SlideShare a Scribd company logo

Web Security

Download as PPT, PDF
B
Bharath Manoharan

Web security involves protecting information transmitted over the internet from attacks like viruses, worms, trojans, ransomware, and keyloggers. Users can help secure themselves by using antivirus software, avoiding phishing scams, and reporting spam. Larger attacks often involve botnets, which are networks of infected computers that can overwhelm websites and services with traffic through distributed denial of service attacks.

1 of 57
Downloaded 4,772 times
Web Security Secure yourself on the web
What is web security? Almost everything relies on computers and the Internet now communication (email, cell phones) transportation (car engine systems) airplane navigation ) medicine (equipment, medical records) shopping (online stores, credit cards) entertainment (digital cable, mp3s)
What is web security? (contd…) Web Security, also known as “Cyber security” involves protecting that information by preventing, detecting, and responding to attacks.
What can Web users do? The first step in protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them.
Web Security: Terminologies Hacker – people who seek to exploit weaknesses in software and computer systems for their own gain. Viruses – It you to actually do something before it infects your computer. This action could be opening an email attachment or going to a particular web page.
Web Security: Terminologies Worms - Worms propagate without user intervention. Once the victim computer has been infected the worm will attempt to find and infect other computers. Trojan horses - A Trojan horse program is software that claims to be one thing while in fact doing something different behind the scenes.
Web Security: Terminologies Ransomware A form of trojan that has been around since 1989 (as the “PC CYBORG” trojan) It infects the target computer by encrypting the owner's personal files. The victim is then contacted and offered a key to decrypt the files in exchange for cash
Web Security: Terminologies KeyLoggers: Traditionally, Keyloggers are software that monitor user activity such as keys typed using keyboard. Modern keyloggers can, Record keystrokes on keyboard Record mouse movement and clicks Record menus that are invoked Take screenshots of the desktop at predefined intervals (like 1 screenshot every second)
Web Security: Terminologies KeyLoggers: (contd…) Such recorded data could be uploaded in real-time or when internet connection becomes available, by, Email attachment IRC Channel File Transfer (FTP)
Web Security: Terminologies KeyLoggers: (contd…) Keylogger prevention Use Anti-Spyware (prevention) Firewall (manual detection) Automatic Form fillers (protection from keylogging) In public (insecure) places, -use on-screen keyboards (START-> ALL PROGRAMS ->ACCESSORIES -> ACCESSIBILTY -> ON-SCREEN KEYBOARD)
Web Security: Terminologies Firewalls: Mechanism for content regulation and data filtering Blocking unwanted traffic from entering the sub-network (inbound) Preventing subnet users' use of unauthorised material/sites (outbound)
Aspects of data Security Privacy Keeping your information private Integrity Knowing that the information has not been changed Authenticity Knowing who sent the information
Privacy Your personal details are a valuable asset Businesses are increasingly looking to target individuals more effectively, data about those individuals is in demand Buying and selling lists of email addresses and demographic details is big business
Integrity Maintaining the data integrity of any communication is vital. Integrity can be preserved by using strong encryption methods. Even if an intruder see the transmission, it would be useless since its encrypted.
Authentication We need to authenticate a message to make sure it was sent by the correct person. Digital signature is used for the purpose Public key , Private key method can also be used to authenticate.
Authentication , Continued… Most of us use webmail for email handling. This simple code can send an email, <? php mail(“recipient@yahoo.com”, ”Hi from Bill Gates”, ”Hi, I am Bill gates” , &quot;From: billgates@microsoft.com&quot;); ?>
Authentication , Continued… Received email: From: [email_address] To: [email_address] Subject: Hi from Bill Gates Hi, I am Bill gates
Authentication , Continued… So, anyone can send email from anyone’s email address Its possible due to the nature of SMTP protocol Yahoo! has implemented DomainKeys, a method to authenticate that an email originated from the sender’s domain.
Web Security Issues Malicious websites SPAM 419 Scams Phishing DDOS Botnets (All aspects are inter-related)
Malicious websites More than 3 million Web pages on the Internet are malicious. According to Neils Provos, senior staff software engineer with Google, the percent is one in 1,000. The experts call these attacks &quot;drive-by downloads&quot; Malicious websites China - 67% US - 15% Russia - 4% Malaysia - 2.2% Korea - 2%
Malicious websites Preventive measures Use latest browser software Internet Explorer version 7+ Mozilla Firefox Opera Internet Explorer 6 is the most vulnerable as well as the most widely used browser. It is highly recommended to upgrade from IE 6
SPAM Spam is unsolicited e-mail on the Internet. Spam detection algorithms White listing Black listing Training based algorithms
SPAM Cost of spam Loss of productivity is the main concern There is also the cost of bandwidth taken by spam Storage and network infrastructure costs. Loss of legitimate email messages
SPAM - Corporate employees are reported to accrue a loss of productivity of 3.1%. - Nucleus Research Analysis - To increase the effectiveness of SPAM detection, always report any SPAM mail to your SPAM filter.
419 Nigerian Scams An advance fee fraud is a confidence trick in which the target is persuaded to advance sums of money in the hope of realizing a very much larger gain The number &quot;419&quot; refers to the article of the Nigerian Criminal Code (“Cheating&quot;) dealing with fraud.
419 Nigerian Scams A sample 419 Scam email ------------------------------------- Sender: [email_address] Subject: !!!CONGRATULATIONS YOU ARE A WINNER!!! FROM THE LOTTERY PROMOTIONS MANAGER, THE UNITED KINGDOM INTERNATIONAL LOTTERY, PO BOX 287, WATFORD WD18 9TT, UNITED KINGDOM. We are delighted to inform you of your prize release from the United Kingdom International Lottery program. Your name was attached to Ticket number; 47061725, Batch number; 7056490902, Winning number; 07-14-24-37-43-48 bonus number 29, which consequently won the lottery in the first category.... -------------------------------------------
419 Nigerian Scams The email asks to send an advance payment to the lottery so that they can release the prize money. Lots of naive users get fooled by the scammers and end up wasting their money.
419 Nigerian Scams Prevention: Awareness is the only tool against such scammers. Services like 419eater.com has users who pretend to be naive and end up wasting the scammer’s efforts.
Phishing This is a method of luring an unsuspecting user into giving out their username and password for a secure web resource, usually a bank or credit card account.
Phishing Usually achieved by creating a website identical to the secure site User is sent email requesting them to log in, and providing a link to the bogus site When user logs in, password is stored and used to access the account by the attacker Difficult to guard against, particularly if using HTML email
Phishing Phishing Email sample: Subject: Verify your E-mail with Citibank This email was sent by the Citibank server to verify your E-mail address. You must complete this process by clicking on the link below and entering in the small window your Citibank ATM/Debit Card number and PIN that you use on ATM. This is done for your protection - because some of our members no longer have access to their email addresses and we must verify it. To verify your E-mail address and access your bank account, click on the link below: https://web.da-us.citibank.com/signin/citifi/scripts/email_verify.jsp Thank you for using Citibank
Phishing The link uses an anchor text, and the actual website opens as, http:// citibusinessonline.da.us.citibank.com.citionline.ru / ... Instead of, http://www.citibank.com/us/index.htm
Phishing Landing Page
Phishing - Unwitting users submit the data, and the data is captured by scammers and all the money in their account will be stolen immediately. - This method is the main reason for loss of email passwords also.
Denial of Service It is an attack to make a computer resource unavailable to its intended users. Resources: - Bandwidth & CPU
Distributed DOS A powerful variant of DOS attack. -Web server can handle a few hundred connections/sec before performance begins to degrade -Web servers fail almost instantly under five or six thousand connections/sec
Distributed DOS - Zombie system is a system that is brought under the attacker’s control by using virus/worm/exploits. - Attack is initiated using compromised Zombie systems. Very hard to prevent, since large number of zombie systems will be used.
Botnets A botnet is a collection of compromised computers (called zombie computers) running programs Usually installed via worms, Trojan horses, or backdoors, Under a common command and control infrastructure.
Botnets Botnet Admin Bot Spammer
Botnets 1.A botnet operator sends out viruses or worms, infecting ordinary users' computers, whose payload is a malicious application -- the bot. 2.The bot on the infected PC logs into a particular IRC server (or in some cases a web server). That server is known as the command-and-control server (C&C). 3.A spammer purchases access to the botnet from the operator. 4.The spammer sends instructions via the IRC server to the infected PCs causing them to send out spam messages to mail servers.
Botnets A botnet's originator (aka &quot;bot herder&quot;) can control the group remotely, usually through a means such as IRC. A botnet is more power than a supercomputer in terms of its processing capacity. As of 2007, the average size of a botnet was estimated at 20,000 computers, although larger networks continued to operate.
Botnet Case Study STORM BOTNET The Storm botnet is a remotely-controlled network of &quot;zombie&quot; computers (or &quot;botnet&quot;) that has been linked by the Storm Worm, a Trojan horse spread through e-mail spam. Sources have placed the size of the Storm botnet to be around 250,000 to 1 million compromised systems.
Botnet Case Study STORM BOTNET Detected in January 2007 1.2 billion virus messages have been sent by the botnet till September 2007 The Storm botnet has been used in a variety of criminal activities. Its controllers, and the authors of the Storm Worm, have not yet been identified.
Botnet Case Study STORM BOTNET The botnet has specifically attacked the online operations of some security vendors and researchers who attempted to investigate the botnet The botnet reportedly is powerful enough as of September 2007 to force entire countries off the Internet, The Storm botnet's operators control the system via peer-to-peer techniques, making external monitoring and disabling of the system more difficult There is no central &quot;command-and-control point&quot; in the Storm botnet that can be shut down
Botnet Case Study STORM BOTNET Action plan: Microsoft update to the Windows Malicious Software Removal Tool (MSRT) may have helped reduce the size of the botnet by up to 20%. But, most of the Windows systems are not configured for Automatic updates. Consider our country as example, where most home users use pirated copies of windows. Pirated copies will get disabled when updated online,becasue of Windows Genuine Advantage (WGA) program.
More Botnets Name Size Spam sent / day SRIZBO 315,000 60 billion BOBAX 185,000 9 billion RUSTOCK 150,000 30 billion CUTWAIL 125,000 16 billion GRUM 50,000 2 billion OZDOK 35,000 10 billion NUCRYPT 20,000 5 billion WOPLA 20,000 600 million SPAMTHRU 12,000 350 million
Botnet Attacks Example 1: Cyber Assault on Estonia Estonia is a small and one of the most internet enabled country in Europe.
Botnet Attacks Example 1: It was attacked by a massive DDOS attempt on May 2007. Attacked sectors include government banks telecommunications companies Internet service providers news organizations
Botnet Attacks Example 1: Attack effectively shut down email systems and online banking. Attack originated from Russia after Russian govt got angry with Estonia for relocating a Soviet war memorial. More than a million zombie computers made the attack possible.
Botnet Attacks Example 2: April 23, 2008 Slideshare is a service that lets you upload and embed PowerPoint presentations on the web. There were several presentations relating to corruption in the chinese government. Chinese authorities requested those slides to be removed.
Botnet Attacks Example 2: April 23, 2008 Slideshare was down for a few days due to DDOS attack that originated from China. The attack reached a peak of 2.5GB/sec and consisted entirely of packets sent from China SlideShare insists that it will do everything it can to protect its users’ freedom of speech. As such, it has no plans to remove any of the content in question.
Botnet Attacks In both examples, botnets were the main attack vehicles. There are several more examples. So, Cyber wars <= DDOS <=Botnets <=Virus/Worm <= Ignorant web user
Take Action If everyone keep their systems secure, such threats can never happen. Small gestures can avoid gigantic problems in our context.
Action Plan Use Anti-virus Use Anti-Spyware Be aware not to fall for scams and phishing attacks Report SPAM
Further Action www.419eater.com www.antiphishing.org
Web Security This presentation can be downloaded from www.bharath.name For any queries or doubts or help, [email_address]
Thank You
Ad

Recommended

Web security
Web securityWeb security
Web security
Jatin Grover
 
Web Security
Web SecurityWeb Security
Web Security
Dipika Bambhaniya
 
Human rights
Human rightsHuman rights
Human rights
Jaineel Dharod
 
OOPS In JAVA.pptx
OOPS In JAVA.pptxOOPS In JAVA.pptx
OOPS In JAVA.pptx
Sachin33417
 
computer-studies-grade-8-lesson-plans (1).pdf
computer-studies-grade-8-lesson-plans (1).pdfcomputer-studies-grade-8-lesson-plans (1).pdf
computer-studies-grade-8-lesson-plans (1).pdf
maureenchanda
 
Class viii ch-2 log on to access
Class viii ch-2 log on to accessClass viii ch-2 log on to access
Class viii ch-2 log on to access
jessandy
 
Io t system management with
Io t system management withIo t system management with
Io t system management with
xyxz
 
Internet protocol (ip) ppt
Internet protocol (ip) pptInternet protocol (ip) ppt
Internet protocol (ip) ppt
Dulith Kasun
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
Triad Square InfoSec
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Web security
Web securityWeb security
Web security
Padam Banthia
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
SubhradeepMaji
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
kusum sharma
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
Deepak Upadhyay
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Sagar Verma
 
Password Attack
Password Attack Password Attack
Password Attack
Sina Manavi
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
Rohit Soni
 
Software security
Software securitySoftware security
Software security
Roman Oliynykov
 
Cryptography
CryptographyCryptography
Cryptography
Sidharth Mohapatra
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
Hansa Nidushan
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking ppt
Shravan Sanidhya
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
PPT steganography
PPT steganographyPPT steganography
PPT steganography
parvez Sharaf
 
Client server security threats
Client server security threatsClient server security threats
Client server security threats
rahul kundu
 
web-security
web-securityweb-security
web-security
Rahmat Mukodas
 
Ad

More Related Content

What's hot (20)

What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
Triad Square InfoSec
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Web security
Web securityWeb security
Web security
Padam Banthia
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
SubhradeepMaji
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
kusum sharma
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
Deepak Upadhyay
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Sagar Verma
 
Password Attack
Password Attack Password Attack
Password Attack
Sina Manavi
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
Rohit Soni
 
Software security
Software securitySoftware security
Software security
Roman Oliynykov
 
Cryptography
CryptographyCryptography
Cryptography
Sidharth Mohapatra
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
Hansa Nidushan
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking ppt
Shravan Sanidhya
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
PPT steganography
PPT steganographyPPT steganography
PPT steganography
parvez Sharaf
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 
Symmetric and asymmetric key
Symmetric and asymmetric keySymmetric and asymmetric key
Symmetric and asymmetric key
Triad Square InfoSec
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Web security
Web securityWeb security
Web security
Padam Banthia
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
SubhradeepMaji
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
Nikolaos Georgitsopoulos
 
Denial of service
Denial of serviceDenial of service
Denial of service
garishma bhatia
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
kusum sharma
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Man in The Middle Attack
Man in The Middle AttackMan in The Middle Attack
Man in The Middle Attack
Deepak Upadhyay
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Sagar Verma
 
Password Attack
Password Attack Password Attack
Password Attack
Sina Manavi
 
Email Security : PGP & SMIME
Email Security : PGP & SMIMEEmail Security : PGP & SMIME
Email Security : PGP & SMIME
Rohit Soni
 
Software security
Software securitySoftware security
Software security
Roman Oliynykov
 
Cryptography
CryptographyCryptography
Cryptography
Sidharth Mohapatra
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
Hansa Nidushan
 
Presentation on Ethical Hacking ppt
Presentation on Ethical Hacking pptPresentation on Ethical Hacking ppt
Presentation on Ethical Hacking ppt
Shravan Sanidhya
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
PPT steganography
PPT steganographyPPT steganography
PPT steganography
parvez Sharaf
 

Viewers also liked (15)

Client server security threats
Client server security threatsClient server security threats
Client server security threats
rahul kundu
 
web-security
web-securityweb-security
web-security
Rahmat Mukodas
 
Web Security
Web SecurityWeb Security
Web Security
Tripad M
 
Basic Risk Identification Techniques
Basic Risk Identification TechniquesBasic Risk Identification Techniques
Basic Risk Identification Techniques
Ricardo Viana Vargas
 
Risk identification
Risk identificationRisk identification
Risk identification
murukkada
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen
 
Spm unit 1
Spm unit 1Spm unit 1
Spm unit 1
sweetyammu
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
rajakhurram
 
IP Security
IP SecurityIP Security
IP Security
Keshab Nath
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Gopal Sakarkar
 
Spm unit 5
Spm unit 5Spm unit 5
Spm unit 5
sweetyammu
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary
 
Spm unit2
Spm unit2Spm unit2
Spm unit2
sweetyammu
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
Markos Mulat G
 
cloud computing ppt
cloud computing pptcloud computing ppt
cloud computing ppt
himanshuawasthi2109
 
Client server security threats
Client server security threatsClient server security threats
Client server security threats
rahul kundu
 
web-security
web-securityweb-security
web-security
Rahmat Mukodas
 
Web Security
Web SecurityWeb Security
Web Security
Tripad M
 
Basic Risk Identification Techniques
Basic Risk Identification TechniquesBasic Risk Identification Techniques
Basic Risk Identification Techniques
Ricardo Viana Vargas
 
Risk identification
Risk identificationRisk identification
Risk identification
murukkada
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen
 
Spm unit 1
Spm unit 1Spm unit 1
Spm unit 1
sweetyammu
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
rajakhurram
 
IP Security
IP SecurityIP Security
IP Security
Keshab Nath
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Gopal Sakarkar
 
Spm unit 5
Spm unit 5Spm unit 5
Spm unit 5
sweetyammu
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary
 
Spm unit2
Spm unit2Spm unit2
Spm unit2
sweetyammu
 
Project Risk Management
Project Risk ManagementProject Risk Management
Project Risk Management
Markos Mulat G
 
cloud computing ppt
cloud computing pptcloud computing ppt
cloud computing ppt
himanshuawasthi2109
 
Ad

Similar to Web Security (20)

web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdf
LucaMartins7
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
Keshab Nath
 
Web security ppt sniper corporation
Web security ppt sniper corporationWeb security ppt sniper corporation
Web security ppt sniper corporation
sharmaakash1881
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Cyber security
Cyber securityCyber security
Cyber security
Samsil Arefin
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.ppt
Asif Raza
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)
AFROZULLA KHAN Z
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security Seminar
Daniel Versola
 
ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdf
KALPITKALPIT1
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Syed Irshad Ali
 
presentation of professionalism harwares.ppt
presentation of professionalism harwares.pptpresentation of professionalism harwares.ppt
presentation of professionalism harwares.ppt
JayPatil820512
 
31.ppt
31.ppt31.ppt
31.ppt
KarmanChandi
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Md Nishad
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
DHRUV562167
 
computer crime
computer crimecomputer crime
computer crime
00jitesh00
 
Module 10 e security-en
Module 10 e security-enModule 10 e security-en
Module 10 e security-en
Institute of Entrepreneurship Development
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
Shawon Raffi
 
Introduction to the Ethical hacking.pptx
Introduction to the Ethical hacking.pptxIntroduction to the Ethical hacking.pptx
Introduction to the Ethical hacking.pptx
SahilSwe
 
liullwkjajjlkjsd892009jlaoijlajkjkdfCYBER-CRIME PRESENTATION.ppt
liullwkjajjlkjsd892009jlaoijlajkjkdfCYBER-CRIME PRESENTATION.pptliullwkjajjlkjsd892009jlaoijlajkjkdfCYBER-CRIME PRESENTATION.ppt
liullwkjajjlkjsd892009jlaoijlajkjkdfCYBER-CRIME PRESENTATION.ppt
vikashsolanki641
 
web-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdfweb-security-1215757214755670-9.pdf
web-security-1215757214755670-9.pdf
LucaMartins7
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
Keshab Nath
 
Web security ppt sniper corporation
Web security ppt sniper corporationWeb security ppt sniper corporation
Web security ppt sniper corporation
sharmaakash1881
 
Phishing: Swiming with the sharks
Phishing: Swiming with the sharksPhishing: Swiming with the sharks
Phishing: Swiming with the sharks
Nalneesh Gaur
 
Cyber security
Cyber securityCyber security
Cyber security
Samsil Arefin
 
computer_security.ppt
computer_security.pptcomputer_security.ppt
computer_security.ppt
Asif Raza
 
Hacking by Pratyush Gupta
Hacking by Pratyush GuptaHacking by Pratyush Gupta
Hacking by Pratyush Gupta
Tenet Systems Pvt Ltd
 
CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)CYBER CRIME AWARENESS (Thematic Presentation)
CYBER CRIME AWARENESS (Thematic Presentation)
AFROZULLA KHAN Z
 
ITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security SeminarITSolutions|Currie Network Security Seminar
ITSolutions|Currie Network Security Seminar
Daniel Versola
 
ccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdfccs12-18022310494mghmgmyy3 (1).pdf
ccs12-18022310494mghmgmyy3 (1).pdf
KALPITKALPIT1
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Syed Irshad Ali
 
presentation of professionalism harwares.ppt
presentation of professionalism harwares.pptpresentation of professionalism harwares.ppt
presentation of professionalism harwares.ppt
JayPatil820512
 
31.ppt
31.ppt31.ppt
31.ppt
KarmanChandi
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
Md Nishad
 
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECTHACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
HACKING DESCRIBE IN DETAIL FOR UNIVERSITY PROJECT
DHRUV562167
 
computer crime
computer crimecomputer crime
computer crime
00jitesh00
 
Module 10 e security-en
Module 10 e security-enModule 10 e security-en
Module 10 e security-en
Institute of Entrepreneurship Development
 
Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi Hacking Presentation v2 By Raffi
Hacking Presentation v2 By Raffi
Shawon Raffi
 
Introduction to the Ethical hacking.pptx
Introduction to the Ethical hacking.pptxIntroduction to the Ethical hacking.pptx
Introduction to the Ethical hacking.pptx
SahilSwe
 
liullwkjajjlkjsd892009jlaoijlajkjkdfCYBER-CRIME PRESENTATION.ppt
liullwkjajjlkjsd892009jlaoijlajkjkdfCYBER-CRIME PRESENTATION.pptliullwkjajjlkjsd892009jlaoijlajkjkdfCYBER-CRIME PRESENTATION.ppt
liullwkjajjlkjsd892009jlaoijlajkjkdfCYBER-CRIME PRESENTATION.ppt
vikashsolanki641
 
Ad

Recently uploaded (20)

Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Generative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in BusinessGenerative Artificial Intelligence (GenAI) in Business
Generative Artificial Intelligence (GenAI) in Business
Dr. Tathagat Varma
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...
Impelsys Inc.
 
Linux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdfLinux Professional Institute LPIC-1 Exam.pdf
Linux Professional Institute LPIC-1 Exam.pdf
RHCSA Guru
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
tecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdftecnologias de las primeras civilizaciones.pdf
tecnologias de las primeras civilizaciones.pdf
fjgm517
 
Big Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur MorganBig Data Analytics Quick Research Guide by Arthur Morgan
Big Data Analytics Quick Research Guide by Arthur Morgan
Arthur Morgan
 
TrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business ConsultingTrsLabs - Fintech Product & Business Consulting
TrsLabs - Fintech Product & Business Consulting
Trs Labs
 
2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx2025-05-Q4-2024-Investor-Presentation.pptx
2025-05-Q4-2024-Investor-Presentation.pptx
Samuele Fogagnolo
 
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfThe Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
The Evolution of Meme Coins A New Era for Digital Currency ppt.pdf
Abi john
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...What is Model Context Protocol(MCP) - The new technology for communication bw...
What is Model Context Protocol(MCP) - The new technology for communication bw...
Vishnu Singh Chundawat
 
Cybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure ADCybersecurity Identity and Access Solutions using Azure AD
Cybersecurity Identity and Access Solutions using Azure AD
VICTOR MAESTRE RAMIREZ
 
Quantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur MorganQuantum Computing Quick Research Guide by Arthur Morgan
Quantum Computing Quick Research Guide by Arthur Morgan
Arthur Morgan
 
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptxIncreasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Increasing Retail Store Efficiency How can Planograms Save Time and Money.pptx
Anoop Ashok
 
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...
SOFTTECHHUB
 
Electronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploitElectronic_Mail_Attacks-1-35.pdf by xploit
Electronic_Mail_Attacks-1-35.pdf by xploit
niftliyevhuseyn
 
Mobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi ArabiaMobile App Development Company in Saudi Arabia
Mobile App Development Company in Saudi Arabia
Steve Jonas
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 

Web Security

  • 1. Web Security Secure yourself on the web
  • 2. What is web security? Almost everything relies on computers and the Internet now communication (email, cell phones) transportation (car engine systems) airplane navigation ) medicine (equipment, medical records) shopping (online stores, credit cards) entertainment (digital cable, mp3s)
  • 3. What is web security? (contd…) Web Security, also known as “Cyber security” involves protecting that information by preventing, detecting, and responding to attacks.
  • 4. What can Web users do? The first step in protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them.
  • 5. Web Security: Terminologies Hacker – people who seek to exploit weaknesses in software and computer systems for their own gain. Viruses – It you to actually do something before it infects your computer. This action could be opening an email attachment or going to a particular web page.
  • 6. Web Security: Terminologies Worms - Worms propagate without user intervention. Once the victim computer has been infected the worm will attempt to find and infect other computers. Trojan horses - A Trojan horse program is software that claims to be one thing while in fact doing something different behind the scenes.
  • 7. Web Security: Terminologies Ransomware A form of trojan that has been around since 1989 (as the “PC CYBORG” trojan) It infects the target computer by encrypting the owner's personal files. The victim is then contacted and offered a key to decrypt the files in exchange for cash
  • 8. Web Security: Terminologies KeyLoggers: Traditionally, Keyloggers are software that monitor user activity such as keys typed using keyboard. Modern keyloggers can, Record keystrokes on keyboard Record mouse movement and clicks Record menus that are invoked Take screenshots of the desktop at predefined intervals (like 1 screenshot every second)
  • 9. Web Security: Terminologies KeyLoggers: (contd…) Such recorded data could be uploaded in real-time or when internet connection becomes available, by, Email attachment IRC Channel File Transfer (FTP)
  • 10. Web Security: Terminologies KeyLoggers: (contd…) Keylogger prevention Use Anti-Spyware (prevention) Firewall (manual detection) Automatic Form fillers (protection from keylogging) In public (insecure) places, -use on-screen keyboards (START-> ALL PROGRAMS ->ACCESSORIES -> ACCESSIBILTY -> ON-SCREEN KEYBOARD)
  • 11. Web Security: Terminologies Firewalls: Mechanism for content regulation and data filtering Blocking unwanted traffic from entering the sub-network (inbound) Preventing subnet users' use of unauthorised material/sites (outbound)
  • 12. Aspects of data Security Privacy Keeping your information private Integrity Knowing that the information has not been changed Authenticity Knowing who sent the information
  • 13. Privacy Your personal details are a valuable asset Businesses are increasingly looking to target individuals more effectively, data about those individuals is in demand Buying and selling lists of email addresses and demographic details is big business
  • 14. Integrity Maintaining the data integrity of any communication is vital. Integrity can be preserved by using strong encryption methods. Even if an intruder see the transmission, it would be useless since its encrypted.
  • 15. Authentication We need to authenticate a message to make sure it was sent by the correct person. Digital signature is used for the purpose Public key , Private key method can also be used to authenticate.
  • 16. Authentication , Continued… Most of us use webmail for email handling. This simple code can send an email, <? php mail(“[email protected]”, ”Hi from Bill Gates”, ”Hi, I am Bill gates” , &quot;From: [email protected]&quot;); ?>
  • 17. Authentication , Continued… Received email: From: [email_address] To: [email_address] Subject: Hi from Bill Gates Hi, I am Bill gates
  • 18. Authentication , Continued… So, anyone can send email from anyone’s email address Its possible due to the nature of SMTP protocol Yahoo! has implemented DomainKeys, a method to authenticate that an email originated from the sender’s domain.
  • 19. Web Security Issues Malicious websites SPAM 419 Scams Phishing DDOS Botnets (All aspects are inter-related)
  • 20. Malicious websites More than 3 million Web pages on the Internet are malicious. According to Neils Provos, senior staff software engineer with Google, the percent is one in 1,000. The experts call these attacks &quot;drive-by downloads&quot; Malicious websites China - 67% US - 15% Russia - 4% Malaysia - 2.2% Korea - 2%
  • 21. Malicious websites Preventive measures Use latest browser software Internet Explorer version 7+ Mozilla Firefox Opera Internet Explorer 6 is the most vulnerable as well as the most widely used browser. It is highly recommended to upgrade from IE 6
  • 22. SPAM Spam is unsolicited e-mail on the Internet. Spam detection algorithms White listing Black listing Training based algorithms
  • 23. SPAM Cost of spam Loss of productivity is the main concern There is also the cost of bandwidth taken by spam Storage and network infrastructure costs. Loss of legitimate email messages
  • 24. SPAM - Corporate employees are reported to accrue a loss of productivity of 3.1%. - Nucleus Research Analysis - To increase the effectiveness of SPAM detection, always report any SPAM mail to your SPAM filter.
  • 25. 419 Nigerian Scams An advance fee fraud is a confidence trick in which the target is persuaded to advance sums of money in the hope of realizing a very much larger gain The number &quot;419&quot; refers to the article of the Nigerian Criminal Code (“Cheating&quot;) dealing with fraud.
  • 26. 419 Nigerian Scams A sample 419 Scam email ------------------------------------- Sender: [email_address] Subject: !!!CONGRATULATIONS YOU ARE A WINNER!!! FROM THE LOTTERY PROMOTIONS MANAGER, THE UNITED KINGDOM INTERNATIONAL LOTTERY, PO BOX 287, WATFORD WD18 9TT, UNITED KINGDOM. We are delighted to inform you of your prize release from the United Kingdom International Lottery program. Your name was attached to Ticket number; 47061725, Batch number; 7056490902, Winning number; 07-14-24-37-43-48 bonus number 29, which consequently won the lottery in the first category.... -------------------------------------------
  • 27. 419 Nigerian Scams The email asks to send an advance payment to the lottery so that they can release the prize money. Lots of naive users get fooled by the scammers and end up wasting their money.
  • 28. 419 Nigerian Scams Prevention: Awareness is the only tool against such scammers. Services like 419eater.com has users who pretend to be naive and end up wasting the scammer’s efforts.
  • 29. Phishing This is a method of luring an unsuspecting user into giving out their username and password for a secure web resource, usually a bank or credit card account.
  • 30. Phishing Usually achieved by creating a website identical to the secure site User is sent email requesting them to log in, and providing a link to the bogus site When user logs in, password is stored and used to access the account by the attacker Difficult to guard against, particularly if using HTML email
  • 31. Phishing Phishing Email sample: Subject: Verify your E-mail with Citibank This email was sent by the Citibank server to verify your E-mail address. You must complete this process by clicking on the link below and entering in the small window your Citibank ATM/Debit Card number and PIN that you use on ATM. This is done for your protection - because some of our members no longer have access to their email addresses and we must verify it. To verify your E-mail address and access your bank account, click on the link below: https://web.da-us.citibank.com/signin/citifi/scripts/email_verify.jsp Thank you for using Citibank
  • 32. Phishing The link uses an anchor text, and the actual website opens as, http:// citibusinessonline.da.us.citibank.com.citionline.ru / ... Instead of, http://www.citibank.com/us/index.htm
  • 34. Phishing - Unwitting users submit the data, and the data is captured by scammers and all the money in their account will be stolen immediately. - This method is the main reason for loss of email passwords also.
  • 35. Denial of Service It is an attack to make a computer resource unavailable to its intended users. Resources: - Bandwidth & CPU
  • 36. Distributed DOS A powerful variant of DOS attack. -Web server can handle a few hundred connections/sec before performance begins to degrade -Web servers fail almost instantly under five or six thousand connections/sec
  • 37. Distributed DOS - Zombie system is a system that is brought under the attacker’s control by using virus/worm/exploits. - Attack is initiated using compromised Zombie systems. Very hard to prevent, since large number of zombie systems will be used.
  • 38. Botnets A botnet is a collection of compromised computers (called zombie computers) running programs Usually installed via worms, Trojan horses, or backdoors, Under a common command and control infrastructure.
  • 39. Botnets Botnet Admin Bot Spammer
  • 40. Botnets 1.A botnet operator sends out viruses or worms, infecting ordinary users' computers, whose payload is a malicious application -- the bot. 2.The bot on the infected PC logs into a particular IRC server (or in some cases a web server). That server is known as the command-and-control server (C&C). 3.A spammer purchases access to the botnet from the operator. 4.The spammer sends instructions via the IRC server to the infected PCs causing them to send out spam messages to mail servers.
  • 41. Botnets A botnet's originator (aka &quot;bot herder&quot;) can control the group remotely, usually through a means such as IRC. A botnet is more power than a supercomputer in terms of its processing capacity. As of 2007, the average size of a botnet was estimated at 20,000 computers, although larger networks continued to operate.
  • 42. Botnet Case Study STORM BOTNET The Storm botnet is a remotely-controlled network of &quot;zombie&quot; computers (or &quot;botnet&quot;) that has been linked by the Storm Worm, a Trojan horse spread through e-mail spam. Sources have placed the size of the Storm botnet to be around 250,000 to 1 million compromised systems.
  • 43. Botnet Case Study STORM BOTNET Detected in January 2007 1.2 billion virus messages have been sent by the botnet till September 2007 The Storm botnet has been used in a variety of criminal activities. Its controllers, and the authors of the Storm Worm, have not yet been identified.
  • 44. Botnet Case Study STORM BOTNET The botnet has specifically attacked the online operations of some security vendors and researchers who attempted to investigate the botnet The botnet reportedly is powerful enough as of September 2007 to force entire countries off the Internet, The Storm botnet's operators control the system via peer-to-peer techniques, making external monitoring and disabling of the system more difficult There is no central &quot;command-and-control point&quot; in the Storm botnet that can be shut down
  • 45. Botnet Case Study STORM BOTNET Action plan: Microsoft update to the Windows Malicious Software Removal Tool (MSRT) may have helped reduce the size of the botnet by up to 20%. But, most of the Windows systems are not configured for Automatic updates. Consider our country as example, where most home users use pirated copies of windows. Pirated copies will get disabled when updated online,becasue of Windows Genuine Advantage (WGA) program.
  • 46. More Botnets Name Size Spam sent / day SRIZBO 315,000 60 billion BOBAX 185,000 9 billion RUSTOCK 150,000 30 billion CUTWAIL 125,000 16 billion GRUM 50,000 2 billion OZDOK 35,000 10 billion NUCRYPT 20,000 5 billion WOPLA 20,000 600 million SPAMTHRU 12,000 350 million
  • 47. Botnet Attacks Example 1: Cyber Assault on Estonia Estonia is a small and one of the most internet enabled country in Europe.
  • 48. Botnet Attacks Example 1: It was attacked by a massive DDOS attempt on May 2007. Attacked sectors include government banks telecommunications companies Internet service providers news organizations
  • 49. Botnet Attacks Example 1: Attack effectively shut down email systems and online banking. Attack originated from Russia after Russian govt got angry with Estonia for relocating a Soviet war memorial. More than a million zombie computers made the attack possible.
  • 50. Botnet Attacks Example 2: April 23, 2008 Slideshare is a service that lets you upload and embed PowerPoint presentations on the web. There were several presentations relating to corruption in the chinese government. Chinese authorities requested those slides to be removed.
  • 51. Botnet Attacks Example 2: April 23, 2008 Slideshare was down for a few days due to DDOS attack that originated from China. The attack reached a peak of 2.5GB/sec and consisted entirely of packets sent from China SlideShare insists that it will do everything it can to protect its users’ freedom of speech. As such, it has no plans to remove any of the content in question.
  • 52. Botnet Attacks In both examples, botnets were the main attack vehicles. There are several more examples. So, Cyber wars <= DDOS <=Botnets <=Virus/Worm <= Ignorant web user
  • 53. Take Action If everyone keep their systems secure, such threats can never happen. Small gestures can avoid gigantic problems in our context.
  • 54. Action Plan Use Anti-virus Use Anti-Spyware Be aware not to fall for scams and phishing attacks Report SPAM
  • 55. Further Action www.419eater.com www.antiphishing.org
  • 56. Web Security This presentation can be downloaded from www.bharath.name For any queries or doubts or help, [email_address]