2. CONTENTS
⢠What is a Threat and a Vulnerability
⢠Types of Threats
⢠What is Social Engineering
⢠Types of Social Engineering
⢠Information & Computer safety practices
⢠Quick Tips
⢠Q&A
2
3. VULNERABILITY
⢠âA vulnerability is a flaw or weakness in the systemâ
⢠It is loophole in the systemâs design, implementation, operation and management
that can be exploited or misused to violet systemâs security policy.
3
4. THREATS
⢠Threat is a possible danger that might exploit a vulnerability to breach security and
thus cause possible harm.
⢠Threat can be intentional or accidental.
⢠An intentional threat can be caused by some criminal organization or community of
unethical hackers.
⢠An accidental threat can be caused by occurrence of natural disasters such as
earthquakes, fire, tornado.
4
5. TYPES OF THREATS
⢠VIRUS
⢠WORM
⢠TROJANS
⢠SPYWARE
⢠ADWARE
⢠SPAM/SPIT/SPIM
⢠SYSTEM ATTACKS
5
6. ⢠Virus is piece of software that can infect a computer without the permission or
knowledge of the user.
⢠A typical virus is sent as an attachment which may be hidden.
⢠It is transmitted over internet or network or through sharing of external portable
devices, removable media such as USB sticks and CDs.
⢠Worm a self replicating, malicious software program. It uses network to send
copies of itself to other computers on the network.
⢠Trojan/Trojan horse is nothing but an illegitimate program inside legitimate
program. It creates a secret way for hackers to enter in to your system by installing
backdoor programs.
6
7. ⢠Spyware is software that is secretly installed on a computer without the userâs
consent. It monitors user activity or interferes with user control over a personal
computer.
⢠Adware is software which automatically plays, displays, or downloads
advertisements to a computer.
⢠The adware runs either after a software program has been installed on a computer
or while the application is being used.
⢠In some cases, adware is accepted by users in exchange for using software free-of-
charge.
⢠Not all adware types are dangerous. However, some types of adware are also
spyware and therefore a threat to privacy.
7
8. ⢠SPAM is electronic junk email. The amount of spam has now reached 90 billion
messages a day. Email addresses are collected from chat rooms, websites,
newsgroups and by Trojans which harvest usersâ address books.
⢠Donât click on SPAM mails, directly delete them.
⢠SPIM is spam sent via instant messaging systems such as Yahoo! Messenger, MSN
Messenger and ICQ.
⢠SPIT is Spam over Internet Telephony. These are unwanted, automatically-
dialled, pre-recorded phone calls using Voice over Internet Protocol (VoIP).
⢠SYSTEM ATTACKS includes various types of attacks intended to destroy, steal or
misuse information over internet or networks.
⢠Various types includes BOTNET, DOS, DDos attacks, Flooding attacks, Buffer
attacks, TCP-IP attacks etcâŚ
8
9. SOCIAL ENGINEERING
⢠âSocial Engineeringâ is a psychological manipulation of people in order to gather
confidential information.
⢠This is a purposeful act carried out either to misuse someoneâs personal information
to cause fraud or gain system access.
9
10. TYPES OF SOCIAL ENGINEERING
EAVESDROPPING
⢠âEavesdropping is a secretly listening to a private conversation of others without
their consent.â
⢠This is commonly unethical practice.
10
11. TYPES OF SOCIAL ENGINEERING
SHOULDER SURFING
⢠âShoulder surfing refers to using direct observation techniques such as looking over
someoneâs shoulder to get information.â
⢠It is commonly used to obtain passwords, PINs, security codes and similar types of
data.
11
12. TYPES OF SOCIAL ENGINEERING
PHISHING
⢠Phishing (pronounced âfishingâ) is a common form of bluffing in which a fake web
page is produced that looks just like a legitimate web page.
⢠The fake page is on a server under the control of the attacks.
⢠Below is the example of phishing.
12
13. TYPES OF SOCIAL ENGINEERING
SPOOFING
⢠âSpoofing is another type of bluffing where some person or program masquerades as
another.â
⢠Caller-Id spoofing, email id spoofing, IP address spoofing are commonly happening
spoofing incidences in real world.
13
14. TYPES OF SOCIAL ENGINEERING
PHARMING
⢠âPharming is advance type of social engineering where without conscious of the
innocent user the data is stolen.â
⢠In this type, the authenticated websiteâs traffic is diverted to some compromised
website by hacker.
⢠pharming.gif
14
16. PASSWORD PROTECTION
⢠Always secure your desktop with passwords.
⢠Employ strong password policies.
⢠Password should be alphanumeric and it should be more than 8 characters.
⢠Password should not include your personal information.
⢠Avoid saving your passwords and sensitive information such as credit card numbers,
policy numbers, bank account information on your computer or mobile.
16
17. HIDE CONFIDENTIAL FILES ON DISK
⢠You can secure your confidential files on desktop by hiding files on your computer.
⢠To hide files on your windows desktop:
⢠Control Panel ď Folder Options ď View ď Donât show hidden files.
⢠To unhide file on your windows desktop:
⢠Control Panel ď Folder Options ď View ď show hidden files.
17
18. TURN ON SYSTEM FIREWALL
⢠A Firewall is software or hardware that checks information coming from the
Internet or a network.
⢠It either blocks or allows that information to pass through to your computer
depending upon your firewall settings.
⢠Active firewall helps to prevent hackers from gaining access to your computer
through network or internet.
⢠To turn on firewall:
⢠Control Panel ď Windows Firewall ď Click on Turn windows firewall on/off
18
20. DATA BACKUP
⢠âBackupâ refers to the copying and archiving of computer data so it may be used
to restore the original after a data loss event.
⢠Our data may include important and confidential files such as files from the
workplace, presentations, work materials etcâŚ
⢠As there are innumerable possibilities of data getting lost, taking a regular backup
of your data is the safety practices for the computer users.
⢠Take a backup in external portable devices and protect it with passwords.
20
21. QUICK TIPS
⢠Avoid sharing personal details such as email-Id, passwords, Bank account
information on telephone.
⢠Use Recognized Instant Messengers (IM). Donât use just any.
⢠Donât click on SPAM mails, directly delete them.
⢠Regularly scan computer and external portable devices for viruses.
⢠Turn off the file sharing when your are working in the network.
⢠Always check a website name in the browser before entering your private
information.
⢠Always sign-out from your account when you are working in the internet cafÊ.
⢠Protect your computer and its hard-disk with password.
⢠Always seek guidance from expert incase of doubt.
21
22. THANK YOU
For any queries please contact me on below id:
ddprajkta@gmail.com
Prajkta G Nagapurkar
+91-8690130987
22