Deliberate Act of Trespass.
Trespass means to enter into another’s land or property without his permission or without lawful justification
It is a wrongful interference with the possession of someone’s personal property
It is an unlawful interference with one's person, property or rights.
With reference to property, it is a wrongful invasion /attack on another's possession.
Halsbury's Laws of England explains what constitutes ‘trespass’ - Every unlawful entry by one person on land in the possession of another is a trespass for which an action lies, even though no actual damage is done.
Unauthorized access to information that an organization is trying to protect.
Computer security is a broad subject, covering among other things: security devices and the internal security of the machine and the operating system.
External security: referring to the facilities of the computer system and the access of people to the system and its information.
Contemplate these two areas:
Physical security: Of the facilities. It includes measures for the prevention or recovery of accidents, and control of access to the system.
Operational safety: Security policies and mechanisms: levels of authorization or responsibility, access methods, communication protocols ...
Internal security: the one that refers to the circuitry of the system, or security issues of the operating system.
What is Intrusion Detection?
Intrusion detection, is the attempt to monitor and possibly prevent attempts to intrude into or otherwise compromise your system and network resources. Simply put, it works like this: You have a computer system. It is attached to a network, and perhaps even to the internet. You are willing to allow access to that computer system from the network, by authorised people, for acceptable reasons. For example, you have a web server, attached to the internet, and you are willing to allow your clients, staff, and potential clients, to access the web pages stored on that web server.
You are not, however, willing to allow unauthorised access to that system by anyone, be that staff, customers, or unknown third parties. For example, you do not want people (other than the web designers that your company has employed) to be able to change the web pages on that computer. Typically, a firewall or authentication system of some kind will be employed to prevent unauthorised access.
Sometimes, however, simple firewalling or authentication systems can be broken. Intrusion detection is the set of mechanisms that you put in place to warn of attempted unauthorised access to the computer. Intrusion detection systems can also take some steps to deny access to would-be intruders.
Why use Intrusion Detection?
The underlying reasons why you might use intrusion detection systems are relatively straightforward: You want to protect your data and systems integrity. The fact that you cannot always protect that data integrity from outside intruders in today's internet environment using mechanisms such as ordinary password and file security, leads to a range of issues. Adequate system security is of course the first step in ensuring data protection. For example, it is pointless to attach a system directly to the internet and hope that nobody breaks into it, if it has no administrator password! Similarly, it is important that the system prevents access to critical files or authentication databases (such as the NT SAM or the Unix /etc/passwd or /etc/shadow files) except by authorised systems administrators.
Further measures beyond those normally expected of an intranet system should always be made on any system connected to the internet. Firewalling and other access prevention mechanisms should always be put in place. While it may be acceptable to allow NT logon, file sharing, or telnet access to a system that is entirely internal, an internet server should always use more secure mechanisms, such as firewalling off the NT file sharing (SMB protocol) ports such as TCP/UDP ports 137 - 139, and using secure shell (SSH) instead of telnet for access to Unix systems.
Intrusion detection takes that one step further. Placed between the firewall and the system being secured, a network based intrusion detection system can provide an extra layer of protection to that system. For example, monitoring access from the internet to the sensitive data ports of the secured system can determine whether the firewall has perhaps been compromised, or whether an unknown mechanism has been used to bypass the security mechanisms of the firewall to access the network being protected.
Some intrusion attempts
Based on: opportunism, search for useful information, programming, etc.
➤Theft or espionage of passwords
➤Take advantage of oversights
➤Garbage collection
➤Inspection of system information
➤Electronic listening
Trial and error: password analyzer programs, decryptors, etc.
Decoy programs: Trojan horse; deception trick. Use of a "backdoor" (backdoor) Exploitation of system holes.
➧low-tech: shoulder surfing
shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder. This attack can be performed either at close range (by directly looking over the victim's shoulder) or from a longer range, for example by using a pair of binoculars or similar hardware. To implement this technique attackers do not require any technical skills; keen observation of victims' surroundings and the typing pattern is sufficient. Crowded places are the more likely areas for an attacker to shoulder surf the victim. In the early 1980s, shoulder surfing was practiced near public pay phones to steal calling card digits and make long distance calls or sell them in the market for the cheaper prices. However, the advent of modern-day technologies like hidden cameras and secret microphones makes shoulder surfing easier and gives more scope for the attacker to perform long range shoulder surfing. A hidden camera allows the attacker to capture whole login process and other confidential data of the victim, which ultimately could lead to financial loss or identity theft. Shoulder surfing is more likely to occur in crowded places because it is easier to observe the information without getting the victim's attention.
Apart from threats to password or PIN entry, shoulder surfing also occurs in daily situations to uncover private content on handheld mobile devices; shoulder surfing visual content was found to leak sensitive information and even private information about third-parties
shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder. This attack can be performed either at close range (by directly looking over the victim's shoulder) or from a longer range, for example by using a pair of binoculars or similar hardware. To implement this technique attackers do not require any technical skills; keen observation of victims' surroundings and the typing pattern is sufficient. Crowded places are the more likely areas for an attacker to shoulder surf the victim. In the early 1980s, shoulder surfing was practiced near public pay phones to steal calling card digits and make long distance calls or sell them in the market for the cheaper prices. However, the advent of modern-day technologies like hidden cameras and secret microphones makes shoulder surfing easier and gives more scope for the attacker to perform long range shoulder surfing. A hidden camera allows the attacker to capture whole login process and other confidential data of the victim, which ultimately could lead to financial loss or identity theft. Shoulder surfing is more likely to occur in crowded places because it is easier to observe the information without getting the victim's attention.
Apart from threats to password or PIN entry, shoulder surfing also occurs in daily situations to uncover private content on handheld mobile devices; shoulder surfing visual content was found to leak sensitive information and even private information about third-parties
➧ high-tech: hacking
While there’s been a fear of hackers on the web since the “You’ve got mail” days, recent front-page attacks point to an increase in the volume and precision of cyberattacks, which should alarm enterprises of all sizes.
This is especially true because more businesses have begun to digitize sensitive information, such as financial records.
As BizTech highlighted back in March, an increasingly paperless world has changed the way business treats data:
The benefits of a move to digital documents from physical paper include reduced costs, improved efficiency and instant access to documents. But the path to paper’s dematerialization is not without its twists and turns. If we are to achieve a paperless future, then we need secure and scalable methods of data authentication.
http://www.whitehelm.com/intru-det.html
https://en.wikipedia.org/wiki/Shoulder_surfing_(computer_security)
https://biztechmagazine.com/article/2013/06/hacker-profiles-meet-new-kids-block-infographic
While there’s been a fear of hackers on the web since the “You’ve got mail” days, recent front-page attacks point to an increase in the volume and precision of cyberattacks, which should alarm enterprises of all sizes.
This is especially true because more businesses have begun to digitize sensitive information, such as financial records.
As BizTech highlighted back in March, an increasingly paperless world has changed the way business treats data:
The benefits of a move to digital documents from physical paper include reduced costs, improved efficiency and instant access to documents. But the path to paper’s dematerialization is not without its twists and turns. If we are to achieve a paperless future, then we need secure and scalable methods of data authentication.
http://www.whitehelm.com/intru-det.html
https://en.wikipedia.org/wiki/Shoulder_surfing_(computer_security)
https://biztechmagazine.com/article/2013/06/hacker-profiles-meet-new-kids-block-infographic
No hay comentarios:
Publicar un comentario