Current mode of communication relies on the transmission of data through computer systems and networks. Most of our daily activities like sending emails, browsing social media, online banking and shopping depend on these telecommunication platforms and the world wide web. More and more vital information and personal data are integrated in these network making privacy a serious concern. These security issues emphasize the need of a reliable method of protecting our information from unauthorized use and processing.
Introduction Information Security
C - confidentiality
is defined as the attribute of an information that is accessible only to authorized entity.
I - integrity
is defined as the attribute of an information that is robust to modification of outside entity.
A - availability
is defined as the attribute of an information that is accessible to the intended user.
Denial of Service
when users cannot access the network or specific services provided on the network.
is proving that a user is the person he or she claims to be.
act of determining whether a particular user (or computer system) has the right to carry out a certain activity, such as reading a file or running a program.
when a user cannot later deny that he or she performed the activity.
In a nutshell InfoSec pertains to:
-they can trust the information they use.
-the information they are responsible for will be shared only in the manner that they expect
-the information will be available when they need it
-the systems they use will process information in a timely and trustworthy manner
Backup Your Files
The golden rule for backing up is the 3-2-1 rule
3 - Keep 3 copies of any important file: 1 primary and 2 backups.
2 - Keep the files on 2 different media types to protect against types of hazards.
1 - Store 1 copy offsite (e.g., outside your home or business facility)
Use cloud storage
pro: 3rd party maintains and protect your data from malware and natural disasters. accessibility anytime. cheap as you dont need to buy physical storage
con: dependent on internet connection. there will be some delay between you and the cloud. You may locked into one provider. jurisdiction problems when critical data is hosted to some geographically restricting areas. you don’t know the entire cloud infrastructure.
carefully check the service agreement of the cloud provider. make sure that your data will be encrypted with established encryption algorithms Advanced Encription Standard (AES) or Blowfish. Trasnfer data via secure socket layer (SSL) connection. Use firewall. Physically protect the hardware that stores, process and transmit your data.
hard and solid state drive
pro: you can quickly update backup files
con: rolling backup can cause malware propagation and eventually corruption of files. it can be physically damaged or stolen. lifespan varies. they can be rendered unusable via magnetic degaussing.
always encrypt, secure physical computer. use firewall and anti Virus
Removable Storage media
pro: flexible, potable, versatile storage sizes, reusable
con: prone to loss and theft, and also malware propagation leading to corruption.
you are more responsible for physically protecting the device. password protect them, encrypt their data, connect them only to systems that follow network security protocols, firewall and anti-virus
SSDs have no moving parts and not magnetic so not in danger of daguassing.
Filter spam. •Don’t trust unsolicited email. •Treat email attachments with caution. •Don’t click links in email messages. •Install antivirus software and keep it up to date. •Install a personal firewall and keep it up to date. •Configure your email client for security.
Fight Against Malware Mobile Security Top Ten CyberSecurity Tips Wi-Fi Security Before You Connect a New Computer to the Internet Scams and Safety on the Internet Keep Your Home Network Secure You Have a New Computer - Now What? Secure Your Web Browser Virus Basics Home Wireless Setup 101
shodan - search engine for hackers google hack whois - look at a particular domain (site) and see available information about it competitive intelligence - gov sites of pending cases of companies job boards - to investigate aboit companies, what kind of software they are using alerts - set up visualping to have alerts from website you are tracking website mirroring - httrack - website copier email footprinting - the harvester
tools maltego - like gephi but friendlier recon-ng - footprinting diff companies osrframework -
footprinting - this is a technique for gathering info on computer systems and the entities they belong to -google hacking
filetype: type - searches for only files of specific types -nikto - look vulnerabilities of certain websites -harvester
harvester - generalized public information
TCP Header Flags Synchronize (SYN) - set during the initial communication establishment and indicates the negotiation of parameters and sequence numbers. Ackowledge (ACK) - set as an acknowledgement of a SYN flag. Reset (RST) - this flag forces the termination of communications in both directions.