SlideShare a Scribd company logo

Chapter 2 konsep dasar keamanan

N
newbie2019

This document discusses information system security. It defines information system security as collecting activities to protect information systems and stored data. It outlines four components of an IT security policy framework: policies, standards, procedures, and guidelines. It also discusses vulnerabilities, threats, attacks, and trends in attacks. Vulnerabilities refer to weaknesses, while threats use tools and scripts to launch attacks like reconnaissance, access, denial of service, and viruses/Trojans. Common attacks trends include malware, phishing, ransomware, denial of service, man-in-the-middle, cryptojacking, SQL injection, and zero-day exploits.

Related slideshows

Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend Them
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in Healthcare
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.
 
1 of 28
Download to read offline
INFORMATION SYSTEM SECURITY Jupriyadi, S.Kom. M.T. jupriyadi@teknokrat.ac.id Bandarlampung, Juli 2021 https://spada.teknokrat.ac.id Chapter 2
Chapter 2 Objectives :  The Students understand vulnerabilities, threats, and attacks in network systems.  The Students understand examples of weaknesses, threats, and attacks.  The Students understand the trend of attacks in network systems.
What is Information System Security ... ??? Information systems security is the collection of activities that protect the information system and the data stored in it Source : Fundamental of Information SystemS Security (David Kim and MG. Solomon)
IT security policy framework contains four main components: Policy—A policy is a short written statement that the people in charge of an organiza-tion have set as a course of action or direction. A policy comes from upper management and applies to the entire organization. Standard—A standard is a detailed written definition for hardware and software and how they are to be used. Standards ensure that consistent security controls are used throughout the IT system. Procedures—These are written instructions for how to use policies and standards.- They may include a plan of action, installation, testing, and auditing of security controls. Guidelines—A guideline is a suggested course of action for using the policy, -standards, or procedures. Guidelines can be specific or flexible regarding use.
Vulnerability Threats Attacks ... ???
Vulnerability ... ? Cyber threats, or simply threats, refer to cybersecurity circumstances or events with the potential to cause harm by way of their outcome. A few examples of common threats include a social-engineering or phishing attack that leads to an attacker installing a trojan and stealing private information from your applications, political activists DDoS-ing your website, an administrator accidentally leaving data unprotected on a production system causing a data breach, or a storm flooding your ISP’s data center.
Vulnerability ... ? Networks are typically plagued by one or all of three primary vulnerabilities or weaknesses: 1 • Technology weaknesses 2 • Configuration weaknesses 3 • Security policy weaknesses
Technology weaknesses Technological Weaknesses Computer and network technologies have intrinsic security weaknesses. These include TCP/IP protocol weaknesses, operating system weaknesses, and network equipment weaknesses
Configuration Weaknesses Configuration Weaknesses Network administrators or network engineers need to learn what the configuration weaknesses are and correctly configure their computing and network devices to compensate.
Security policy weaknesses Security Policy Weaknesses Security policy weaknesses can create unforeseen security threats. The network can pose security risks to the network if users do not follow the security policy.
Threats ... ? Vulnerabilities simply refer to weaknesses in a system. They make threat outcomes possible and potentially even more dangerous. A system could be exploited through a single vulnerability, for example, a single SQL Injection attack could give an attacker full control over sensitive data. An attacker could also chain several exploits together, taking advantage of more than one vulnerability to gain more control.
Threats ... ? There are four primary classes of threats to network security : 1. Unstructured threats Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. 2. Structured threats Structured threats come from hackers who are more highly motivated and technically competent 3. External threats External threats can arise from individuals or organizations working outside of a company. They do not have authorized access to the computer systems or network. 4. Internal threats Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network.
Attacks ... ? The threats use a variety of tools, scripts, and programs to launch attacks against networks and network devices. Typically, the network devices under attack are the endpoints, such as servers and desktops.
Four primary classes of attacks exist: 1 • Reconnaissance 2 • Access 3 • Denial of service 4 • Worms, viruses, and Trojan horses
Reconnaissance ? Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also known as information gathering and, in most cases, it precedes an actual access or denial-of-service (DoS) attack.
Access ? System access is the ability for an unauthorized intruder to gain access to a device for which the intruder does not have an account or a password. Entering or accessing systems to which one does not have authority to access usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked.
Denial of service ... ? Denial of service implies that an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable.
Worms, viruses, and Trojan horses ? A computer virus is a program that is loaded on your computer without your knowledge and runs without your permission. A virus is designed to reprovirus duce itself through legitimate processes in computer programs and operating systems; therefore, a virus requires a host in order to replicate. The term, Trojan horse, is usually used to refer to a non-replicating malicious program which is the main characteristic that distinguishes it from a virus. Trojan horses often appear as e-mail attachments with enticing names that induce people to open them. A worm is a small piece of software that uses security holes within networks to replicate itself. The worm scans the network for another computer that has a specific security hole. It copies itself to the new machine exploiting the security hole, and then starts replicating from that system as well.
Attack Trends Attacks Malware Phishing Ransom ware Denial of service Man in the middle Cryptoja cking SQL injection Zero-day exploits
Malware Malware — Short for malicious software, malware can refer to any kind of software, no matter how it's structured or operated, that "is a designed to cause damage to a single computer, server, or computer network
Phishing Phishing — Phishing is a technique by which cybercriminals craft emails to fool a target into taking some harmful action. The recipient might be tricked into downloading malware that's disguised as an important document, for instance, or urged to click on a link that takes them to a fake website where they'll be asked for sensitive information like bank usernames and passwords. Many phishing emails are relatively crude and emailed to thousands of potential victims, but some are specifically crafted for valuable target individuals to try to get them to part with useful information
Ransomware Ransomware — Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, and are typically payable to cybercriminals in cyptocurrency.
Denial of service Denial of service — A denial of service attack is a brute force method to try stop some online service from working properly. For instance, attackers might send so much traffic to a website or so many requests to a database that it overwhelms those systems ability to function, making them unavailable to anybody. A distributed denial of service (DDoS) attack uses an army of computers, usually compromised by malware and under the control of cybercriminals, to funnel the traffic towards the targets.
Man in the middle Man in the middle — A man in the middle attack (MITM) is a method by which attackers manage to interpose themselves secretly between the user and a web service they're trying to access. For instance, an attacker might set up a Wi-Fi network with a login screen designed to mimic a hotel network; once a user logs in, the attacker can harvest any information that user sends, including banking passwords.
Cryptojacking Cryptojacking — Cryptojacking is a specialized attack that involves getting someone else's computer to do the work of generating cryptocurrency for you (a process called mining in crypto lingo). The attackers will either install malware on the victim's computer to perform the necessary calculations, or sometimes run the code in JavaScript that executes in the victim's browser.
SQL injection SQL injection — SQL injection is a means by which an attacker can exploit a vulnerability to take control of a victim's database. Many databases are designed to obey commands written in the Structured Query Language (SQL), and many websites that take information from users send that data to SQL databases. In a SQL injection attack, a hacker will, for instance, write some SQL commands into a web form that's asking for name and address information; if the web site and database aren't programmed correctly, the database might try to execute those commands.
Zero-day exploits Zero-day exploits — Zero-days are vulnerabilities in software that have yet to be fixed. The name arises because once a patch is released, each day represents fewer and fewer computers open to attack as users download their security updates. Techniques for exploiting such vulnerabilites are often bought and sold on the dark web — and are sometimes discovered by government agencies that controversially may use them for their own hacking purposes, rather than releasing information about them for the common benefit.
What's Next ?

More Related Content

Chapter 2 konsep dasar keamanan

  • 1. INFORMATION SYSTEM SECURITY Jupriyadi, S.Kom. M.T. jupriyadi@teknokrat.ac.id Bandarlampung, Juli 2021 https://spada.teknokrat.ac.id Chapter 2
  • 2. Chapter 2 Objectives :  The Students understand vulnerabilities, threats, and attacks in network systems.  The Students understand examples of weaknesses, threats, and attacks.  The Students understand the trend of attacks in network systems.
  • 3. What is Information System Security ... ??? Information systems security is the collection of activities that protect the information system and the data stored in it Source : Fundamental of Information SystemS Security (David Kim and MG. Solomon)
  • 4. IT security policy framework contains four main components: Policy—A policy is a short written statement that the people in charge of an organiza-tion have set as a course of action or direction. A policy comes from upper management and applies to the entire organization. Standard—A standard is a detailed written definition for hardware and software and how they are to be used. Standards ensure that consistent security controls are used throughout the IT system. Procedures—These are written instructions for how to use policies and standards.- They may include a plan of action, installation, testing, and auditing of security controls. Guidelines—A guideline is a suggested course of action for using the policy, -standards, or procedures. Guidelines can be specific or flexible regarding use.
  • 6. Vulnerability ... ? Cyber threats, or simply threats, refer to cybersecurity circumstances or events with the potential to cause harm by way of their outcome. A few examples of common threats include a social-engineering or phishing attack that leads to an attacker installing a trojan and stealing private information from your applications, political activists DDoS-ing your website, an administrator accidentally leaving data unprotected on a production system causing a data breach, or a storm flooding your ISP’s data center.
  • 7. Vulnerability ... ? Networks are typically plagued by one or all of three primary vulnerabilities or weaknesses: 1 • Technology weaknesses 2 • Configuration weaknesses 3 • Security policy weaknesses
  • 8. Technology weaknesses Technological Weaknesses Computer and network technologies have intrinsic security weaknesses. These include TCP/IP protocol weaknesses, operating system weaknesses, and network equipment weaknesses
  • 9. Configuration Weaknesses Configuration Weaknesses Network administrators or network engineers need to learn what the configuration weaknesses are and correctly configure their computing and network devices to compensate.
  • 10. Security policy weaknesses Security Policy Weaknesses Security policy weaknesses can create unforeseen security threats. The network can pose security risks to the network if users do not follow the security policy.
  • 11. Threats ... ? Vulnerabilities simply refer to weaknesses in a system. They make threat outcomes possible and potentially even more dangerous. A system could be exploited through a single vulnerability, for example, a single SQL Injection attack could give an attacker full control over sensitive data. An attacker could also chain several exploits together, taking advantage of more than one vulnerability to gain more control.
  • 12. Threats ... ? There are four primary classes of threats to network security : 1. Unstructured threats Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. 2. Structured threats Structured threats come from hackers who are more highly motivated and technically competent 3. External threats External threats can arise from individuals or organizations working outside of a company. They do not have authorized access to the computer systems or network. 4. Internal threats Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network.
  • 13. Attacks ... ? The threats use a variety of tools, scripts, and programs to launch attacks against networks and network devices. Typically, the network devices under attack are the endpoints, such as servers and desktops.
  • 14. Four primary classes of attacks exist: 1 • Reconnaissance 2 • Access 3 • Denial of service 4 • Worms, viruses, and Trojan horses
  • 15. Reconnaissance ? Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also known as information gathering and, in most cases, it precedes an actual access or denial-of-service (DoS) attack.
  • 16. Access ? System access is the ability for an unauthorized intruder to gain access to a device for which the intruder does not have an account or a password. Entering or accessing systems to which one does not have authority to access usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked.
  • 17. Denial of service ... ? Denial of service implies that an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable.
  • 18. Worms, viruses, and Trojan horses ? A computer virus is a program that is loaded on your computer without your knowledge and runs without your permission. A virus is designed to reprovirus duce itself through legitimate processes in computer programs and operating systems; therefore, a virus requires a host in order to replicate. The term, Trojan horse, is usually used to refer to a non-replicating malicious program which is the main characteristic that distinguishes it from a virus. Trojan horses often appear as e-mail attachments with enticing names that induce people to open them. A worm is a small piece of software that uses security holes within networks to replicate itself. The worm scans the network for another computer that has a specific security hole. It copies itself to the new machine exploiting the security hole, and then starts replicating from that system as well.
  • 20. Malware Malware — Short for malicious software, malware can refer to any kind of software, no matter how it's structured or operated, that "is a designed to cause damage to a single computer, server, or computer network
  • 21. Phishing Phishing — Phishing is a technique by which cybercriminals craft emails to fool a target into taking some harmful action. The recipient might be tricked into downloading malware that's disguised as an important document, for instance, or urged to click on a link that takes them to a fake website where they'll be asked for sensitive information like bank usernames and passwords. Many phishing emails are relatively crude and emailed to thousands of potential victims, but some are specifically crafted for valuable target individuals to try to get them to part with useful information
  • 22. Ransomware Ransomware — Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, and are typically payable to cybercriminals in cyptocurrency.
  • 23. Denial of service Denial of service — A denial of service attack is a brute force method to try stop some online service from working properly. For instance, attackers might send so much traffic to a website or so many requests to a database that it overwhelms those systems ability to function, making them unavailable to anybody. A distributed denial of service (DDoS) attack uses an army of computers, usually compromised by malware and under the control of cybercriminals, to funnel the traffic towards the targets.
  • 24. Man in the middle Man in the middle — A man in the middle attack (MITM) is a method by which attackers manage to interpose themselves secretly between the user and a web service they're trying to access. For instance, an attacker might set up a Wi-Fi network with a login screen designed to mimic a hotel network; once a user logs in, the attacker can harvest any information that user sends, including banking passwords.
  • 25. Cryptojacking Cryptojacking — Cryptojacking is a specialized attack that involves getting someone else's computer to do the work of generating cryptocurrency for you (a process called mining in crypto lingo). The attackers will either install malware on the victim's computer to perform the necessary calculations, or sometimes run the code in JavaScript that executes in the victim's browser.
  • 26. SQL injection SQL injection — SQL injection is a means by which an attacker can exploit a vulnerability to take control of a victim's database. Many databases are designed to obey commands written in the Structured Query Language (SQL), and many websites that take information from users send that data to SQL databases. In a SQL injection attack, a hacker will, for instance, write some SQL commands into a web form that's asking for name and address information; if the web site and database aren't programmed correctly, the database might try to execute those commands.
  • 27. Zero-day exploits Zero-day exploits — Zero-days are vulnerabilities in software that have yet to be fixed. The name arises because once a patch is released, each day represents fewer and fewer computers open to attack as users download their security updates. Techniques for exploiting such vulnerabilites are often bought and sold on the dark web — and are sometimes discovered by government agencies that controversially may use them for their own hacking purposes, rather than releasing information about them for the common benefit.