ambassador - a representative or promoter of a specified activity. or accredited diplomat sent by a state as its permanent representative in a foreign country. explicit- clear, direct, plain, obvious, straightforward, clear-cut, disgruntled - angry or dissatisfied. espionage - spying, undercover work, cloak-and-dagger activities, surveillance, reconnaissance, intelligence, eavesdropping, infiltration, cyberespionage, counter-espionage, counter-intelligence. eg sony, fox, Lockheed Martin intensified- escalate, step up, boost, increase, raise, sharpen, strengthen, augment, add to, concentrate, reinforce counterfeit- faked, copied, forged, feigned, simulated, sham, spurious, bogus, imitation pervasive- present everywhere, widespread, general, common, extensive solicit - ask for, request, apply for, put in for, seek, beg pertinent - relevant, to the point, appropriate, suitable, fitting, fit, apt, applicable, apposite articulate - messi - epigama- cliche - impediment - hindrance, block, chain, clog, cramp, crimp, deterrent, drag, embarrassment, encumbrance, fetter, handicap, hindrance, holdback, hurdle, inhibition, interference, let, manacle, obstacle, obstruction, shackles, stop, stumbling block, trammel fragile - easily broken or damaged exonerate - release, discharge, relieve, free, liberate fumbled - feel about, search blindly, scrabble around, muddle around hacking activities born in 1971 ------------------------------- john draper, alias captain Crunch, developer blue box "phone phreaking" 1980 - The PHIRM (published guides for breeching systems) ---------------------------------------------------------- * march 1986 Dark Creeper of the PHIRM - how to get anything on anybody. * 1989 Bank of america's home banking system is hacked. after scrutiny and arrests, the hacking group disbanded. * 1988 Robert Morris Launched a worm on ARPANET, morris took down 6,000 govt and university system. he was discharge from cornell , served three years probation, and was fined $10,000. Soon after that cyber crime became Intensified in response, DARPA creats CERT(Computer emergency response team) * 1989 congrss passed "Computer Fraud and abuse Act" - Criminalized hacking into computer system * 1993 The First DEFCON Conference took place for the first time in Las Vegas. right after that internet become public. " In May 2000 "I LOVE you" Virus released also called Love Bug , it sent as an email attachment, auto forwarded to entire ms address book, Destroyed many file types, it considered as one of the most destructive worms in history. *after the attack of 9/11 the department of homeland security was created and responsible for protecting the US IT infrasture, one of the key component is the - EINSTEIN Program & IDS www.dhs.gov/einstein despite the pervasiveness of firewall , IDS /IPS anti-malware and layered security technoloy attackers are able to penetrate fedral data. vulnerablity provide attack vectors; 1)configuration errors, 2) Unpatached system, 3)Human errors, 4)Software flaws Human Expertise Needed - _______________________ * ethical hacking - important element in a security plan, provide a mechanism to test systems, identifies and addresses vulnerablities attack vector - is a mechanism to test the system by which someone gain un-lawfull entry to a system. eg - email , wirless, automobile , user the goal is to deliver malicious payload or malicious acts by taking advantage of vulnerabilities to gain entry. MORE Aggressive attacks- trojan horses, rootkits, and spyware. * Webpages and popups take advantages of browser to access programs like javaScript, ActiveX, and macros. * Umbrella term for malicious software including virus, worms, & trojan horses, Ransomware, spyware delivered via script, programs, or active content animated gifs embedded objects, activeX two main types of malware are Viruses and worms. virus:- self replicated and infects sysytem can be minor or debilitating ,spreads across systems by piggybacking on other transmissions worms:-spreads without any help can replicate throughout a system ,consumes memory and processing types of attack : bruteforce - try all possible combinations, dictionary attack is a subset of brute force. reconnaissance :- passive attack, sniffing and scanning Denial od service - use to distrupte a service many request so that Legitimate users are locks out. example SIP session initiation protocols - sets up, maintains, and ends sessions for protocols such as voip and IM A SIP flood - sends thousands of requests to a server, floodings the client to take down the service. define /hacker - the word hacker is first used at MIT in 1960 , anyone who would "hack" at a problem or issue. Black hat hacker- or bad guys also referred to as a "cracker" they involves in criminal activitiy and operate the dark web. also they have a large arsenal(weapons) of software tools, malware and social engineering techniques used to breech the system. white hat hacker - or ethical hackers or good guys support govt. and industry, test the system and do penetration testing, look for vulnerabilities gray hat hack - they try to access system without permission but in gernal without malice (harm), try to find vulnerablities to gain unauthorized access notify target thet their system is vulnerable. protection techniques includes spam filters, packet shapers, and honeypots, Network isolation using VLANS, NAT(network address translation)and encryption access control - ensure that only authorized individuals gain access to resource. contingency planning- incident vs disater: incident - disrupts day to day activities (unplanned) disater:- large scale involves multiple agencies (weeks or months for recovery) incident = disaster, if left unchecked Respond Quickly to prevents escalation of a problem Several guidelines to follow :- this are also business needs and well- defined standards. TOGAF- The open Group architecture framework ITIL - Information Technology Infrastructure Library COBIT- Control Objectives for Infromation and Related technology