Quantcast
Channel: My study challenge » attackers
Viewing all articles
Browse latest Browse all 2

All you need to know about security

$
0
0

Today the world is connected with internet and we all have heard about virus or hacker. the technology is evolving too fast and it is crucial for every body to know about the security. If you’re not informed you could be a victim tomorrow, it’s as simple as that. In this article I will redefine the security and his purpose. I will talk about some basics problems and some classic attacks. Finally at the end I will present you the hacker familly.

The What and the Why

What is security ?

In computer science, security is a set of behavior ,products, services and rules which protect an ICT system.
That’s mean that security is not just a matter of machines, humans also participate in making a system more secure.

Why does the security exist ?

To protect the ICT, yest but this a banal answer. Let’s go deeply Security exist to guard info with the same PROFESSIONALISM and ATTENTION as Jewels and deposit certificates in a Bank Caveau.

safe www.thefullwiki.org .Bank vault All you need to know about security

So how we know a system is well secured. Let’s move to the securities principals properties.

Security Properties

We first have the 3 A(Authentication, Authorization, Accountability), the CIA( Confidentiality,Integrity,Availability) and finally the non Repudiation.

1. Authentication

authentication 300x207 All you need to know about security

Before communication user must prove his identity. this can be simple or mutual(the two users that want to communicate must prove their identity). Here we can have Password Based authentication system.

Authorization

He is about the access control. Have you the right to see these Information ? the system must be structured in a way that just authorized people can have access to information.

Accountability

In a system it’ is important to trace action and behaviour of all entities of the system. In this we can find the cause of some connected to the system security. It is also defined as the process of tracing IT activities to a responsible source.

Confidentiality

The information must be secret, private.

Integrity

Ensure that the message send will not be altered, stopped or send more than one time.

Availability

A system that offers services have to be available so the services can run without interruption. the unavailability of some system just for seconds can create important financials damages.

non Repudiation

A formal proof that gives undeniable evidence of a data creator.

The Classic

The basics Problems

Here are some Network vulnerabilities:

  1. Comunication in clear
    Every people that can read the packet will also understand the message
  2. Lan in broadcast
    In the lan a packet is normally send in broadcast (to all users) so a malicious user in a Lan can do bad things
  3. Path of Geographical connectionWhy a packet I’m sending to a Town of my Country must pass through a router from another country. Is that router secured ?

From the basic problem come the classic attacks that are still used today.

Classics Attacks

IP Spoofing

This attack is also call shadow server. It happens when someone take the place of a real server and offers service. To do this the attacker have to change his IP address.

Packet Snifing

This happens when someone read packet going to another network node.

Connection Hijacking

this attack is also called Data Spoofing. Here the attaker take the control of a communication channel.
That means he insert,delete or modify packet in the traffic. This can a Phisical or logical Man In the Middle (MIM)

Denial-Of-Service(DOS)

Here the attacker(s) keep(s) the host busy so he can’t offer his services. The host is unavailable because busy to do a huge task asked by attacker(s).

This attack can also be distributed, that means a lot of computer will attack the host at the same time.

We can’t finished the article without talking about the attackers.

The Hacker Family

Th hacker family is made of four kind of people:

  1. wanna be lamer
    A guy who don’t have knowledge and ask in forum and blog some help on how to hack some system.
  2. Script kidies
    A guy who google a lot. he find some script and he test them to make some attacks. he is always updated about the last hacking tools
  3. Craker
    An guy who have a experience and knowledge. He breaks security in a system.
  4. Hacker
    The big guy of the family. He like to program, he programs fast and he go deeper in the knowledge of programmable system.

Source and image:

  1. http://www.tuttoirc.it/sicurezza-categoriedihackers.php
  2. http://www.thefullwiki.org/Bank_vault
  3. Slide of my Prof

Viewing all articles
Browse latest Browse all 2

Trending Articles