Skip to main content

Information Security Overview in securetecho

Information Security Overview in securetecho

information security
  • Source code leaks accelerated malware release cycles                                                 Attackers create new variants of malware variants
     Contains new characteristics, signatures, evasive capabilities, etc.                      Anti-virus/anti-malware cannot d


    etect
  • Old school malware techniques made a comeback                                                      Anti-virus applications、IDS、firewall and cyber-crime techniques                    Forcing an attacker to use artificial and time consuming old malware infection and propagation techniques to evade advanced detection
  • Growth of 64-bit malware increased
  • Malware researcher evasion became more popular
  • Mobile SMS-forwarding malware are becoming ubiquitous
  • Account takeover moved to the victim's device
  • Attacks on corporate and personal data in the cloud increased
  • Exploit kits continued to be a primary threat for Windows
    Ex. window xp
  • Attackers increasingly lure executives and compromise organizations via professional social networks.
  • Java remains highly exploitable and highly exploited - with expanded repercussions.
  • Attackers are more interested in cloud data than your network.
  • The sheer volume of advanced malware is decreasing.
  • Redkit, Neutrino, and other exploit kits struggled for power in the wake of the Blackhole Author Arrest.
  • Mistakes are made in "offensive" security due to misattribution of an attack's source.
  • Cybercriminals are targeting the weakest links in the "data-exchange chain".
  • Major data-destruction attacks are increasing.

Essential Terminology

  • Hack Value: It is notion among hackers that something is worth doing or is interesting.
    information security
  • Vulnerability: Existence of a weaknessdesign, or implementation error that can lead to an unexpected event compromising the security of the system.
  • Exploit: A breach of IT system security through vulnerabilities.
  • Payload: Payload is the part of an exploit code that performs the intended malicious action, such as destroying, creating backdoors, and hijacking computer.
  • Zero-Day Attack: An attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability.
  • Daisy Chaining: It involves gaining access to one network and/or computer and then using the same information to gain access to multiple networks and computers that contain desirable information.
  • DoxingPublishing personally identifiable information about an individual collected from publicly available databases and social media.
  • Bot: A "bot" is a software application that can be controlled remotely to execute or automate predefined tasks.

Elements of Information Security

  • Information security is a state of well-being of information and infrastructure in which the possibility of thefttampering, and disruption of information and services is kept low or tolerable.
  • Confidentiality: Assurance that the information is accessible only to those authorized to have access
    information security
  • Integrity: The trustworthiness of data or resources in terms of preventing improper and unauthorized changes
  • Availability: Assurance that the systems responsible for delivering, storing, and processing information are accessible when required by the authorized users
  • Authenticity: Authenticity refers to the characteristic of a communication, document or any data that ensures the quality of being genuine
  • Non-RepudiationGuarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.

The SecurityFunctionality and Usability  Triangle

  • Level of security in any system can be defined by the strength of three components:
    • Functionality (Features)
    • Security (Restrictions)
    • Usablity (GUI)

Comments

Popular posts from this blog

how to crack wifi password using fern wifi cracker in securetecho

HOW TO HACK wifi USING fern wifi cracker Step 1 –  Go to Backtrack - Exploitation Tools - Wireless Exploitation Tools - WLAN Exploitation - Fern Wi-Fi Cracker.   Now following application will be seen.                                     Step 2 - Now select the interface as wlan0 and Refresh it.   Now click on “OK” after the box appears.    Step 3 –    Now click on “Scan for Access points”    Step 4 –  After that it will show list of Detected signals    Step 5 –     Now click on WEP box                                    Following screen will show like this.    Step 6 –  Now choose the Attack option as you wish to do like,  A. Arp Reques...

Ethical Hacking Concepts and Scope in securetecho

1.4 Ethical Hacking Concepts and Scope in Securetecho What is  Ethical Hacking ? Ethical hacking involves the use of hacking tools, tricks, and techniques to  identify vulnerabilities  so as to ensure system security. It focuses on simulating techniques used by attackers to  verify the existence of exploitable vulnerabilities  in the system security. Ethical hackers performs security assessment of their organization  with the permission of concerned authorities . Why  Ethical Hacking  is Necessary To beat a hacker, you need to think like one! Ethical hacking is necessary as it  allows to counter attacks from malicious hackers  by anticipating methods used by them to break into a system. Reasons why Organizations Recruit Ethical Hackers : To  prevent hackers  from gaining access to organization's information. To  uncover vulnerabilities  in systems and explore their potential as a risk. To an...

Ethical hacking with full description in securetecho

                           ETHICAL HACKING Ethical hacking  refers to the act of locating weaknesses and vulnerabilities of computer and information systems by duplicating the intent and actions of malicious  hackers .  Ethical hacking  is also known as penetration testing. An  ethical  hacker is a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit. TOOLS FOR ETHICAL HACKING:               NMAP. Nmap stands for Network Mapper. ...     Metasploit. Metasploit is one of the most powerful exploit tools. ...     Burp Suit. Burp Suite is a popular platform that is widely used for performing security            testing ...