1.1 Information Security Overview

  • Source code leaks accelerated malware release cycles

    攻擊者創造新的變種惡意軟體(malware variants)

    包含新的characteristics、signatures、evasive capabilities等

    anti-virus/anti-malware無法偵測

  • Old school malware techniques made a comeback

    現今技術如anti-virus applications、IDS、firewall能夠偵測出新的cyber-crime techniques

    迫使攻擊者使用人工(manual)且較花時間(time consuming)的舊惡意軟體感染(infection)和擴散(propagation)技術來躲避進階的偵測

  • Growth of 64-bit malware increased

    64-bit作業系統越多人使用,惡意軟體作者也寫越多64-bit的惡意軟體而不是較舊的32-bit

  • Malware researcher evasion became more popular
  • Mobile SMS-forwarding malware are becoming ubiquitous
  • Account takeover moved to the victim's device
  • Attacks on corporate and personal data in the cloud increased

    越來越多公司依賴雲端服務,因此攻擊者往雲端攻擊較有利益

  • Exploit kits continued to be a primary threat for Windows

    由於Windows XP已不再更新,因此很容易遭到攻擊。

  • Attackers increasingly lure executives and compromise organizations via professional social networks

    從社交網路獲取或引誘更多機密性資料

  • Java remains highly exploitable and highly exploited - with expanded repercussions

    使用舊的Java版本易受到攻擊

  • Attackers are more interested in cloud data than your network
  • The sheer volume of advanced malware is decreasing

    攻擊者專注在少量特定目標以保護攻擊的基礎點以及竊取登入憑證

  • Redkit, Neutrino, and other exploit kits struggled for power in the wake of the Blackhole Author Arrest

    Blackhole exploit kit作者被抓了後,Redkit與Neutrino等其它exploit kits也越來越多人使用。

  • Mistakes are made in "offensive" security due to misattribution of an attack's source
  • Cybercriminals are targeting the weakest links in the "data-exchange chain"

    攻擊者從較弱的環結下手如consultants、contractors和vendors,因為他們通常擁有公司機密性資料。

  • Major data-destruction attacks are increasing

    以往攻擊者都是竊取機密資料,但現今也有攻擊者是直接破壞資料。

Essential Terminology

  • Hack Value: It is notion among hackers that something is worth doing or is interesting

    值得做或有興趣做、獲得成就感當其它人辦不到時

  • Vulnerability: Existence of a weakness, design, or implementation error that can lead to an unexpected event compromising the security of the system

    存在weakness、design、或implementation error,攻擊者可利用這些弱點來入侵系統

  • Exploit: A breach of IT system security through vulnerabilities

    透過漏洞進行的攻擊,透過惡意軟體或指令造成合法軟體/硬體非預期的行為

  • Payload: Payload is the part of an exploit code that performs the intended malicious action, such as destroying, creating backdoors, and hijacking computer

    Payload是惡意軟體或exploit的一部份,帶有惡意程式的行為,包含建立後門存取受害者的機器、損壞、刪除或資料竊取。

  • Zero-Day Attack: An attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability

    攻擊者在軟體供應商有漏洞的軟體發佈更新之前進行的攻擊行為

  • Daisy Chaining: It involves gaining access to one network and/or computer and then using the same information to gain access to multiple networks and computers that contain desirable information

    入侵一台電腦的資訊後,再利用這些資料來對其它電腦進行入侵以取得更多資料

  • Doxing: Publishing personally identifiable information about an individual collected from publicly available databases and social media

    人肉

  • Bot: A "bot" is a software application that can be controlled remotely to execute or automate predefined tasks

    攻擊者遠端控制受感染的電腦(bot)進行DDoS等攻擊

Elements of Information Security

  • Information security is a state of well-being of information and infrastructure in which the possibility of theft, tampering, and disruption of information and services is kept low or tolerable.
  • Confidentiality: Assurance that the information is accessible only to those authorized to have access

    有權限的人才可存取,機密性

  • Integrity: The trustworthiness of data or resources in terms of preventing improper and unauthorized changes

    資料的完整性

  • Availability: Assurance that the systems responsible for delivering, storing, and processing information are accessible when required by the authorized users

    系統的可用性

  • Authenticity: Authenticity refers to the characteristic of a communication, document or any data that ensures the quality of being genuine

    資料是否為真,鑑別性

  • Non-Repudiation: Guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message

    收、送雙方不可否認有收到或送出資訊,不可否認性,數位簽章

The Security, Functionality, and Usability Triangle

  • Level of security in any system can be defined by the strength of three components:

    • Functionality (Features)
    • Security (Restrictions)
    • Usablity (GUI)

    安全性越高,其功能性和方便性就越低,無法三者兼顧

results matching ""

    No results matching ""