IT security threats and cryptography
Table of Contents
Types of threat......................................................................................................................................3
Internal threats..................................................................................................................................3
External threats.................................................................................................................................5
Physical threats..................................................................................................................................6
Software Threats................................................................................................................................7
Social Engineering................................................................................................................................10
Computer network-based threats.......................................................................................................12
Passive Network Threats..................................................................................................................12
Active Network Threats...................................................................................................................13
Cloud Computing: Specific threats.......................................................................................................16
Information security............................................................................................................................17
Confidentiality.................................................................................................................................17
Availability.......................................................................................................................................18
Integrity...........................................................................................................................................19
Legal requirements..........................................................................................................................20
Data Protection Act 2018 - General Data Protection Regulation (GDPR).............................................20
Computer Misuse Act 1990.............................................................................................................22
Copyright designs and patents Act 1988..........................................................................................23
The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations
2000.....................................................................................................................................................24
Fraud act 2006.................................................................................................................................25
Legal Liability and contractual obligations.......................................................................................26
Impact of security breaches A5........................................................................................................27
Operational impact..........................................................................................................................28
Financial impact...............................................................................................................................29
Damaged reputation........................................................................................................................30
Legal implications............................................................................................................................31
Forensic research.............................................................................................................................32
Cryptography: Securing and protecting data.......................................................................................33
Principles and uses of cryptography................................................................................................33
Digital Rights Management (DRM)..................................................................................................33
Password storage.............................................................................................................................34
Two-factor authentication...............................................................................................................35
1
, Obfuscation and steganography......................................................................................................36
Secure transactions..........................................................................................................................36
File, folder, disk encryption..............................................................................................................37
Encryption of communication data..................................................................................................37
Legal and ethical issues....................................................................................................................37
Computational hardness assumption..............................................................................................37
Methods of cryptography................................................................................................................38
Shift ciphers and one-time pads......................................................................................................38
Hash function...................................................................................................................................39
Stream and Block Ciphers................................................................................................................40
Cryptographic primitives..................................................................................................................41
Cryptographic salts..........................................................................................................................41
Encryption algorithms......................................................................................................................42
Integer Factorisation........................................................................................................................43
Applications of cryptography...............................................................................................................44
Symmetric key encryption...............................................................................................................44
Public Key Encryption......................................................................................................................45
Diffie-Hellman key exchange...........................................................................................................46
Digital certificates............................................................................................................................47
Hyper Text Transfer Protocol Secure (HTTPS)..................................................................................48
Virtual Private Networks (VPNs)......................................................................................................48
Generic Routing Encapsulation (GRE)..............................................................................................49
WIFI network encryption.................................................................................................................49
Conclusion...........................................................................................................................................50
2
,Types of threat
There are several dangers that, if they emerge, have the ability to threaten our servers and
computer systems. They consist of the following:
Internal threats
Threats which come from within the organisation are called ‘internal’. Employees may
download or upload files that are infected with malware or connect a personal device, such
as a laptop that may be infected with malware or viruses, to the organization's network or
Wi-Fi. Although the system may be put at risk by these situations unintentionally, any harm
or theft of data by employers who may be seeking retaliation for how they believe they
have been mistreated by an organisation is considered an "intentional" threat.
New city College operate a simple policy when it comes to using equipment and computers
inside of their establishment. It states that students will need to use their own devices
which are not linked to the College’s network or internet connection in order to browse the
internet privately (BYOD). Moreover, when using the colleges equipment and computers,
search is monitored to ensure that members inside of the college are not looking at
inappropriate content that could potentially pose a risk to the College. As well as the
colleges legal obligation to safeguard their students. All students sign with the agreement to
the college’s policy on enrolment to the college.
This type of system could be implemented at your
company because it would allow workers to
complete tasks using their own devices, while
signing the policy would safeguard the IT
infrastructure of the business because, if followed,
there would be no internal threat posed by worker
use of personal devices.
The unintentional disclosure of data is another example of an internal threat. This might
involve employees leaving their computers unlocked when they are not using them, making
it simple for someone to walk by and access that data as it is not restricted and has been
3
, clearly shown to them—even if the employee hadn't intended for it to happen. This type of
vulnerability also includes leaving paper documents lying around the office because there is
no password security on them, which makes it simple for someone to view data. These two
dangers may not have been intended, but they could result in data harm since the person
who discovered the material could abuse it.
Any business that deals with money, is an example of one that could be a target of such
threats; these threats would most likely take the form of fraud or theft. Employers might
attempt to take advantage and utilise the money for their own reasons if they had legal
access to the financial information. With the help of newly updated strict laws for data
processing and storage: GDPR (General Data Protection Regulation) tries to secure people's
data, including bank card information. These new regulations are intended to prevent
individuals from bypassing security measures and gaining access to people's data for illegal
purposes.
Along with the use of file sharing apps, unsafe habits including accessing suspicious websites
and using external flash storage present an internal threat. Although unintentional,
accidental loss poses a concern because the data would be lost or corrupted.
4
Table of Contents
Types of threat......................................................................................................................................3
Internal threats..................................................................................................................................3
External threats.................................................................................................................................5
Physical threats..................................................................................................................................6
Software Threats................................................................................................................................7
Social Engineering................................................................................................................................10
Computer network-based threats.......................................................................................................12
Passive Network Threats..................................................................................................................12
Active Network Threats...................................................................................................................13
Cloud Computing: Specific threats.......................................................................................................16
Information security............................................................................................................................17
Confidentiality.................................................................................................................................17
Availability.......................................................................................................................................18
Integrity...........................................................................................................................................19
Legal requirements..........................................................................................................................20
Data Protection Act 2018 - General Data Protection Regulation (GDPR).............................................20
Computer Misuse Act 1990.............................................................................................................22
Copyright designs and patents Act 1988..........................................................................................23
The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations
2000.....................................................................................................................................................24
Fraud act 2006.................................................................................................................................25
Legal Liability and contractual obligations.......................................................................................26
Impact of security breaches A5........................................................................................................27
Operational impact..........................................................................................................................28
Financial impact...............................................................................................................................29
Damaged reputation........................................................................................................................30
Legal implications............................................................................................................................31
Forensic research.............................................................................................................................32
Cryptography: Securing and protecting data.......................................................................................33
Principles and uses of cryptography................................................................................................33
Digital Rights Management (DRM)..................................................................................................33
Password storage.............................................................................................................................34
Two-factor authentication...............................................................................................................35
1
, Obfuscation and steganography......................................................................................................36
Secure transactions..........................................................................................................................36
File, folder, disk encryption..............................................................................................................37
Encryption of communication data..................................................................................................37
Legal and ethical issues....................................................................................................................37
Computational hardness assumption..............................................................................................37
Methods of cryptography................................................................................................................38
Shift ciphers and one-time pads......................................................................................................38
Hash function...................................................................................................................................39
Stream and Block Ciphers................................................................................................................40
Cryptographic primitives..................................................................................................................41
Cryptographic salts..........................................................................................................................41
Encryption algorithms......................................................................................................................42
Integer Factorisation........................................................................................................................43
Applications of cryptography...............................................................................................................44
Symmetric key encryption...............................................................................................................44
Public Key Encryption......................................................................................................................45
Diffie-Hellman key exchange...........................................................................................................46
Digital certificates............................................................................................................................47
Hyper Text Transfer Protocol Secure (HTTPS)..................................................................................48
Virtual Private Networks (VPNs)......................................................................................................48
Generic Routing Encapsulation (GRE)..............................................................................................49
WIFI network encryption.................................................................................................................49
Conclusion...........................................................................................................................................50
2
,Types of threat
There are several dangers that, if they emerge, have the ability to threaten our servers and
computer systems. They consist of the following:
Internal threats
Threats which come from within the organisation are called ‘internal’. Employees may
download or upload files that are infected with malware or connect a personal device, such
as a laptop that may be infected with malware or viruses, to the organization's network or
Wi-Fi. Although the system may be put at risk by these situations unintentionally, any harm
or theft of data by employers who may be seeking retaliation for how they believe they
have been mistreated by an organisation is considered an "intentional" threat.
New city College operate a simple policy when it comes to using equipment and computers
inside of their establishment. It states that students will need to use their own devices
which are not linked to the College’s network or internet connection in order to browse the
internet privately (BYOD). Moreover, when using the colleges equipment and computers,
search is monitored to ensure that members inside of the college are not looking at
inappropriate content that could potentially pose a risk to the College. As well as the
colleges legal obligation to safeguard their students. All students sign with the agreement to
the college’s policy on enrolment to the college.
This type of system could be implemented at your
company because it would allow workers to
complete tasks using their own devices, while
signing the policy would safeguard the IT
infrastructure of the business because, if followed,
there would be no internal threat posed by worker
use of personal devices.
The unintentional disclosure of data is another example of an internal threat. This might
involve employees leaving their computers unlocked when they are not using them, making
it simple for someone to walk by and access that data as it is not restricted and has been
3
, clearly shown to them—even if the employee hadn't intended for it to happen. This type of
vulnerability also includes leaving paper documents lying around the office because there is
no password security on them, which makes it simple for someone to view data. These two
dangers may not have been intended, but they could result in data harm since the person
who discovered the material could abuse it.
Any business that deals with money, is an example of one that could be a target of such
threats; these threats would most likely take the form of fraud or theft. Employers might
attempt to take advantage and utilise the money for their own reasons if they had legal
access to the financial information. With the help of newly updated strict laws for data
processing and storage: GDPR (General Data Protection Regulation) tries to secure people's
data, including bank card information. These new regulations are intended to prevent
individuals from bypassing security measures and gaining access to people's data for illegal
purposes.
Along with the use of file sharing apps, unsafe habits including accessing suspicious websites
and using external flash storage present an internal threat. Although unintentional,
accidental loss poses a concern because the data would be lost or corrupted.
4
