SlideShare uma empresa Scribd logo

Chapter 2 konsep dasar keamanan

N
newbie2019

This document discusses information system security. It defines information system security as collecting activities to protect information systems and stored data. It outlines four components of an IT security policy framework: policies, standards, procedures, and guidelines. It also discusses vulnerabilities, threats, attacks, and trends in attacks. Vulnerabilities refer to weaknesses, while threats use tools and scripts to launch attacks like reconnaissance, access, denial of service, and viruses/Trojans. Common attacks trends include malware, phishing, ransomware, denial of service, man-in-the-middle, cryptojacking, SQL injection, and zero-day exploits.

Educação
1 de 28
Baixar para ler offline
INFORMATION SYSTEM SECURITY Jupriyadi, S.Kom. M.T. jupriyadi@teknokrat.ac.id Bandarlampung, Juli 2021 https://spada.teknokrat.ac.id Chapter 2
Chapter 2 Objectives :  The Students understand vulnerabilities, threats, and attacks in network systems.  The Students understand examples of weaknesses, threats, and attacks.  The Students understand the trend of attacks in network systems.
What is Information System Security ... ??? Information systems security is the collection of activities that protect the information system and the data stored in it Source : Fundamental of Information SystemS Security (David Kim and MG. Solomon)
IT security policy framework contains four main components: Policy—A policy is a short written statement that the people in charge of an organiza-tion have set as a course of action or direction. A policy comes from upper management and applies to the entire organization. Standard—A standard is a detailed written definition for hardware and software and how they are to be used. Standards ensure that consistent security controls are used throughout the IT system. Procedures—These are written instructions for how to use policies and standards.- They may include a plan of action, installation, testing, and auditing of security controls. Guidelines—A guideline is a suggested course of action for using the policy, -standards, or procedures. Guidelines can be specific or flexible regarding use.
Vulnerability Threats Attacks ... ???
Vulnerability ... ? Cyber threats, or simply threats, refer to cybersecurity circumstances or events with the potential to cause harm by way of their outcome. A few examples of common threats include a social-engineering or phishing attack that leads to an attacker installing a trojan and stealing private information from your applications, political activists DDoS-ing your website, an administrator accidentally leaving data unprotected on a production system causing a data breach, or a storm flooding your ISP’s data center.
Vulnerability ... ? Networks are typically plagued by one or all of three primary vulnerabilities or weaknesses: 1 • Technology weaknesses 2 • Configuration weaknesses 3 • Security policy weaknesses
Technology weaknesses Technological Weaknesses Computer and network technologies have intrinsic security weaknesses. These include TCP/IP protocol weaknesses, operating system weaknesses, and network equipment weaknesses
Configuration Weaknesses Configuration Weaknesses Network administrators or network engineers need to learn what the configuration weaknesses are and correctly configure their computing and network devices to compensate.
Security policy weaknesses Security Policy Weaknesses Security policy weaknesses can create unforeseen security threats. The network can pose security risks to the network if users do not follow the security policy.
Threats ... ? Vulnerabilities simply refer to weaknesses in a system. They make threat outcomes possible and potentially even more dangerous. A system could be exploited through a single vulnerability, for example, a single SQL Injection attack could give an attacker full control over sensitive data. An attacker could also chain several exploits together, taking advantage of more than one vulnerability to gain more control.
Threats ... ? There are four primary classes of threats to network security : 1. Unstructured threats Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. 2. Structured threats Structured threats come from hackers who are more highly motivated and technically competent 3. External threats External threats can arise from individuals or organizations working outside of a company. They do not have authorized access to the computer systems or network. 4. Internal threats Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network.
Attacks ... ? The threats use a variety of tools, scripts, and programs to launch attacks against networks and network devices. Typically, the network devices under attack are the endpoints, such as servers and desktops.
Four primary classes of attacks exist: 1 • Reconnaissance 2 • Access 3 • Denial of service 4 • Worms, viruses, and Trojan horses
Reconnaissance ? Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also known as information gathering and, in most cases, it precedes an actual access or denial-of-service (DoS) attack.
Access ? System access is the ability for an unauthorized intruder to gain access to a device for which the intruder does not have an account or a password. Entering or accessing systems to which one does not have authority to access usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked.
Denial of service ... ? Denial of service implies that an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable.
Worms, viruses, and Trojan horses ? A computer virus is a program that is loaded on your computer without your knowledge and runs without your permission. A virus is designed to reprovirus duce itself through legitimate processes in computer programs and operating systems; therefore, a virus requires a host in order to replicate. The term, Trojan horse, is usually used to refer to a non-replicating malicious program which is the main characteristic that distinguishes it from a virus. Trojan horses often appear as e-mail attachments with enticing names that induce people to open them. A worm is a small piece of software that uses security holes within networks to replicate itself. The worm scans the network for another computer that has a specific security hole. It copies itself to the new machine exploiting the security hole, and then starts replicating from that system as well.
Attack Trends Attacks Malware Phishing Ransom ware Denial of service Man in the middle Cryptoja cking SQL injection Zero-day exploits
Malware Malware — Short for malicious software, malware can refer to any kind of software, no matter how it's structured or operated, that "is a designed to cause damage to a single computer, server, or computer network
Phishing Phishing — Phishing is a technique by which cybercriminals craft emails to fool a target into taking some harmful action. The recipient might be tricked into downloading malware that's disguised as an important document, for instance, or urged to click on a link that takes them to a fake website where they'll be asked for sensitive information like bank usernames and passwords. Many phishing emails are relatively crude and emailed to thousands of potential victims, but some are specifically crafted for valuable target individuals to try to get them to part with useful information
Ransomware Ransomware — Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, and are typically payable to cybercriminals in cyptocurrency.
Denial of service Denial of service — A denial of service attack is a brute force method to try stop some online service from working properly. For instance, attackers might send so much traffic to a website or so many requests to a database that it overwhelms those systems ability to function, making them unavailable to anybody. A distributed denial of service (DDoS) attack uses an army of computers, usually compromised by malware and under the control of cybercriminals, to funnel the traffic towards the targets.
Man in the middle Man in the middle — A man in the middle attack (MITM) is a method by which attackers manage to interpose themselves secretly between the user and a web service they're trying to access. For instance, an attacker might set up a Wi-Fi network with a login screen designed to mimic a hotel network; once a user logs in, the attacker can harvest any information that user sends, including banking passwords.
Cryptojacking Cryptojacking — Cryptojacking is a specialized attack that involves getting someone else's computer to do the work of generating cryptocurrency for you (a process called mining in crypto lingo). The attackers will either install malware on the victim's computer to perform the necessary calculations, or sometimes run the code in JavaScript that executes in the victim's browser.
SQL injection SQL injection — SQL injection is a means by which an attacker can exploit a vulnerability to take control of a victim's database. Many databases are designed to obey commands written in the Structured Query Language (SQL), and many websites that take information from users send that data to SQL databases. In a SQL injection attack, a hacker will, for instance, write some SQL commands into a web form that's asking for name and address information; if the web site and database aren't programmed correctly, the database might try to execute those commands.
Zero-day exploits Zero-day exploits — Zero-days are vulnerabilities in software that have yet to be fixed. The name arises because once a patch is released, each day represents fewer and fewer computers open to attack as users download their security updates. Techniques for exploiting such vulnerabilites are often bought and sold on the dark web — and are sometimes discovered by government agencies that controversially may use them for their own hacking purposes, rather than releasing information about them for the common benefit.
What's Next ?

Recomendados

Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack newbie2019
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudSwapna Shetye
 
C02
C02C02
C02newbie2019
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident ReportCommunity IT Innovators
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And SecurityConstantine Karbaliotis
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemInternational Journal of Engineering Inventions www.ijeijournal.com
 

Recomendados

Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack Chapter 4 vulnerability threat and attack
Chapter 4 vulnerability threat and attack newbie2019
 
Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1Fundamentals of information systems security ( pdf drive ) chapter 1
Fundamentals of information systems security ( pdf drive ) chapter 1newbie2019
 
VAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudVAPT- A Service on Eucalyptus Cloud
VAPT- A Service on Eucalyptus CloudSwapna Shetye
 
C02
C02C02
C02newbie2019
 
2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident Report2021 Nonprofit Cybersecurity Incident Report
2021 Nonprofit Cybersecurity Incident ReportCommunity IT Innovators
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And SecurityConstantine Karbaliotis
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemInternational Journal of Engineering Inventions www.ijeijournal.com
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemCheapSSLsecurity
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in HealthcareQuick Heal Technologies Ltd.
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.Ni
 
VAPT Infomagnum
VAPT InfomagnumVAPT Infomagnum
VAPT InfomagnumARUN REDDY M
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk MitigationMukalele Rogers
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security RiskDedi Dwianto
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeCaleb Jenkins
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)BPalmer13
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTNi
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Securing information system
Securing information systemSecuring information system
Securing information systemTanjim Rasul
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01ITNet
 
SME Cyber Insurance
SME Cyber Insurance SME Cyber Insurance
SME Cyber Insurance Netpluz Asia Pte Ltd
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Isaca june 19, 2010
Isaca june 19, 2010Isaca june 19, 2010
Isaca june 19, 2010Vicky Shah
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan serverDedi Dwianto
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptxMahalakshmiShetty3
 
Computer security
Computer securityComputer security
Computer securitysruthiKrishnaG
 

Mais conteúdo relacionado

Mais procurados

Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemCheapSSLsecurity
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.Ni
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk MitigationMukalele Rogers
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security RiskDedi Dwianto
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeCaleb Jenkins
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)BPalmer13
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTNi
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Securing information system
Securing information systemSecuring information system
Securing information systemTanjim Rasul
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01ITNet
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Isaca june 19, 2010
Isaca june 19, 2010Isaca june 19, 2010
Isaca june 19, 2010Vicky Shah
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan serverDedi Dwianto
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummiesIvo Depoorter
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...ijtsrd
 

Mais procurados (20)

Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend Them
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in Healthcare
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.
 
VAPT Infomagnum
VAPT InfomagnumVAPT Infomagnum
VAPT Infomagnum
 
IT Security and Risk Mitigation
IT Security and Risk MitigationIT Security and Risk Mitigation
IT Security and Risk Mitigation
 
Network Security Risk
Network Security RiskNetwork Security Risk
Network Security Risk
 
Threat Modeling - Writing Secure Code
Threat Modeling - Writing Secure CodeThreat Modeling - Writing Secure Code
Threat Modeling - Writing Secure Code
 
System Security Threats and Risks)
System Security Threats and Risks)System Security Threats and Risks)
System Security Threats and Risks)
 
INFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENTINFORMATION SECURITY MANAGEMENT
INFORMATION SECURITY MANAGEMENT
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges
 
Securing information system
Securing information systemSecuring information system
Securing information system
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01Ia 124 1621324143 ia_124_lecture_01
Ia 124 1621324143 ia_124_lecture_01
 
SME Cyber Insurance
SME Cyber Insurance SME Cyber Insurance
SME Cyber Insurance
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Isaca june 19, 2010
Isaca june 19, 2010Isaca june 19, 2010
Isaca june 19, 2010
 
Ancaman & kelemahan server
Ancaman & kelemahan serverAncaman & kelemahan server
Ancaman & kelemahan server
 
Information security for dummies
Information security for dummiesInformation security for dummies
Information security for dummies
 
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
An Assessment of Intrusion Detection System IDS and Data Set Overview A Compr...
 

Semelhante a Chapter 2 konsep dasar keamanan

CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicpiyushkamble6
 
Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptxVIRAJDEY1
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking pptNitesh Dubey
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfsrtwgwfwwgw
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingMuhammad FAHAD
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Securityprachi67
 
Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber securityBansari Shah
 
Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...SyvilMaeTapinit
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethicsArgie242424
 

Semelhante a Chapter 2 konsep dasar keamanan (20)

Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
 
Computer security
Computer securityComputer security
Computer security
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptx
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Network security
Network securityNetwork security
Network security
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
 
Cyber security
Cyber securityCyber security
Cyber security
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdf
 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security Concepts
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
 
cybersecurity
cybersecuritycybersecurity
cybersecurity
 
Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber security
 
Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...Network Attacks - (Information Assurance and Security)BS in Information Techn...
Network Attacks - (Information Assurance and Security)BS in Information Techn...
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethics
 

Mais de newbie2019

Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensiknewbie2019
 
Pendahuluan it forensik
Pendahuluan it forensikPendahuluan it forensik
Pendahuluan it forensiknewbie2019
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
Chapter 13 web security
Chapter 13 web securityChapter 13 web security
Chapter 13 web securitynewbie2019
 
NIST Framework for Information System
NIST Framework for Information SystemNIST Framework for Information System
NIST Framework for Information Systemnewbie2019
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2newbie2019
 
Iso iec 27000_2018
Iso iec 27000_2018Iso iec 27000_2018
Iso iec 27000_2018newbie2019
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessnewbie2019
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 
Chapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutanChapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutannewbie2019
 
Pertemuan 7 cryptography
Pertemuan 7 cryptographyPertemuan 7 cryptography
Pertemuan 7 cryptographynewbie2019
 
Chapter 6 information hiding (steganography)
Chapter 6 information hiding (steganography)Chapter 6 information hiding (steganography)
Chapter 6 information hiding (steganography)newbie2019
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attacknewbie2019
 
Chapter 3 security principals
Chapter 3 security principalsChapter 3 security principals
Chapter 3 security principalsnewbie2019
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introductionnewbie2019
 
CCNA RSE Routing concept
CCNA RSE Routing conceptCCNA RSE Routing concept
CCNA RSE Routing conceptnewbie2019
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introductionnewbie2019
 
Sca nv6 instructorppt_chapter2
Sca nv6 instructorppt_chapter2Sca nv6 instructorppt_chapter2
Sca nv6 instructorppt_chapter2newbie2019
 

Mais de newbie2019 (20)

Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedure
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
 
Pendahuluan it forensik
Pendahuluan it forensikPendahuluan it forensik
Pendahuluan it forensik
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Chapter 13 web security
Chapter 13 web securityChapter 13 web security
Chapter 13 web security
 
NIST Framework for Information System
NIST Framework for Information SystemNIST Framework for Information System
NIST Framework for Information System
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
 
Iso iec 27000_2018
Iso iec 27000_2018Iso iec 27000_2018
Iso iec 27000_2018
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
 
Chapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutanChapter 8 cryptography lanjutan
Chapter 8 cryptography lanjutan
 
Pertemuan 7 cryptography
Pertemuan 7 cryptographyPertemuan 7 cryptography
Pertemuan 7 cryptography
 
Chapter 6 information hiding (steganography)
Chapter 6 information hiding (steganography)Chapter 6 information hiding (steganography)
Chapter 6 information hiding (steganography)
 
Vulnerability threat and attack
Vulnerability threat and attackVulnerability threat and attack
Vulnerability threat and attack
 
Chapter 3 security principals
Chapter 3 security principalsChapter 3 security principals
Chapter 3 security principals
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introduction
 
CCNA RSE Routing concept
CCNA RSE Routing conceptCCNA RSE Routing concept
CCNA RSE Routing concept
 
Chapter 1 introduction
Chapter 1 introductionChapter 1 introduction
Chapter 1 introduction
 
Sca nv6 instructorppt_chapter2
Sca nv6 instructorppt_chapter2Sca nv6 instructorppt_chapter2
Sca nv6 instructorppt_chapter2
 

Último

Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4JOYLYNSAMANIEGO
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsManeerUddin
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptshraddhaparab530
 

Último (20)

Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4Daily Lesson Plan in Mathematics Quarter 4
Daily Lesson Plan in Mathematics Quarter 4
 
Food processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture honsFood processing presentation for bsc agriculture hons
Food processing presentation for bsc agriculture hons
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.ppt
 

Chapter 2 konsep dasar keamanan

  • 1. INFORMATION SYSTEM SECURITY Jupriyadi, S.Kom. M.T. jupriyadi@teknokrat.ac.id Bandarlampung, Juli 2021 https://spada.teknokrat.ac.id Chapter 2
  • 2. Chapter 2 Objectives :  The Students understand vulnerabilities, threats, and attacks in network systems.  The Students understand examples of weaknesses, threats, and attacks.  The Students understand the trend of attacks in network systems.
  • 3. What is Information System Security ... ??? Information systems security is the collection of activities that protect the information system and the data stored in it Source : Fundamental of Information SystemS Security (David Kim and MG. Solomon)
  • 4. IT security policy framework contains four main components: Policy—A policy is a short written statement that the people in charge of an organiza-tion have set as a course of action or direction. A policy comes from upper management and applies to the entire organization. Standard—A standard is a detailed written definition for hardware and software and how they are to be used. Standards ensure that consistent security controls are used throughout the IT system. Procedures—These are written instructions for how to use policies and standards.- They may include a plan of action, installation, testing, and auditing of security controls. Guidelines—A guideline is a suggested course of action for using the policy, -standards, or procedures. Guidelines can be specific or flexible regarding use.
  • 6. Vulnerability ... ? Cyber threats, or simply threats, refer to cybersecurity circumstances or events with the potential to cause harm by way of their outcome. A few examples of common threats include a social-engineering or phishing attack that leads to an attacker installing a trojan and stealing private information from your applications, political activists DDoS-ing your website, an administrator accidentally leaving data unprotected on a production system causing a data breach, or a storm flooding your ISP’s data center.
  • 7. Vulnerability ... ? Networks are typically plagued by one or all of three primary vulnerabilities or weaknesses: 1 • Technology weaknesses 2 • Configuration weaknesses 3 • Security policy weaknesses
  • 8. Technology weaknesses Technological Weaknesses Computer and network technologies have intrinsic security weaknesses. These include TCP/IP protocol weaknesses, operating system weaknesses, and network equipment weaknesses
  • 9. Configuration Weaknesses Configuration Weaknesses Network administrators or network engineers need to learn what the configuration weaknesses are and correctly configure their computing and network devices to compensate.
  • 10. Security policy weaknesses Security Policy Weaknesses Security policy weaknesses can create unforeseen security threats. The network can pose security risks to the network if users do not follow the security policy.
  • 11. Threats ... ? Vulnerabilities simply refer to weaknesses in a system. They make threat outcomes possible and potentially even more dangerous. A system could be exploited through a single vulnerability, for example, a single SQL Injection attack could give an attacker full control over sensitive data. An attacker could also chain several exploits together, taking advantage of more than one vulnerability to gain more control.
  • 12. Threats ... ? There are four primary classes of threats to network security : 1. Unstructured threats Unstructured threats consist of mostly inexperienced individuals using easily available hacking tools such as shell scripts and password crackers. 2. Structured threats Structured threats come from hackers who are more highly motivated and technically competent 3. External threats External threats can arise from individuals or organizations working outside of a company. They do not have authorized access to the computer systems or network. 4. Internal threats Internal threats occur when someone has authorized access to the network with either an account on a server or physical access to the network.
  • 13. Attacks ... ? The threats use a variety of tools, scripts, and programs to launch attacks against networks and network devices. Typically, the network devices under attack are the endpoints, such as servers and desktops.
  • 14. Four primary classes of attacks exist: 1 • Reconnaissance 2 • Access 3 • Denial of service 4 • Worms, viruses, and Trojan horses
  • 15. Reconnaissance ? Reconnaissance is the unauthorized discovery and mapping of systems, services, or vulnerabilities. It is also known as information gathering and, in most cases, it precedes an actual access or denial-of-service (DoS) attack.
  • 16. Access ? System access is the ability for an unauthorized intruder to gain access to a device for which the intruder does not have an account or a password. Entering or accessing systems to which one does not have authority to access usually involves running a hack, script, or tool that exploits a known vulnerability of the system or application being attacked.
  • 17. Denial of service ... ? Denial of service implies that an attacker disables or corrupts networks, systems, or services with the intent to deny services to intended users. DoS attacks involve either crashing the system or slowing it down to the point that it is unusable.
  • 18. Worms, viruses, and Trojan horses ? A computer virus is a program that is loaded on your computer without your knowledge and runs without your permission. A virus is designed to reprovirus duce itself through legitimate processes in computer programs and operating systems; therefore, a virus requires a host in order to replicate. The term, Trojan horse, is usually used to refer to a non-replicating malicious program which is the main characteristic that distinguishes it from a virus. Trojan horses often appear as e-mail attachments with enticing names that induce people to open them. A worm is a small piece of software that uses security holes within networks to replicate itself. The worm scans the network for another computer that has a specific security hole. It copies itself to the new machine exploiting the security hole, and then starts replicating from that system as well.
  • 20. Malware Malware — Short for malicious software, malware can refer to any kind of software, no matter how it's structured or operated, that "is a designed to cause damage to a single computer, server, or computer network
  • 21. Phishing Phishing — Phishing is a technique by which cybercriminals craft emails to fool a target into taking some harmful action. The recipient might be tricked into downloading malware that's disguised as an important document, for instance, or urged to click on a link that takes them to a fake website where they'll be asked for sensitive information like bank usernames and passwords. Many phishing emails are relatively crude and emailed to thousands of potential victims, but some are specifically crafted for valuable target individuals to try to get them to part with useful information
  • 22. Ransomware Ransomware — Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, and are typically payable to cybercriminals in cyptocurrency.
  • 23. Denial of service Denial of service — A denial of service attack is a brute force method to try stop some online service from working properly. For instance, attackers might send so much traffic to a website or so many requests to a database that it overwhelms those systems ability to function, making them unavailable to anybody. A distributed denial of service (DDoS) attack uses an army of computers, usually compromised by malware and under the control of cybercriminals, to funnel the traffic towards the targets.
  • 24. Man in the middle Man in the middle — A man in the middle attack (MITM) is a method by which attackers manage to interpose themselves secretly between the user and a web service they're trying to access. For instance, an attacker might set up a Wi-Fi network with a login screen designed to mimic a hotel network; once a user logs in, the attacker can harvest any information that user sends, including banking passwords.
  • 25. Cryptojacking Cryptojacking — Cryptojacking is a specialized attack that involves getting someone else's computer to do the work of generating cryptocurrency for you (a process called mining in crypto lingo). The attackers will either install malware on the victim's computer to perform the necessary calculations, or sometimes run the code in JavaScript that executes in the victim's browser.
  • 26. SQL injection SQL injection — SQL injection is a means by which an attacker can exploit a vulnerability to take control of a victim's database. Many databases are designed to obey commands written in the Structured Query Language (SQL), and many websites that take information from users send that data to SQL databases. In a SQL injection attack, a hacker will, for instance, write some SQL commands into a web form that's asking for name and address information; if the web site and database aren't programmed correctly, the database might try to execute those commands.
  • 27. Zero-day exploits Zero-day exploits — Zero-days are vulnerabilities in software that have yet to be fixed. The name arises because once a patch is released, each day represents fewer and fewer computers open to attack as users download their security updates. Techniques for exploiting such vulnerabilites are often bought and sold on the dark web — and are sometimes discovered by government agencies that controversially may use them for their own hacking purposes, rather than releasing information about them for the common benefit.