of information and services is kept low or tolerable.
  • Confidentiality: Assurance that the information is accessible only to those authorized to have access
    information security
  • Integrity: The trustworthiness of data or resources in terms of preventing improper and unauthorized changes
  • Availability: Assurance that the systems responsible for delivering, storing, and processing information are accessible when required by the authorized users
  • Authenticity: Authenticity refers to the characteristic of a communication, document or any data that ensures the quality of being genuine
  • Non-RepudiationGuarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.

The SecurityFunctionality and Usability  Triangle

  • Level of security in any system can be defined by the strength of three components:
    • Functionality (Features)
    • Security (Restrictions)
    • Usablity (GUI)

Comments

Post a Comment

Popular posts from this blog

Ethical hacking with full description in securetecho

                           ETHICAL HACKING Ethical hacking  refers to the act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious  hackers .  Ethical hacking  is also known as penetration testing. An  ethical  hacker is a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit. TOOLS FOR ETHICAL HACKING:               NMAP. Nmap stands for Network Mapper. ...     Metasploit. Metasploit is one of the most powerful exploit tools. ...     Burp Suit. Burp Suite is a popular platform that is widely used for performing security            testing ...
1 comment
Read more

10 Best Ways to Track a Location by Mobile Number || Securetecho

Tracking a mobile phone's location through its contact number that might seem impossible at first, but it doesn’t have to be. It’s quite simple, there are two alternates to do so: 1)Using a mobile phone lookup service 2)Using a spy software In this paragraph, you will learn how to use it, and what to expect, and we will give you a list of the top 10 spy software in the market today. Numlooker - an excellent software for contact number tracking WhoCallMe - scan the deep web and conduct comprehensive social sites searches USPhoneSearch - includes all the basic features you need when tracking a contact number. USPhoneLookup - an excellent service that help you in finding out who is calling within minutes TheNumberLookup - allows you to instantly identify the caller and get access to all the available information about him. WhatIsThisNumber - the most standard and convenient reverse phone lookup service Spokeo - experience the expert service of phone lookup CocoSpy - access a phone mon...
Post a Comment
Read more

How to prevent from online Money Froud

Here are 8 tips to use internet banking safely: 1. Always use Up-to-date anti-virus To protect your computer from phishing, malware, and other security threats always use Up-to-date anti-virus. Anti-virus helps in detecting and removing spyware that can steal your sensitive information 2. Avoid Using Public Wi-Fi or Use VPN software The biggest threat of an open Wi-Fi network is that the hacker can sit in between the end user and the hotspot and can trace all the data without any difficulty. Hackers see unsecured connection as an opportunity to introduce malware into your device. So, usage of public Wi-Fi hotspots for internet or mobile banking and making payments on ecommerce sites should be avoided. However if you are a regular public Wi-Fi user, consider setting up a VPN software on your computer. It creates a secure tunnel between the computer and the internet and prevents hackers from intercepting the traffic. 3. Check for latest updates of your Smartphone's operating system S...
Post a Comment
Read more