Introduction to Information Security

Mobile Code

• It refers to program/script/macro that runs unchanged

to heterogeneous collection of platforms.

• It also applies to situations involving a large homogeneous collection (E.g. Microsoft Windows).
• It is transmitted from remote system to local system & then executed on local system.
• It often acts to inject virus, worm, or Trojan horse.
• In other cases, mobile code takes advantage of vulnerabilities to perform own exploits such as unauthorized data access, root compromise.

Multiple-Threat Malware

• Malware may operate in multiple ways.
• Multipartite virus infects in multiple ways.

E.g. multiple file types

• Blended attack uses multiple methods of infection or transmission , to maximize the speed of contagion and severity of attack.
• It may include multiple types of malware

E.g. Nimda has worm, virus, mobile code

Zombie

• It is the program which secretly takes over another networked computer.
• It uses indirectly to launch attacks.
• It is often used to launch distributed denial of service (DDOS) attacks.
• Develops known faults in network systems.

Computer Systems Security

Defining IT Security Audit

IT Audit

• Independent assessment of an organization’s internal policies, controls, and activities. You use an audit to assess the presence and effectiveness of IT controls and to ensure that those controls are compliant with stated policies. In addition, audits provide reasonable assurance that organizations are compliant with applicable regulations and other industry requirements.
• Address the risk exposures within IT systems and assess the controls and integrity of information systems
• Shouldn’t be confused with Penetration Testing
• pen test is a very narrowly focused attempt to look for security holes in a critical resource, such as a firewall or webserver.