SlideShare a Scribd company logo

Security for database administrator to enhance security

Download as PPT, PDF
S
ssuser20fcbe

The document discusses the evolution and current state of computer security, highlighting notable cyber intrusion incidents and the prevalence of security breaches affecting companies. It outlines various types of attacks, including network and web-related threats, and the importance of security measures such as cryptography and safe computing practices. The document emphasizes that complete computer security is unattainable and requires constant vigilance against evolving threats.

Software
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Computer Security • In 1983, Kevin Mitnick did an intrusion on a Pentagon’s computer • Robert Tappan Morris created the first worm and sent it from MIT to the web and caused $50,000 of damages • In 1994, Vladimir Levin intruded in an American bank computer and stole 10 millions dollars • Jonathan James “c0mrade”, 16 years old, infiltrated a NASA computer in 1999 and had access to data worth 1,7 millions dollars • Today (CSI Report, 2007): – 46% of companies have admitted to suffering financial losses due to security incidences. The reported loss amounted to a total of approximately $66,930,000. – 39% of companies have been unable (or unwilling) to estimate the cost of their losses. • Financial Losses, Personal losses, Privacy losses, Data Losses, Computer Malfunction and more…..
Computer Security • Computer and Network security was not at all well known, even about 12 years ago • Today, it is something everyone is aware of the need, but not sure what is really means • Interesting topic of threats, countermeasures, risks, stories, events and paranoia – With some mathematics, algorithms, designs and software issues mixed in – Yet, not enough people, even security specialists understand the issues and implications
Media Stories • Consumers are bombarded with media reports narrating dangers of the online world – Identity Theft – Embezzlement and fraud – Credit card theft – Corporate Loss • Just “fear mongering”?
Security? What is that? • Lock the doors and windows and you are secure – NOT • Call the police when you feel insecure – Really? • Computers are powerful, programmable machines – Whoever programs them controls them (and not you) • Networks are ubiquitous – Carries genuine as well as malicious traffic • End result: Complete computer security is unattainable, it is a cat and mouse game – Similar to crime vs. law enforcement 4
5 Goals of Computer Security • Integrity: – Guarantee that the data is what we expect • Confidentiality – The information must just be accessible to the authorized people • Reliability – Computers should work without having unexpected problems • Authentication – Guarantee that only authorized persons can access to the resources
Security Basics • What does it mean to be secure? – “Include protection of information from theft or corruption, or the preservation of availability, as defined in the security policy.” - The Wikipedia • Types of Security – Network Security – System and software security – Physical Security • Very little in computing is inherently secure, you must protect yourself! – Software cannot protect software (maybe hardware can) – Networks can be protected better than software 6
Some Types of Attacks • What are some common attacks? – Network Attacks • Packet sniffing, man-in-the-middle, DNS hacking – Web attacks • Phishing, SQL Injection, Cross Site Scripting – OS, applications and software attacks • Virus, Trojan, Worms, Rootkits, Buffer Overflow – Social Engineering • (NOT social networking) • Not all hackers are evil wrongdoers trying to steal your info – Ethical Hackers, Consultants, Penetration testers, Researchers 7 Need to know: Networking, Web Programming, Operating Systems, Programming languages and compilers.
Network Attacks • Packet Sniffing – Internet traffic consists of data “packets”, and these can be “sniffed” – Leads to other attacks such as password sniffing, cookie stealing session hijacking, information stealing • Man in the Middle – Insert a router in the path between client and server, and change the packets as they pass through • DNS hijacking – Insert malicious routes into DNS tables to send traffic for genuine sites to malicious sites 8 Need to know: Networking protocols, routing, TCP-IP
Web Attacks • Phishing – An evil website pretends to be a trusted website – Example: • You type, by mistake, “mibank.com” instead of “mybank.com” • mibank.com designs the site to look like mybank.com so the user types in their info as usual • BAD! Now an evil person has your info! • SQL Injection – Interesting Video showing an example • Cross Site Scripting – Writing a complex Javascript program that steals data left by other sites that you have visited in same browsing session 9 Need to know: Web Programming, Javascript, SQL
10 • Definition – Piece of code that automatically reproduces itself. It’s attached to other programs or files, but requires user intervention to propagate. • Infection (targets/carriers) – Executable files – Boot sectors – Documents (macros), scripts (web pages), etc. • Propagation is made by the user. The mechanisms are storage elements, mails, downloaded files or shared folders Infection Propagation Payload Virus Need to know: Computer Architecture, programming
Worm • Definition – Piece of code that automatically reproduces itself over the network. It doesn’t need the user intervention to propagate (autonomous). • Infection – Via buffer overflow, file sharing, configuration errors and other vulnerabilities. • Target selection algorithm – Email addresses, DNS, IP, network neighborhood • Payload – Malicious programs – Backdoor, DDoS agent, etc. 11 Infection Propagation engine Payload Target Selection algorithm Scanning engine
Backdoor, trojan, rootkits • Goal – The goal of backdoor, Trojan and rootkits is to take possession of a machine subsequently through an infection made via a backdoor. • Backdoor – A backdoor is a program placed by a black-hacker that allows him to access a system. A backdoor have many functionalities such as keyboard-sniffer, display spying, etc. • Trojan – A Trojan is a software that seems useful or benign, but is actually hiding a malicious functionality. • Rootkits (the ultimate virus) – Rootkits operate like backdoor and Trojan, but also modify existing programs in the operating system. That allows a black-hacker to control the system without being detected. A rootkit can be in user-mode or in kernel-mode. 12
13 Social Engineering *http://bash.org/?244321
14 Social Engineering • Why is this social engineering? – Manipulating a person or persons into divulging confidential information • I am not dumb, so does this really apply to me? – YES! Attackers are ALSO not dumb. – Social Engineers are coming up with much better and much more elaborate schemes to attack users. – Even corporate executives can be tricked into revealing VERY secret info • What can I do to protect myself? – NEVER give out your password to ANYBODY. – Any system administrator should have the ability to change your password without having to know an old password Need to know: How to win friends (victims) and influence (scam) people (not CS).
Password Attacks • Password Guessing – Ineffective except in targeted cases • Dictionary Attacks – Password are stored in computers as hashes, and these hashes can sometimes get exposed – Check all known words with the stored hashes • Rainbow Tables – Trade off storage and computation – uses a large number of pre- computed hashes without having a dictionary – Innovative algorithm, that can find passwords fast! • e.g. 14 character alphanumeric passwords are found in about 4-10 minutes of computing using a 1GB rainbow table 15 Need to know: Data structures, algorithms, cryptography
Computer Security Issues • Vulnerability is a point where a system is susceptible to attack. • A threat is a possible danger to the system. The danger might be a person (a system cracker or a spy), a thing (a faulty piece of equipment), or an event (a fire or a flood) that might exploit a vulnerability of the system. • Countermeasures are techniques for protecting your system
Vulnerabilities in Systems • How do viruses, rootkits enter a system? – Even without the user doing something “stupid” • There are vulnerabilities in most software systems. – Buffer Overflow is the most dangerous and common one • How does it work? – All programs run from memory. – Some programs allow access to reserved memory locations when given incorrect input. – Hackers find out where to place incorrect input and take control. – Easy to abuse by hackers, allows a hacker complete access to all resources Need to know: Assembly and machine level programming
How can you achieve security? • Many techniques exist for ensuring computer and network security – Cryptography – Secure networks – Antivirus software – Firewalls • In addition, users have to practice “safe computing” – Not downloading from unsafe websites – Not opening attachments – Not trusting what you see on websites – Avoiding Scams
Cryptography • Simply – secret codes • Encryption – Converting data to unreadable codes to prevent anyone form accessing this information – Need a “key” to find the original data – keys take a few million- trillion years to guess • Public keys – An ingenious system of proving you know your password without disclosing your password. Also used for digital signatures – Used heavily in SSL connections • Hashing – Creating fingerprints of documents Need to know: Mathematics, number theory, cryptographic protocols
Cryptographic Protocols Symmetric encryption Authentication Asymmetric encryption Public Key Infrastructure
Why Care? • Online banking, trading, purchasing may be insecure – Credit card and identity theft • Personal files could be corrupted – All school work, music, videos, etc. may be lost • Computer may become too slow to run – If you aren't part of the solution you are part of the problem • Pwn2Own contest - 2008 – Mac (Leopard) fell first via Safari, Vista took time but was hacked via Flash Player, Ubuntu stood ground. • Upon discovery, vulnerabilities can be used against many computers connected to the internet. 21

More Related Content

Similar to Security for database administrator to enhance security (20)

PDF
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
MansoorAhmed57263
 
PPT
Hackers
Mohamed Boudchiche
 
PPT
Computer ethics
Benjamin Sangalang
 
PPT
Information security Presentation
dhirujapla
 
PPTX
Computer Security Presentation
PraphullaShrestha1
 
PPTX
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 
PPT
All about Hacking
Madhusudhan G
 
PPTX
How to hack or what is ethical hacking
baabtra.com - No. 1 supplier of quality freshers
 
PPTX
AN INTRODUCTION TO COMPUTER SECURITY TECHNIQUES.pptx
olisahchristopher
 
PPT
How to become Hackers .
Greater Noida Institute Of Technology
 
PPT
Hackers Cracker Network Intruder
Erdo Deshiant Garnaby
 
PPT
Web security
Jin Castor
 
PPSX
csa2014 IBC
apyn
 
PPT
Threats
sbmiller87
 
PPTX
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
PPT
Mark Arena - Cyber Threat Intelligence #uisgcon9
UISGCON
 
PPTX
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
PPTX
Computer Security and Ethics
Mohsin Riaz
 
PPTX
Cyber security for business
Daniel Thomas
 
PPTX
Internet security powerpoint
Arifa Ali
 
itsecurityawareness-v1-230413174238-5e7cba3c.pdf
MansoorAhmed57263
 
Hackers
Mohamed Boudchiche
 
Computer ethics
Benjamin Sangalang
 
Information security Presentation
dhirujapla
 
Computer Security Presentation
PraphullaShrestha1
 
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 
All about Hacking
Madhusudhan G
 
How to hack or what is ethical hacking
baabtra.com - No. 1 supplier of quality freshers
 
AN INTRODUCTION TO COMPUTER SECURITY TECHNIQUES.pptx
olisahchristopher
 
How to become Hackers .
Greater Noida Institute Of Technology
 
Hackers Cracker Network Intruder
Erdo Deshiant Garnaby
 
Web security
Jin Castor
 
csa2014 IBC
apyn
 
Threats
sbmiller87
 
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
Mark Arena - Cyber Threat Intelligence #uisgcon9
UISGCON
 
2014-09-03 Cybersecurity and Computer Crimes
Raffa Learning Community
 
Computer Security and Ethics
Mohsin Riaz
 
Cyber security for business
Daniel Thomas
 
Internet security powerpoint
Arifa Ali
 

More from ssuser20fcbe (7)

PPTX
possibility of dba key responsibility for database administrator
ssuser20fcbe
 
PPTX
final.pptx
ssuser20fcbe
 
PPTX
FOISDBA-Ver1.1.pptx
ssuser20fcbe
 
DOCX
Monitoring.docx
ssuser20fcbe
 
PPTX
Deepak_ppt_ver1.0.pptx
ssuser20fcbe
 
PPTX
Copy of Silk performer - KT.pptx
ssuser20fcbe
 
PPTX
oracle_workprofile.pptx
ssuser20fcbe
 
possibility of dba key responsibility for database administrator
ssuser20fcbe
 
final.pptx
ssuser20fcbe
 
FOISDBA-Ver1.1.pptx
ssuser20fcbe
 
Monitoring.docx
ssuser20fcbe
 
Deepak_ppt_ver1.0.pptx
ssuser20fcbe
 
Copy of Silk performer - KT.pptx
ssuser20fcbe
 
oracle_workprofile.pptx
ssuser20fcbe
 
Ad

Recently uploaded (20)

PDF
Message Level Status (MLS): The Instant Feedback Mechanism for UAE e-Invoicin...
Prachi Desai
 
PPTX
Transforming Insights: How Generative AI is Revolutionizing Data Analytics
LetsAI Solutions
 
PDF
10 posting ideas for community engagement with AI prompts
Pankaj Taneja
 
PDF
Ready Layer One: Intro to the Model Context Protocol
mmckenna1
 
PPTX
ChessBase 18.02 Crack + Serial Key Free Download
cracked shares
 
PDF
Meet in the Middle: Solving the Low-Latency Challenge for Agentic AI
Alluxio, Inc.
 
PDF
Australian Enterprises Need Project Service Automation
Navision India
 
PDF
Why Are More Businesses Choosing Partners Over Freelancers for Salesforce.pdf
Cymetrix Software
 
PPTX
Odoo Migration Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
PDF
Understanding the EU Cyber Resilience Act
ICS
 
PPTX
Employee salary prediction using Machine learning Project template.ppt
bhanuk27082004
 
PDF
Top 10 AI Use Cases Every Business Should Know.pdf
nicogonzalez1075
 
PDF
Supabase Meetup: Build in a weekend, scale to millions
Carlo Gilmar Padilla Santana
 
PPT
Brief History of Python by Learning Python in three hours
adanechb21
 
PDF
How Attendance Management Software is Revolutionizing Education.pdf
Pikmykid
 
PDF
AI Image Enhancer: Revolutionizing Visual Quality”
docmasoom
 
PDF
Notification System for Construction Logistics Application
Safe Software
 
PPTX
TexSender Pro 8.9.1 Crack Full Version Download
cracked shares
 
PPTX
SAP Public Cloud PPT , SAP PPT, Public Cloud PPT
sonawanekundan2024
 
PPTX
Processing with Claim Management Automation Solutions
Insurance Tech Services
 
Message Level Status (MLS): The Instant Feedback Mechanism for UAE e-Invoicin...
Prachi Desai
 
Transforming Insights: How Generative AI is Revolutionizing Data Analytics
LetsAI Solutions
 
10 posting ideas for community engagement with AI prompts
Pankaj Taneja
 
Ready Layer One: Intro to the Model Context Protocol
mmckenna1
 
ChessBase 18.02 Crack + Serial Key Free Download
cracked shares
 
Meet in the Middle: Solving the Low-Latency Challenge for Agentic AI
Alluxio, Inc.
 
Australian Enterprises Need Project Service Automation
Navision India
 
Why Are More Businesses Choosing Partners Over Freelancers for Salesforce.pdf
Cymetrix Software
 
Odoo Migration Services by CandidRoot Solutions
CandidRoot Solutions Private Limited
 
Understanding the EU Cyber Resilience Act
ICS
 
Employee salary prediction using Machine learning Project template.ppt
bhanuk27082004
 
Top 10 AI Use Cases Every Business Should Know.pdf
nicogonzalez1075
 
Supabase Meetup: Build in a weekend, scale to millions
Carlo Gilmar Padilla Santana
 
Brief History of Python by Learning Python in three hours
adanechb21
 
How Attendance Management Software is Revolutionizing Education.pdf
Pikmykid
 
AI Image Enhancer: Revolutionizing Visual Quality”
docmasoom
 
Notification System for Construction Logistics Application
Safe Software
 
TexSender Pro 8.9.1 Crack Full Version Download
cracked shares
 
SAP Public Cloud PPT , SAP PPT, Public Cloud PPT
sonawanekundan2024
 
Processing with Claim Management Automation Solutions
Insurance Tech Services
 
Ad

Security for database administrator to enhance security

  • 1. Computer Security • In 1983, Kevin Mitnick did an intrusion on a Pentagon’s computer • Robert Tappan Morris created the first worm and sent it from MIT to the web and caused $50,000 of damages • In 1994, Vladimir Levin intruded in an American bank computer and stole 10 millions dollars • Jonathan James “c0mrade”, 16 years old, infiltrated a NASA computer in 1999 and had access to data worth 1,7 millions dollars • Today (CSI Report, 2007): – 46% of companies have admitted to suffering financial losses due to security incidences. The reported loss amounted to a total of approximately $66,930,000. – 39% of companies have been unable (or unwilling) to estimate the cost of their losses. • Financial Losses, Personal losses, Privacy losses, Data Losses, Computer Malfunction and more…..
  • 2. Computer Security • Computer and Network security was not at all well known, even about 12 years ago • Today, it is something everyone is aware of the need, but not sure what is really means • Interesting topic of threats, countermeasures, risks, stories, events and paranoia – With some mathematics, algorithms, designs and software issues mixed in – Yet, not enough people, even security specialists understand the issues and implications
  • 3. Media Stories • Consumers are bombarded with media reports narrating dangers of the online world – Identity Theft – Embezzlement and fraud – Credit card theft – Corporate Loss • Just “fear mongering”?
  • 4. Security? What is that? • Lock the doors and windows and you are secure – NOT • Call the police when you feel insecure – Really? • Computers are powerful, programmable machines – Whoever programs them controls them (and not you) • Networks are ubiquitous – Carries genuine as well as malicious traffic • End result: Complete computer security is unattainable, it is a cat and mouse game – Similar to crime vs. law enforcement 4
  • 5. 5 Goals of Computer Security • Integrity: – Guarantee that the data is what we expect • Confidentiality – The information must just be accessible to the authorized people • Reliability – Computers should work without having unexpected problems • Authentication – Guarantee that only authorized persons can access to the resources
  • 6. Security Basics • What does it mean to be secure? – “Include protection of information from theft or corruption, or the preservation of availability, as defined in the security policy.” - The Wikipedia • Types of Security – Network Security – System and software security – Physical Security • Very little in computing is inherently secure, you must protect yourself! – Software cannot protect software (maybe hardware can) – Networks can be protected better than software 6
  • 7. Some Types of Attacks • What are some common attacks? – Network Attacks • Packet sniffing, man-in-the-middle, DNS hacking – Web attacks • Phishing, SQL Injection, Cross Site Scripting – OS, applications and software attacks • Virus, Trojan, Worms, Rootkits, Buffer Overflow – Social Engineering • (NOT social networking) • Not all hackers are evil wrongdoers trying to steal your info – Ethical Hackers, Consultants, Penetration testers, Researchers 7 Need to know: Networking, Web Programming, Operating Systems, Programming languages and compilers.
  • 8. Network Attacks • Packet Sniffing – Internet traffic consists of data “packets”, and these can be “sniffed” – Leads to other attacks such as password sniffing, cookie stealing session hijacking, information stealing • Man in the Middle – Insert a router in the path between client and server, and change the packets as they pass through • DNS hijacking – Insert malicious routes into DNS tables to send traffic for genuine sites to malicious sites 8 Need to know: Networking protocols, routing, TCP-IP
  • 9. Web Attacks • Phishing – An evil website pretends to be a trusted website – Example: • You type, by mistake, “mibank.com” instead of “mybank.com” • mibank.com designs the site to look like mybank.com so the user types in their info as usual • BAD! Now an evil person has your info! • SQL Injection – Interesting Video showing an example • Cross Site Scripting – Writing a complex Javascript program that steals data left by other sites that you have visited in same browsing session 9 Need to know: Web Programming, Javascript, SQL
  • 10. 10 • Definition – Piece of code that automatically reproduces itself. It’s attached to other programs or files, but requires user intervention to propagate. • Infection (targets/carriers) – Executable files – Boot sectors – Documents (macros), scripts (web pages), etc. • Propagation is made by the user. The mechanisms are storage elements, mails, downloaded files or shared folders Infection Propagation Payload Virus Need to know: Computer Architecture, programming
  • 11. Worm • Definition – Piece of code that automatically reproduces itself over the network. It doesn’t need the user intervention to propagate (autonomous). • Infection – Via buffer overflow, file sharing, configuration errors and other vulnerabilities. • Target selection algorithm – Email addresses, DNS, IP, network neighborhood • Payload – Malicious programs – Backdoor, DDoS agent, etc. 11 Infection Propagation engine Payload Target Selection algorithm Scanning engine
  • 12. Backdoor, trojan, rootkits • Goal – The goal of backdoor, Trojan and rootkits is to take possession of a machine subsequently through an infection made via a backdoor. • Backdoor – A backdoor is a program placed by a black-hacker that allows him to access a system. A backdoor have many functionalities such as keyboard-sniffer, display spying, etc. • Trojan – A Trojan is a software that seems useful or benign, but is actually hiding a malicious functionality. • Rootkits (the ultimate virus) – Rootkits operate like backdoor and Trojan, but also modify existing programs in the operating system. That allows a black-hacker to control the system without being detected. A rootkit can be in user-mode or in kernel-mode. 12
  • 14. 14 Social Engineering • Why is this social engineering? – Manipulating a person or persons into divulging confidential information • I am not dumb, so does this really apply to me? – YES! Attackers are ALSO not dumb. – Social Engineers are coming up with much better and much more elaborate schemes to attack users. – Even corporate executives can be tricked into revealing VERY secret info • What can I do to protect myself? – NEVER give out your password to ANYBODY. – Any system administrator should have the ability to change your password without having to know an old password Need to know: How to win friends (victims) and influence (scam) people (not CS).
  • 15. Password Attacks • Password Guessing – Ineffective except in targeted cases • Dictionary Attacks – Password are stored in computers as hashes, and these hashes can sometimes get exposed – Check all known words with the stored hashes • Rainbow Tables – Trade off storage and computation – uses a large number of pre- computed hashes without having a dictionary – Innovative algorithm, that can find passwords fast! • e.g. 14 character alphanumeric passwords are found in about 4-10 minutes of computing using a 1GB rainbow table 15 Need to know: Data structures, algorithms, cryptography
  • 16. Computer Security Issues • Vulnerability is a point where a system is susceptible to attack. • A threat is a possible danger to the system. The danger might be a person (a system cracker or a spy), a thing (a faulty piece of equipment), or an event (a fire or a flood) that might exploit a vulnerability of the system. • Countermeasures are techniques for protecting your system
  • 17. Vulnerabilities in Systems • How do viruses, rootkits enter a system? – Even without the user doing something “stupid” • There are vulnerabilities in most software systems. – Buffer Overflow is the most dangerous and common one • How does it work? – All programs run from memory. – Some programs allow access to reserved memory locations when given incorrect input. – Hackers find out where to place incorrect input and take control. – Easy to abuse by hackers, allows a hacker complete access to all resources Need to know: Assembly and machine level programming
  • 18. How can you achieve security? • Many techniques exist for ensuring computer and network security – Cryptography – Secure networks – Antivirus software – Firewalls • In addition, users have to practice “safe computing” – Not downloading from unsafe websites – Not opening attachments – Not trusting what you see on websites – Avoiding Scams
  • 19. Cryptography • Simply – secret codes • Encryption – Converting data to unreadable codes to prevent anyone form accessing this information – Need a “key” to find the original data – keys take a few million- trillion years to guess • Public keys – An ingenious system of proving you know your password without disclosing your password. Also used for digital signatures – Used heavily in SSL connections • Hashing – Creating fingerprints of documents Need to know: Mathematics, number theory, cryptographic protocols
  • 21. Why Care? • Online banking, trading, purchasing may be insecure – Credit card and identity theft • Personal files could be corrupted – All school work, music, videos, etc. may be lost • Computer may become too slow to run – If you aren't part of the solution you are part of the problem • Pwn2Own contest - 2008 – Mac (Leopard) fell first via Safari, Vista took time but was hacked via Flash Player, Ubuntu stood ground. • Upon discovery, vulnerabilities can be used against many computers connected to the internet. 21

Editor's Notes

  • #6: CS = Computer Security