2 The Security Trinity The three legs of the "security trinity“ are: PreventionDetectionResponseThe security trinity should be the foundation for all security policies and measures that an organization develops and deploys.
3 PreventionTo provide some level of security, it is necessary to implement measures to prevent the exploitation of vulnerabilities. It is easier, more efficient, and much more cost-effective to prevent a security breach than to detect or respond to one.
4 DetectionOnce preventative measures are implemented, procedures need to be put in place to detect security breaches, in the event preventative measures fail.It is very important to detect problems immediately. The sooner a problem is detected the easier it is to correct and cleanup.
5 ResponseOrganizations need to develop a plan that identifies the appropriate response to a security breach. The plan should be in writing and should identify who is responsible for what actions.
6 Information SecurityInformation security = confidentiality + integrity +availability + authenticationConfidentiality “privacy - secrecy”:It refers to the protection of information fromunauthorized disclosure. Usually it is achievedeither by restricting access to the informationor by encrypting the information.Availability:Refers to whether the network, system, hardware and software are reliable and can recover quickly and completely in the event of an interruption in service.
7 Weaknesses and Vulnerabilities A vulnerability is a weakness in the design, configuration, or implementation of a network or system that makes it susceptible to a threat.External weaknesses.Internal weaknesses.
8 External weaknesses Malware: Virus: it is a peace of code that is capable of attaching to programs, disks, or computer memory (self propagation). The action of a virus ranges from displaying a message to erasing a computer hard disk.Worm: A worm is a self-contained and independent program that is usually designed to propagate on infected systems and to seek other systems via or available networks. The main difference between a virus and a worm is that a virus is not an independent program.
9 Trojan horse: A Trojan horse is a program that hides inside another program or disguises itself as a legitimate program. It functions the same way as the legitimate program, but usually it also performs some other function, such as recording sensitive information.
10 Spyware: It is a software that gathers user information and sends it to a central site, ex. Kazaa sharing program.Hoax: it is a special kind of mailware. It does not contain any code, instead it relying on the gullibility of the user to spread. Any message that asks you to forward copies to everyone you know is almost certainly a hoax.
11 Internal WeaknessesAttackers do not always come from outside, they may come from inside too. The following are some threats that may come from inside any organization:Authenticated users: some authorized users may use the access they have to get to confidential data such as payrolls or personnel records.Unauthorized programs: some authorized users may install additional unauthorized programs without a permission. By doing this, they may open a hole to the network.
12 Un-upgraded software: It is very important to have the latest updates Un-upgraded software: It is very important to have the latest updates. Once a SW bug is identified, vendors provide an update to their affected customers.
14 HardeningWhen we install a new OS or a new web browser, the security settings are set to the default values.These settings need to be changed to harden the system against attacks or unauthorized access.
16 File SystemsWhen you install Windows, all versions have one thing in common: weak security.For ex., after logging in, all users have full control (all permissions) of every drive and of the drives' subdirectories and files.A right allows the user to access the resources of the operating system itself, such as shutting down the system.A permission allows the user to access the file system's resources, such as reading and writing files.
17 Changing PermissionsStep 1. Right-click the folder for which you want to change the permission
18 Step 2. Select Properties from the pull-down choices
20 You can see the default for Windows security You can see the default for Windows security. Every user logged in to the system has Full Control. This leaves the system wide open to any kind of unauthorized access. Therefore, you need to change those permissions.
21 Browsers (Internet Explorer) Internet Explorer has 4 security zones.When you access a resource on another machine, the other machine's zone relative to yours is determined, and the restrictions placed on that zone control the interaction with that resource.
22 Security ZonesInternet: Contains all websites that are not placed in another zone.Local Internet: Contains all the websites that are on your company's intranet. Here, you find all sites that have the same domain name as the one your PC is using.Trusted sites: Contains websites that you trust not to damage your data. If you want to have trusted sites, you need to add them manually.Restricted: This zone contains websites that you do not trust because they could potentially damage your data. This is also a list created manually.
23 The Internet zone is the one we need to handle most carefully. To change the settings for these four zones: - In Internet Explorer, choose Tools > Internet Options. - On the page that appears, select the Security tab.The Internet zone is the one we need to handle most carefully.The default setting here is Medium, which is not so secure for the World Wide Web.
24 Security LevelsDescriptionLevelThis is the safest way to browse but also the least functional.Less secure features are disabled.Cookies are disabled. (Some websites do not work.)This is appropriate for sites that might have harmful content.HighBrowsing is safe and still functional.Prompts before downloading potential unsafe content.This is appropriate for most Internet sites.Medium
25 This is the same as Medium without prompts. DescriptionLevelThis is the same as Medium without prompts.Most content is run without prompts.This is appropriate for sites on your local network (intranet).Medium-lowMinimal safeguards and warning prompts are provided.Most content is downloaded and run without prompts.Appropriate for sites that you absolutely trust.Low
26 The default security for a trusted site is Low The default security for a trusted site is Low . We can set security to Medium-low or Medium to increase security . On that same page, we also need to add the site we trust. To do that, click the Sites button.
27 Cookies HTTP cookies - Web cookies - tracking cookies. Cookies are parcels of text sent by a server to a Web client (usually a browser) and then sent back unchanged by client each time it accesses that server. HTTP cookies are used for authenticating, session tracking, and maintaining specific information about users, such as the contents of their electronic shopping carts.
28 There are two types of cookies: Session cookie: This cookie is created to keep track of what you buy when, for example, you visit an e-commerce website where you use a shopping cart. After you check out from that website, the session cookie is deleted from your browser memory.Persistent cookie: When you go to a website and see a personalized welcome message, you know that a persistent cookie is on your PC. These cookies contain information about you and your account. Often, that information is a key that is related only to a database with your profile.
29 We can manage cookies in several ways: we can delete all our cookies, or we can configure our browser to not accept cookies at any time. This would make browsing the Internet difficult because many sites need cookies to function properly.A better solution would be to force all our cookies to be session cookies. we can do this by making the folder where the cookies are stored read-only. The browser will accept them but will be unable to save them to disk.