Scribd
Upload
43 views15 pages

Information Security College of Informatics Sulaimani Polytechnic University 2019-2020

This document contains a summary of the first lecture in an Information Security course. It introduces common security concepts and terminology. The lecture outline includes an introduction to information security, why security is needed, a brief history of cybersecurity, and who is responsible for information security. It then defines various security concepts like administrative, physical, and technical controls. It also explains vulnerabilities like backdoors, denial of service attacks, eavesdropping, direct access, spoofing, and phishing.

Uploaded by

Chya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
43 views15 pages

Information Security College of Informatics Sulaimani Polytechnic University 2019-2020

This document contains a summary of the first lecture in an Information Security course. It introduces common security concepts and terminology. The lecture outline includes an introduction to information security, why security is needed, a brief history of cybersecurity, and who is responsible for information security. It then defines various security concepts like administrative, physical, and technical controls. It also explains vulnerabilities like backdoors, denial of service attacks, eavesdropping, direct access, spoofing, and phishing.

Uploaded by

Chya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Information Security

College of Informatics
Sulaimani Polytechnic University

2019-2020
e-mail: [email protected]

Lecture 1
Introduction to Security &
security concepts
1
Information Security #1 Lectured by : Rebaz Najeeb
Today’s class outline
Introduction to infoSec

Why do we need security?

Brief history of Cyber security .

Who is responsible for Information Security

common Security concept and terminologies

Information Security #2 Lectured by : Rebaz Najeeb


What is information Security ?
Information security is the application of Administrative, Physical, and Technical controls

in an effort to protect the Confidentiality, Integrity, and/or Availability of information.

Administrative control : Rules and policies , Training and awareness

Physical Control : Locks , Security guards ,Building alarm systems , CCTV


Physical

Technical Control: Firewalls, antivirus , file permission , Encryption


Technical

Administrative

Information Security #3 Lectured by : Rebaz Najeeb


Why do we need computer security?
Why do you secure you home, car, or money ?

Do you have information that needs to be kept confidential (secret), accurate ($), or

available when you need it?

Cyberspace (internet, work environment, intranet) is becoming a dangerous place for all

organizations and individuals to protect their sensitive data or reputation.

Human being in the modern societies are heavily rely on ICT. (phone ,

computer , car , smart TV)


Information Security #4 Lectured by : Rebaz Najeeb
History of Computer Security threats
1964 , trying to make free calls on AT&T with using BlueBox.

1971 , Bob Thomas travels I’M THE CREEPER: CATCH ME IF YOU CAN through on TENEX OS.

Ray Tomlinson , create the same thing but replicating itself , then he made Reaper anti.

1986 , first computer virus (Brain by Basit and Amjad) then ILOVEYOU 2000, code red, Stuxnet.

1988, first computer worm (Morris worm) by Robert Morris, copying itself to fill memory , then mydoom 2004.

Adobe Hacking – 38 Million Accounts Affected (Oct 2013)

2017, WannaCry ransomware , 230,000 computers in over 150 countries

Recent attack on Facebook users.

Information Security #5 Lectured by : Rebaz Najeeb


Who is responsible for Information Security?
Anyone. Ig you have connected to internet you must take the necessary precautions to avoid

infection.

Such as :

üBusiness units, amazon , eBay.

üMedical record , NHS.

ü Internet Service Providers (ISP)

üSoftware development comp.


Information Security #6 Lectured by : Rebaz Najeeb
Vulnerabilities – threat – control
BackDoor

DoS

Eavesdropping

Phishing Spoofing
Direct-access

Information Security #7 Lectured by : Rebaz Najeeb


Backdoor
A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of

bypassing normal authentication or security controls.

adding backdoor to log into administrator without password in win7,10.

Hidden user. +R (netplwiz)

Mydoom worm , 2004, makes a backdoor , spreads via internet.

250,000$ to catch its creator.

Clipper Chip hardware backdoor. https://www.youtube.com/watch?time_continue=12&v=ESWJi7sda_g


Denial of Service (DoS)
(Distributed) Denial of service attacks (DDoS) are designed to make a machine or network

resource unavailable to its intended users. (Overwhelming a server with data)

Attackers can deny service to individual victims, such as by deliberately entering a wrong

password enough consecutive times to cause the victim account to be locked, or they may

overload the capabilities of a machine or network and block all users at once.

Using zombie and botnet technic.

2015 BBC 602 GbS– GitHub -> 1.3 Tbps , Arbor Networks ->1.7
Information Security #9 Lectured by : Rebaz Najeeb
Know this guy ?

Information Security # 10 Lectured by : Rebaz Najeeb


Eavesdropping
Eavesdropping is the act of surreptitiously listening to a private conversation, typically

between hosts on a network.

programs such as Carnivore and NarusInSight have been used by the FBI and NSA to

eavesdrop on the systems of internet service providers.

Information Security # 11 Lectured by : Rebaz Najeeb


Direct-access
In Direct-access attacks, An unauthorized user gaining physical access to a computer is

most likely able to directly copy data from it.

They may also compromise security by making operating system modifications,

installing software worms, keyloggers, covert listening devices or using wireless mice

Information Security # 12 Lectured by : Rebaz Najeeb


Spoofing
Spoofing is the act of masquerading as a valid entity through falsification of data (such

as an IP address or username), in order to gain access to information or resources

1. Email spoofing, where an attacker forges the sending

2. IP address spoofing, where an attacker alters the source or destination IP address.

3. MAC spoofing, where an attacker modifies the Media Access Control (MAC) address.

4. Biometric spoofing, where an attacker produces a biometric sample.

VPN servers are the practical examples of Spoofing.

Information Security # 13 Lectured by : Rebaz Najeeb


Phishing
Phishing is the attempt to acquire sensitive information such as usernames, passwords,

and credit card details directly from users.

Requires Social Engineering skill.

Phishing is typically carried out by email spoofing or instant messaging, and it often directs

users to enter details at a fake website.

Information Security # 14 Lectured by : Rebaz Najeeb


15

You might also like