Who manages information security?
Threats to information security come in many forms including natural disasters,
Lesson Proper for Week 1
What is Information Security?
Information security or infosec is concerned with protecting information from
unauthorized access. It's part of information risk management and involves
preventing or reducing the probability of unauthorized access, use, disclosure,
disruption, deletion, corruption, modification, inspect, or recording.
If a security incident does occur, information security professionals are involved
with reducing the negative impact of the incident. Note information can be
electronic or physical, tangible or intangible.
While the primary focus of any information security program is protecting the
confidentiality, integrity and availability (the CIA triad) of information, maintaining
organizational productivity is often an important consideration
This has led the information security industry to specific best-practice standards
in the following areas:
 Information security policies,
 Password strength
 Access controls
 Multi-factor authentication
 Antivirus software, firewalls
 Cryptography
 Legal liability
 Security awareness
Information security is achieved through a structured risk management
process that:
 Identifies information, related assets and the threats, vulnerability and
impact of unauthorized access
 Evaluates risks
 Makes decisions about how to address or treat risks i.e. avoid,
mitigate, share or accept
 When mitigated, selects, designs and implements security controls
 Monitors activities and makes adjustments to address any new
issues, changes, or improvements
Types of InfoSec
Application security
Application security is a broad topic that covers software vulnerabilities in web
and mobile applications and application programming interfaces (APIs). These
vulnerabilities may be found in authentication or authorization of users, integrity
of code and configurations, and mature policies and procedures. Application
vulnerabilities can create entry points for significant InfoSec breaches.
Application security is an important part of perimeter defense for InfoSec.
Cloud security
Cloud security focuses on building and hosting secure applications in cloud
environments and securely consuming third-party cloud applications. “Cloud”
simply means that the application is running in a shared environment.
Businesses must make sure that there is adequate isolation between different
processes in shared environments.
Cryptography
Encrypting data in transit and data at rest helps ensure data confidentiality and
integrity. Digital signatures are commonly used in cryptography to validate the
authenticity of data. Cryptography and encryption has become increasingly
important. A good example of cryptography use is the Advanced Encryption
Standard (AES). The AES is a symmetric key algorithm used to protect classified
government information.
Infrastructure security
Infrastructure security deals with the protection of internal and extranet networks,
labs, data centers, servers, desktops, and mobile devices.
Incident response
Incident response is the function that monitors for and investigates potentially
malicious behavior.
In preparation for breaches, IT staff should have an incident response plan for
containing the threat and restoring the network. In addition, the plan should
create a system to preserve evidence for forensic analysis and potential
prosecution. This data can help prevent further breaches and help staff discover
the attacker.
Vulnerability management
Vulnerability management is the process of scanning an environment for weak
points (such as unpatched software) and prioritizing remediation based on risk.
In many networks, businesses are constantly adding applications, users,
infrastructure, and so on. For this reason, it is important to constantly scan the
network for potential vulnerabilities. Finding a vulnerability in advance can save
your businesses the catastrophic costs of a breach.
server malfunction, physical theft and unpatched endpoints.
While paper-based businesses still exist, the ever-increasing reliance on
information systems has cause information security to become a key
consideration in cybersecurity risk management and raise a need for dedicated
IT security specialists.
These information technology security professionals are concerned with data
security, application security, network security, computer security, physical
security and data loss prevention.
Understand that data, applications, and computers are spreading far beyond
what is traditionally thought of as a computer. Smartphones, tablets and other
mobile devices are as much of a computer as a server or mainframe and are
susceptible to malicious cyber attacks that can facilitate access to sensitive
information, critical information, or information assets.
This, paired with the increasing amount of data breaches, has led for increased
demand for sophisticated data protection planning and growing demand
for cybersecurity professionals (especially in healthcare) to understand
information security.
A growing number of information security certifications are available and
employers often prefer employees with certification that validates knowledge of
best practices.
There are broad certifications like the Certified Information Systems Security
Professional (CISSP), and specific ones that cover information assurance,
network security, security testing, business auditing, business continuity
planning, security testing, incident response planning, identity theft, risk
assessments, intrusion detection systems, security breaches, and all other
security measures.
Common roles that required expertise in information management include IT
chief security officer (CSO), chief information security officer (CISO), security
engineer, information security analyst, security systems administrator and IT
security consultant.
What are information security threats?
Threats can come in many forms including software attacks, identity theft,
sabotage, physical theft and information extortion:
 Software attacks on information security include viruses, malware,
worms, ransomware like WannaCry, trojan horses or any malicious
codes that impact the availability of information.
 Phishing emails or websites are often aimed at stealing intellectual
property or log-in credentials to gain unauthorized access. Social
engineering is one of the largest cyber threats and is hard to protect
against with traditional security measures
 Sabotage like denial of service attacks often aim to reduce the
availability of key information assets, reducing confidence or
organizational productivity until payment is received in exchange for
returning service to the organization
 Theft of information and equipment is becoming increasingly common
as most devices are now mobile in nature like smartphones or
laptops. This is placing more dependance on cloud security than ever
before in history.
 Information extortion involves gaining access to confidential
information and then holding it at ransom until payment is made
There are many ways to protect against cyber attacks but the number one threat
to any organization are its users or internal employees who are susceptible to
social engineering or phishing. This is why cybersecurity awareness training
should be integrated into information security management programs.
The following free resources can be used for cyber threat awareness training in
the workplace:
 What is a cyber threat?
 What is a data breach?
 What is social engineering?
 What are phishing attacks?
 What is clickjacking?
 What is typosquatting?
 What is a DDoS attack?
 What is Ransomware-as-a-Service (RaaS)?
How do you respond to information security threats?
When a threat has been identified you have a choice:
 Reduce or mitigate the risk by implementing safeguards or
countermeasures to eliminate or reduce threats and vulnerabilities
 Assign or transfer the risk to another entity or organization by
purchasing insurance or outsourcing
 Accept the risk when the cost of the countermeasure is more than the
possible cost of loss due to a vulnerability or cyber attack
With the introduction of the General Data Protection Regulation (GDPR) by
the European Parliament and Council in 2016, the need to respond to information
security breaches has become a regulatory requirement for any business
operating within the EU. Companies are now required to:
 Provide data breach notifications
 Appoint a data-protection officer
 Require user consent for data processing
 Anonymize data for privacy
This makes a comprehensive incident handling plan and comprehensive data
leak detection a requirement for most global businesses.
To support efficient remediation efforts a clear incident response plan needs to
be designed and readily accessible by all security staff.
Learn how to create a reliable disaster recovery plan.
How do you define information security?
There are many ways to define information security but both the National Institute
of Standards and Technology (NIST) and the National Information Assurance (IA)
Glossary define information security as "the protection of information and
information systems from unauthorized access, use, disclosure, disruption,
modification, or destruction in order to provide confidentiality, integrity, and
availability."
What are the key principles of information security?
Confidentiality, integrity and availability, also known as the CIA triad, are at the
heart of information security. That said, there is a debate about whether or not
the CIA triad sufficiently addresses the rapidly changing technology and business
requirements, as well as the relationship between security and privacy. Other
principles such as accountability have been proposed and non-repudiation does
not fit in well with the three core concepts.
What is confidentiality?
Confidentiality is about not making information available or disclosed to
unauthorized individuals, entities or processes. While similar to privacy the words
should not be used interchangeably.
Confidentiality is a component of privacy that implements security measures to
protect against unauthorized viewers. User privacy has become an increasing
part of confidentiality due to GDPR and other regulatory requirements.
Other examples of confidentiality include protection from laptop theft, password
theft and other security management techniques.
What is integrity?
Integrity or data integrity is concerned with the maintenance, assurance,
accuracy and completeness of data over its entire lifecycle. This means
implementing security controls that ensure data cannot be modified or deleted by
an unauthorized person or in an undetected manner.
What is availability?
For any information system to be useful, it must be available when needed. This
means computer systems that store and process information, the security
controls that protect it, and the communication channels that access it must
function on demand.
Businesses and their customers increasingly rely on real-time high availability
systems 24/7. This means information security professionals are increasingly
concerned with ensuring availability by preventing power outages, hardware
failure and denial of service attacks. Availability is often viewed as the most
important part of a successful information security program as its ultimately the
end-users who need to be able to use the information.
What is non-repudiation?
Non-repudiation is a term borrowed from law that implies one's intention to fulfill
their obligations in a contract and that one party cannot deny having received or
having sent a transaction.
How does information security fit in with information risk management?
Information risk management is the process of identifying vulnerabilities and
threats to information resources used by an organization and what if any
countermeasures should be taken to reduce risk to an acceptable level based on
the value of the information value to the organization.
There are two main considerations with any risk management process:
1. The process of risk management is ongoing and iterative in nature, it
must be repeated indefinitely as new threats and vulnerabilities
emerge
2. The choice of countermeasures or controls used must strike a
balance between productivity, cost, effectiveness, and the information
value of the asset being protected
Risk analysis and evaluation have innate limitations because when security
incidents occur, they emerge in context and can come from unpredictable or
unexpected threats like poorly configured S3 buckets or external attackers.
The likelihood that a threat will use a vulnerability to cause harm creates risk. In
the context of information security, the impact is loss of confidentiality, integrity,
or availability or all other possible losses (e.g reputational and financial
damages). Note: It's not possible to identify nor mitigate all risks. This remaining
risk is called residual risk.
What is a threat?
A threat is anything (incidental or deliberate) that could cause potential harm,
loss or exposure to an information asset.
What is a vulnerability?
A vulnerability is a weakness or exploit that could cause harm, loss or exposure
to an information asset.
What is risk?
Risk is the likelihood that an event could cause harm, loss or exposure to an
information asset.
What is a risk assessment?
Cyber risk assessments are defined by NIST as risks assessments are used to
identify, estimate, and prioritize risk to organizational operations, organizational
assets, individuals, other organizations, and the Nation, resulting from the
operation and use of information systems.
At a high level a cyber risk assessment involves a data audit that answers:
 What data do we collect?
 How and where are we storing this data?
 How do we protect and document the data?
 How long do we keep data?
 Who has access internally and externally to the data?
 Is the place we are storing the data properly secured? Many
breaches come from poorly configured S3 buckets, check your S3
permissions or someone else will
And then defines the parameters of the assessment:
 What is the purpose of the assessment?
 What is the scope of the assessment?
 Are there any priorities or constraints I should be aware of that could
affect the assessment?
 Who do I need access to in the organization to get all the information
I need?
 What risk model does the organization use for risk analysis?
Lesson Proper for Week 2
What's the difference between security, anonymity, and privacy? And when
should you prioritize one over another?
Three of the most important concepts to understand online are: privacy,
anonymity, and security. But while most treat them as synonyms for having a
safe digital presence, they don’t mean the same thing. And depending on your
online needs, you should prioritize one over the other.
While the three often overlap, the only way to determine which one you need the
most in a particular scenario is to understand what they actually mean.
Why You Need to Know the Difference
You probably use technology in your day-to-day life substantially more than the
average person 10 or 15 years ago. With that, comes the need to ensure
everything you do online is secure. But what about privacy and anonymity?
Over the last few years, the words privacy, security, and anonymity became
buzzwords that websites, apps, and tech companies in general use in promoting
their products and services to gain people’s trust.
Some of them are honest and transparent in what they offer. Others prey on
people’s cyber literacy and their inability to differentiate the meanings. That way,
companies are safe from accusations of false advertisements while still giving
users a false sense of trust.
You need to understand what it means when software or an app says that they
secure your data or pride themselves on offering complete privacy or anonymity.
This allows you to pick the right option for your needs without falling prey to the
halo effect of similar words.
What Does Privacy Mean?
Privacy is the ability to keep certain data and information about yourself exclusive
to you and control who and what has access to it.
Think of privacy as owning a smartphone—unencrypted and without a password.
Everyone around you knows who the phone belongs to, but they don’t know
what’s on it. If someone goes through your phone without permission, it’s an
invasion of privacy, even if they don't use it to hurt or blackmail you.
When it comes to online privacy, it’s a matter of how much personal information
you can keep to yourself when browsing the internet or using software on any of
your devices.
Invasion of privacy, in itself, doesn’t cause direct harm to you as an individual.
But in 1948, the United Nations declared privacy a human right, making some
types of privacy invasions illegal in some countries.
When to Prioritize Privacy
Make privacy your priority when using apps or services that have access to your
personal information such as full name, email address, phone number, location,
etc.
You should optimize your experience for privacy when using social media
platforms and apps, messaging and emailing services, and browsers.
What Does Anonymity Mean?
To be anonymous is to hide or conceal your identity, but not your actions. You
can be anonymous in the physical world by covering your face and fingerprints.
In the digital world, you can be anonymous by preventing online entities from
collecting or storing data that could be used to identify you.
Anonymity is important for freedom of speech and particularly for whistleblowers.
That's especially true in areas of the world where having certain viewpoints and
opinions could endanger your safety or put your career and future at risk.
Anonymity also often overlaps with privacy, allowing you to browse the internet
without worrying about tracking logs. These record your every move and
use collected information to build a profile about you or include you in studies and
statistics you didn’t consent to.
When to Prioritize Anonymity
Online anonymity is a case-by-case need. Generally, you’d want to be
anonymous anytime you’re doing something you wouldn't want to be traced back
to you or your online personas.
It’s important when discussing sensitive topics; whether it’s asking for advice on
online forums, expressing fringe political views, or exposing a public person or
commercial entity's misconduct.
What Does Security Mean?
Security is a set of precautions and measures for protection against potential
harm to your person and reputation, and files directly or indirectly from malicious
parties. You can practice online and data security by using antivirus
software, encrypting important files, and using passwords to secure accounts
and devices.
We also advise using Two-Factor Authentication (2FA) on services where
possible.
Security incidents can cause direct harm to their victims. This could be a data
breach that compromises passwords and other critical information, or a virus that
damages your files and hardware—by turning off your device’s cooling fan, for
example.
It’s natural to view security as the most important of the three. After all, compared
to the other two, security is a need rather than a right or a preference. But more
often than not, ensuring user security is used as an excuse to undermine rights to
privacy and anonymity.
When to Prioritize Security
You need security to protect any type of information that others could use against
you, such as private images and financial information. Look for services with the
utmost security when dealing with password managers, antivirus, and financial
services.
What Separates Security, Anonymity, and Privacy?
While privacy, anonymity, and security all mean different things, it’s increasingly
difficult to separate them online.
Sometimes, having one could compromise the other, like how antivirus software
keeps your files secure but doesn’t always keeps them private. Other times,
they work in tandem. For example, using anonymous social media accounts with
fake credentials to protect your privacy.
While you should prioritize one over the other in certain situations, the trick is
finding the right balance between the three, where you have a safe and free
online experience without sacrificing convenience. This depends on
understanding implications your online actions have on your internet experience
and real life.
Six Significant Information Security Challenges
Executives need to understand and address six significant challenges, which are
listed here and reviewed in detail in the following sections:
· E-commerce requirements
· Information security attacks
· Immature information security market
· Information security staff shortage
· Government legislation and industry regulations
· Mobile workforce and wireless computing
Electronic Commerce
The Internet has created an important channel for conducting business called
electronic commerce (e-commerce). This channel provides many new ways for
businesses to offer products and services to their customers. In the past, the
ability to connect with millions of customers 24 hours a day, 7 days a week was
only possible for the largest corporations. Now even a company with limited
resources can compete with larger rivals by offering products and services
through the Internet with only a modest investment. E-commerce services are
quite appealing to consumers who do not want to spend their limited free time in
traditional retail stores constrained by normal business hours of operation,
unfriendly staff, and long checkout lines. Executives must understand how to
leverage this new channel of electronic commerce while managing the
associated risks.
Constant Growth and Complexity of Information Security Attacks
Security incidents that are related to malicious code (worms, viruses, and
Trojans) have grown from slightly annoying to significantly damaging to business
operations. A computer virus is a piece of malicious code that attaches to or
infects executable programs. Unlike worms, viruses rely on users to execute or
launch an infected program to replicate or deliver their payloads. A virus' payload
can delete data or damage system files.
A Trojan (named after the Trojan horse in Greek mythology) is a malicious
program disguised as something innocuous, often a utility or screensaver. Like
viruses, Trojans rely on unsuspecting users to activate them by launching the
program to which the Trojan is attached. Trojans have many functions; some
delete or steal data, whereas others install backdoors that enable a hacker to
take control of a system. Unlike viruses, Trojans do not replicate.
. IoT devices is increasing at an unprecedented rate, so are the challenges of
Immaturity of the Information Security Market
The information security market is still in its infancy, with few formal standards
established for products or services. The best way to characterize this market
would be to compare it to the enterprise resource planning (ERP) market in the
early 1980s. Companies at that time were purchasing finance, order processing,
and manufacturing systems from separate vendors and having their IT staff
integrate these products. This was a time-consuming and expensive process
because no standards existed, and interoperability between different vendors
was poor. The market then matured, and a small number of vendors such as
SAP emerged as industry leaders. These leaders provided a complete solution
for companies that included all the individual systems as part of their
integrated ERP system. They also established the standards for smaller
companies offering complementary functionality. Smaller companies either met
the industry leader standards or were pushed out of the market.
The information security industry is at a similar stage today, with several
companies offering individual solutions such as firewalls that address only a
portion of a company's security needs. As a result, their customers face the
challenge of making all these solutions work together. Only early versions of
standards exist, forcing companies to complete multiple installations of “point”
solutions that provide individual components of their security systems.
As with the ERP systems, this will change as a small number of vendors emerge
as leaders and offer complete solutions that can support the majority of a
company's information security needs. Smaller niche players in the market will
integrate their products with these leaders' standards because their customers
will no longer be willing to have their IT staff perform this role. However, until this
day comes, the IT staff continues to bear the daunting task of cobbling all these
solutions together. They must deploy a constantly expanding list of products and
complete the integration work to ensure that these components are working
together.
Shortage of Information Security Staff
Finding qualified information security staff is a difficult task, which will likely
continue to be the case in the near future. Driving the hiring challenge is the
immaturity of the solutions from information security vendors, the limited number
of qualified staff available, and the unique blend of information security skills
required. Business executives will need to invest more in this area to overcome
these challenges.
Due to the immature market, lack of standards, and numerous point solutions,
training is a problem for security staff. The industry has not had the time to grow
the staff necessary for these roles. In addition, the information security
challenges keep growing at a rapid pace, constantly expanding the list of
technology to be deployed, and the information security staff just can't keep up.
This translates into more time and money to get your staff trained on
commercially available products.
Government Legislation and Industry Regulations
Recent information security incidents and increased reliance upon the Internet
have prompted governments around the world to create additional legislation to
regulate the technology ecosystem. This legislation spans broad areas, such as
consumer privacy, to specific regulations for industries, such as health care and
financial services. Because the Internet is easily accessible from many places in
the world, it is important to understand and operate in compliance with these
regulations. Companies that adhere to these regulations and thereby offer their
customers a safe and secure method for conducting business can differentiate
themselves from their competitors.
Privacy is a major issue in electronic commerce due to the high risk of misuse of
personal information. Computer systems contain personal information for millions
of customers, and if companies do not take the necessary precautions to ensure
that this information is safe and secure, their customers can have their
identities—including data such as name, address, phone number, and credit card
numbers—stolen and sold to the highest bidder on the Internet. Previously, only
a highly skilled hacker could break into these systems and access confidential
information. This is no longer the case; now a novice can use readily available
tools and gain access into these systems if the company does not use the proper
safeguards.
Mobile Workforce and Wireless Computing
The arrival of mobile computing devices has had a significant impact on everyday
life. Wireless communications liberate employees and consumers from relying on
phone lines to communicate. Looking for a phone booth to make a call or going
to the office to access email is quickly becoming a fading memory. Information
availability and communications have greatly increased due to mobile computing
devices. With the convenience of these devices, information security concerns
increase because the confidential information stored on them needs to be
protected.
In the past, staff members typically used one computer in the office for business
purposes and a different one at home for personal use. These lines have blurred
considerably over the past few years, with the use of mobile computers now
surpassing the number of desktop computers that remain in a home or office.
Laptop computers now enable employees to continue working at any time from
any location. Personal computing devices for storing name and address
information, phone numbers, and so on are no longer restricted to business
professionals because teenagers now keep track of this information using mobile
devices
Security is becoming a severe issue for individuals, enterprises, and
governments alike. In a world where everything is on the internet, from cute
kitten videos and our travel diaries to our credit card information, ensuring
that our data remains safe is one of the biggest challenges of Security.
1. RANSOMWARE ATTACKS
Ransomware attacks
Ransomware attacks have become popular in the last few years and pose one of
India’s most prominent Cyber Security challenges in 2020. According to the
Cyber Security firm Sophos, about 82% of Indian organizations were hit by
ransomware in the last six months. Ransomware attacks involve hacking into a
user’s data and preventing them from accessing it until a ransom amount is paid.
Ransomware attacks are critical for individual users but more so for businesses
who can’t access the data for running their daily operations. However, with most
ransomware attacks, the attackers don’t release the data even after the payment
is made and instead try to extort more money.
2. IOT ATTACKS
IOT Attacks
According to IoT Analytics, there will be about 11.6 billion IoT devices by 2021.
IoT devices are computing, digital, and mechanical devices that can
autonomously transmit data over a network. Examples of IoT devices include
desktops, laptops, mobile phones, smart security devices, etc. As the adoption of
Cyber Security. Attacking IoT devices can result in the compromise of sensitive
user data. Safeguarding IoT devices is one of the biggest challenges in Cyber
Security, as gaining access to these devices can open the doors for other
malicious attacks.
3. CLOUD ATTACKS
Cloud attacks
Most of us today use cloud services for personal and professional needs. Also,
hacking cloud-platforms to steal user data is one of the challenges in Cyber
Security for businesses. We are all aware of the infamous iCloud hack, which
exposed private photos of celebrities. If such an attack is carried out on
enterprise data, it could pose a massive threat to the organization and maybe
even lead to its collapse.
4. PHISHING ATTACKS
Phishing is a type of social engineering attack often used to steal user data,
including login credentials and credit card numbers. Unlike ransomware attacks,
the hacker, upon gaining access to confidential user data, doesn’t block it.
Instead, they use it for their own advantages, such as online shopping and illegal
money transfer. Phishing attacks are prevalent among hackers as they can
exploit the user’s data until the user finds out about it. Phishing attacks remain
one of the major challenges of Cyber Security in India, as the demographic here
isn’t well-versed with handling confidential data.
5. BLOCKCHAIN AND CRYPTOCURRENCY ATTACKS
Block chain and crypto currency attacks
While blockchain and cryptocurrency might not mean much to the average
internet user, these technologies are a huge deal for businesses. Thus, attacks
on these frameworks pose considerable challenges in Cyber Security for
businesses as it can compromise the customer data and business operations.
These technologies have surpassed their infancy stage but have yet not reached
an advanced secure stage. Thus, several attacks have been attacks, such as
DDOS, Sybil, and Eclipse, to name a few. Organizations need to be aware of the
security challenges that accompany these technologies and ensure that no gap is
left open for intruders to invade and exploit.
6. SOFTWARE VULNERABILITIES
Software Vulnerabilities
Even the most advanced software has some vulnerability that might pose
significant challenges to Cyber Security in 2020, given that the adoption of digital
devices now is more than ever before. Individuals and enterprises don’t usually
update the software on these devices as they find it unnecessary. However,
updating your device’s software with the latest version should be a top priority.
An older software version might contain patches for security vulnerabilities that
are fixed by the developers in the newer version. Attacks on unpatched software
versions are one of the major challenges of Cyber Security. These attacks are
usually carried out on a large number of individuals, like the Windows zero-day
attacks.
7. MACHINE LEARNING AND AI ATTACKS
Machine learning and AI attacks
While Machine Learning and Artificial Intelligence technologies have proven
highly beneficial for massive development in various sectors, it has its
vulnerabilities as well. These technologies can be exploited by unlawful
individuals to carry out cyberattacks and pose threats to businesses. These
technologies can be used to identify high-value targets among a large dataset.
Machine Learning and AI attacks are another big concern in India. A
sophisticated attack might prove to be too difficult to handle due to the lack of
Cyber Security expertise in our country.
8. BYOD POLICIES
BVOD Policies
Most organizations have a Bring-Your-Own-Device policy for their employees.
Having such systems poses multiple challenges in Cyber Security. Firstly, if the
device is running an outdated or pirated version of the software, it is already an
excellent medium for hackers to access. Since the method is being used for
personal and professional reasons, hackers can easily access confidential
business data. Secondly, these devices make it easier to access your private
network if their security is compromised. Thus, organizations should let go of
BYOD policies and provide secure devices to the employees, as such systems
possess enormous challenges of Computer Security and network compromise.
9. INSIDER ATTACKS
Insider attacks
While most challenges of Cyber Security are external for businesses, there can
be instances of an inside job. Employees with malicious intent can leak or export
confidential data to competitors or other individuals. This can lead to huge
financial and reputational losses for the business. These challenges of Computer
Security can be negated by monitoring the data and the inbound and outbound
network traffic. Installing firewall devices for routing data through a centralized
server or limiting access to files based on job roles can help minimize the risk of
insider attacks.
10. OUTDATED HARDWARE
Outdated Hardware
Well, don’t be surprised. Not all challenges of Cyber Security come in the form of
software attacks. With software developers realizing the risk of software
vulnerabilities, they offer a periodic update. However, these new updates might
not be compatible with the hardware of the device. This is what leads to outdated
hardware, wherein the hardware isn’t advanced enough to run the latest software
versions. This leaves such devices on an older version of the software, making
them highly susceptible to cyberattacks.
Lesson Proper for Week 3
Threats to Information Security
Information Security threats can be many like Software attacks, theft of
intellectual property, identity theft, theft of equipment or information, sabotage,
and information extortion.
Threat can be anything that can take advantage of a vulnerability to breach
security and negatively alter, erase, harm object or objects of interest.
Software attacks means attack by Viruses, Worms, Trojan Horses etc. Many
users believe that malware, virus, worms, bots are all same things. But they are
not same, only similarity is that they all are malicious software that behave
differently.
Malware is a combination of 2 terms- Malicious and Software. So Malware
basically means malicious software that can be an intrusive program code or a
anything that is designed to perform malicious operations on system. Malware
can be divided in 2 categories:
1. Infection Methods
2. Malware Actions
Malware on the basis of Infection Method are following:
Virus – They have the ability to replicate themselves by hooking them to the
program on the host computer like songs, videos etc and then they travel all over
the Internet. The Creeper Virus was first detected on ARPANET. Examples
include File Virus, Macro Virus, Boot Sector Virus, Stealth Virus etc.
Worms – Worms are also self replicating in nature but they don’t hook
themselves to the program on host computer. Biggest difference between virus
and worms is that worms are network aware. They can easily travel from one
computer to another if network is available and on the target machine they will
not do much harm, they will for example consume hard disk space thus slowing
down the computer.
Trojan – The Concept of Trojan is completely different from the viruses and
worms. The name Trojan derived from the ‘Trojan Horse’ tale in Greek
mythology, which explains how the Greeks were able to enter the fortified city of
Troy by hiding their soldiers in a big wooden horse given to the Trojans as a gift.
The Trojans were very fond of horses and trusted the gift blindly. In the night, the
soldiers emerged and attacked the city from the inside.
Their purpose is to conceal themselves inside the software that seem legitimate
and when that software is executed they will do their task of either stealing
information or any other purpose for which they are designed.
They often provide backdoor gateway for malicious programs or malevolent
users to enter your system and steal your valuable data without your knowledge
and permission. Examples include FTP Trojans, Proxy Trojans, Remote Access
Trojans etc.
Bots –: can be seen as advanced form of worms. They are automated processes
that are designed to interact over the internet without the need of human
interaction. They can be good or bad. Malicious bot can infect one host and after
infecting will create connection to the central server which will provide commands
to all infected hosts attached to that network called Botnet.
Malware on the basis of Actions:
Adware – Adware is not exactly malicious but they do breach privacy of the
users. They display ads on computer’s desktop or inside individual programs.
They come attached with free to use software, thus main source of revenue for
such developers. They monitor your interests and display relevant ads. An
attacker can embed malicious code inside the software and adware can monitor
your system activities and can even compromise your machine
Spyware – It is a program or we can say a software that monitors your activities
on computer and reveal collected information to interested party. Spyware are
generally dropped by Trojans, viruses or worms. Once dropped they installs
themselves and sits silently to avoid detection.
One of the most common example of spyware is KEYLOGGER. The basic job of
keylogger is to record user keystrokes with timestamp. Thus capturing interesting
information like username, passwords, credit card details etc.
Ransomware – It is type of malware that will either encrypt your files or will lock
your computer making it inaccessible either partially or wholly. Then a screen will
be displayed asking for money i.e. ransom in exchange.
Scareware – It masquerades as a tool to help fix your system but when the
software is executed it will infect your system or completely destroy it. The
software will display a message to frighten you and force to take some action like
pay them to fix your system.
Rootkits – are designed to gain root access or we can say administrative
privileges in the user system. Once gained the root access, the exploiter can do
anything from stealing private files to private data.
Zombies – They work similar to Spyware. Infection mechanism is same but they
don’t spy and steal information rather they wait for the command from hackers.
· Theft of intellectual property means violation of intellectual property
rights like copyrights, patents etc.
· Identity theft means to act someone else to obtain person’s personal
information or to access vital information they have like accessing the computer
or social media account of a person by login into the account by using their login
credentials.
· Theft of equipment and information is increasing these days due to the
mobile nature of devices and increasing information capacity.
· Sabotage means destroying company’s website to cause loss of
confidence on part of its customer.
· Information extortion means theft of company’s property or information to
receive payment in exchange. For example ransomware may lock victims file
making them inaccessible thus forcing victim to make payment in exchange. Only
after payment victim’s files will be unlocked.
These are the old generation attacks that continue these days also with
advancement every year. Apart from these there are many other threats. Below
is the brief description of these new generation threats.
Technology with weak security – With the advancement in technology, with
every passing day a new gadget is being released in the market. But very few are
fully secured and follows Information Security principles. Since the market is very
competitive Security factor is compromised to make device more up to date. This
leads to theft of data/ information from the devices
Social media attacks – In this cyber criminals identify and infect a cluster of
websites that persons of a particular organisation visit, to steal information.
Mobile Malware –There is a saying when there is a connectivity to Internet there
will be danger to Security. Same goes to Mobile phones where gaming
applications are designed to lure customer to download the game and
unintentionally they will install malware or virus in the device.
Outdated Security Software – With new threats emerging everyday, updation in
security software is a pre requisite to have a fully secured environment.
Corporate data on personal devices – These days every organization follows a
rule BYOD. BYOD means Bring your own device like Laptops, Tablets to the
workplace. Clearly BYOD pose a serious threat to security of data but due to
productivity issues organizations are arguing to adopt this.
Social Engineering – is the art of manipulating people so that they give up their
confidential information like bank account details, password etc. These criminals
can trick you into giving your private and confidential information or they will gain
your trust to get access to your computer to install a malicious software- that will
give them control of your computer. For example email or message from your
friend, that was probably not sent by your friend. Criminal can access your
friends device and then by accessing the contact list he can send infected email
and message to all contacts. Since the message/ email is from a known person
recipient will definitely check the link or attachment in the message, thus
unintentionally infecting the computer.
Web threats definition
Web-based threats, or online threats, are a category of cybersecurity risks that
may cause an undesirable event or action via the internet.
Web threats are made possible by end-user vulnerabilities, web service
developers/operators, or web services themselves. Regardless of intent or
cause, the consequences of a web threat may damage both individuals and
organizations.
This term typically applies to — but is not limited to — network-based threats in
the following categories:
Private network threats - impact sub-networks connected to the wider global
internet. Typical examples can include home Wi-Fi or ethernet networks,
corporate intranets, and national intranets.
Host threats - impact specific network host devices. The term host often refers to
corporate endpoints and personal devices, such as mobile phones, tablets, and
traditional computers.
Web server threats - impact dedicated hardware and software that serve web
infrastructure and services.
What are web threats?
Internet-based threats expose people and computer systems to harm online. A
broad scope of dangers fits into this category, including well-known threats like
phishing and computer viruses. However, other threats, like offline data theft, can
also be considered part of this group.
Web threats are not limited to online activity but ultimately involve the internet at
some stage for inflicted harm. While not all web threats are created deliberately,
many are intended — or have the potential — to cause:
Access denial. Prevention of entry to a computer and/or network services.
Access acquisition. Unauthorized or unwanted entry into a private computer
and/or network services.
Unauthorized or unwanted use of computer and/or network services.
Exposing private data without permission, such as photos, account credentials,
and sensitive government information.
Unauthorized or undesired changes to a computer and/or network services.
In recent years, the landscape of web threats has grown significantly.
Technologies like smart devices and high-speed mobile networks have allowed
for an always-connected vector of malware, fraud, and other complications. Also,
web adoption in areas like communications and productivity via the Internet of
Things (IoT) has outpaced user security awareness.
As we continue to rely more on the web for daily living, it will keep exponentially
rising as an attractive attack option for malicious parties. Convenience and a lack
of caution around web use are among the top concerns that continue to pose
new risks to privacy and security.
While targets are typically computer-based, human victims ultimately experience
the lasting effects of a web threat.
How do web threats work?
When a web threat arises, certain circumstances align to make it a point-of-
concern.
Namely, there are a few basic components to any web threat:
Threat motives give an intentional threat agent a reason or goal to cause harm.
Some threat agents don’t act intentionally or act autonomously and may,
therefore, be absent of motive.
Threat agents are anything or anyone that can negatively impact — with the
internet either as a threat vector or a target itself.
Vulnerabilities include any human behavior weakness, technology systems, or
other resources that can lead to a damaging exploit or incident.
Threat outcomes are the negative results of a threat agent acting against one or
more vulnerabilities.
As these components interact, a threat becomes an attack on computer
systems. Threat motives can include any of the following: financial, surveillance,
information, retaliation, sabotage, and more.
Threat agents are typically people with malicious intent. By extension, agents
may also be anything that is manipulated into acting in favor of the original threat
agent. However, some threat agents
— such as destructive nature events — act entirely without human intervention.
The types of threat agents include:
Non-human agents: Examples include malicious code (viruses, malware,
worms, scripts), natural disasters (weather, geological), utility failure (electrical,
telecom), technology failure (hardware, software), and physical hazards (heat,
water, impact).
Intentional human agents: Based on malicious intent. Can be internal
(employees, contractors, family, friends, acquaintances) and external
(professional and amateur hackers, nation-state actors and agencies, competitor
corporations)
Accidental human agents: Based on human error. Similar to intentional threats,
this type can include internal and external agents.
Negligence-based human agents: Based on careless behaviors or safety
oversights. Again, this category can also include internal and external agents.
Vulnerabilities may be points of weakness where someone or something can be
manipulated. Vulnerabilities can be considered a web threat and a concern that
enables other threats. This area typically includes some form of human or
technical weakness that can lead to penetration, misuse, or destruction of a
system.
Threat outcomes may lead to disclosed private info, deceived users, disrupted
computer system use, or seized access privileges. Web threats often result in,
but are not limited to, causing:
Reputation damage: Loss of trust from clients and partners, search engine
blacklisting, humiliation, defamation, etc.
Operations disruption: Operational downtime, access denial to web-based
services such as blogs or message boards, etc.
Theft: Financial, identity, sensitive consumer data, etc.
Cybercriminals will use almost any vulnerability within an operating system (OS)
or an application to conduct an attack. However, most cybercriminals will develop
web threats that deliberately target some of the most common operating
systems/applications, including:
Java: Because Java is installed on over 3 billion devices (that are running under
various operating systems) exploits can be created to target specific Java
vulnerabilities on several different platforms/operating systems.
Adobe Reader: Although many attacks have targeted Adobe Reader, Adobe has
implemented tools to protect the program against exploit activity. However,
Adobe Reader is still a common target.
Windows and Internet Explorer: Active exploits still target vulnerabilities that
were detected as far back as 2010 – including MS10-042 in Windows Help and
Support Center, and MS04-028, which is associated with incorrect handling of
JPEG files.
Android: Cybercriminals use exploits to gain root privileges. Then, they can
achieve almost complete control over the targeted device.
How do internet web threats spread?
The most concerning internet threats travel the web to attack more systems.
These threat agents often use a mix of human manipulation and technical
commands to reach their targets.
Web threats of this nature use the internet's many communications channels to
spread. Larger threats use the global internet to respond to threats, while more
targeted threats may directly infiltrate private networks.
Typically, these threats are distributed through web-based services. Malicious
actors prefer to place these threats in locations where users will often engage
with them. Public websites, social media, web forums, and email are often ideal
for spreading a web threat.
Users are affected when they engage with malicious URLs, downloads, or
provide sensitive info to websites and message senders. This engagement may
also trigger infection and spread of web threats to other users and networks. It’s
not uncommon for innocent users to unknowingly become threat agents
themselves.
How to spot web threats
Despite the unending scope of web-based dangers, it is possible to spot some
general traits of web threats. However, spotting a web threat requires a vigilant
eye to catch subtle details.
Some web threats are clearly of concern to web infrastructure hardware, such as
water and heat. While those are easier to spot, others require careful attention.
Any time you are browsing websites and receiving digital messages are when
you should be most cautious.
Here are some tips to guide you:
Grammar: Malicious actors may not always carefully craft their messages or web
content when assembling an attack. Look for typos, odd punctuation, and
unusual phrasing.
URLs: Harmful links can be masked under decoy anchor text — the visible text
that’s displayed. You can hover over a link to inspect its true destination.
Poor quality images: The use of low-resolution or unofficial images may indicate
a malicious webpage or message.
Types of web security threats
As mentioned previously, web threats typically include human and technical
manipulation in order to attack. Be aware there tends to be overlap between web
threats, and some may occur simultaneously. Some of the most common web
threats may include the following.
Social engineering
Social engineering involves deceiving users to act unknowingly against their own
best interests. These threats usually involve gaining the trust of users to deceive
them. Manipulating users in this way can include:
Phishing: Posing as legitimate institutions or people to get them to divulge
personal details.
Watering hole attacks: Exploiting popular websites to fool users into exposing
themselves to harm.
Network spoofing: Fraudulent access points that mimic legitimate ones.
Malicious code
Includes malware and harmful scripts (lines of computer programming
commands) to create or exploit technical vulnerabilities. Where social
engineering is the human side of web threats, malicious code is the technical
side. These threats can include but are not limited to:
Injection attacks: Insertion of harmful scripts into legitimate applications and
websites. Examples include SQL injection and cross-site scripting (XSS).
Botnet: Hijacking a user device for remote, automated use in a network of similar
“zombies.” These are used to accelerate spam campaigns, malware attacks, and
more.
Spyware: Tracking programs that monitor user actions on a computer device.
The most common examples are keyloggers.
Computer worms: Scripts that run, replicate, and spread autonomously without
the help of a related program.
Exploits
Exploits are intentional abuses of vulnerabilities that may lead to an undesirable
incident.
Brute force attacks: Manual or automated attempts to breach security “gates”
and vulnerabilities. This may typically involve generating all possible passwords
to a private account.
Spoofing: Masking a real identity to manipulate legitimate computer systems.
Examples include IP spoofing, DNS spoofing, and cache poisoning.
Cybercrime
Cybercrime refers to any unlawful activity conducted via computer systems.
These threats often use the web to enact their plans.
Cyberbullying: Mental abuse of victims using threats and harassment.
Unauthorized data disclosure involves the release of private information, such
as email leaks, intimate photos, and significant corporate data leaks.
Cyber libel: Also known as online defamation, this can involve attacking
individuals or organizations' reputations. This can be done through disinformation
(deliberate distribution of inaccurate information) or misinformation (mistaken
distribution of inaccurate information).
Advanced Persistent Threats (APTs): Malicious actors gain access to a private
network and establish ongoing access. They combine social engineering,
malicious code, and other threats to exploit vulnerabilities and gain this access.
Typically, web threats refer to malware programs that can target you when you're
using the internet. These browser-based threats include a range of malicious
software programs that are designed to infect victims’ computers. The main tool
behind such browser-based infections is the exploit pack – which gives
cybercriminals a route to infecting computers that either:
Do not have a security product installed
Contain a commonly used operating system or application that is vulnerable –
because the user hasn’t applied the latest updates, or a new patch has yet to be
issued by the software vendor
Kaspersky’s Internet security experts have identified the most active malicious
software programs involved in web threats. The list includes the following types
of online threats:
Malicious websites. Kaspersky identifies these websites by using cloud-based
heuristic detection methods. Most malicious URL detections are for websites that
contain exploits.
Malicious scripts. Hackers inject malicious scripts into the code of legitimate
websites that have had their security compromised. Such scripts are used to
perform drive-by attacks – in which visitors to the website are unknowingly
redirected to malicious online resources.
Scripts and executable PE files Generally, these either:
Download and launch other malicious software programs
Carry a payload that steals data from online banking and social network accounts
or steals login and user account details for other services
Trojan-Downloaders. These Trojan viruses deliver various malicious programs
to users’ computers.
Exploits and exploit packs. Exploits target vulnerabilities and try to evade the
attention of Internet security software.
Adware programs. Often, the adware will simultaneously install when a user
starts to download a freeware or shareware program.
Examples of web threats
Among the many examples of web threats, here are some of the more well-
known examples:
WannaCry ransomware
In May 2017, the WannaCry ransomware spread to many networks and locked
down countless Windows PCs. This threat was particularly dangerous because of
its worm functionality, allowing it to spread completely autonomously. WannaCry
exploited a native communication language within Windows to spread this
malicious code.
Celebrity iCloud phishing
A spear-phishing attack led to the breach of numerous celebrity iCloud accounts.
This breach ultimately resulted in the unauthorized leak of countless private
photos from these accounts.
While the attacker was eventually located and prosecuted, the victims are still
suffering from their intimate photos being made public — without their
permission. This has become one of the most well-known phishing attacks of the
decade.
How to protect yourself against web threats
Most threats are successful due to two main weaknesses:
Human error
Technical error
Full protection from web threats means you will need to find ways to cover these
weak points.
General tips to follow for both end-users and web service providers include:
Always create backups: All valuable data should be copied and stored safely to
prevent data loss in case of an incident. Websites, device drives, and even web
servers can be backed up.
Enable multi-factor authentication (MFA): MFA allows for additional layers of
user authentication on top of traditional passwords. Organizations should enable
this protection for users, while end-users should be sure to make use of it.
Scan for malware: Regular scans for infections will keep your computer devices
secured. Personal devices can all be covered through an antivirus
solution like Kaspersky Total Security. Enterprise endpoint machines and
computer networks should use this protection as well.
Keep all tools, software, and OS up to date: Computer systems are more
vulnerable when they’ve been unpatched against undiscovered holes in their
programming. Software developers regularly probe for weaknesses and issue
updates for this purpose. Protect yourself by downloading these updates.
Service providers like website owners and server operators are where true
comprehensive security starts. These parties will need to take precautions for
better protection. They can do this by:
Monitoring web traffic to gauge for normal volumes and patterns.
Implementing firewalls to filter and restrict unpermitted web connections.
Network infrastructure distribution to decentralize data and services. This
includes aspects like backups for various resources and geo server rotations.
Internal probing to investigate for unpatched vulnerabilities. This might, for
example, involve self-attacking with SQL injection attack tools.
Proper security configuration for access rights and session management.
Users should protect themselves by doing the following:
Scan downloads for malware.
Vet links before clicking, only clicking links if you are positive the destination is
safe and trusted.
Make strong, secure passwords, and avoid duplicates. Use a secure Password
Manager to help manage all of your accounts and passwords.
Throttle login attempts by triggering account lockdown after a limited number of
tries.
Look out for phishing red flags in texts, email, and other communications.
Lesson Proper for Week 4
Malware definition
Malware, short for malicious software, is a blanket term for viruses, worms,
trojans and other harmful computer programs hackers use to wreak destruction
and gain access to sensitive information. As Microsoft puts it, "[malware] is a
catch-all term to refer to any software designed to cause damage to a single
computer, server, or computer network." In other words, software is identified as
malware based on its intended use, rather than a particular technique or
technology used to build it.
This means that the question of, say, what the difference is between malware
and a virus misses the point a bit: a virus is a type of malware, so all viruses are
malware (but not every piece of malware is a virus).
Types of malware
There are a number of different ways of categorizing malware; the first is by how
the malicious software spreads. You've probably heard the words virus,
trojan, and worm used interchangeably, but as Symantec explains, they describe
three subtly different ways malware can infect target computers:
 A worm is a standalone piece of malicious software that reproduces itself
and spreads from computer to computer.
 A virus is a piece of computer code that inserts itself within the code of
another standalone program, then forces that program to take malicious
action and spread itself.
 A trojan is a program that cannot reproduce itself but masquerades as
something the user wants and tricks them into activating it so it can do its
damage and spread.
Malware can also be installed on a computer "manually" by the attackers
themselves, either by gaining physical access to the computer or using privilege
escalation to gain remote administrator access.
Another way to categorize malware is by what it does once it has successfully
infected its victim's computers. There are a wide range of potential attack
techniques used by malware:
 Spyware is defined by Webroot Cybersecurity as "malware used for the
purpose of secretly gathering data on an unsuspecting user." In essence,
it spies on your behavior as you use your computer, and on the data you
send and receive, usually with the purpose of sending that information to a
third party. A keylogger is a specific kind of spyware that records all the
keystrokes a user makes—great for stealing passwords.
 A rootkit is, as described by TechTarget, "a program or, more often, a
collection of software tools that gives a threat actor remote access to and
control over a computer or other system." It gets its name because it's a kit
of tools that (generally illicitly) gain root access (administrator-level control,
in Unix terms) over the target system, and use that power to hide their
presence.
 Adware is malware that forces your browser to redirect to web
advertisements, which often themselves seek to download further, even
more malicious software. As The New York Times notes, adware often
piggybacks onto tempting "free" programs like games or browser
extensions.
 Ransomware is a flavor of malware that encrypts your hard drive's files
and demands a payment, usually in Bitcoin, in exchange for the decryption
key. Several high-profile malware outbreaks of the last few years, such
as Petya, are ransomware. Without the decryption key, it's mathematically
impossible for victims to regain access to their files. So-called scareware is
a sort of shadow version of ransomware; it claims to have taken control of
your computer and demands a ransom, but actually is just using tricks like
browser redirect loops to make it seem as if it's done more damage than it
really has, and unlike ransomware can be relatively easily disabled.
 Cryptojacking is another way attackers can force you to supply them with
Bitcoin—only it works without you necessarily knowing. The crypto mining
malware infects your computer and uses your CPU cycles to mine
Bitcoin for your attacker's profit. The mining software may run in the
background on your operating system or even as JavaScript in a browser
window.
 Malvertising is the use of legitimate ads or ad networks to covertly deliver
malware to unsuspecting users’ computers. For example, a cybercriminal
might pay to place an ad on a legitimate website. When a user clicks on the
ad, code in the ad either redirects them to a malicious website or installs
malware on their computer. In some cases, the malware embedded in an
ad might execute automatically without any action from the user, a
technique referred to as a “drive-by download.”
Any specific piece of malware has both a means of infection and a behavioral
category. So, for instance, WannaCry is a ransomware worm. And a particular
piece of malware might have different forms with different attack vectors: for
instance, the Emotet banking malware has been spotted in the wild as both
a trojan and a worm.
A look at the Center for Internet Security's top 10 malware offenders for June of
2018 gives you a good sense of the types of malware out there. By far the most
common infection vector is via spam email, which tricks users into activating the
malware, Trojan-style. WannaCry and Emotet are the most prevalent malware on
the list, but many others, including NanoCore and Gh0st, are what's
called Remote Access Trojans or RATs—essentially, rootkits that propagate like
Trojans. Cryptocurrency malware like CoinMiner rounds out the list.
How to prevent malware
With spam and phishing email being the primary vector by which malware infects
computers, the best way to prevent malware is make sure your email systems
are locked down tight—and your users know how to spot danger.
We recommend a combination of carefully checking attached documents and
restricting potentially dangerous user behavior—as well as just familiarizing your
users with common phishing scams so that their common sense can kick in.
When it comes to more technical preventative measures, there are a number of
steps you can take, including keeping all your systems patched and updated,
keeping an inventory of hardware so you know what you need to protect, and
performing continuous vulnerability assessments on your infrastructure. When it
comes to ransomware attacks in particular, one way to be prepared is to always
make backups of your files, ensuring that you'll never need to pay a ransom to
get them back if your hard drive is encrypted.
Malware protection
Antivirus software is the most widely known product in the category of malware
protection products; despite "virus" being in the name, most offerings take on all
forms of malware. While high-end security pros dismiss it as obsolete, it's still the
backbone of basic anti-malware defense. Today's best antivirus software is from
vendors Kaspersky Lab, Symantec and Trend Micro, according to recent tests by
AV-TEST.
When it comes to more advanced corporate networks, endpoint security offerings
provide defense in depth against malware. They provide not only the signature-
based malware detection that you expect from antivirus, but anti-spyware,
personal firewall, application control and other styles of host intrusion prevention.
Gartner offers a list of its top picks in this space, which include products from
Cylance, CrowdStrike, and Carbon Black.
How to detect malware
It's fully possible—and perhaps even likely—that your system will be infected by
malware at some point despite your best efforts. How can you tell for
sure? CSO columnist Roger Grimes has written a deep dive into how to diagnose
your PC for potential malware that you might find helpful.
When you get to the level of corporate IT, there are also more advanced visibility
tools you can use to see what's going on in your networks and detect malware
infections. Most forms of malware use the network to either spread or send
information back to their controllers, so network traffic contains signals of
malware infection that you might otherwise miss; there are a wide range of
network monitoring tools out there, with prices ranging from a few dollars to a few
thousand. There are also SIEM tools, which evolved from log management
programs; these tools analyze logs from various computers and appliances
across your infrastructure looking for signs of problems, including malware
infection. SIEM vendors range from industry stalwarts like IBM and HP Enterprise
to smaller specialists like Splunk and Alien Vault.
Malware removal
How to remove malware once you're infected is in fact the million dollar question.
Malware removal is a tricky business, and the method can vary depending on the
type you're dealing with. CSO has information on how to remove or otherwise
recover from rootkits, ransomware, and cryptojacking. We also have a guide
to auditing your Windows registry to figure out how to move forward.
If you're looking for tools for cleansing your system, Tech Radar has a
good roundup of free offerings, which contains some familiar names from the
antivirus world along with newcomers like Malwarebytes.
Malware examples
We've already discussed some of the current malware threats looming large
today. But there is a long, storied history of malware, dating back to infected
floppy disks swapped by Apple II hobbyists in the 1980s and the Morris
Worm spreading across Unix machines in 1988. Some of the other high-profile
malware attacks have included:
 ILOVEYOU, a worm that spread like wildfire in 2000 and did more than $15
billion in damage
 SQL Slammer, which ground internet traffic to a halt within minutes of its
first rapid spread in 2003
 Conficker, a worm that exploited unpatched flaws in Windows and
leveraged a variety of attack vectors – from injecting malicious code to
phishing emails – to ultimately crack passwords and hijack Windows
devices into a botnet.
 Zeus, a late '00s keylogger Trojan that targeted banking information
 CryptoLocker, the first widespread ransomware attack, whose code keeps
getting repurposed in similar malware projects
 Stuxnet, an extremely sophisticated worm that infected computers
worldwide but only did real damage in one place: the Iranian nuclear facility
at Natanz, where it destroyed uranium-enriching centrifuges, the mission it
was built for by U.S. and Israeli intelligence agencies
Malware trends
You can count on cyber criminals to follow the money. They will target victims
depending on likelihood of delivering their malware successfully and size of
potential payout. If you look at malware trends over the past few years, you will
see some fluctuation in terms of the popularity of certain types of malware and
who the most common victims are—all driven by what the criminals believe will
have the biggest ROI.
Recent research reports indicate some interesting shifts in malware tactics and
targets. Cryptominers, which had surpassed ransomware as the most common
type of malware, are falling out of favor due to the decline in cryptocurrency
values. Ransomware is becoming more targeted, moving away from a shotgun
approach.
Malware attacks on businesses spike
Businesses saw a 79 percent increase in the amount of malware they dealt with
in 2018 over 2017, according to the Malwarebytes Labs State of Malware Report
2019. “What we usually see year-end or quarterly end is that there has been
some sort of increase or large amounts of detections on the consumer side,”
says Adam Kujawa, director of Malwarebytes Labs. “On the business side it
might slowly grow, but certainly nothing like we’ve seen this last six months.” By
comparison, consumer detections decreased by 3 percent over the same period.
“We’ve observed that there is a significant push by cyber criminals to move away
from consumers and put their really heavy stuff against businesses instead,”
Kujawa adds.
That “really heavy stuff” comes largely in the form of older consumer-focused
malware that’s “been weaponized” to become a bigger, more versatile threat for
business. Kujawa cites Emotet as one of the most significant. “It’s a nasty little
information stealing Trojan that also installs additional malware, spreads laterally,
and acts as its own spam sender. Once it infects a system, it starts sending email
and tries to infect other people.”
Emotet has been around since 2014 and targeted mainly consumers. Originally,
it infected a computer looking for an individual’s financial or credit card
information to steal. Since then, it’s picked up new capabilities inspired by or
borrowed from other successful malware like Wannacry or EternalBlue. “Now it’s
become much more modular and we see it able to use these exploits to traverse
through a corporate network whereas before they were limited to a single
endpoint,” says Kujawa. “Even if it’s a small network in a small business, it’s
more juicy than infecting Grandma.”
Lateral movement of malware is increasing, according to the Global Threat
Report: The Year of the Next-Gen Cyberattack from Carbon Black. Nearly 60
percent of malware attacks on business are now designed to move laterally
across a network.
One reason for the spike in malware attacks on business might be the
EU’s General Data Privacy Regulation (GDPR). Kujawa believes it’s possible that
attackers stepped up business attacks thinking that it would be harder to steal
personal and other data after the regulation went into effect. That combined with
the decline of cryptocurrency values and stepped up defenses against
ransomware turned attackers to what worked in the past. “They always [go back
to what works],” he says. “Cyber crime is cyclical. It always comes back around.”
Cryptomining attacks decline
The Malwarebyte Labs report has seen a shift away from cryptomining starting in
the second quarter of 2018, due largely to the decline in cryptocurrency values.
Still, the number of cryptomining detections increased for the year by 7 percent.
Instead, cyber criminals are turning to information stealing malware like Emotet to
turn a profit. “Overall, it seems as though criminals have reached the consensus
that sometimes stealing is better than mining,” the report stated.
Ransomware becoming more targeted
Kujawa notes that small and medium-sized businesses (SMBs) are becoming
more popular targets. He attributes this to the likelihood of being paid for
ransomware attacks—SMBs often can’t afford the downtime and see paying
ransom as the fastest way to recover. They also often softer targets than larger
businesses.
Ransomware detections actually declined by 26 percent worldwide in 2018,
according to the Malwarebytes report. However, ransomware detections at
businesses rose by 28 percent. Industries most often targeted were consulting,
education, manufacturing and retail. Kujawa believes criminals focus on these
industries because of opportunity and likelihood of ransoms being paid.
7 LAYERS OF SECURITY
Security is an important factor for people all over the world due to the existence
of important information which may be stored on the computer or any other
system, so you have to provide different facilities to protect this information and
not allow others to access it, in the world of computers, security has many
details, and to understand each of them, at the beginning, you need to be fully
aware of the computer in general, so that you can maintain the security of your
site better, security has 7 layers, which we will discuss in the following.
1- Information Security Policies:
One of the main layers of information security is Information Security Policies,
which gives users the assurance that you give a value to their information and do
your best to protect them, the security plans for people who want to protect
information must be prearranged and should have a step-by-step process to
strengthen the security of your site.
In general, information security policies reflect the thoughts of the media and
show all their efforts to protect information, through this layer of security ,
information can be secured against all existing threats.
This layer of security has 3 main types that we will mention in the
following:
- Organizational (or Master) Policy
- System-specific Policy
- Issue-specific Policy
2- Physical Security:
This layer of security is always an important for many people, and they regularly
provide facilities through which they can establish physical security to protect
information, in the real world, if you have a valuable object, such as money,
jewelry, documents, etc., you maintain this layer of security as fully as possible,
for example, if you leave that valuable object in a safe place, or give it to
someone who you trust, you are not worried about protecting them.
The same thing is also true for computers, generally, physical security is defined
as the protection of hardware and software components, networks, and data from
natural physical conditions and events, which may cause serious damage to an
organization and the information contained in them, in other words, physical
security includes all measures to protect all hardware, information and software
available against theft, natural disasters, etc., in order to achieve this kind of
security, you must pay attention to some tips which help you keep your
information safe.
There may be different tips about the ways of establishing this layer
of security which are different from each other, to establish this layer of security,
you may choose a safe room with CCTV cameras, or restrict the access of
different people to this room, which can also help you in protecting important
information and other solutions that exists to ensure you that physical security is
set up properly, it should also be noted that different there are different threats for
this section, including, abnormal weather conditions, pouring coffee on the
computer, people who target your information, etc., to establish security for each
of these threats, certain principles are required.
3- Secure Networks and Systems:
This layer of security is very widespread, which includes all measures,
equipment, etc., which cause the security of the system and the network to be
integrated,m and prevent any threatening factors from entering your system, and
ultimately provide security for you.
Network security has 3 types, which we are going to discuss in the
following.
· Physical Network Security:
This type of network security control is to protect information and prevent illegal
access to the system.
· Technical Network Security:
This type is so important and protects all the data that is in the computer,
including the one that is being transferred from the computer or the data that is
entering the computer, in order to establish the security of this layer, you must
pay attention to many points.
· Administrative Network Security:
As you know, the behaviors of users who have access to information, cannot be
controlled, and you must provide facilities in advance, so that you can prevent
any event that affects the security structure of the network, one of the things that
can be done in this section, is restricting people's access to all information, which
is an effective way to prevent a series of unfortunate events.
In general, in this layer of security , you can do the following:
· Network Access Control
· Antivirus and Antimalware Software
· Firewall Protection
· Virtual Private Networks
4- Vulnerability Programs:
Despite the spread of cyber attacks and loss of information which they cause,
and the daily progress of hackers, security layers have received more attention
from users, and they try to study and search in this field to have control over each
layer and implement all the necessary strategies to protect their information,
hackers are constantly scrutinizing the weaknesses of a system and use these
weak points to attack the system and its information, so they get their desired
results through them.
In this layer of security, you must pay more attention to the vulnerabilities of a
system, all of these weak points have to be identified through various tools, then
you should try to do your best to solve the problem because that weak points
must be strengthened in order to increase security in general, so you
can improve your system security by paying attention to all points.
5- Strong Access Control Measures:
This layer of security has a great impact on establishing security in general, and
all the actions that are taken in this layer, ultimately, are aimed at controlling
people's access to information, to achieve this goal, various solutions can be
taken, including the solution of setting passwords which are hard to be guessed,
which should include more than 8 characters, so it is hard for people to guess
this password, as a result they cannot access your information easily.
This layer of security contains the following 3 types:
· Discretionary Access Control (DAC)
· Managed Access Control (MAC)
· Role-Based Access Control (RBAC)
6- Protect and Backup Data:
This layer of security helps you to have no worries about the stored information,
and it is constantly recommended in this layer to provide backup information, so
that in case of unexpected events, your information won’t be damaged and will
be protected as much as possible, there are a number of ways you can get help
from them in order to implement this layer properly, including keeping information
in a safe place other than the current information system that helps you maintain
your information safe. It should be noted that it is necessary to establish the
security for the information from which you have made a backup.
7- Monitor and Test Your Systems:
In this layer, you should review all the actions you have taken and examine all
the aspects, so that you can identify the possible dangers that threaten your
information and system, in general, the system monitoring process helps you
solve these problems and does not allow a problem to occur, which causes
damage to your system or loss of your information.
To implement this layer, there are various tools which will help you achieve your
goal, some of which we are going to mention in the following section.
· SolarWinds Server and Application Monitor
· NinjaRMM
· PRTG - OpManager by ManageEngine
· OpenNMS
· WhatsUp Gold
· OpenNMS

Lesson Proper for Week 5
What Does Password Protection Mean?
Password protection is a security process that protects information accessible via
computers that needs to be protected from certain users. Password protection
allows only those with an authorized password to gain access to certain
information.
Password protect
To password protect is to implement or enable a password on a computer,
network device, online service, file, user account, or data. When password
protection is enabled, users receive a prompt for a username or password before
they're given access. For example, to log in to a Microsoft Windows account, the
user must enter the proper credentials. The same goes for a file that is password
protected.
If the incorrect information is entered, users can't access certain computers,
online services, files, or other password-protected areas. If the incorrect
password is entered multiple times, access is usually locked temporarily. Once
locked, you must wait for a set time before trying the password again or ask for
support to unlock the computer, account, or file.
If you can't remember the password for an online account, most services provide
a forgot password feature to help you reset it.
Protecting Against Malware
So now we're at the biggest question of all: "How do I make sure my computer or
network is malware-free?"
The answer has two parts: Personal vigilance, and protective tools. One of the
most popular ways to spread malware is by email, which may be disguised to
look as if it is from a familiar company such as a bank, or a personal email from a
friend.
Be wary of emails that ask you to provide passwords. Or emails that seem to be
from friends, but have only a message such as "check out this cool website!"
followed by a link.
Personal vigilance is the first layer of protection against malware, but simply
being careful is not enough. Because business security is not perfect, even
downloads from legitimate sites can sometimes have malware attached. Which
means that even the most prudent user is at risk, unless you take additional
measures.
What is Malware Protection?
Malware security protection provides that second vital layer of protection for your
computer or network. A robust antivirus software package is the primary
component of technological defenses that every personal and business computer
system should have.
Well-designed antivirus protection has several characteristics. It checks any
newly downloaded program to ensure that it is malware-free. It periodically scans
the computer to detect and defeat any malware that might have slipped through.
It is regularly updated to recognize the latest threats.
Good antivirus protection can also recognize — and warn against — even
previously unknown malware threats, based on technical features (such as
attempting to "hide" on a computer) that are characteristic of malware. In
addition, robust antivirus software detects and warns against suspicious
websites, especially those that may be designed for "phishing" (a technique that
tricks users into entering passwords or account numbers).
Finally, malware protection needs to be usable. Effective antivirus software must
be simple to download and install, so you don't need to be a Ph.D. in computer
science in order to use it. Look for antivirus software solutions that have the
characteristics outlined above — and follow through by installing it.
Robust malware protection specifically guards your finances. These tools
safeguard your account information, and can also provide password-
management tools so that frustration over forgotten passwords does not lead you
to skip over this essential component of protection.
No protection is absolute. But a combination of personal awareness and well-
designed protective tools will make your computer as safe as it can be.
Workspace security
Each group you add to a workspace can have vastly different permissions than
others. You can also copy an existing group’s permissions to save time on
configuring them.
Limit access to your workspace
Slack allows for transparency, and sometimes that means sharing proprietary
information or sensitive details. Here are some tips to ensure only the right
people have access to information in your workspace:
 Only invite people you know
For total control, keep the default setting to only let Workspace Owners and
Admins send invitations to new members. If you do allow others to send
invites, review pending and accepted invitations periodically.
Deactivate members’ accounts who no longer need access
Change is constant, and people come and go. Don’t forget to deactivate a
member’s account when they leave. Workspace Owners on the Business+ and
Enterprise Grid plans can streamline deactivation with an identity provider
using SCIM provisioning.
Add people from other companies to a channel
To work with external partners who don’t need access to all the information in
your workspace, you can use Slack Connect to invite them to channels. This lets
you collaborate securely and productively in one centralized place, all from your
own workspaces.
Use guest accounts and limit the channels they're invited to
Some members of your Slack workspace (like contractors, interns, or clients)
may only need access to certain channels. Guest accounts are a great way to
manage who has access to the information they need in your workspace.
Manage email display
Members can find each others' email addresses in their profiles, but some people
may prefer to keep this info private. Workspace Owners and Admins can choose
if members’ email addresses are displayed in their Slack profiles.
Workspace permissions
workspace permissions into five categories
· Object security
· Tab visibility
· Browsers
· Mass operations
· Admin operations
Object security
workspace objects with their related item-level permissions. Item-level rights
include:
· None - denies users access to the object.
· View - view the object. This is the lowest level object permission.
· Edit - edit and view the object.
· Delete - delete, edit, and view the object.
· Add - add new objects. This icon turns blue when the setting is unsaved;
once you click Save, the blue icon becomes grey.
· Edit Security - grants users the ability to edit the security of objects.
Tab visibility
Tab Visibility lists all parent and child tabs to which you can grant groups access.
Combine object security permissions and tab visibility access to give users the
tools they need to complete their tasks. Select a tab to make it visible for a group.
Mass operations
In the Mass Operations section, you control which types of mass action rights the
group can access. This section also lists any custom mass operations that you
have added to Relativity or that are available in applications currently installed in
your environment.
Browsers
In the Browsers section, you control which browsers are visible to a group. Select
a browser type to make it visible for the group.
Admin operations
You can secure several admin operations separately. To assign permissions to a
group, select checkboxes for any combination of these operations.
Physical Security
Most people think about locks, bars, alarms, and uniformed guards when they
think about security. While these countermeasures are by no means the only
precautions that need to be considered when trying to secure an information
system, they are a perfectly logical place to begin.
Physical security is a vital part of any security plan and is fundamental to all
security efforts--without it, information security software security, user access
security and network security are considerably more difficult, if not impossible, to
initiate. Physical security refers to the protection of building sites and equipment
(and all information and software contained therein) from theft, vandalism, natural
disaster, manmade catastrophes, and accidental damage (e.g., from electrical
surges, extreme temperatures, and spilled coffee). It requires solid building
construction, suitable emergency preparedness, reliable power supplies,
adequate climate control, and appropriate protection from intruders.
Create a Secure Environment: Building and Room Construction
· Don't arouse unnecessary interest in your critical facilities: A secure room
should have "low" visibility (e.g., there should not be signs in front of the building
and scattered throughout the hallways announcing "expensive equipment and
sensitive information this way").
· Select only those countermeasures that meet percuived needs as
indentified during risk assessment and support security policy.
· Maximize structural protection: A secure room should have full height walls
and fireproof ceilings.
· Minimize external access (doors): A secure room should only have one or
two doors--they should be solid, fireproof, lockable, and observable by assigned
security staff. Doors to the secure room should never be propped open.
· Minimize external access (windows): A secure room should not have
excessively large windows. All windows should have locks.
· Maintain locking devices responsibly: Locking doors and windows can be
an effective security strategy as long as appropriate authorities maintain the keys
and combinations responsibly. If there is a breach, each compromised lock
should be changed.
· Investigate options other than traditional keyhole locks for securing areas
as is reasonable: Based on the findings from your risk assessment consider
alternative physical security strategies such as window bars, anti-theft cabling
(i.e., an alarm sounds when any piece of equipment is disconnected from the
system), magnetic key cards, and motion detectors.
Recognize that some countermeasures are ideals and may not be feasible
if, for example, your organization is housed in an old building.
Be prepared for fire emergencies: In an ideal world, a secure room should be
protected from fire by an automatic fire-fighting system. Note that water can
damage electronic equipment, so carbon dioxide systems or halogen agents are
recommended. If implemented, staff must be trained to use gas masks and other
protective equipment. Manual fire fighting equipment (i.e., fire extinguishers)
should also be readily available and staff should be properly trained in their use.
Maintain a reasonable climate within the room: A good rule of thumb is that if
people are comfortable, then equipment is usually comfortable--but even if
people have gone home for the night, room temperature and humidity cannot be
allowed to reach extremes (i.e., it should be kept between 50 and 80 degrees
Fahrenheit and 20 and 80 percent humidity). Note that it's not freezing
temperatures that damage disks, but the condensation that forms when they
thaw out.
Be particularly careful with non-essential materials in a secure computer
room: Technically, this guideline should read "no eating, drinking, or smoking
near computers," but it is quite probably impossible to convince staff to
implement such a regulation. Other non-essential materials that can cause
problems in a secure environment and, therefore, should be eliminated include
curtains, reams of paper, and other flammables.
Guard Equipment:
Keep critical systems separate from general systems: Prioritize equipment
based on its criticality and its role in processing sensitive information. Store it in
secured areas based on those priorities.
House computer equipment wisely: Equipment should not be able to be seen or
reached from window and door openings, nor should it be housed near radiators,
heating vents, air conditioners, or other duct work. Workstations that do not
routinely display sensitive information should always be stored in open, visible
spaces to prevent covert use.
Protect cabling, plugs, and other wires from foot traffic: Tripping over loose wires
is dangerous to both personnel and equipment.
Keep a record of your equipment: Maintain up-to-date logs of equipment
manufacturers, models, and serial numbers in a secure location. Be sure to
include a list of all attached peripheral equipment. Consider videotaping the
equipment (including close-up shots) as well. Such clear evidence of ownership
can be helpful when dealing with insurance companies.
Maintain and repair equipment: Have plans in place for emergency repair of
critical equipment. Either have a technician who is trained to do repairs on staff or
make arrangements with someone who has ready access to the site when repair
work is needed. If funds allow, consider setting up maintenance contracts for
your critical equipment. Local computer suppliers often offer service contracts for
equipment they sell, and many workstation and mainframe vendors also provide
such services. Once you've set up the contract, be sure that contact information
is kept readily available. Technical support telephone numbers, maintenance
contract numbers, customer identification numbers, equipment serial numbers,
and mail-in information should be posted or kept in a log book near the system
for easy reference. Remember that computer repair technicians may be in a
position to access your confidential information, so make sure that they know
and follow your policies regarding outside employees and contractors who
access your system.
Rebuff Theft:
Identify your equipment as yours in an overt way: Mark your equipment in an
obvious, permanent, and easily identifiable way. Use bright (even fluorescent)
paint on keyboards, monitor backs and sides, and computer bodies. It may
decrease the resale value of the components, but thieves cannot remove these
types of identifiers as easily as they can adhesive labels.
Losing a computer to theft has both financial costs (the replacement value
of the equipment) and information costs (the files contained on the hard
drive).
Identify your equipment as yours in a covert way: Label the inside of equipment
with the organization's name and contact information to serve as powerful
evidence of ownership.
Make unauthorized tampering with equipment difficult: Replace regular body
case screws with Allen-type screws or comparable devices that require a special
tool (e.g., an Allen wrench) to open them.
Limit and monitor access to equipment areas: Keep an up-to-date list of
personnel authorized to access sensitive areas. Never allow equipment to be
moved or serviced unless the task is pre-authorized and the service personnel
can produce an authentic work order and verify who they are. Require picture or
other forms of identification if necessary. Logs of all such activity should be
maintained. Staff should be trained to always err on the cautious side (and the
organization must support such caution even when it proves to be inconvenient).
Laptops and other expensive equipment that leave the office often never
return.
something you should do (icon)
Attend to Portable Equipment and Computers:
· Never leave a laptop computer unattended: Small, expensive things often
disappear very quickly--even more quickly from public places and vehicles!
Store laptop computers wisely: Secure laptops in a hotel safe rather than a hotel
room, in a hotel room rather than a car, and in a car trunk rather than the back
seat.
Stow laptop computers appropriately: Just because a car trunk is safer than its
back seat doesn't mean that the laptop won't be damaged by an unsecured tire
jack. Even if the machine isn't stolen, it can be ruined all the same. Stow the
laptop and its battery safely!
Don't leave a laptop computer in a car trunk overnight or for long periods of
time: In cold weather, condensation can form and damage the machine. In warm
weather, high temperatures (amplified by the confined space) can also
damage hard drives.
Regulate Power Supplies:
· Be prepared for fluctuations in the electrical power supply:
Do so by (1) plugging all electrical equipment into surge suppressors or electrical
power filters;
and (2) using Uninterruptible Power Sources (UPSs) to serve as auxiliary
electrical supplies to critical equipment in the event of power outages
Pay attention to the manufacturer's recommendations for storing portable
computer batteries--they carry live charges and are capable of igniting fires if not
handled properly.
· Protect power supplies from environmental threats: Consider having a
professional electrician design or redesign your electrical system to better
withstand fires, floods, and other disasters.
· Select outlet use carefully: Although little thought generally goes into
plugging equipment into an outlet, machines that draw heavily from a power
source can affect, and be affected by, smaller equipment that draws energy from
the same outlet.
· Guard against the negative effects of static electricity in the office place:
Install anti-static carpeting and anti-static pads, use anti-static sprays, and
encourage staff to refrain from touching metal and other static-causing agents
before using computer equipment.
Protect Output:
Keep photocopiers, fax machines, and scanners in public view: These types of
equipment are very powerful tools for disseminating information--so powerful, in
fact, that their use must be monitored.
Assign printers to users with similar security clearances: You don't want
employees looking at sensitive financial information (e.g., staff salaries) or
confidential student information (e.g., individual records) while they are waiting
for their documents to print. It is better to dedicate a printer to the Director of
Finance than to have sensitive data scattered around a general use printer. Don't
hesitate to put printers in locked rooms if that is what the situation demands.
Label printed information appropriately: Confidential printouts should be clearly
identified as such.
Demand suitable security procedures of common carriers when
shipping/receiving confidential information: Mail, delivery, messenger, and courier
services should be required to meet your organization's security standards when
handling your confidential information.
Dispose of confidential waste adequately: Print copies of confidential information
should not be placed in common dumpsters unless shredded.
Electronic Mail Policy
User Responsibilities
These guidelines are intended to help you make the best use of the electronic
mail facilities at your disposal. You should understand the following:
The agency provides electronic mail to staff to enable them to communicate
effectively and efficiently with other members of staff, other companies, and
partner organizations.
When using the agency's electronic mail facilities you should comply with the
following guidelines.
If you are in any doubt about an issue affecting the use of electronic mail, you
should consult the IT Services Manager.
Any breach of the agency's Electronic Mail Policy may lead to disciplinary action.
DO
Do check your electronic mail daily to see if you have any messages.
Do include a meaningful subject line in your message.
Do check the address line before sending a message and check you are
sending it to the right person.
Do delete electronic mail messages when they are no longer required.
Do respect the legal protections to data and software provided by copyright
and licenses.
Do take care not to express views that could be regarded as defamatory or
libelous.
Do use an "out of the office assistant" to automatically reply to messages
when you are not available.
DO NOT
Do not print electronic mail messages unless absolutely necessary.
Do not expect an immediate reply; the recipient might not be at their computer
or could be too busy to reply straight away.
Do not forward electronic mail messages sent to you personally to others,
particularly newsgroups or mailing lists, without the permission of the
originator.
Do not use electronic mail for personal reasons.
Do not send excessively large electronic mail messages or attachments.
Do not send unnecessary messages such as festive greetings or other
nonwork items by electronic mail, particularly to several people.
Do not participate in chain or pyramid messages or similar schemes. Do not
represent yourself as another person.
Do not use electronic mail to send or forward material that could be construed
as confidential, political, obscene, threatening, offensive, or libelous.
Network Security
Network security, especially as it relates to the biggest network of all, the
Internet, has emerged as one of today's highest-profile information security
issues. Many education organizations have already connected their computing
resources into a single network; others are in the process of doing so. The next
step for these organizations is to weigh the costs and benefits of opening a
connection between their private networks (with their trusted users) and the
unknown users and networks that compose the Internet.
Policy Issues
Connecting to the Internet doesn't necessarily raise its own security policy issues
as much as it focuses attention on the necessity of implementing security
strategies properly. Internet security goals fall within two major domains. The first
centers around protecting your networks, information, and other assets from
outside users who enter your network from the Internet. The second deals with
safeguarding information as it is being transmitted over the Internet.
Protect Your Network from Outsiders:
Implement applicable security recommendations as raised in previous
chapters: Solid defense against external Internet threats includes the proper
implementation of relatively straightforward security measures
like encryption software, virus scanners , remote access regulations,
and passwords.
Isolate your network through the use of a firewall: Installing a firewall enables
the organization to decide which types of messages should be allowed into
the system from external sources (e.g., "nothing with identifiable virus coding"
and "nothing with decryptor coding structures"). The actual installation and
operation of the complex features requires expert technical assistance, but
policy-makers can make informed decisions about product features all the same.
Locate equipment and information that is intended for external users outside of
the firewall: If an organization's Web server is intended to provide information
and services to the public, it should not be located on the private side of the
firewall. Nor should it be able to access confidential information that resides
inside the firewall. This way, if the public Web server should ever be
compromised, confidential information is still protected.
Protect Transmissions Sent over the Internet:
Use Secure Sockets Layer (SSL) Servers to secure financial and information
transactions made with a Web browser: In a secure Web session, your Web
browser generates a random encryption key and sends it to the Web site host to
be matched with its public encryption key. Your browser and the Web site then
encrypt and decrypt all transmissions.
Authenticate messages through the use of digital signatures: A digital
signature amounts to a "fingerprint" of a message. It depicts the message such
that if the message were to be altered in any way, the "fingerprint" would reflect
it--thus making it possible to detect counterfeits. The converse, of course, is that
if the "fingerprint" does not change during transmission, you can be confident that
the message was not altered.
Authenticate messages through the use of time stamps or sequence
numbers: Another way to recognize when messages have been modified is to
challenge the "freshness" of the message. This is done by embedding time
stamps, sequence numbers, or random numbers in the message to indicate
precisely when and in what order the message was sent. If a received message's
time and sequence are not consistent, you will be alerted that someone may
have tampered with the transmission.
Authenticate message "receivers" through the use of digital certificates: By
requiring an authentication agent or digital certificate, you force the person on the
other end of the transmission to prove his or her identity. In the digital world,
trusted third parties can serve as certificate authorities--entities that verify who
a user is for you. In this way, digital certificates are analogous to a state-issued
driver's license. If you trust the party that issues the certificate (e.g., the state or
the certificate authority), then you don't need to try to verify who the user is
yourself.
Encrypt all messages sent over the Internet: As more and more messages are
sent over larger and larger networks, information becomes increasingly
vulnerable to assault. Encryption has become a leading tool to combat
this vulnerability. Like other countermeasures, it can be very effective if used
properly and regularly