CAIIB IT

CAIIB IT

Logical Security

Generally, passwords must be at least 8 characters long and include upper and lower case characters and at least one numeric character and one special character. It is amazing to note that a ‘brute force’ tool which may crack a 4 character password in just 4 seconds, takes about 10 years to crack an 8 character password.

Privileged identity management (PIM) is a recent concept involving a domain within identity management focused on the special requirements of powerful accounts within the IT infrastructure of an enterprise. It is frequently used as an information security and governance tool to help companies in meeting compliance regulations and to prevent internal data breaches through the use of privileged accounts, like system or database administrator. PIM, privileged identity management; PUM, privileged user management; and PAM, privileged account management OR privileged access management; all three of these acronyms revolve around the same simple concept: who can get to a server, how they can get to a server and what they can do when they get there.

Denial-of-service (DoS) attacks: Where the intruder attempts to crash a service (or the machine), overload network links, overloaded the CPU, or fill up the disk. The intruder is not trying to gain information, but to simply act as a vandal to prevent from making use of machine.

Distributed Denial of Service (DDoS) attacks: In most respects it is similar to a DoS attack but the results are much, much different. Instead of one computer and one internet connection the DDoS attack utilises many computers and many connections. The computers behind such an attack may be often distributed around the whole world and will be part of what is known as a botnet. The main difference between a DDoS attack vs a DoS attack, therefore, is that the target server will be overload by hundreds or even thousands of requests in the case of the former as opposed to just one attacker in the case of the latter. Therefore it is much, much harder for a server to withstand a DDoS attack as opposed to the simpler DoS incursion.

An Intrusion Detection System (IDS) is a system for detecting such intrusions. IDS can be broken down into the following categories:

An Intrusion Prevention System (IPS) sits between the firewall and the rest of the network. That way, if an attack is detected, the IPS can stop the malicious traffic before it makes it to the rest of the network. In contrast, an IDS simply sits on top of the network rather than in front of it. Unlike IDS, IPS actively takes steps to prevent or block intrusions that are detected. These preventing steps include activities like dropping malicious packets and resetting or blocking traffic coming from malicious IP addresses. IPS can be seen as an extension of IDS, which has the additional capabilities to prevent intrusions while detecting them.

IPS is a system that actively takes steps to prevent an intrusion or an attack when it identifies one. IPS are divided in to four categories. First one is the Network-based Intrusion Prevention (NIPS), which monitors the entire network for suspicious activity. The second type is the Network Behavior Analysis (NBA) systems that examine the traffic flow to detect unusual traffic flows which could be results of attack such as distributed denial of service (DDoS). The third kind is the Wireless Intrusion Prevention Systems (WIPS), which analyzes wireless networks for suspicious traffic. The fourth type is the Host-based Intrusion Prevention Systems (HIPS), where a software package is installed to monitor activities of a single host.