0% found this document useful (0 votes)
42 views4 pages

Information Security

For IT students

Uploaded by

Darrel Tinashe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
42 views4 pages

Information Security

For IT students

Uploaded by

Darrel Tinashe
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

7.

1 Observe Good Security Practices and Procedures (Information


Security Focus)
Causes of Information Security Vulnerability:
1. Anonymity: Users can conceal their identities, leading to potential misuse or malicious
activities in online environments.
o Example: Hackers using proxies or VPNs to anonymize their IP
addresses.
o Disadvantage: It makes it harder for security teams to track
and trace cybercriminals.
2. Many Points of Attack: A network often has several potential entry points, increasing
the risk of unauthorized access.
o Example: Weak access control systems or exposed network
ports.
o Disadvantage: Increases the complexity of defending against
multiple threats.
3. Sharing: Sharing files and resources between users or systems increases the attack
surface.
o Example: Unauthorized file sharing over a corporate network
leading to data leaks.
o Disadvantage: Risks confidential information being exposed.
4. Complexity of Systems: The more complex an information system, the more vulnerable
it is to misconfigurations and potential breaches.
o Example: Enterprise systems integrating multiple software
solutions without adequate security measures.
o Disadvantage: Complexity makes it harder to identify and patch
security gaps.
Threat Precursors:
1. Port Scans: Attackers use port scans to find vulnerabilities by identifying open ports on a
network, which could allow unauthorized access.
o Example: Nmap used by hackers to map a network for
vulnerabilities.
2. Social Engineering: Attackers trick people into divulging confidential information, like
passwords.
o Example: Phishing emails convincing users to provide login
credentials.
o Disadvantage: Can bypass even the best technical security
controls.
3. Reconnaissance: Attackers gather as much information as possible about the target
network before launching an attack.
o Example: Scanning public records or DNS information of a target
system.
4. Operating System and Application Fingerprinting: Identifying specific software
versions to exploit known vulnerabilities.
o Example: An attacker identifies that a server is running an
outdated version of Apache and targets it with known exploits.
Information Security Controls:
 Design and Implement a Security Plan:
o Steps:
1. Define security objectives.
2. Identify threats.
3. Implement controls (firewalls, antivirus, encryption).
o Advantage: Provides structured defense against potential
threats.
o Disadvantage: Requires continuous updates as threats evolve.

7.2 Source Hardware and Software Solutions to Information


Security Issues
Types of Security Controls:
1. Physical Security: Protects hardware from theft or tampering.
o Example: Secure server rooms with biometric access control.
o Advantage: Prevents physical breaches that could compromise
data.
o Disadvantage: Can be costly to implement and maintain.
2. Technical Security: Refers to the use of technology to protect systems and data.
o Example: Encryption software, firewalls, anti-virus tools.
o Advantage: Offers robust, automated defense mechanisms.
o Disadvantage: Needs frequent updates to combat new threats.
3. Administrative Security: Policies, procedures, and guidelines to ensure information
security.
o Example: Security policies mandating multi-factor
authentication (MFA).
o Advantage: Establishes a culture of security across an
organization.
o Disadvantage: Relies heavily on user compliance and
awareness.
Information Security Services:
1. Implement Firewall Management: Firewalls filter network traffic, allowing or blocking
it based on a predefined set of rules.
o Example: A next-generation firewall that uses deep packet
inspection to detect and block malicious traffic.
2. Email Security Services: Protect email systems from phishing attacks and malware.
o Example: Secure Email Gateways that block malicious
attachments and links.
oAdvantage: Protects one of the most commonly attacked entry
points.
o Disadvantage: Some legitimate emails might be blocked (false
positives).
How Information Security Works:
1. Types of Security Software and Tools:
o Firewalls, Anti-virus software, Encryption tools.
o Example: McAfee anti-virus, BitLocker for encryption.
o Advantage: Helps detect, prevent, and respond to security
threats.
o Disadvantage: Often requires updates and skilled personnel to
manage.
2. Benefits of Information Security:
o Advantage: Maintains confidentiality, integrity, and availability
of data (CIA Triad).
o Disadvantage: Implementation can be complex and costly.

7.3 Deploy, Test, and Maintain Security Systems


Elements of a Cyber-Attack (Information Security Context):
1. Asset: Any valuable data or system that needs protection.
o Example: Customer data, internal databases.
2. Threat Agent: The entity responsible for attacking the system, such as hackers or
malware.
o Example: A cybercriminal deploying ransomware.
3. Security Controls: Mechanisms used to defend against or mitigate the impact of attacks.
o Example: Encryption to protect data from unauthorized access.
Designing an Effective Cybersecurity Solution:
1. Policies/Procedures: Policies define how users should protect data, such as password
policies.
2. Cyber-Resilience: The ability of a system to continue operating even when attacked.
o Advantage: Minimizes downtime after a breach.
o Disadvantage: Often requires investment in backup and
redundancy systems.
3. Technologies/Safeguards: Firewalls, encryption, intrusion detection systems (IDS), and
Multi-factor Authentication (MFA) all work to protect information assets.
o Advantage: Significantly reduces the risk of successful attacks.
o Disadvantage: Needs regular updating and monitoring.
7.4 Maintain Hardware and Software (Information Security
Perspective)
Common Information Security Vulnerabilities:
1. Missing Data Encryption: Sensitive data transmitted without encryption is at risk of
interception.
o Example: Using HTTP instead of HTTPS for web traffic.
o Disadvantage: Exposes sensitive information like passwords or
personal data.
2. Operating System Command Injection: Attackers exploit weaknesses in web
applications to execute commands on the host OS.
o Example: SQL injection or shell commands executed through
input fields.
o Disadvantage: Can lead to full system compromise.
3. SQL Injection: Attacker inserts malicious code into SQL queries to gain access to
database information.
o Example: An attacker retrieves user credentials from a
vulnerable login form.
o Disadvantage: A breach in SQL can expose large volumes of
sensitive data.
4. Unmanaged Software: Software that is not maintained or patched regularly presents
security risks.
o Disadvantage: Allows known vulnerabilities to remain open for
exploitation.
5. IoT Devices: Many IoT devices lack robust security features, making them easy targets
for attackers.
o Example: A smart home device that can be easily compromised
due to default settings.
o Disadvantage: Expands the attack surface without adequate
defenses.
Types of Information Security:
1. Application Security: Protecting applications from external threats
like code injection or malware.
o Example: Input validation and secure coding practices.
2. Data Loss Prevention (DLP): A strategy to ensure that sensitive
data is not lost, misused, or accessed by unauthorized users.
o Example: Blocking users from copying sensitive files to USB
drives.
o Advantage: Prevents accidental or malicious data breaches.
o Disadvantage: Can impact user productivity if too restrictive.

You might also like