Information Security Essentials: Concepts and Practices

Classified in Computers

Written on in English with a size of 8.2 KB

Fundamentals of Information Security

Core Security Principles

  • Confidentiality (Privacy): Ensures information is not accessible to unauthorized individuals.
  • Integrity: Guarantees information can only be modified by authorized personnel.
  • Availability (Operability): Ensures information is accessible and usable when needed.

Common Information Security Threats

Software and System Vulnerabilities

  • Bug: An error or flaw in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways.
  • Trojan: A type of malware that disguises itself as legitimate software, allowing external users unauthorized access to a computer system.

Network and Data Attacks

  • IP Spoofing: The act of creating Internet Protocol (IP) packets with a false source IP address, making it appear as if the packets are coming from another legitimate source.
  • Sniffer: A program or device used to monitor and capture network traffic and data packets passing through a network interface.
  • DoS (Denial of Service) Attacks: Attempts to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. This often involves overwhelming the target with traffic, preventing it from functioning.

Key Information Security Technologies & Concepts

Network Protection

  • Firewall: A network security system that monitors and controls incoming and outgoing network traffic based on predefined security rules, allowing or blocking communications.
  • Ports: Network ports are communication endpoints that allow different applications and services to communicate over a network using protocols like TCP/IP (Transmission Control Protocol/Internet Protocol), UDP (User Datagram Protocol), and ICMP (Internet Control Message Protocol).

Data Protection

  • Passwords: Should be a minimum of 8 characters, strong, and not saved directly on the computer or in easily accessible files.
  • Cryptography: The practice and study of techniques for secure communication in the presence of third parties (adversaries). It involves encryption, which transforms text by replacing characters or encoding it.
  • Cryptology: The scientific study of cryptography and cryptanalysis.
  • Cryptogram: A message written in code.
  • Encryption Technique: The application of a cryptographic algorithm to protect user data or documents, transforming plaintext into ciphertext.
  • Block Encryption: An encryption algorithm that applies the same cryptographic function to a fixed-size block of information (e.g., 64 or 128 bits) multiple times using the same key.
  • Stream Encryption: An encryption algorithm that applies a key-generated random number bitwise to individual elements of information (character, bit).
  • Cleartext (Plaintext): The original, unencrypted text.
  • Steganography: The practice of concealing a message, image, or file within another message, image, or file, making it undetectable to the casual observer.

Secure Communication Protocols

  • Remote Access (SSH): SSH (Secure Shell) is a cryptographic network protocol that allows secure remote access and data communication between two networked computers.
  • SSL (Secure Sockets Layer): A deprecated cryptographic protocol designed to provide communication security over a computer network. It was succeeded by TLS (Transport Layer Security) for securing web connections.

Wireless Network Security

Wireless Technologies

  • IrDA (Infrared Data Association): Short-range wireless technology.
  • HomeRF (Home Radio Frequency): A deprecated wireless networking standard.
  • Wi-Fi: A popular wireless networking technology.
  • Bluetooth: Short-range wireless technology, generally not suitable for large data transfers.

Wireless networks are susceptible to anonymous and easy attacks.

Wireless Network Access Control

  • CNAC (Closed Network Access Control): A method where the network does not broadcast its presence, requiring clients to know the network name to connect.
  • OSA (Open System Authentication): A simple authentication method where the client sends an authentication request, and the access point responds without further verification.
  • WEP (Wired Equivalent Privacy): An early and now insecure security algorithm for Wi-Fi wireless networks.

Wireless Networking Protocols

The IEEE 802.11 standard defines wireless local area network (WLAN) communication. Current versions include 802.11n, which can achieve speeds up to 600 Mbps.

Essential Information Security Practices

Software for Security

  • Antivirus: Software designed to detect, prevent, and remove malicious software.
  • Antisniffer: Tools used to detect network sniffers.
  • Antispyware: Software designed to prevent and detect unwanted spyware programs.

Organizational Security Measures

  • Access Restriction: Restrict access to systems and data.
  • Secure Operations: Ensure that operators do not modify programs or archives without authorization.
  • Data Integrity: Ensure that transmitted and received information remains unchanged and accurate.
  • Job Hierarchy: Organize jobs by information security hierarchy.
  • Password Management:s Use different, strong passwords and update them regularly.
  • Security Policy: Implement a comprehensive security policy, including adherence to data protection laws.

Physical and Logical Security

  • Physical Data Protection: Protect physical assets from threats like fire, floods, and unauthorized access to buildings and cables. Implement access control for personnel.
  • Logical Security: Encrypt information to protect it.

Principles of Effective Security

  • Timeliness: Security measures should function promptly.
  • Efficiency: Optimize resource utilization for security.
  • Appropriateness: Security measures should be appropriate and ideally transparent to the user.
  • Secure Software Procurement: Ensure all necessary software is installed from safe and trusted sources.
  • Network Connection Safety: Avoid unsafe data downloads and secure network connections.
  • Dynamic IPs: The use of dynamic IP addresses can add a layer of security by making it harder for attackers to consistently target a specific machine.

Information Security Organizations & History

Key Security Organizations

  • CERT/CC (Computer Emergency Response Team Coordination Center): A center for internet security expertise.
  • SEI (Software Engineering Institute): A federally funded research and development center at Carnegie Mellon University, focusing on software engineering and cybersecurity.

Evolution of Cybercrime

  • Late 1980s: Marked the beginning of widespread personal computer use.
  • 1990s: Saw a significant increase in viruses, worms, and other computer system attacks.
  • Cybercrime Characteristics: Characterized by attacks on small, high-value digital objects (e.g., files, data) that can be transmitted without physical contact (e.g., via network, not requiring physical media like CDs or disks).
Karma: -20%
Visits: 0

Related entries:

Tags:
cybersecurity firewalls passwords malware wireless security encryption DoS attacks data protection information security teka t32 network security cybercrime