Professional Documents
Culture Documents
Lecturer: Mr Rodrigue Alahassa Course: Computer Network and Security Deadline: 28th February 2014
ABSTRACT
The aim of the report is to harness the natural ability of people to recognise their family and friends so as to eliminate identity fraud. It uses digital media, smartphones or webcams, and carefully choreographed social collaboration. The promise is not only that identity fraud be systemically eliminated, the rigmarole of "proving who you are" through documents, devices, PINs, passwords and pet names also becomes redundant, thereby neutralising the value of such items to fraudsters and making life easier and safer for the honest majority.
TABLE OF CONTENTS
1. Introduction 2. Knowing Me 3. Knowing You (Enemy) 4. Weaknesses needed against cyber criminals 5. What companies need to know about data protection 6. Conclusion 7. References 1 2 3 4 5 7 7
1. INTRODUCTION
Knowing me, knowing you is all about understanding the security threats and organisations risk profile and understanding this, theres need to know your enemy and also need to know yourself. So, how much do we know about our adversary and how also, how much much do we know about our organisation. This focuses on how you can detect these threats, identify what tools they are using and what vulnerabilities they are looking for, focuses on what happens once they gain root. Specifically, how they cover their tracks and what they do next. It covers how you can analyse such an attack, uncovers the motives and psychology of some members of the black-hat community by capturing their communications amongst each other.
2. KNOWING ME
Knowing me is about securing your network; an unprotected network could allow malicious hackers -- known as crackers -- access to your data. It might even allow someone to take control of your computers and use them to commit crimes like a distributed denial of service attack (DDoS). Even if no one snoops on your information or controls your computer, someone might use your network to access the Internet. As more ISPs begin to place caps on how much data you can download, it becomes even more important to control your network. You don't want to get slapped with a huge bill for Internet services you didn't even use. With the right tools and knowledge, you can minimize your chances of having your security compromised by malicious hackers or computer viruses. Such as; Protecting our system from viruses. Setting up a simple back up system. Keeping personal information safe and secure (e.g. having strong passwords, avoiding public Wi-Fi etc.)
For organizations, it about know your network before an intruder does." But knowing your network is a difficult proposition. Most network owners wish they could buy a magic box to identify and protect all their information assets. This approach has never worked and will never work because the modern enterprise is too complicated for any machine to make these decisions. Since products can't do the job, many organizations assign tasks to individuals and expect them to maintain inventories of networks, hosts and information. But manually maintained inventories are prone to error and omission. They consider the following ways to identify live hosts:
Conduct network-based scans that send ICMP, UDP or TCP traffic to various subnets. Advantages of this approach include simple operation, but the disadvantages can be numerous. More systems these days run host-based firewalls that might block network scans; the network owner must know where to look; hosts might be down at the time of the scan; scans might crash the target and so on. Despite these challenges, broad network scanning should still be an important component of network discovery programs. Conduct passive assessments that listen for any traffic traversing a monitored transit point. The advantage of this network security monitoring approach is that it doesn't affect the observed hosts. The passive approach can also build a profile of observed traffic, and its continuous nature means any traffic whatsoever from the target can populate an asset database. Disadvantages include monitoring a multitude of transit points and possibly obscuring source addresses due to network address translation. 2
Websites, Apps and Cookies Businesses should check whether their use of website cookies is in compliance with the EC (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011. These Regulations require websites to go further than the previous practice of providing a brief description of what cookies are and how to disable them. Direct Marketing Strict rules apply to the use of personal data for direct marketing via email and phone. Prior consent from individuals is generally necessary to use their personal data for direct marketing purposes. Failure to comply with the rules can lead to hefty financial penalties ranging between 5,000 and 250,000 for each direct marketing message. Data Breaches Generally, all incidents of loss of control of personal data by a data controller must be reported to the DPC within two days unless certain criteria apply. This is the case except when the data can be considered inaccessible due to proper encryption, remote memory wipe or password security. Companies need to have a plan in place to deal with security breaches. The secret to avoiding data protection issues is planning. Businesses should ensure at the design and roll-out stage that their product complies with privacy laws.
6. CONCLUSION
Knowing me knowing you poses a threat to all systems. They show no bias and scan all systems, regardless of location and value. Sooner or later, your system will be probed. By understanding their motives and methods, you can better protect your systems against this threat.