Security
Security
for an Organization
• They can attack Organization for various reasons and steal Organization privacy data.
•This is a guide for design, implement, and assess the security of computer networks and information
systems.
•This mean C is Confidentiality, I is Integrity, and A is Availability.(CIA)
Confidentiality
Integrity
Availability
The meaning of CIA
• These threats can be intentional (e.g., cyber-attacks, hacking attempts, data breaches) or unintentional (e.g., accidental data loss,
hardware failures).
Vulnerabilities
• Vulnerabilities are weak points or gaps in a company's security measures that a threat could take advantage of.
• These could be insufficient access controls, old software, incorrect settings, or unpatched systems.
Risk
• The potential negative effects or outcomes that could result from successful threats exploiting vulnerabilities are known as risks.
• These effects may include monetary loss, harm to one's reputation, data breaches, and failure to comply with regulations.
Threat Update(DDOS OR DOS)
•The meaning of DDOS or DOS is distributed denial of service (DDOS) or denial of service (DOS).
•A request made to a server by one or more attackers is known as a "DDOS attack" or "dos.“
• These requests have increased the server's CPU burden, making it the last server to fall down.
•As a result, some people lose a lot of money and some people are unable to utilize the impacted device
or service owing to the server going down.
Types of Threats
•Physical Threats
•Internal Threats
•External Threats
Physical Threats
•Access by unauthorized parties to physical devices, such as servers, computers, or networking
equipment, resulting in the loss of confidential information or intellectual property.
•Intentional destruction of hardware elements, which may lead to system faults or downtime.
Voltage spikes can permanently break hardware components if they are subjected to them.
Fires can start because of defective electrical wiring or overloaded circuits, which could cause
equipment damage and data loss.
Maintenance Threats
Human Errors: mistakes made while performing ordinary maintenance, like configuration errors or
unintentional data erasure.
Lack of Expertise: During maintenance processes, errors and possible security holes might emerge
from inadequate training or understanding.
Unplanned Downtime: Unexpected service interruptions may result from improperly scheduled
maintenance efforts.
Internal Threats
Insider Attacks: Malicious behavior by staff members or insiders with the goal of hurting the company,
stealing confidential information, or interfering with business operations.
Human Error: accidental errors made by personnel that can result in security breaches, such as falling
into phishing schemes or configuration errors.
Data Leakage: sensitive information may be accidentally or unintentionally shared with third parties,
jeopardizing data confidentiality.
External Threats
Cyberattacks: attempts made on purpose to breach networks or systems through malware, hacking
methods, or other types of intrusion.
Social engineering and phishing: Techniques that use deception to induce someone to provide login
information or sensitive data.
Ransomware: Ransomware is malicious software that encrypts data and requests payment to decrypt it.
Attack mitigation
Firewall
• It works at the network level and monitors incoming and outgoing traffic to enforce security regulations.
Two type of firewall.
Firewalls with packet filtering: Based on the packet's source, destination, and type, they inspect
each individual data packet and compare it to predetermined rules to decide whether to allow or
block it.
Firewalls with stateful inspection: These function at the application layer and keep track of
connections by maintaining a state table. Since they can comprehend the context of a session,
they are more secure than firewalls using packet filtering.
Physical firewall
A hardware firewall is a tangible object that functions on the network. It is frequently positioned
halfway between a company's internal network (LAN) (local area network) and its external network, or
the Internet. Based on established rules and policies, this firewall analyses both incoming and outgoing
network data.
Physical firewall Feature
Network-level security : It can safeguard all devices on the internal network because it filters traffic at
the router or gateway level.
Dedicated equipment : With hardware created expressly for processing network packets, it performs
and operates more effectively.
less demanding on resources: The workload of the firewall is distributed among dedicated hardware,
which relieves some of the stress on network devices.
Software firewall
A software firewall is a program or application that operates on unique devices, like desktop or laptop
computers or mobile phones. It works at the kernel or operating system level, regulating incoming and
outgoing traffic in accordance with predetermined regulations.
Software firewall feature
•Device-level security :It defends the particular device on which it is installed and set up.
•Utilizes the resources of the host: Because it uses the operating system of the device, it uses some of
the memory and processing power of the device.
•More adaptable: Software firewalls frequently offer a greater variety of setup choices, enabling users
to create customized rules.
•Can be more economical: Software firewalls are frequently bundled with operating systems or are
freely or open-source accessible.
Buffer Overflow Attack (SMB)
•A cyberattack known as a buffer overflow occurs when an attacker
delivers more data than a buffer can hold, forcing the extra data to
spill over into nearby memory space.
• An attacker can use this vulnerability in the Server Message Block
(SMB) protocol to execute malicious code or gain unauthorized
access to a machine.
•They can gain control of the targeted system by designing a payload
that exceeds the buffer's capacity and overwrites memory addresses.
•To lessen such attacks, regular updates, adequate input validation,
and intrusion protection systems are crucial.
Man-in-the-middle (MITM)
•A cyberattack known as a "man-in-the-middle" (MITM) attack occurs when an attacker secretly intercepts
and modifies communication between a client and a server.
•An attacker can put themself between the client and the FTP server when using the FTP (File Transfer
Protocol) to covertly transmit data between them.
•The attacker can then alter data, steal files sent during the FTP session, and seize important information.
• MITM attacks can be defended against by implementing secure FTP protocols, utilizing encryption, and
increasing user knowledge.
Conclusion
•Set passwords for the entire server
•Use firewalls
- NEIL ARMSTRONG