Google

IT Security: Defense against the digital dark arts

246 ratings

Course 6 of 6 in the Specialization Google IT Support Professional Certificate

This course covers a wide variety of IT security concepts, tools, and best practices. It introduces threats and attacks and the many ways they can show up. We’ll give you some background of encryption algorithms and how they’re used to safeguard data. Then, we’ll dive into the three As of information security: Authentication, authorization, and accounting. We’ll also cover network security solutions, ranging from firewalls to Wifi encryption options. The course is rounded out by putting all these elements together into a multi-layered, in-depth security architecture, followed by recommendations on how to integrate a culture of security into your organization or team. At the end of this course, you’ll understand: - how various encryption algorithms and techniques work and their benefits and limitations. - various authentication systems and types. - the difference between authentication and authorization. At the end of this course, you’ll be able to: - evaluate potential risks and recommend ways to reduce risk. - make recommendations on how best to secure a network. - help others to understand security concepts and protect themselves.

From the lesson

Understanding Security Threats

Welcome to the IT Security course of the IT Support Professional Certificate! In the first week of this course, we will cover the basics of security in an IT environment. We will learn how to define and recognize security risks, vulnerabilities and threats. We'll identify the most common security attacks in an organization and understand how security revolves around the "CIA" principle. By the end of this module, you will know the types of malicious software, network attacks, client-side attacks, and the essential security terms you'll see in the workplace.

Network Attacks3:41

Denial-of-Service3:21

Meet the Instructors

Google

A Denial-of-Service, or DoS attack, is an attack that tries to prevent access

to a service for legitimate users by overwhelming the network or server.

Think about how you normally get on a website.

Most major websites are capable of serving millions of users.

But for this example, imagine you have a website that could only serve 10 users.

If someone was performing a Denial-of-Service attack,

they would just take up all 10 of those spots, and legitimate users would have

been denied the service, because there's no more room for them.

Now apply that to a website like Google, or Facebook.

DoS attacks try to take up those resources of a service, and

prevent real users from accessing it, not a pretty picture.

The Ping of Death or POD, is a pretty simple example of a DoS attack.

It works by sending a malformed ping to a computer.

The ping would be larger in size than what the internet protocol was made to handle.

So it results in a buffer overflow.

This can cause the system to crash and

potentially allow the execution of malicious code.

Another example is a ping flood, which sends tons of ping packets to a system.

More specifically, it sends ICMP echo requests,

since a ping expects an equal number of ICMP echo replies.

If a computer can't keep up with this, then it's prone to being overwhelmed and

taken down.

Not cool ping flood, not cool.

Similar to a ping flood is a SYN flood.

Remember that to make a TCP connection,

a client sends a SYN packet to a server he wants to connect to.

Next, the server sends back a SYN-ACK message,

then the client sends in ack message.

In a SYN flood, the server is being bombarded with the SYN packets.

The server is sending back SYN-ACK packets but

the attacker is not sending ack messages.

This means that the connection stays open and is taking up the service resources.

Other users will be unable to connect to the server which is a big problem.

Since the TCP connection is half-open,

we also refer to SYN floods as half-open attacks, sounds messy, right?

It is, the DoS attacks we've learned about so

far only use a single machine to carry out an attack.

But what if attackers could utilize multiple machines?

A much scarier scenario, they'd be able to take down services in greater volumes and

even quicker rates.

Even scarier, attackers can absolutely do that.

A DoS attack using multiple systems,

is called a distributed denial-of-service attack or DDoS.

DDoS attacks need a large volume of systems to carry out an attack and

they're usually helped by botnet attackers.

In that scenario,

they can gain access to large volumes of machines to perform an attack.

In October of 2016, a DDoS attack occurred the DNS service provider,

Dyn was a target of a DDoS.

Fake DNS look up requests along with SYN floods that botnets

to performing overloaded their system.

Dyn handled the DNS for major website like Reddit, GitHub, Twitter, etc.

So once that went down,

it also took down its customers, making those services inaccessible.

Don't get between people on the Reddit threads or Twitter feeds,

I know from experience, it's not pretty.