Q5: Explain some of the security threats to information system? How does encryption ensure data security?
A quick explanation of some of the common security threats you may come across:
Malware: Malware is short for “malicious software. Malware could be computer viruses, worms, Trojan horses, dishonest spyware, and malicious rootkits, all of which are defined below.
I) Computer Virus:
A computer virus is a small piece of software that can spread from one infected computer to another. The virus could corrupt, steal or delete data on our computer even erasing everything on our hard drive. A virus could also use other programs like our email program to spread itself to other computers.
II) Rogue Security Software:
Have you ever seen a pop-up window that advertises a security update or alert? It appears legitimate and asks you to click on a link to install the “update” or “remove” unwanted malicious software that it has apparently detected. This could be rogue security software designed to lure people into clicking and downloading malicious software. Microsoft has a useful webpage that describes rogue security software and how you can protect yourself.
III) Trojan Horse:
Users can infect their computers with Trojan horse software simply by downloading an application they thought was legitimate but was in fact malicious. Once inside your computer, a Trojan horse can do anything from record your passwords by logging keystrokes (known as a keystroke logger) to hijacking your webcam to watch and record your every move.
Encryption can be used to provide both confidentiality and integrity. Confidentiality comes when the file is encrypted in such a way that only authorized users have access to the key. Integrity comes from hashing the file so any change, no matter how minute, can be instantly detected. We can apply both concepts to data in transit or at rest.
In Transit:
Data in transit is data being accessed over the network, therefore could be intercepted by someone else on the network or with access to the physical media the network uses. On an Ethernet network, that could be someone with the ability to tap a cable, configure a switch to mirror traffic or fool your client or a router into directing traffic to them before it moves on to the final destination. On a wireless network, all they need is to be within range. Wireless networks can be protected from unauthorized snooping by encrypting all traffic. Strong enterprise networks can use WPA2 Enterprise, but weaker networks may have to use pre shared keys to establish session keys, like in WPA Personal or worse, shared keys among all clients as in WEP. For purposes of this post, consider an open network to be like the one you use at a coffee shop or hotel.
When you use a clear text protocol like TELNET, HTTP, FTP, SMTP, POP, IMAP or LDAP, that traffic is “in the clear” and if someone has access to your network traffic and a readily available tool like Wireshark, they can intercept your traffic and read your e-mail, copy your credentials or even duplicate files. You need to protect your data confidentiality and your own privacy by encrypting this traffic using SSL/TLS or switching to an encrypted equivalent. TELNET can be replaced by SSH. FTP can be replaced by SFTP. The rest can use encrypted transport with SSL or TLS. When data is encrypted in transit, it can only be compromised if the session key can be compromised.
Some encryption in transit will use symmetric encryption and a set session key but most will use a certificate and asymmetric encryption to securely exchange a session key and then use that session key for symmetric encryption to provide the fastest encryption/decryption. Any protocol that uses either SSL or TLS, uses certificates to exchange Public Keys then the Public Keys are used to securely exchange Private Keys, it becomes very difficult for an attacker to defeat.
Most encrypted protocols include a hashing algorithm to ensure no data was altered in transit. This can also help defeat “Man in the Middle (MITM)” attacks, because by decrypting and re-encrypting data, attacker will alter the signature even if they don’t change any of the key data.
If an attacker can fool you into using them as your proxy or can convince you to click past the certificate warning dialogue box so that you will trust their certificates, they can run a MITM attack where they will establish an encrypted session with you and another with your destination, and be able to intercept your traffic as it passes through their system. That is why it is critical to always use certificates from a third party Certificate Authority to never accept a certificate when your client software warns you about an untrusted certificate. You should also train your users to do the same.
Encryption in transit should be important for any network traffic that requires authentication, or includes data that is not publicly accessible. You don’t need to encrypt your public facing website, but if you want customers to logon to view things, then you should use encryption to protect both the logon data and their privacy while they access your site.
At Rest:
Encryption of data stored on media is used to protect the data from unauthorized access should the media ever be stolen. Physical access can get past file system permissions but if the data is stored in encrypted form and attacker does not have the decryption key, they have no more than a useful paperweight or a drive they can format and use for something else.
Most encryption at rest uses a symmetric algorithm so that data can be very quickly encrypted and decrypted. You don’t want encryption to slow down system performance. However, since the symmetric key itself needs to be protected, they can use a PIN, password, or even a PKI certificate on a smart card to secure the symmetric key, making it very difficult for an attacker to compromise.
Encryption at rest should be important for any media that can possibly leave the physical boundaries of your infrastructure. USB keys, external drives, backup tapes and the hard drives of all laptops should be encrypted without exception. To further increase the security of your servers and to protect against malicious users or vendors, you should encrypt the hard drives of all your servers too. That way, even if a failed drive is replaced, you don’t have to worry about ensuring its physical destruction to ensure your customer’s and company’s data is secure.
With encryption in use both in transit and at rest, data can be protected from prying eyes and users are assured that the data has not been modified. With the prevalence of unencrypted Internet access and the loss and theft of IT assets, using encryption should be mandatory for all users and all businesses.
Congratulations @so0onu! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOPHi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://www.linkedin.com/pulse/20140901121616-270946654-role-impact-and-importance-of-mis
Hi Follow me please
Congratulations @so0onu! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOPCongratulations @so0onu! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOPCongratulations @so0onu! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP