Report Group 2

System Security
ITS 201 Group 2

System Security
System security refers to the measures and

practices implemented to protect computer systems
and data from unauthorized access, use, disclosure,
disruption, modification, or destruction.
Different Threats to System Security
The security of a system can be threatened via two

violations:
• Threat: A program that has the potential to cause
serious damage to the system.
• Attack: An attempt to break security and make

unauthorized use of an asset.
Security can be compromised via any of these breaches:
• Breach of confidentiality: This type of violation

involves the unauthorized reading of data.
• Breach of integrity: This violation involves

unauthorized modification of data.
• Breach of availability: It involves unauthorized

destruction of data.
• Theft of service: It involves the unauthorized use of
resources.
• Denial of service: It involves preventing legitimate use
of the system. As mentioned before, such attacks can
be accidental in nature.
Threats can be classified into the following two

categories:
• Program Threats
• System Threats
Program Threats:
A program was written by a cracker to hijack the
security or to change the behavior of a normal process.
System Threats:
These threats involve the abuse of system services
and strive to create a situation in which operating-system
resources and user files are misused.
Types of Program Threats:
1. Virus
2. Trojan Horse
3. Trap Door
4. Logic Bomb
5. Worm
Virus
An infamous threat, known most widely. It is a self-
replicating and malicious thread that attaches itself to a
system file and then rapidly replicates itself, modifying
and destroying essential files leading to a system
breakdown.
Trojan Horse
A code segment that misuses its environment is
called a Trojan Horse. They seem to be attractive and
harmless cover programs but are really harmful hidden
programs that can be used as the virus carrier.
Trap Door
The designer of a program or system might leave a
hole in the software that only he is capable of using.
Logic Bomb
A program that initiates a security attack only under
a specific situation.
Worm
A computer worm is a type of malware that
replicates itself and infects other computers while
remaining active on affected systems
Types of System Threats:
1. Worm
2. Port Scanning
3. Denial of Service
Worm
An infection program that spreads through
networks. Unlike a virus, they target mainly LANs. The
worm spawns copies of itself, using up a majority of
system resources and also locking out all other
processes.
Worm basic functionality:

Port Scanning
It is a means by which the cracker identifies the
vulnerabilities of the system to attack. It is an automated
process that involves creating a TCP/IP connection to a
specific port.
Denial of Service
Such attacks aren’t aimed for the purpose of
collecting information or destroying system files. Rather,
they are used for disrupting the legitimate use of a
system or facility.
Denial of Service categories:

• Attacks in this first category use so many system resources that no
useful work can be performed. For example, downloading a file from a
website that proceeds to use all available CPU time.
• Attacks in the second category involve disrupting the network of the

facility. These attacks are a result of the abuse of some fundamental
TCP/IP principles.
the fundamental functionality of TCP/IP.
How to secure a System
System security is a critical aspect of protecting

computer systems and the data they contain. There are
several different types of system security, each focusing
on specific areas of protection. We will explore four key
types of system security: network security, endpoint
security, application security, and cloud security.
Network Security
It safeguard computer networks from unauthorized
access and ensuring the confidentiality, integrity, and
availability of data transmitted over the network. It
involves a combination of hardware and software
measures to prevent unauthorized access and protect
against network-based attacks.
Network Security Components:

• Firewall
• Virtual Private Network (VPN)
• Network Segmentation
Firewall
Firewalls act as a barrier between internal networks
and external networks, monitoring and controlling
incoming and outgoing network traffic based on
predetermined security rules.
Virtual Private Network (VPN)

VPNs create a secure, encrypted connection
between remote users or networks and the main
network, ensuring that data transmitted over the
network remains confidential and protected from
interception.
Network Segmentation
It means dividing a network into smaller, isolated
segments, organizations can limit the potential impact of
a security breach. This segmentation helps prevent
unauthorized access to sensitive data and reduces the
risk of lateral movement by attackers within the network.
Endpoint Security
Endpoint security focuses on protecting individual
devices, such as desktops, laptops, smartphones, and
tablets, from security threats.
Endpoint Security Components:
• Anti-virus
• Endpoint encryption
Anti-virus
Antivirus software is one of the fundamental
components of endpoint security. It helps detect and
remove malware infections, protecting devices from
malicious software that can compromise data and system
integrity.
Endpoint Encryption
Endpoint encryption is another crucial measure in
endpoint security. It ensures that sensitive data stored on
devices is encrypted, making it unreadable to
unauthorized individuals even if the device is lost or
stolen.
Application Security
Application security focuses on ensuring that
software applications are designed, developed, and
deployed securely.
Aspects of Application Security:
1. Secure coding practice
2. Thorough application Testing

Secure Coding Practice

By following secure coding guidelines and best
practices, developers can minimize the risk of introducing
vulnerabilities into software applications during the
development process.
Thorough Application Testing

It involves conducting various types of testing, such
as penetration testing and code review, to identify and
address potential vulnerabilities before applications are
deployed.
Cloud Security
Cloud security refers to the measures and
technologies used to protect cloud-based infrastructure,
applications, and data from unauthorized access, data
breaches, and other security risks.
Elements of Cloud Security:
1. Secure cloud architecture
2. Encryption
3. Strong access control

Secure Cloud Architecture

This involves designing cloud environments with
security in mind, implementing appropriate access
controls, and segregating resources to minimize the
impact of a potential breach.
Encryption
By encrypting data before it is stored or transmitted
in the cloud, organizations can ensure the confidentiality
and integrity of their information.
Strong Access Control

Organizations need to implement robust
authentication and authorization mechanisms to ensure
that only authorized individuals can access cloud
resources and data.
Key Elements of System Security:

• Authentication
• Authorization
• Encryption
Authentication
Authentication is the process of verifying the
identity of an individual or system attempting to access a
computer system or network. It involves mechanisms
such as usernames and passwords, biometrics, and
multi-factor authentication to ensure that only
authorized users can access the system.
Authorization
Authorization determines the actions, privileges,
and resources that an authenticated user or system is
allowed to access or perform within a computer system.
It involves defining access controls and permissions
based on user roles, responsibilities, and the principle of
least privilege to prevent unauthorized activities.
Encryption
It is the process of converting data into an
unreadable form to protect it from unauthorized access
or disclosure. It uses cryptographic algorithms and keys
to scramble data, making it unreadable unless decrypted
with the appropriate key.
Common Security Threats today
and how to prevent them
• Phishing • Denial of Service (DoS)

• Social Engineering • Distributed Denial of
• Malware Service (DDoS)
• Ransomware • System Intrusion
• Zero-Day Vulnerabilities • Man in the Middle
• Insider Threats (MitM)
• Supply chain Attack
Phishing
Phishing is a common yet dangerous cyber threat
because it can be high-tech or no-tech. In these attacks,
criminals pose as legitimate entities to exploit users' trust,
curiosity, greed, or kindness. They send fake emails to entice
their targets to provide information such as passwords,
social security numbers, or bank account information.
*Measures to prevent Phishing

Cybercriminals that use phishing are very skilled and often
convincing. To deter such threats, an organization must educate
its employees on how to identify these attempts and invest
in email filtering tools to detect fraudulent websites and emails.
They can also minimize these attacks by implementing multi-
factor authentication on all accounts and regularly update their
software with the latest patches and updates.
Social Engineering
Some of the costliest cyber threats in history have
been social engineering attacks. These attacks involve
criminals exploiting human psychology rather than
technical vulnerabilities to trick people into providing
them with sensitive information or access to data,
networks and systems.
*Measures to prevent Social Engineering

Organizations can take these steps to protect themselves
from social engineering threats today:
• Learning about the latest forms of social engineering attacks
and training employees to detect their warning signs
• Restricting access to sensitive systems and information and
regularly reviewing permissions
• Using email filters, firewalls, and anti-malware tools to scan

and block malicious emails and email attachments
• Carrying out regular security audits and vulnerability
assessments to detect and fix potential weaknesses in the
organization's security
• Implementing data loss prevention tools to ensure data is
not disclosed in an unauthorized fashion
Malware
Malware is short for malicious software. As the
name hints, these are a type of computer programs that
are designed to cause damage to a computer system,
network, or device.
*Measures to prevent Malware

The most effective way to protect against malware
is to use up-to-date antivirus and antimalware software.
Using firewalls to restrict access to sensitive systems and
data also forms a layer of protection against malware.
Ransomware
This is a type of malware that encrypts files on a
computer then demands payment to release them.
The FBI discourages organizations from paying the
ransom because there is never a guarantee that the
criminals will release the files anyway.
*Measures to prevent Ransomware

• Regularly backup important data into an offline or remote system
• Separate administrative (privileged) accounts from regular (non-
privileged) accounts
• Use strong and up-to-date anti-malware and anti-virus software
• Restrict access to sensitive data and software
• Educate employees to detect suspicious phishing emails and to
practice safe computing practices
Zero-Day Vulnerabilities
Zero-day vulnerabilities are weaknesses in a
computing system that can be exploited and are not yet
known. While it is not common for software programs to
have gaping security flaws, when they do, criminals can
develop tools that exploit them to their advantage.
*Measures to prevent Zero-Day Vulnerabilities

• Keep their software up-to-day with the latest patches
• Use heuristic (behavior-based) intrusion prevention systems with
threat intelligence that can detect and block unknown attackers
• Use sandboxing technology to isolate and analyze any potential
threats
• Implement access controls to sensitive data, systems, and
networks.
Insider Threats
Employees, contractors, and other people with
access to a computer system or network can cause a lot
of harm to an organization. These threats can be
accidental or intentional and can take different forms -
from damaging systems to leaking sensitive data.
*Measures to prevent Insider Threats

• Implement access controls to sensitive systems and data
• Strive to nurture a positive company culture to deter insider threats from
disgruntled employees
• Monitor user activity, including scrutinizing system and user logs
• Put in place data loss prevention (DLP) systems to mitigate the effects of insider
threats
• Conduct background checks of employees and contractors with access to systems
• Develop an incident response plan to minimize the impacts of potential attacks
Supply Chain Attack

A supply chain attack occurs when an attacker
accesses a target's system using a third-party supplier or
vendor. In most cases, the attackers first target a vendor
or supplier with direct access to the organization's
systems to launch the full attack.
*Measures to prevent Supply Chain Attack

• Conduct full due diligence on third-party vendors and contractors and
their cybersecurity measures
• Implement a supply chain management security system
• Monitor all vendor activities on their system
• Put in place security standards that all vendors must meet
• Educate staff and employees on the importance of data safety
• Roll out an incident response plan to minimize the impact of supply
chain attacks
Denial of Service (DoS)

Denial of Service, or DoS, is a type of cyber threat
designed to overwhelm the systems, website, or network
of an organization with requests. This renders the system
or network inaccessible to legitimate users
*Measures to prevent Denial of Service (DoS)

• Implementing network security controls such as intrusion
detection and prevention system
• Implement a web application firewall that can thoroughly
inspect incoming requests
• Implement redundancy for all critical systems
• Develop and frequently test back and recovery plan for
critical systems
Distributed Denial of Service (DDoS)

A Distributed Denial of Service (DDoS) attack is
similar to a Denial of Service (DoS) attack except that it
uses multiple computers or systems to overwhelm the
target system.
*Measures to prevent Distributed Denial of Service

• Implement network security controls
• Use cloud-based content delivery networks (CDNs)
• Roll out DDoS mitigation services
• Use rate limiting to test and identify potential vulnerabilities
in the system or network that attackers can exploit
• Investing in extra network traffic bandwidth to minimize the
impact of DDoS
System Intrusion
A system intrusion is an attack where an
unauthorized person gains access to a computer system
or network. Once they have access, the intruder may
steal data, damage the system, or leave a backdoor for
future attacks.
*Measures to prevent System Intrusion

• Implementing strong system and network access controls
• Ensuring all software and systems are up-to-date
• Carrying out vulnerability assessments regularly
• Using network segmentation to minimize the impact of
intrusions
• Monitoring and scrutinizing network, system, and user logs
• Training employees on the best cybersecurity practices to
prevent social engineering
Man in the Middle (MitM)

A man in the middle is a type of cyber threat where
an attacker uses special tools to intercept communication
between two parties. The attacker eavesdrops on the
communication to snoop on or manipulate the
information being exchanged often to steal sensitive
information such as passwords and financial information.
*Measures to prevent Man in the Middle (MitM)

• Using encryption to secure messages and data sent over
networks
• Verifying digital certificates to ensure they are communicating
with the intended recipient
• Being extra cautious when using public Wi-Fi or of phishing
attacks
• Using VPNs and data tunnels to protect data sent and received

Report Group 2

Uploaded by

Copyright:

Available Formats

Report Group 2

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Report Group 2

Uploaded by

Copyright:

Available Formats

System Security

ITS 201 Group 2

System security refers to the measures and

The security of a system can be threatened via two

• Attack: An attempt to break security and make

Security can be compromised via any of these breaches:

• Breach of confidentiality: This type of violation

• Breach of integrity: This violation involves

• Breach of availability: It involves unauthorized

Threats can be classified into the following two

Types of Program Threats:

Types of System Threats:

Worm basic functionality:

Denial of Service categories:

• Attacks in the second category involve disrupting the network of the

System security is a critical aspect of protecting

Network Security Components:

Virtual Private Network (VPN)

Endpoint Security Components:

Aspects of Application Security:

1. Secure coding practice

2. Thorough application Testing

Secure Coding Practice

Thorough Application Testing

Elements of Cloud Security:

1. Secure cloud architecture

3. Strong access control

Secure Cloud Architecture

Strong Access Control

Key Elements of System Security:

• Phishing • Denial of Service (DoS)

*Measures to prevent Phishing

*Measures to prevent Social Engineering

• Using email filters, firewalls, and anti-malware tools to scan

*Measures to prevent Malware

*Measures to prevent Ransomware

*Measures to prevent Zero-Day Vulnerabilities

*Measures to prevent Insider Threats

Supply Chain Attack

*Measures to prevent Supply Chain Attack

Denial of Service (DoS)

*Measures to prevent Denial of Service (DoS)

Distributed Denial of Service (DDoS)

*Measures to prevent Distributed Denial of Service

*Measures to prevent System Intrusion

Man in the Middle (MitM)

*Measures to prevent Man in the Middle (MitM)

You might also like