Tuesday , September 25 2018
Home / IT Security (page 2)

IT Security

THE OSI MODEL

THE OSI MODEL

The OSI (Open System Interconnection) reference model is a layered network model. The model is of course abstract; we do not directly run the OSI model in our systems (most now use the TCP/IP model). Rather, it is used as a reference point, so “Layer 1” (physical) is universally understood, …

Read More »

SYSTEM VULNERABILITIES, THREATS, AND COUNTERMEASURES

SYSTEM VULNERABILITIES, THREATS, AND COUNTERMEASURES

System threats, vulnerabilities, and countermeasures describe security architecture and design vulnerabilities, as well as the corresponding exploits that may compromise system security. We will discuss countermeasures, or the mitigating actions of that to reduce the associated risk. COVERT CHANNELS A covert channel is any communication that violates security policy. The …

Read More »

Information Security Governance

Information Security Governance

Information security governance is the information security in the organizational level, which includes senior management, policies, processes, and staffing. It is also the organizational priority provided by the senior leadership, which is required for a successful information security program.   Security Policy and Related Documents Documents such as policies and …

Read More »

Legal and Regulatory Issues

Though general understanding of the major legal systems and their types of law is really essential, it is critical that information security professionals understand the concepts described in the next section. Of course with the ubiquity of information systems, data and applications comes a host of legal issues that require …

Read More »

Types of Attackers

Types of Attackers

Controlling access is not limited to the control of authorized users; it also includes preventing unauthorized access. Information systems may be attacked by a variety of attackers, ranging from script kiddies to worms to militarized attacks. Attackers may use a variety of methods in their attempts to compromise the confidentiality, …

Read More »

Protocol Analyzers

Protocol Analyzers

The terms protocol analyzing and packet sniffing are interchangeable. They refer to the process of monitoring the data that is transmitted across the network. The software that performs the operation is called either an analyzer or a snifter. Sniffers are readily available on the Internet. These tools were initially intended …

Read More »

Confidentiality and Strength

Confidentiality and Strength

Confidentiality and Strength: One of the major reasons of implement a cryptographic system is to ensure the confidentiality of the information being used. Confidentiality may be intended to prevent the unauthorized disclosures of information in a local network or to prevent the unauthorized disclosure of information across a network. A …

Read More »

Password Attacks

Password Attacks

Password Attacks occur when an account is attacked repeatedly. This is accomplished by using applications known as password crackers, which send possible passwords to the account in a systematic manner. The attacks are initially carried out to gain passwords for an access or modification attack. There are several types of …

Read More »