Beruflich Dokumente
Kultur Dokumente
Assignment#1
APRIL 16 ,2019
ASSIGNMENT#1
OR
Its task is to maintain the information security policy.Such policy should cover all issues
regarding use (or misuse) of IT services and respect system.
Challenges of ISM
a) Privacy or Confidentiallity
Confidentiality or privacy is the biggest challenge of ISM. It means to ensure information is only
accessible to those who are authorized to view it.Hackers are pocketing login information and using these
details to access the sensitive information and data.
b) Integrity
Second is integrity of data which is another big challenge. Data or information can be easily accessed
,altered,tempered, or changed.
c) Authentication
There is a lot of security of source, to know if the information is shared or send by the sender, is reliable
or authentic is another big challenge.
d) Availability
This belongs to,assuring that crucial information can be accessed or retrieved at all times and all places is
quite challanging.
ATTACKS IN INFORMATION SECURITY
“The Attack is the biggest threat in Information technology,which involves the attempt to
obtain,alter,destroy ,remove,implant,or reveal information witout authorized access and without
permission.”
Types of Attacks
This biggest threat comes in various forms in information security, the forms is given below:
Application Attack
Network Attack
APPLICATION ATTACK
“When someone uses internet,it’s important for him/her to stay secure about data by taking some special
measures.The various application which are used bu user in their computers might contain some
infections which can create serious problems and damage in their system.”
Cache Poisoning
Cache poisoning is a type of attack in which corrupt data is inserted into the cache database of the
Domain Name System (DNS) name server. The Domain Name System is a system that associates domain
names with IP addresses.
Malware
Malware stands for “Malicious Software” which involes hostile applications that are created with express
intent and damage the mobile ,computer devices and network software.
Botnet
It is a kind of network that includes compromised computer to which are under control by malicious
actor. Each individual device is reffered as a bot, in the botnet network.
Spyware
It is a software that itself install your computer and starts covertly monitoring your online behavior on
your system without your permission and knowledge.
Computer Worms
They spread over computer networks by exploiting operating system vulnerabilities. These are the most
common type of malware.
A Man-in-the-Middle-Attack
This attack involves a malicious actor inserts him/herself into a conversation between two parties,
impersonates both parties and gains access to information that the two parties were trying to send to each
other.
NETWORK ATTACKS
“The network attack is the threat that targets the computer networks,computer information system;
infrastructure or personal Computer devices using various methods to access,alter,remove,destroydata of
information system.”
The various forms which damage the computer systems are given bvelow,
IP Spoofing
This form is use by the attacker which basically convince the system,that is already communicating
with known and trusted computer system.The attacker access the system and send packet involves IP
address which is not of his computer ,send to target computer and reciever computer treated this
address as a trusted address and act upon it.
It occurs when a malefactor executes a SQL query to the database via the input data from the client to
server. The Attacker uses special symols for accessing the user data . The special symbols are ‘=or’
which is used along with user login and through which access the data of user.
SQL commands are inserted into data-plane input (for example, instead of the login or password)
in order to run predefined SQL commands.
DNS Spoofing
It is a form of hacking of computer security, which involves the serious damage in name server that
passes or send incorrect IP addresses. And corrupt Domain Name System data is introduced into the DNS
resolver’s cache
Vulnerability attack
Bandwidth flooding
Connection flooding