BASIC SECURITY

Keep Your Privacy Secure
With

BASIC SECURITY

One single vulnerability
is all an attackers need

WRITERS :

RROODDZZIIAAHH BBIINNTTII IIBBRRAAHHIIMM
MMOOHHAAMMAADD AAZZUUAANN BBIINN MMOOHHAAMMEEDD AARRSSHHAADD

NNOORRHHAAYYAATTII BBIINNTTII IISSMMAAIILL

Published by :

Department of Information Technology and Communication,
Politeknik MeTro Tasek Gelugor
No. 25, Jalan Komersial 2
Pusat Komersial Tasek Gelugor 13300 Tasek Gelugor
Pulau Pinang, Malaysia

[email protected]

Tel : 04-5732789 | Fax : 04-5732087
Official Website : https://www.pmtg.edu.my/mypoliteknik

©Department of Information Technology and Communication,
Politeknik METrO Tasek Gelugor

1st Print 2022
eISBN 978-967-2744-05-4

All rights reserved. No part of this publication may be reproduced, stored for
production or converted into any form or by any means, whether by electronic
means, photographs and recordings etc. without the written permission of the
Director of Politeknik MeTro Tasek Gelugor

BASIC SECURITY

PREFACE

BASIC SECURITY (BS) course provides a foundation in
the basic information knowledge and skills necessary
for ICT professionals. Students are exposed to the
principles and good practices in environmentally
sustainable secured computing and the use of
appropriate tools and technologies in managing the
information security environment. Information
Security (DFS30023) is part of the student’s
curriculum for DDT courses in the Polytechnic
Malaysia system. This publication aims to provide
students with support and easy-to-understand
material that is also suitable for public reading.

All three lecturers that contributed to this collection
of notes are well-versed in information security and
have more than 10 years of experience as lecturers.
The compilation in this book is arranged to meet the
reading needs of students taking this subject.

Let us hope this effort will benefit the students and
encourage them to further their knowledge of
information security.

The Authors

ABSTRACT

Information security is a set of practices designed to
keep personal data secure from unauthorized access
and alteration during storing or transmitting from one
place to another. Information security is designed and
implemented to protect the print, electronic and other
private, sensitive and personal data from unauthorized
persons. It is used to protect data from being misused,
disclosure, destruction, modification, and disruption. It
is important to keep the communication between the
academic department and students running during
the lockdown and to continue to support students by
providing access to learning resources. eBook
represent a practical resource for students since it can
be downloaded to any mobile device and ready
anywhere. With remote online learning, this eBook is a
practical resource for academic department and
students of Information Security course. BASIC
SECURITY is an ebook that provides a foundation in the
basic Information knowledge and skills necessary for
ICT professionals. Students are exposed to the
principles and good practices in environmentally
sustainable secured computing and the use of
appropriate tools and technologies in managing IS
environment. This e book covers a basic chapter for
information security.

TABLE OF CONTENTS

CHAPTER 1 Introduction to Information System
1.1 What is Security ?....................................................................... 1

1.1.1 Challenge in Information Security ..................................... 1

1.2 What is Information Security ...................................................... 3
1.2.1 Securing Component..........................................................4
1.2.2 Areas in Information Security..............................................5

1.3 Physical Security ........................................................................5
1.4 Operational Security....................................................................6
1.5 Management & Policies...............................................................7
1.6 Information Security Goals..........................................................7
1.7 Information Security Organisation...............................................8
1.8 Security Issues in Information Security.......................................9

1.8.1 Attack Definition...............................................................10
1.8.2 Attacker Profiles...............................................................12
1.8.3 Basic Attacks....................................................................14
1.8.4 Malicious Code - Malware ...............................................17
1.8.5 Security Threats...............................................................19

1.9 Information Security Career......................................................20
1.10 Summary.................................................................................21

CHAPTER 2 Network Environment
2.1.1 Identify the key elements in a network:
a. Nodes ......,......,....................................,.............................22
b. Network Backbone..................,..........................................25
c. Segments..................,........................................................
d. Subnets..................,...........................................................26
2.1.2 Describe categories and function of gateways...............27
2.2 Trace protocol analysis..................,..................................
2.2.1 Identify problem related to TCP..................,...................29
a. Packet replication..................,............................................29
b. Checksum error..................,...............................................29
c. Bottleneck Bandwidth..................,.......................................30
d. Packet Loss..................,......................................................30
2.2.2 Describe IP datagram:..................,..................................32
a. Maximum Transfer Unit (MTU)..................,.........................
b. Fragmentation..................,.................................................
c. Encapsulation..................,.................................................
2.2.3 Explain modes in Encapsulating Security Payload
(ESP):......................................................................................
a. Tunnel Mode..................,....................................................
b. Transport mode ESP..................,........................................

CHAPTER 3 Web and Application Security
3.1 Recognize application security.........................................35
3.1.1 Identify application threats and countermeasures.........36
3.1.2 Describe features to secure web application:................36
authentication and authorization.
3.1.3 Identify threat modeling for web applications:...............40
a. Security Objectives
b. Application Overview
c. Decompose Application
d. Threats
e. Vulnerabilities
3.2 Trace web security ..........................................................40
3.2.1 Show common security threats on web ........................40
3.2.2 Trace web-based solution using tools for :....................41
a. Stinger ..............................................................................41
b. Cwshredder ......................................................................41
c. Microsoft Anti-spyware Software ......................................41
3.3 Recognize e-mail security................................................42
3.3.1 How e-mail works......................................................... 42
3.3.2 Identify the important elements of e-mail: MUA,
MTA, MDA, MRA. ..................................................................43
3.3.3 E-mail encryption and authentication............................44
3.3.4 Common email protocol:...............................................46
a. MIME/Secure MIME
b. Pragmatic General Protocol
c. SMTP
d. POP and IMAP
3.3.5 Risk related to e-mail security......................................46
3.3.6 Summary......................................................................47
Reference .............................................................................48

CHAPTER 1

INTRODUCTION TO
INFORMATION
SYSTEM



9

LEARNING OUTCOMES

The student should be able to:

 UISnnefdocerumrrsittayatni:odn  Uofnodnelrisnteansedctuhreitiyss: ues
sieInsTrsfvSeouiercremcmesusiarnreitotilyoalonttgehsdireeesicanuittnsreitrynet
 Areas in information
security
 Goals of information

sseeRccuourleirtistyyoof ringfaonrmizaattiioonn

What is Security?

“The quality or state of being secure to be free from
danger”

A successful organization should have multiple layers of
security in place:

Physical security
Personal security
Operations security
Communications security
Network security
Information security

Challenges in Information Security

Challenge of keeping networks and
computers secure has never been greater
A number of trends illustrate why security is
becoming increasingly difficult
Many trends have resulted in security attacks
growing at an alarming rate
Computer Emergency Response Team (CERT)
security organization compiles statistics
regarding number of reported attacks,
including:
Speed of attacks
Sophistication of attacks
Faster detection of weaknesses
Distributed attacks
Difficulties of patching

1

Challenges in Information Security

2

What is Information Security?

1. Tasks of guarding digital information, which is
typically processed by a computer (personal
computer), stored on a magnetic or optical
storage device(hard drive or DVD), and
transmitted over a network spacing

2. Ensures that protective measures are properly
implemented

3. Intended to protect information
4.Involves more than protecting the information

itself

Center of diagram in Figure 1, shows
what needs to be protected (information)
Information security achieved through a
combination of three entities

3

Securing Components

Computer can be subject of an attack and/or
the object of an attack




1. When the subject of an attack,
computer is used as an active tool
to conduct attack

2. When the object of an attack,
computer is the entity being
attacked

4

Areas in Information Security

1. Physical Security
2. Operational Security
3. Management and Policies

Physical Security

The first line of defense an organization should follow to
help combat insider issues is to develop information
security policies and an information security plan

Information security policies – identify the

rules required to maintain information

security

Information security plan – details how an

organization will

implement the information security

policies

An organization should develop 5

information security policies and an

information security plan
Information security policies -
identify the rules required to
maintain information security
Information security plan – details
how an organization will
implement the information security
policies

Operational Security

Three primary information security areas
a)Authentication and authorization
Something that is part of the user such
as a fingerprint or voice signature or the
user has such as smart card or token

b)Prevention and resistance
Content filtering
Encryption
Firewalls

c)Detection and response
If prevention and resistance strategies
fail and there is a security breach, an
organization can use detection and
response technologies to mitigate the
damage

Antivirus software is the most common
type detection and response technology

6

Management & Policies

Develop the information security policies
Communicate the information security policies
Identify critical information assets and risks

1.Firewall – hardware and/or software that guards
a private network by analyzing the information
leaving and entering the network

2.Intrusion detection software (IDS) – searches
out patterns in network traffic to indicate
attacks and quickly respond to prevent harm

Test and reevaluate risks
Obtain stakeholder support

Information Security Goal

Integrity
Assurance that data is not altered

or destroyed in an unauthorized
manner
Confidentiality
Protection of data from
unauthorized disclosure to a
third party
Availability
Continuous operation of
computing systems

7

Information Security Organisation

CERT/CC – Computer Emergency Response Team (
handling computer security incidents )
US-CERT – US Computer Emergency Response
Team
SANS Institute - specializes in internet security
training – GIAC Certification
ISC2 - specializes in information security education
and certifications
FIPS - standardizations developed by the
United States federal government for use in
computer systems
ICSA Lab - mission was to increase awareness of the
need for computer security and to provide
education about various security products and
technologies

8

Security Issues in Information Security

Electronic mail and news
Ways for people to exchange information
with each other without requiring an
immediate, interactive response.
File transfer
Transmitting files over a computer network or
the internet
(the simplest way to exchange files).
Remote Access to Host
The ability to log onto a network from a
distant location (eg; TELNET or SSH)
Real time conferencing services
Designed for interactive use by on-line
participants (video conference)

9

Attack Definition

1) Information Theft:
Attacks that allow an attacker to get data
without ever having to directly use your
computers.
How:
dumpster diving
steal your e-mail
Used for:
to access bank account
to make loans (car, real estate)

2) Unauthorised disclosure :
An organization suspects some of its
employees of leaking confidential
information to its competitor.
It is also usually believed that its competitor
actually planted spies within the
organization in order to target and steal
new product plan.
How:
 planting virus, trojan horse
 snooping software

10

3) Information Warfare
Is the use and management of information in pursuit
of a competitive advantage over an opponent.
Remotely disabling target using software (e.g.;
television and radio disinformation)
Disinformation: false or inaccurate information that is
spread deliberately.

4) Accidental data loss :
Most common data loss cause, simply accidentally
deleting a file that wasn't supposed to be deleted
Caused by a careless employee or an untrained
employee who did not know better

11

Attacker Profiles

1) Six Categories :
Hackers
- Person who uses advanced computer
skills to attack computers, but not with
a malicious intent
- Use their skills to expose security flaws
Crackers
- Person who violates system security
with malicious intent
- Have advanced knowledge of
computers and networks and the skills
to exploit them
- Destroy data, deny legitimate users of
service, or otherwise cause serious
problems on computers and networks
Script kiddies
- Break into computers to create damage
- Unskilled users
- Download automated hacking software
from Web sites and use it to break into
computers
- Tend to be young computer users with
almost unlimited amounts of leisure
time, which they can use to attack
systems

12

Spies
- Person hired to break into a computer

and steal information
- Do not randomly search for unsecured

computers to attack
- Hired to attack a specific computer that

contains sensitive information
Employees
- One of the largest information security
threats to business Employees break into
their company’s computer for these
reasons:
> To show the company a weakness in

their security To say, “I’m smarter than
all of you”
- For money
Cyberterrorists
- Experts fear terrorists will attack the
network and computer infrastructure to
cause panic
- Cyberterrorists’ motivation may be
defined as ideology, or attacking for the
sake of their principles or beliefs
- One of the targets highest on the list of
cyberterrorists is the Internet itself

13

Basic Attack

Today, the global computing infrastructure is most
likely target of attacks
Attackers are becoming more
sophisticated, moving away from
searching for bugs in specific software
applications toward probing the
underlying software and hardware
infrastructure itself
1) Social Engineering :
Easiest way to attack a computer system requires
almost no technical ability and is usually highly
successful
Social engineering relies on tricking and deceiving
someone to access a system
Social engineering is not limited to telephone calls or
dated credentials
Dumpster diving: digging through trash receptacles
to find computer manuals, printouts, or password
lists that have been thrown away
Phishing: sending people electronic requests for
information that appear to come from a valid source

14

2) Password Guessing :
Password: secret combination of
letters and numbers that validates
or authenticates a user
Passwords are used with
usernames to log on to a system
using a dialog box
Attackers attempt to exploit
weak passwords by password guessing
Brute force: attacker attempts to create every
possible password combination by changing one
character at a time, using each newly generated
password to access the system
Dictionary attack: takes each word from a dictionary
and encodes it (hashing) in the same way the
computer encodes a user’s password

3) Weak Keys
Cryptography :
- Science of transforming information so it is
secure while being transmitted or stored
Encryption :
- Changing the original text to a secret
message using cryptography

4) Mathematical Attacks :
Cryptanalysis : process of attempting to break an
encrypted message
Mathematical attack : analyzes character in an
encrypted text to discover the keys and decrypt the
data

15

5) Man-in-the-Middle Attacks :
Passive attack : attacker captures sensitive data
being transmitted and sends it to the original
recipient without his presence being detected
Active attack : contents of the message are
intercepted and altered before being sent on

6) Replay
Similar to an active man-in-the-middle attack
Whereas an active man-in-the-middle attack
changes the contents of a message before sending it
on ,a replay attack only captures the message and
then sends it again later

7) TCP/IP Hijacking
With wired networks, TCP/IP hijacking uses spoofing,
which is the act of pretending to be the legitimate
owner
One particular type of spoofing is Adressing
Resolution Protocol (ARP) spoofing.
In ARP spoofing, a hacker changes the table so
packets are redirected to his coomputer

8) Denial of Service
attempts to make a server or other network device
unavailable by flooding it with requests
After a short time, the server runs out of resources
and can no longer function

16

Malicious Code - Malware

Consists of computer programs designed to break
into computers or to create havoc on computers
Most common types:
1) Viruses
2) Worms
3) Logic bombs
4) Trojan horses
5) Back doors

1) Viruses
Programs that secretly attach to another document
or program and execute when that document or
program is opened
A virus needs the user to perform some type of
action, such as starting a program or reading an e-
mail message, to start the infection

2) Worms
A computer worm is a type of malware that spreads
copies of itself from computer to computer. A worm
can replicate itself without any human interaction,
and it does not need to attach itself to a software
program in order to cause damage.

17

3) Logic bombs
Computer program that lies dormant until triggered
by a specific event, for example:
a) A certain date being reached on the
system calendar
b) A person’s rank in an organization
dropping below a specified level

4) Trojan horses
Programs that hide their true intent and then reveals
themselves when activated
Might disguise themselves as free calendar programs
or other interesting software

5) Back doors
Secret entrances into a computer of which the user is
unaware
Many viruses and worms install a back door allowing
a remote user to access a computer without the
legitimate user’s knowledge or permission.

18

Security Threats

1) Categories :
Data disclosure :
- Exposure of data to third parties. Key
point to consider is whether the
disclosure is relevant and necessary.
Data modification :
- A modification attack is an attempt
to modify information that an
attacker is not authorized to modify.
Data availability :
- Describe products and services that
that continues to be available at a
required level of performance
in situations ranging from
normal through "disastrous."

2) Activities :
Hacking :
- Computer hacking is the practice
of modifying computer hardware
and software to accomplish
the hacker’s goal.
Cracking :
- Activities to breaks into someone
else's computer system or bypasses
passwords or licenses in
computer programs.

19

Spoofing :
- A method of attacking a computer

program, in which the program is
modified so as to appear to be
working normally when in reality it has
been modified with the purpose to
circumvent security mechanisms.
Sniffing :
- A method that a network device,
like the Nintendo DS, uses to identify
available wireless networks in the area

Information Security Career

Information security is one of the fastest growing
career fields
As information attacks increase, companies are
becoming more aware of their vulnerabilities and are
looking for ways to reduce their risks and liabilities
Sometimes divided into three general roles:
1)Security manager - develops corporate
security plans and policies, provides
education and awareness, and
communicates with executive
management about security issue.

20

2)Security engineer - designs, builds,
and tests security solutions to meet
policies and address business needs.

3) Security administrator - configures and
maintains security solutions to
ensure proper service levels
and availability

SUMMARY

The challenge of keeping computers secure is
becoming increasingly difficult
Attacks can be launched without human
intervention and infect millions of computers in a
few hours.
Information security protects the integrity,
confidentiality, and availability of information on
the devices that store, manipulate, and transmit
the information through products, people, and
procedures

21

CHAPTER 2



Network Environment



NETWORK ENVIRONMENT

LEARNING
OUTCOMES

The student should be able to:

 Rneeenctvowigroonrnkizmeetnhte:  Trace protocol analysis
ealIgednDamedetneseftwcunifrntayisbcytetishni.oecanaktnoeeefygtowroiersk reEIPdlDpEnaaeEtrexcyneopsaxldttocpploiaraflstyiciadbounoipnel(TlamsErCItsoPSaiooPbnPndmdlge)deaemSstsaectinagconurmadrimmatyrodns

Nodes

A node is any device that is capable of sending or
receiving data, to and from other nodes at definite and
desired flow rates securely and reliably.

Cloud Cell Tower
(Intermediary (Intermediary

device) device)

Modem Mobile Phone
(Intermediary (End Device)

device) Laptop
(End Device)
Server
(End Device) Laptop
(End Device)
Desktop switch
(End Device) (Intermediary Laptop
(End Device)
Desktop device)
(End Device) Tablet
Printer (End Device)
Desktop (End Device)
(End Device)

A simple computer network

22

Nodes

End devices are node devices that serve as a source
point or a destination point in the communication that
occurs on a computer network.
Grouped into the following categories –

End Devices as Clients –
Perform the tasks of requesting data, displaying
received data, etc. usually meant for usage by end
clients.
End Devices as Servers –
It is equipped with programs that provide
information and services such as webpages or e-
mails to other network nodes (or hosts).
Examples of the End Devices :
Work Stations, Laptops, Desktop Computers, Printers
and Scanners, Servers (File Servers, Web Servers),
Mobile Phones, Tablets, Smart Phones, etc.

23

Nodes

Intermediary Devices

Node devices that are designed to forward the
data from one side to another side in a
computer network.

These intermediary devices work as a
connecting medium (along with other services
being offered) for other nodes and handle the
tasks in the background ensuring that the data
flows effectively at desired flow rates across the
entire computer network

Functions of Intermediary Devices :

Keep record of information of source address,
destination address or different pathways
existing through the
Detect faults and errors effectively using
redundancy bits, etc. and notify the devices to
further ensure fault tolerance by performing
corrections while transferring data in a
computer network.
Maintenance of a definite desired flow control
and response timeout during the entire course
of the communication.
Setup, grouping and direction of messages (or
packets) according to their priorities is done by
these devices.
Provide network security by permitting or
denying the flow of data, based on security
settings.

Examples of the intermediary devices :

Hubs, switches, wireless access points, and other
devices used for accessing the network, file
servers, web servers, print servers, modems,
devices using for internetworking such as routers,
bridges, repeaters, and security firewalls, etc 24

Backbone

Backbone Network is a Network containing a
high-capacity connectivity infrastructure that
backbone to the different part of the network.
The backbone network allows several LANs to be
connected. in the backbone network, no station is
directly connected with backbone, instead each
station is a part of a LAN, and the LANs are
connected to the backbone.

Segments

The National Institute of Standards and
Technology (NIST) defines network segmentation
as
"splitting a network into sub-networks...by
creating separate areas on the network which
are protected...to reject unnecessary traffic.
Network segmentation minimizes the harm of
malware and other threats by isolating it to a
limited part of the network."

Non- segment network Can you spot
Segment network the

differences?

25

Subnets

A subnet, or subnetwork, is a segmented piece
of a larger network.
Subnets are a logical partition of an IP network
into multiple, smaller network segments.
Subnets allow to break up networks into
smaller ones, and dramatically increased the
number of devices that can connect to the
internet.

SUBNET

26

Gateways

Gateway is a network hardware device that is
used for making communication between two
networks with different transmission protocols
together, and it is an entry and exit “Gate” for
the networks that helps to bypass all data with
the gateway prior to being routed.
Gateways can be used for both WAN and LAN
interconnects.

SUBNET

The gateway acts as a “Translator”
between two different systems that
is used dissimilar communication
protocols, data format or different
architectures whether it is a server,
router, firewall or other network
device that allows to flow the traffic
in and out of the network.

27

Gateways

There are two different types of gateways in
computer network which are divided on the
basis of the direction of data flow.
Unidirectional Gateways:
These gateways allow broadcasting the data in
only a single direction. All changes are made in
the source terminal, and they are replicated to
the destination node or application. But, they
do not permit any change in the destination
node and are not replicated in the source node.
These types of gateway work as archiving tools.
Bidirectional Gateways:
Bidirectional gateways are capable to flow the
data in both directions. In these gateways, all
changes are made to the source node are
replicated in the destination and vice-versa.
These types of tools are capable to perform all
tasks as synchronization tools.

28

Identify problem related to TCP

a. Packet replication
If a sending host thinks a packet is not
transmitted correctly because of a packet loss,
it might Retransmit that packet.
The receiving host might already got the first
packet, and will receive a second one, which is
a duplicated packet.

b. Checksum error
A Checksum is an error detection method that
checks conflicts between two parties.
CMOS Checksum error usually means the
system has encountered a problem due to
mismatched data between the CMOS and the
BIOS.

c. Bottleneck Bandwidth
A bottleneck occurs in a network when there
are too many users attempting to access a
specific resource.
A bottleneck is a point of congestion in a
production system (such as an assembly line or
a computer network) that stops or severely
slows the system.

Can you explain the
picture in your own

words?

A BOTTLENECK 29

Identify problem related to TCP

d. Packet Loss
Packet loss is the failure of data packets sent
from a source to reach their destination.
Data packets, are small chunks of data that are
transmitted on computer networks.
Every piece of data, regardless of its size, is
divided into packets which are sent
sequentially over networks before being
reassembled into meaningful data by the
receiving party.
It does happen that some packets are lost in
transit.
If one of these packets fails to reach its
intended destination, what’s known as “packet
loss” occurs.
Packet loss and latency, and jitter are among
the main causes of a drop in network
performance

30

IP datagram

a. Maximum Transfer Unit (MTU)
Maximum transmission unit (MTU) is a
measurement representing the largest data
packet that a network-connected device will
accept.
Packets that exceed the MTU of a network
cannot pass through that network.
Data packets that exceed MTU are broken up
into smaller pieces so that they can fit through.
This process is called fragmentation.
Fragmented packets are reassembled once
they reach their destination.
MTU is measured in bytes — a "byte" is equal to
8 bits of information, meaning 8 ones and
zeroes. 1,500 bytes is the maximum MTU size.

https://www.geeksforgeeks.org/what-is-mtumaximum-transmission-unit/

Maximum Transmission Unit describes the
maximum packet size of a protocol in the
network layer of the OSI model, which can
be transmitted in networks without
fragmenting the frames in the data link
layer

31

IP datagram

b. Fragmentation.

An Internet Protocol (IP) process that
breaks packets into smaller pieces
(fragments), so that the resulting pieces
can pass through a link with a smaller
maximum transmission unit (MTU) than
the original packet size.
The fragments are reassembled by the
receiving host.

32

Modes in Encapsulating
Security Payload

c. Encapsulation
Data Encapsulation is the process in which
some extra information is added to the data
item to add some features to it.
Data encapsulation adds the protocol
information to the data so that data
transmission can take place in a proper way.
This information can either be added in the
header or the footer of the data.
Each layer takes the encapsulated data from
the previous layer and adds some more
information to encapsulate it and some more
functionalities with the data.
These functionalities may include proper data
sequencing, error detection and control, flow
control, congestion control, routing
information, etc.

Do you notice the changes of the data as
it pass through the OSI layers?

33

IP datagram

a. Tunnel Mode
In tunnel mode, the entire original IP packet is
encapsulated to become the payload of a new
IP packet.
A new IP header is added on top of the original
IP packet. Since a new packet is created using
the original information, tunnel mode is useful
for protecting traffic between different
networks.
In Tunnel Mode, ESP encrypts the data and the
IP header information.

b. Transport mode ESP
Transport Mode is a method of sending data
over the Internet where the data is encrypted
but the original IP address information is not.
The Encapsulating Security Payload (ESP)
operates in Transport Mode or Tunnel Mode.
In Transport Mode, ESP encrypts the data but
the IP header information is viewable.

34

2)Security engineer - designs, builds,
and tests security solutions to meet
policies and address business needs.

3) Security administrator - configures and
maintains security solutions to
ensure proper service levels
and availability

SUMMARY

The challenge of keeping computers secure is
becoming increasingly difficult
Attacks can be launched without human
intervention and infect millions of computers in a
few hours.
Information security protects the integrity,
confidentiality, and availability of information on
the devices that store, manipulate, and transmit
the information through products, people, and
procedures

2)Security engineer - designs, builds,
and tests security solutions to meet
policies and address business needs.

3) Security administrator - configures and
maintains security solutions to
ensure proper service levels
and availability

SUMMARY

The challenge of keeping computers secure is
becoming increasingly difficult
Attacks can be launched without human
intervention and infect millions of computers in a
few hours.
Information security protects the integrity,
confidentiality, and availability of information on
the devices that store, manipulate, and transmit
the information through products, people, and
procedures

CHAPTER 3

WEB AND APPLICATION
SECURITY

CHAP
TER 3

LEARNING
OUTCOMES

The student should be able to:

 Recognize email
tchIsRoadaraeDIueeupefducocanaetnpbuetcrhot.stdhtln.ers.Seicwegie.AocfD.treranyTniaVermipwfcenbhitiytabzupziucideercepaoetlloeranbaiahtpnficamptietesrolayaituipeasrocsntppaeOtarlina.iooupebctctbnssaruliaimilojee.cniterOtsniiaodciAotevttytdnpisoeiovesprne:lvliisn:icegawtionasHueEabCc.cto-d.shmMo.uwPe.RSePmrPcIraMniMierasutOimotl-kygTrEmitPeicmPootr/naSeyanaccta.elionailrteocldytiwmucnepoIr.dGtMaerioiektlAMonnspP.eIeraMor-namtEdloaciol l: