Unit 1 and 2

IBM ICE (Innovation Centre for Education)
Welcome to:
Unit 1: Data Security Threats
© Copyright IBM Corporation 2015 9.1

Unit objectives IBM ICE (Innovation Centre for Education)
IBM Power Systems
After completing this unit, you should be able to:
• Understand the background of Data Security
• Understand the various associated threats
• Understand the concept of different threats associated with Data Security
© Copyright IBM Corporation 2015

Background IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Data protection is needed not only to protect the data on a system from harmful cyber-
attacks or viruses, but also to ensure that if it does find its way into the wrong hands, it
remains secure and unable to be viewed.
• Data protection is comprised of many elements, including where the data resides, how it is
used and who has access to it.
• For any organization, data security is a vital issue. They can suffer serious issues if an user
who is not authorized to gain access to their data enters their systems.

Case study: Overview IBM ICE (Innovation Centre for Education)
IBM Power Systems
• The contingency plan of an organization has managing and protecting data as one of its
necessary part.
• Data breach can cause very large financial penalties, reputation loss and expensive law suits
for any organization.
• It can also have a serious impact on individuals, as their identity can be stolen and a large
damage can be made when it comes to their credit rating or financial history.

Case study (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• eBay
• Sony
• Gaana.com
• BlueCross BlueShield
• Methodist Hospital

Case study (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Health Net
• Michaels Stores
• Variable Annuity Life Insurance Co.

Need of data security (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• An organization cannot run without a proper data security mechanism in place.
• Every organization today has all their data present in digital form, which if not protected can
have catastrophic effect on the business continuity of the organization.
• Data security is extremely important for all companies, large and small. On an average daily
basis, data theft occurs from a multitude of companies, either by accident or on purpose.

Need of data security (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• The process of protecting massive amounts of data or information which an organization may
want to keep confidential and protected from others is known as Business Data Protection.
• Often, organizations struggle to create real-time security policies as the data keeps growing.
• While data breaches affect businesses of all sizes, many small business owners aren’t taking
the necessary steps to create ongoing data security policies and practices, including training
their employees.

Importance of data security IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Reputational advantage
• Dynamic threats paradigm
• Ongoing productivity

Critical data for organizations IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Customer Information
– The data associated to its customer should be of top most priority.
• Product Information
– Protecting information about the existing products and the products to be launched can be a high
priority thing for many organizations.
• Employee Information
– All the detailed personal information of the employees are in the possession of most of the
organizations.
• Company Information
– An organization has various critical data which it needs to protect.

Elements to consider for a better
security mechanism IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Cost
– The cost plays an important role.
• The Price of Disruption

– An organization must always go with the option which causes the least amount of disruption while
implementing data security mechanism.
• What is to lose
– Security needs of an organization must be of utmost priority if the business of this organization realize
on the trust of the customer.
• Where Potential Threat are

– An organization should always consider the biggest threat that their sensitive data faces.

Process (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Overview
– The data possessed by an organization is the most critical thing they need to protect
– There can be many reasons for the data getting lost like it can be deleted intentionally or un-
intentionally.
• Definition
– Data security refers to protective digital privacy measures that are applied to prevent unauthorized
access to computers, databases and websites. Data security also protects data from corruption. Data
security is the main priority for organizations of every size and genre.

Process (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

Process: Explanation IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Data security is a critical consideration for any organization.
• Data security is especially important for state agencies, where the public's trust is essential
for the efficient delivery of services.
• Security can be a significant investment, which adds to an already long list of administrative
duties.
• The focus behind data security is to ensure privacy while protecting personal or corporate
data.
• Data security deals with the protection of a database from any kind of actions or forces that
can be dangerous for the database.

Types of data security threats IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Malware Threats
– Malicious software or malwares refer to a broad category of software threats to any network and
systems, including viruses, Trojan horses, logic bombs and worms.
– The users in an organization needs help from them to decline these attacks and keep the systems in
their organization safe from any damage.
– Attacks like these can spread through the entire network and can be devastating to the systems
which are in the network.
– This is considered the largest worm infestation to date, and variants of it are still on the internet and
propagating.

Malware threat: Virus IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Virus
– A program written to change the operations of a computer, without the knowledge or the permission of
the user is a Virus.
– A computer system can be infected by a virus. It can be residing on a computer, but it may also be
damaging the data on the computer system’s hard-drive.
– The virus may also destroy the operating system of the computer and can spread to the other system
which are connected to that device.

Malware threat: Type of virus IBM ICE (Innovation Centre for Education)
IBM Power Systems

Malware threat: Type of virus (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Armored Virus
– This virus use protective course to cover themselves in order to deny disassemblers or debuggers to
examine their critical elements.
• Companion Virus
– This kind of virus creates a program within the system which has a different file name extension after
attaching to the programs which are legitimate.
• Macro Virus
– This virus exploit the applications which the programmer use to increase the application capability.
• Phage Virus
– The databases and the programs are altered and modified by a phage virus. All the files present on
the database are infected by this virus.

Malware threat: Type of virus (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Multipartite Virus
– As the name suggest, multipartite virus can attack a system in multiple manners.
• Polymorphic Virus
– This virus attacks a system by displaying a message and then starts to delete all the file that are on
the system.
• Retro Virus
– This type of virus is also knows as anti-antivirus as this virus tries to surpass the antivirus which has
been installed on the system.
• Stealth Virus
– This virus attaches to the hard-drive’s boot sector and redirects all the commands that are around it
when a system program or utility runs.

Malware threat: Trojan IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Trojan horses use the identity of other programs to enter a system or a network.
• A valid program can be replaced by a Trojan horse during its installation.
• After it has taken the identity of another program it would accomplish its mission to corrupt
the system.
• In case a Trojan horse is detected the whole program must be reinstalled immediately.

Malware threat: Adware IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Adware is a type of spyware used by marketers to track Internet user’s habits and interests.
• The information is then used to customize future advertisements directed to the user, or can
be sold to a third party for the same purpose.
• After it has taken the identity of another program it would accomplish its mission to corrupt
the system.
• In case a Trojan horse is detected the whole program must be reinstalled immediately.

Malware threat: Logic bomb IBM ICE (Innovation Centre for Education)
IBM Power Systems
• These malwares are executed when a certain event which is predefined occurs.
• The attack is not started by the bomb but the bomb only tells the attackers that the user to be
attacked has met the needed criteria and is in a state to attack.
• When a user is locked on to the internet, a logic bomb may send this information to the
attacker and inform the attacker about the files which the user is accessing.

Network based threats IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Network based threats that can cause huge harm.
• Securing the network is a major part of network security and management.
• There has been a huge increase in the number of hackers and other criminals creating
malicious threats over the last five years.

Network based threats: Botnet threat IBM ICE (Innovation Centre for Education)
IBM Power Systems
• They are number of Internet computers that have been set up to forward transmissions
(including spam or viruses) to other computers on the internet.
• This can prove to be major security threat as the network is acting as a center that is sending
malicious files to other systems.
• Cyber criminals consider botnets as one of their major tool to carry out a cyber-attack.
• HTTP and peer-to-peer channel technology are used now-a-days to create botnets.

Network based threats: Phishing IBM ICE (Innovation Centre for Education)
IBM Power Systems
• This threat lures the victim by showcasing the identity of a trustworthy public platform and
then all the critical credentials of the victim is retrieved.
• The incidents of phishing started to come in picture in 1995.
• Earlier, the phishers used to copy source codes from the AOL websites and then craft a page
which would look like a part of the website.
• Emails are used now-a-days to lure the victim.

Network based threats: Phishing process IBM ICE (Innovation Centre for Education)
IBM Power Systems

Network based threats: Phishing process
(1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Types of Phishing Process

– Clone Phishing: A cloned email is created by the phisher in this type of phishing attack to lure the
victim.
– Spear Phishing: A specific group is targeted by spear phishing whose members have something in
common between them.
– Phone Phishing: As the name suggests, this type of phishing is carried out using mobile phones.

Network based threats: Phishing process
IBM Power Systems
• Purposes of Phishing Scam

– Theft of login credentials
– Theft of banking credentials
– Observation of Credit Card details
– Postal address and other personal information
– Theft of confidential documents like trade secrets

Network based threats: Packet sniffing IBM ICE (Innovation Centre for Education)
IBM Power Systems
• A packet sniffer is a device or program that allows eavesdropping on traffic travelling

between networked computers.
• In a network, a packet sniffer can filter out personal information and this can lead to areas
such as identity theft.
• Packet sniffer can intercept and log traffic passing over a digital network or part of a network.
• As data streams travel back and forth over the network, the sniffer captures each packet and
eventually decodes it.

Network based threats: Identity theft IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Identity theft is when information which can only be identified personally is used by an
unauthorized party to assume the victim’s identity.
• Information such as address, credit card number, name or bank account number is used by
the attacker to commit frauds.
• There are many ways by which personal information of the victim can be stolen.

Network based threats: Identity theft
IBM Power Systems
• The Various ways are enlisted below:

– By stealing the victim’s purses and wallets.
– By stealing the victim’s mail.
– By completing a ‘change of address form’.
– By diving through the victim’s trash.
– By taking personal information of the victim available on the social networking sites.

Network based threats: Identity theft
IBM Power Systems
• Identity Theft (Contd.): After stealing the identity of a user, the unauthorized party can do
anything with the personal data that they will get access to.
• Usually following things can occur:

– Change their mailing address on their credit card account.
– Open new lines of credit.
– Establish phone services.
– Write bad checks on the victim’s name.
– Forge checks.
– Apply for auto loans.

Network based threats: Password attacks IBM ICE (Innovation Centre for Education)
IBM Power Systems
• This attack is carried out by determining or finding passwords.
• The networks and systems which are password protected can be exploited.
• Data available can be breached.
• This attack can be carried out online as well.

Network based threats: Hardware loss
and residual data fragments IBM ICE (Innovation Centre for Education)
IBM Power Systems
• It is one of the growing worry for organizations and government.
• For example: If a number of computer systems are stolen form a single bank then all the
details of the clients that were stored on those systems would be stolen.
• The attacker can then steal the identity of the client and can do frauds on a huge basis.
• The only method to keep hardware safe is by keeping them under proper surveillance.

Cryptographic threats IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Confidentiality of data is very important to maintain.
• Cryptographic threats can exploit the present loophole and can damage the confidentiality.
• Several high-profile laptop thefts have raised awareness about the dangers of storing large
quantities of personally identifying information without encrypting it.
• Even when encryption is used, threats to confidentiality still exist.

Cryptographic threats: Attacking the key IBM ICE (Innovation Centre for Education)
IBM Power Systems
• The Keys are attacked directly in this type of attack to determine its value.
• Commonly used passwords, a serial of different words or other combinations can be used by
an attacker to crack a password.
• A password can be broken by an attacker by using the information and access provided by
many of the manufacturers of operating systems.

Cryptographic threats: Attacking the
algorithm IBM ICE (Innovation Centre for Education)
IBM Power Systems
• The algorithms and programming instructions used for data encryption are at risk as well.
• A program might not be made secure by an algorithm if error is not corrected.
• Back doors are available in many algorithms which can be used to attack the algorithm.
• A security exposure of significant measure may exist if a weakness is discovered in the

programming.

Cryptographic threats: Intercepting the
transmission IBM ICE (Innovation Centre for Education)
IBM Power Systems
• The attackers may gain information inadvertently about the systems of encryption that are in
use.
• A major problem in this situation of security is human error.
• A security system can be undermined by someone unintentionally as well.

Cryptographic threats: Code-breaking
techniques IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Frequency Analysis
• Algorithm Errors
• Exploiting Human Error

Cryptographic threats: Birthday attack IBM ICE (Innovation Centre for Education)
IBM Power Systems
• An attack which is targeted at a key is a birthday attack.
• For Example: There will be a likely probability that if there are 25 people sitting in a room, at
least two of them will have their birthdays on the same date.
• Likewise if one key of an organization is determined, then there is a possibility that some
other key will resemble the determined key.
• This attack is based on probability of occurrence.

Cryptographic threats: Weak key attack IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Passwords which are common in nature are used by many people. This threat exploits this
loophole.
• The hash value resulting from the key will be very easy to guess if the length of the key is
short.
• The passwords must be made more complicated to mitigate this threat.

Cryptographic threats: Mathematical
attack IBM ICE (Innovation Centre for Education)
IBM Power Systems
• These kinds of attacks are basically focused on the following things:

– The algorithm of encryption.
– Any potential weakness area or the key mechanism.
– To determine the operation of the system, statistical analysis and mathematical modeling is used by
these attacks.
– Interception of huge amount of data.
– Attempting to decrypt the message methodically.

Database security threats IBM ICE (Innovation Centre for Education)
IBM Power Systems
• The database infrastructure of any organization faces a huge array of threats.
• Critical information stored on the database makes it a target for the cyber criminals.
• Cyber criminals can earn a huge amount of profit by breaching the databases of an
organization.

Database security threats: Excessive
privilege abuse IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Sometimes employees are granted privileges for accessing the database above the
requirements of their job role.
• These excessive privileges can be misused by them.
• For example: An administrator of a university can be given excessive privilege that he can
update or change grades of the students. The administrator can take advantage of this
situation and can change the grades of the students who he dislikes.

Database security threats: Legitimate
privilege abuse IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Database can be misused by the authorized employees for unauthorized purposes.
• For example: A worker is not happy with the management of the healthcare firm for some
reason and thus he takes revenge by retrieving and saving some of the records of the
patients. In this way the data can be misused.
• Storing a huge amount of data on the system can create this threat as well.

Database security threats: Privilege
elevation IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Attackers can convert the privileges associated to access.
• They take advantage of the vulnerabilities that are existent on the database platform
software.
• These vulnerabilities can be found in implementation of the protocol, SQL statements etc.
• For example: At a financial institution a software developer can take advantage of a function
which is vulnerable and gain access to the privileges of the database administrator.

Database security threats: SQL Injection IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Unauthorized statements are injected in the database.
• The targeted databases include input parameter of web applications.
• The entire database can be accessed by SQL injections.

Database security threats: Hopscotch IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Hopscotch is a game often played by cyber criminals.
• Hopscotch is a process where a weakness is first identified by the attacker and then used as
a leverage for some more attack.
• This process is repeated until the attackers reach the backend of the database system.
• For example: Hackers use worms to find their way around the accounts department of the
organization and then they hit the processing area associated with the credit cards.

Database security threats: Stolen
database backups IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Insiders as well as external attackers both pose a potent threat.
• These stealing activities are done for profit, money or simply to take revenge.
• Modern organizations face this problem daily.
• Encrypting the database backups is the only way to mitigate this type of threat.

Banking fraud threats (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• A bank customer is a potential target for fraud activities.
• Many of a customer’s vital information is available with the bank that can be breached.
• There are mainly 3 types of bank fraud threats:

– Electronic fraud
– Credit/debit card fraud
– Cheque fraud

Banking fraud threats (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

Banking fraud threats: Electronic fraud IBM ICE (Innovation Centre for Education)
IBM Power Systems
• This fraud is carried out by making the customer to an authentic looking but actually fake
website and give in their account details.
• This process falls in the category of electronic frauds.
• Another method is to send a security message and advice the customer to install software
that will check viruses and also remove them.

Banking fraud threats: Credit and debit
card fraud threat IBM ICE (Innovation Centre for Education)
IBM Power Systems
• In this type of threat, the debit or credit card of a customer is reproduced.
• Skimming is the common term given to these kinds of crime.
• The cards can also be intercepted while it is being sent to someone else or in other words it
is in transit.
• The cards can also be misused by a merchant who undertakes transactions of a duplicate
nature on the customer’s card.

Banking fraud threats: Cheque fraud
threat IBM ICE (Innovation Centre for Education)
IBM Power Systems
• This involves making the unlawful use of cheques.
• Following are ways by which cheque fraud can be executed:

– Cheque is altered without having any authority.
– Cheques are first stolen and then they are altered.
– Cheques are duplicated or counterfeited.
– False invoices are used to get access to the Cheques which are legitimate.
– Cheques are deposited into the account of third party without any authority.
– Cheques are deposited for payments with having the knowledge that funds in the account are
insufficient for the transaction.

Web-application threats IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Malicious users can gain unauthorized access to the web-application and exploit a
vulnerability.
• Many internet servers are constantly in vulnerability probe.
• Thus security measures must be built around the web application of an organization.

Web-application threats: Spoofing IBM ICE (Innovation Centre for Education)
IBM Power Systems
• In this attack, the identity of a process or a user is impersonated.
• Credentials of different users are typed in a spoofing attack..
• If authentication which are stringent in nature is used, then spoofing attacks can be mitigated.
• It must be made sure that the request which comes from a non-public domain is using the
identity of their own.

Web-application threats: Tampering IBM ICE (Innovation Centre for Education)
IBM Power Systems
• To change or delete a resource without having the rights.
• For example: A web page is defaced by an attacker who gets onto the site of the organization
and changes the files which are existing.
• Exploiting the script of a website is an indirect way to carry out a tampering attack.
•
• The script is also used as a link and sent to the user.

Web-application threats: Repudiation IBM ICE (Innovation Centre for Education)
IBM Power Systems
• The credentials of a user is impersonated.
• By using authentication which is stringent in nature, computing systems and web application
can be guarded against this type of attack.
• Windows features of logging must be kept on an audit trail.

Web-application threats: Information
disclosure IBM ICE (Innovation Centre for Education)
IBM Power Systems
• This simply means to steal or to reveal data which is private and should not be breached.
• For example: To steal the password of a system or to disclose the information which involves
file access or access to a server.

Web-application threats: Fuzzing IBM ICE (Innovation Centre for Education)
IBM Power Systems
• To enter unexpected values in an application and cause the application to crash is fuzzing.
• When that happens, it may be possible for the user to be left with elevated privileges or
access to values they should not have.
• Those values can be unexpected, invalid or random.

Physical security threats (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• There are numerous physical threats which can disrupt the physical security.
• Physical security deals with intruders, physical destruction, theft, vandalism and
environmental issues etc.
• The view of the security professionals changes when they look at network security and
physical security.
• For securing the network they concentrate on the modem, wireless access point etc.

Physical security threats (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Natural Disaster
• Supply System Threats
• Man-Made Threat
• Political Threat

Wireless network security threat (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Wireless LANs increase the risk of wireless network attacks in almost every environment.
• When a wireless network is deployed, it does not require any real physical access and can
be exploited and manipulated easily.
• Computer hacking affect organizations in a variety of ways.

Wireless network security threat (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

Wireless network security threat: Rogue
access point/Ad-Hoc networks IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Attackers can make users to trust their legitimate devices to be connected to an access
point.
• This rogue access point is setup by attackers when they target an existing wireless LAN.
• The physical access takes care of the issue of the short life-time of vulnerability.

Wireless network security threat: Denial
of service IBM ICE (Innovation Centre for Education)
IBM Power Systems
• This attack denotes very limited access toward services.
• A target is specified and traffic is directed its way.
• This is another way for limiting access to services apart from targeting traffic.
• This technique works if the LAN works on a 2.4GHz band.

Wireless network security threat:
Configuration problems IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Grade access points are shipped with no security configuration, which causes configurations
complexities.
• These devices can be configured by any amateur user to gain access.
• Weak security deployments, weak passphrases and using default SSID are other issues that
increase risks.

Wireless network security threat:
Passive capturing IBM ICE (Innovation Centre for Education)
IBM Power Systems
– The listening and capturing of data.
– Non-secured traffic can be analyzed or current security settings can be broken.
– High security measures can be implemented to provide a higher level of security.

Bluetooth devices threats (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Bluetooth was officially approved in the summer of 1999.
• Bluetooth offers several benefits and advantages, but the benefits are not provided without
risk.
• Bluetooth security includes authorization, authentication and optional encryption.

Bluetooth devices threats (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems

Bluetooth devices threats: Blue-jacking IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Messages which are unsolicited in nature or business cards are sent by an attacker to a
Bluetooth-enabled device.
• Bluejacking resembles phishing attacks and spams carried out against users who use e-
mails.
• Bluetooth device owners should be aware that a variety of social engineering attacks may be
caused where it manipulates user into performing actions or divulging confidential
information.

Bluetooth devices threats: Blue-snarfing IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Connections are forced to a device which has Bluetooth feature in it, in order to access data
in it.
• The IMEI number stored in the phone’s memory is used to divert calls.
• It is much more malicious compared to bluejacking.

Bluetooth devices threats: Blue-bugging IBM ICE (Innovation Centre for Education)
IBM Power Systems
• This method was developed after the onset of bluejacking and bluesnarfing.
• Attackers access a Bluetooth device remotely.
• The features are used in examining calendars, reading the phonebooks, connecting to
Internet, placing calls etc.

Bluetooth devices threats: Blue-smack IBM ICE (Innovation Centre for Education)
IBM Power Systems
• This is a DOS attack for Bluetooth.
• Device is overcome by generating excessive requests.
• These requests generated are malicious in nature which causes the devices to be in an
inoperable state.

Data threats in modern era IBM ICE (Innovation Centre for Education)
IBM Power Systems
• The hostile nature of people has been found lower and the data security threats have
increased.
• Facebook scams have gone out of hand.
• Shellshock and Heartbleed and super mega retail breaches.

Data threats in modern era: Cloud
disaster IBM ICE (Innovation Centre for Education)
IBM Power Systems
• All the organizations are rushing to the cloud and are over dependent on it.
• There were some serious breaches in cloud computing in the year 2014.
• Amazon was forced to reboot its EC2 instances due to the Xen bug.

Data threats in modern era: Threats
associated to application security IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Different applications were affected.
• The personal information and the privacy of 7 million online application users were violated in
the year 2014.
• Millions of Dropbox account credentials were breached.

Data threats in modern era: IoT security
threats IBM ICE (Innovation Centre for Education)
IBM Power Systems
• IoT devices are exposed to the same attacks as other Internet-connected devices, such as
denial-of-service attacks etc.
• One major IoT attack disclosed recently was found by Akamai Technologies Inc.
• Researchers reported distributed denial-of-service (DDoS) attacks that started using insecure
IoT device configurations.

Data threats in modern era: Shellshock IBM ICE (Innovation Centre for Education)
IBM Power Systems
• The Shellshock Unix/Linux Bash security hole affected almost half of the websites on the
internet.
• UNIX, Linux and Mac servers were an easy attack for malware as Shellshock.
• Mail servers were affected on these servers and the bug, which had been in Bash Shell for
around 20 years.

Data threats in modern era (6 of 6) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Heartbleed
– Sensitive data (like passwords and encryption keys) are at risk.
– A hacker can easily get his hands on confidential information.
– The data can be swiped, leaving no track or trace.

Benefits of data security (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Confidentiality, integrity and availability of data is maintained.
• It is made sure that the vital data is not misused.
• Data security can make an organization’s data secure.

Benefits of data security (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
• Critical Information Protection
• Reduce Costs of Development
• Software Interoperability
• Meeting Current Standards

Checkpoint (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
Multiple choice questions:

1. Bluebugging is associated to which wireless device?
a) Infrared
b) Wi-Fi
c) Bluetooth
d) ZigBee
2. Which bug forced Amazon reboot its EC2 instances?

a) Xen bug
b) Shellshock bug
c) Heartbleed bug
d) Software bug
3. The art of manipulating people so they give up confidential information is called?

a) Hacking
b) Social engineering
c) Packet Sniffing
d) Phishing

Checkpoint solutions (1 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
Multiple choice questions:

1. Bluebugging is associated to which wireless device?
a) Infrared
b) Wi-Fi
c) Bluetooth
d) ZigBee
2. Which bug forced Amazon reboot its EC2 instances?

a) Xen bug
b) Shellshock bug
c) Heartbleed bug
d) Software bug
3. The art of manipulating people so they give up confidential information is called?

a) Hacking
b) Social engineering
c) Packet Sniffing
d) Phishing

Checkpoint (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
Fill in the blanks:
1. Frequency Analysis is included in _______technique.

2. A resource is changed or deleted without authorization in ______.
3. ________technique values and actions are inserted unexpectedly as an application’s input
to crash it down.
4. _______ is a cryptographic threat.
True or False:
1. Polymorphic is a virus.
2. Botnets is a network based threat.
3. Data security can make an organization’s data secure.

Checkpoint solutions (2 of 2) IBM ICE (Innovation Centre for Education)
IBM Power Systems
Fill in the blanks:
• Frequency Analysis is included in Code-breaking technique.

• A resource is changed or deleted without authorization in Tampering.
• Fuzzing technique values and actions are inserted unexpectedly as an application’s input to
crash it down.
• Birthday Attack is a cryptographic threat.
True or False:
• Polymorphic is a virus. True

• Botnets is a network based threat. True
• Data security can make an organization’s data secure. True

Unit summary IBM ICE (Innovation Centre for Education)
IBM Power Systems
Having completed this unit, you should be able to:
• Understand the background of Data Security
• Understand the various associated threats
• Understand the concept of different threats associated with Data Security

Unit 1 and 2

Uploaded by

Copyright:

Available Formats

Unit 1 and 2

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Unit 1 and 2

Uploaded by

Copyright:

Available Formats

IBM ICE (Innovation Centre for Education)

© Copyright IBM Corporation 2015 9.1

After completing this unit, you should be able to:

• Understand the background of Data Security

• Understand the various associated threats

• Understand the concept of different threats associated with Data Security

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• Variable Annuity Life Insurance Co.

© Copyright IBM Corporation 2015

• An organization cannot run without a proper data security mechanism in place.

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• Dynamic threats paradigm

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• The Price of Disruption

• Where Potential Threat are

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• Data security is a critical consideration for any organization.

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• A valid program can be replaced by a Trojan horse during its installation.

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• Network based threats that can cause huge harm.

• Securing the network is a major part of network security and management.

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• The incidents of phishing started to come in picture in 1995.

• Emails are used now-a-days to lure the victim.

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• Types of Phishing Process

© Copyright IBM Corporation 2015

• Purposes of Phishing Scam

– Theft of banking credentials

– Observation of Credit Card details

– Postal address and other personal information

– Theft of confidential documents like trade secrets

© Copyright IBM Corporation 2015

• A packet sniffer is a device or program that allows eavesdropping on traffic travelling

© Copyright IBM Corporation 2015

© Copyright IBM Corporation 2015

• The Various ways are enlisted below:

© Copyright IBM Corporation 2015

• Usually following things can occur:

© Copyright IBM Corporation 2015

• This attack is carried out by determining or finding passwords.

• Data available can be breached.

• This attack can be carried out online as well.