Sponsored Links
UnlabelledComputer security

Selasa, 05 Juni 2018

- -
Sponsored Links

Do You Really Need Computer Security? - Private Banking, Asset ...
src: qwealthreport.com

Cybersecurity , computer security or IT security is the protection of computer systems from theft or damage to their hardware, software or electronic data, as well as from interference or misdirection of the services they provide.

Cybersecurity includes controlling physical access to system hardware, as well as protecting against harm that can be done through network access, malicious data and code injection. Also, due to malpractice by operators, whether intentional or unintentional, vulnerable IT security personnel are deceived deviating from secure procedures through various social engineering methods.

This field is increasingly important because of the increasing dependence on computer systems, the Internet and wireless networks such as Bluetooth and Wi-Fi, and because of the growth of "smart" devices, including smartphones, televisions, and small devices that make up the Internet of Things.


Video Computer security



Vulnerability and attacks

Vulnerability is a weakness in design, implementation, operation or internal control. Most of the vulnerabilities that have been found are documented in the Vulnerability and Exposure (CVE) database.

The vulnerability exploited is one that at least one attack work or "exploit" exists. Vulnerabilities are often hunted or exploited with the help of automated tools or manually using special scripts.

To secure a computer system, it is important to understand the attacks that can be done against it, and these threats can usually be classified into one of the categories below:

Backdoor

Backdoor in a computer system, a cryptosystem or algorithm, is any secret method that passes through normal authentication or security controls. They may be there for a number of reasons, including by the original design or from poor configuration. They may have been added by the appropriate authorities to allow some legitimate access, or by attackers for malicious reasons; but regardless of the motive of their existence, they create vulnerability.

Denial-of-service_attacks Denial-of-service Attack

Service denial attacks (DoS) are designed to make machines or network resources unavailable to intended users. Attackers may deny services to individual victims, such as deliberately entering the wrong password sequentially enough to cause the victim account to be locked, or they may overload machine or network capabilities and block all users at once. While network attacks from one IP address can be blocked by adding new firewall rules, many possible forms of Distributed denial of service (DDoS) attacks, where attacks come from a large number of points - and maintain much more difficult. Such attacks can come from zombie computers from botnets, but various other possible techniques include reflection and amplification attacks, where innocent systems are tricked into sending traffic to the victim.

Direct access attack

Unauthorized users gain physical access to a computer most likely to directly copy data from a computer. They can also compromise security by making operating system modifications, installing worm software, keyloggers, secret listening devices or using a wireless mouse. Even when the system is protected by standard security measures, it may be bypassed by booting other operating systems or tools from CD-ROMs or other bootable media. Disk encryption and the Trusted Platform Module are designed to prevent this attack.

Eavesdropping

Eavesdropping is the act of quietly listening to private conversations, usually between hosts on the network. For example, programs like Karnivore and NarusInSight have been used by the FBI and the NSA for eavesdropping on Internet service provider systems. Even machines operating as closed systems (ie, without contact to the outside world) can be tapped through monitoring of the cryptic electro-magnetic transmissions produced by hardware; TEMPEST is a specification by the NSA that refers to this attack.

Spoofing

Spoofing is the act of impersonating a valid entity through data forgery (such as an IP address or username), to gain access to information or resources that the other party can not obtain unlawfully. There are several types of spoofing, including:

  • Email spoofing, where an attacker forged a shipping address ( From , or an email source).
  • IP spoofing address, where attackers change source IP addresses in network packets to hide their identity or mimic other computing systems.
  • MAC spoofing, where an attacker modifies the Media Access Control (MAC) address of their network interface to appear as a legitimate user on the network.
  • Biometric spoofing, in which the attacker generates a fake biometric sample to be displayed as another user.

Ruin

Destructive illustrates the modification of harmful products. The so-called "Evil Maid" attack and security services instilling surveillance capabilities to the router are examples.

Escalation privilege

Escalation privilege describes a situation where an attacker with some limited access level can, without authorization, increase their privileges or access level. For example, standard computer users may be able to trick the system into giving them access to limited data; or even to "root" and have unlimited full access to a system.

Phishing

Phishing is an attempt to obtain sensitive information such as usernames, passwords and credit card details directly from users. Phishing is usually done with email spoofing or instant messaging, and often directs users to enter details on fake websites that look and feel almost identical to legitimate ones. Predicting the victim's trust, phishing can be classified as a form of social engineering.

Clickjacking

Clickjacking, also known as a "compensatory UI attack" or "User Interface restore attack", is a malicious technique in which an attacker tricks a user into clicking a button or link on another webpage when the user intends to click on the top-level page. This is done using some transparent or opaque layers. Attackers basically "hijack" clicks that are meant for top-level pages and redirect to other irrelevant pages, most likely owned by others. A similar technique can be used to hijack the keystrokes. By carefully compiling a combination of stylesheets, iframes, buttons and text boxes, users can be directed to believe that they type in passwords or other information on some original web pages while being channeled into invisible frames that are controlled by attackers.

Social engineering

Social engineering aims to convince users to reveal secrets such as passwords, card numbers, etc. By, for example, impersonating a bank, contractor, or customer.

General fraud involves fake CEO emails sent to the accounting and finance department. In early 2016, the FBI reported that fraud had cost the US business more than $ 2 billion in about two years.

In May 2016, the Milwaukee Bucks NBA team became the victim of this cyber-type fraud with actors mimicking team president Peter Feigin, resulting in the submission of all of the team's 2015 W-2 employee tax forms.

Maps Computer security



Information security culture

Employee behavior can have a major impact on information security in the organization. Cultural concepts can help different segments of the organization work effectively or work against the effectiveness of information security within an organization. Exploring the Relationship between Cultural Organization and Information Security Culture? provides the following definition of information security culture: IS ISC is the totality of behavior patterns within organizations that contribute to the protection of information of all types.

Andersson and Reimers (2014) found that employees often do not see themselves as part of an organization's "information security efforts" and often take actions that ignore the best organizational information security interests. Research shows the culture of information security needs to be improved continuously. In? Information Security Culture from Analysis to Change ?, the authors commented, "This is a never-ending process, evaluation cycle and change or maintenance." To manage an information security culture, five steps must be taken: Pre-evaluation, strategic planning, operations planning, implementation, and post evaluation.

  • Pre-Evaluation: to identify awareness of information security in employees and to analyze current security policies.
  • Strategic Planning: to generate a better awareness program, clear targets need to be established. Grouping people helps to achieve them.
  • Operative Planning: a good security culture can be established based on internal communication, in-store management, and security awareness and training programs.
  • Implementation: four stages should be used to implement an information security culture. They are management commitment, communication with members of the organization, courses for all members of the organization, and employee commitment.

Cybersecurity conference marks Computer Security Day 2015 - ict.io
src: ict.io


System at risk

The growing number of computer systems, and increasing dependence on them individuals, businesses, industries and governments means that there is an increasing number of risky systems.

Financial system

Computer systems of financial regulators and financial institutions such as the US Securities and Exchange Commission, SWIFT, investment banks and commercial banks are important hacking targets for cybercriminals interested in manipulating markets and making ill-gotten gains. Websites and apps that accept or store credit card numbers, brokerage accounts, and bank account information are also important hacking targets, because of the potential for direct financial gain from transferring money, making purchases, or selling information on the black market. In-store and ATM payment systems have also been vandalized to collect customer account and PIN data.

Industrial utilities and equipment

Computers control functions in many utilities, including telecommunication coordination, power grids, nuclear power plants, and the opening and closing of valves in water and gas networks. The Internet is a potential attack vector for such machines when connected, but the Stuxnet worm shows that equipment controlled by computers not connected to the Internet can be vulnerable. In 2014, the Computer Emergency Readiness Team, a division of the Department of Homeland Security, investigated 79 hacking incidents in energy companies. Vulnerability in smart meters (many of which use local radio or mobile communications) can cause problems with billing fraud.

Flights

The aviation industry relies heavily on a series of intricate systems that can be attacked. Simple power outages at one airport can cause reactions around the world, many systems rely on impaired radio transmissions, and controlling the aircraft over the oceans is very dangerous because radar surveillance extends only 175 to 225 miles offshore. There is also a potential attack from inside the airplane.

In Europe, with (Pan-European Network Services) and NewPENS, and in the US with NextGen's program, mobile air navigation service providers to create their own dedicated network.

The consequences of successful attacks range from loss of secrecy to loss of system integrity, air traffic outages, loss of aircraft, and even loss of life.

Consumer devices

Desktop and laptop computers are usually targeted to collect passwords or financial account information, or build botnets to attack other targets. Smartphones, tablet computers, smart watches, and other mobile devices such as self-measured devices such as activity trackers have sensors such as cameras, microphones, GPS receivers, compasses and accelerometers that can be exploited, and may collect personal information, including sensitive health information. Wifi, Bluetooth, and cell phone networks on one of these devices can be used as attack vectors, and the sensor may be activated remotely after a successful violation.

The increasing number of home automation devices such as the Nest thermostat is also a potential target.

Large companies

Large companies are common targets. In many cases, this is intended for financial gain through identity theft and involves data breaches such as the loss of millions of client credit card details by Home Depot, Staples, Target Corporation, and recent violations of Equifax.

Some cyber attacks are ordered by foreign governments, these governments are involved in cyber war with the intention of spreading propaganda, sabotage, or spying on their targets. Many people believe that the Russian government plays a leading role in the 2016 US presidential election by using Twitter and Facebook to influence election results, despite the fact that no evidence was found.

Medical records have been targeted for use in common identity theft, health insurance scams, and mimicking patients to obtain prescription drugs for recreational or resale purposes. Although cyber threats continue to increase, 62% of all organizations do not improve security training for their business by 2015.

However, not all attacks are motivated financially; for example the HBGary Federal security company suffered a series of serious attacks in 2011 from hacktivist group Anonymous in retaliation for the company's CEO who claimed to have infiltrated their group, and in the Sony Pictures 2014 attack, the motive seemed to be embarrassing with data leakage, and crippled the company by removing the workstation and servers.

Automobiles

Vehicles are increasingly computerized, with engine time, cruise control, anti-lock brakes, seat belt tensioners, door locks, airbags and sophisticated driver-assist systems on many models. In addition, connected cars can use WiFi and Bluetooth to communicate with onboard consumer devices and mobile phone networks. Self-driving cars are expected to become more complex.

All of these systems carry a security risk, and such problems have received widespread attention. Examples of simple risks include dangerous solid discs that are used as attack vectors, and car onboard microphones are used for eavesdropping. However, if access is gained to the car's internal control area network, the danger is much greater - and in the widely publicized test of 2015, hackers conduct long-range attacks on vehicles from a distance of 10 miles and push them into the gutter.

Manufacturers react in several ways, with Tesla in 2016 pushing some "airborne" security fixes into her car's computer system.

In the field of autonomous vehicles, in September 2016 the US Department of Transportation announced several initial security standards, and called for countries to adopt a uniform policy.

Government

Government and military computer systems are generally attacked by foreign activists and powers. Local and regional government infrastructures such as traffic light controls, police communications and intelligence services, personnel records, student records, and financial systems are also potential targets as they are now all computerized. Passports and government ID cards that control access to facilities using RFID can be prone to cloning.

Internet things and physical vulnerabilities

Internet of things (IoT) is a network of physical objects such as devices, vehicles and buildings embedded with electronics, software, sensors, and network connectivity that enables them to collect and exchange data - and concerns have been suggested that this is being developed without consideration right from the security challenges involved.

While IoT creates opportunities for direct integration of the physical world into computer-based systems, it also provides an opportunity for abuse. Specifically, when the Internet of Things is widespread, cyberattacks tend to be a physical threat (not just virtual). If the front door lock is connected to the Internet, and can be locked/unlocked from the phone, then the criminals can enter the house by pressing the buttons of the stolen or hacked cell phone. People can lose more than their credit card numbers in a world controlled by IoT-equipped devices. Thieves also use electronic devices to avoid hotel door locks that are not connected to the Internet.

Medical system

Medical devices have been successfully attacked or potentially demonstrated lethal susceptibility, including diagnostic equipment in hospitals and embedded devices including pacemakers and insulin pumps. There have been reports of hospital and hacked hospital organizations, including ransomware attacks, Windows XP exploits, viruses, and data breaches of sensitive data stored on hospital servers. On December 28, 2016, the US Food and Drug Administration released its recommendations on how medical device manufacturers should maintain the security of devices connected to the Internet - but there is no structure for law enforcement.

Data Information Computer Security Internet Keyboard Lock Stock ...
src: thumbs.dreamstime.com


Impact security breach

Serious financial damage has been caused by a security breach, but since there is no standard model for estimating the cost of an incident, the only data available is data published by the organizations involved. "Some computer security consulting firms generate an estimated total worldwide loss caused by virus and worm attacks and other unfriendly digital actions.These estimated losses of 2003 by these companies range from $ 13 billion (only worms and viruses) to $ 226 billion (for all forms of covert attack).The reliability of these forecasts is often challenged: the underlying methodology is basically anecdotal. "Security breaches continue to weigh on billions of dollars of business, but a survey revealed that 66% of security staff do not believe senior leadership takes precautions cyber as a strategic priority.

However, a reasonable financial cost estimate of a security breach can actually help an organization make a rational investment decision. According to the classic Gordon-Loeb model that analyzes the optimal level of investment in information security, it can be concluded that the amount firms spend to protect information is generally only a fraction of the expected loss (that is, the expected value of losses resulting from cyber/information security breaches).

The Security That You Absolutely Need On Your Computer • Tech blog
src: www.techsurprise.com


Attacker's motivation

Like physical security, the motivation for breach of computer security varies among attackers. Some are thrill-seekers, some are activists, others are criminals seeking financial gain. State-sponsored attackers are now common and have good resources, but starting with amateurs like Mark Hess who hacked for KGB, as told by Clifford Stoll, at The Cuckoo's Egg.

The standard part of threat modeling for a particular system is identifying what might motivate an attack on that system, and who might be motivated to breach it. The level and detail of the precautions will vary depending on the system to be secured. Private computers, banks, and secret military networks face very different threats, even when the underlying technology used is similar.

Computer security stock illustration. Illustration of junk - 26063390
src: thumbs.dreamstime.com


Computer protection (countermeasures)

In computer security, countermeasures are actions, devices, procedures or techniques that reduce threats, vulnerabilities, or attacks by eliminating or preventing them, by minimizing losses incurred, or by finding and reporting them so that corrective action can be taken.

Some general remedies are listed in the following sections:

Security by design

Security by design, or alternately secure by design, means that the software has been designed from scratch to be safe. In this case, security is considered a key feature.

Some of the techniques in this approach include:

  • The least special principle, in which each part of the system has only the privileges necessary for its function. That way even if the attacker gets access to that part, they have only limited access to the entire system.
  • Automated theorems prove to prove the truth of important software subsystems.
  • Reviews of code and unit testing, approaches to making modules safer where formal proof of truth is not possible.
  • In-depth defense, where the design is such that more than one subsystem must be violated to compromise the integrity of the system and its information.
  • Default default settings, and designate to "unsafe" rather than "unsafe" (see safety failures for equivalent in safety engineering). Ideally, a secure system should require intentional, conscious, knowledgeable and free decision from the legitimate authority to make it unsafe.
  • The audit tracks the activity of the tracking system, so that when a security breach occurs, the mechanism and degree of violation can be determined. Keeping audit trail from a distance, where they can only be added, can prevent intruders covering their tracks.
  • Full disclosure of all vulnerabilities, to ensure that the "vulnerability window" is kept as short as possible when a bug is found.

Security Architecture

The Open Security Architecture Organization defines the IT security architecture as "design artifacts that illustrate how security controls are positioned, and how they relate to the overall information technology architecture.This control serves the purpose of maintaining system quality attributes: confidentiality, integrity, availability, accountability , and warranty service ".

Techopedia defines a security architecture as "an integrated security design that addresses the needs and potential risks involved in certain scenarios or environments." It also determines when and where to implement security controls The design process can generally be reproduced. The key attributes of security architecture are:

  • the relationships of the various components and how they depend on each other.
  • the determination of controls based on risk assessment, good practice, finance, and legal issues.
  • standardize controls.

Security measure

The computer's "security" state is a conceptual ideal, achieved by using three processes: threat prevention, detection, and response. These processes are based on various system policies and components, which include the following:

  • User account access and cryptographic access control can protect system files and data, respectively.
  • Firewalls are by far the most common prevention systems from a network security perspective because they can (if properly configured) protect access to internal network services, and block some types of attacks through packet filtering. Firewalls can be hardware or software.
    • The Intrusion Detection System (IDS) product is designed to detect network attacks in the process and assist in post-attack forensics, while audit and log trails serve similar functions for individual systems.
  • "Responses" are determined by the security requirements assessed from the individual system and may include ranges from simple protection upgrades to notifications of legal authorities, counterattacks, and the like. In some special cases, the complete destruction of compromised systems is preferred, since it may happen that not all compromised resources are detected.

Currently, computer security consists primarily of "preventive" measures, such as firewalls or outbound procedures. Firewalls can be defined as a way to filter network data between hosts or other networks and networks, such as the Internet, and can be implemented as software running on machines, connecting into network stacks (or, in the case of most UNIX-based operating systems such as Linux, built in the operating system kernel) to provide real-time filtering and blocking. Another implementation is the so-called "physical firewall", which consists of separate filtering machine network traffic. A firewall is a common thing between machines that are permanently connected to the Internet.

Some organizations are switching to large data platforms, such as Apache Hadoop, to expand data accessibility and machine learning to detect persistent persistent threats.

However, relatively few organizations maintain a computer system with an effective detection system, and fewer still have an organized response mechanism. As a result, as Reuters points out: "Companies for the first time report they lost more through electronic data theft than physical theft of assets". The main obstacles to the eradication of cyber crime can effectively be traced to excessive dependence on firewalls and other automated "detection" systems. However it is the collection of basic evidence by using packet capture equipment that puts criminals behind bars.

Vulnerability management

Vulnerability management is the cycle of identification, and remediating or mitigating vulnerabilities, especially in software and firmware. Vulnerability management is an integral part of computer security and network security.

Vulnerability can be found with vulnerability scanners, which analyze computer systems to locate known vulnerabilities, such as open ports, unsafe software configurations, and malware vulnerabilities.

Beyond vulnerability scanning, many organizations contract outside security auditors to run regular penetration tests on their systems to identify vulnerabilities. In some sectors, this is a contract requirement.

Reduce vulnerability

Although formal verification of the truth of computer systems is possible, it is not yet common. The operating system is officially verified including seL4, and PikeOS SYSGO - but this makes a very small percentage of the market.

Cryptography that is implemented correctly is now almost impossible to solve directly. Breaking them requires some non-cryptographic inputs, such as stolen keys, stolen plaintext (at either end of the transmission), or some additional cryptanalytic information.

Two-factor authentication is a method of reducing unauthorized access to system or sensitive information. It requires "something you know"; password or PIN, and "something you have"; cards, dongles, cell phones, or other hardware. This increases security as unauthorized people need both to gain access. The more strict we are in security measures, the less illegal hacking there.

Social engineering and direct computer access (physical) attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information. Training is often involved to help reduce this risk, but even in a highly disciplined environment (eg military organization), social engineering attacks are still difficult to predict and prevent.

Enoculation, derived from the theory of inoculation, seeks to prevent social engineering and tricks of fraud or other pitfalls by inculcating resistance to persuasion efforts through exposure to similar or related efforts.

It is possible to reduce the chance of attackers by keeping the system up to date with patches and security updates, using security scanners and/and recruiting competent people responsible for security. The effects of data loss/damage can be reduced with care and insurance.

Hardware protection mechanism

While hardware may be a source of insecurity, such as with microchip vulnerabilities being introduced maliciously during the manufacturing process, hardware-based or assisted computer security also offers an alternative to computer-only software security. Using devices and methods such as dongles, trusted platform platforms, intrusion-aware cases, drive locks, disabling USB ports, and mobile-enabled access can be considered more secure because physical access (or sophisticated backdoor access) is required to be compromised. Each is discussed in more detail below.

  • USB Dongle is commonly used in software license schemes to unlock software capabilities, but they can also be viewed as a way to prevent unauthorized access to computers or other device software. The dongle, or key, essentially creates a secure encrypted tunnel between the software application and the key. The principle is the encryption scheme on the dongle, such as Advanced Encryption Standard (AES) provides a stronger security measure, because it is more difficult to hack and replicate dongles than just copying the original software to another computer and using it. Another security application for dongles is to use them to access web-based content such as cloud software or Virtual Private Networks (VPNs). In addition, the USB dongle can be configured to lock or unlock the computer.
    • Trusted platform modules (TPMs) secure devices by integrating cryptographic capabilities into access devices, through the use of microprocessors, or so-called computer-on-a-chips. TPMs used in conjunction with server-side software offer a way to detect and authenticate hardware devices, preventing unauthorized network and data access.
  • The computer intrusion detection refers to the push button switch that is triggered when the computer case is opened. The firmware or BIOS is programmed to show alert to the operator when the computer starts up the next time.
  • The drive lock is basically the software to encrypt the hard drive, making it inaccessible to the thief. Tools exist specifically for encrypting external drives as well.
  • Disabling the USB port is a security option to prevent unauthorized and malicious access to a secure computer. An infected USB dongle connected to a network from a computer inside a firewall is considered by Network World magazine as the most common hardware threat facing computer networks. Use Antivirus
  • Access devices that have mobile access are gaining in popularity because of the ubiquitous nature of mobile phones. Built-in Bluetooth (eg, Bluetooth, low energy (LE), Near field communication (NFC) capabilities on non-iOS devices and biometric validation such as fingerprint readers, and QR code reader software designed for mobile devices, offer new and safe for the phone to connect to the access control system. This control system provides computer security and can also be used to control access to safe buildings.

Secure operating system

One use of the term "computer security" refers to the technology used to implement a secure operating system. In the 1980s the United States Department of Defense (DEP) used the "Citrus Book" standard, but the current international standard ISO/IEC 15408, "General Criteria" defines the increasingly stringent Level of Assurance Guarantee. Many general operating systems meet EAL4 standards as "Methodically Designed, Tested and Reviewed", but the formal verification required for the highest level means that it is not unusual. An example of the EAL6 ("Semiformally Verified Design and Tested") system is Integrity-178B, used on Airbus A380 and several military jets.

Secure encoding

In software engineering, secure encoding aims to prevent accidental introduction of security loopholes. It is also possible to make software designed from the ground up to be safe. Such systems are "safe by design". Beyond this, formal verification aims to prove the truth of the algorithm underlying a system; important for cryptographic protocols for example.

Ability and access control list

In computer systems, two of the many security models that can enforce privilege separation are access control lists (ACLs) and capacity-based security. Using ACLs to limit the program has proven unsafe in many situations, such as if the host computer can be indirectly driven to allow access to restricted files, a problem known as a confusing representation problem. It has also been shown that the ACL's promise of providing access to objects to only one person will never be guaranteed in practice. Both of these problems are resolved by ability. This does not mean practical flaws exist in all ACL-based systems, but only that certain utility planners should be responsible for ensuring that they do not introduce flaws.

Abilities are largely confined to operating operating systems, while commercial OS still uses ACLs. Capabilities can, however, also be implemented at the language level, leading to a programming style that is essentially an enhancement of a standard object-oriented design. Open source project in this area is E language.

End user security training

Repeated education/training in "best practices" of security can have a marked effect on compliance with good end user network security habits - which mainly protects against phishing, ransomware and other forms of malware that have social engineering aspects.

Response to violation

Responding forcefully to security breaches (in a way that would be done for physical security breaches) is often very difficult for various reasons:

  • Identifying attackers is difficult, as they often reside in different jurisdictions with systems they try to solve, and operate through proxies, temporary anonymous dial-up accounts, wireless connections, and other anonymizing procedures that make backtracing difficult and often reside in other jurisdictions. If they successfully break the security, they can often remove the logs to cover their tracks.
  • The number of attempted attacks is so great that the organization can not spend time chasing each attacker (a typical home user with a permanent connection (for example, cable modem) will be attacked at least several times per day, so more interesting targets can be expected to see more ). It should be noted, however, that most of these attacks are created by automatic vulnerability scanners and computer worms.
  • Law enforcement officials are often unfamiliar with information technology, thus lacking the skills and interests in pursuing an attacker. There is also a budget limit. It has been argued that the high cost of technology, such as DNA testing, and forensic enhancement mean less money for other types of law enforcement, so the overall level of unruly criminals increases with the rising technological costs. Additionally, the identification of attackers across the network may require logs from various points on the network and in many countries, the release of this record for law enforcement (with the exception of voluntarily submitted by the network administrator or system administrator) requires search warrants and, depending on circumstances, the necessary legal process can be drawn to the point where the record is regularly destroyed, or the information is no longer relevant.
  • The United States government spends the largest amount of money each year on cyber security. The United States has an annual budget of 28 billion dollars. Canada has the second highest annual budget of 1 billion dollars. Australia has the third highest budget with just 70 million dollars.

Security and privacy type

  • Access control
  • Anti-keyloggers
  • Anti-malware
  • Anti-spyware
  • Anti-subversion software
  • Anti-destroyer
    • software
  • Antivirus software
  • Cryptography software
  • Computer-aided dispatch (CAD)
  • Firewall
  • Intrusion detection system (IDS)
  • Intrusion prevention system (IPS)
  • Logging management software
  • Notes management
  • Sandbox
  • Security information management
  • SIEM
  • Anti-theft
  • Parent control
  • Software and operating system updates

10 Ways in Which Technology Has Affected Cyber Security
src: www.iamwire.com


Essential attacks and violations

Some illustrative examples of different types of computer security violations are given below.

Robert Morris and the first computer worm

In 1988, only 60,000 computers were connected to the Internet, and most were mainframes, minicomputers and professional workstations. On November 2, 1988, many started slowing down, because they were running malicious code that demanded processor time and it spread itself to other computers - the first Internet "worm". The software was traced back to 23-year-old Cornell University graduate student Robert Tappan Morris, Jr. who says 'he wants to count how many machines are connected to the Internet'.

Rome Laboratory

In 1994, over a hundred disorders were made by unknown crackers into the Rome Laboratory, the US Air Force command and research facility. Using trojan horses, hackers can gain unlimited access to the Roma network system and erase their activity footprint. The intruders are able to obtain secret files, such as air duty reservation system data and then able to penetrate the network connected to the Aeronautics and Space Aeronautics and Space Space Flight Center, the Wright-Patterson Air Force Base, some Defense contractors, and other private sector organizations. , masquerading as a trusted Roman center user.

Customer credit card details TJX

In early 2007, American clothing and home goods company, TJX announced that they were victims of unauthorized computer system disruptions and that hackers have accessed systems that store data on credit cards, debit cards, checks and purchase transactions.

Stuxnet Attack

The computer worm known as Stuxnet reportedly damaged nearly a fifth of Iran's nuclear centrifuges by interfering with industrial programmable logic controllers (PLCs) in targeted attacks generally believed to have been launched by Israel and the United States - though not publicly acknowledging this.

Disclosure of global surveillance

In early 2013, documents provided by Edward Snowden were published by The Washington Post and The Guardian that expose NSA's large-scale global reconnaissance. There is also an indication that the NSA may have entered a backdoor in the NIST standard for encryption. This standard was later withdrawn due to widespread criticism. The NSA was also disclosed to have tapped links between Google's data centers.

Target and Home Depot breaking

In 2013 and 2014, a Russian/Ukrainian hack known as the "Rescator" goes to Target Corporation's computer in 2013, steals about 40 million credit cards, and then Home Depot computers in 2014, steals between 53 and 56 million credit card numbers. Warnings are delivered in both companies, but are ignored; Physical security violations using self-checkout machines are believed to have played a big role. "The malware used is completely unsophisticated and uninteresting," said Jim Walter, director of threat intelligence operations at security technology company McAfee - meaning that robberies can be easily stopped by existing antivirus software that the administrator has been responding to.. The size of theft has generated great attention from the state and Federal governments of the United States and investigations are underway.

Office Personnel Management data violation

In April 2015, the Office of Personnel Management found that this hack was hacked more than a year earlier in data breaches, resulting in the theft of approximately 21.5 million personnel records handled by the office. The Hacking Office of Personnel Management has been described by federal officials as one of the largest violations of government data in the history of the United States. The data targeted in the violation includes personally identifiable information such as Social Security Number, name, date and place of birth, address, and fingerprint of current and former government employees and anyone who has undergone a government background check. It is believed that hacking is done by Chinese hackers but the motivation is still unclear.

Ashley Madison breaking

In July 2015, a hacking group known as the "Impact Team" broke through Ashley Madison's outdoor marriage site. The group claims that they not only retrieve company data but also user data. After the violation, the Impact Team removed emails from company CEOs, to prove their point, and threatened to remove customer data unless the website was permanently deleted. With the release of this preliminary data, the group stated "Avid Life Media has been instructed to permanently take Ashley Madison and Men Men in all forms, or we will release all customer records, including profiles with all secret sexual fantasies of customers and matching credit credits card, name and original address, and employee and email documents.Other websites may remain online. "When Avid Life Media, the parent company that created the Ashley Madison website, did not take the site offline, The Impact Group released two more compressed files , another 9.7 GB, and a second 20 GB. After the second dump data, Avid Life Media CEO Noel Biderman resigned, but the website continues to work.

A perfect way to Start and Strengthen your Cyber Security Career
src: i0.wp.com


Global legal and regulatory issues

The legal conflicts in cyberspace have been a major cause of concern for the computer security community. Some of the major challenges and complaints about the antivirus industry are the lack of global web rules, the global basis of common rules for judging, and ultimately punishing, cybercrimes and cyber criminals. There is no global cyber law and cyber security agreements that can be required to enforce global cyber security issues.

The international legal problem of cyber attacks is very complicated. Even if antivirus companies place cybercriminal behind the creation of certain viruses or malware or other forms of cyber attacks, often local authorities can not take action because of the lack of legislation needed to prosecute. Author attribution to cybercrimes and cyber attacks is a major problem for all law enforcement agencies.

"Computer viruses move from one country to another, from one jurisdiction to another - move around the world, using the fact that we do not have the ability to operate a global police like this.So the internet as if someone [has] been given a plane ticket free to all online criminals in the world. "The use of dynamic DNS, fast flux and bullet proof servers has added to its own complexity for this situation.

10 Ways in Which Technology Has Affected Cyber Security
src: www.iamwire.com


Government role

The role of government is to enact regulations to force companies and organizations to protect their systems, infrastructure and information from cyber attacks, but also to protect their own national infrastructure such as the national grid.

The question of whether the government should intervene or not in cyberspace settings is very polemical. Indeed, as long as there is and by definition, the virtual world is a virtual space free from government interference. Where everyone agrees that the increase in cyber security is more than important, is the government the best actor to solve this problem? Many government officials and experts think that the government should step in and that there is an important need for regulation, especially because of private sector failures to solve cybersecurity problems efficiently. R. Clarke said during a panel discussion at the RSA Security Conference in San Francisco, he believes that "industry only responds when you threaten regulation, if the industry does not respond (to threats), you must follow up." On the other hand, executives from the private sector agree that improvements are needed, but think that government intervention will affect their ability to innovate efficiently.

COMPUTER SECURITY DAY â€
src: n7jmr7muhj-flywheel.netdna-ssl.com


International actions

Many different teams and organizations exist, including:

  • The Response and Incident Security Team (FIRST) Forum is a global CSIRT association. US-CERT, AT & amp; T, Apple, Cisco, McAfee, Microsoft are members of this international team.
  • The Council of Europe helps protect people worldwide from cybercrime threats through the Maya Cybercrime Convention.
  • The purpose of the Messaging Anti-Abuse Working Group (MAAWG) is to bring the messaging industry together to work collaboratively and to successfully address various forms of message misuse, such as spam, viruses, denial-of-service attacks and other message exploits. France Telecom, Facebook, AT & amp; T, Apple, Cisco, Sprint are some members of MAAWG.
  • ENISA: The European Network and Information Security Agent (ENISA) are agents of the European Union with a view to improving network and information security in the EU.

Europe

CSIRT in Europe collaborated in the TF-CSIRT TERENA task force. The Trusted Recognizer Service TERENA provides accreditation and certification schemes for CSIRT in Europe. A full list of known CSIRTs in Europe is available from the Trusted Recognition website.

Cyber Security
src: www.ccboe.com


National action

Computer emergency response team

Most countries have their own computer emergency response teams to protect network security.

Canada

On October 3, 2010, Canada Public Safety launched the Canadian Mayan Security Strategy, following the Speech from the Throne of commitment to improve the security of Canadian virtual worlds. The goal of this strategy is to strengthen the "cyber system and important infrastructure sector in Canada, support economic growth and protect Canada as they connect with each other and into the world." The three main pillars determine strategy: securing government systems, partnering to secure critical virtual systems outside the federal government, and helping Canada to be safe online. This strategy involves many departments and agencies throughout the Government of Canada. The Cyber ​​Incident Management Framework â € <â €

Canada Public Safety Incident Response Center (CCIRC) is responsible for reducing and responding to threats to Canada's critical Cyber ​​infrastructure and systems. CCIRC provides support to reduce cyber threats, technical support for responding and recovering from targeted cyber attacks, and providing online tools for members of Canada's key infrastructure sector. CCIRC posts regular cyber security bulletins on the Public Safety Canada website. CCIRC also operates online reporting tools where individuals and organizations can report cyber incidents. The Canadian Maya Security Strategy is part of a larger and integrated approach to critical infrastructure protection, and serves as a partner document for the National Strategy and Action Plan for Critical Infrastructure.

On September 27, 2010, Canada Public Safety partnered with STOP.THINK.CONNECT, a coalition of nonprofit organizations, the private sector, and governments dedicated to informing the general public about how to protect themselves online. On February 4, 2014, the Canadian Government launched the Mayan Security Cooperation Program. This program is a $ 1.5 million five-year initiative aimed at improving the Canadian virtual world system through grants and contributions to projects that support this goal. Canada Public Safety aims to begin the evaluation of the Canadian Mayan Security Strategy in early 2015. Canada Public Safety regulates and regularly updates the GetCyberSafe portal for Canadians, and conducts Cyber ​​Security Awareness Months during October.

China

Leading Group of China's Center for Internet and Information Security (China: ?????????????????????????????? ????????????????????????????????????????????????????????????????????????????????????? The Chinese Communist Party (LSG) is headed by Secretary-General Xi Jinping himself and has staff with relevant Party and Country decision-makers.The LSG was created to address the non-coherent policies and overlapping responsibilities that characterizes cyber-making mechanisms in China LSG oversees policy-making in the economic, political, cultural, social and military fields related to network security and IT strategy The LSG also coordinates key policy initiatives in the international arena that promote norms and standards favored by the Chinese government and which emphasizes the principle of national sovereignty in cyberspace.

German

Berlin initiated the National Cyber ​​Defense Initiative: On June 16, 2011, the German Minister of the Interior, officially opened the new NCAZ (National Center for Cyber ​​Defense) National Cyber-Abwehrzentrum located in Bonn. NCAZ works closely with BSI (Bundesamt's Federal Office for Information Security) at Sicherheit in der Informationstechnik, BKA (Federal Police Organization) Bundeskriminalamt (Deutschland), BND (Federal Intelligence Service) Bundesnachrichtendienst, MAD (Military Intelligence Service) Amt fÃÆ'¼r den MilitÃÆ'¤ rischen Abschirmdienst and other national organizations in Germany take care of the national security aspect. According to the Minister the main task of the new organization established on 23 February 2011, is to detect and prevent attacks on national infrastructure and the incidents mentioned such as Stuxnet.

India

Some provisions for cyber security have been incorporated into rules that are framed under the Information Technology Act 2000.

The 2013 National Maya Security Policy is a policy framework by the Ministry of Electronic and Information Technology (MeitY) aimed at protecting public and private infrastructure from cyber attacks, and maintaining "information, such as personal information (web users), financial and banking information and sovereign data ". CERT-In is a nodal agency that monitors cyber threats in the country. The National Security Cyber ​​Coordinator Post has also been created at the Prime Minister's Office (PMO).

The Corporate Act of India 2013 also introduced cyber laws and cyber security obligations on the part of Indian directors. Some provisions for cyber security have been incorporated into framed rules based on the Information Technology Act 2000 Update in 2013.

Portugal

The CNCS in Portugal promotes the use of cyberspace in a free, reliable and secure way, through the continuous improvement of national cybersecurity and international cooperation. - Maya Security Services, Nano IT Security is a company specialized in security analysis of cyber, pentesting, and vulnerability.

Pakistan

Cybercrime is increasing rapidly in Pakistan. There are about 34 million internet users with 133.4 million mobile subscribers in Pakistan. According to Cyber ​​Crime Unit (CCU), a branch of the Federal Investigation Agency, only 62 cases were reported to the unit in 2007, 287 cases in 2008, the ratio declined in 2009 but in 2010, more than 312 registered cases. However, there are many unreported cyber crime incidents.

"Pakistan Cyber ​​Crime Bill 2007", the first relevant law, focuses on electronic crime, such as cyber-terrorism, criminal access, electronic system fraud, electronic fraud, and misuse of encryption.

National Response Center for Maya World Crime (NR3C) - The FIA ​​is a law enforcement agency dedicated to fighting cybercrime. The inception of this Hi-Tech combat crime unit occurred in 2007 to identify and curb the phenomenon of misuse of technology in the community. However, certain private companies also work in cohesion with the government to improve cybersecurity and control cyber attacks.

South Korea

Following cyber attacks in the first half of 2013, when government, news media, television stations and bank websites are compromised, the national government is committed to training 5,000 new cyber security experts by 2017. The South Korean government blames northern partners for the attacks, as well as incidents which occurred in 2009, 2011 and 2012, but Pyongyang denies the allegations.

United States

Legislation

1986 18 U.S.C.Ã, 1030, better known as Computer Law Fraud and Abuse is a key law. This prohibits unauthorized access or damages of "protected computer" as defined in 18 U.S.C.Ã, Ã,§Ã, 1030 (e) (2) .

While other measures have been proposed, such as the 2009 Cybersecurity Act of 2010 - S. 773, the International Cybercrime Reporting and Cooperation Act - HR4962 and "Protecting Cyberspace as the National Asset Act of 2010 - S. 3480" on in 2010 - nothing works.

Executive Order 13636 Improving Critical Infrastructure Cybersecurity signed on February 12, 2013.

Agencies

The Department of Homeland Security has a special division responsible for response systems, risk management programs and requirements for cybersecurity in the United States called the National Cyber ​​Security Division. This division is home to US-CERT operations and Cyber ​​Alert System â € <â €

The third priority of the Federal Bureau of Investigation (FBI) is to: "Protect the United States against cyber-based attacks and high-tech crimes" , and they, together with the National White Collar Crime Center (NW3C), and the Bureau of Justice Help (BJA) is part of a multi-agency task force, the Internet Crime Centers Centers, also known as IC3.

In addition to its own specific tasks, the FBI participates with non-profit organizations such as InfraGard.

In the criminal division of the US Department of Justice operates a section called the Computer Crimes and Intellectual Property Crimes Unit. CCIPS is responsible for investigating computer crime and intellectual property crimes and is specialized in the search and seizure of digital evidence on computers and networks.

The Cyber ​​Command The United States, also known as USCYBERCOM, is assigned to defend the Defense Department's particular information network and ensure "security, integrity, and governance of government and military IT infrastructure and assets" has a role in the protection of civilian networks.

The role of the US Federal Communications Commission in cybersecurity is to strengthen the protection of critical communications infrastructure, to assist in maintaining network reliability during disasters, to aid rapid recovery thereafter, and to ensure that first responders have access to effective communications services.

The Food and Drug Administration has issued guidelines for medical equipment, and the National Highway Traffic Safety Administration deals with automotive cybersecurity. After being criticized by the Government Accountability Office, and after successful attacks on airports and attacks claimed on the plane, the Federal Aviation Administration has devoted funds to secure systems on board aircraft from private manufacturers, and Aircraft Communications Addressing and Reporting Systems. Concerns have also been raised about the Next Generation Air Transport System in the future.

Computer emergency preparedness team

"Emergency team computer" is the name given to a group of experts who handle computer security incidents. In the US, there are two different organizations, even though they work together.

  • US-CERT: part of the Cyber ​​Security Division â € <â €
  • CERT/CC: created by Defense Advanced Project Projects Agency (DARPA) and run by Software Engineering Institute (SEI).

A perfect way to Start and Strengthen your Cyber Security Career
src: i0.wp.com


Modern battles

There is a concern that the virtual world will become the next war theater. Like Mark Clayton of the Christian Science Monitor described in an article entitled "The New Cyber ​​Arms Race":

In the future, war will not only be fought by soldiers with weapons or by plane dropping bombs. They will also be fought with the click of a half-mouse world that releases carefully crafted computer programs that interfere with or destroy important industries such as utilities, transport, communications, and energy. Such attacks can also paralyze military networks that control the movement of troops, jet fighters, command and control of warships.

This has led to new terms like cyberwarfare and cyberterrorism . Cyber ​​Command The United States was created in 2009 and many other countries have similar powers.

Computer Security Puzzle Showing Files Protection Stock ...
src: thumbs.dreamstime.com


Job market

Cybersecurity is a fast growing IT field that deals with reducing the risk of hacking or data breaching organizations. According to research from Enterprise Strategy Group, 46% of organizations say they have "problematic deficiencies" of cybersecurity skills by 2016, up from 28% by 2015. Commercial, government and non-governmental organizations all hire cybersecurity professionals. The fastest increase in demand for cybersecurity workers is in the industry that manages the increasing volume of consumer data such as finance, health care, and retail. However, the use of the term "cybersecurity" is more common in government job descriptions.

Common cyber security job titles and descriptions include:

Security analyst
Analyze and assess vulnerabilities in infrastructure (software, hardware, networking), investigate using available tools and countermeasures to fix vulnerabilities detected, and recommend solutions and best practices. Analyze and assess damage to data/infrastructure as a result of security incidents, examine available recovery tools and tools, and recommend

Source of the article : Wikipedia

Comments
0 Comments
Langganan: Posting Komentar (Atom)