Information

Security 1
Overview of Security
 TOPIC DISCUSSION

1 Overview of Security
1.1 CIA Triad
1.2 AAA of Security
1.3 Security Threats
1.4 Hackers
1.5 Threat Actors
 TOPIC DISCUSSION

2 Malware
2.1 Viruses
2.2 Worms
2.3 Trojans
2.4 Ransomware
2.5 Spyware
2.6 Rootkits

2.7 Spam
 TOPIC DISCUSSION

3 Malware Infections
3.1 Common Delivery Methods
3.2 Phishing
3.3 Botnets and Zombies
3.4 Active Interception and Privilege
3.5 Backdoors and Logic Bombs
3.6 Symptoms of Infection

3.7 Removing Malware

3.8 Preventing Malware
 Network Security
Network security is a broad term that covers a multitude of
technologies, devices and processes. In its simplest term, it is a
set of rules and configurations designed to protect the integrity,
confidentiality and accessibility of computer networks and data
using both software and hardware technologies. Every
organization, regardless of size, industry or infrastructure,
requires a degree of network security solutions in place to
protect it from the ever-growing landscape of cyber threats in
the wild today.
 Network Security
Today's network architecture is complex and is faced with a threat
environment that is always changing and attackers that are always
trying to find and exploit vulnerabilities. These vulnerabilities can
exist in a broad number of areas, including devices, data,
applications, users and locations. For this reason, there are many
network security management tools and applications in use today
that address individual threats and exploits and also regulatory non-
compliance. When just a few minutes of downtime can cause
widespread disruption and massive damage to an organization's
bottom line and reputation, it is essential that these protection
 CIA Triad
CIA - Confidentiality, Integrity and
Availability
The CIA Triad is actually a security model that has been developed
to help people think about various parts of IT security.
 AAA of Security
Authentication, authorization, and accounting (AAA) is a method
you can use in your network to control which administrators are
allowed to connect to which devices (authentication), what they can
do on these devices (authorization), and log what they actually did
while they were logged in (accounting).
 Security Threats
Security Threat is defined as a risk that which can potentially harm
computer systems and organization. The cause could be physical
such as someone stealing a computer that contains vital data. The
cause could also be non-physical such as a virus attack.
 Hackers
People, not computers, create computer threats. Computer predators
victimize others for their own gain. Give a predator access to the
Internet — and to your PC — and the threat they pose to your
security increases exponentially.

Computer hackers are unauthorized users who break into computer

systems in order to steal, change or destroy information, often by
installing dangerous malware without your knowledge or consent.
Their clever tactics and detailed technical knowledge help them
access the information you really don’t want them to have.
 Hackers
 Ethical Hacker (White hat)
 Cracker (Black hat)
 Grey hat
 Script kiddies
 Hacktivist
 Phreaker
 Threat Actors
 A threat actor is a person or entity that has the ability or intent to
impact the security of other individuals or companies

 Threat actors can be internal or external to the organization being

targeted, and they may or may not possess the technical skillsets
needed to infiltrate and compromise networks and corporate data
 Malware
Malware is the collective name for a number of malicious
software variants, including viruses, ransomware and spyware.
Shorthand for malicious software, malware typically consists of
code developed by cyberattackers, designed to cause extensive
damage to data and systems or to gain unauthorized access to a
network. Malware is typically delivered in the form of a link or
file over email and requires the user to click on the link or open
the file to execute the malware.
 Malware
Malware has actually been a threat to individuals and
organizations since the early 1970s when the Creeper virus first
appeared. Since then, the world has been under attack from
hundreds of thousands of different malware variants, all with the
intent of causing the most disruption and damage as possible.
 Viruses

A computer virus is what most of the media and regular end-

users call every malware program reported in the news.
Fortunately, most malware programs aren't viruses. A computer
virus modifies other legitimate host files (or pointers to them) in
such a way that when a victim's file is executed, the virus is also
executed
 Worms
Worms have been around even longer than computer viruses, all
the way back to mainframe days. Email brought them into
fashion in the late 1990s, and for nearly a decade, computer
security pros were besieged by malicious worms that arrived as
message attachments. One person would open a wormed email
and the entire company would be infected in short order
 Trojans
Computer worms have been replaced by Trojan horse malware
programs as the weapon of choice for hackers. Trojans
masquerade as legitimate programs, but they contain malicious
instructions. They've been around forever, even longer than
computer viruses, but have taken hold of current computers
more than any other type of malware.
 Ransomware

Malware programs that encrypt your data and hold it as hostage

waiting for a cryptocurrency pay off has been a huge percentage
of the malware for the last few years, and the percentage is still
growing. Ransomware has often crippled companies, hospitals,
police departments, and even entire cities.
 Spyware
Spyware is most often used by people who want to check on the
computer activities of loved ones. Of course, in targeted attacks,
criminals can use spyware to log the keystrokes of victims and
gain access to passwords or intellectual property.

Adware and spyware programs are usually the easiest to

remove, often because they aren't nearly as nefarious in their
intentions as other types of malware. Find the malicious
executable and prevent it from being executed — you're done.
 Rootkits
A rootkit is a clandestine computer program designed to provide
continued privileged access to a computer while actively hiding
its presence. The term rootkit is a connection of the two words
"root" and "kit." Originally, a rootkit was a collection of tools
that enabled administrator-level access to a computer or
network. Root refers to the Admin account on Unix and Linux
systems, and kit refers to the software components that
implement the tool. Today rootkits are generally associated with
malware – such as Trojans, worms, viruses – that conceal their
existence and actions from users and other system processes.
 Spam
Spamming is the point at which a cyber-criminal sends
messages intended to profit on fake or phony products.

Much of it is sent by botnets, networks of virus-infected

computers, complicating the process of tracking down the
spammers. According to various estimates, about 80% of all
email in the world may be spam
Common Delivery Methods
 Phishing
Phishing is a method of trying to gather personal information
using deceptive e-mails and websites. Here's what you need to
know about this venerable, but increasingly sophisticated, form
of cyber attack.
 Botnets and Zombies
News about internet crimes often mentions "bots", "zombies",
and "botnets". It's not hard to figure out from the context that
these are computer or network security threats. But what exactly
are they, how do they work, and what kind of damage can they
cause?

A bot, short for "robot", is a type of software application or

script that performs automated tasks on command. Bad bots
perform malicious tasks that allow an attacker to remotely take
control over an affected computer. Once infected, these
 Active Interception and Privilege
Active GSM interception systems allow an attacker to actively
interfere in communications between mobile phones and base
stations by means of a so-called IMSI-catcher, in essence a
transmitter and receiver that simulates the functionality of a
GSM base station. Recent attack methods involve spoofing so-
called femtocells to feign that you are the user’s mobile network
provider, while in fact you are taking over his network traffic.
 Backdoors and Logic Bombs
A backdoor occurs when a programmer provides as a means to
grant themselves or others future access to a system.

A logic bomb is commonly defined as an attribute or a portion

of code running within a program that remains inactive until a
specific event or time occurs.
 Symptoms of Infection
 Your computer is slowing down
 Annoying ads are displayed
 Crashes
 Pop-up messages
 Internet traffic suspiciously increases
 Your browser homepage changed without your input
 Unusual messages show unexpectedly
 Your security solution is disabled
 Your friends say they receive strange messages from you
 Unfamiliar icons are displayed on your desktop
 Unusual error messages
 You can’t access the Control Panel
 Everything seems to work perfectly on your PC
 You get the error on the browser
 You get suspicious shortcut files
 Preventing Malware
Practice safe browsing
Use strong passwords and/or password managers
Make sure you’re on a secure connection
Log out of websites after you’re done

Layer your security

Use firewall, anti-malware, anti-ransomware, and anti-exploit
technology.
 Preventing Malware
Protect vulnerabilities

Update your operating system, browsers, and plugins

Enable click-to-play plugins
Remove software you don’t use (especially legacy programs).
 Preventing Malware

Watch out for social engineering

Read emails with an eagle eye

Do not call fake tech support numbers
Do not believe the cold callers
Removing Malware