18329508
Beschreibung
Mindmap von Luis Mauricio Falla Guiulfo, aktualisiert more than 1 year ago
|
Erstellt von Luis Mauricio Falla Guiulfo
vor mehr als 5 Jahre
|
|
Information Security FULL WORK
- 1st Part
- Zero-day vulnerability
- The Term Zero-day refers to a newly
discovered flaw or error, to the
manufacturer
- As in has been 0 days since
it was discovered
- As in has been 0 days since
it was discovered
- Why is it bad?
- Any flaw or error, could open a way to make the software
vulnerable, most times it will get patched right away or a solution
will be started as soon as the flaw is detected
- Any flaw or error, could open a way to make the software
vulnerable, most times it will get patched right away or a solution
will be started as soon as the flaw is detected
- Exploits occur when a vulnerability is
found and taken advantage by users
- These exploits sometimes appear in what
appears to be inoffensive environments, but
due to connectivity, can reach crucial parts of
the system
- These exploits sometimes appear in what
appears to be inoffensive environments, but
due to connectivity, can reach crucial parts of
the system
- The Term Zero-day refers to a newly
discovered flaw or error, to the
manufacturer
- Zero-Knowledge Proofs
- Is a probabilistic-based verification method. The verifier asks the prover based on certain randomness.
- It states that if the person providing the answer can provide the exact answer that the
one asking the question has stored, and can be repeated several times, then his
credibility is authentified
- Here is an example, when you create a bank account, they ask various personal question, date of birth,
mothers name, name of the 1st place you attended school, city you were born, childhood best friend, last
digits on X document
- If you communicate with them after your card is stolen
the only thing that granted you access, then if you answer
all the information you previously filled. Then it has to be
you the same person that created the account
- If you communicate with them after your card is stolen
the only thing that granted you access, then if you answer
all the information you previously filled. Then it has to be
you the same person that created the account
- Is a probabilistic-based verification method. The verifier asks the prover based on certain randomness.
- Hijacking Internet Traffic
- Imagine Internet Traffic as car traffic, now imagine taking one of the cars you now have
whatever was inside the car, that information. Now imagine taking 100 cars, you know
have what's inside those cars, But there is evidence you broke in and thus you can be
charged or found guilty
- The car example, imagine the cars being stuck because the road is
blocked, and imagine a NEW car is about to enter, but he knows that road
is closed, he asking for directions, he says his destination, now you know
WHERE all the others where going and you have gained that information
in a indirect way, hard to be tracked
- Finally, imagine you don't like a place, following the
example you close the roads that go to that place,
since all roads are full that place can't handle the
traffic and crashes down
- This happened in Pakistan, they didn't want the citizens to have access to
ONE VIDEO located on youtube, so they blocked all traffic incoming and
outgoing from that IP address, the result, youtube couldn't handle all the
traffic attempting to reconnect with multiple request youtube CRASHED
GLOBALLY for 2 hours
- This happened in Pakistan, they didn't want the citizens to have access to
ONE VIDEO located on youtube, so they blocked all traffic incoming and
outgoing from that IP address, the result, youtube couldn't handle all the
traffic attempting to reconnect with multiple request youtube CRASHED
GLOBALLY for 2 hours
- Imagine Internet Traffic as car traffic, now imagine taking one of the cars you now have
whatever was inside the car, that information. Now imagine taking 100 cars, you know
have what's inside those cars, But there is evidence you broke in and thus you can be
charged or found guilty
- backdoors
- Is a way to access that information
that was implemented, but not
designed to be used by the common
users
- There are backdoors that are part of a system, implemented by
the manufacturer in order to maintain a secret way to restore
sensitive data
- For example WhatsApp has backdoor method implemented
and as part of their terms of agreement, they use it in case
the user request that his chat log is destroyed, if his
account is compromised.
- For example WhatsApp has backdoor method implemented
and as part of their terms of agreement, they use it in case
the user request that his chat log is destroyed, if his
account is compromised.
- There are backdoors that are created while the services
are inoperative, via virus, code injection, etc...
- These backdoors are created to steal, install or
modify existent information without the user and
database acknowledgement, and poses a great security threat
- These backdoors are created to steal, install or
modify existent information without the user and
database acknowledgement, and poses a great security threat
- Is a way to access that information
that was implemented, but not
designed to be used by the common
users
- DDoS attacks
- For example, no one knew that a web-page linked with a database
could be used to access sensitive information, that is until the first
DDOS attacked occurred, using an exploit to generate requests, in
order to make the web page unresponsive and using that down time
between the web page and the server to inject malicious code and
granting access to anonymous users
- hackers have attempted to make a website or
computer unavailable by flooding or crashing the
website with too much traffic.
- overwhelm them with more traffic than the server or network can
accommodate. The goal is to render the website or service inoperable.
- Rendering the service inoperable is just a way to
buy time, to inject malicious data or to steal
sensitive data
- For example, no one knew that a web-page linked with a database
could be used to access sensitive information, that is until the first
DDOS attacked occurred, using an exploit to generate requests, in
order to make the web page unresponsive and using that down time
between the web page and the server to inject malicious code and
granting access to anonymous users
- Zero-day vulnerability
- 2nd Part
- Ransomware
- Examples
- NotPetya
- Locky
- WannaCry
- SimpleLocker
- TeslaCryp
- CryptoLocker
- NotPetya
- How to avoid?
- Avoid browsing unsafe pages
or with unverified content.
- Don't open emails or files
with unknown senders
- Have a good
antivirus installed
- Keep our operating
system updated
- Avoid browsing unsafe pages
or with unverified content.
- How does it
work?
- For the rescue, ask for a
payment in Bitcoins
- Blocks access and encrypts
device information
- It takes over the computer
- For the rescue, ask for a
payment in Bitcoins
- Is a form of malicious software (MALWARE
- Examples
- Hacktivism
- Examples
- WikiLeaks
- LulzSec
- Anonymous
- WikiLeaks
- Types
- Mirroring sites
- Bombardment of e-mail
- Web Sit-ins
- Destruction of web pages
- Doxing
- Geobombing
- Mirroring sites
- Breaks websites securities to spread their messages
- Is the legal or illegal use of digital tools for political
and protest purposes.
- Examples
- Consumer Device
Targeting Attacks
- They are DDoS attacks aimed at IoT devices
- Take advantage of vulnerabilities in Supply Chain Devices
- How to protect
yourself?
- Eliminate non-unique default passwords
- Adopt a vulnerability disclosure policy (Technical Drivers)
- Make secure software updates available for an explicitly
stated length of time.
- Eliminate non-unique default passwords
- They are DDoS attacks aimed at IoT devices
- AI-Powered Automated
Hacking
- Use of artificial intelligence for
criminal purposes
- Drones and autonomous
vehicles could be hacked using
AI and turned into weapons
- Traditional cybersecurity
methods won’t know how to
cope with new attacks carried
out by smart machines.
- Example
- DeepLocker
- DeepLocker
- Use of artificial intelligence for
criminal purposes
- Biometric Malware
- The data stored in a biometric database may be more
vulnerable than any other kind of data
- Any collection of data could eventually get hacked
- Some pieces of your physical identity can be duplicated
- Biometric
- t makes authentication much faster, easier and more secure
- Types
- Face recognition
- Iris recognition
- Fingerprints
- Fingerprint scanner
- Voice recognition
- Hand geometry
- Behavior characteristics
- Face recognition
- t makes authentication much faster, easier and more secure
- The data stored in a biometric database may be more
vulnerable than any other kind of data
- Ransomware
Möchten Sie kostenlos Ihre eigenen Mindmaps mit GoConqr erstellen? Mehr erfahren.