SlideShare a Scribd company logo

Computer Security

Download as PPT, PDF
Vaibhavi Patel
Vaibhavi Patel

This ppt will give a brief notion about computer security,types of security attacks and security techniques adopted to tackle attacks.

1 of 38
Downloaded 65 times
COMPUTER SECURITY Prepared By: Vaibhavi Patel
Why do we need Security?  Increased reliance on Information technology with or with out the use of networks.  The use of IT has changed our lives drastically.  We depend on E-mail, Internet banking, and several other governmental activities that use IT  Increased use of E-Commerce and the World wide web on the Internet as a vast repository of various kinds of information (immigration databases, flight tickets, stock markets etc.)
History  In 1983, Kevin Mitnick did an intrusion on a Pentagon’s computer  Robert Tappan Morris created the first worm and sent it from MIT to the web and caused $50,000 of damages  In 1994, Vladimir Levin intruded in an American bank computer and stole 10 millions dollars  Jonathan James “c0mrade”, 16 years old, infiltrated a NASA computer in 1999 and had access to data worth 1,7 millions dollars
Definition Branch of Computer Technology that includes protection of information and property from theft, corruption, or natural disaster allowing the information and property to remain accessible and productive to its intended users. It deals with the prevention and detection of unauthorised actions by users of a computer system.
 Prevention : ~ Helps to stop unauthorized users (known as “intruders”) from accessing any part of computer.  Detection : ~ Helps to determine whether or not anyone attempted to break into your system, if they were successful, and what they may have done.  Re-action: ~ Ensure future security needs.
Fundamentals of Security Goals Confidentiality Integrity Avalaibility 6
Confidentiality  Confidentiality is the avoidance of the unauthorized disclosure of information. – confidentiality involves the protection of data, providing access for those who are allowed to see it while disallowing others from learning anything about its content.  Tools for Confidentiality 1. Encryption 2. Access Control 3. Authentication 4. Authorization
Integrity  Integrity:the property that information has not be altered in an unauthorized way.  Tools of Integrity – Backups – Checksums – Data correcting codes
Availability  The property that information is accessible and modifiable in a timely fashion by those authorized to do so.  Tools of Availability – Physical protections – Computational redundancies
TYPES OF SECURITY ATTACKS
Some common attacks  Network Attacks  Packet sniffing, man-in-the-middle, Denial of Service attack, Identity Spoofing ,Password- based attacks, Session Hijacking.  Web attacks  Phishing, SQL Injection, Cross Site Scripting.  Software attacks  Malware: Virus, Trojan, Worms, Root kits, Backdoors.
Network Attacks  Packet Sniffing  Internet traffic consists of data “packets”, and these can be “sniffed” means captured.  Leads to other attacks such as password sniffing, cookie stealing ,Session Hijacking.  Man in the Middle  Insert a router in the path between client and server, and change the packets as they pass through 12
 Denial of Service(DoS): A special kind of Internet attack aimed at large websites.  Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.  Block traffic, which results in a loss of access to network resources by authorized users.  A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended respondents  Yahoo! and e-bay were both victims of such attacks in February 2000.
 A Dos attack can be perpetrated in a number of ways. There are three basic types of attack.  Consumption of computational resources, such as band width, disk space or CPU time.  Disruption of configuration information, such as routing information.  Disruption of physical network components.  The consequences of a DoS attack:  Unusually slow network performance.  Unavailability of a particular web site.  Inability to access any web site.  Dramatic increase in the amount of spam you receive in your account.
 Identity Spoofing (IP Address Spoofing): A hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a website, hijack browsers or gain access to a network.  How it works : The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source.
 Password-based Attacks: An attack in which repetitive attempts are made to duplicate a valid logon or password sequence.  Techniques for cracking password:  Cryptography  Guessing  Dictionary based attack  After gaining access to your network with a valid account, an attacker can:  Obtain lists of valid user and computer names and network information.  Modify server and network configurations, including access controls and routing tables.  Modify, reroute, or delete your data.
 Session Hijacking: A illicit method of stealing a Web user session by obtaining data i.e session id, about an authorized user.  Session hijacking exploits computer session between two machines.  When a TCP session is established a cookie is used to verify if the session is active or not. The attacker can steal these cookies by sniffing or using the saved cookies on victim’s computer.  Types of Session Hijacking attacks 1. Active: Man-in-the-middle 2. Passive: Sniffer tools 3. Hybrid: Combination  Methods 1. Session fixation 2.Session side jacking
Computer Security
Web Attacks  Phishing : It is the act of tricking someone into giving confidential information (like passwords and credit card information) on a fake web page or email form pretending to be from a legitimate company .  Some phishing e-mails also contain malicious or unwanted software that can track your activities or slow your computer.  Types of Phishing: 1. Deceptive Email 2. Malware-based 3. DNS-based 4. Search engine Phishing
https:// 20
 Sql Injection: An attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.  The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed.  SQL injection refers to the technique of inserting SQL meta characters and commands into Web-based input fields in order to manipulate the execution of the back- end SQL queries.  Tw0 types: First-order & Second-order  Easy to inject. many websites are vulnerable to them.  Dot Defender: web app firewall, inspects HTTP traffic  Cross-site Scripting(XSS): Writing a complex JavaScript program that steals data left by other sites that you have visited in same browsing session.
 A malicious website might employ JavaScript to make changes to local system, such as copying or deleting files  A malicious website might employ JavaScript to monitor activity on local system.  A malicious website might employ JavaScript to interact with other Websites the user has open in other browser windows or tabs.  It’s called “cross-site” because it involves interactions between two separate websites to achieve its goals.
Software Attacks  Malware : “Malicious Software” is intended to damage or disable computer systems.  Malware can be classified into several categories, depending on propagation and concealment  Propagation – Virus: human-assisted propagation – Worm: automatic propagation  Concealment – Root kit: modifies operating system to hide its existence – Trojan: provides desirable functionality but hides malicious operation
1. Virus  Computer program that can replicate itself and spread from one computer to another.  Types of Virus: 1. File Virus: Program file 2. Boot sector virus: Floppy and Hard drives 3. Macro Virus: Macro programming feature
2. Worms  Standalone malware computer program that replicates itself in order to spread to other computers.  Types of Worms: 1. Internet Worms 2.Email Worms 3.File sharing Network worms
3. Root Kits  It is a collection of tools that enable administrator-level access to a computer or computer networks.  Four types: 1. Virtualized: Virtual environment 2. Kernel Level: Kernel of OS 3. Library Level: Replace system calls 4. Application Level
4. Trojan  Malicious computer program must be executed by user.  Executable programs that perform some actions.  They have file extensions like “exe”,”com” etc.
TYPES OF SECURITY  Information Security: The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information  Necessary tools: policy, awareness, training, education, technology  C.I.A. triangle was standard based on confidentiality, integrity, and availability
Components of I.S
Network Security  It consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access,misuse,modification,or denial of a computer network and network accessible resources.
Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.  A network firewall is similar to firewalls in building construction, because in both cases they are intended to isolate one "network" or "compartment "from another.
Computer Security
Firewall Policies To protect private networks and individual machines from the dangers of the greater Internet, a firewall can be employed to filter incoming or outgoing traffic based on a predefined set of rules called firewall policies.
Virtual Private Networking (VPN)  Virtual private networking (VPN) is a technology that allows private networks to be safely extended over long physical distances by making use of a public network, such as the Internet, as a means of transport. • VPN provides guarantees of data confidentiality, integrity, and authentication, despite the use of an untrusted network for transmission. There are two primary types of VPNs, remote access VPN and site-to-site VPN.
Intrusion Detection Systems Intrusion – Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking resources) Intrusion detection – The identification through intrusion signatures and report of intrusion activities Intrusion prevention The process of both detecting intrusion activities and managing automatic responsive actions throughout the network
Applications Banks Private and Public sector Industries Business Transactions Cloud Computing Security Aviation National Defence Military
References  http://www.infosecuritymag.com/articles/mar ch01/features4_battle_plans.shtml  http://www.iss.net/security_center/advice/Un derground/Hacking/Methods/Technical/  http://www.microsoft.com/  http://www.nmrc.org/faqs/www/wsec09.html  http://www.tlc.discovery.com/convergence/ha ckers/hackers.html  http://www.tuxedo.org/~esr/faqs/hacker- howto.html
Thank You
Ad

Recommended

Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
Dilum Bandara
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
sadique_ghitm
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
Network Intelligence India
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hacking
msaksida
 
Cyber security
Cyber securityCyber security
Cyber security
TonyYeung23
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
5 biggest cyber attacks and most famous hackers
5 biggest cyber attacks and most famous hackers5 biggest cyber attacks and most famous hackers
5 biggest cyber attacks and most famous hackers
Roman Antonov
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Software security
Software securitySoftware security
Software security
Roman Oliynykov
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
Cyber Security –PPT
Cyber Security –PPTCyber Security –PPT
Cyber Security –PPT
Rajat Kumar
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
Security Bootcamp
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
APNIC
 
Computer Security
Computer SecurityComputer Security
Computer Security
Klynveld Peat Marwick Goerdeler Global Services
 
PRIMARY STORAGE
PRIMARY STORAGEPRIMARY STORAGE
PRIMARY STORAGE
Kak Yong
 
Ad

More Related Content

What's hot (20)

Cyber security
Cyber securityCyber security
Cyber security
TonyYeung23
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
5 biggest cyber attacks and most famous hackers
5 biggest cyber attacks and most famous hackers5 biggest cyber attacks and most famous hackers
5 biggest cyber attacks and most famous hackers
Roman Antonov
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Software security
Software securitySoftware security
Software security
Roman Oliynykov
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
Cyber Security –PPT
Cyber Security –PPTCyber Security –PPT
Cyber Security –PPT
Rajat Kumar
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
Security Bootcamp
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
APNIC
 
Cyber security
Cyber securityCyber security
Cyber security
TonyYeung23
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
asherad
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
PPT on Phishing
PPT on PhishingPPT on Phishing
PPT on Phishing
Pankaj Yadav
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
5 biggest cyber attacks and most famous hackers
5 biggest cyber attacks and most famous hackers5 biggest cyber attacks and most famous hackers
5 biggest cyber attacks and most famous hackers
Roman Antonov
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
Ren Tuazon
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Software security
Software securitySoftware security
Software security
Roman Oliynykov
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)Module 19 (evading ids, firewalls and honeypots)
Module 19 (evading ids, firewalls and honeypots)
Wail Hassan
 
Cyber Security –PPT
Cyber Security –PPTCyber Security –PPT
Cyber Security –PPT
Rajat Kumar
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
Security Bootcamp
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Introduction To Exploitation & Metasploit
Introduction To Exploitation & MetasploitIntroduction To Exploitation & Metasploit
Introduction To Exploitation & Metasploit
Raghav Bisht
 
Fundamentals of Network security
Fundamentals of Network securityFundamentals of Network security
Fundamentals of Network security
APNIC
 

Viewers also liked (7)

Computer Security
Computer SecurityComputer Security
Computer Security
Klynveld Peat Marwick Goerdeler Global Services
 
PRIMARY STORAGE
PRIMARY STORAGEPRIMARY STORAGE
PRIMARY STORAGE
Kak Yong
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
swapneel07
 
Secondary Storage
Secondary StorageSecondary Storage
Secondary Storage
Md. Bellal Hossain Raju
 
Primary and secondary storage devices
Primary and secondary storage devicesPrimary and secondary storage devices
Primary and secondary storage devices
Pichano Kikon
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security
Ana Meskovska
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
Computer Security
Computer SecurityComputer Security
Computer Security
Klynveld Peat Marwick Goerdeler Global Services
 
PRIMARY STORAGE
PRIMARY STORAGEPRIMARY STORAGE
PRIMARY STORAGE
Kak Yong
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
swapneel07
 
Secondary Storage
Secondary StorageSecondary Storage
Secondary Storage
Md. Bellal Hossain Raju
 
Primary and secondary storage devices
Primary and secondary storage devicesPrimary and secondary storage devices
Primary and secondary storage devices
Pichano Kikon
 
3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security3 Most Common Threats Of Information Security
3 Most Common Threats Of Information Security
Ana Meskovska
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
Ahmed Moussa
 
Ad

Similar to Computer Security (20)

Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Network security
Network securityNetwork security
Network security
nafisarayhana1
 
Computer security
Computer securityComputer security
Computer security
sruthiKrishnaG
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
why security is needed
why security is neededwhy security is needed
why security is needed
sourov_das
 
A Taken on Cyber Attacks - The Cyber Physical System.pptx
A Taken on Cyber Attacks - The Cyber Physical System.pptxA Taken on Cyber Attacks - The Cyber Physical System.pptx
A Taken on Cyber Attacks - The Cyber Physical System.pptx
animeshdabral007
 
Cyper security & Ethical hacking
Cyper security & Ethical hackingCyper security & Ethical hacking
Cyper security & Ethical hacking
Cmano Kar
 
Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber security
Bansari Shah
 
Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptx
VIRAJDEY1
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Arnav Chowdhury
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
prachi67
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy
Nicholas Davis
 
Lecture2-InforSec-Computer and Internet security.pptx
Lecture2-InforSec-Computer and Internet security.pptxLecture2-InforSec-Computer and Internet security.pptx
Lecture2-InforSec-Computer and Internet security.pptx
markhorid1
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
aashish2cool4u
 
Information Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaInformation Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons Bulgaria
New Horizons Bulgaria
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
Aamlan Saswat Mishra
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptx
babepa2317
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
Adebisi Tolulope
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
Mayank Kashyap
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
MahalakshmiShetty3
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Network security
Network securityNetwork security
Network security
nafisarayhana1
 
Computer security
Computer securityComputer security
Computer security
sruthiKrishnaG
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
why security is needed
why security is neededwhy security is needed
why security is needed
sourov_das
 
A Taken on Cyber Attacks - The Cyber Physical System.pptx
A Taken on Cyber Attacks - The Cyber Physical System.pptxA Taken on Cyber Attacks - The Cyber Physical System.pptx
A Taken on Cyber Attacks - The Cyber Physical System.pptx
animeshdabral007
 
Cyper security & Ethical hacking
Cyper security & Ethical hackingCyper security & Ethical hacking
Cyper security & Ethical hacking
Cmano Kar
 
Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber security
Bansari Shah
 
Computer security system Unit1.pptx
Computer security system Unit1.pptxComputer security system Unit1.pptx
Computer security system Unit1.pptx
VIRAJDEY1
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Arnav Chowdhury
 
Ehical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network SecurityEhical Hacking: Unit no. 1 Information and Network Security
Ehical Hacking: Unit no. 1 Information and Network Security
prachi67
 
Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy Cybersecurity, Hacking, and Privacy
Cybersecurity, Hacking, and Privacy
Nicholas Davis
 
Lecture2-InforSec-Computer and Internet security.pptx
Lecture2-InforSec-Computer and Internet security.pptxLecture2-InforSec-Computer and Internet security.pptx
Lecture2-InforSec-Computer and Internet security.pptx
markhorid1
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
aashish2cool4u
 
Information Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons BulgariaInformation Security Fundamentals - New Horizons Bulgaria
Information Security Fundamentals - New Horizons Bulgaria
New Horizons Bulgaria
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
Aamlan Saswat Mishra
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptx
babepa2317
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
Adebisi Tolulope
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
Mayank Kashyap
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
MahalakshmiShetty3
 
Ad

Computer Security

  • 1. COMPUTER SECURITY Prepared By: Vaibhavi Patel
  • 2. Why do we need Security?  Increased reliance on Information technology with or with out the use of networks.  The use of IT has changed our lives drastically.  We depend on E-mail, Internet banking, and several other governmental activities that use IT  Increased use of E-Commerce and the World wide web on the Internet as a vast repository of various kinds of information (immigration databases, flight tickets, stock markets etc.)
  • 3. History  In 1983, Kevin Mitnick did an intrusion on a Pentagon’s computer  Robert Tappan Morris created the first worm and sent it from MIT to the web and caused $50,000 of damages  In 1994, Vladimir Levin intruded in an American bank computer and stole 10 millions dollars  Jonathan James “c0mrade”, 16 years old, infiltrated a NASA computer in 1999 and had access to data worth 1,7 millions dollars
  • 4. Definition Branch of Computer Technology that includes protection of information and property from theft, corruption, or natural disaster allowing the information and property to remain accessible and productive to its intended users. It deals with the prevention and detection of unauthorised actions by users of a computer system.
  • 5. Prevention : ~ Helps to stop unauthorized users (known as “intruders”) from accessing any part of computer.  Detection : ~ Helps to determine whether or not anyone attempted to break into your system, if they were successful, and what they may have done.  Re-action: ~ Ensure future security needs.
  • 6. Fundamentals of Security Goals Confidentiality Integrity Avalaibility 6
  • 7. Confidentiality  Confidentiality is the avoidance of the unauthorized disclosure of information. – confidentiality involves the protection of data, providing access for those who are allowed to see it while disallowing others from learning anything about its content.  Tools for Confidentiality 1. Encryption 2. Access Control 3. Authentication 4. Authorization
  • 8. Integrity  Integrity:the property that information has not be altered in an unauthorized way.  Tools of Integrity – Backups – Checksums – Data correcting codes
  • 9. Availability  The property that information is accessible and modifiable in a timely fashion by those authorized to do so.  Tools of Availability – Physical protections – Computational redundancies
  • 10. TYPES OF SECURITY ATTACKS
  • 11. Some common attacks  Network Attacks  Packet sniffing, man-in-the-middle, Denial of Service attack, Identity Spoofing ,Password- based attacks, Session Hijacking.  Web attacks  Phishing, SQL Injection, Cross Site Scripting.  Software attacks  Malware: Virus, Trojan, Worms, Root kits, Backdoors.
  • 12. Network Attacks  Packet Sniffing  Internet traffic consists of data “packets”, and these can be “sniffed” means captured.  Leads to other attacks such as password sniffing, cookie stealing ,Session Hijacking.  Man in the Middle  Insert a router in the path between client and server, and change the packets as they pass through 12
  • 13. Denial of Service(DoS): A special kind of Internet attack aimed at large websites.  Flood a computer or the entire network with traffic until a shutdown occurs because of the overload.  Block traffic, which results in a loss of access to network resources by authorized users.  A denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended respondents  Yahoo! and e-bay were both victims of such attacks in February 2000.
  • 14. A Dos attack can be perpetrated in a number of ways. There are three basic types of attack.  Consumption of computational resources, such as band width, disk space or CPU time.  Disruption of configuration information, such as routing information.  Disruption of physical network components.  The consequences of a DoS attack:  Unusually slow network performance.  Unavailability of a particular web site.  Inability to access any web site.  Dramatic increase in the amount of spam you receive in your account.
  • 15. Identity Spoofing (IP Address Spoofing): A hijacking technique in which a cracker masquerades as a trusted host to conceal his identity, spoof a website, hijack browsers or gain access to a network.  How it works : The hijacker obtains the IP address of a legitimate host and alters packet headers so that the legitimate host appears to be the source.
  • 16. Password-based Attacks: An attack in which repetitive attempts are made to duplicate a valid logon or password sequence.  Techniques for cracking password:  Cryptography  Guessing  Dictionary based attack  After gaining access to your network with a valid account, an attacker can:  Obtain lists of valid user and computer names and network information.  Modify server and network configurations, including access controls and routing tables.  Modify, reroute, or delete your data.
  • 17. Session Hijacking: A illicit method of stealing a Web user session by obtaining data i.e session id, about an authorized user.  Session hijacking exploits computer session between two machines.  When a TCP session is established a cookie is used to verify if the session is active or not. The attacker can steal these cookies by sniffing or using the saved cookies on victim’s computer.  Types of Session Hijacking attacks 1. Active: Man-in-the-middle 2. Passive: Sniffer tools 3. Hybrid: Combination  Methods 1. Session fixation 2.Session side jacking
  • 19. Web Attacks  Phishing : It is the act of tricking someone into giving confidential information (like passwords and credit card information) on a fake web page or email form pretending to be from a legitimate company .  Some phishing e-mails also contain malicious or unwanted software that can track your activities or slow your computer.  Types of Phishing: 1. Deceptive Email 2. Malware-based 3. DNS-based 4. Search engine Phishing
  • 20. https:// 20
  • 21. Sql Injection: An attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.  The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed.  SQL injection refers to the technique of inserting SQL meta characters and commands into Web-based input fields in order to manipulate the execution of the back- end SQL queries.  Tw0 types: First-order & Second-order  Easy to inject. many websites are vulnerable to them.  Dot Defender: web app firewall, inspects HTTP traffic  Cross-site Scripting(XSS): Writing a complex JavaScript program that steals data left by other sites that you have visited in same browsing session.
  • 22. A malicious website might employ JavaScript to make changes to local system, such as copying or deleting files  A malicious website might employ JavaScript to monitor activity on local system.  A malicious website might employ JavaScript to interact with other Websites the user has open in other browser windows or tabs.  It’s called “cross-site” because it involves interactions between two separate websites to achieve its goals.
  • 23. Software Attacks  Malware : “Malicious Software” is intended to damage or disable computer systems.  Malware can be classified into several categories, depending on propagation and concealment  Propagation – Virus: human-assisted propagation – Worm: automatic propagation  Concealment – Root kit: modifies operating system to hide its existence – Trojan: provides desirable functionality but hides malicious operation
  • 24. 1. Virus  Computer program that can replicate itself and spread from one computer to another.  Types of Virus: 1. File Virus: Program file 2. Boot sector virus: Floppy and Hard drives 3. Macro Virus: Macro programming feature
  • 25. 2. Worms  Standalone malware computer program that replicates itself in order to spread to other computers.  Types of Worms: 1. Internet Worms 2.Email Worms 3.File sharing Network worms
  • 26. 3. Root Kits  It is a collection of tools that enable administrator-level access to a computer or computer networks.  Four types: 1. Virtualized: Virtual environment 2. Kernel Level: Kernel of OS 3. Library Level: Replace system calls 4. Application Level
  • 27. 4. Trojan  Malicious computer program must be executed by user.  Executable programs that perform some actions.  They have file extensions like “exe”,”com” etc.
  • 28. TYPES OF SECURITY  Information Security: The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information  Necessary tools: policy, awareness, training, education, technology  C.I.A. triangle was standard based on confidentiality, integrity, and availability
  • 30. Network Security  It consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access,misuse,modification,or denial of a computer network and network accessible resources.
  • 31. Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.  A network firewall is similar to firewalls in building construction, because in both cases they are intended to isolate one "network" or "compartment "from another.
  • 33. Firewall Policies To protect private networks and individual machines from the dangers of the greater Internet, a firewall can be employed to filter incoming or outgoing traffic based on a predefined set of rules called firewall policies.
  • 34. Virtual Private Networking (VPN)  Virtual private networking (VPN) is a technology that allows private networks to be safely extended over long physical distances by making use of a public network, such as the Internet, as a means of transport. • VPN provides guarantees of data confidentiality, integrity, and authentication, despite the use of an untrusted network for transmission. There are two primary types of VPNs, remote access VPN and site-to-site VPN.
  • 35. Intrusion Detection Systems Intrusion – Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking resources) Intrusion detection – The identification through intrusion signatures and report of intrusion activities Intrusion prevention The process of both detecting intrusion activities and managing automatic responsive actions throughout the network
  • 36. Applications Banks Private and Public sector Industries Business Transactions Cloud Computing Security Aviation National Defence Military
  • 37. References  http://www.infosecuritymag.com/articles/mar ch01/features4_battle_plans.shtml  http://www.iss.net/security_center/advice/Un derground/Hacking/Methods/Technical/  http://www.microsoft.com/  http://www.nmrc.org/faqs/www/wsec09.html  http://www.tlc.discovery.com/convergence/ha ckers/hackers.html  http://www.tuxedo.org/~esr/faqs/hacker- howto.html