logo

CSI2102 - Introduction to Information Security

6 Pages883 Words177 Views
   

Edith Cowan University Australia

   

Information Security (CSI2102)

   

Added on  2020-03-07

About This Document

CSI2102 - The term information security means protecting information and information systems from unauthorized access use, disclosure, disruption, modification, or destruction to provide integrity, confidentiality, and availability. It also covers the type of threats which are DROWN, Logjam, FREAK, Bar Mitzvah Attack, and POODLE. The network administrators must make sure that the private keys are not reused on any types of Web servers in addition to applying the updates.

CSI2102 - Introduction to Information Security

   

Edith Cowan University Australia

   

Information Security (CSI2102)

   Added on 2020-03-07

ShareRelated Documents
Running head: INFORMATION SECURITYInformation SecurityName of the studentName of the UniversityAuthor Note
CSI2102 - Introduction to Information Security_1
1INFORMATION SECURITYTable of ContentsIntroduction......................................................................................................................................2Different types of threats.................................................................................................................2DROWN..........................................................................................................................................3Conclusion.......................................................................................................................................4References........................................................................................................................................6
CSI2102 - Introduction to Information Security_2
2INFORMATION SECURITYIntroductionInformation security is a major concern for most of the organizations today. This helps inprotecting the integrity, confidentiality and the availability of data of computer system from themalicious systems. Information security is all about dealing with risk management. Someeffective cryptographic tools are able to maintain the security of the different systems andmitigate the issues. The organizations take various precautionary measures in keeping their datasecured and safe from the attackers. Still, there are chances that the machines will be attacked bybugs and malicious devices. The report takes into consideration the effects of the bug, DROWNand the mitigating options. Different types of threatsThere are various types of vulnerabilities that have come up in the recent years. Some ofthem have been mentioned in the table below. YearNameVulnerabilityMitigation2016DROWNSites supportingSSLv2 and EXPORTcipher suitesDisabling SSLv2 and/orupdating OpenSSL.2015LogjamServers that useDuffie-hellman keyexchange are verymuch vulnerable tohaving the sessionsdowngraded toextremely week 512-bit kMitigation can be done bydisablingtheDHE_EXPORT ciphersand clients must upgradetheir browsers.2015FREAKClients are forced todowngrade fromstrong RSA to exportRSA since both thebrowser and theserver are vulnerable.Mitigation is possible bydisabling the exportciphers in theconfiguration of servers.Patching of the OpenSSLis also an option of
CSI2102 - Introduction to Information Security_3

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Research Paper: Heartbleed Vulnerability
|4
|1054
|112

CVE-2014-3566- Executive Summary
|3
|1049
|439

Advanced Network Security : PDF
|10
|1144
|216

VPN Technologies and Security
|9
|2031
|99

Advance Digital Forensics
|20
|3092
|89