Ict Security.

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 18

ICT SECURITY

ASSIST ICT SYSTEM SECURITY VULNERABILITY

Definition of terms

Security-Is a way of protecting system from threats

Threats-These are dangers which can occur if the system is not secured

Vulnerability-Weaknesses which may be caused by security threats.

Data Security-Protection of data and information from accidental or intentional disclosure to


unauthorized person.

Private Data/Information-Data which belongs to an individual and must not be accessed by any other
person without direct permission from the owner

Confidential data/Information-Data held by government or origination about people.

Information Security-Refers to the processes and tools designed and deployed to protect sensitive
business information from modification, disruption, distraction or inspection.

Types of Information Security

i. Application Security-Covers software vulnerability in web and mobile application.


ii. Cloud Security-Focuses on building and hosting secure application in cloud environment
iii. Cryptography-Encrypting data in transit and at rest helps in ensuring data confidentiality and
integrity
iv. Infrastructure Security-Deals with protection of internal and external networks, labs, data
entries, servers and mobile devices.
v. Network Security-Involves implementing the hardware and software to secure a computer
network from unauthorized access, intruders, attacks, disruptions and misuse.
vi. Operational Security-Involves processing and making decisions on handling and securing data.

INFORMATION SECURITY GOALS/PRINCIPLES

1. CONFIDENTIALITY
Involves ensuring that the data is accessible by those who are allowed to use it and blocking access
to others.
2. INTEGRITY
It ensures data is authentic, accurate and safeguarded from unauthorized modification by threat
actors or accidental user modification.
3. AVAILABILITY
It makes the information to be available and useful for its authorized people always.
It ensures that the access is not hindered by the system malfunction or cyber-attacks.

VULNERABILITY ASSESSMENT
Is a process of evaluating security risks in software system to reduce the probability of threats?

PREPARED BY FREDRICK ODHIAMBO


The purpose of vulnerability testing is to reduce intruders or hackers possibly of getting
unauthorized access to a system.

Vulnerability Assessment Process


Goals and Objectives

Scope

Information Gathering

Vulnerability detection

Information analysis and planning

Vulnerability Testing methods


Active Testing
Involves actively probing a system to identify and exploit potential vulnerabilities.
They include penetration testing where ethical hackers simulate real world attackers to evaluate
system security.
Tools such as Nessus or Open VAS can be used
Passive Testing
Focus on observing and analyzing network traffic system configuration and behaviors without
actively probing the system.
They include;
Log Analysis-Examining system logs, to identify any abnormal activities.
Configuration Reviews-Assessing system configuration ton identify weaknesses that could be
exploited.
Traffic Analysis-Analyzing network communication patterns and behaviors to detect security issues.
Network Testing
Involves assessing the security of a network to identify and address potential weaknesses e.g.,
Port Scanning-Identifying open ports on network devices to assess potential entry points to
attackers.
Vulnerability Scanning-Using automated tools to scan network devices.
Distributed Testing
Conducting assessments across multiple systems networks or locations simultaneously.
They include;
Cloud based Scanning-Utilizing cloud based vulnerability scanning tools to assess multiple system.

PREPARED BY FREDRICK ODHIAMBO


ICT SYSTEM SECURITY CONTROL
Information Security Risk Management
This is the process of managing risks associated with the use of information technology.
It involves identifying, assessing and trading risks to the confidentiality integrity and availability of
organization assets.
Benefits of Risk Analysis
 It helps to identify gaps in information security and determine the next step to eliminate the
risk of security.
 It can also enhance communication and decision making process related to information
security.
 It improves security policies and procedures as well as developed cost effective methods for
implementing information security policies and procedures.
 It increases employee awareness about risks and security measures.

Stages of Information Security Risk Management

a. Identification

Identify organization assets, vulnerabilities, threats and controls.

Assets include physical equipment like servers, laptops and mobile devices and digital assets like
data, software and intellectual property.

Control-measures that organization implement to mitigate risks.

b. Assessment

Involves identifying the likelihood and impact of each risk.

c. Treatment

Once you have assessed the risk you can develop and implement risk treatment plan.

Types of treatment

 Remediation-Involves eliminating underlying vulnerabilities that is creating the risk.


 Mitigation-Involves reducing the likelihood of impact of a risk.
 Transference-Involves transferring the risk to another party.
 Acceptance-Involves making a conscious decision to accept the risk.
 Avoidance-Eliminating the risk by changing process technologies and practices.

d. Monitoring and Reporting

PREPARED BY FREDRICK ODHIAMBO


Information security risk management is a continuous process therefore you must monitor risk and
update treatment plan regularly because new assets, vulnerabilities, threats and control are
constantly emerging.

BENEFITS OF INFORMATION SECURITY MEASURES

 Protecting sensitive Data-It protects the sensitive data from illegal access ensuring its
privacy and legal access
 Compliance with regulation-All industries have regulations and all legal requirements for
data protection and privacy. The correct strategy for data security help businesses to comply
with these regulations.
 Preserving customer Trust-Data security breaches result in financial losses
 Safeguard intellectual Property-Intellectual property forms a valuable asset for business.
These include patents, trademarks, copyrights and trade secrets. Information security
protects these intellectual properties from theft and illegal access.
 Ensuring business Continuity-Cyber-attacks can disturb business operations. It can also
process interruptions, loss of productivity and financial challenges.
 Employee awareness and Accountability-Employees should be trained and made more
aware of security risks. They need to be accountable for security focused actions.

Types of vulnerabilities

1). Software vulnerabilities


 Operating system Vulnerability-Vulnerabilities in the OS can provide attacks with access to
critical system resources e.g. weakness in system service
 Application vulnerabilities-flow in software applications such as web browsers, emails, can
be exploited
2). Hardware vulnerabilities
 Physical vulnerabilities which involves weakness in the physical components such as servers,
routers
3). Network vulnerabilities

Levels of system vulnerabilities


Critical vulnerabilities
These are the most severe and pose a significant threat to the security of a system.
Characteristics
 Associated with remote code execution
 Exploitation can lead to complete system take over
High Vulnerabilities
Can lead to serious consequences if exploited
Characteristics
 Can lead to data breaches

PREPARED BY FREDRICK ODHIAMBO


 Exploitation may require certain conditions
 May allow unauthorized access

Medium vulnerabilities

They have the potential to Impact security but are typically less severe than critical and high
vulnerabilities.

Characteristics

 Exploitation may require user interaction


 Impact is less severe than high and critical vulnerabilities

Low Vulnerabilities

Are the least severe and have minimal impact on the system security.

Characteristics

 Limited potential for exploitation


 Minimal impact system integrity compared to medium vulnerability

Ethical Penetration Testing

Involves assessing computer system, network or application to identify security vulnerabilities in


legal and controlled manner.

Types of security measures in information System

i. Data Backup-Is a process of putting an archive of files and data on a separate storage
device which is different from primary storage for retrieval in case of data loss.
ii. Firewall-Network security tools that monitor incoming and outgoing network traffics
iii. Data Encryption-Process of changing the plain text into cypher text so that you limit
access during transmission over a network.
iv. Use of strong password
v. Use of antivirus software’s-It is used to prevent, detect, and fix the destruction caused
by the virus.
vi. Educate your employees

Importance of Data security

i. Privacy Protection-Protect individual personal information preserving their right to


privacy.
ii. Prevention of identity Theft-It reduces risk of unauthorized access to personal data
mitigating threat of identity theft.
iii. Trust-It fosters trust among users, customers enhancing relationship within individuals
and organizations.
iv. Legal Compliance-Ensures adherence to data protection regulations and laws.
v. Financial Security-Protects against financial losses that may result from data breaches.
vi. Property Protection-Safeguards property information trade secrets and intellectual
property from theft.

PREPARED BY FREDRICK ODHIAMBO


vii. Ensures business Continuity-Prevent disruptions caused by data loses
viii. Customer Loyalty-Enhance customer loyalty and satisfaction by making a commitment
to protecting their information
ix. Protection against cyber Threats-It mitigates cyber threat risks such as malware and
phishing attacks
x. Security critical Infrastructure-Ensures security of critical infrastructure

Questions

1.Define computer system

Protecting data from unauthorized access.

2.List any three physical threats to a computer system.

Theft

Accidental damage

Hardware failure

3.State three ways you can use to prevent boot force attack.

Use strong password which include letters, numbers and special characters.

Educate users about importance password security

Update software and firmware to patch vulnerabilities.

4.State three ways attackers may use to identify individual password.

Phishing by creating fake websites and emails

Typing commonly used password from dictionaries

Attempting all possible combinations until current password is found.

5.List three ways data from within the organization may be exposed or accessed by unauthorized
entity.

Phishing

Weak passwords

Unauthorized

6.Explain the following terms as used in computer security.

i. Firewall-Network security tool that monitors incoming and outgoing network traffics
ii. Hacking-Activity of identifying weakness in a computer system to exploit the security to gain
access to personal data.
iii. Threat-Dangers that can occur if system is not secured.
iv. Vulnerability-These are weaknesses which may be caused by security threats

PREPARED BY FREDRICK ODHIAMBO


v. Risk-Likelihood and impact of a negative event that can compromise the confidentiality of
computer system.

7. Explain three classification of computer hackers.

 White Hackers-Security experts authorized to access and identify, fix security vulnerabilities
in a system.
 Black Hackers-Exploit vulnerabilities for personal gain or to cause harm.
 Grey Hackers-Exploit vulnerabilities without proper authorization.

8. Outline four important functions that information security performs for an organization

 Helps in avoiding unauthorized access to information.


 Makes the information available & useful for its authorized people.
 Protecting privacy and data.
 Saving money

9. Outline two reasons why it’s important to use VPN when accessing internet using public network.

 Protecting privacy and data.


 Saving money on online purchase

10.Differentiate between vulnerability assessment and penetration testing.

Vulnerability Assessment is a process of evaluating security risks in software system to reduce


probability of threats while penetration testing is assessing computer systems network or
application to identify security vulnerabilities in a controlled manner.

MANAGE ICT SYSTEM ATTACK

Security threats to data and information

1.Computer Virus

This is a destructive program that attaches itself to other files when the files are open for use and
install itself in a computer without the knowledge of the user

It is a program designed specifically to damage other program or interfere with the proper
functioning of the computer system.

Types of computer virus

 Boot sector virus


 File Virus-Attach themselves to erase or modify file
 Worms-Stick in the computer menu
 Trojans-Appear to perform necessary functions but perform other undesirable activities
 Hoax-Comes as emails

Damages Caused by Computer viruses

PREPARED BY FREDRICK ODHIAMBO


 Delete or modify data, information and files
 Systematically destroy all the data in computer memory
 They might lock the keyboard
 They can delete characters displayed on visual display
 Use app computer memory/space hence slowing down performance or causing the system
crash.
 It can change the color of the display
 Causes boot failure.

Sources of computer viruses

 Contact with contaminated software


 Use of pirated software
 Fake games.
 Freeware and sharewares.
 Update of software which is distributed through a poor network.
 Infected storage medias.

Control measures against computer viruses

 Install up to date antivirus software on a computer.


 Restrict the movement of foreign storage medium.
 Avoid opening mail attachments before scanning them for viruses.
 Backup all software and files at regular intervals.
 Do not boot your computer from disk which you are not sure are free from viruses.
 Avoid pirated software.

2. Unauthorized Access

May take the following forms;

 Eavesdropping-Tapping into a communication channel to get information.


 Surveillance(Monitoring)-This is where a person may monitor all activities done by another
person or people and the information gathered may be useful for different purposes.
 Industrial Espionage-Involves spying on a competitor so as to get or steal information that
can be used to finish the competitor or for commercial gain.
 Forced entry into a computer room through weak access points.

Control Measures

 Enforce data and Information access control policies on all employees


 Keep the computer room closed when nobody is using it.
 Re-enforce weak access points.
 Use file passwords to prevent any person from getting access into the electronic files.
 Enforce network security measures
 Encrypt data and information during transmission.

3.Computer Errors and Accidental access

PREPARED BY FREDRICK ODHIAMBO


They can be as a result of;

 Mistake made by people


 People experimenting with features they are not familiar with.

Control Measures

 Restrict files access to the end user and technical staff in the organization.
 Setup a comprehensive error recovery strategy in the organization.

4.Theft

Some information is so valuable such that business competitors or some government can decide to
pay somebody to steal the information for them.

Control measures

 Create backup and store them in a location different from the original storage location.
 Reinforce work access points
 Employ guards to keep watch

5.Computer Crimes

Is committing of illegal act using a computer or against a computer system or the use of computer
hardware, software or data for illegal activities.

Types of computer crimes

Trespass

Is an illegal physical entry to a restricted area where computer hardware, software and backup data
is kept

Hacking

Is an attempt to invade the privacy of system either by tapping message being transmitted along a
public telephone line or through breaking a security code and password to gain unauthorized access
to the system data and information files in a computer.

Tapping

Listening to a transmission line to gain a copy of the message being transmitted over a network.

Cracking

Is the use of guess work by a person trying to look for a weakness in the security codes of a software
in order to get access to data and information?

Piracy

Making illegal copies of copy write software data or information either for personal use or for resale.

Fraud

PREPARED BY FREDRICK ODHIAMBO


Is the use of computer to conceal information or cheat other people with intention of gaining money
or information?

Sabotage

It is the illegal destruction of the system data or information by employees or other people with the
grudge aiming at crimpling services delivery or causing great loss to an organization.

Alteration

Illegal changing of stored data and information without permission with the aim of gaining or
misinforming the authorized user.

Detection and protection against computer crimes

1). Audit Trail

Is a careful study of an information system by experts in order to establish or find out all the
weaknesses in a system that could lead to security threat or act as weak access points to criminals

2.) Data encryption

It is mixing up the messages transmitted over a network in a form that only sender and the receiver
can be able to understand by reconstructing the original message from the mix.

Black
Black
Black Panther
Kcalb Panther
Panther
rethnap

Plain text Encryption key Decryption key Plain text

3.) Log files

These are special system files that keep a record of events on the use of computers and resources of
information system.

Each user is equally assigned username and password.

The information system administrator can therefore easily track who accessed the system, when
and what they did in the system.

4.) Firewall

This a tool used to monitor incoming and outgoing network traffics.

Laws governing protection of Data and Information

 Data Protection Act 2019


 Kenya Information and Communication Act (KICA) 2013
 Kenya Communication Act 2018

PREPARED BY FREDRICK ODHIAMBO


 Computer Misuse and Cybercrime Act 2018

Environmental Threats to computer and Information System

 Fire

Fire can physically damage hardware components, destroy data stored on the device and
disrupt power supplies.

It can render the system into data loss and potential financial loss

 Water floods and moisture

Water can cause malfunction of short circuits and damage to electronic components. It
can cause hardware damage, data loss and downtime due to the need of replacements.

 Lightening electricity and electrical stones

Lightning strikes and electrical storms can cause power outrage leading to damage or
destruction of hardware components which can lead to data loss.

 Excessive heat/temperature

High temperature can lead to overheating of hardware components causing malfunction or


permanent damage which can lead to system instability.

 Smoke and dust

Smoke and dust can accumulate on hardware components impeding airflow and causing
overheating.

 Terrorist attack

Intentional attacks can involve physical damage, cyber-attacks aiming to disrupt or compromise
computer information system.

Causes of Data loss in a computer system

1.Storage devices failure (HDD & SSD)

Hard devices can fail due to mechanical issues or wear and tear over time

2.Natural disasters

Flood, fires and earthquakes can physically damage the storage devices leading to data loss

3.Theft

Theft of computers or storage devices can lead to data loss especially if there is no backup

4.Power failures

PREPARED BY FREDRICK ODHIAMBO


Abrupt power loss can cause data loss if files are in process of being written or saved.

5.Improper shutdowns

Turning off the computer without following proper shutdown procedures can lead to data loss

6.Human Errors

Accidental deletion where user may delete important files or directories unknowingly.

7.Insufficient data backups

Failure to importantly backup data increases the risk of permanent data loss in the event of system
failure.

Monitoring tools

 Zabbix- An open source monitoring tool for network and applications


 Splunk- Analyzes and visualizes machine generated data from application
 Data dug-
 Nagios-Simplifies IT infrastructure monitoring and improve efficiency
 Domotz- Provides unparalleled visibility of digital assets and data flows.

Firewall Tools

 Offers firewall policy management and risk analysis.


 Skybox firewall Builder-Helps manage firewall policies
 AWS Firewall Manager-Manages AWS security groups.
 Tufin Secure attack- Alert for potential security risks.
 Firemon-Reduces cloud and firewall security policy related risks.
 Sophons-Works alongside your existing antivirus protection.
 Cisco-Helps user to consistently manage policies across cisco security products

Questions

1.What is ping command and what are its uses?

Ping command is a versatile utility used to test network connectivity and diagnose issues.

Uses of Ping Command

 Testing reachability
 Diagnosing issues
 Network troubleshooting
 DNS Testing

2.Why is it necessary to test speed of a network.

Will help in decision making when choosing an internet provider or a plan that fits your household
or your business needs.

3.Difference between traceroute and ping

PREPARED BY FREDRICK ODHIAMBO


PING Traceroute

4.N-Map

Network mapping is the process of discovering all entities to a network.

It gathers and interpret data using easy to read visualization that accurately reflect the status of
enterprise network and linked devices.

5.Explain Wireshark

Is a powerful network protocol analyzer that captures and examine network traffic

6.What is ethical penetration

Is an advanced form of security testing designed to provide a deep technical analysis of a target
environment vulnerability to exploitation and attack.

7.Explain evaluation of system security

Is an action plan for making sure that all your systems from IT infrastructure to software applications
are protected against malware and other cyber threats.

8.Explain secure socket layer and multifactor authentication

Secure Socket Layer-Is a protocol for creating a secure connection for user-server interaction.

All web interactions involve both a server and users. Users often enter or have sensitive information
on sites that have people and system vulnerable.

Multifactor Authentication-Is a multi-step account login process that requires users to enter more
information than just a password Example, along with password, users might be asked to enter a
code sent to their emails, answer a secret question or scan fingerprint.

Identify the requirements you need in order to Install a CCTV

1. Camera: -

You have two camera options when installing a CCTV camera system:

 Analog
 Internet protocol (IP).

2. Monitoring Station: -

PREPARED BY FREDRICK ODHIAMBO


Viewing captured video and photos is likely the most important function of a CCTV
camera, made possible via a monitor.

3. Cables and Routers: -

You will require supporting technologies, such as routers and cables, to be integrated into
your system for a seamless connection, depending on the types of cameras and
surveillance systems you prefer.

4. Video Recorders: -
Video recorder will help in recording footage that is processed for storage and viewing.
Video recorders come in two different varieties. DVR(Digital Video
Recorders). and NVR (Network Video Recorders)

4. Storage: -

A CCTV camera system’s storage device should be able to continuously record,


store, and playback videos from several feeds. Standard hard drives that are found in
laptops and PCs are not suited for the storage demands of CCTV Camera. Therefore,
selecting a reliable storage system is essential for secure data storage e.g. hard drive
disk

Process of CCTV Installation

1. Decide on the location and prepare the installation

Cameras should be aimed to capture the necessary area of view without focusing on bright areas
like windows, doors, or lights. Although adequate lighting is necessary, too much light might
diminish image quality. For this reason, the placement of your cameras and DVR is of
paramount importance when setting up a CCTV system. It helps to maximize your camera
coverage while also reducing cable length.

PREPARED BY FREDRICK ODHIAMBO


When deciding where to install your home or business security cameras indoors, look for a spot
from where you can see all potential entrance points. There also needs to be access to electricity
not far away. Pick locations that are high enough that the cameras won’t be readily knocked
down.

Get the camera in position, then mark your drilling spots with a reference point. Make pilot holes
and tap in the screw moldings. Make sure the camera is securely fastened in place. Plug the
camera’s power cord into an outlet.

2. Run the cables to the camera sites

After you’ve drilled the necessary holes for the cameras, you can start running the cables to
them. To get cables where they need to go, you will have to make holes in the walls or ceiling.
Connectors for Ethernet cables are not always pre-installed, so you may need to crimp some on
yourself.

3. Connect the cables to the DVR

Establish a strategy for the routing of cables connecting the cameras to the DVR. A pre-
terminated cable should be connected from each camera’s location to the DVR’s control point. It
is recommended that the male power plug be situated on the side of the camera. Power outlets
are typically found on the side of control panels. Each camera’s black BNC cable plug should be
connected to the DVR’s corresponding video input socket.

Whether or not you choose to use a wall mount for the DVR box is up to you. Like wall outlets
and surge protectors, most will have mounting holes on the back. It can also be placed on a flat
surface like a desk or table.

PREPARED BY FREDRICK ODHIAMBO


4. Mount and install the cameras

First, attach the camera to the end of the cable that emerged from the opening. Then, shove the
surplus back into the opening. Get out your power drill and attach the camera to your building
using the included screws. After the camera has been installed, the adjustment screws can be
loosened to make quick, rough adjustments, and then tightened again once the fine tuning is
complete.

5. Switch on the power

Connecting the cables to the DVR can begin once you have successfully routed the other end of
the cables throughout your home or business. Connect the external monitor, keyboard, and
mouse to the DVR box, with each cable going into its corresponding port. An external USB drive
can be kept permanently connected in case you ever need to transfer footage to it. Important
information to keep in mind is that the DVR and the cameras share a common power source.
Connect the DVR, monitor, and camera to the mains electricity.

6. Set-up the DVR

The completion of this step concludes the CCTV installation process. To finish setting up your
DVR, refer to the manual for further instructions. In some cases, the manual will instruct you to
install the hard disc before you can use it, while in others, the hard drive will already be installed
and you may get started right away.

PREPARED BY FREDRICK ODHIAMBO


PREPARED BY FREDRICK ODHIAMBO
PREPARED BY FREDRICK ODHIAMBO

You might also like