Notes From - Unit 1: Computing Security Concepts and Problems 1

**********************************************************************************
**********************************************************************************
File Name: Unit-One-Notes
About: Notes from course material of unit one of RITx:CYBER501x course on Edx.
Author: Abhishek Rai
Date: 12th April 2018
Day: Thursday
**********************************************************************************
**********************************************************************************

A. Defining Cybersecurity:

i) Cyber security is a great umbrella term referring to protecting the confidentiality, integrity, and availability of computing devices and networks, hardware, software and most importantly, data and information.

ii) Cyber security involves times when data or information is in transit, being processed, and at rest.

iii) The weakest link in cybersecurity framework are the humans, and they often fall to victimm to social engineering attacks, making all products, procedures redundant in the entire framework.

iv) Insiders are a much greater threat, and can do far greater damage.They already have some level of access, means, and opportunity.

v) Treating each attack as an isolated incident is a huge mistake. There needs to be greater intelligence, correlated attacks, to previous attacks,both within a company and between companies.

B.) Vulnerabilities:

The security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal.

C.) Personal Security:

Attacks are becoming increasingly complex, relying on a combination of techniques,including exploitation of software vulnerabilities, and improper configuration,malicious software, malware, and social engineering.

D.) Who are the hackers?:

i) A hacker is someone who thinks outside the box, is technologically-inclined,and finds unconventional solutions to problems, focusing on what is important.

ii) Cracker was the original term for a malicious hacker.

iii) Script kiddies are inexperienced crackers, who use scripts and programs developed by others.They often don't know what they're clicking or initiating, nor do they have any idea of the scope, or consequences of their actions.

iv) The FBI define the motivation of individuals who commit espionage against the country,with the acronym, MICE, money, ideology, compromise or coercion, ego or extortion.

v) Researcher, Max Kilger, proposed that the motivations for the hacker community can be thought of as MEECES, money, ego,
entertainment, cause, entrance, and status.

E.) Data Breaches:

i) Announced in 2013, Target, 70 million customers affected.The breach started when credentials from their HVAC company were stolen.

ii) The breach started because JP Morgan's security team didn't upgrade a server with two-factor authentication.

iii) Home Depot, 56 million customers affected.Like Target, the breach started from credentials stolen from a third-party vendor.Unpatched Windows systems were also directly in the mix.

iv) Major League Baseball's Houston Astros.A front office executive went from the St. Louis Cardinals to the Houston Astros, changing jobs,and was required to turn his laptop and password.A Cardinals executive tried the former executive's old password on the computer systems in Houston, his new digs.After mixing and matching with the old Cardinals' password, he got in.

v) The Ukraine power grid was hacked and would be again the following year, 2016.The first attacks started when workers clicked on an attachment,enabling macros in a Microsoft Word document.