Beruflich Dokumente
Kultur Dokumente
Gunners group Phm c Xun Nguyn Anh Tun Phm Th Qunh Anh 50903407 50903101 50903427
Contents
THREATS ATTACKS
Background
Security researchers warn: Informationsecuritycontinues to be ignored by top managers, middle managers, and employees alike ...
security ?
Which of these threats are the most
serious?
How frequently (per month) are these
threats observed?
Bureau of Investigation (FBI) survey found: 90 percent of respondents(primarily large corporations and government agencies) detected computer security breaches within the last 12 months.
80 percent of those organizations reported financial
losses a total of approximately $455,848,000 in financial losses, up from $377,828,700 reported in2001
Bureau of Investigation (FBI) survey found: 79 percent of organizations reported cyber security breaches within the last 12 months
54 percent of those organizations reported financial
10
11
12
13
14
Incorrect assumptions
Employees are the greatest threats to an organizations
data
15
Figure 2-1 Acts of Human Error or Acts of Human Error or Failure Failure
16
17
We should use Least privilege for users We should use Least privilege for users
18
Intellectual Properly
trademarks, and patents. Technical mechanism : Digital watermark , embeddcode, copyright code
19
Espionage or Trespass
Access of protected information by unauthorized
individuals
Competitive intelligence (legal) vs. industrial
espionage (illegal)
Shoulder surfing occurs anywhere a person accesses
confidential information
Controls let trespassers know they are encroaching on
organizations cyberspace
Hackers uses skill, guile, or fraud to bypass controls
20
21
Theft
Illegal taking of anothers physical, electronic, or
intellectual property
Physical theft is controlled relatively easily Electronic theft is more complex problem; evidence of
22
23
24
25
26
Software Attacks
Malicious software (malware) designed to damage,
27
28
Forces of Nature
Forces of nature are among the most dangerous
threats
Disrupt not only individual lives, but also storage,
29
Quality of Service
Includes situations where products or services not
delivered as expected
Information system depends on many interdependent
support systems
Internet service, communications, and power
30
responsibility for all Internet services as well as hardware and Web site operating system software
31
Attacks
Act or action that exploits vulnerability (i.e., an identified
organizations information
32
Attacks
Malicious code: includes execution of viruses, worms,
Trojan horses, and active Web scripts with intent to destroy or steal information
Back door: gaining access to a network and inserting a
program or utility that creates an entrance for an attacker. The program may allow a certain user to log in without a password or gain administrative privileges.
33
Attacks
Password crack: attempting to reverse calculate a
password
Brute force: trying every possible combination of options
of a password
34
Attacks
Dictionary: selects specific accounts to attack and uses
35
36
Attacks (continued)
Denial-of-service (DoS): attacker sends large number of
ordinary functions
37
38
Attacks
Spoofing: This type of attack is usually considered as an
access attack.
IP spoofing : make the data look like it came from a
trusted host
DNS spoofing : send users to a website other than the
39
40
Attacks
Man-in-the-middle: attacker monitors network packets,
41
42
Attacks
Spam: unsolicited commercial e-mail; more a nuisance
43
Attacks
Mail bombing: also a DoS; attacker routes large
44
Attacks
Sniffers: program or device that monitors data traveling
over network; can be used both for legitimate purposes and for stealing information from a network
Social engineering: using social skills to convince people
45
Attacks
Buffer overflow: application error occurring when more
46
Summary
Threat: object, person, or other entity representing a
47
References
Books : Principles of Information Security Michael E.Whitman,
Herbert J.Mattord , Information Security Fundamentals Thomas R.Peltier, Justin Peltier, John Blackley Threats to Information Security Michael E.Whitman
Websites : infosecisland.com, anninhthongtin.com,
news.tech24.vn,xahoithongtin.com.vn,hocbao.com
48