ITE REVIEWER

UNIT 1: Information Assurance and Security 2

In today's digital age, information systems are vital for businesses, governments,
and individuals. They handle large amounts of sensitive data, making them targets
for security threats. Knowing these threats is key to protecting data and ensuring its
safety.

Overview of Information Systems

Definition: Information systems are integrated sets of components for collecting,
storing, processing, and communicating information.
Types of Information Systems:
● Transaction Processing Systems (TPS)
● Management Information Systems (MIS)
● Decision Support Systems (DSS)
● Executive Information Systems (EIS)
● Enterprise Resource Planning (ERP) Systems
Importance of Security in IS: Ensuring data integrity, confidentiality, and availability is
critical to avoid data breaches, financial losses, and damage to an organization’s
reputation

Common Security Threats

1. Malware (Malicious Software)
- Definition: Software designed to disrupt, damage, or gain unauthorized
access to computer systems.
- Types:
● Viruses: Infect programs and replicate themselves.
● Worms: Standalone software that replicates to spread to other computers.
● Trojan Horses: Disguised as legitimate software but perform harmful activities.
● Ransomware: Encrypts data and demands ransom for decryption

2. PHISHING
- Definition: Fraudulent attempts to obtain sensitive information by
pretending to be a trustworthy ent
- Common Tactics:
● Email Phishing: Deceptive emails designed to lure individuals into providing
personal information
● Spear Phishing: Targeted phishing aimed at specific individuals or
organizations.
● Whaling: Phishing attacks directed at high-profile targets like executives.

3. Denial of Service (DoS) and Distributed / Denial of Service (DDoS) Attacks

Definition: Attacks aimed at disrupting the normal functioning of a
system by overwhelming it with a hood of internet traffic..
Impact: Can cause websites or services to become unavailable to legitimate
users.
 4.Insider Threats
- Definition: Security risks that originate from within the organization.
- Types:
● Malicious Insider: An employee or contractor with intent to harm.
● Accidental Insider: Employees who unintentionally cause security
breaches by mishandling data or systems.
● Mitigation: Strong access controls, monitoring, and employee training

5. Advanced Persistent Threats (APTs)

- Definition: Prolonged and targeted cyberattacks in which an intruder gains
access to a network and remains undetected for an extended period.
- Characteristics: Often involve sophisticated techniques and are aimed at
stealing data or surveillance.

6. Social Engineering
- Definition: Manipulation of individuals into performing actions or divulging
confidential information.
- Techniques:
● Pretexting: Pretending to be someone else to gain access to information.
● Baiting: Luring victims with promises of goods or services to steal information.

7. Zero-Day Exploits
- Definition: Attacks that exploit previously unknown vulnerabilities in
software before developers can fix them.
- Challenges: Difficult to defend against due to the unknown nature of the
threat.

Impacts of Security Threats

● Financial Losses: Direct costs due to theft or fraud, as well as indirect costs
like loss of business or enes for non-compliance.
● Reputation Damage: Breaches can erode customer trust and
damage an organization’s reputation.
● Legal and Regulatory Consequences: Non-compliance with data
protection laws can lead to hefty fines and legal action.
● Operational Disruptions: Security incidents can disrupt business
operations, leading to downtime and loss of productivity.

Best Practices for Mitigating Security Threats

● Regular Software Updates and Patch Management
● Keeping systems up-to-date to close vulnerabilities.
● Implementing Strong Authentication Mechanisms
● Using multi-factor authentication (MFA) and strong passwords.
● Employee Training and Awareness Programs
● Educating employees about the importance of security and how to recognize
threat
● Data Encryption
 ● Encrypting sensitive data both at rest and in transit.
● Network Security Measures
● Utilizing firewalls, intrusion detection/prevention systems (IDS/IPS), and
secure network architecture.
● Regular Security Audits and Penetration Testing
● Continuously testing the security of systems and applications.
● Incident Response Planning
● Having a well-defined incident response plan to quickly address security
breaches.
● Backup and Recovery Plans
● Ensuring that data can be recovered in case of a ransomware attack or data
corruption.

UNIT II: Web Vulnerability Scanner

WEB VULNERABILITY SCANNER

A web vulnerability scanner is a tool that automatically checks websites and web
applications for security flaws. It helps find weaknesses attackers could exploit to
steal data or disrupt services. Security experts and IT teams use it to assess and
improve web security.

Types of Vulnerabilities Detected by Web Vulnerability Scanners:

● SQL Injection (SQLi): Injecting malicious SQL queries to manipulate a database.
● Cross-Site Scripting (XSS): Embedding harmful scripts into web pages seen by
other users.
● Cross-Site Request Forgery (CSRF): Tricking users into unintentionally
performing actions.
● Remote/Local File Inclusion (RFI/LFI): Exploiting file upload/download
functions to execute malicious files.
● Insecure Configurations: Weak or misconfigured settings that expose web
servers to attacks.
● Session Hijacking: Stealing session tokens to impersonate a legitimate user.
● Insecure Cookies: Poorly configured cookies that can be exploited for
attacks like session hijacking.

Key Features of Web Vulnerability Scanners:

1. Automated Scanning: Ability to scan a website automatically for known
vulnerabilities.
2. Manual Testing Support: Some tools also allow manual or semi-automated
testing for advanced users.
3. Reports: After scanning, the scanner generates a report highlighting the
vulnerabilities and possible fixes.
4. Integration: Many modern scanners can be integrated into CI/CD
pipelines for continuous security testing.
5. Cross-platform Support: Tools may work on multiple platforms, like Windows,
Linux, or macOS.
 6. APIs for Automation: Some scanners offer APIs that allow developers to
automate the process within their development workflow.

Open-Source Web Vulnerability Scanner

1. OWASP ZAP: A popular open-source scanner for detecting SQL Injection,

XSS, and more, suited for both beginners and professionals.
- Features: Active/passive scanning, MITM proxy, API testing, DevOps
integration.

2. Nikto: A simple web server scanner that checks for misconfigurations,

outdated software, and common vulnerabilities.
- Features: Scans 6700+ vulnerabilities, SSL testing, detects default files.

3. Wapiti: A command-line tool for black-box testing by crawling web

pages for vulnerabilities.
- Features: Detects SQL Injection, XSS, file inclusions; supports GET/POST
requests.

4. Arachni: A customizable, multi-threaded vulnerability scanner for

individual and enterprise use.
- Features: Detects XSS, SQL Injection, LFI/RFI; supports distributed scanning.

5. W3af: A versatile attack and audit framework with a GUI and CLI for web
vulnerability scanning.
- Features: Exploits vulnerabilities, plugin-based, supports REST API automation.

6. Vega: A free web security scanner with a GUI and headless mode for
automated testing.
- Features: Detects SQL Injection, XSS; modular with JavaScript API and cross-
platform support.

7. SQLMap: A specialized tool for detecting and exploiting SQL Injection in

various databases.
- Features: Automatic detection, supports major databases, command-line
interface.

UNIT III: WEBMIN

Webmin is a web-based tool for managing UNIX/Linux servers through a graphical
interface, simplifying tasks like:
● User/group management
● File sharing (Samba, NFS)
● Package management
● System services control
● Cron scheduling
● Firewall setup
● Server monitoring and log analysis
● Backup and restore
WEBMIN:
Webmin supports various operating systems like Linux, FreeBSD, and other Unix-
based systems. Its modular design lets administrators add or create custom
modules for extended functionality.
- KEY FEATURES
● Web-based Interface: Access and manage your server from any web browser.
● User Management: Easily manage user accounts, groups, and ele permissions.
● Network Configuration: Configure networking, including IP addresses, DNS,
and more.
● Database Management: Manage databases like MySQL and PostgreSQL.
● Security and Access Control: Manage firewalls, SSH access, and other
security-related tasks.
Webmin is a customizable tool with a GUI, offering plugins for advanced features
like virtual hosting and DNS management.

UNIT IV: USER AND GROUP MANAGEMENT IN LINUX

User Management
Adding Users: sudo useradd <username>
Create Home directory and set the shell: sudo useradd -m -s /bin/bash <username>
Setting Password: sudo passwd <username>

Modifying Users:
Modify user details:
- sudo usermod -d /new/home/dir <username> # Change home directory
- sudo usermod -s /bin/zsh <username> # Change shell
Deleting Users:
Delete a user account: sudo userdel <username>
User’s Home Directory: sudo userdel -r <username>shell

User Information:
The user-related information is stored in /etc/passwd, and
passwords are stored in /etc/shadow (encrypted).
View User Information:
- cat /etc/passwd # Lists all users
- at /etc/shadow # Lists all password hashes

Group Management
Adding Groups:
To create a new group: sudo groupadd <groupname>
Modifying Groups:
Add users to a group using usermod: sudo usermod -aG <groupname> <username>
Deleting Groups:
To delete a group: sudo groupdel <groupname>
Group Information:
Group information is stored in /etc/group.
View Group Information: sudo cat /etc/group # Lists all groups

Managing Permissions
Change Ownership:
Change the owner of a file/directory: sudo chown <username>:<groupname> <file>
Change Permissions:
Permissions can be modified using the chmod command, using either symbolic
or numeric mode.
Symbolic Mode: chmod 755 <file>
Numeric Mode: 755 = rwxr-xr-x

Common Commands
Check current user: whoami
List users: sudo cat /etc/passwd | cut -d: -
f1 List groups: sudo cat /etc/group | cut -
d: -f1 List user groups: groups
<username>

SUMMARY:
Users: Managed with useradd, usermod, passwd, and
userdel Groups: Managed with groupadd, usermod -aG,
and groupdel Permissions: Managed with chown and
chmod.
Sudo: Managed via the sudo group and the /etc/sudoers file.

ANSWER KEY
1. sudo cat /etc/passwd
2. sudo useradd -m -s /bin/bash aliceguo
3. sudo passwd aliceguo
4. sudo cat /etc/passwd | grep aliceguo
5. sudo usermod -d /home/mayor_aliceguo aliceguo
6. sudo cat /etc/passwd | grep aliceguo
7. sudo userdel -r aliceguo
8. sudo cat /etc/passwd | grep aliceguo
9. sudo cat /etc/group
10.sudo groupadd mayor
11.sudo cat /etc/group | grep mayor
12.sudo useradd -m -s /bin/bash aliceguo
13.sudo usermod -aG mayor aliceguo
14.sudo groupdel mayor
15.sudo cat /etc/group | grep mayor
16.sudo mkdir /labdata
 17.sudo touch labdata/labfile.txt
18.sudo groupadd mayor
19.sudo chown aliceguo:mayor labdata/labfile.txt
20.sudo ls -l labdata/labfile.txt
21.sudo chmod 754 labdata/labfile.txt
22.sudo ls -l labdata/labfile.txt

UNIT V: MOODLES
Moodle is an open-source LMS for creating and managing online courses, widely
used in education and corporate training.
- Key Features: Course management, collaborative learning, grading tools,
mobile app, customization with plugins, and strong security compliance.

-END-