Summary Security that literally contains everything related to hacking and cyber security. It is made for the course Security at Leiden University, but it is very useful for other universities. Even if you just want to learn how to hack this summary is a must!
PS: Only the first two pages are in d...
What is security according to ISO?
• Definitions from ISO/IEC 27000:2016
• Information security: preservation of confidentiality, integrity and
availability of information
• Confidentiality: property that information is not made available or
disclosed to unauthorized individuals, entities, or processes
• Integrity: property of accuracy and completeness
• Availability: property of being accessible and usable upon demand by an
authorized entity
Case 1: ILOVEYOU
1. Omschrijving: e-mail met daarin de claim dat het
een liefdesbrief is, maar eigenlijk was het een script.
Wanneer je het opent ‘corrupt’ het alle files en
stuurt het zichzelf door naar al je contacten.
2. Effect: 10% van het internet en miljarden aan
schade.
3. Techniek: Social Engineering
4. Niveau: Script kiddie
Case 2: Heartbleed
1. Omschrijving: Er werd gebruik gemaakt van een
tekortkoming in SSL.
2. Effect: Communicaties zijn waarschijnlijk onderschept
en iedereen moest zijn/haar wachtwoord veranderen.
3. Techniek: Verschil in ‘bounds’ (lengte request) en de
daadwerkelijke lengte van een request.
4. Niveau: skilled hacker
, Case 3: DDoS attack
1. Omschrijving: Dyn kreeg enorm veel aanvragen
waardoor de services zoals twitter onbereikbaar
werden.
2. Effect: Grote websites onbereikbaar.
3. Techniek: Veel onderdelen hadden standaard
wachtwoorden. Mirai (botnet) probeerde gewoon heel
veel gebruikelijke wachtwoorden.
4. Niveau: Script kiddie. Iedereen met met een botnet kan dit.
Case 4: Stuxnet
1. Omschrijving: Verspreid zich over het internet en via usb-
sticks. Het maakt gebruik van bugs (zero-days) in het
windows-systeem. Stuxnet heeft het iraanse
atoomporgramma aangevallen.
2. Effect:. Schade aan centrifuges van iraanse
kerncentrales.
3. Techniek: Erg complex. De veiligheidsdiensten hadden
nagenoeg oneindig veel middelen.
4. Niveau: MIVD/CIA/Mossad
Why is security hard?
• Asymmetry
- Attacker needs to find one weakness
- Developer needs to find all weaknesses
• Hard to convince managers
- Can increase cost
- Can decrease user friendliness
- Hard to measure, invisible until attacked
• Many levels
- Hardware, OS, framework, application, design, specification, …
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller tpakats. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $8.05. You're not tied to anything after your purchase.