Information Security and Cyber security are very closely related terms. Most of us use
them interchangeably and it hardly matters. But there is a definite difference between
them.
Cyber Security is defined as the ability to protect or defend the use of cyberspace from
cyber-attacks.
Cyber Security on the other hand deals with protection of cyberspace and use of it
against any sort of crime (related/not related to information CIA).
To gain the maximum benefits from your company's information system, you have to
exploit all its capacities. Information systems gain their importance by processing the
data from company inputs to generate information that is useful for managing your
operations. To increase the information system's effectiveness, you can either add more
data to make the information more accurate or use the information in new ways.
Hardware- these are the devices like the monitor, processor, printer and keyboard,
all of which work together to accept, process, show data and information.
Software- are the programs that allow the hardware to process the data.
Databases- are the gathering of associated files or tables containing related data.
Networks- are a connecting system that allows diverse computers to distribute
resources.
Procedures- are the commands for combining the components above to process
information and produce the preferred output.
Explain the terms: Criminal attacks, Publicity attacks, Legal attacks. What is
security?
Criminal attacks are easy to understand: “How can I acquire the maximum financial
return by attacking the system?” Attackers vary, from lone criminals to sophisticated
organized crime syndicates, from insiders looking to make a fast buck to foreign
governments looking to wage war on a country's infrastructure.
Publicity attacks: such attacks occur basically because the attackers wish to see their
names on television news channels and news papers, i.e. gain publicity.
The attack on discrimination by use of legal machinery has only scratched the surface.
An understanding of the existing statutes protecting our civil rights is necessary if we
are to work towards enforcement of these statutes.
Strong passwords
Use Tor
What is password?
A password is a string of characters used to verify the identity of a user during the
authentication process.
Define: Frauds, Scams, Identity theft, Intellectual property theft, Brand theft.
A scam is a term used to describe any fraudulent business or scheme that takes
money or other goods from an unsuspecting person. With the world becoming more
connected thanks to the Internet, online scams have increased, and it's often up to you
to help stay cautious with people on the Internet.
Identity theft is the deliberate use of someone else's identity, usually as a method to
gain a financial advantage or obtain credit and other benefits in the other person's
name, and perhaps to the other person's disadvantage or loss.
Brand theft is when someone takes your corporate name as his/her own. The name
may then be used as is, e.g. Accountkeeper.net or modified slightly such as “Account
Keeper” as a means of justifying in the cyber criminal's mind that it is after all not exactly
the same name.
Phishing: In a phishing attack, an attacker may send you an email that appears to
be from someone you trust, like your boss or a company you do business with. The
email will seem legitimate, and it will have some urgency to it (e.g. fraudulent
activity has been detected on your account). In the email, there will be an
attachment to open or a link to click. Upon opening the malicious attachment, you’ll
thereby install malware in your computer. If you click the link, it may send you to a
legitimate-looking website that asks for you to log in to access an important file —
except the website is actually a trap used to capture your credentials when you try
to log in.
Confidentiality
Integrity
Availability
Discuss the reason behind the significance of authentication.
What is worm? What is the significant difference between virus and worm?
Virus Worm
Does it infect Yes, it deletes or modifies files. Usually not. Worms usually
files? Sometimes a virus also changes the only monopolize the CPU and
location of files. memory.
whose speed is virus is slower than worm. worm is faster than virus.
more? E.g.The code red worm
affected 3 lack PCs in just 14
Hrs.
Definition The virus is the program code that The worm is code that
attaches itself to application program replicate itself in order to
and when application program run it consume resources to bring it
runs along with it. down.
Phishing and pharming are two different ways hackers attempt to manipulate users via
the Internet. Phishing involves getting a user to enter personal information via a fake
website. Pharming involves modifying DNS entries, which causes users to be directed
to the wrong website when they visit a certain Web address.
Phishing is similar to fishing in a lake, but instead of trying to capture fish, phishers
attempt to steal your personal information. They send out e-mails that appear to come
from legitimate websites such as eBay, PayPal, or other banking institutions. The e-
mails state that your information needs to be updated or validated and ask that you
enter your username and password, after clicking a link included in the e-mail. Some e-
mails will ask that you enter even more information, such as your full name, address,
phone number, social security number, and credit card number. However, even if you
visit the false website and just enter your username and password, the phisher may be
able to gain access to more information by just logging in to you account.
Pharming is yet another way hackers attempt to manipulate users on the Internet.
While phishingattempts to capture personal information by getting users to visit a fake
website, pharming redirects users to false websites without them even knowing it.
While a typical website uses a domain name for its address, its actual location is
determined by an IP address. When a user types a domain name into his or her Web
browser's address field and hits enter, the domain name is translated into an IP address
via a DNS server. The Web browser then connects to the server at this IP address and
loads the Web page data. After a user visits a certain website, the DNS entry for that
site is often stored on the user's computer in a DNS cache. This way, the computer
does not have to keep accessing a DNS server whenever the user visits the website.
Explain different cetegories of cyber crime.
Hacking: This is a type of crime wherein a person’s computer is broken into so that his
personal or sensitive information can be accessed. In the United States, hacking is
classified as a felony and punishable as such. This is different from ethical hacking,
which many organizations use to check their Internet security protection. In hacking, the
criminal uses a variety of software to enter a person’s computer and the person may not
be aware that his computer is being accessed from a remote location.
Theft: This crime occurs when a person violates copyrights and downloads music,
movies, games and software. There are even peer sharing websites which encourage
software piracy and many of these websites are now being targeted by the FBI. Today,
the justice system is addressing this cyber crime and there are laws that prevent people
from illegal downloading.
Cyber Stalking: This is a kind of online harassment wherein the victim is subjected to a
barrage of online messages and emails. Typically, these stalkers know their victims and
instead of resorting to offline stalking, they use the Internet to stalk. However, if they
notice that cyber stalking is not having the desired effect, they begin offline stalking
along with cyber stalking to make the victims’ lives more miserable.
Identity Theft: This has become a major problem with people using the Internet for cash
transactions and banking services. In this cyber crime, a criminal accesses data about a
person’s bank account, credit cards, Social Security, debit card and other sensitive
information to siphon money or to buy things online in the victim’s name. It can result in
major financial losses for the victim and even spoil the victim’s credit history.
Malicious Software: These are Internet-based software or programs that are used to
disrupt a network. The software is used to gain access to a system to steal sensitive
information or data or causing damage to software present in the system.
Child soliciting and Abuse: This is also a type of cyber crime wherein criminals solicit
minors via chat rooms for the purpose of child pornography. The FBI has been spending
a lot of time monitoring chat rooms frequented by children with the hopes of reducing
and preventing child abuse and soliciting.
For as ubiquitous as connectivity has become and how reliant we've grown on it, the
Internet is still a digital jungle where hackers easily steal sensitive information from the
ill-equipped and where the iron-fisted tactics of totalitarian regimes bent on controlling
what their subjects can access are common. So instead of mucking around in public
networks, just avoid them. Use a VPN instead. Between Wi-Fi spoofing, Honeypot
attacks, and Firesheep, public networks really are cesspools. But if you're working
remotely and need to access sensitive data on your company's private servers, doing so
from an unsecured public network like a coffee shop Wi-Fi hotspot could put that data,
your company's business, and your job at stake. VPNs, or Virtual Private Networks,
allow users to securely access a private network and share data remotely through
public networks. Much like a firewall protects your data on your computer, VPNs protect
it online. And while a VPN is technically a WAN (Wide Area Network), the front end
retains the same functionality, security, and appearance as it would on the private
network.
What E-Cash?
Digital cash is a system of purchasing cash credits in relatively small amounts, storing
the credits in your computer, and then spending them when making electronic
purchases over the Internet.
1. Script Kiddie – Script Kiddies normally don’t care about hacking (if they did, they’d
be Green Hats. See below.). They copy code and use it for a virus or an SQLi or
something else. Script Kiddies will never hack for themselves; they’ll just download
overused software (LOIC or Metasploit, for example) and watch a YouTube video
on how to use it. A common Script Kiddie attack is DoSing or DDoSing (Denial of
Service and Distributed Denial of Service), in which they flood an IP with so much
information it collapses under the strain. This attack is frequently used by the
“hacker” group Anonymous, which doesn’t help anyone’s reputation.
2. White Hat – Also known as ethical hackers, White Hat hackers are the good guys of
the hacker world. They’ll help you remove a virus or PenTest a company. Most
White Hat hackers hold a college degree in IT security or computer science and
must be certified to pursue a career in hacking. The most popular certification is the
CEH (Certified Ethical Hacker) from the EC-Council.
3. Black Hat – Also known as crackers, these are the men and women you hear about
in the news. They find banks or other companies with weak security and steal
money or credit card information. The surprising truth about their methods of attack
is that they often use common hacking practices they learned early on.
Pros:
Hiring hackers to find holes in software.
Hire hackers to improve products.
Hackers can uncover or expose criminal activity
Using hacking as a political statement.
Cons:
Causes glitches and viruses
Can access private documents and information
o Can lead to identity theft
Can send spam emails, download programs, and slow computer
What is S-MIME protocol for secure Email.
The digital equivalent of a handwritten signature or stamped seal, but offering far more
inherent security, a digital signature is intended to solve the problem of tampering and
impersonation in digital communications. Digital signatures can provide the added
assurances of evidence to origin, identity and status of an electronic document,
transaction or message, as well as acknowledging informed consent by the signer.