2. Introduction of CCoommppuutteerr SSeeccuurriittyy..........
What is Computer Security?
• Lock the doors and windows and you are secure
NOT
• Call the police when you feel insecure
Really?
• Computers are powerful, programmable machines
Whoever programs them controls them (and
not you)
• Networks are ubiquitous
Carries genuine as well as malicious traffic
End result: Complete computer security is
unattainable, it is a cat and mouse game;
Similar to crime vs. law enforcement.
3. Definition WWhhiicchh II DDeeffiinneedd AAbboouutt
CCoommppuutteerr SSeeccuurriittyy……
Computer Security is the protection of
computing systems and the data that User store
or access.
TThhee DDeeffiinniittiioonn FFrroomm WWiikkiippeeddiiaa
Computer security is information security as
applied to computing devices such as
computers and smart phones, as well as
computer networks such as private and public
networks, including the Internet.
4. GGooaallss OOff CCoommppuutteerr sseeccuurriittyy……..
• Integrity:
Guarantee that the data is what we expect.
•Confidentiality:
The information must just be accessible to the
authorized people.
•Reliability:
Computers should work without having unexpected
problems.
•Authentication:
Guarantee that only authorized persons can access
to the resources.
9. PPaasssswwoorrdd GGuueessssiinngg
Obvious
PPhhiisshhiinngg
Trick users into revealing security information
SSppooooffiinngg
Malicious user masquerades as authorized user
BBaacckk ddoooorr
A backdoor is a program placed by a black-hacker
that allows him to access a system. A
backdoor have many functionalities such as
keyboard-sniffer, display spying, etc.
10. BBuuffffeerr oovveerrffllooww
Defect that could cause a system to crash and
leave the user with heightened privileges
DDeenniiaall ooff sseerrvviiccee
Attach that prevents authorized user from
accessing the system
MMaann iinn tthhee mmiiddddllee
Network communication is intercepted in an
attempt to obtain key data
11. MMoorree AAttttaacckkss……
1. Packet Sniffing (Internet traffic consists of data “packets”, and
these can be “sniffed”)
2. Man in the Middle(Insert a router in the path between client and
server, and change the packets as they pass through)
3. DNS hijacking(Insert malicious routes into DNS tables to send
traffic for genuine sites to malicious sites)
4. Phishing(An evil website pretends to be a trusted website)
Example:
1. You type, by mistake, “mibank.com” instead of “mybank.com”
mibank.com designs the site to look like mybank.com so the user types
in their info as usual
2. BAD! Now an evil person has your info!
12. VViirruuss
Piece of code that automatically reproduces itself.
It’s attached to other programs or files, but
requires user intervention to propagate.
Attacks on Computer For Virus
i. Infect Executable files
ii. Infect Boot sectors
iii. Infect Documents (macros), scripts (web pages), etc.
Source of Virus
It can be create itself in computer system. It also
create with storage elements, mails, downloaded
files or shared folders.
13. WWoorrmm
Piece of code that automatically reproduces itself over the
network. It doesn’t need the user intervention to
propagate (autonomous).
Attacks on Computer For Worm
It infects computer via buffer overflow, file sharing,
configuration errors and other vulnerabilities.
What It search?
It search Email addresses, DNS, IP, network
neighborhood for hacking or Malicious
programs Backdoor, DDoS agent, etc.
14. SSoocciiaall EEnnggiinneeeerriinngg
•Manipulating a person or persons into
divulging confidential information.
Would us also have to aware about this?
1. Yes, cause Social engineers are a lot more cunning
than you.
2. It also can Happen with Corporate Executive &
Most of theme are fooled by this hackers.
16. HHooww ccaann wwee pprrootteecctt oouurr
CCoommppuutteerrss & UUss ffrroomm tthhiiss
kkiinndd ooff tthhrreeaattss....
For computer access
1. User knowledge (Name, password, PIN)
2. Smart card (A card with an embedded memory chip
used for identification)
3. Biometrics (Human characteristics such as fingerprints,
retina or voice patterns)
17. GGuuiiddeelliinnee FFoorr PPaasssswwoorrdd........
1. Easy to remember, hard to guess
2. Don’t use family or pet names
3. Don’t make it accessible
4. Use combination uppercase/lowercase letters,
digits and special characters
5. Don’t leave computer when logged in
6. Don’t ever tell anyone
7. Don’t include in an email
8. Don’t use the same password in lots of places
18. OOnn IInntteerrnneett
CAPTCHA
Software that verifies that the user is not another
computer
You have to look at a weird set of
characters and key them back in.
Why does this work?
20. Some Other Techniques of
Securing Computer....
Ensuring computer and network security
i. Cryptography
ii. Secure networks
iii. Antivirus software
iv. Firewalls
In addition, users have to practice “safe
computing”
1. Not downloading from unsafe websites
2. Not opening attachments
3. Not trusting what you see on websites
4. Avoiding Scams
21. CCrryyppttooggrraapphhyy
Secret Codes
Encryption
o Converting data to unreadable codes to prevent anyone form
accessing this information.
o Need a “key” to find the original data – keys take a few
million-trillion years to guess.
Public keys
An ingenious system of proving you know your password without
disclosing your password. Also used for digital signatures.
o Used heavily in SSL connections.
Hashing
o Creating fingerprints of documents.
22. Conclusion
Its not that easy to protect yourself or your computer
from threats & attacks. But its not that much harder
either. So just follow some rules & you are protected
from this threats & attacks.
Computer security is for protect the user. So we will
follow the rules to protect ourselves.