Security is the degree of protection against danger, damage, loss, and criminal activity.

In regards to information
security, computers, and IT networks, modern day security challenges include the following:

Challenge

Description
Sophisticated attacks are complex, making them difficult to detect and thwart.
Sophisticated attacks:

Sophisticat
ion of
attacks

Use common Internet tools and protocols, making it difficult to distinguish

an attack from legitimate traffic.
Vary their behavior, making the same attack appear differently each time.

Proliferatio
n of attack
software

A wide variety of attack tools are available on the Internet, allowing anyone
with a moderate level of technical knowledge to download the tools and run
an attack.

Scale and
velocity of
attacks

The scale and velocity of an attack can grow to millions of computers in a

matter of minutes or days due to its ability to proliferate on the Internet.
Because modern day attacks are not limited to user interactions, such as using
a floppy disk to spread an attack from machine to machine, the attacks often
affect very large numbers of computers in a relatively short amount of time.

Common security terms include the following:

Confidentiality ensures that data is not disclosed to unintended persons. This is provided
through encryption, which converts the data into a form making it more likely to not be usable by an
unintended recipient.
Integrity ensures that data is not modified or tampered with. This is provided through hashing.
Availability ensures the uptime of the system so that data is available when needed.
Non-repudiation provides validation of a message's origin. For example, if a user sends a digitally signed
e-mail, they cannot later claim later that the e-mail was not sent. Non-repudiation is enforced by digital
signatures.
The CIA of Security refers to confidentiality, integrity, and availability. These are often identified as the three main
goals of security.
Key security components include the following:
Physical security includes all hardware and software needed to secure data, such as firewalls and
antivirus software.
Users and administrators are the people who use the software and the people who manage the software,
respectively.
Policies are the rules an organization implements to protect information.
Risk management is the process of identifying security issues and deciding which countermeasures to take in
reducing risk to an acceptable level. The main objective is to reduce the risk for an organization to a level that is
deemed acceptable by senior management. Risk management generally takes the following items into account:
An asset is something that has value to the person or organization, such as sensitive information in a
database.
A threat is an entity that can cause the loss of an asset, or any potential danger to the confidentiality,
integrity, or availability of information or systems, such as a data breach that results in a database being
stolen.
A threat agent (sometimes known as an attacker) is an entity that can carry out a threat, such as a
disgruntled employee who copies a database to a thumb drive and sells it to a competitor.

A vulnerability is a weakness that allows a threat to be carried out, such as a USB port that is enabled on
the server hosting the database or a server room door that is frequently left ajar.
An exploit is a procedure or product that takes advantage of a vulnerability to carry out a threat, such as
when a disgruntled employee waits for the server room door to be left ajar, copies the database to a thumb
drive, and then sells it.
Types of threat agents include the following:

Typ
e

Em
ploy
ee

Description
Employees can be the most overlooked, yet most dangerous threat agent because
they have greater access to information assets than anyone on the outside trying to
break in. Employees are also known as internal threats. Employees can:
Become disgruntled with their employer
Be bribed by a competitor
Be an unintentional participant in an attack
Spies can be employed in corporate espionage to obtain information about
competitors for commercial purposes. Spies are typically deployed in the following
scenarios:

Spy

A spy applies for a job with a commercial competitor and then exploits internal
vulnerabilities to steal information and return it to their client.
A spy attacks an organization from the outside by exploiting external vulnerabilities
and then returns the information to their client.
In general, a hacker is any threat agent who uses their technical knowledge to bypass
security mechanisms to exploit a vulnerability to access information. Hacker
subcategories include the following:

Hac
ker

Script kiddies download and run attacks available on the Internet, but generally are
not technically savvy enough to create their own attacking code or script.
Cybercriminals usually seek to exploit security vulnerabilities for some kind of
financial reward or revenge.
Cyber terrorists generally use the Internet to carry out terrorist activities, such as
disrupting network-dependent institutions.

General attack strategies include the following steps:

Step

Description
Reconnaissance is the process of gathering information about an organization,
including:

Reconnaiss
ance

System hardware information

Network configuration
Individual user information

Breach

A breach is the penetration of system defenses, achieved through information

gathered by reconnaissance to penetrate the system defenses and gain
unauthorized access.

Escalate
privileges

Escalating privileges is one of the primary objectives of an attacker and can

be achieved by configuring additional (escalated) rights to do more than just
breaching the system.

Stage

Staging a computer involves preparing it to perform additional tasks in the

attack, such as installing software designed to attack other systems. This is an
optional step.
Exploitation involves taking advantage of known vulnerabilities in software
and systems. Types of exploitation include:

Exploit

Stealing information
Denying services
Crashing systems
Modifying/Altering information

General defense methodologies include the following items:

Item

Description

Layering

Layering involves implementing multiple security measures to protect the same

asset. Defense in depth or security in depth is the premise that no single layer is
completely effective in securing the assets. The most secure system/network
has many layers of security and eliminates single points of failure.

Principle
of least

The principle of least privilege states that users or groups are given only the
access they need to do their job and nothing more. When assigning privileges,

privilege

be aware that it is often easier to give a user more access when they need it
than to take away privileges that have already been granted.

Variety

Defensive layers should have variety and be diverse; implementing multiple

layers of the exact same defense does not provide adequate strength against
attacks.

Randomn
ess

Randomness in security is the constant change in personal habits and

passwords to prevent anticipated events and exploitation.

Simplicit
y

Security measures should provide protection, but not be so complex that you do
not understand and use them.