System security and toolsSubtopics covered :1. System Vulnerability and Abuse2. Techs. And Tools for Protecting Info Resources Group members are: 1. Karan Bhandari(39) 2. Gurshawn Singh(35) 3. Nishad Prabhu(3)
IntroductionAs we all know, Technology has tremendouslyaffected us and our way of living.Daily Mail is now Best as E-mail, Newspapersare on Large screens, Communication is highlyglobalized and storage is within the size rangeof our fingers.But, All this does come with its drawbacks…Viruses ! Trojans !
Why Systems are Vulnerable ?A set of things working together as parts of a mechanism oran interconnecting network.Due to storage of electronic data, Access points are EndlessThe potential for unauthorized access, abuse or fraud is high
Access controlTo gain access a user must be authorized andauthenticated – established by using passwordsPasswords have their disadvantagesNew technologies like tokens, smart cards, andbiometric authentication
Malicious software:Viruses, Worms, Trojan Horses and SpywareMalicious software programs are referred to asmalware and include a variety of threats such ascomputer viruses, worms and trojan horses.COMPUTER VIRUS: a rogue software program.viruses usually deliver a payload.
WORMS: are independent computer programsTROJAN HORSE: appears to be benign but then doessomething other than expected.SPYWARE: install themselves on computer to monitor useractivitiesKEYLOGGERS: record every keystroke made on a computer.
Hackers and Computer CrimeA HACKER is an individual who intends to gainunauthorized access to a computer system.Hacker vs. crackerhacker activities include theft, damage and cybervandalism.
Spoofing and SniffingHackers attempting to hide their true identities oftenspoof, or misrepresent themselvesThis is known as SPOOFING.A SNIFFER is a type of eavesdropping program thatmonitors information travelling over a network.
Denial of Service AttacksIn a DoS attack, hackers flood a network server or webserver with many thousands of false communications orrequests for services to crash the networkA Distributed denial-of-service (DDoS) attack usesnumerous computers from different launch points toinundate and overwhelm the network.
Computer CrimeComputer crime is defined by the U.S. Department ofJustice as “any violations of criminal law that involvea knowledge of computer technology for theirperpetrations, invesigation or prosecution.
Identity TheftIdentity Theft is a crime in which an imposter obtains keypieces of personal information.Popular tactic is a form of spoofing called PHISHING.EVIL TWINS and PHARMING are harder to detect.
Click Fraud & Global ThreatCLICK FRAUD: occurs when an individual or computerprogram fraudulently clicks on an online ad without anyintention of learning more about the advertiser or makinga purchase.GLOBAL THREAT: Involves Cyber terrorism and cyberwarfare.
Internet Threats: EmployeesMalicious intruders seeking system access sometimestrick employees into revealing their passwords andother information.This practice is called SOCIAL ENGINEERING.
Software VulnerabilitySoftware poses a constant threat to information systems,causing untold losses in productivity.There may be presence of hidden Bugs or Program CodeDefects.Zero defects cannot be achieved in larger programs
Technologies and tools forprotecting information resources • Securing systems • Ensuring system availability • Ensuring software quality
FirewallsCombination of hardware and software that controls trafficActs as a gatekeeperThere are a no. of firewall screening technologies like -Static packet filtering -Stateful inspection -Network address translation(NAT) -Application proxy filtering
Intrusion detection systemsPlaced at the hotspotsGenerates a alarm if it finds a suspicious or anomalouseventLooks for known methods of computer attacksDetects removal or modification of filesExamines events as they are happening
Anti-Virus and Anti-spywareChecks for presence of virusesMost softwares are effective only against known virusesAvailable widely
EncryptionTransforming plain text or data into cipher , using an encryption keyTwo methods to encrypt network traffic - Secure socket layer - Secure hypertext transfer protocolTwo alternate methods to encrypt -Symmetric key encryption -Public key encryption
Ensuring system availabilityEnsuring system and application availability is a mustfor companies eg. Airline serviceFault tolerant systems use special software to detectharware failures and automatically switch to backupShould not be confused with high availabilitycomputing