SlideShare a Scribd company logo

Lecture2-InforSec-Computer and Internet security.pptx

Download as PPTX, PDF
M
markhorid1

Lecture2-InforSec-Computer and Internet security.pptx

1 of 20
Download to read offline
INFORMATION SECURITY LECTURE 2 1
SECURITY IN COMPUTERS  Two main types; External and Internal Security  External security: Securing computer against external factors such as fires, floods, earthquakes, stolen disks/tapes, etc. by maintaining adequate backup, using security guards, allowing access to sensitive information to only trusted employees/users, etc.  Internal security: User authentication, access control, and cryptography mechanisms
INFORMATION SECURITY  Security in Computers  Authentication: Verifying the identity of a user (person or program) before permitting access to the requested resource  Access Control: Once authenticated, access control mechanisms prohibit a user/process from accessing those resources/information that he/she/it is not authorized to access  Cryptography: Means of encrypting private information so that unauthorized access cannot use information
AUTHENTICATION  Computer-to-computer authentication  computers can remember high-quality cryptographic keys and perform cryptographic operations  Human-to-computer authentication  humans cannot store large keys  humans cannot accurately or efficiently perform cryptographic operations  That’s why we need special methods for authenticating humans
AUTHENTICATION  There are three main ways of authenticating a human:  Something you know  A password,  cryptographic key, or  the correct answer to a challenge-response test  Something you own  A physical key,  security card, or  a one-time password generator  Something you are  Some biometric measurement (facial features, fingerprint, retina scan, or voice print etc.)
INFORMATION SECURITY  Attacks in Computer Security:  Virus: a potentially damaging computer program, can spread (by replicating) and damage files  Trojan horse: a script that hides within or looks like a legitimate file (data) until triggered, but it does not replicate itself on other computers  Spyware: a program placed on computer without user knowledge, tracks and sends user activity to the other (spying) computer  Adware: a program that, without user’s consent, displays online advertisements  Spam: an unsolicited e-mail message (usually commercial) sent to many recipients  Phishing: a scam in which a perpetrator sends an official looking e-mail that attempts to obtain your personal information
INFORMATION SECURITY  Attacks in Computer Security:  Malicious Code:  The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information.  Other forms of malware include covert software applications—bots, spyware, and adware.  A bot (an abbreviation of robot) is “an automated software program that executes certain commands when it receives a specific input”.  Bots are often the technology used to implement Trojan horses, logic bombs, back doors, and spyware.
INFORMATION SECURITY  Attacks in Computer Security: Hoaxes:  A more devious attack on computer systems is the transmission of a virus hoax with a real virus attached.  When the attack is masked in a seemingly legitimate message, unsuspecting users more readily distribute it. Back Doors:  Using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource through a back door. Password Crack:  Attempting to reverse-calculate a password is often called cracking.  It is used when a copy of the Security Account Manager (SAM) data file, which contains hashed representation of the user’s password, can be obtained.
INFORMATION SECURITY  Attacks in Computer Security: Brute Force:  The application of computing and network resources which try every possible password combination is called a brute force attack.  Often used to obtain passwords to commonly used accounts, it is sometimes called a password attack.  Dictionary:  The dictionary attack is a variation of the brute force attack which narrows the field by selecting specific target accounts and using a list of commonly used passwords (the dictionary) instead of random combinations.  Organizations can use similar dictionaries to disallow passwords during the reset process and thus guard against easy-to-guess passwords.  Remedy: Rules requiring numbers and/or special characters in passwords make the dictionary attack less effective.
INFORMATION SECURITY  Attacks in Computer Security: Denial-of- Service Attack (DoS) & Distributed Denial-of- Service Attack (DDoS) • In a Denial-of-Service (DoS) attack, the attacker sends a large number of connection or information requests to a target. • The target system becomes overloaded and cannot respond to legitimate requests for service. • A distributed denial-of-service (DDoS) is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. • DDoS attacks are preceded by a preparation phase in which many systems, perhaps thousands, are compromised. • The compromised machines are turned into zombies. • Machines that are directed remotely by the attacker to participate in the attack.
INFORMATION SECURITY  Attacks in Computer Security: Spoofing • A technique used to gain unauthorized access to computers. • The intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host. • The hackers use a variety of techniques to obtain trusted IP addresses, and then modify the packet headers to insert these forged addresses.
INFORMATION SECURITY  Attacks in Computer Security: Man-in-the –Middle: Also called TCP Hijacking. An attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. This type of attack uses IP spoofing to enable an attacker to impersonate another entity on the network. It allows the attacker to eavesdrop as well as to change, delete, reroute, add, forge, or divert data.
INFORMATION SECURITY  Attacks in Computer Security: Mail Bomber: Another form of e-mail attack. Also a DoS is called a mail bomb. An attacker routes large quantities of e-mail to the target.
SECURITY PRINCIPLES TO FOLLOW  Turn off file sharing  Disable Wi-Fi and Bluetooth if not needed  Turn off automatic connections  Install an antivirus program on all your computers  Think twice before posting your personal information online  Never open an e-mail attachment unless you are expecting it and it is from a trusted source  Install a personal firewall program  Disable file and printer sharing on Internet connection  Always have strong passwords  Limit the amount of information you provide to websites; fill in only required information  Clear your history file when you are finished browsing
INFORMATION SECURITY CNSS Security Model:  CNSS - Committee on National Security Systems  The model, created by John McCumber in 1991, provides a graphical representation of the architectural approach widely used in computer and information security.  It is now known as the McCumber Cube.  Shows three dimensions. If extrapolated, the three dimensions of each axis become a 3x3x3 cube with 27 cells representing areas that must be addressed to secure today’s information systems.
INFORMATION SECURITY CNSS Security Model:  To ensure system security, each of the 27 areas must be properly addressed during the security process.  Example:  The intersection between technology, integrity, and storage requires a control or safeguard that addresses the need to use technology to protect the integrity of information while in storage.  One such control might be a system for detecting host intrusion.  That protects the integrity of information by alerting the security administrators to the potential modification of a critical file.
INFORMATION SECURITY  Security Mechanisms:  Encipherment:  The use of mechanical algorithms to transform data into a form that is not readily understandable.  Digital Signatures:  Data appended to or a cryptographic transformation of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g. by the recipient)  Access Control:  A variety of mechanisms that enforce access rights to resources.  Data Integrity:  A variety of mechanisms use to assure the integrity of the data unit or stream of data units.
INFORMATION SECURITY  Security Mechanisms:  Authentication Exchange:  A mechanism intended to ensure the identity of an entity by means of information exchange.  Traffic Padding:  The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.  Routing Control:  Enables selection of particular secure routes for certain data and allows routing changes, especially when a breach of security is suspected.
THREATS TO INFORMATION SECURITY
INFORMATION SECURITY
Ad

Recommended

cybersecurity
cybersecuritycybersecurity
cybersecurity
maha797959
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
RAVIKUMAR Digital Signal Processing
 
Lec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesLec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devices
BilalMehmood44
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
Computer security
Computer securityComputer security
Computer security
sruthiKrishnaG
 
INTERNETSECURITY with the different threats
INTERNETSECURITY with the different threatsINTERNETSECURITY with the different threats
INTERNETSECURITY with the different threats
PrabinPathak5
 
Data security
Data securityData security
Data security
Soumen Mondal
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Computer Security
Computer SecurityComputer Security
Computer Security
Vaibhavi Patel
 
Computer Security
Computer SecurityComputer Security
Computer Security
Vaibhavi Patel
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
dpd
 
Network security and cyber law (1).pptx
Network security and cyber law (1).pptxNetwork security and cyber law (1).pptx
Network security and cyber law (1).pptx
arpanjakhmola007
 
Cybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Cybersecurity : Tips and Tools to Properly Protect Your Digital AssetsCybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Cybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Samuel862293
 
Computer security 7.pptx
Computer security 7.pptxComputer security 7.pptx
Computer security 7.pptx
Khappiyo
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
Nitesh Dubey
 
Computing safety ryr
Computing safety ryrComputing safety ryr
Computing safety ryr
ryrsyd
 
CNS unit -1.docx
CNS unit -1.docxCNS unit -1.docx
CNS unit -1.docx
Padamata Rameshbabu
 
why security is needed
why security is neededwhy security is needed
why security is needed
sourov_das
 
IT Security.pdf
IT Security.pdfIT Security.pdf
IT Security.pdf
ManassahIjudigal
 
Cyber security
Cyber security Cyber security
Cyber security
ankit yadav
 
COMPUTER SECURITY in Information Security
COMPUTER SECURITY in Information SecurityCOMPUTER SECURITY in Information Security
COMPUTER SECURITY in Information Security
EdFeranil
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
Sripati Mahapatra
 
MODELING THREATS HAER YERE SINIRR JKOA A
MODELING THREATS HAER YERE SINIRR JKOA AMODELING THREATS HAER YERE SINIRR JKOA A
MODELING THREATS HAER YERE SINIRR JKOA A
juan60m3zz
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
srtwgwfwwgw
 
Computer security and
Computer security andComputer security and
Computer security and
Rana Usman Sattar
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptx
babepa2317
 
Security communication
Security communicationSecurity communication
Security communication
Say Shyong
 
Anti-Depressants pharmacology 1slide.pptx
Anti-Depressants pharmacology 1slide.pptxAnti-Depressants pharmacology 1slide.pptx
Anti-Depressants pharmacology 1slide.pptx
Mayuri Chavan
 
Presentation of the MIPLM subject matter expert Erdem Kaya
Presentation of the MIPLM subject matter expert Erdem KayaPresentation of the MIPLM subject matter expert Erdem Kaya
Presentation of the MIPLM subject matter expert Erdem Kaya
MIPLM
 
Ad

More Related Content

Similar to Lecture2-InforSec-Computer and Internet security.pptx (20)

Computer Security
Computer SecurityComputer Security
Computer Security
Vaibhavi Patel
 
Computer Security
Computer SecurityComputer Security
Computer Security
Vaibhavi Patel
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
dpd
 
Network security and cyber law (1).pptx
Network security and cyber law (1).pptxNetwork security and cyber law (1).pptx
Network security and cyber law (1).pptx
arpanjakhmola007
 
Cybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Cybersecurity : Tips and Tools to Properly Protect Your Digital AssetsCybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Cybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Samuel862293
 
Computer security 7.pptx
Computer security 7.pptxComputer security 7.pptx
Computer security 7.pptx
Khappiyo
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
Nitesh Dubey
 
Computing safety ryr
Computing safety ryrComputing safety ryr
Computing safety ryr
ryrsyd
 
CNS unit -1.docx
CNS unit -1.docxCNS unit -1.docx
CNS unit -1.docx
Padamata Rameshbabu
 
why security is needed
why security is neededwhy security is needed
why security is needed
sourov_das
 
IT Security.pdf
IT Security.pdfIT Security.pdf
IT Security.pdf
ManassahIjudigal
 
Cyber security
Cyber security Cyber security
Cyber security
ankit yadav
 
COMPUTER SECURITY in Information Security
COMPUTER SECURITY in Information SecurityCOMPUTER SECURITY in Information Security
COMPUTER SECURITY in Information Security
EdFeranil
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
Sripati Mahapatra
 
MODELING THREATS HAER YERE SINIRR JKOA A
MODELING THREATS HAER YERE SINIRR JKOA AMODELING THREATS HAER YERE SINIRR JKOA A
MODELING THREATS HAER YERE SINIRR JKOA A
juan60m3zz
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
srtwgwfwwgw
 
Computer security and
Computer security andComputer security and
Computer security and
Rana Usman Sattar
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptx
babepa2317
 
Security communication
Security communicationSecurity communication
Security communication
Say Shyong
 
Computer Security
Computer SecurityComputer Security
Computer Security
Vaibhavi Patel
 
Computer Security
Computer SecurityComputer Security
Computer Security
Vaibhavi Patel
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
dpd
 
Network security and cyber law (1).pptx
Network security and cyber law (1).pptxNetwork security and cyber law (1).pptx
Network security and cyber law (1).pptx
arpanjakhmola007
 
Cybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Cybersecurity : Tips and Tools to Properly Protect Your Digital AssetsCybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Cybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Samuel862293
 
Computer security 7.pptx
Computer security 7.pptxComputer security 7.pptx
Computer security 7.pptx
Khappiyo
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
Nitesh Dubey
 
Computing safety ryr
Computing safety ryrComputing safety ryr
Computing safety ryr
ryrsyd
 
CNS unit -1.docx
CNS unit -1.docxCNS unit -1.docx
CNS unit -1.docx
Padamata Rameshbabu
 
why security is needed
why security is neededwhy security is needed
why security is needed
sourov_das
 
IT Security.pdf
IT Security.pdfIT Security.pdf
IT Security.pdf
ManassahIjudigal
 
Cyber security
Cyber security Cyber security
Cyber security
ankit yadav
 
COMPUTER SECURITY in Information Security
COMPUTER SECURITY in Information SecurityCOMPUTER SECURITY in Information Security
COMPUTER SECURITY in Information Security
EdFeranil
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
Sripati Mahapatra
 
MODELING THREATS HAER YERE SINIRR JKOA A
MODELING THREATS HAER YERE SINIRR JKOA AMODELING THREATS HAER YERE SINIRR JKOA A
MODELING THREATS HAER YERE SINIRR JKOA A
juan60m3zz
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
srtwgwfwwgw
 
Computer security and
Computer security andComputer security and
Computer security and
Rana Usman Sattar
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptx
babepa2317
 
Security communication
Security communicationSecurity communication
Security communication
Say Shyong
 

Recently uploaded (20)

Anti-Depressants pharmacology 1slide.pptx
Anti-Depressants pharmacology 1slide.pptxAnti-Depressants pharmacology 1slide.pptx
Anti-Depressants pharmacology 1slide.pptx
Mayuri Chavan
 
Presentation of the MIPLM subject matter expert Erdem Kaya
Presentation of the MIPLM subject matter expert Erdem KayaPresentation of the MIPLM subject matter expert Erdem Kaya
Presentation of the MIPLM subject matter expert Erdem Kaya
MIPLM
 
The ever evoilving world of science /7th class science curiosity /samyans aca...
The ever evoilving world of science /7th class science curiosity /samyans aca...The ever evoilving world of science /7th class science curiosity /samyans aca...
The ever evoilving world of science /7th class science curiosity /samyans aca...
Sandeep Swamy
 
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptxYSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptx
Yale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptxSCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
Ronisha Das
 
Quality Contril Analysis of Containers.pdf
Quality Contril Analysis of Containers.pdfQuality Contril Analysis of Containers.pdf
Quality Contril Analysis of Containers.pdf
Dr. Bindiya Chauhan
 
Marie Boran Special Collections Librarian Hardiman Library, University of Gal...
Marie Boran Special Collections Librarian Hardiman Library, University of Gal...Marie Boran Special Collections Librarian Hardiman Library, University of Gal...
Marie Boran Special Collections Librarian Hardiman Library, University of Gal...
Library Association of Ireland
 
How to Subscribe Newsletter From Odoo 18 Website
How to Subscribe Newsletter From Odoo 18 WebsiteHow to Subscribe Newsletter From Odoo 18 Website
How to Subscribe Newsletter From Odoo 18 Website
Celine George
 
Handling Multiple Choice Responses: Fortune Effiong.pptx
Handling Multiple Choice Responses: Fortune Effiong.pptxHandling Multiple Choice Responses: Fortune Effiong.pptx
Handling Multiple Choice Responses: Fortune Effiong.pptx
AuthorAIDNationalRes
 
SPRING FESTIVITIES - UK AND USA -
SPRING FESTIVITIES - UK AND USA -SPRING FESTIVITIES - UK AND USA -
SPRING FESTIVITIES - UK AND USA -
Colégio Santa Teresinha
 
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulsepulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
sushreesangita003
 
One Hot encoding a revolution in Machine learning
One Hot encoding a revolution in Machine learningOne Hot encoding a revolution in Machine learning
One Hot encoding a revolution in Machine learning
momer9505
 
Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...
Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...
Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...
Library Association of Ireland
 
Geography Sem II Unit 1C Correlation of Geography with other school subjects
Geography Sem II Unit 1C Correlation of Geography with other school subjectsGeography Sem II Unit 1C Correlation of Geography with other school subjects
Geography Sem II Unit 1C Correlation of Geography with other school subjects
ProfDrShaikhImran
 
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptxYSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptx
Yale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
UNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACY
UNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACYUNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACY
UNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACY
DR.PRISCILLA MARY J
 
Social Problem-Unemployment .pptx notes for Physiotherapy Students
Social Problem-Unemployment .pptx notes for Physiotherapy StudentsSocial Problem-Unemployment .pptx notes for Physiotherapy Students
Social Problem-Unemployment .pptx notes for Physiotherapy Students
DrNidhiAgarwal
 
Multi-currency in odoo accounting and Update exchange rates automatically in ...
Multi-currency in odoo accounting and Update exchange rates automatically in ...Multi-currency in odoo accounting and Update exchange rates automatically in ...
Multi-currency in odoo accounting and Update exchange rates automatically in ...
Celine George
 
P-glycoprotein pamphlet: iteration 4 of 4 final
P-glycoprotein pamphlet: iteration 4 of 4 finalP-glycoprotein pamphlet: iteration 4 of 4 final
P-glycoprotein pamphlet: iteration 4 of 4 final
bs22n2s
 
Exploring-Substances-Acidic-Basic-and-Neutral.pdf
Exploring-Substances-Acidic-Basic-and-Neutral.pdfExploring-Substances-Acidic-Basic-and-Neutral.pdf
Exploring-Substances-Acidic-Basic-and-Neutral.pdf
Sandeep Swamy
 
Anti-Depressants pharmacology 1slide.pptx
Anti-Depressants pharmacology 1slide.pptxAnti-Depressants pharmacology 1slide.pptx
Anti-Depressants pharmacology 1slide.pptx
Mayuri Chavan
 
Presentation of the MIPLM subject matter expert Erdem Kaya
Presentation of the MIPLM subject matter expert Erdem KayaPresentation of the MIPLM subject matter expert Erdem Kaya
Presentation of the MIPLM subject matter expert Erdem Kaya
MIPLM
 
The ever evoilving world of science /7th class science curiosity /samyans aca...
The ever evoilving world of science /7th class science curiosity /samyans aca...The ever evoilving world of science /7th class science curiosity /samyans aca...
The ever evoilving world of science /7th class science curiosity /samyans aca...
Sandeep Swamy
 
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptxYSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 5-3-2025.pptx
Yale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptxSCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
SCI BIZ TECH QUIZ (OPEN) PRELIMS XTASY 2025.pptx
Ronisha Das
 
Quality Contril Analysis of Containers.pdf
Quality Contril Analysis of Containers.pdfQuality Contril Analysis of Containers.pdf
Quality Contril Analysis of Containers.pdf
Dr. Bindiya Chauhan
 
Marie Boran Special Collections Librarian Hardiman Library, University of Gal...
Marie Boran Special Collections Librarian Hardiman Library, University of Gal...Marie Boran Special Collections Librarian Hardiman Library, University of Gal...
Marie Boran Special Collections Librarian Hardiman Library, University of Gal...
Library Association of Ireland
 
How to Subscribe Newsletter From Odoo 18 Website
How to Subscribe Newsletter From Odoo 18 WebsiteHow to Subscribe Newsletter From Odoo 18 Website
How to Subscribe Newsletter From Odoo 18 Website
Celine George
 
Handling Multiple Choice Responses: Fortune Effiong.pptx
Handling Multiple Choice Responses: Fortune Effiong.pptxHandling Multiple Choice Responses: Fortune Effiong.pptx
Handling Multiple Choice Responses: Fortune Effiong.pptx
AuthorAIDNationalRes
 
SPRING FESTIVITIES - UK AND USA -
SPRING FESTIVITIES - UK AND USA -SPRING FESTIVITIES - UK AND USA -
SPRING FESTIVITIES - UK AND USA -
Colégio Santa Teresinha
 
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulsepulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
pulse ppt.pptx Types of pulse , characteristics of pulse , Alteration of pulse
sushreesangita003
 
One Hot encoding a revolution in Machine learning
One Hot encoding a revolution in Machine learningOne Hot encoding a revolution in Machine learning
One Hot encoding a revolution in Machine learning
momer9505
 
Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...
Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...
Niamh Lucey, Mary Dunne. Health Sciences Libraries Group (LAI). Lighting the ...
Library Association of Ireland
 
Geography Sem II Unit 1C Correlation of Geography with other school subjects
Geography Sem II Unit 1C Correlation of Geography with other school subjectsGeography Sem II Unit 1C Correlation of Geography with other school subjects
Geography Sem II Unit 1C Correlation of Geography with other school subjects
ProfDrShaikhImran
 
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptxYSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptx
YSPH VMOC Special Report - Measles Outbreak Southwest US 4-30-2025.pptx
Yale School of Public Health - The Virtual Medical Operations Center (VMOC)
 
UNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACY
UNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACYUNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACY
UNIT 3 NATIONAL HEALTH PROGRAMMEE. SOCIAL AND PREVENTIVE PHARMACY
DR.PRISCILLA MARY J
 
Social Problem-Unemployment .pptx notes for Physiotherapy Students
Social Problem-Unemployment .pptx notes for Physiotherapy StudentsSocial Problem-Unemployment .pptx notes for Physiotherapy Students
Social Problem-Unemployment .pptx notes for Physiotherapy Students
DrNidhiAgarwal
 
Multi-currency in odoo accounting and Update exchange rates automatically in ...
Multi-currency in odoo accounting and Update exchange rates automatically in ...Multi-currency in odoo accounting and Update exchange rates automatically in ...
Multi-currency in odoo accounting and Update exchange rates automatically in ...
Celine George
 
P-glycoprotein pamphlet: iteration 4 of 4 final
P-glycoprotein pamphlet: iteration 4 of 4 finalP-glycoprotein pamphlet: iteration 4 of 4 final
P-glycoprotein pamphlet: iteration 4 of 4 final
bs22n2s
 
Exploring-Substances-Acidic-Basic-and-Neutral.pdf
Exploring-Substances-Acidic-Basic-and-Neutral.pdfExploring-Substances-Acidic-Basic-and-Neutral.pdf
Exploring-Substances-Acidic-Basic-and-Neutral.pdf
Sandeep Swamy
 
Ad

Lecture2-InforSec-Computer and Internet security.pptx

  • 2. SECURITY IN COMPUTERS  Two main types; External and Internal Security  External security: Securing computer against external factors such as fires, floods, earthquakes, stolen disks/tapes, etc. by maintaining adequate backup, using security guards, allowing access to sensitive information to only trusted employees/users, etc.  Internal security: User authentication, access control, and cryptography mechanisms
  • 3. INFORMATION SECURITY  Security in Computers  Authentication: Verifying the identity of a user (person or program) before permitting access to the requested resource  Access Control: Once authenticated, access control mechanisms prohibit a user/process from accessing those resources/information that he/she/it is not authorized to access  Cryptography: Means of encrypting private information so that unauthorized access cannot use information
  • 4. AUTHENTICATION  Computer-to-computer authentication  computers can remember high-quality cryptographic keys and perform cryptographic operations  Human-to-computer authentication  humans cannot store large keys  humans cannot accurately or efficiently perform cryptographic operations  That’s why we need special methods for authenticating humans
  • 5. AUTHENTICATION  There are three main ways of authenticating a human:  Something you know  A password,  cryptographic key, or  the correct answer to a challenge-response test  Something you own  A physical key,  security card, or  a one-time password generator  Something you are  Some biometric measurement (facial features, fingerprint, retina scan, or voice print etc.)
  • 6. INFORMATION SECURITY  Attacks in Computer Security:  Virus: a potentially damaging computer program, can spread (by replicating) and damage files  Trojan horse: a script that hides within or looks like a legitimate file (data) until triggered, but it does not replicate itself on other computers  Spyware: a program placed on computer without user knowledge, tracks and sends user activity to the other (spying) computer  Adware: a program that, without user’s consent, displays online advertisements  Spam: an unsolicited e-mail message (usually commercial) sent to many recipients  Phishing: a scam in which a perpetrator sends an official looking e-mail that attempts to obtain your personal information
  • 7. INFORMATION SECURITY  Attacks in Computer Security:  Malicious Code:  The malicious code attack includes the execution of viruses, worms, Trojan horses, and active Web scripts with the intent to destroy or steal information.  Other forms of malware include covert software applications—bots, spyware, and adware.  A bot (an abbreviation of robot) is “an automated software program that executes certain commands when it receives a specific input”.  Bots are often the technology used to implement Trojan horses, logic bombs, back doors, and spyware.
  • 8. INFORMATION SECURITY  Attacks in Computer Security: Hoaxes:  A more devious attack on computer systems is the transmission of a virus hoax with a real virus attached.  When the attack is masked in a seemingly legitimate message, unsuspecting users more readily distribute it. Back Doors:  Using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource through a back door. Password Crack:  Attempting to reverse-calculate a password is often called cracking.  It is used when a copy of the Security Account Manager (SAM) data file, which contains hashed representation of the user’s password, can be obtained.
  • 9. INFORMATION SECURITY  Attacks in Computer Security: Brute Force:  The application of computing and network resources which try every possible password combination is called a brute force attack.  Often used to obtain passwords to commonly used accounts, it is sometimes called a password attack.  Dictionary:  The dictionary attack is a variation of the brute force attack which narrows the field by selecting specific target accounts and using a list of commonly used passwords (the dictionary) instead of random combinations.  Organizations can use similar dictionaries to disallow passwords during the reset process and thus guard against easy-to-guess passwords.  Remedy: Rules requiring numbers and/or special characters in passwords make the dictionary attack less effective.
  • 10. INFORMATION SECURITY  Attacks in Computer Security: Denial-of- Service Attack (DoS) & Distributed Denial-of- Service Attack (DDoS) • In a Denial-of-Service (DoS) attack, the attacker sends a large number of connection or information requests to a target. • The target system becomes overloaded and cannot respond to legitimate requests for service. • A distributed denial-of-service (DDoS) is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time. • DDoS attacks are preceded by a preparation phase in which many systems, perhaps thousands, are compromised. • The compromised machines are turned into zombies. • Machines that are directed remotely by the attacker to participate in the attack.
  • 11. INFORMATION SECURITY  Attacks in Computer Security: Spoofing • A technique used to gain unauthorized access to computers. • The intruder sends messages with a source IP address that has been forged to indicate that the messages are coming from a trusted host. • The hackers use a variety of techniques to obtain trusted IP addresses, and then modify the packet headers to insert these forged addresses.
  • 12. INFORMATION SECURITY  Attacks in Computer Security: Man-in-the –Middle: Also called TCP Hijacking. An attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network. This type of attack uses IP spoofing to enable an attacker to impersonate another entity on the network. It allows the attacker to eavesdrop as well as to change, delete, reroute, add, forge, or divert data.
  • 13. INFORMATION SECURITY  Attacks in Computer Security: Mail Bomber: Another form of e-mail attack. Also a DoS is called a mail bomb. An attacker routes large quantities of e-mail to the target.
  • 14. SECURITY PRINCIPLES TO FOLLOW  Turn off file sharing  Disable Wi-Fi and Bluetooth if not needed  Turn off automatic connections  Install an antivirus program on all your computers  Think twice before posting your personal information online  Never open an e-mail attachment unless you are expecting it and it is from a trusted source  Install a personal firewall program  Disable file and printer sharing on Internet connection  Always have strong passwords  Limit the amount of information you provide to websites; fill in only required information  Clear your history file when you are finished browsing
  • 15. INFORMATION SECURITY CNSS Security Model:  CNSS - Committee on National Security Systems  The model, created by John McCumber in 1991, provides a graphical representation of the architectural approach widely used in computer and information security.  It is now known as the McCumber Cube.  Shows three dimensions. If extrapolated, the three dimensions of each axis become a 3x3x3 cube with 27 cells representing areas that must be addressed to secure today’s information systems.
  • 16. INFORMATION SECURITY CNSS Security Model:  To ensure system security, each of the 27 areas must be properly addressed during the security process.  Example:  The intersection between technology, integrity, and storage requires a control or safeguard that addresses the need to use technology to protect the integrity of information while in storage.  One such control might be a system for detecting host intrusion.  That protects the integrity of information by alerting the security administrators to the potential modification of a critical file.
  • 17. INFORMATION SECURITY  Security Mechanisms:  Encipherment:  The use of mechanical algorithms to transform data into a form that is not readily understandable.  Digital Signatures:  Data appended to or a cryptographic transformation of a data unit that allows a recipient of the data unit to prove the source and integrity of the data unit and protect against forgery (e.g. by the recipient)  Access Control:  A variety of mechanisms that enforce access rights to resources.  Data Integrity:  A variety of mechanisms use to assure the integrity of the data unit or stream of data units.
  • 18. INFORMATION SECURITY  Security Mechanisms:  Authentication Exchange:  A mechanism intended to ensure the identity of an entity by means of information exchange.  Traffic Padding:  The insertion of bits into gaps in a data stream to frustrate traffic analysis attempts.  Routing Control:  Enables selection of particular secure routes for certain data and allows routing changes, especially when a breach of security is suspected.