F5108 -CHAPTER 1 -cont INTERNET SERVICES n ATTACK

INTERNET SERVICES

ELECTRONIC MAIL AND NEWS

• ways for people exchanging information without requiring immediate n interactive response.

FILE TRANSFER

• exchange files.

REMOTE ACCESS TO HOST

• log on from a distant location

REAL TIME CONFERENCING SERVICES

• Online (video conference)

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ATTACK

1. information theft

:: allow attacker to get data without directly use our computers. ::

how >> - dumpster diving n steal email

used for>> - to access bank account or to make loan

2. unauthorized disclosure

::employees leaking confidential information to attacker or attacker planted spies in order to steal information ::

how>> -planting virus, trojan horse or snooping software

3. information warfare

::remotely disabling target using software , disinformation >> false /inaccurate information that is spread deliberately ::

4. Accidental data loss

::caused by coincidently delete wrong file , usually causing by careless employee or untrained employee::

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

SECURITY THREAT

categories :

1. data disclosure - exposure data to third parties. key point to ensure that disclosure are relevant and necessary
2. data modification
3. data availability

activities :

1. hacking - modifying computer hardware n software
2. cracking -breaks into someone computers system pr bypass password or licence in computer programs.

F5108 -CHAPTER 1 -cont SECURITY MODEL

OPEN SECURITY MODEL

• easy to implement
• few security measures
• simple password
• assume all users are trusted protected asset minimal and threat are minimal.
• free access for user
• implement data backup system in most case.

RESTRICTIVE SECURITY MODEL

• More difficult to implement
• more security measures
• firewall and identity server.
• some user are not trustworthy , protected asset are substantial and threat are likely to occur
• LAN that connected to WAN or internet usually use this type of model.

CLOSED SECURITY MODEL

• most difficult to implement
• all security measures
• assume all user are not trustworthy, protected asset are premium
• user access is difficult
• organization require high number and trained network admin to maintain tight security
• network admin need to have high skills and more time to administer

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

SECURITY METHOD

• log on - log on form

• File system - can access only certain file + encrypt data along transmission

• Data Communication -encryption confidential data

• Administrative -different level user have different privilege access + admin define the rules.

F5108 -CHAPTER 1 -cont definition of ASSET OF IDENTIFICATIN, VULNERABILITIES ASSESSMENT AND THREAT IDENTIFICATION

(asset identification :

• tagging devices or intangible asset (database) with physical label (barcode) or Radio Frequency Asset
• to avoid competitors take an advantages when asset lost

Vulnerability Assessment :

• search for a weakness in order to apply a patch or fix to prevent a compromise
• ways: eg- installing vendor patches and implementing or virus scanning software.

threat identification :

• listing all possible threat that can be occur.