Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Computing and Threat Analysis Method
Transcript of Computing and Threat Analysis Method
Method What is Threat Analysis? It is the probability of occurrences and consequences of damaging actions to a system and it is the basis of risk analysis. What is Risk Analysis? Identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats. It's primary objective is to make sure that all operations and/or computer services are rendered unusable and each area of an organization is analyzed to determine the potential risk and impact related to various disaster threats. What is Threat? Is a possible danger that might exploit a vulnerability to breach security and cause possible harm. And it can be either: INTENTIONAL i.e. intelligent
e.g. an individual cracker or a criminal organization ACCIDENTAL e.g. the possibility of a computer malfunctioning, or the possibility of an "act of God" such as an earthquake, a fire, or a tornado and it could also be a circumstance, capability, action, or event. What is a Hacker? A hacker can be defined as a person who enjoys engaging in activities such as programming in a manner of going beyond the capabilities of the program being created. For example exploring the limits of what is possible, thereby doing something exciting and meaningful. But when it comes to computer security, a hacker is commonly described as a person who looks for and use the weaknesses in a computer system or network. Hackers are mostly motivated because of the reasons such as for the profit or a challenge for themselves. The classifications of a hacker are: White Hat Hacker Also known as Ethical Hacker, is a person who specializes in penetration testing to ensure the security of a system. He breaks the security, trying to test and then improve the system’s security of a network. Black Hat Hacker Also known as crackers or dark-side hackers. This type of hacker is an individual with extensive computer knowledge whose purpose is to breach or bypass internet security. Grey Hat Hacker Refers to a skilled hacker whose activities fall somewhere between white and black hat hackers on a variety of spectra. It may relate to whether they sometimes arguably act illegally, though in good will, or to show how they disclose vulnerabilities. They usually do not hack for personal gain or have malicious intentions, but may be prepared to technically commit crimes during the course of their technological exploits in order to achieve better security. Elite Hacker Refers to the most skilled hackers in the community. Unlike crackers, elite hackers avoid deliberately destroying information or otherwise damaging the computer systems they have exploited. Script kiddies Unskilled individuals who use scripts or programs developed by others to attack computer systems and networks and deface websites. It is generally assumed that script kiddies lacks in the ability to write sophisticated hacking programs or exploits on their own, and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities Neophyte Refers to a newbie, who don't have enough knowledge or experience in hacking. Hacktivist A rare type of hacker, is an individual who utilizes technology to announce a political message. Web vandalism is not necessarily hacktivism. The techniques used by a hacker are: Vulnerability scanner Is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. There are a number of types of vulnerability scanners available today, distinguished from one another by a focus on particular targets. While functionality varies between different types of vulnerability scanners, they share a common, core purpose of enumerating the vulnerabilities present in one or more targets. Vulnerability scanners are a core technology component of vulnerability management. Password cracking Is the process of recovering passwords from data that have been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. Another common approach is to say that you have "forgotten" the password and then change it.
The purpose of password cracking might be to help a user recover a forgotten password, to gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file's access is restricted. Packet sniffer Is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications. Spoofing attack (Phishing) Is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. Rootkit Is a stealthy type of software, often malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware. Social engineering In the context of security, is understood to mean the art of manipulating people into performing actions or divulging confidential information. This is a type of confidence trick for the purpose of information gathering, fraud, or computer system access. Trojan horses Is a non-self-replicating type of malware which appears to perform a desirable function but instead facilitates unauthorized access to the user's computer system. Trojans do not attempt to inject themselves into other files like a computer virus. Trojan horses may steal information, or harm their host computer systems. Viruses A virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents. Therefore, a computer virus behaves in a way similar to a biological virus, which spreads by inserting itself into living cells.
While some are harmless or mere hoaxes, most computer viruses are considered malicious. Worms Is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Unlike a computer virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. Key loggers Is the action of recording (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. It also has very legitimate uses in studies of human-computer interaction. There are numerous keylogging methods, ranging from hardware and software-based approaches to acoustic analysis. What is Digital Divide? Or the digital split, is a social issue referring to the differing amount of information between those who have access to the Internet and those who do not have access. The term became popular among concerned parties, such as scholars, policy makers, and advocacy groups, in the late 1990s. The conceptualization of the digital divide is often as follows: Subjects of connectivity WHO connects it could either be an individuals, organizations, enterprises, schools, hospitals, countries, etc. Characteristics of connectivity WHICH attributes it could be demographic and socio-economic variables, such as income, education, age, geographic location, etc. Means of connectivity Connectivity to WHAT it could be either by fixed or mobile, Internet or telephony, digital TV, etc. Intensity of connectivity HOW sophisticated the usage is it could be by mere access, retrieval, interactivity, innovative contributions. Purpose of connectivity WHY individuals and their cohorts are (not) connecting: reasons individuals are and are not online and uses of the Internet and ICTs. Means of Connectivity Infrastructure The infrastructure by which individuals, households, businesses, and communities connect to the Internet address the physical mediums that people use to connect to the Internet such as desktop computers, laptops, cell phones, iPods or other MP3 players, Xboxes or PlayStations, electronic books readers, and tablets such as iPads. Location Internet connectivity can be utilized at a variety of locations such as homes, offices, schools, libraries, public spaces, Internet cafes, etc. There are also varying levels of connectivity in rural, suburban, and urban areas. Applications Common Sense Media, a nonprofit group based in San Francisco, surveyed almost 1,400 parents and found that 47 percent of families with incomes more than $75,000 had downloaded apps for their children, while only 14 percent of families earning less than $30,000 had done so. Broadly speaking, the difference is not necessarily determined by the access to the Internet, but by access to ICT (Information and Communications Technologies) and to Media that the different segments of society can use. With regards to the Internet, the access is only one aspect, other factors such as the quality of connection and related services should be considered. Today the most discussed issue is the availability of the access at an affordable cost and quality The digital divide is not indeed a clear single gap which divides a society into two groups. Researchers report that disadvantage can take such forms as lower-performance computers, lower-quality or high price connection, difficulty of obtaining technical assistance, and lower access to subscription-based contents. What is E-waste recycling? Refers to donations, reuse, shredding and general collection of used electronics. Generically, the term refers to the process of collecting, brokering, disassembling, repairing and recycling the components or metals contained in used or discarded electronic equipment, otherwise known as electronic waste (e-waste) What are the Benefits of recycling? . By dismantling and providing reuse possibilities, intact natural resources are conserved and air and water pollution caused by hazardous disposal is avoided. Additionally, recycling reduces the amount of greenhouse gas emissions caused by the manufacturing of new products. Recycling Methods Consumer recycling Consists of sale, donating computers directly to organizations in need, sending devices directly back to their original manufacturers, or getting components to a convenient recycler or refurbisher. Corporate recycling Companies pick up unwanted equipment from businesses, wipe the data clean from the systems, and provide an estimate of the product’s remaining value. Sale Reselling of used computers or gadgets in a lower price. Takeback When researching computer companies before a computer purchase, consumers can find out if they offer recycling services. Most major computer manufacturers offer some form of recycling. At the user's request they may mail in their old computers, or arrange for pickup from the manufacturer. Exchange Manufacturers often offer a free replacement service when purchasing a new PC. Dell Computers and Apple Inc. take back old products when one buys a new one. Both refurbish and resell their own computers with a one-year warranty. Scrapping Parts of a computer, are stripped of their most valuable components and sold for scrap. Metals like copper,aluminum, lead, gold, and palladium are recovered from computers, televisions and more. Threat analysis in
e-government e-government Describes the use of technologies to facilitate the operation of government and the dispersement of government information and services. E-government, short for electronic government, deals heavily with Internet and non-internet applications to aid in governments. E-government includes the use of electronics in government as large-scale as the use of telephones and fax machines, as well as surveillance systems, tracking systems such as RFID tags, and even the use of television and radios to provide government-related information and services to the citizens. Threat Packet Sniffer Is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content according to the appropriate RFC or other specifications. Probe A class of attacks where an attacker scans a network to gather information or find known vulnerabilities. An attacker with map of machine and services that are available on a network can use the information to notice for exploit Malware Is any kind of unwanted software that is installed without your adequate consent. Viruses, worms, and Trojan horses are examples of malicious software that are often grouped together and referred to as malware. Internet infrastructure attacks Affect a large portion of the Internet and can seriously hinder the day-to-day operation of many sites. It attacks key components of the internet infrastructure rather than the specific system on the internet. Denial of Service (DOS) attack Is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the efforts of one or more people to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet. Remote to Local (R2L) attack Is class of attacks where an attacker sends packets to a machine over network, then exploits the machine’s vulnerability to illegally gain local access to a machine e.g. guss_passwd, ftp_write, multihop, imap, phf, spy, warezmaster, warezclient. User to root (U2R) attack Are a class of attacks where an attacker starts with access to a normal user account on the system and is able to exploit vulnerability to gain root access to the system e.g. loadmodule, perl, buffer_overflow, rootkit. Information Security Information Security Policies are the cornerstone of information security effectiveness. The Security Policy is intended to define what is expected from an organization with respect to security of Information Systems. Three aspects of data security Confidentiality Is a set of rules or a promise that limits access or places restrictions on certain types of information. Integrity Ensuring that data has not been modified en route. Uses encryption to enclose data in a digital envelope, to indicate that the data has not been tampered with. Availability Is to ensure that the information is available when it is required. Computer Donations It is the process of giving used or new computers in order to help the community Steps in Donating your computer Create a written description of the system Contact the charity to determine if the computer will be of use If possible, provide the charity with a complete, fully-operational system Package everything carefully to avoid damage Don't forget to ask for a receipt Hacking Case Gawker Media In December of 2010, Blog Media Gawker Media attacked by hackers, making Lifehacker, Gizmodo, and Jezebel, etc. millions of popular blogs’ e-mail address and password disclosure. Some users’ account name and password of the email is the same with Twitter, hackers steal their accounts and use them to send spam to implement phishing is only a matter of time. TJ Maxx and Marshalls department stores In 2005-2007, Hacker Albert Gonzalez stole 45 million credit and debit card numbers of the department store TJ Maxx and Marshalls. And he is the most successful “credit card thief” in the history. HM Revenue & Customs November 2007, HM Revenue & Customs lost many discs, which stored 25 million British citizens name, address and other personal information. Fortunately, these discs were entrained in the mail items, this event proved that for a lot of sensitive data you do not need high-tech network attacks. Google and other Silicon Valley companies In the middle of 2009, Google, Yahoo and other dozens of Silicon Valley companies have encountered unprecedented hacker attacks, it is unclear now what exactly data of these companies was stolen, but Google acknowledged some of its intellectual property information was stolen. RSA Security March 2011, another world-renowned network security service provider RSASecurity’s highly confidential internal database was exposed under the hackers’ attacks. The reason why this incident was compelling is because RSA’s technology was originally used to protect the thousands of other sets of system, even this company was under attack, it can be seen that hackers can easily hacked these system. VIDEOS Gay Games Lesbian, gay, bisexual, and transgender (LGBT) characters have been depicted in video games since the 1980s. Sexual orientation and gender identity have served a significant role in some video games, with the trend being toward greater visibility of LGBT identities. Gaymer or gay gamer Are umbrella terms used to refer to the group of people who identify themselves as gay and have an active interest in the video game community, also known as gamers.