Members:

Baldecasa, Peter James - What are the classifications of security services?

Cordero, Jerico M. – What is Enterprise Security?
Cumpio, Neil Rey – Enumerate and elaborate the four general categories of
attack
Octa, Raphy – What is the difference among Computer, Network and
Internet Security?
• What are Security Attacks,
o What are the Services and Mechanisms?
▪ What is the tree different mechanisms?
o One approach is to consider three aspects of
information security.
Villagracia, Joemar - Discuss the Enterprise Security within an Enterprise
Architecture Context.

Network Security
• What is the difference among Computer, Network and Internet Security?
• What are Security Attacks,
o What are the Services and Mechanisms?
▪ What is the tree different mechanisms?
o One approach is to consider three aspects of information security
• Enumerate and elaborate the four general categories of attack
• What are the classifications of security services?
• What is Enterprise Security?
• Discuss the Enterprise Security within an Enterprise Architecture Context
Objectives :
At the end of this lesson, students are expected to;
1.Role of Network Security
2.Identify the differences among Computer, Network and Internet Security.
3.Types of Security Attacks.
4.Four General categories of attack

Discussions
Define what is Computer Security?
According to https://www.edureka.co/blog/what-is-
computer-security/ computer security basically is the protection of computer
systems and information from harm, theft, and unauthorized use. It is the process
of preventing and detecting unauthorized use of your computer system.

Define what is Network Security?

According to
https://www.cisco.com/c/en/us/products/security/what-is-network-security.html
network security is the protection of the underlying networking infrastructure from
unauthorized access, misuse, or theft. It involves creating a secure infrastructure
for devices, applications, users, and applications to work in a secure manner.
Define what is Cyber Security/Internet Security
According to
https://www.cisco.com/c/en/us/products/security/what-is-
cybersecurity.htmlcybersecurity is the practice of protecting systems, networks,
and programs from digital attacks. These cyberattacks are usually aimed at
accessing, changing, or destroying sensitive information; extorting money from
users; or interrupting normal business processes.
Computer Security Network Security Cyber Scurity

protection of computer protection of the protecting systems,

systems and information underlying networking networks, and programs
from harm, theft, and infrastructure from from digital attacks
unauthorized use unauthorized access,
misuse, or theft
Computer Security Network Security strikes Cyber Security strikes
strikes against possible against trojans. against cyber crimes and
dangers that can cyber frauds.
possibly hamper the
normal functioning of
your computer

Security Attacks
Define what is Security Attacks
According to https://www.igi-global.com/dictionary/big-
data-security-management/43257 any form of malicious or actions taken to harm
the security of information system components. An action is classified as
malicious with respect to the enterprise security policy.
Most common types of security attacks

1. Malicious software – ‘malware’ – infects devices without users realizing it’s

there. Variations include Trojan horses, spyware, ransomware,
‘malvertising’, and viruses. Secretly infected files or software can further
introduce malware to your site. You could also trigger a malware download
by clicking on a link in a pop-up window or an email attachment.

To prevent malware infections, you’ll want to install a security scanner. This

tool will alert you to otherwise undetected problems on your site.
2. A drive-by download is a method of distributing malware, and occurs when
a malicious script is inserted into a page’s PHP or HTTP. When a person
visits the infected site, the malware is downloaded onto, and silently infects,
the device.

These threats can be tricky because they’re not attributed to human error.
You could visit a seemingly legitimate site, unaware it’s been compromised.

Therefore, the best action you can take to prevent drive-by download attacks
is to keep your security systems updated and remove any unnecessary
software.

3. Phishing this form of social engineering deceives users into clicking on a

link or disclosing sensitive information. It’s often accomplished by posing as
a trusted source via email.To avoid or minimize the risk are :
Never click on or download a file that seems suspicious.
Be wary of emails addressed generally, such as to “Dear Friend” rather than
to you specifically.

Notice any glaring spelling or grammatical mistakes in emails.

4. In brute-force security attacks, hackers often use dictionary software to

repeatedly and systematically attempt password combinations until they find
one that works. Once the cybercriminal has access, they can wreak all sorts
of havoc on your site.
Users should always choose strong passwords that include a combination of
letters, symbols, and numbers. You might consider using a password
generator tool such as LastPass:
5. Structured Query Language (SQL) injections are when an attacker injects
malicious code into a server to manipulate back end databases. The goal is to
reveal private data such as user lists, customer details, and credit card
numbers. To prevent malicious code from infiltrating your database, you can
use a Web Application Firewall (WAF), which acts as an additional
protective barrier. GoDaddy offers a WAF in their Deluxe and Express
Website Protection plans.
 6. Man-In-The-Middle(MITM) attacks, the criminal positions themselves
between your device and the server. They eavesdrop on, intercept, and
manipulate communication between two parties – this often happens on
unsecured wireless networks such as public WiFi. Always use secure WiFi
connections, and consider investing in a Virtual Private Network (VPN).
7. DoS attack sees an attacker flood a website with an overwhelming amount
of traffic, often using ‘bots.’ As a result, the system crashes and denies
access to real users. To minimize your site’s risk of DoS attacks, it’s
important to constantly monitor your site’s traffic, and have dependable
tools to mitigate the negatives.
8. Cross-Site Scripting (XSS) attacks occur when an attacker exploits
vulnerabilities in a web application by injecting malicious code – usually
JavaScript – into the user’s browser. This lets them gain control of (and
access to) the user’s browser, as well as account credentials and sensitive
data. There are other important methods of XSS prevention you could
implement. For example, you could enforce passwords for sensitive pages,
and implement validation through classification or input sanitization.
What are the Services and Mechanisms?
Define Services
A service that enhances the security of data processing
systems and information transfers. A security service makes use of one or
more security mechanisms.
Define Mechanisms
A mechanism that is designed to detect, prevent, or recover
from a security attack.
Another:
According to https://eezytutorials.com/Cryptography-And-
Network-Security/Security-services-and-mechanisms.php#.YNySBugzY2w ITU-
T provides some security services and some mechanisms to implement those
services .Security services and mechanisms are closely related because a
mechanism or combination of mechanisms are used to provide a service.
What is the tree different mechanisms?
Types of Security Mechanisms are

1. Encipherment this security mechanism deals with hiding and covering of

data which helps data to become confidential.
2. Access Control this mechanism is used to stop unattended access to data
which you are sending.
3. Notarization This security mechanism involves use of trusted third party in
communication. It acts as mediator between sender and receiver so that if
any chance of conflict is reduced. This mediator keeps record of requests
made by sender to receiver for later denied.
4. Data Integrity this security mechanism is used by appending value to data
to which is created by data itself.
5. Authentication exchange this security mechanism deals with identity to be
known in communication.
6. Bit stuffing this security mechanism is used to add some extra bits into data
which is being transmitted.
7. Digital Signature this security mechanism is achieved by adding digital
data that is not visible to eyes.

One approach is to consider three aspects of information security

Based on https://www.edureka.co/blog/what-is-computer-security/
Confidentiality is ensuring that information is available only to the intended
audience,Integrity is protecting information from being modified by unauthorized
parties,Availability is protecting information from being modified by unauthorized
parties

Enumerate and elaborate the four general categories of attack

According to eToturials.org Attacks can be classified into
four broad categories: snooping, modification, masquerading, and denial of
service. In practice, an attack may employ several of these approaches. Almost all
attacks start with snooping
1. Snooping - This information could be used for an advantage, such as getting
company secrets to help your own business or stock purchase decisions.
2. Modification - When thinking about modification attacks, most people
consider an attacker modifying e-mails with malicious content or changing
the numbers in an electronic bank transfer.
3. Masquerading - is the term used when an attacking network device
impersonates a valid device. It is the ideal approach if an attacker wants to
remain undetected. If the device can successfully fool the target network into
validating it as an authorized device, the attacker gets all the access rights
that the authorized device established during logon.
4. Denial of Service the object of a DoS attack is to cause damage to the target
by preventing operation of the network.

What are the classifications of security services?

What is Enterprise Security?

According to https://www.bmc.com/blogs/enterprise-security/ Enterprise
Security includes the strategies, techniques, and process of securing information
and IT assets against unauthorized access and risks that may infringe the
confidentiality, integrity or availability of these systems.

Discuss the Enterprise Security within an Enterprise Architecture Context

According to (Peter Watson CISO | Security Architect | Chief Architecture
)An Enterprise Security Architecture is a structure of organisational, conceptual,
logical, and physical components that interact to achieve and maintain a state of
managed risk and security.
Enterprise Security Architecture is also the design artefacts that describe how the
security controls are positioned (security posture), and how they relate to the
overall IT Architecture. These controls serve the purpose to maintain quality
attributes, among them confidentiality, integrity, availability, non repudiation,
accountability and assurance.
Brief Summary

Computer Security means securing a standalone machine by keeping it

updated and patched

Network Security is by securing both the software and hardware

technologies

Cybersecurity is defined as protecting computer systems, which

communicate over the computer networks

Common Types of security attacks:

1. Malware
2. Drive-by Downloads
3. Phishing
4. Brute-force attacks
5. Sql Injections
6. Main-In-The-Middle
7. Denial of Service (Dos) attacks
8. Cross-Site Scripting (Xss)

References
https://www.cisco.com/c/en/us/products/security/what-is-network-security.html
https://www.edureka.co/blog/what-is-computer-security/
https://www.geeksforgeeks.org/difference-between-network-security-and-cyber-
security/
https://www.igi-global.com/dictionary/big-data-security-management/43257
https://managewp.com/blog/security-attacks

https://www.eecis.udel.edu 
http://etutorials.org/Networking/802.11+security.+wi-
fi+protected+access+and+802.11i/Part+I+What+Everyone+Should+Know/Chapter
+4.+Different+Types+of+Attack/Classification+of+Attacks/
https://www.linkedin.com/pulse/enterprise-security-architecture-context-peter-
watson