Midterm

What is Information? It is a form of knowledge that we acquire through education, communication, practical experience, research, analysis or ratiocination. 

It consists of data, facts, and conclusions. 

To the scientist concerned with communications theory it is the opposite of entropy.1

To the computer scientist it is any data that can be expressed as a sequence of ones and zeros

Information Assurance: Measuresthat protect and defend information and information systems by assuring their availability, integrity, authentication, confidentiality and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection and reaction capabilities.

Information assurance is comprised of the technologies and methods we use to protect the confidentiality, 

integrity, and availability of information and the computers, systems and networks that create, process, store and communicate our information.

Confidentiality:

Whatneeds to be protected?Military and diplomatic information

Personal information

Privileged information

Business secrets

Economic secrets

Geological, littoral or environmental information

Authentication and Non-Repudiation

Confidentiality and integrity can only be protected if we can control access to information assets

ProtectionSteps taken to ensure that our information assets and systems keep information assets safe from disclosure, misuse or destruction

As a practical matter, protection can never be 100%

DetectionSteps taken to recognize that information assets are vulnerable or are under attack

CorrectionComputer Emergency Response TeamsRe-engineering to correct vulnerabilities 

Risk Management-identify, assess and reducerisk to an acceptablelevel

Risk = Threats x Vulnerabilities/Coutermeasuresx Impact

Risk Management: Identifying Threats

Must consider measuresemployed (PPT) to ensure information characteristics(CIA) across various states(as it is stored, processed, and transmitted/communicated)

threatis any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service

Threat Shifting:

Time domainDelay in attack or illegal entry to conduct additional surveillance

Target domainSelecting a different, less-protected target

–Resource domainAdding resources to the attack in order to reduce uncertainty or overcome countermeasures

Planning/attack method domain:Changing the weapon or path, for example, of the intended attack or illegal entry 

virusis a self-replicating program that runs and spreads by modifying other programs or files on a single computer.

A worm is a self-replicating, self propogating, self-contained program that uses networking mechanisms to spread itself to many compiuters.

A trojan horse is a non-self-replicating program that seems to have a useful purpose as a legitmate file or helpful program, but in reality has a different, malicious purpose.

A blended Attack (sometimes called a “malware cocktail”) bundles some of the worst aspects of viruses, worms, torjan horses, and malicious code into on single threat.

Metaorphic code is used by computer ciruses to translate their own binary code into temporary representation, editing the temporary representation of themselves and then translating the edited from back to mahine code again.

Polymorphic Code: is a code that uses a polymorphic engine to mutate while keeping the original algorithm in intact. The code changes itself each time it runs, but the function of the code will not change at all.

A logic bomb is a piece of code intentional inserted in to a software system that will set off a malicious function when specidied conditions are met.

An attack vector is an avenue or tool that a threat uses in order to gain access to a device, system or network in order to launch attacks, gather infomraiton, or deliver/leave a malicious item or items in those devices, systems, or netowkrs.

Socials engineering is an attempt ito trick someone into revalinginfomraiton that can be used to attack systems or netowkrs.

Phishing, spear phising, and whaling

Phishing is a tricking individual into disclosing sensitive personal information through deceptive computer-based means.

Spear phasing targets individuals

Whaling targets big fish like executive, celebrities, or high-ranking government officials.

A covert channel attacks: is an unauthorized communication path that manipulates a communications medium in an unexpected, unconventional, or unforeseen way in order to transmit information without detection by anyone other than entities operating the covert channel.

Tailgating is when an attacker, seeking entry to a restricted area secured by unattended, electronic access control, simply walks in behind a person who has legitimate access.

Dumpster Diving: sifting through commercial or residential waste to find items that have been discarded by their owners, but that may prove useful to dumpster diver.

Eavesdropping on Emanations: Computer equipment emits electromagnetic impulses. Whenever you strike a computer key, an electronic impulse is sent into the immediate area or system buffer. Attackers may take advantage of these electronic emanations by monitoring, intercepting, and decoding them

Password crackingis the process of recovering secret passwords stored in a computer system or transmitted over a network.

An insider threat is an entity with authorized access (i.e., within the security domain) that has the potential to harm an information system or enterprise through destruction, disclosure, modification of data, and/or denial of service.

Cyber espionage is the act or practice of obtaining secrets without the permission of the holder of the information from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of cracking techniques and malicious software including Trojan horses and spyware.

Cyber espionage is the act or practice of obtaining secrets without the permission of the holder of the information from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of cracking techniques and malicious software including Trojan horses and spyware.

Critical Infrastructure Protection & Security

Critical Infrastructure : systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.