[Digital Forenscis Investigation] 2.1 Cyber Security

2.1.1 Cybercrimes happen when cyber security fails

Whenever we either don't plan for a certain event to take place
we don't implement the security solution properly
we don't educate people in what they need to do or what part they need to play

2.1.2 Cyber Security seeks to maintain :

     - Confidentiality (기밀성)
         - Data or information should only be accessible by those with permission to do so

ex) Hackers attempt to breach confidentiality to get things like credit card numbers
     shoulder surfing, wiretapping
prevention: Encryption, Network Traffic Monitoring
A lot of different ways depending on what service or what data or information you are talking about to attack these services

     - Integrity
         - Maintaining the consistency, accuracy, and trustworthiness of data

ex) Trojan horse, Virus
prevention: Hash function, Vaccine of virus

     - Availability
         - Ensuring the data can be accessed when needed (by those with access)

ex) Dos, DDos
prevention: Backup, Clustering
A lot of different ways depending on what service or what data or information you are talking about to attack these services

2.1.3 Cyber Security normally involves locking down "hardening" systems

ex) implement passwords for sending email

2.1.4 Giving the least amount of privilege required by the user

ex) restrict the amount of access, that a user has to only the things they absolutely need to access

2.1.5 There is no single way to ensure security 

     - Most security experts recommend a layered approach to security

ex) individuals -> a personal firewall
organizations -> different security levels
(a lot of different approaches to security depending on your situation)

2.1.6 Cyber Security is both a technical issue and an education issue

     - Maybe extremely difficult to get into a network through Internet-facing services (technical issue)
     - Maybe extremely easy to get into the network by tricking an employee into clicking on an email link
(education issue)

2.1.7 Interent-accessible computers

     - If a computer is directly accessible on the Internet it will be attacked
     - Usually takes at most 10 minutes before the computer is first scanned and attacked by multiple sources

computers online are constantly being attacked (automated systems going through and scanning)
-> getting access to an entire network
: effective and doesn't really take many resources on the side of the attacker

2.1.8 Any Internet-accessible computers should at least be protected with a firewall

minimum protection : firewall

    - Companies should use Intrusion Detection Systems / Intrusion Prevention Systems
(setting up layers of security)

2.1.9 Internal systems (internet facing system)

     - Users often have full (administrative) access to their computers
: they can essentially do anything with the computer they want
     - Once their computer is taken over, the hacker also has full access to the computer
: you have potentially huge compromise
         - Will use this computer to attack other systems on the network
     - A user's access should be limited (sometimes difficult for administration)

2.1.10 Common Attacks

     - Browser
         - Many attacks targeting users are browser-based
         - Malicious or infected website can infect a person's computer through their browser
         - Always use the most recent version of a browser and its plugins

     - Email
         - An email that contains an attachment may be malicious
         - When the attachment is opened, the computer is infected
         - Emails may also contain malicious links

     - SQL Injection
: get access to especially database information or databases
         - Many websites leak confidential data because they do not properly validate data sent to their servers
         - SQL Injection may allow an attacker to download part, if not all of a database
         - Easy to check for, very old, and still very common

     - Password brute-force
         - When an Internet-connected service is detected, people will attempt to guess the login usernames and passwords

2.1.11 There is no single method to secure your systems

2.1.12 Tips that will keep you safer than most:

     - Keep all software up to date
     - Use an anti-virus and keep it updated
     - Don't visit suspicious websites or click on links or attachments from people you don't know

 

※ 이 문서는 한림대학교 Joshua I. James 교수님의 'Digital Forensic Investigation' 을 참고하여 적었음을 밝힙니다.