HOME

Top 10 List of Week 02

1. Security
   Security is a measure of confidence that the integrity of a system and its data will be preserved.

2. Protection
   Protection is the set of mechanisms that control the access of processes and users to the resources defined by a computer system.

3. Security Violations
   Security Violations can be summarized into a few categories: breach of confidentiality (violation involves the unauthorized reading of data), breach of integrity (violation involves unauthorized modification of data), breach of availability (involves an unauthorized destruction of data), theft of service (involves an unauthorized use of resources), and DOS or Denial-of-service (involves preventing legitimate use of the system. As mentioned before, such attacks can be accidental in nature).

4. Security Violation Methods
   Security Violation Methods can include Masquerading (Pretending to be an authorized user to escalate privileges), Replay attack (Repeating valid transmission with message modification), Human-in-the-middle attack ( Intruder sits in data flow, masquerading as sender to receiver and vice versa),and Session hijacking (Intercept an already-established session to bypass authentication).

5. Security Threats and Attacks
   Security of a system can be threatened via two violations. Threat is program which has the potential to cause serious damage to the system. Attack is an attempt to break security and make unauthorized use of an asset.

6. Security Measure Levels
   Security Measure Levels can be summarized to Physical (The sites containing computer systems must be physically secured against armed and malicious intruders. The workstations must be carefully protected), Network (The system must protect itself from accidental or purposeful security breaches), Operating System (Almost all of the information is shared between different systems via a network. Intercepting these data could be just as harmful as breaking into a computer. Henceforth, Network should be properly secured against such attacks.), and Application (includes solutions for end user management and individual application and database security).

7. User Authentification
   A way to identify the user by confirming their identity to give authorization. It can be done with passwords which be further specified with two-factor authentication and biometrics which relies on the unique biological characteristics of an individual for identification.

8. Types of System Threats
   Aside from the program threats, various system threats are also endangering the security of our system like Worm which is an infection program which spreads through networks and mainly targets LANs, Port Scanning which is a means by which the cracker identifies the vulnerabilities of the system to attack, and Denial of Service which are used for disrupting the legitimate use of a system or facility. Other threats includes Sniffing and Spoofing.

9. Cryptography
   There are methods and systems for Cryptography such as Symmetric cryptography which refers to encryption methods in which both the sender and receiver share the same key and Asymmetric or Public/Private Key Pairs cryptography which is similar to symmetric but uses 2 keys (public and private).

10. Types of Program Threats
    Threats can also come in a form of programs like Viruses which is a self-replicating and a malicious thread which attaches itself to a system file and then rapidly replicates itself, modifying and destroying essential files leading to a system breakdown, Trojan Horses which seem to be attractive and harmless cover program but are a really harmful hidden program which can be used as the virus carrier, Trap doors which is a hole in the software that only he is capable of using but can be found if a mischievant goes through the source code of all the components of the system, Logic Bombs which is a program that initiates a security attack only under a specific situation, and many others like malware, spyware, ransomware , code-injection attack, overflow, and script kiddie