SlideShare a Scribd company logo

Computer Security

Frederik Questier
Frederik Questier

F. Questier, Computer security, workshop for Lib@web international training program 'Management of Electronic Information and Digital Libraries', university of Antwerp, October 2015

1 of 90
Downloaded 1,997 times
Computer security Prof. dr. Frederik Questier - Vrije Universiteit Brussel Workshop for Lib@web 2015 - International Training Program @ University of Antwerp Management of Electronic Information and Digital Libraries
This presentation can be found at http://questier.com http://www.slideshare.net/Frederik_Questier
Main objectives of computer security ➢ Confidentiality ➢ of data (secrecy) ➢ of persons (privacy) ➢ access only by authorized parties ➢ Integrity ➢ data only correctly modified or deleted by authorized parties ➢ Availability ➢ correctly accessible in a timely manner ➢ the failure to meet this goal is called a denial of service
Assignment 1 personal computer security ➢ Throughout this workshop: write down all possible ways how your personal computer system could be compromised. What are the possible attack vectors?
Assignment 2: institutional data security Congratulations! You are elected member of the newly established computer and data security team in your institution. 1) Make a list of all possible risks that can have an impact on the security and stability of your data and internal and external Information & Technology services. 2) Make a list of recommendations to lower the risks.
What can go wrong? Nature ➢ lightning strike ➢ fire ➢ flood ➢ heat wave – cold wave ➢ storm weather, hurricane ➢ earthquake ➢ tsunami ➢ volcano eruption ➢ electro magnetic pulse from the sun ➢ disease of key employees
What can go wrong? Evil actions by people ➢ break in (hackers - crackers) ➢ social engineering ➢ phishing ➢ (identity) theft ➢ vandalism ➢ unhappy employees ➢ sabotage (time bomb) ➢ cyber attack, e.g. (Distributed) Denial of Service ➢ terrorism ➢ war ➢ nuclear bomb
What can go wrong? Malware (malicious software) ➢ virus ➢ worm ➢ trojan horse ➢ rootkit ➢ spyware ➢ ransomware ➢ keylogger ➢ network sniffer ➢ back door ➢ dialer
What can go wrong? Infrastructure or services problems ➢ Failure of ➢ software (bugs) ➢ hardware ➢ electricity ➢ power outage or power surge ➢ network (cable cut – saturation) ➢ airconditioning ➢ water pipes –> leak ➢ system upgrades ➢ service providers (e.g. cloud) ➢ Overload of CPU, memory, storage, network (spam)
What can go wrong? Human errors ➢ Weak security ➢ Loss of laptops, smartphones, USB-sticks, … ➢ No encryption ➢ Passwords leaks or cracks ➢ Computer console left unlocked ➢ Misunderstanding computer interface or other mistakes ➢ Deleting data ➢ Corrupting data ➢ Confiscation of machines
Tools for computer security
Tools for confidentiality Overview ➢ Authorization - Access policies - access control ➢ Authentication – identification ➢ Passwords ➢ … ➢ Encryption ➢ Virtual private networking ➢ Auditing – logging ➢ ...
Tools for integrity Overview ➢ Backups ➢ Checksums ➢ Antivirus ➢ ...
Tools for availability Overview ➢ Disaster recovery planning ➢ Physical protections ➢ Anti-theft ➢ Uninterruptible Power Supply ➢ Redundancies ➢ Intrusion-detection systems ➢ Antivirus software ➢ Firewall ➢ ...
TOOLS FOR CONFIDENTIALITY
Passwords ➢ Don't share them ➢ Not even with computer administrators ➢ Don't write them down ➢ Don't reuse them among different sites ➢ Change them often ➢ Select wise: ➢ Easy to remember ➢ Hard to guess (resistant to dictionary attacks) ➢ Password length ➢ Large set of characters (caps, lower case, numbers, symbols)
Some notorious password leaks ➢ 2014: 5M Gmail passwords ➢ 2013: 38M Adobe passwords (and source code) ➢ 2013: 250K Twitter passwords ➢ 2012: 12M Apple User IDs stolen by FBI, 1M leaked ➢ 2012: 6M LinkedIn passwords ➢ 2012: 450K plaintext Yahoo passwords ➢ 2012: 1.5M plaintext Youporn passwords ➢ 2009: 10K MS Hotmail, MSN and Live passwords
Computer Security
Johannes Weber, http://blog.webernetz.net/2013/07/30/password-strengthentropy-characters-vs-words/
Computer Security
Biometric identification ➢ Finger print ➢ Voice print ➢ Iris scan ➢ Retinal scan ➢ Convenient ➢ Relative safe ➢ But...
Danger of biometric identification?
Danger of biometric identification? ➢ You can't change your biometric password once it got leaked ➢ You can't legally refuse to give it, unlike a password (US fifth amendment)
Lock your screen when you leave
Security issues in communication PrivacyPrivacy IntegrityIntegrity AuthenticationAuthentication Non-repudiationNon-repudiation Interception Spoofing Modification Proof of parties involved
Cryptography = secret writing
Computer Security
Cipher algorithm for performing encryption or decryption ➢ Example: Caesar cipher
Computer Security
Computer Security
Computer Security
Computer Security
Great if we can exchange our messages encrypted! But how can we safely exchange our keys?
Symmetric encryption Sender and receiver must both know the same secret key How to exchange that key over distance??? Asymmetric encryption Sender only needs to know the public key of receiver!
Public key encryption The private key can unlock (decrypt) what is locked (encrypted) with the public key
Public key encryption Creation of keys
Computer Security
Computer Security
Computer Security
Computer Security
Man-in-the-middle attack ➢ How can Bob know that Alice's key is really Alice's key (and not Mallory's)?
Digital certificates Version # Serial # Signature Algorithm Issuer Name Validity Period Subject Name Subject Public Key Issuer Unique ID Subject Unique ID Extensions Digital Signature
HTTPS SSL exchange
➢ CAcert.org is a community-driven certificate authority that issues free public key certificates to the public (unlike other certificate authorities which are commercial and sell certificates). ➢ CAcert has over 200,000 verified users. ➢ These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the Internet.
Web of trust Keysigning parties
Avoid non-encrypted protocols! ➢ Encrypted protocols ➢ HTTPS ➢ SFTP ➢ SSH ➢ TOR ➢ VPN ➢ WEP (Wired Equivalent Protocol. Weak!) ➢ WPA - WPA2 Wi-Fi Protected Access ➢ Non-encrypted protocols ➢ HTTP ➢ FTP ➢ TELNET ➢ BitTorrent
Computer Security
Full disk encryption
Full disk encryption
Android encryption
Computer Security
Computer Security
Virtual drive in file container Encrypted file container.txt Mountable as virtual drive /media/encrypted-disk /Volumes/encrypted-disk E:
Computer Security
Computer Security
Virtual Private Networks extends a private (hospital) network across a public (internet) network encrypted to protect against network sniffing
Internet use through a VPN provider Sarah A. Downey, http://www.abine.com/blog/2012/petraeuss-emails-werent-private-and-neither-are-yours/
Firewall Private versus Demilitarized zone
Computer Security
Private browsing
Task: check http://donttrack.us/
= The Onion Router Free Open Source software for anonymity network
➢ Bitcoin = distributed peer-to-peer crypto-currency ➢ Log of chain of digitally-signed transactions to prevent double spending
Edward Snowden: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.”
Computer Security
You can't trust software if its source code is hidden ➢ From the European Parliament investigation into the Echelon system (05/18/2001): “If security is to be taken seriously, only those operating systems should be used whose source code has been published and checked, since only then can it be determined with certainty what happens to the data.” ➢ Cryptographer, computer security expert Bruce Schneier: “Secrecy and security aren't the same, even though it may seem that way. Only bad security relies on secrecy; good security works even if all the details of it are public." “If researchers don’t go public, things don’t get fixed. Companies don't see it as a security problem; they see it as a PR problem.” “Demand open source code for anything related to security”
The Borland Interbase example ➢ 1992-1994: Borland inserted intentional back door into Interbase (closed source database server) allowing local or remote users root access to the machine ➢ 07/2000: Borland releases source code (→ Firebird) ➢ 12/2000: Back door is discovered
Computer Security
Be aware of phishing attacks!
TOOLS FOR INTEGRITY
Make backups! Example: centralized over network
Backups ➢ Use off-site data protection = vaulting ● e.g. remote backup (compression, encryption!) ➢ First time and sometimes: full backup ➢ Most often: only incremental backup ➢ Use a good data retention scheme ➢ e.g. 7 daily, 4 weekly, 12 monthly, all yearly backups ➢ Reflect about your time for full restore ➢ Test the restore procedure! ➢ “80% of backups fail to restore”
Error detection - Checksum - cryptographic hash e.g. CRC32 (cyclic redundancy check) MD5 (message digest) SHA-3 (Secure Hash Algorithm)
Computer Security
Computer Security
Scan for malware!
Install software from trusted sources! (avoid if possible P2P or web downloads)
Apply software updates and upgrades!
Computer Security
For import documents save daily new versions as: Thesis20131030.odt Thesis20131031.odt Thesis20131101.odt ...
TOOLS FOR AVAILABILITY
Prepare for disasters! Business continuity planning = how to stay in business in the event of disaster? ➢ Disaster recovery ● Preventive measures ● Detective measures ● Corrective measures
Uninterruptible Power Supply UPS 1)Flywheel 2)Diesel generators 3)Batteries (UPS)
fault tolerance high availability redundancy fail over
RAID: Redundant Array of Independent Disks
DDoS Distributed Denial of Service
Computer Security
Questions? Thanks! Questier.com Frederik AT Questier.com www.linkedin.com/in/fquestie www.diigo.com/user/frederikquestier www.slideshare.net/Frederik_Questier
Credits ➢ Hacker - Hacking – Symbol.jpg, CC BY-SA, www.elbpresse.de ➢ Internet Archive, Copyright Bibliotheca Alexandrina, International School of Information Science (ISIS), http://www.bibalex.org/isis/large/000.jpg ➢ Password Strength, Creative Commons BY-NC http://xkcd.com/936/ ➢ Security, Creative Commons BY-NC http://xkcd.com/538/ ➢ Zimmermann Telegram, 1917, no known copyright restrictions ➢ Assymetric and symmetric encryption by Jeremy Stretch, http://packetlife.net/blog/2010/nov/23/symmetric-asymmetric-encryption-hashing/ ➢ Orange blue public key cryptography, Creative Commons CC0 by Bananenfalter ➢ HTTPS SSL Exchange by Robb Perry, http://coding.smashingmagazine.com/2012/05/17/backpack-algorithms-and-public-key-cryptography-made-easy/ ➢ Bitcoin logo, Public Domain by bitboy ➢ Bitcoin Transaction Visual, Creative Commons CC0 by Graingert ➢ Social Icons by Iconshock http://www.iconshock.com/social-icons/
This presentation was made with 100% Free Software No animals were harmed
Ad

Recommended

System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1
Vamsee Krishna Kiran
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
G Prachi
 
User authentication
User authenticationUser authentication
User authentication
CAS
 
Network Security
Network SecurityNetwork Security
Network Security
MAJU
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
NETWORK SECURITY
NETWORK SECURITYNETWORK SECURITY
NETWORK SECURITY
afaque jaya
 
System security
System securitySystem security
System security
sommerville-videos
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
Aravind R
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
Vibrant Event
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
 
Computer security design principles
Computer security design principlesComputer security design principles
Computer security design principles
Shaishav Dahal
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
n|u - The Open Security Community
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
Hitesh Mohapatra
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
Faith Zeller
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Cyber security
Cyber securityCyber security
Cyber security
ChethanMp7
 
System security
System securitySystem security
System security
invertis university
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
أحلام انصارى
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
Quick Heal Technologies Ltd.
 
Computer Security and Risks
Computer Security and RisksComputer Security and Risks
Computer Security and Risks
Miguel Rebollo
 
Ad

More Related Content

What's hot (20)

Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
Aravind R
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
Vibrant Event
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
 
Computer security design principles
Computer security design principlesComputer security design principles
Computer security design principles
Shaishav Dahal
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
n|u - The Open Security Community
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
Hitesh Mohapatra
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
Faith Zeller
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Cyber security
Cyber securityCyber security
Cyber security
ChethanMp7
 
System security
System securitySystem security
System security
invertis university
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
أحلام انصارى
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
Aravind R
 
Introduction To Computer Security
Introduction To Computer SecurityIntroduction To Computer Security
Introduction To Computer Security
Vibrant Event
 
Malware Classification and Analysis
Malware Classification and AnalysisMalware Classification and Analysis
Malware Classification and Analysis
Prashant Chopra
 
Computer security design principles
Computer security design principlesComputer security design principles
Computer security design principles
Shaishav Dahal
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
n|u - The Open Security Community
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Introduction IDS
Introduction IDSIntroduction IDS
Introduction IDS
Hitesh Mohapatra
 
Network Security
Network SecurityNetwork Security
Network Security
Manoj Singh
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
Faith Zeller
 
Network security
Network security Network security
Network security
Madhumithah Ilango
 
Introduction to penetration testing
Introduction to penetration testingIntroduction to penetration testing
Introduction to penetration testing
Nezar Alazzabi
 
Application Security
Application SecurityApplication Security
Application Security
Reggie Niccolo Santos
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
GulnurAzat
 
Cyber security
Cyber securityCyber security
Cyber security
ChethanMp7
 
System security
System securitySystem security
System security
invertis university
 
Password craking techniques
Password craking techniques Password craking techniques
Password craking techniques
أحلام انصارى
 

Viewers also liked (20)

Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
Quick Heal Technologies Ltd.
 
Computer Security and Risks
Computer Security and RisksComputer Security and Risks
Computer Security and Risks
Miguel Rebollo
 
Security
SecuritySecurity
Security
AyushiGupta3123
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Search Engines
Search EnginesSearch Engines
Search Engines
Shamprasad Pujar
 
Introduction to database
Introduction to databaseIntroduction to database
Introduction to database
Pongsakorn U-chupala
 
Database management system presentation
Database management system presentationDatabase management system presentation
Database management system presentation
sameerraaj
 
02 introduction to network security
02 introduction to network security02 introduction to network security
02 introduction to network security
Joe McCarthy
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardChapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption Standard
Shafaan Khaliq Bhatti
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
babak danyal
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
srivijaymanickam
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
university of education,Lahore
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
university of education,Lahore
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Security
babak danyal
 
block ciphers
block ciphersblock ciphers
block ciphers
Asad Ali
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
PriSim
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & Attacks
Netwax Lab
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Network Attacks
Network AttacksNetwork Attacks
Network Attacks
SecurityTube.Net
 
Data Base Management System
Data Base Management SystemData Base Management System
Data Base Management System
Dr. C.V. Suresh Babu
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
Quick Heal Technologies Ltd.
 
Computer Security and Risks
Computer Security and RisksComputer Security and Risks
Computer Security and Risks
Miguel Rebollo
 
Security
SecuritySecurity
Security
AyushiGupta3123
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
Arzath Areeff
 
Search Engines
Search EnginesSearch Engines
Search Engines
Shamprasad Pujar
 
Introduction to database
Introduction to databaseIntroduction to database
Introduction to database
Pongsakorn U-chupala
 
Database management system presentation
Database management system presentationDatabase management system presentation
Database management system presentation
sameerraaj
 
02 introduction to network security
02 introduction to network security02 introduction to network security
02 introduction to network security
Joe McCarthy
 
Chapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption StandardChapter 3: Block Ciphers and the Data Encryption Standard
Chapter 3: Block Ciphers and the Data Encryption Standard
Shafaan Khaliq Bhatti
 
Network Security 1st Lecture
Network Security 1st LectureNetwork Security 1st Lecture
Network Security 1st Lecture
babak danyal
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
srivijaymanickam
 
Classical Encryption Techniques
Classical Encryption TechniquesClassical Encryption Techniques
Classical Encryption Techniques
university of education,Lahore
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
university of education,Lahore
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Security
babak danyal
 
block ciphers
block ciphersblock ciphers
block ciphers
Asad Ali
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
PriSim
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & Attacks
Netwax Lab
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internet
Rohan Bharadwaj
 
Network Attacks
Network AttacksNetwork Attacks
Network Attacks
SecurityTube.Net
 
Data Base Management System
Data Base Management SystemData Base Management System
Data Base Management System
Dr. C.V. Suresh Babu
 
Ad

Similar to Computer Security (20)

Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data Security
Frederik Questier
 
Dos and Dont to be followed to protect information and technology
Dos and Dont to be followed to protect information and technologyDos and Dont to be followed to protect information and technology
Dos and Dont to be followed to protect information and technology
ssuser3baba2
 
Computer security
Computer securityComputer security
Computer security
RoshanMaharjan13
 
2.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-112.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-11
mrmwood
 
Notacd02
Notacd02Notacd02
Notacd02
cikgushaharizan
 
Notacd02
Notacd02Notacd02
Notacd02
Azmiah Mahmud
 
Security Measures
Security MeasuresSecurity Measures
Security Measures
Syazzey Waniey II
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Cengage Learning
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and Privacy
Jan Wong
 
Data security
Data securityData security
Data security
Soumen Mondal
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
KnownId
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
Internet Security
Internet SecurityInternet Security
Internet Security
JainamParikh3
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docx
juliennehar
 
Free Guide-to-cybersecurity-fundamentals.pdf
Free Guide-to-cybersecurity-fundamentals.pdfFree Guide-to-cybersecurity-fundamentals.pdf
Free Guide-to-cybersecurity-fundamentals.pdf
Varinder K
 
Basic_computerHygiene
Basic_computerHygieneBasic_computerHygiene
Basic_computerHygiene
EricK Gasana
 
New internet security
New internet securityNew internet security
New internet security
university of mumbai
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet security
university of mumbai
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProject
Kaley Hair
 
SAFETY AND SECURITY.pptx SAFETY AND SECURITY.pptx
SAFETY AND SECURITY.pptx SAFETY AND SECURITY.pptxSAFETY AND SECURITY.pptx SAFETY AND SECURITY.pptx
SAFETY AND SECURITY.pptx SAFETY AND SECURITY.pptx
anovalexter
 
Computer & Data Security
Computer & Data SecurityComputer & Data Security
Computer & Data Security
Frederik Questier
 
Dos and Dont to be followed to protect information and technology
Dos and Dont to be followed to protect information and technologyDos and Dont to be followed to protect information and technology
Dos and Dont to be followed to protect information and technology
ssuser3baba2
 
Computer security
Computer securityComputer security
Computer security
RoshanMaharjan13
 
2.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-112.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-11
mrmwood
 
Notacd02
Notacd02Notacd02
Notacd02
cikgushaharizan
 
Notacd02
Notacd02Notacd02
Notacd02
Azmiah Mahmud
 
Security Measures
Security MeasuresSecurity Measures
Security Measures
Syazzey Waniey II
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Cengage Learning
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and Privacy
Jan Wong
 
Data security
Data securityData security
Data security
Soumen Mondal
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
KnownId
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
Internet Security
Internet SecurityInternet Security
Internet Security
JainamParikh3
 
Topic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docxTopic #17 IT Security ITSecurityIncidentsA.docx
Topic #17 IT Security ITSecurityIncidentsA.docx
juliennehar
 
Free Guide-to-cybersecurity-fundamentals.pdf
Free Guide-to-cybersecurity-fundamentals.pdfFree Guide-to-cybersecurity-fundamentals.pdf
Free Guide-to-cybersecurity-fundamentals.pdf
Varinder K
 
Basic_computerHygiene
Basic_computerHygieneBasic_computerHygiene
Basic_computerHygiene
EricK Gasana
 
New internet security
New internet securityNew internet security
New internet security
university of mumbai
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet security
university of mumbai
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProject
Kaley Hair
 
SAFETY AND SECURITY.pptx SAFETY AND SECURITY.pptx
SAFETY AND SECURITY.pptx SAFETY AND SECURITY.pptxSAFETY AND SECURITY.pptx SAFETY AND SECURITY.pptx
SAFETY AND SECURITY.pptx SAFETY AND SECURITY.pptx
anovalexter
 
Ad

More from Frederik Questier (20)

Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software Development
Frederik Questier
 
OER & Copyrights
OER & CopyrightsOER & Copyrights
OER & Copyrights
Frederik Questier
 
Plagiarism prevention and detection
Plagiarism prevention and detectionPlagiarism prevention and detection
Plagiarism prevention and detection
Frederik Questier
 
FLOSS strategies & policies
FLOSS strategies & policiesFLOSS strategies & policies
FLOSS strategies & policies
Frederik Questier
 
Open e-learning - MarMOOC experiences - Cuba
Open e-learning - MarMOOC experiences - CubaOpen e-learning - MarMOOC experiences - Cuba
Open e-learning - MarMOOC experiences - Cuba
Frederik Questier
 
Open learning experiences from the MarMOOC project presented at BDU
Open learning experiences from the MarMOOC project presented at BDUOpen learning experiences from the MarMOOC project presented at BDU
Open learning experiences from the MarMOOC project presented at BDU
Frederik Questier
 
Open learning Experiences from the MarMOOC project (presented at UHo)
Open learning Experiences from the MarMOOC project (presented at UHo)Open learning Experiences from the MarMOOC project (presented at UHo)
Open learning Experiences from the MarMOOC project (presented at UHo)
Frederik Questier
 
Open learning Experiences from the MarMOOC project
Open learning Experiences from the MarMOOC projectOpen learning Experiences from the MarMOOC project
Open learning Experiences from the MarMOOC project
Frederik Questier
 
FLOSS development
FLOSS developmentFLOSS development
FLOSS development
Frederik Questier
 
Authentication options for Open edX: focus on OAuth and OpenID
Authentication options for Open edX: focus on OAuth and OpenIDAuthentication options for Open edX: focus on OAuth and OpenID
Authentication options for Open edX: focus on OAuth and OpenID
Frederik Questier
 
E-learning design models - Primer for (educational) technologists
E-learning design models - Primer for (educational) technologistsE-learning design models - Primer for (educational) technologists
E-learning design models - Primer for (educational) technologists
Frederik Questier
 
MOOCs & Openness
MOOCs & OpennessMOOCs & Openness
MOOCs & Openness
Frederik Questier
 
New learning paradigms and learning technologies
New learning paradigms and learning technologiesNew learning paradigms and learning technologies
New learning paradigms and learning technologies
Frederik Questier
 
Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...
Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...
Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...
Frederik Questier
 
Students' Experiential Knowledge Production in the Teaching-Learning Process ...
Students' Experiential Knowledge Production in the Teaching-Learning Process ...Students' Experiential Knowledge Production in the Teaching-Learning Process ...
Students' Experiential Knowledge Production in the Teaching-Learning Process ...
Frederik Questier
 
Institutional strategies for educational innovation and e-learning
Institutional strategies for educational innovation and e-learningInstitutional strategies for educational innovation and e-learning
Institutional strategies for educational innovation and e-learning
Frederik Questier
 
New learning paradigms and technologies
New learning paradigms and technologiesNew learning paradigms and technologies
New learning paradigms and technologies
Frederik Questier
 
Free & Open Source Software (2017 update)
Free & Open Source Software (2017 update)Free & Open Source Software (2017 update)
Free & Open Source Software (2017 update)
Frederik Questier
 
Challenges for 21st century education and blended learning
Challenges for 21st century education and blended learningChallenges for 21st century education and blended learning
Challenges for 21st century education and blended learning
Frederik Questier
 
FLOSS & OER
FLOSS & OERFLOSS & OER
FLOSS & OER
Frederik Questier
 
Free Libre Open Source Software Development
Free Libre Open Source Software DevelopmentFree Libre Open Source Software Development
Free Libre Open Source Software Development
Frederik Questier
 
OER & Copyrights
OER & CopyrightsOER & Copyrights
OER & Copyrights
Frederik Questier
 
Plagiarism prevention and detection
Plagiarism prevention and detectionPlagiarism prevention and detection
Plagiarism prevention and detection
Frederik Questier
 
FLOSS strategies & policies
FLOSS strategies & policiesFLOSS strategies & policies
FLOSS strategies & policies
Frederik Questier
 
Open e-learning - MarMOOC experiences - Cuba
Open e-learning - MarMOOC experiences - CubaOpen e-learning - MarMOOC experiences - Cuba
Open e-learning - MarMOOC experiences - Cuba
Frederik Questier
 
Open learning experiences from the MarMOOC project presented at BDU
Open learning experiences from the MarMOOC project presented at BDUOpen learning experiences from the MarMOOC project presented at BDU
Open learning experiences from the MarMOOC project presented at BDU
Frederik Questier
 
Open learning Experiences from the MarMOOC project (presented at UHo)
Open learning Experiences from the MarMOOC project (presented at UHo)Open learning Experiences from the MarMOOC project (presented at UHo)
Open learning Experiences from the MarMOOC project (presented at UHo)
Frederik Questier
 
Open learning Experiences from the MarMOOC project
Open learning Experiences from the MarMOOC projectOpen learning Experiences from the MarMOOC project
Open learning Experiences from the MarMOOC project
Frederik Questier
 
FLOSS development
FLOSS developmentFLOSS development
FLOSS development
Frederik Questier
 
Authentication options for Open edX: focus on OAuth and OpenID
Authentication options for Open edX: focus on OAuth and OpenIDAuthentication options for Open edX: focus on OAuth and OpenID
Authentication options for Open edX: focus on OAuth and OpenID
Frederik Questier
 
E-learning design models - Primer for (educational) technologists
E-learning design models - Primer for (educational) technologistsE-learning design models - Primer for (educational) technologists
E-learning design models - Primer for (educational) technologists
Frederik Questier
 
MOOCs & Openness
MOOCs & OpennessMOOCs & Openness
MOOCs & Openness
Frederik Questier
 
New learning paradigms and learning technologies
New learning paradigms and learning technologiesNew learning paradigms and learning technologies
New learning paradigms and learning technologies
Frederik Questier
 
Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...
Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...
Free Libre And Open Source Software Acceptance in The Cuban Higher Educationa...
Frederik Questier
 
Students' Experiential Knowledge Production in the Teaching-Learning Process ...
Students' Experiential Knowledge Production in the Teaching-Learning Process ...Students' Experiential Knowledge Production in the Teaching-Learning Process ...
Students' Experiential Knowledge Production in the Teaching-Learning Process ...
Frederik Questier
 
Institutional strategies for educational innovation and e-learning
Institutional strategies for educational innovation and e-learningInstitutional strategies for educational innovation and e-learning
Institutional strategies for educational innovation and e-learning
Frederik Questier
 
New learning paradigms and technologies
New learning paradigms and technologiesNew learning paradigms and technologies
New learning paradigms and technologies
Frederik Questier
 
Free & Open Source Software (2017 update)
Free & Open Source Software (2017 update)Free & Open Source Software (2017 update)
Free & Open Source Software (2017 update)
Frederik Questier
 
Challenges for 21st century education and blended learning
Challenges for 21st century education and blended learningChallenges for 21st century education and blended learning
Challenges for 21st century education and blended learning
Frederik Questier
 
FLOSS & OER
FLOSS & OERFLOSS & OER
FLOSS & OER
Frederik Questier
 

Recently uploaded (20)

Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Drupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy ConsumptionDrupalcamp Finland – Measuring Front-end Energy Consumption
Drupalcamp Finland – Measuring Front-end Energy Consumption
Exove
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded DevelopersLinux Support for SMARC: How Toradex Empowers Embedded Developers
Linux Support for SMARC: How Toradex Empowers Embedded Developers
Toradex
 
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxDevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptx
Justin Reock
 
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...
organizerofv
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Technology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data AnalyticsTechnology Trends in 2025: AI and Big Data Analytics
Technology Trends in 2025: AI and Big Data Analytics
InData Labs
 
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...
TrustArc
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Massive Power Outage Hits Spain, Portugal, and France: Causes, Impact, and On...
Aqusag Technologies
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)Into The Box Conference Keynote Day 1 (ITB2025)
Into The Box Conference Keynote Day 1 (ITB2025)
Ortus Solutions, Corp
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 

Computer Security

  • 1. Computer security Prof. dr. Frederik Questier - Vrije Universiteit Brussel Workshop for Lib@web 2015 - International Training Program @ University of Antwerp Management of Electronic Information and Digital Libraries
  • 2. This presentation can be found at http://questier.com http://www.slideshare.net/Frederik_Questier
  • 3. Main objectives of computer security ➢ Confidentiality ➢ of data (secrecy) ➢ of persons (privacy) ➢ access only by authorized parties ➢ Integrity ➢ data only correctly modified or deleted by authorized parties ➢ Availability ➢ correctly accessible in a timely manner ➢ the failure to meet this goal is called a denial of service
  • 4. Assignment 1 personal computer security ➢ Throughout this workshop: write down all possible ways how your personal computer system could be compromised. What are the possible attack vectors?
  • 5. Assignment 2: institutional data security Congratulations! You are elected member of the newly established computer and data security team in your institution. 1) Make a list of all possible risks that can have an impact on the security and stability of your data and internal and external Information & Technology services. 2) Make a list of recommendations to lower the risks.
  • 6. What can go wrong? Nature ➢ lightning strike ➢ fire ➢ flood ➢ heat wave – cold wave ➢ storm weather, hurricane ➢ earthquake ➢ tsunami ➢ volcano eruption ➢ electro magnetic pulse from the sun ➢ disease of key employees
  • 7. What can go wrong? Evil actions by people ➢ break in (hackers - crackers) ➢ social engineering ➢ phishing ➢ (identity) theft ➢ vandalism ➢ unhappy employees ➢ sabotage (time bomb) ➢ cyber attack, e.g. (Distributed) Denial of Service ➢ terrorism ➢ war ➢ nuclear bomb
  • 8. What can go wrong? Malware (malicious software) ➢ virus ➢ worm ➢ trojan horse ➢ rootkit ➢ spyware ➢ ransomware ➢ keylogger ➢ network sniffer ➢ back door ➢ dialer
  • 9. What can go wrong? Infrastructure or services problems ➢ Failure of ➢ software (bugs) ➢ hardware ➢ electricity ➢ power outage or power surge ➢ network (cable cut – saturation) ➢ airconditioning ➢ water pipes –> leak ➢ system upgrades ➢ service providers (e.g. cloud) ➢ Overload of CPU, memory, storage, network (spam)
  • 10. What can go wrong? Human errors ➢ Weak security ➢ Loss of laptops, smartphones, USB-sticks, … ➢ No encryption ➢ Passwords leaks or cracks ➢ Computer console left unlocked ➢ Misunderstanding computer interface or other mistakes ➢ Deleting data ➢ Corrupting data ➢ Confiscation of machines
  • 11. Tools for computer security
  • 12. Tools for confidentiality Overview ➢ Authorization - Access policies - access control ➢ Authentication – identification ➢ Passwords ➢ … ➢ Encryption ➢ Virtual private networking ➢ Auditing – logging ➢ ...
  • 13. Tools for integrity Overview ➢ Backups ➢ Checksums ➢ Antivirus ➢ ...
  • 14. Tools for availability Overview ➢ Disaster recovery planning ➢ Physical protections ➢ Anti-theft ➢ Uninterruptible Power Supply ➢ Redundancies ➢ Intrusion-detection systems ➢ Antivirus software ➢ Firewall ➢ ...
  • 16. Passwords ➢ Don't share them ➢ Not even with computer administrators ➢ Don't write them down ➢ Don't reuse them among different sites ➢ Change them often ➢ Select wise: ➢ Easy to remember ➢ Hard to guess (resistant to dictionary attacks) ➢ Password length ➢ Large set of characters (caps, lower case, numbers, symbols)
  • 17. Some notorious password leaks ➢ 2014: 5M Gmail passwords ➢ 2013: 38M Adobe passwords (and source code) ➢ 2013: 250K Twitter passwords ➢ 2012: 12M Apple User IDs stolen by FBI, 1M leaked ➢ 2012: 6M LinkedIn passwords ➢ 2012: 450K plaintext Yahoo passwords ➢ 2012: 1.5M plaintext Youporn passwords ➢ 2009: 10K MS Hotmail, MSN and Live passwords
  • 21. Biometric identification ➢ Finger print ➢ Voice print ➢ Iris scan ➢ Retinal scan ➢ Convenient ➢ Relative safe ➢ But...
  • 23. Danger of biometric identification? ➢ You can't change your biometric password once it got leaked ➢ You can't legally refuse to give it, unlike a password (US fifth amendment)
  • 24. Lock your screen when you leave
  • 25. Security issues in communication PrivacyPrivacy IntegrityIntegrity AuthenticationAuthentication Non-repudiationNon-repudiation Interception Spoofing Modification Proof of parties involved
  • 28. Cipher algorithm for performing encryption or decryption ➢ Example: Caesar cipher
  • 33. Great if we can exchange our messages encrypted! But how can we safely exchange our keys?
  • 34. Symmetric encryption Sender and receiver must both know the same secret key How to exchange that key over distance??? Asymmetric encryption Sender only needs to know the public key of receiver!
  • 35. Public key encryption The private key can unlock (decrypt) what is locked (encrypted) with the public key
  • 41. Man-in-the-middle attack ➢ How can Bob know that Alice's key is really Alice's key (and not Mallory's)?
  • 42. Digital certificates Version # Serial # Signature Algorithm Issuer Name Validity Period Subject Name Subject Public Key Issuer Unique ID Subject Unique ID Extensions Digital Signature
  • 44. ➢ CAcert.org is a community-driven certificate authority that issues free public key certificates to the public (unlike other certificate authorities which are commercial and sell certificates). ➢ CAcert has over 200,000 verified users. ➢ These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the Internet.
  • 46. Avoid non-encrypted protocols! ➢ Encrypted protocols ➢ HTTPS ➢ SFTP ➢ SSH ➢ TOR ➢ VPN ➢ WEP (Wired Equivalent Protocol. Weak!) ➢ WPA - WPA2 Wi-Fi Protected Access ➢ Non-encrypted protocols ➢ HTTP ➢ FTP ➢ TELNET ➢ BitTorrent
  • 53. Virtual drive in file container Encrypted file container.txt Mountable as virtual drive /media/encrypted-disk /Volumes/encrypted-disk E:
  • 56. Virtual Private Networks extends a private (hospital) network across a public (internet) network encrypted to protect against network sniffing
  • 57. Internet use through a VPN provider Sarah A. Downey, http://www.abine.com/blog/2012/petraeuss-emails-werent-private-and-neither-are-yours/
  • 62. = The Onion Router Free Open Source software for anonymity network
  • 63. ➢ Bitcoin = distributed peer-to-peer crypto-currency ➢ Log of chain of digitally-signed transactions to prevent double spending
  • 64. Edward Snowden: “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.”
  • 66. You can't trust software if its source code is hidden ➢ From the European Parliament investigation into the Echelon system (05/18/2001): “If security is to be taken seriously, only those operating systems should be used whose source code has been published and checked, since only then can it be determined with certainty what happens to the data.” ➢ Cryptographer, computer security expert Bruce Schneier: “Secrecy and security aren't the same, even though it may seem that way. Only bad security relies on secrecy; good security works even if all the details of it are public." “If researchers don’t go public, things don’t get fixed. Companies don't see it as a security problem; they see it as a PR problem.” “Demand open source code for anything related to security”
  • 67. The Borland Interbase example ➢ 1992-1994: Borland inserted intentional back door into Interbase (closed source database server) allowing local or remote users root access to the machine ➢ 07/2000: Borland releases source code (→ Firebird) ➢ 12/2000: Back door is discovered
  • 69. Be aware of phishing attacks!
  • 72. Backups ➢ Use off-site data protection = vaulting ● e.g. remote backup (compression, encryption!) ➢ First time and sometimes: full backup ➢ Most often: only incremental backup ➢ Use a good data retention scheme ➢ e.g. 7 daily, 4 weekly, 12 monthly, all yearly backups ➢ Reflect about your time for full restore ➢ Test the restore procedure! ➢ “80% of backups fail to restore”
  • 73. Error detection - Checksum - cryptographic hash e.g. CRC32 (cyclic redundancy check) MD5 (message digest) SHA-3 (Secure Hash Algorithm)
  • 77. Install software from trusted sources! (avoid if possible P2P or web downloads)
  • 78. Apply software updates and upgrades!
  • 80. For import documents save daily new versions as: Thesis20131030.odt Thesis20131031.odt Thesis20131101.odt ...
  • 82. Prepare for disasters! Business continuity planning = how to stay in business in the event of disaster? ➢ Disaster recovery ● Preventive measures ● Detective measures ● Corrective measures
  • 85. RAID: Redundant Array of Independent Disks
  • 88. Questions? Thanks! Questier.com Frederik AT Questier.com www.linkedin.com/in/fquestie www.diigo.com/user/frederikquestier www.slideshare.net/Frederik_Questier
  • 89. Credits ➢ Hacker - Hacking – Symbol.jpg, CC BY-SA, www.elbpresse.de ➢ Internet Archive, Copyright Bibliotheca Alexandrina, International School of Information Science (ISIS), http://www.bibalex.org/isis/large/000.jpg ➢ Password Strength, Creative Commons BY-NC http://xkcd.com/936/ ➢ Security, Creative Commons BY-NC http://xkcd.com/538/ ➢ Zimmermann Telegram, 1917, no known copyright restrictions ➢ Assymetric and symmetric encryption by Jeremy Stretch, http://packetlife.net/blog/2010/nov/23/symmetric-asymmetric-encryption-hashing/ ➢ Orange blue public key cryptography, Creative Commons CC0 by Bananenfalter ➢ HTTPS SSL Exchange by Robb Perry, http://coding.smashingmagazine.com/2012/05/17/backpack-algorithms-and-public-key-cryptography-made-easy/ ➢ Bitcoin logo, Public Domain by bitboy ➢ Bitcoin Transaction Visual, Creative Commons CC0 by Graingert ➢ Social Icons by Iconshock http://www.iconshock.com/social-icons/
  • 90. This presentation was made with 100% Free Software No animals were harmed