Computer security
Download as PPT, PDF•0 likes•285 views
Computer security involves protecting computing systems and data from unauthorized access or modification. It aims to ensure integrity, confidentiality, reliability, and authentication of data. Complete security is impossible as networks carry both legitimate and malicious traffic, making computer security an ongoing challenge similar to crime prevention. Common security threats include password guessing, phishing, spoofing, backdoors, buffer overflows, and denial of service attacks. Protecting computers requires techniques like encryption, secure networks, antivirus software, firewalls, and safe computing practices for users.
Computer security
- 2. Introduction of CCoommppuutteerr SSeeccuurriittyy.......... What is Computer Security? • Lock the doors and windows and you are secure NOT • Call the police when you feel insecure Really? • Computers are powerful, programmable machines Whoever programs them controls them (and not you) • Networks are ubiquitous Carries genuine as well as malicious traffic End result: Complete computer security is unattainable, it is a cat and mouse game; Similar to crime vs. law enforcement.
- 3. Definition WWhhiicchh II DDeeffiinneedd AAbboouutt CCoommppuutteerr SSeeccuurriittyy…… Computer Security is the protection of computing systems and the data that User store or access. TThhee DDeeffiinniittiioonn FFrroomm WWiikkiippeeddiiaa Computer security is information security as applied to computing devices such as computers and smart phones, as well as computer networks such as private and public networks, including the Internet.
- 4. GGooaallss OOff CCoommppuutteerr sseeccuurriittyy…….. • Integrity: Guarantee that the data is what we expect. •Confidentiality: The information must just be accessible to the authorized people. •Reliability: Computers should work without having unexpected problems. •Authentication: Guarantee that only authorized persons can access to the resources.
- 6. WWhhyy iiss CCoommppuutteerr SSeeccuurriittyy IImmppoorrttaanntt??
- 7. aallssoo……..
- 8. SSeeccuurriittyy AAttttaacckkss AAttttaacckk oonn tthhee ccoommppuutteerr ssyysstteemm iittsseellff assword guessing hishing poofing ack door uffer overflow HHaavvee yyoouu eevveerr eexxppeerriieenncceedd oonnee ooff tthheessee??
- 9. PPaasssswwoorrdd GGuueessssiinngg Obvious PPhhiisshhiinngg Trick users into revealing security information SSppooooffiinngg Malicious user masquerades as authorized user BBaacckk ddoooorr A backdoor is a program placed by a black-hacker that allows him to access a system. A backdoor have many functionalities such as keyboard-sniffer, display spying, etc.
- 10. BBuuffffeerr oovveerrffllooww Defect that could cause a system to crash and leave the user with heightened privileges DDeenniiaall ooff sseerrvviiccee Attach that prevents authorized user from accessing the system MMaann iinn tthhee mmiiddddllee Network communication is intercepted in an attempt to obtain key data
- 11. MMoorree AAttttaacckkss…… 1. Packet Sniffing (Internet traffic consists of data “packets”, and these can be “sniffed”) 2. Man in the Middle(Insert a router in the path between client and server, and change the packets as they pass through) 3. DNS hijacking(Insert malicious routes into DNS tables to send traffic for genuine sites to malicious sites) 4. Phishing(An evil website pretends to be a trusted website) Example: 1. You type, by mistake, “mibank.com” instead of “mybank.com” mibank.com designs the site to look like mybank.com so the user types in their info as usual 2. BAD! Now an evil person has your info!
- 12. VViirruuss Piece of code that automatically reproduces itself. It’s attached to other programs or files, but requires user intervention to propagate. Attacks on Computer For Virus i. Infect Executable files ii. Infect Boot sectors iii. Infect Documents (macros), scripts (web pages), etc. Source of Virus It can be create itself in computer system. It also create with storage elements, mails, downloaded files or shared folders.
- 13. WWoorrmm Piece of code that automatically reproduces itself over the network. It doesn’t need the user intervention to propagate (autonomous). Attacks on Computer For Worm It infects computer via buffer overflow, file sharing, configuration errors and other vulnerabilities. What It search? It search Email addresses, DNS, IP, network neighborhood for hacking or Malicious programs Backdoor, DDoS agent, etc.
- 14. SSoocciiaall EEnnggiinneeeerriinngg •Manipulating a person or persons into divulging confidential information. Would us also have to aware about this? 1. Yes, cause Social engineers are a lot more cunning than you. 2. It also can Happen with Corporate Executive & Most of theme are fooled by this hackers.
- 15. HHeerree’’ss aa ssmmaallll EExxaammppllee ooff SSoocciiaall eennggiinneeeerr’’ss wwoorrkk....
- 16. HHooww ccaann wwee pprrootteecctt oouurr CCoommppuutteerrss & UUss ffrroomm tthhiiss kkiinndd ooff tthhrreeaattss.... For computer access 1. User knowledge (Name, password, PIN) 2. Smart card (A card with an embedded memory chip used for identification) 3. Biometrics (Human characteristics such as fingerprints, retina or voice patterns)
- 17. GGuuiiddeelliinnee FFoorr PPaasssswwoorrdd........ 1. Easy to remember, hard to guess 2. Don’t use family or pet names 3. Don’t make it accessible 4. Use combination uppercase/lowercase letters, digits and special characters 5. Don’t leave computer when logged in 6. Don’t ever tell anyone 7. Don’t include in an email 8. Don’t use the same password in lots of places
- 18. OOnn IInntteerrnneett CAPTCHA Software that verifies that the user is not another computer You have to look at a weird set of characters and key them back in. Why does this work?
- 20. Some Other Techniques of Securing Computer.... Ensuring computer and network security i. Cryptography ii. Secure networks iii. Antivirus software iv. Firewalls In addition, users have to practice “safe computing” 1. Not downloading from unsafe websites 2. Not opening attachments 3. Not trusting what you see on websites 4. Avoiding Scams
- 21. CCrryyppttooggrraapphhyy Secret Codes Encryption o Converting data to unreadable codes to prevent anyone form accessing this information. o Need a “key” to find the original data – keys take a few million-trillion years to guess. Public keys An ingenious system of proving you know your password without disclosing your password. Also used for digital signatures. o Used heavily in SSL connections. Hashing o Creating fingerprints of documents.
- 22. Conclusion Its not that easy to protect yourself or your computer from threats & attacks. But its not that much harder either. So just follow some rules & you are protected from this threats & attacks. Computer security is for protect the user. So we will follow the rules to protect ourselves.