2. Attacks Viruses, Worms, Trojans Spam, Adware, Malware, Phishing Hacking is the intentional use of a computer resource without authorization or in excess of authorization. Denial-of-service (DoS) attacks overload victim servers so that they cannot serve users.
3. Attackers Traditional hackers were curiosity driven. Today’s hackers are criminals that dominate the attack world. On the horizon, cyberterror attacks by terrorist and cyberwar attacks by foreign governments could cause unprecedented levels of damage.
4. Security Management Security is primarily a management issue, not a technical issue. Risk Analysis – balancing cost and benefits of protection Comprehensive Security – Closing all avenues of attacks
5. Access Control Identify and list each asset Rate the sensitivity of each asset in terms of security risk Access Control Plan. Also called Triple AAA. Authentication, Authorization, and Auditing
6. Firewalls, IDSs, and IPSs Firewalls examine packets passing through the firewall. Intrusion Detection Systems (IDS) are designed to detect suspicious traffic. Intrusion Prevention Systems (IPS) are used to recognize complex attacks. It helps prevent false positives.
7. Host Hardening and Vulnerability Testing Servers can be hardened by having vulnerabilities patched Vulnerability Test should be conducted by attacking the network (with permission) , in order to identify security weaknesses. http://www.youtube.com/watch?v=MJNJjh4jORY