Information Security FULL WORK

Description

Information Security WORK GROUP
Luis Mauricio Falla Guiulfo
Mind Map by Luis Mauricio Falla Guiulfo, updated more than 1 year ago
Luis Mauricio Falla Guiulfo
Created by Luis Mauricio Falla Guiulfo over 5 years ago
19
0

Resource summary

Information Security FULL WORK
  1. 1st Part
    1. Zero-day vulnerability
      1. The Term Zero-day refers to a newly discovered flaw or error, to the manufacturer
        1. As in has been 0 days since it was discovered
        2. Why is it bad?
          1. Any flaw or error, could open a way to make the software vulnerable, most times it will get patched right away or a solution will be started as soon as the flaw is detected
          2. Exploits occur when a vulnerability is found and taken advantage by users
            1. These exploits sometimes appear in what appears to be inoffensive environments, but due to connectivity, can reach crucial parts of the system
          3. Zero-Knowledge Proofs
            1. Is a probabilistic-based verification method. The verifier asks the prover based on certain randomness.
              1. It states that if the person providing the answer can provide the exact answer that the one asking the question has stored, and can be repeated several times, then his credibility is authentified
                1. Here is an example, when you create a bank account, they ask various personal question, date of birth, mothers name, name of the 1st place you attended school, city you were born, childhood best friend, last digits on X document
                  1. If you communicate with them after your card is stolen the only thing that granted you access, then if you answer all the information you previously filled. Then it has to be you the same person that created the account
                2. Hijacking Internet Traffic
                  1. Imagine Internet Traffic as car traffic, now imagine taking one of the cars you now have whatever was inside the car, that information. Now imagine taking 100 cars, you know have what's inside those cars, But there is evidence you broke in and thus you can be charged or found guilty
                    1. The car example, imagine the cars being stuck because the road is blocked, and imagine a NEW car is about to enter, but he knows that road is closed, he asking for directions, he says his destination, now you know WHERE all the others where going and you have gained that information in a indirect way, hard to be tracked
                      1. Finally, imagine you don't like a place, following the example you close the roads that go to that place, since all roads are full that place can't handle the traffic and crashes down
                        1. This happened in Pakistan, they didn't want the citizens to have access to ONE VIDEO located on youtube, so they blocked all traffic incoming and outgoing from that IP address, the result, youtube couldn't handle all the traffic attempting to reconnect with multiple request youtube CRASHED GLOBALLY for 2 hours
                      2. backdoors
                        1. Is a way to access that information that was implemented, but not designed to be used by the common users
                          1. There are backdoors that are part of a system, implemented by the manufacturer in order to maintain a secret way to restore sensitive data
                            1. For example WhatsApp has backdoor method implemented and as part of their terms of agreement, they use it in case the user request that his chat log is destroyed, if his account is compromised.
                            2. There are backdoors that are created while the services are inoperative, via virus, code injection, etc...
                              1. These backdoors are created to steal, install or modify existent information without the user and database acknowledgement, and poses a great security threat
                            3. DDoS attacks
                              1. For example, no one knew that a web-page linked with a database could be used to access sensitive information, that is until the first DDOS attacked occurred, using an exploit to generate requests, in order to make the web page unresponsive and using that down time between the web page and the server to inject malicious code and granting access to anonymous users
                                1. hackers have attempted to make a website or computer unavailable by flooding or crashing the website with too much traffic.
                                  1. overwhelm them with more traffic than the server or network can accommodate. The goal is to render the website or service inoperable.
                                    1. Rendering the service inoperable is just a way to buy time, to inject malicious data or to steal sensitive data
                                  2. 2nd Part
                                    1. Ransomware
                                      1. Examples
                                        1. NotPetya
                                          1. Locky
                                            1. WannaCry
                                              1. SimpleLocker
                                                1. TeslaCryp
                                                  1. CryptoLocker
                                                  2. How to avoid?
                                                    1. Avoid browsing unsafe pages or with unverified content.
                                                      1. Don't open emails or files with unknown senders
                                                        1. Have a good antivirus installed
                                                          1. Keep our operating system updated
                                                          2. How does it work?
                                                            1. For the rescue, ask for a payment in Bitcoins
                                                              1. Blocks access and encrypts device information
                                                                1. It takes over the computer
                                                                2. Is a form of malicious software (MALWARE
                                                                3. Hacktivism
                                                                  1. Examples
                                                                    1. WikiLeaks
                                                                      1. LulzSec
                                                                        1. Anonymous
                                                                        2. Types
                                                                          1. Mirroring sites
                                                                            1. Bombardment of e-mail
                                                                              1. Web Sit-ins
                                                                                1. Destruction of web pages
                                                                                  1. Doxing
                                                                                    1. Geobombing
                                                                                    2. Breaks websites securities to spread their messages
                                                                                      1. Is the legal or illegal use of digital tools for political and protest purposes.
                                                                                      2. Consumer Device Targeting Attacks
                                                                                        1. They are DDoS attacks aimed at IoT devices
                                                                                          1. Take advantage of vulnerabilities in Supply Chain Devices
                                                                                            1. How to protect yourself?
                                                                                              1. Eliminate non-unique default passwords
                                                                                                1. Adopt a vulnerability disclosure policy (Technical Drivers)
                                                                                                  1. Make secure software updates available for an explicitly stated length of time.
                                                                                                2. AI-Powered Automated Hacking
                                                                                                  1. Use of artificial intelligence for criminal purposes
                                                                                                    1. Drones and autonomous vehicles could be hacked using AI and turned into weapons
                                                                                                      1. Traditional cybersecurity methods won’t know how to cope with new attacks carried out by smart machines.
                                                                                                        1. Example
                                                                                                          1. DeepLocker
                                                                                                        2. Biometric Malware
                                                                                                          1. The data stored in a biometric database may be more vulnerable than any other kind of data
                                                                                                            1. Any collection of data could eventually get hacked
                                                                                                              1. Some pieces of your physical identity can be duplicated
                                                                                                                1. Biometric
                                                                                                                  1. t makes authentication much faster, easier and more secure
                                                                                                                    1. Types
                                                                                                                      1. Face recognition
                                                                                                                        1. Iris recognition
                                                                                                                          1. Fingerprints
                                                                                                                            1. Fingerprint scanner
                                                                                                                              1. Voice recognition
                                                                                                                                1. Hand geometry
                                                                                                                                  1. Behavior characteristics
                                                                                                                            Show full summary Hide full summary

                                                                                                                            Similar

                                                                                                                            Brain and Nutrition
                                                                                                                            miya_lumica
                                                                                                                            2.1 Business Influences and Associated Security Risks
                                                                                                                            DJ Perrone
                                                                                                                            Infosec Basics
                                                                                                                            bondarets
                                                                                                                            Types of Attacks
                                                                                                                            River L.
                                                                                                                            Information Security: Chapter 2
                                                                                                                            marcb176
                                                                                                                            Data-centric Security
                                                                                                                            Michael Mihalik
                                                                                                                            Math Online quiz 4
                                                                                                                            lewisgeorge669
                                                                                                                            Threats
                                                                                                                            marnus.db
                                                                                                                            A2 Geography- Water Conflicts
                                                                                                                            sophielee0909
                                                                                                                            Pega CSSA 7.2 Dumps
                                                                                                                            Kavya Virupaksha
                                                                                                                            PTS 2018 Mac
                                                                                                                            Mac RA