SlideShare a Scribd company logo

Computer Security Presentation

Download as PPTX, PDF
P
PraphullaShrestha1

This presentation includes 60+ slides that mainly deals with three Computer Security aspects i.e 1. Security Attacks and Threats 2. Security Services 3. Security Mechanisms Along with that we've also includes Security Awareness and Security Policies

Science
1 of 65
COMPUTER SECURITY Presentation By: Prarthana Manandhar Praphulla Lal Shrestha
01 Introduction To Computer Security Security Threats and Attacks Security Services 02 03 04 05 06 Security Mechanisms Security Awareness Seurity Policies
Introduction to Computer Security • Computer security basically is the protection of computer systems and information from harm, theft, and unauthorized use. • It is the process of preventing and detecting unauthorized use of your computer system. • Computer Security mainly focuses on three factors: I. Security Attacks II. Security Services III. Security Mechanisms
Why is Computer Security Important? • Cyber Crime is on the rise • Damage is Significant • Cyber Security builds trust • Our identities protect our data • Every organization has vulnerabilities.
QUICK FACTS ● 95% of Computer Security breaches are due to human error. ● There is a hacker attack every 39 seconds ● Share prices fall 7.27% on average after a breach ● Approximately $6 trillion is expected to be spent globally on cybersecurity by 2021 ● Unfilled cybersecurity jobs worldwide is already over 4 million
Security threat and security attack • Threat is a possible danger that might exploit vulnerability. The actions that cause it to occur are the security attacks. • A security attack may be a passive attack or an active attack. The aim of a passive attack is to get information from the system but it does not affect the system resources. Passive attacks are difficult to detect but can be prevented. An active attack tries to alter the system resources or affect its operations. Active attack may modify the data or create a false data. Active attacks are difficult to prevent.
Security Attacks on Users, Computer hardware and Computer Software • Attacks on users could be to the identity user and to the privacy of user. Identity attacks result in someone else acting on your behalf by using personal information like password, PIN number in an ATM, credit card number, social security number etc. Attacks on the privacy of user involve tracking of users habits and actions—the website user visits, the buying habit of the user etc. Cookies and spam mails are used for attacking the privacy of users. • Attacks on computer hardware could be due to a natural calamity like floods or earthquakes; due to power related problems like power fluctuations, etc or by destructive actions of a burglar. • Software attacks harm the data stored in the computer. Software attacks may be due to malicious software, or, due to hacking. Malicious software or malware is a software code included into the system with a purpose to harm the system. Hacking is intruding into another computer or network to perform an illegal act. This chapter will discuss the malicious software and hacking in detail.
Malicious Software Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. Malware is typically delivered in the form of a link or file over email and requires the user to click on the link or open the file to execute the malware. Malware has actually been a threat to individuals and organizations since the early 1970s when the Creeper virus first appeared A wide variety of malware types exist:- 1. Computer Viruses 2. Worms 3. Trojan Horses 4. Ransom ware 5. Java scripts and Java applets 6. Spyware, etc.
Virus • A computer virus is a computer program that, when executed, replicates itself by modifying other computer programs • It can attach itself to other healthy programs. • It is difficult to trace a virus after it has spread across a network. • Viruses can be spread through email and text message attachments, Internet file downloads, and social media scam links. • Computer viruses cause billions of dollars' worth of economic damage each year. • If a virus has entered in the system then there might be frequent pop-up windows, Frequent crashes, Unusually slow computer performance, Unknown programs that start up when you turn on your computer, Unusual activities like password changes. • Examples of virus:- Melissa, I Love You.
Worms • A computer worm is a type of malware that spreads copies of itself from computer to computer without any human interaction. • Computer worms could arrive as attachments in spam emails or instant messages (IMs). • When computer is infected with worms then it starts to take up free space of your hard drive, programs might crash, your files may be replaced or deleted. • A worm is however different from a virus. A worm does not modify a program like a virus. • Examples of worms:- Code Red, Nimda
Trojan Horse • A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. • The term “Trojan” derives from the ancient Greek story about the deceptive Trojan horse which led to the fall of the city of Troy. • A Trojan must be executed by its victim to do its work. • Trojan horses contain programs that corrupt the data or damage the files, corrupt software applications. • Trojan horse does not replicate themselves like viruses. • If your computer is breached by Trojan malware then, computer will start frequent crashing, redirected to unfamiliar websites when browsing online, increase in pop-ups.
Java Scripts, Java applets and ActiveX Controls Java Scripts • JavaScript is a dynamic computer programming language, most commonly used as a part of web pages, whose implementations allow client-side script to interact with the user and make dynamic pages. • JavaScript is widely used in Netscape, Internet Explorer, and other web browsers. • JavaScript also allows website creators to run any code they want when a user visits their website. • Cyber criminals frequently manipulate the code on countless websites to make it perform malicious functions. If we’re browsing a malfunctioned website, the attackers can easily get access to our device.
Java Applets and ActiveX Controls • Applets (Java programs), and ActiveX controls are used with Microsoft technology, generally used to provide added functionality such as sound and animation which are inserted in Web page. • Anyone who uses the Internet will eventually access websites that contain mobile code. • If these programs are designed with a malicious intention, then it can be disastrous for the client machine. • Java’s design and security measures are better designed and inherently safer than ActiveX, which provides very few restrictions on the developer.
Hacking • Hacking is the activity of identifying weaknesses in a computer system or a network to exploit the security to gain access to personal data or business data. • Hackers are the one who are responsible for hacking and are increasingly growing in sophistication, using stealthy attack methods designed to go completely unnoticed by cyber security software and IT teams. • Hacking is not always done for malicious purposes, nowadays most references to hacking as unlawful activity by cybercriminals motivated by financial gain, protest, spying, and even just for the “fun” of the challenge. • Nowadays, hacking has become a multibillion-dollar industry with extremely sophisticated and successful techniques • There are various ways hackers invade our privacy by packet sniffing, email hacking, password cracking.
Packet Sniffing • The act of capturing data packet across the computer network is called packet sniffing. • It is mostly used by crackers and hackers to collect information illegally about network. It is also used by ISPs, advertisers and governments. • Packet sniffing attacks normally go undetected. • Ethereal and Zx Sniffer are some freeware packet sniffers. • Telnet, FTP, SMTP are some services that are commonly sniffed.
Password Cracking • Password cracking is the process of guessing the correct password to an account in an unauthorized way. • Password cracking can be done for several reasons, but the most malicious reason is in order to gain unauthorized access to a computer without the computer owner’s awareness. • One of the most common types of password attacks is a dictionary attack. • The password is generally stored in the system in an encrypted form. Password cracker is an application that tries to obtain a password
Email Hacking • Email hacking is the unauthorized access to, or manipulation of an account or email correspondence. • Fraudster get our email by tricking us into clicking on a link in an SMS or email. • Once they access your account, they read all your correspondence, have access to all your contacts and send emails from your account. • Hackers use packet replay to retransmit message packets over a network. Packet replay may cause serious security threats to programs that require authentication sequences.
SECURITY SERVICES • The security services provide specific kind of protection to system resources. • Security services ensure Confidentiality, Integrity, Authentication, and Non- Repudiation of data or message stored on the computer, or when transmitted over the network. • Additionally, it provides assurance for access control and availability of resources to its authorized users. Security Services Confidenti ality Integrity Authentic ation Non- Repudiation Access Control Availability
THE CIA TRIAD Computer security is mainly concerned with these three main areas: 1. Confidentiality is ensuring that information is available only to the intended audience 2.Integrity is protecting information from being modified by unauthorized parties 3.Availability is making data and resources requested by authorized users available to them when requested.
CONFIDENTIALITY Typically, this involves ensuring that only those who are authorized have access to specific assets and that those who are unauthorized are actively prevented from obtaining access. Confidentiality can be violated in many ways, for example, through direct attacks designed to gain unauthorized access to systems, applications, and databases in order to steal or tamper with data. A failure to maintain confidentiality means that someone who shouldn’t have access has managed to get access to private information. 01 Some information security basics to keep your data confidential are: Encryption Password Two-factor authentication Biometric verification
INTEGRITY Integrity is about ensuring that data has not been tampered with and, therefore, can be trusted. It is correct, authentic, and reliable. Ecommerce customers, for example, expect product and pricing information to be accurate, and that quantity, pricing, availability, and other information will not be altered after they place an order. Ensuring integrity involves protecting data in use, in transit (such as when sending an email or uploading or downloading a file), and when it is stored, whether on a laptop, a portable storage device, in the data center, or in the cloud. Integrity goes hand in hand with the concept of non- repudiation: the inability to deny something. Non-repudiation assists in ensuring integrity. 02 Some security controls designed to maintain the information include: Encryption User access controls Version control Backup and recovery procedures Error detection software
AVAILABILITY Simply, availability means that networks, systems, and applications are up and running. It ensures that authorized users have timely, reliable access to resources when they are needed. Many things can jeopardize availability, including hardware or software failure, power failure, natural disasters, and human error. Perhaps the most well-known attack that threatens availability is the Denial-of-service attack In Denial of service attack the performance of a system, website, web-based application, or web-based service is intentionally and maliciously degraded, or the system becomes completely unreachable. To prevent data loss from such occurrences, a backup copy may be stored in a geographically isolated location, perhaps even in a fireproof, waterproof safe. 03 Encryption Password Two-factor authentication Biometric verification
OTHER SECURITY SERVICES Authentication: It is the process of ensuring and confirming the identity of the user before revealing any information to the user. Authentication is facilitated by the use of username and password, smart cards, biometric methods like retina scanning and fingerprints. Non-Repudiation: Basically, to repudiate means to deny. Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.
SECURITY MECHANISMS Security mechanisms are technical tools and techniques that are used to implement security services. A mechanism might operate by itself, or with others, to provide a particular service. Security mechanisms deal with prevention, detection, and recovery from a security attack.
SECURITY MECHANISMS Intoduction INTRUSION DETECTION SYSTEM Functions Types Username and Password Smart Card Biometrics USER IDENTIFICATION AND AUTHENTICATION Secret Key Cryptography Public Key Cryptography Hash Functions CRYPTOGRAPHY FIREWALL Introduction DIGITAL SIGNATURE Virus Protection Software Data and Information Backups Secure Socket Layer(SSL) IP Security Protocol OTHER MECHANISMS 1. 2. 3. 4. 5. 6.
● The prefix “crypt” means “hidden” and suffix “graphy” means “writing”. So Cryptography is the science of writing information in “hidden” or “secret” form. ● Cryptography is necessary when communicating data over any network, particularly the Internet. ● It protects the data in transit and also the data stored on the disk. CRYPTOGRAPHY
COMMON TERMS USED IN CRYPTOGRAPHY Plaintext Cipher and Code Cipher Text It is the coded message or the encrypted data. Encryption Decryption Cipher is an algorithm for performing encryption or decryption. A cipher converts the original message, called plaintext, into cipher text using a key. Plaintext is ordinary readable text i.e. unencrypted data Encryption is the process of converting normal message (plaintext) into meaningless message (Cipher text). Decryption is the process of converting meaningless message (Cipher text) into its original form (Plaintext). Plain Text Encryption Cipher Text Decryption Plain Text Readable format Non- encrypted data Readable format Non- encrypted data Non- Readable format Encrypted data ALICE BOB HARRY
CRYPTOGRAPHIC KEY ● A cryptographic key is a string of bits used by a cryptographic algorithm to transform plain text into cipher text or vice versa. ● Like a physical key, it locks (encrypts) data so that only someone with the right key can unlock (decrypt) it. ● The size of key is also important. The larger the key, the harder it is to crack a block of encrypted data. ● The three cryptographic schemes are as follows: ○ Secret Key Cryptography (SKC) ○ Public Key Cryptography (PKC) ○ Hash Functions Shift by 3 Attack Dwwdfn
SECRET KEY CRYPTOGRAPHY • Secret-key cryptography is also called symmetric cryptography because the same key is used to both encrypt and decrypt the data. • In this type of cryptography the same key is used by both parties. • The sender uses this key and an encryption algorithm to encrypt data; the receiver uses the same key and the corresponding decryption algorithm to decrypt the data. • One of the big issues with secret key cryptography is the logistical dilemma of how to get the key from one party to the other without giving access to the attacker. • Secret key cryptography scheme are generally categorized as • Stream Ciphers • Block Ciphers.
STREAM CIPHER AND BLOCK CIPHER Stream Cipher • Stream ciphers convert one symbol of plaintext directly into a symbol of cipher text. • It converts one byte of plain text at a time. • Uses 8 bits at a time. • It is easier to reverse the encrypted text to plain text. • Stream cipher is fast in comparison to block cipher. Block Cipher • Block Cipher encrypt a group of plaintext symbols as one block. • It converts plaintext block wise at a time. • Uses 64 bits or more at a time. • It is difficult to reverse the encrypted text to plain text • Block cipher is slow as compared to stream cipher.
PUBLIC KEY CRYPTOGRAPHY • In public-key cryptography, there are two keys: a private key and a public key. • The public key can be shared freely and may be known publicly. • The private key is never revealed to anyone and is kept secret. • The two keys are mathematically related although knowledge of one key does not allow someone to easily determine the other key. • Because a pair of keys is required for encryption and decryption; public-key cryptography is also called asymmetric encryption.
HASH FUNCTIONS • Hash functions are one-way encryption algorithms that, in some sense, use no key. • The meaning of the verb “to hash” – to chop or scramble something , that means hash functions “scramble” data and convert it into a numerical value. • No matter how long the input is, the output value is always of the same length. • Hash functions are generally used to ensure that the file has not been altered by an intruder or virus.
34 A Video will explain this much clearly
DIGITAL SIGNATURE Bring the attention of your audience over a key concept using icons or illustrations 35 In the physical world, it is common to use handwritten signatures on handwritten or typed messages. They are used to bind signatory to the message. Similarly, a digital signature is a technique that binds a person/entity to the digital data. This binding can be independently verified by receiver as well as any third party. Digital signature is a cryptographic value that is calculated from the data and a secret key known only by the signer. Digital signatures are easy for a user to produce, but difficult for anyone else to forge. Digital signature scheme is a type of asymmetric cryptography. Digital signatures use the public- key cryptography, which employs two keys—private key and public key.
36 How do Digital Signatures Work? ALICE BOB
37 How do Digital Signatures Work? Contd… • Each person adopting this scheme has a public-private key pair. • Generally, the key pairs used for encryption/decryption and signing/verifying are different. The private key used for signing is referred to as the signature key and the public key as the verification key. • Signer feeds data to the hash function and generates hash of data. • Hash value and signature key are then fed to the signature algorithm which produces the digital signature on given hash. Signature is appended to the data and then both are sent to the verifier. • Verifier feeds the digital signature and the verification key into the verification algorithm. The verification algorithm gives some value as output. • Verifier also runs same hash function on received data to generate hash value. • For verification, this hash value and output of verification algorithm are compared. Based on the comparison result, verifier decides whether the digital signature is valid. • Since digital signature is created by ‘private’ key of signer and no one else can have this key; the signer cannot repudiate signing the data in future.
38 Importance of Digital Signature Contd… Out of all cryptographic primitives, the digital signature using public key cryptography is considered as very important and useful tool to achieve information security. Some importance of Digital Security can be listed as follows: Message authentication − When the verifier validates the digital signature using public key of a sender, he is assured that signature has been created only by sender who possess the corresponding secret private key and no one else. Data Integrity − In case an attacker has access to the data and modifies it, the digital signature verification at receiver end fails. The hash of modified data and the output provided by the verification algorithm will not match. Hence, receiver can safely deny the message assuming that data integrity has been breached. Non-repudiation − Since it is assumed that only the signer has the knowledge of the signature key, he can only create unique signature on a given data. Thus the receiver can present data and the digital signature to a third party as evidence if any dispute arises in the future.
39 A Video will explain this much clearly
A firewall is a network security mechanism that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers. A firewall can be a hardware component, a software component, or a combination of both. FIREWALL
Functions of Firewall • As a Network Security Post. All traffic that enters or exits the network must go through a firewall as a security post that will conduct an inspection. • It prevents valuable information from being leaked without knowing. In this case, a firewall is useful to prevent users on the network from sending valuable confidential files to other parties. • Firewalls can be used for hiding the structure and contents of a local network from external users. • It prevents modification of other Party Data. For example in business matters for financial statement information, product specifications, and others that are company secrets and will have a negative impact if known to other parties. Firewall prevents modification of these data so that they remain safe.
How Firewall Works Firewall match the network traffic against the rule set defined in its table. Once the rule is matched, associate action is applied to the network traffic. From the perspective of a server, network traffic can be either outgoing or incoming. Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic, originated from the server itself, allowed to pass. Incoming traffic is treated differently. Most traffic which reaches on the firewall is one of these three major Transport Layer protocols- TCP(Transmission Control Protocol) UDP(User Datagram Protocol) or ICMP(Internet Control Message Protocol). All these types have a source address and destination address. Also, TCP and UDP have port numbers. ICMP uses type code instead of port number which identifies purpose of that packet.
02 03 01 Types of Firewall Packet Filter Firewall (First Generation) Circuit Filter Firewall (Second Generation) Application- Level Gateway (Third Generation)
Packet Filter Firewall Packet filtering firewall is used to control network access by monitoring outgoing and incoming packet and allowing them to pass or stop based on source and destination IP address, protocols and ports. The IP packet header is checked for the source and the destination IP addresses and the port combinations. Packet firewalls treat each packet in isolation. They have no ability to tell whether a packet is part of an existing stream of traffic. Only It can allow or deny the packets based on unique packet headers. Packet filtering is fast, easy to use, simple and cost effective. A majority of routers in the market provide packet filtering capability. It is used in small and medium businesses. 01
Packet Filter Firewall 01 Contd… Packet filtering firewall maintains a filtering table which decides whether the packet will be forwarded or discarded. From the given filtering table, the packets will be Filtered according to following rules: Incoming packets from network 192.168.21.0 are blocked. Incoming packets destined for internal TELNET server (port 23) are blocked. Incoming packets destined for host 192.168.21.3 are blocked. All well-known services to the network 192.168.21.0 are allowed.
Circuit Filter Firewall 02 Where packet filter firewall examines the packet headers, circuit filter firewalls examine a variety of elements of each data packet and compare them to a database of trusted information. So the filtering decisions would not only be based on defined rules, but also on packet’s history in the state table. These elements include source and destination IP addresses, ports, and applications. Incoming data packets are required to sufficiently match the trusted information in order to be allowed through the firewall. Since this firewall does a lot of inspection it is also known as a “stateful inspection” firewall. TCP Request TCP Request TCP Response TCP Response
Application- Level Gateway 03 Application- Level Gateway is also called Proxy Server. A proxy server is a type of gateway that hides the true network address of the computer(s) connecting through it. A proxy server creates a virtual connection between the source and the destination hosts. The client must send a request to the firewall, where it is then evaluated against a set of security rules and then permitted or blocked. Most notably, proxy firewalls monitor traffic for layer 7 protocols such as HTTP and FTP, and use both stateful and deep packet inspection to detect malicious traffic. Application level gateways or proxy server
BASIC SLIDES Elementary Layouts Users Identification and Authentication Identification is the ability to identify uniquely a user of a system or an application that is running in the system. Authentication is the ability to prove that a user or application is genuinely who that person or what that application claims to be. For example, consider a user who logs on to a system by entering a user ID and password. The system uses the user ID to identify the user. The system authenticates the user at the time of logon by checking that the supplied password is correct. We will briefly discuss the following 3 authentication mechanisms: i. User name and password ii. Smart Card iii. Biometrics—Fingerprints, Iris/retina scan
PICTURES PLACEHOLDERS Username and Passwords • The combination of username and password is the most common method of user identification and authentication. • The systems that use password authentication first require the user to have a username and a password. • Next time, when the user uses the system, user enters their username and password. • The system checks the username and password by comparing it to the stored password for that username. • If it matches, the user is authenticated and is granted access to the system
CLOSURE SLIDES Ways to Make Passwords Safe The problem with password is that, for them to be effective, they need to be an uncommon word, of eight letters or more and not used anywhere else. According to Microsoft’s TechNet, for a password to be effective, it needs to meet the following criteria: • Changed every 60 days • At least eight characters long • Use both upper and lower case characters • Contain a combination of alphanumeric characters and symbols • Unique (only used for this particular profile/website) • Stored using a reversible encryption. According to CERT, approximately 80% of all network security issues are caused by bad passwords. Any invalid user if gets to know of a valid password can get access to the system and a simple password can be easily cracked.
A smart card is a physical card that has an embedded integrated chip that acts as a security token. Smart cards are typically the same size as a driver's license or credit card and can be made out of metal or plastic. Smart cards are used for a variety of applications, though most commonly are used for credit cards and other payment cards. Smart cards are used in secure identity applications like employee-ID badges, citizen-ID documents, electronic passports, driver license and online authentication devices. SMART CARD
• Smart card microprocessors or memory chips exchange data with card readers and other systems over a serial interface. The smart card itself is powered by an external source, usually the smart card reader. • A smart card communicates with readers either via direct physical contact or using a short- range wireless connectivity standard such as RFID or NFC. • The card reader then passes data from the smart card to its intended destination, usually a payment or authentication system connected to the smart card reader over a network connection. How Smart Cards Work?
Biometrics is the science and technology of measuring and statistically analyzing biological data. Biometric devices are for “authentication and verification” of an individual with the help of the unique, measurable and biological trait of that individual. • Three Types of Biometrics Security We can mostly label biometrics into three groups: i. Biological biometrics (use traits at a genetic and molecular level which may include features like DNA or your blood) ii. Morphological biometrics ( involve the structure of your body. More physical traits like your eye, fingerprint, or the shape of your face) iii. Behavioral biometrics (based on patterns unique to each person. How you walk, speak, or even type on a keyboard ) Biometric Techniques
Facial Recognition Voice Recognition Fingerprint Scanning Iris Rcognition
Intrusion Detection System 55 Intrusion basically refers to any unauthorized activity. An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. It is a software application that scans a network or a system for harmful activity or policy breaching. Any malicious activity or violation is typically reported or collected centrally using a security information and event management system.
Detection Method of IDS 56 1.Signature-based Method: Signature-based IDS detects the attacks on the basis of the specific patterns such as number of bytes or number of 1’s or number of 0’s in the network traffic. It also detects on the basis of the already known malicious instruction sequence that is used by the malware. The detected patterns in the IDS are known as signatures. Signature- based IDS can easily detect the attacks whose pattern (signature) already exists in system but it is quite difficult to detect the new malware attacks as their pattern (signature) is not known.
Detection Method of IDS 57 2. Anomaly-based Method: Anomaly-based IDS was introduced to detect the unknown malware attacks as new malware are developed rapidly. In anomaly-based IDS there is use of machine learning to create a trustful activity model and anything coming is compared with that model and it is declared suspicious if it is not found in model. Machine learning based method has a better generalized property in comparison to signature-based IDS as these models can be trained according to the applications and hardware configurations.
The aim of security awareness is to enhance security of the organization’s resources by improving the awareness of the need to secure system resources Security awareness teaches users to spot phishing, avoid risks online, and use good cyber- hygiene practices at work and at home. In order to make the users and people in an organization aware of the security practices to be followed, frequent training programs should be conducted in organizations. SECURITY AWARENESS
Security Policies • A security policy is a written document in an organization outlining how to protect the organization from threats, including computer security threats, and how to handle situations when they do occur. • To be practical and implementable, policies must be defined by standards, guidelines, and procedures. • The security policy states what is, and what is not allowed. A security policy must be comprehensive, up-to-date, complete, delivered effectively, and available to all staff. • Generally, security policies are included within a security plan. A security plan details how the rules put forward by the security policy will be implemented • The security policy also includes physical security of the computers.
Formulation of Security Policies Security policies are defined based on an organization’s needs. A security policy includes approaches and techniques that an organization is going to apply or include in order to secure its resources. The steps followed while formulating the security policy are: • Analyzing Current Security Policies: The vulnerabilities and the current security policies must be analyzed by the security administrators before defining an effective security policy. The security administrator is required to study the existing documents containing details of the physical security policies, network security policies, data security policies, disaster recovery plans, and contingency plans.
• Identifying IT Assets that Need to be Secure The security administrator must identify the IT resources of an organization that need to be secure. It may include the following: oPhysical resources like computers, servers like database servers and web servers, local networks that are used to share the local computer with the remote computer, private networks shared by two or more organizations, corporate network permanently connected to the Internet, laptop, manuals, backup media, communication equipment, network cables, and CDs. oInformation resources like password, data, or applications. The data of an organization can be classified for security purposes based upon the sensitivity and the integrity of data. For example, public information, internal information, confidential information, and secret information.
• Identifying Security Threats and Likely Security Attacks After identifying the IT assets and classifying them, a security administrator must identify the various security threats to the assets. For example, in a bank the security threat to the database storing the account details of the customers may be: 1. Unauthorized access to information 2. Attacks of viruses 3. Worms and Trojan horses 4. Natural disasters like earthquake, fire etc.
• Defining the Proactive and Reactive Security Strategies A proactive strategy is a pre-attack strategy. It involves identifying possible damage from each type of attack, determining the vulnerabilities that each type of attack can exploit, minimizing those vulnerabilities and making a contingency plan. A contingency plan specifies the actions to be taken in case an attack penetrates into a system and damages the IT assets of the organization. A contingency plan aims at keeping the computer functional and ensuring the availability, integrity, and confidentiality of data. However, it is not possible for the security administrator to prepare a computer against all attacks. A reactive strategy is implemented on the failure of the proactive strategy. It defines the steps to be taken after the attack. It aims at identifying the cause of attack, vulnerabilities used to attack the system, damage caused by the attack, and repairing of the damage caused by the attack.
• Computer Fundamentals, Anita Goel, Pearson Education India • Introduction to Computers, Peter Norton, • Confidentiality, Integrity, & Availability: Basics of Information Security | Smart Eye Technology • What Is The CIA Triad? (f5.com) • Cryptography Digital signatures - Tutorialspoint • https://www.edureka.co/blog/what-is-computer-security/ • https://en.wikipedia.org/wiki/Malware • https://www.guru99.com/what-is-hacking-an-introduction.html • https://www.geeksforgeeks.org/what-is-packet-sniffing/ • https://www.techopedia.com/definition/4044/password-cracking References
Thank You! Do you have any questions? Feel free to ask!

Recommended

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Computer security
Computer securityComputer security
Computer securityAyesha Arshad
 
Computer Security
Computer SecurityComputer Security
Computer SecurityFrederik Questier
 
Computer security
Computer securityComputer security
Computer securityEktaVaswani2
 
Cyber security
Cyber securityCyber security
Cyber securityHarsh verma
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 

Recommended

INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Computer security
Computer securityComputer security
Computer securityAyesha Arshad
 
Computer Security
Computer SecurityComputer Security
Computer SecurityFrederik Questier
 
Computer security
Computer securityComputer security
Computer securityEktaVaswani2
 
Cyber security
Cyber securityCyber security
Cyber securityHarsh verma
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety Sadaf Walliyani
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
Internet security
Internet securityInternet security
Internet securityMohamed El-malki
 
Cybersecurity PowerPoint Presentation
Cybersecurity PowerPoint PresentationCybersecurity PowerPoint Presentation
Cybersecurity PowerPoint PresentationRitik Kumar
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityVivek Agarwal
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYVaishak Chandran
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationParab Mishra
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Web Security
Web SecurityWeb Security
Web SecurityBharath Manoharan
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security PresentationHaniyaMaha
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityarun alfie
 
Data security
Data securityData security
Data securitySoumen Mondal
 
Network security ppt
Network security pptNetwork security ppt
Network security pptOECLIB Odisha Electronics Control Library
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 
Mobile security
Mobile securityMobile security
Mobile securitydilipdubey5
 
Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber securityAvani Patel
 
CYBER SECURITY
CYBER SECURITY CYBER SECURITY
CYBER SECURITY Ashish prashar
 

More Related Content

What's hot

Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety Sadaf Walliyani
 
Cybersecurity PowerPoint Presentation
Cybersecurity PowerPoint PresentationCybersecurity PowerPoint Presentation
Cybersecurity PowerPoint PresentationRitik Kumar
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationParab Mishra
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security PresentationHaniyaMaha
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityarun alfie
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentationBijay Bhandari
 

What's hot (20)

Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Internet security
Internet securityInternet security
Internet security
 
Cybersecurity PowerPoint Presentation
Cybersecurity PowerPoint PresentationCybersecurity PowerPoint Presentation
Cybersecurity PowerPoint Presentation
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Network security
Network securityNetwork security
Network security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Web Security
Web SecurityWeb Security
Web Security
 
Network security
Network securityNetwork security
Network security
 
Types of attacks
Types of attacksTypes of attacks
Types of attacks
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
Data security
Data securityData security
Data security
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
Cyber security presentation
Cyber security presentationCyber security presentation
Cyber security presentation
 
Mobile security
Mobile securityMobile security
Mobile security
 

Similar to Computer Security Presentation

Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber securityAvani Patel
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber securitySumanPramanik7
 
Information & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. onlineInformation & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. onlineSumanPramanik7
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Online access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.GauthamOnline access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.GauthamJoelGautham
 
What are various types of cyber attacks
What are various types of cyber attacksWhat are various types of cyber attacks
What are various types of cyber attackskanika sharma
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & securityAvani Patel
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Basic practices for information & computer security
Basic practices for information & computer securityBasic practices for information & computer security
Basic practices for information & computer securityPrajktaGN
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicpiyushkamble6
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
lecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxlecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxZarwashgulrez
 

Similar to Computer Security Presentation (20)

Ppt on cyber security
Ppt on cyber securityPpt on cyber security
Ppt on cyber security
 
CYBER SECURITY
CYBER SECURITY CYBER SECURITY
CYBER SECURITY
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber security
 
Information & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. onlineInformation & cyber security, Winter training ,bsnl. online
Information & cyber security, Winter training ,bsnl. online
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Computer security
Computer securityComputer security
Computer security
 
ppt pdf ajay.pdf
ppt pdf ajay.pdfppt pdf ajay.pdf
ppt pdf ajay.pdf
 
Online access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.GauthamOnline access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.Gautham
 
What are various types of cyber attacks
What are various types of cyber attacksWhat are various types of cyber attacks
What are various types of cyber attacks
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Basic practices for information & computer security
Basic practices for information & computer securityBasic practices for information & computer security
Basic practices for information & computer security
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 
lecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptxlecture-11-30052022-103626am.pptx
lecture-11-30052022-103626am.pptx
 
Cyber security(2018 updated)
Cyber security(2018 updated)Cyber security(2018 updated)
Cyber security(2018 updated)
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
internet securityand cyber law Unit2
internet securityand cyber law Unit2internet securityand cyber law Unit2
internet securityand cyber law Unit2
 

Recently uploaded

Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Nistarini College, Purulia (W.B) India
 
Grafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real timeGrafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real timeSatoshi NAKAHIRA
 
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...lizamodels9
 
Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.aasikanpl
 
Call Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCR
Call Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCRCall Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCR
Call Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCRlizamodels9
 
TOPIC 8 Temperature and Heat.pdf physics
TOPIC 8 Temperature and Heat.pdf physicsTOPIC 8 Temperature and Heat.pdf physics
TOPIC 8 Temperature and Heat.pdf physicsssuserddc89b
 
Behavioral Disorder: Schizophrenia & it's Case Study.pdf
Behavioral Disorder: Schizophrenia & it's Case Study.pdfBehavioral Disorder: Schizophrenia & it's Case Study.pdf
Behavioral Disorder: Schizophrenia & it's Case Study.pdfSELF-EXPLANATORY
 
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)riyaescorts54
 
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdf
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdfPests of Blackgram, greengram, cowpea_Dr.UPR.pdf
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdfPirithiRaju
 
Davis plaque method.pptx recombinant DNA technology
Davis plaque method.pptx recombinant DNA technologyDavis plaque method.pptx recombinant DNA technology
Davis plaque method.pptx recombinant DNA technologycaarthichand2003
 
FREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by naFREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by naJASISJULIANOELYNV
 
Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?Patrick Diehl
 
User Guide: Orion™ Weather Station (Columbia Weather Systems)
User Guide: Orion™ Weather Station (Columbia Weather Systems)User Guide: Orion™ Weather Station (Columbia Weather Systems)
User Guide: Orion™ Weather Station (Columbia Weather Systems)Columbia Weather Systems
 
Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024AyushiRastogi48
 
Topic 9- General Principles of International Law.pptx
Topic 9- General Principles of International Law.pptxTopic 9- General Principles of International Law.pptx
Topic 9- General Principles of International Law.pptxJorenAcuavera1
 
Speech, hearing, noise, intelligibility.pptx
Speech, hearing, noise, intelligibility.pptxSpeech, hearing, noise, intelligibility.pptx
Speech, hearing, noise, intelligibility.pptxpriyankatabhane
 
STOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptx
STOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptxSTOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptx
STOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptxMurugaveni B
 
Analytical Profile of Coleus Forskohlii | Forskolin .pptx
Analytical Profile of Coleus Forskohlii | Forskolin .pptxAnalytical Profile of Coleus Forskohlii | Forskolin .pptx
Analytical Profile of Coleus Forskohlii | Forskolin .pptxSwapnil Therkar
 
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptxRESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptxFarihaAbdulRasheed
 

Recently uploaded (20)

Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...Bentham & Hooker's Classification. along with the merits and demerits of the ...
Bentham & Hooker's Classification. along with the merits and demerits of the ...
 
Grafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real timeGrafana in space: Monitoring Japan's SLIM moon lander in real time
Grafana in space: Monitoring Japan's SLIM moon lander in real time
 
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
Best Call Girls In Sector 29 Gurgaon❤️8860477959 EscorTs Service In 24/7 Delh...
 
Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
Call Girls in Munirka Delhi 💯Call Us 🔝9953322196🔝 💯Escort.
 
Call Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCR
Call Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCRCall Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCR
Call Girls In Nihal Vihar Delhi ❤️8860477959 Looking Escorts In 24/7 Delhi NCR
 
TOPIC 8 Temperature and Heat.pdf physics
TOPIC 8 Temperature and Heat.pdf physicsTOPIC 8 Temperature and Heat.pdf physics
TOPIC 8 Temperature and Heat.pdf physics
 
Behavioral Disorder: Schizophrenia & it's Case Study.pdf
Behavioral Disorder: Schizophrenia & it's Case Study.pdfBehavioral Disorder: Schizophrenia & it's Case Study.pdf
Behavioral Disorder: Schizophrenia & it's Case Study.pdf
 
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
(9818099198) Call Girls In Noida Sector 14 (NOIDA ESCORTS)
 
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdf
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdfPests of Blackgram, greengram, cowpea_Dr.UPR.pdf
Pests of Blackgram, greengram, cowpea_Dr.UPR.pdf
 
Davis plaque method.pptx recombinant DNA technology
Davis plaque method.pptx recombinant DNA technologyDavis plaque method.pptx recombinant DNA technology
Davis plaque method.pptx recombinant DNA technology
 
FREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by naFREE NURSING BUNDLE FOR NURSES.PDF by na
FREE NURSING BUNDLE FOR NURSES.PDF by na
 
Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?Is RISC-V ready for HPC workload? Maybe?
Is RISC-V ready for HPC workload? Maybe?
 
User Guide: Orion™ Weather Station (Columbia Weather Systems)
User Guide: Orion™ Weather Station (Columbia Weather Systems)User Guide: Orion™ Weather Station (Columbia Weather Systems)
User Guide: Orion™ Weather Station (Columbia Weather Systems)
 
Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024Vision and reflection on Mining Software Repositories research in 2024
Vision and reflection on Mining Software Repositories research in 2024
 
Topic 9- General Principles of International Law.pptx
Topic 9- General Principles of International Law.pptxTopic 9- General Principles of International Law.pptx
Topic 9- General Principles of International Law.pptx
 
Speech, hearing, noise, intelligibility.pptx
Speech, hearing, noise, intelligibility.pptxSpeech, hearing, noise, intelligibility.pptx
Speech, hearing, noise, intelligibility.pptx
 
STOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptx
STOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptxSTOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptx
STOPPED FLOW METHOD & APPLICATION MURUGAVENI B.pptx
 
Analytical Profile of Coleus Forskohlii | Forskolin .pptx
Analytical Profile of Coleus Forskohlii | Forskolin .pptxAnalytical Profile of Coleus Forskohlii | Forskolin .pptx
Analytical Profile of Coleus Forskohlii | Forskolin .pptx
 
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Munirka Delhi 💯Call Us 🔝8264348440🔝
 
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptxRESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
RESPIRATORY ADAPTATIONS TO HYPOXIA IN HUMNAS.pptx
 

Computer Security Presentation

  • 2. 01 Introduction To Computer Security Security Threats and Attacks Security Services 02 03 04 05 06 Security Mechanisms Security Awareness Seurity Policies
  • 3. Introduction to Computer Security • Computer security basically is the protection of computer systems and information from harm, theft, and unauthorized use. • It is the process of preventing and detecting unauthorized use of your computer system. • Computer Security mainly focuses on three factors: I. Security Attacks II. Security Services III. Security Mechanisms
  • 4. Why is Computer Security Important? • Cyber Crime is on the rise • Damage is Significant • Cyber Security builds trust • Our identities protect our data • Every organization has vulnerabilities.
  • 5. QUICK FACTS ● 95% of Computer Security breaches are due to human error. ● There is a hacker attack every 39 seconds ● Share prices fall 7.27% on average after a breach ● Approximately $6 trillion is expected to be spent globally on cybersecurity by 2021 ● Unfilled cybersecurity jobs worldwide is already over 4 million
  • 6. Security threat and security attack • Threat is a possible danger that might exploit vulnerability. The actions that cause it to occur are the security attacks. • A security attack may be a passive attack or an active attack. The aim of a passive attack is to get information from the system but it does not affect the system resources. Passive attacks are difficult to detect but can be prevented. An active attack tries to alter the system resources or affect its operations. Active attack may modify the data or create a false data. Active attacks are difficult to prevent.
  • 7. Security Attacks on Users, Computer hardware and Computer Software • Attacks on users could be to the identity user and to the privacy of user. Identity attacks result in someone else acting on your behalf by using personal information like password, PIN number in an ATM, credit card number, social security number etc. Attacks on the privacy of user involve tracking of users habits and actions—the website user visits, the buying habit of the user etc. Cookies and spam mails are used for attacking the privacy of users. • Attacks on computer hardware could be due to a natural calamity like floods or earthquakes; due to power related problems like power fluctuations, etc or by destructive actions of a burglar. • Software attacks harm the data stored in the computer. Software attacks may be due to malicious software, or, due to hacking. Malicious software or malware is a software code included into the system with a purpose to harm the system. Hacking is intruding into another computer or network to perform an illegal act. This chapter will discuss the malicious software and hacking in detail.
  • 8. Malicious Software Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. Malware is typically delivered in the form of a link or file over email and requires the user to click on the link or open the file to execute the malware. Malware has actually been a threat to individuals and organizations since the early 1970s when the Creeper virus first appeared A wide variety of malware types exist:- 1. Computer Viruses 2. Worms 3. Trojan Horses 4. Ransom ware 5. Java scripts and Java applets 6. Spyware, etc.
  • 9. Virus • A computer virus is a computer program that, when executed, replicates itself by modifying other computer programs • It can attach itself to other healthy programs. • It is difficult to trace a virus after it has spread across a network. • Viruses can be spread through email and text message attachments, Internet file downloads, and social media scam links. • Computer viruses cause billions of dollars' worth of economic damage each year. • If a virus has entered in the system then there might be frequent pop-up windows, Frequent crashes, Unusually slow computer performance, Unknown programs that start up when you turn on your computer, Unusual activities like password changes. • Examples of virus:- Melissa, I Love You.
  • 10. Worms • A computer worm is a type of malware that spreads copies of itself from computer to computer without any human interaction. • Computer worms could arrive as attachments in spam emails or instant messages (IMs). • When computer is infected with worms then it starts to take up free space of your hard drive, programs might crash, your files may be replaced or deleted. • A worm is however different from a virus. A worm does not modify a program like a virus. • Examples of worms:- Code Red, Nimda
  • 11. Trojan Horse • A Trojan horse or Trojan is a type of malware that is often disguised as legitimate software. • The term “Trojan” derives from the ancient Greek story about the deceptive Trojan horse which led to the fall of the city of Troy. • A Trojan must be executed by its victim to do its work. • Trojan horses contain programs that corrupt the data or damage the files, corrupt software applications. • Trojan horse does not replicate themselves like viruses. • If your computer is breached by Trojan malware then, computer will start frequent crashing, redirected to unfamiliar websites when browsing online, increase in pop-ups.
  • 12. Java Scripts, Java applets and ActiveX Controls Java Scripts • JavaScript is a dynamic computer programming language, most commonly used as a part of web pages, whose implementations allow client-side script to interact with the user and make dynamic pages. • JavaScript is widely used in Netscape, Internet Explorer, and other web browsers. • JavaScript also allows website creators to run any code they want when a user visits their website. • Cyber criminals frequently manipulate the code on countless websites to make it perform malicious functions. If we’re browsing a malfunctioned website, the attackers can easily get access to our device.
  • 13. Java Applets and ActiveX Controls • Applets (Java programs), and ActiveX controls are used with Microsoft technology, generally used to provide added functionality such as sound and animation which are inserted in Web page. • Anyone who uses the Internet will eventually access websites that contain mobile code. • If these programs are designed with a malicious intention, then it can be disastrous for the client machine. • Java’s design and security measures are better designed and inherently safer than ActiveX, which provides very few restrictions on the developer.
  • 14. Hacking • Hacking is the activity of identifying weaknesses in a computer system or a network to exploit the security to gain access to personal data or business data. • Hackers are the one who are responsible for hacking and are increasingly growing in sophistication, using stealthy attack methods designed to go completely unnoticed by cyber security software and IT teams. • Hacking is not always done for malicious purposes, nowadays most references to hacking as unlawful activity by cybercriminals motivated by financial gain, protest, spying, and even just for the “fun” of the challenge. • Nowadays, hacking has become a multibillion-dollar industry with extremely sophisticated and successful techniques • There are various ways hackers invade our privacy by packet sniffing, email hacking, password cracking.
  • 15. Packet Sniffing • The act of capturing data packet across the computer network is called packet sniffing. • It is mostly used by crackers and hackers to collect information illegally about network. It is also used by ISPs, advertisers and governments. • Packet sniffing attacks normally go undetected. • Ethereal and Zx Sniffer are some freeware packet sniffers. • Telnet, FTP, SMTP are some services that are commonly sniffed.
  • 16. Password Cracking • Password cracking is the process of guessing the correct password to an account in an unauthorized way. • Password cracking can be done for several reasons, but the most malicious reason is in order to gain unauthorized access to a computer without the computer owner’s awareness. • One of the most common types of password attacks is a dictionary attack. • The password is generally stored in the system in an encrypted form. Password cracker is an application that tries to obtain a password
  • 17. Email Hacking • Email hacking is the unauthorized access to, or manipulation of an account or email correspondence. • Fraudster get our email by tricking us into clicking on a link in an SMS or email. • Once they access your account, they read all your correspondence, have access to all your contacts and send emails from your account. • Hackers use packet replay to retransmit message packets over a network. Packet replay may cause serious security threats to programs that require authentication sequences.
  • 18. SECURITY SERVICES • The security services provide specific kind of protection to system resources. • Security services ensure Confidentiality, Integrity, Authentication, and Non- Repudiation of data or message stored on the computer, or when transmitted over the network. • Additionally, it provides assurance for access control and availability of resources to its authorized users. Security Services Confidenti ality Integrity Authentic ation Non- Repudiation Access Control Availability
  • 19. THE CIA TRIAD Computer security is mainly concerned with these three main areas: 1. Confidentiality is ensuring that information is available only to the intended audience 2.Integrity is protecting information from being modified by unauthorized parties 3.Availability is making data and resources requested by authorized users available to them when requested.
  • 20. CONFIDENTIALITY Typically, this involves ensuring that only those who are authorized have access to specific assets and that those who are unauthorized are actively prevented from obtaining access. Confidentiality can be violated in many ways, for example, through direct attacks designed to gain unauthorized access to systems, applications, and databases in order to steal or tamper with data. A failure to maintain confidentiality means that someone who shouldn’t have access has managed to get access to private information. 01 Some information security basics to keep your data confidential are: Encryption Password Two-factor authentication Biometric verification
  • 21. INTEGRITY Integrity is about ensuring that data has not been tampered with and, therefore, can be trusted. It is correct, authentic, and reliable. Ecommerce customers, for example, expect product and pricing information to be accurate, and that quantity, pricing, availability, and other information will not be altered after they place an order. Ensuring integrity involves protecting data in use, in transit (such as when sending an email or uploading or downloading a file), and when it is stored, whether on a laptop, a portable storage device, in the data center, or in the cloud. Integrity goes hand in hand with the concept of non- repudiation: the inability to deny something. Non-repudiation assists in ensuring integrity. 02 Some security controls designed to maintain the information include: Encryption User access controls Version control Backup and recovery procedures Error detection software
  • 22. AVAILABILITY Simply, availability means that networks, systems, and applications are up and running. It ensures that authorized users have timely, reliable access to resources when they are needed. Many things can jeopardize availability, including hardware or software failure, power failure, natural disasters, and human error. Perhaps the most well-known attack that threatens availability is the Denial-of-service attack In Denial of service attack the performance of a system, website, web-based application, or web-based service is intentionally and maliciously degraded, or the system becomes completely unreachable. To prevent data loss from such occurrences, a backup copy may be stored in a geographically isolated location, perhaps even in a fireproof, waterproof safe. 03 Encryption Password Two-factor authentication Biometric verification
  • 23. OTHER SECURITY SERVICES Authentication: It is the process of ensuring and confirming the identity of the user before revealing any information to the user. Authentication is facilitated by the use of username and password, smart cards, biometric methods like retina scanning and fingerprints. Non-Repudiation: Basically, to repudiate means to deny. Nonrepudiation is the assurance that someone cannot deny something. Typically, nonrepudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated.
  • 24. SECURITY MECHANISMS Security mechanisms are technical tools and techniques that are used to implement security services. A mechanism might operate by itself, or with others, to provide a particular service. Security mechanisms deal with prevention, detection, and recovery from a security attack.
  • 25. SECURITY MECHANISMS Intoduction INTRUSION DETECTION SYSTEM Functions Types Username and Password Smart Card Biometrics USER IDENTIFICATION AND AUTHENTICATION Secret Key Cryptography Public Key Cryptography Hash Functions CRYPTOGRAPHY FIREWALL Introduction DIGITAL SIGNATURE Virus Protection Software Data and Information Backups Secure Socket Layer(SSL) IP Security Protocol OTHER MECHANISMS 1. 2. 3. 4. 5. 6.
  • 26. ● The prefix “crypt” means “hidden” and suffix “graphy” means “writing”. So Cryptography is the science of writing information in “hidden” or “secret” form. ● Cryptography is necessary when communicating data over any network, particularly the Internet. ● It protects the data in transit and also the data stored on the disk. CRYPTOGRAPHY
  • 27. COMMON TERMS USED IN CRYPTOGRAPHY Plaintext Cipher and Code Cipher Text It is the coded message or the encrypted data. Encryption Decryption Cipher is an algorithm for performing encryption or decryption. A cipher converts the original message, called plaintext, into cipher text using a key. Plaintext is ordinary readable text i.e. unencrypted data Encryption is the process of converting normal message (plaintext) into meaningless message (Cipher text). Decryption is the process of converting meaningless message (Cipher text) into its original form (Plaintext). Plain Text Encryption Cipher Text Decryption Plain Text Readable format Non- encrypted data Readable format Non- encrypted data Non- Readable format Encrypted data ALICE BOB HARRY
  • 28. CRYPTOGRAPHIC KEY ● A cryptographic key is a string of bits used by a cryptographic algorithm to transform plain text into cipher text or vice versa. ● Like a physical key, it locks (encrypts) data so that only someone with the right key can unlock (decrypt) it. ● The size of key is also important. The larger the key, the harder it is to crack a block of encrypted data. ● The three cryptographic schemes are as follows: ○ Secret Key Cryptography (SKC) ○ Public Key Cryptography (PKC) ○ Hash Functions Shift by 3 Attack Dwwdfn
  • 29. SECRET KEY CRYPTOGRAPHY • Secret-key cryptography is also called symmetric cryptography because the same key is used to both encrypt and decrypt the data. • In this type of cryptography the same key is used by both parties. • The sender uses this key and an encryption algorithm to encrypt data; the receiver uses the same key and the corresponding decryption algorithm to decrypt the data. • One of the big issues with secret key cryptography is the logistical dilemma of how to get the key from one party to the other without giving access to the attacker. • Secret key cryptography scheme are generally categorized as • Stream Ciphers • Block Ciphers.
  • 30. STREAM CIPHER AND BLOCK CIPHER Stream Cipher • Stream ciphers convert one symbol of plaintext directly into a symbol of cipher text. • It converts one byte of plain text at a time. • Uses 8 bits at a time. • It is easier to reverse the encrypted text to plain text. • Stream cipher is fast in comparison to block cipher. Block Cipher • Block Cipher encrypt a group of plaintext symbols as one block. • It converts plaintext block wise at a time. • Uses 64 bits or more at a time. • It is difficult to reverse the encrypted text to plain text • Block cipher is slow as compared to stream cipher.
  • 31. PUBLIC KEY CRYPTOGRAPHY • In public-key cryptography, there are two keys: a private key and a public key. • The public key can be shared freely and may be known publicly. • The private key is never revealed to anyone and is kept secret. • The two keys are mathematically related although knowledge of one key does not allow someone to easily determine the other key. • Because a pair of keys is required for encryption and decryption; public-key cryptography is also called asymmetric encryption.
  • 32.
  • 33. HASH FUNCTIONS • Hash functions are one-way encryption algorithms that, in some sense, use no key. • The meaning of the verb “to hash” – to chop or scramble something , that means hash functions “scramble” data and convert it into a numerical value. • No matter how long the input is, the output value is always of the same length. • Hash functions are generally used to ensure that the file has not been altered by an intruder or virus.
  • 34. 34 A Video will explain this much clearly
  • 35. DIGITAL SIGNATURE Bring the attention of your audience over a key concept using icons or illustrations 35 In the physical world, it is common to use handwritten signatures on handwritten or typed messages. They are used to bind signatory to the message. Similarly, a digital signature is a technique that binds a person/entity to the digital data. This binding can be independently verified by receiver as well as any third party. Digital signature is a cryptographic value that is calculated from the data and a secret key known only by the signer. Digital signatures are easy for a user to produce, but difficult for anyone else to forge. Digital signature scheme is a type of asymmetric cryptography. Digital signatures use the public- key cryptography, which employs two keys—private key and public key.
  • 36. 36 How do Digital Signatures Work? ALICE BOB
  • 37. 37 How do Digital Signatures Work? Contd… • Each person adopting this scheme has a public-private key pair. • Generally, the key pairs used for encryption/decryption and signing/verifying are different. The private key used for signing is referred to as the signature key and the public key as the verification key. • Signer feeds data to the hash function and generates hash of data. • Hash value and signature key are then fed to the signature algorithm which produces the digital signature on given hash. Signature is appended to the data and then both are sent to the verifier. • Verifier feeds the digital signature and the verification key into the verification algorithm. The verification algorithm gives some value as output. • Verifier also runs same hash function on received data to generate hash value. • For verification, this hash value and output of verification algorithm are compared. Based on the comparison result, verifier decides whether the digital signature is valid. • Since digital signature is created by ‘private’ key of signer and no one else can have this key; the signer cannot repudiate signing the data in future.
  • 38. 38 Importance of Digital Signature Contd… Out of all cryptographic primitives, the digital signature using public key cryptography is considered as very important and useful tool to achieve information security. Some importance of Digital Security can be listed as follows: Message authentication − When the verifier validates the digital signature using public key of a sender, he is assured that signature has been created only by sender who possess the corresponding secret private key and no one else. Data Integrity − In case an attacker has access to the data and modifies it, the digital signature verification at receiver end fails. The hash of modified data and the output provided by the verification algorithm will not match. Hence, receiver can safely deny the message assuming that data integrity has been breached. Non-repudiation − Since it is assumed that only the signer has the knowledge of the signature key, he can only create unique signature on a given data. Thus the receiver can present data and the digital signature to a third party as evidence if any dispute arises in the future.
  • 39. 39 A Video will explain this much clearly
  • 40. A firewall is a network security mechanism that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers. A firewall can be a hardware component, a software component, or a combination of both. FIREWALL
  • 41. Functions of Firewall • As a Network Security Post. All traffic that enters or exits the network must go through a firewall as a security post that will conduct an inspection. • It prevents valuable information from being leaked without knowing. In this case, a firewall is useful to prevent users on the network from sending valuable confidential files to other parties. • Firewalls can be used for hiding the structure and contents of a local network from external users. • It prevents modification of other Party Data. For example in business matters for financial statement information, product specifications, and others that are company secrets and will have a negative impact if known to other parties. Firewall prevents modification of these data so that they remain safe.
  • 42. How Firewall Works Firewall match the network traffic against the rule set defined in its table. Once the rule is matched, associate action is applied to the network traffic. From the perspective of a server, network traffic can be either outgoing or incoming. Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic, originated from the server itself, allowed to pass. Incoming traffic is treated differently. Most traffic which reaches on the firewall is one of these three major Transport Layer protocols- TCP(Transmission Control Protocol) UDP(User Datagram Protocol) or ICMP(Internet Control Message Protocol). All these types have a source address and destination address. Also, TCP and UDP have port numbers. ICMP uses type code instead of port number which identifies purpose of that packet.
  • 43. 02 03 01 Types of Firewall Packet Filter Firewall (First Generation) Circuit Filter Firewall (Second Generation) Application- Level Gateway (Third Generation)
  • 44. Packet Filter Firewall Packet filtering firewall is used to control network access by monitoring outgoing and incoming packet and allowing them to pass or stop based on source and destination IP address, protocols and ports. The IP packet header is checked for the source and the destination IP addresses and the port combinations. Packet firewalls treat each packet in isolation. They have no ability to tell whether a packet is part of an existing stream of traffic. Only It can allow or deny the packets based on unique packet headers. Packet filtering is fast, easy to use, simple and cost effective. A majority of routers in the market provide packet filtering capability. It is used in small and medium businesses. 01
  • 45. Packet Filter Firewall 01 Contd… Packet filtering firewall maintains a filtering table which decides whether the packet will be forwarded or discarded. From the given filtering table, the packets will be Filtered according to following rules: Incoming packets from network 192.168.21.0 are blocked. Incoming packets destined for internal TELNET server (port 23) are blocked. Incoming packets destined for host 192.168.21.3 are blocked. All well-known services to the network 192.168.21.0 are allowed.
  • 46. Circuit Filter Firewall 02 Where packet filter firewall examines the packet headers, circuit filter firewalls examine a variety of elements of each data packet and compare them to a database of trusted information. So the filtering decisions would not only be based on defined rules, but also on packet’s history in the state table. These elements include source and destination IP addresses, ports, and applications. Incoming data packets are required to sufficiently match the trusted information in order to be allowed through the firewall. Since this firewall does a lot of inspection it is also known as a “stateful inspection” firewall. TCP Request TCP Request TCP Response TCP Response
  • 47. Application- Level Gateway 03 Application- Level Gateway is also called Proxy Server. A proxy server is a type of gateway that hides the true network address of the computer(s) connecting through it. A proxy server creates a virtual connection between the source and the destination hosts. The client must send a request to the firewall, where it is then evaluated against a set of security rules and then permitted or blocked. Most notably, proxy firewalls monitor traffic for layer 7 protocols such as HTTP and FTP, and use both stateful and deep packet inspection to detect malicious traffic. Application level gateways or proxy server
  • 48. BASIC SLIDES Elementary Layouts Users Identification and Authentication Identification is the ability to identify uniquely a user of a system or an application that is running in the system. Authentication is the ability to prove that a user or application is genuinely who that person or what that application claims to be. For example, consider a user who logs on to a system by entering a user ID and password. The system uses the user ID to identify the user. The system authenticates the user at the time of logon by checking that the supplied password is correct. We will briefly discuss the following 3 authentication mechanisms: i. User name and password ii. Smart Card iii. Biometrics—Fingerprints, Iris/retina scan
  • 49. PICTURES PLACEHOLDERS Username and Passwords • The combination of username and password is the most common method of user identification and authentication. • The systems that use password authentication first require the user to have a username and a password. • Next time, when the user uses the system, user enters their username and password. • The system checks the username and password by comparing it to the stored password for that username. • If it matches, the user is authenticated and is granted access to the system
  • 50. CLOSURE SLIDES Ways to Make Passwords Safe The problem with password is that, for them to be effective, they need to be an uncommon word, of eight letters or more and not used anywhere else. According to Microsoft’s TechNet, for a password to be effective, it needs to meet the following criteria: • Changed every 60 days • At least eight characters long • Use both upper and lower case characters • Contain a combination of alphanumeric characters and symbols • Unique (only used for this particular profile/website) • Stored using a reversible encryption. According to CERT, approximately 80% of all network security issues are caused by bad passwords. Any invalid user if gets to know of a valid password can get access to the system and a simple password can be easily cracked.
  • 51. A smart card is a physical card that has an embedded integrated chip that acts as a security token. Smart cards are typically the same size as a driver's license or credit card and can be made out of metal or plastic. Smart cards are used for a variety of applications, though most commonly are used for credit cards and other payment cards. Smart cards are used in secure identity applications like employee-ID badges, citizen-ID documents, electronic passports, driver license and online authentication devices. SMART CARD
  • 52. • Smart card microprocessors or memory chips exchange data with card readers and other systems over a serial interface. The smart card itself is powered by an external source, usually the smart card reader. • A smart card communicates with readers either via direct physical contact or using a short- range wireless connectivity standard such as RFID or NFC. • The card reader then passes data from the smart card to its intended destination, usually a payment or authentication system connected to the smart card reader over a network connection. How Smart Cards Work?
  • 53. Biometrics is the science and technology of measuring and statistically analyzing biological data. Biometric devices are for “authentication and verification” of an individual with the help of the unique, measurable and biological trait of that individual. • Three Types of Biometrics Security We can mostly label biometrics into three groups: i. Biological biometrics (use traits at a genetic and molecular level which may include features like DNA or your blood) ii. Morphological biometrics ( involve the structure of your body. More physical traits like your eye, fingerprint, or the shape of your face) iii. Behavioral biometrics (based on patterns unique to each person. How you walk, speak, or even type on a keyboard ) Biometric Techniques
  • 54. Facial Recognition Voice Recognition Fingerprint Scanning Iris Rcognition
  • 55. Intrusion Detection System 55 Intrusion basically refers to any unauthorized activity. An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. It is a software application that scans a network or a system for harmful activity or policy breaching. Any malicious activity or violation is typically reported or collected centrally using a security information and event management system.
  • 56. Detection Method of IDS 56 1.Signature-based Method: Signature-based IDS detects the attacks on the basis of the specific patterns such as number of bytes or number of 1’s or number of 0’s in the network traffic. It also detects on the basis of the already known malicious instruction sequence that is used by the malware. The detected patterns in the IDS are known as signatures. Signature- based IDS can easily detect the attacks whose pattern (signature) already exists in system but it is quite difficult to detect the new malware attacks as their pattern (signature) is not known.
  • 57. Detection Method of IDS 57 2. Anomaly-based Method: Anomaly-based IDS was introduced to detect the unknown malware attacks as new malware are developed rapidly. In anomaly-based IDS there is use of machine learning to create a trustful activity model and anything coming is compared with that model and it is declared suspicious if it is not found in model. Machine learning based method has a better generalized property in comparison to signature-based IDS as these models can be trained according to the applications and hardware configurations.
  • 58. The aim of security awareness is to enhance security of the organization’s resources by improving the awareness of the need to secure system resources Security awareness teaches users to spot phishing, avoid risks online, and use good cyber- hygiene practices at work and at home. In order to make the users and people in an organization aware of the security practices to be followed, frequent training programs should be conducted in organizations. SECURITY AWARENESS
  • 59. Security Policies • A security policy is a written document in an organization outlining how to protect the organization from threats, including computer security threats, and how to handle situations when they do occur. • To be practical and implementable, policies must be defined by standards, guidelines, and procedures. • The security policy states what is, and what is not allowed. A security policy must be comprehensive, up-to-date, complete, delivered effectively, and available to all staff. • Generally, security policies are included within a security plan. A security plan details how the rules put forward by the security policy will be implemented • The security policy also includes physical security of the computers.
  • 60. Formulation of Security Policies Security policies are defined based on an organization’s needs. A security policy includes approaches and techniques that an organization is going to apply or include in order to secure its resources. The steps followed while formulating the security policy are: • Analyzing Current Security Policies: The vulnerabilities and the current security policies must be analyzed by the security administrators before defining an effective security policy. The security administrator is required to study the existing documents containing details of the physical security policies, network security policies, data security policies, disaster recovery plans, and contingency plans.
  • 61. • Identifying IT Assets that Need to be Secure The security administrator must identify the IT resources of an organization that need to be secure. It may include the following: oPhysical resources like computers, servers like database servers and web servers, local networks that are used to share the local computer with the remote computer, private networks shared by two or more organizations, corporate network permanently connected to the Internet, laptop, manuals, backup media, communication equipment, network cables, and CDs. oInformation resources like password, data, or applications. The data of an organization can be classified for security purposes based upon the sensitivity and the integrity of data. For example, public information, internal information, confidential information, and secret information.
  • 62. • Identifying Security Threats and Likely Security Attacks After identifying the IT assets and classifying them, a security administrator must identify the various security threats to the assets. For example, in a bank the security threat to the database storing the account details of the customers may be: 1. Unauthorized access to information 2. Attacks of viruses 3. Worms and Trojan horses 4. Natural disasters like earthquake, fire etc.
  • 63. • Defining the Proactive and Reactive Security Strategies A proactive strategy is a pre-attack strategy. It involves identifying possible damage from each type of attack, determining the vulnerabilities that each type of attack can exploit, minimizing those vulnerabilities and making a contingency plan. A contingency plan specifies the actions to be taken in case an attack penetrates into a system and damages the IT assets of the organization. A contingency plan aims at keeping the computer functional and ensuring the availability, integrity, and confidentiality of data. However, it is not possible for the security administrator to prepare a computer against all attacks. A reactive strategy is implemented on the failure of the proactive strategy. It defines the steps to be taken after the attack. It aims at identifying the cause of attack, vulnerabilities used to attack the system, damage caused by the attack, and repairing of the damage caused by the attack.
  • 64. • Computer Fundamentals, Anita Goel, Pearson Education India • Introduction to Computers, Peter Norton, • Confidentiality, Integrity, & Availability: Basics of Information Security | Smart Eye Technology • What Is The CIA Triad? (f5.com) • Cryptography Digital signatures - Tutorialspoint • https://www.edureka.co/blog/what-is-computer-security/ • https://en.wikipedia.org/wiki/Malware • https://www.guru99.com/what-is-hacking-an-introduction.html • https://www.geeksforgeeks.org/what-is-packet-sniffing/ • https://www.techopedia.com/definition/4044/password-cracking References
  • 65. Thank You! Do you have any questions? Feel free to ask!

Editor's Notes

  1. When conducting research, it is easy to go to one source: Wikipedia. However, you need to include a variety of sources in your research. Consider the following sources: Who can I interview to get more information on the topic? Is the topic current and will it be relevant to my audience? What articles, blogs, and magazines may have something related to my topic? Is there a YouTube video on the topic? If so, what is it about? What images can I find related to the topic?
  2. After consulting a variety of sources, you will need to narrow your topic. For example, the topic of internet safety is huge, but you could narrow that topic to include internet safety in regards to social media apps that teenagers are using heavily. A topic like that is more specific and will be relevant to your peers. Some questions to think about to help you narrow your topic: What topics of the research interest me the most? What topics of the research will interest my audience the most? What topics will the audience find more engaging? Shocking? Inspiring?
  3. Now, that you have narrowed your topic, you will want to organize your research in a structure that works. There are some common organizational patterns based on the kind of research you are doing. Organizational Structures: Cause and Effect- this kind of structure is great for explaining the causes and effects of a topic Compare and Contrast- in this pattern you highlight the similarities and differences of the topic Explain process- this structure is great for outlining a series of steps to follow; Definition- if you want to make sure your audience understands what something is using illustrations, meanings, clarifying misconceptions, you may want to use this structure Classification- a common organizational structure is grouping like topics or facts from the research together. For instance, in the internet safety about social media apps, you may organize the research where you look at each social media app one at a time
  4. After you’ve done your research, it’s time to put your presentation together. The first step in the process is to introduce the topic. This is a great time to connect your topic to something that your audience can relate. In other words, why should they listen to all the information you will be sharing in your research presentation? What is in it for them? You may also want to include a graphic or image to grab their attention. Feel free to duplicate this slide by right-clicking on this slide in the slides pane to the left and select Duplicate Slide. The next step in your presentation is to state your claim or topic clearly. Your teacher may even call this your thesis. As you state your thesis, you may find that this layout is not the best layout for your claim or topic. You can change the layout by clicking the drop-down menu next to the Layout in the Slides menu section. You can choose Two Content, Comparison, or Picture with Caption. Note: A different layout might change the look of the icons on this page. You will also want to state your facts. You have done the research now share some of the interesting facts with your audience. Facts do not have to be boring; you can communicate facts in a variety of ways by going to the Insert Tab. In the Insert tab you can: Insert pictures from your computer or online. Add a chart Create some SmartArt Insert a variety of icons to help your facts come to life. Note: You can change the color of the icons by selecting the icon and then click on the Format tab and then Graphics Fill. From there, you will choose a color from the list or choose More Fill Colors to give you more options. Since this research presentation is a result of your hard work and searching, you want to make sure you support the claims or points in your presentation with facts from your research findings. Make sure you give the author proper credit for helping you share your ideas. If one of your sources has a video that is relevant to your topic, you can add the video as added support. Keep in mind the length of the video and the amount of time you have for your presentation. For a 5 minute speech, the video should be no longer than 30 seconds. Questions to consider: How will you state the author of the source? Will you need to cite the source on the slide? What are some ways you can engage your audience so they feel like they are a part of the presentation? Some ideas to consider is by taking a quick poll like: by a show of hands, how many of you think school uniforms are a way to cut down on bullying? Another suggestion is to have them hold up a certain number of fingers to see if they agree or disagree. Finally, you can share a story that the audience can relate to that makes them laugh. After all the applause, your audience may have some questions. Be prepared to answer some of their questions by making a list of questions you think they might ask. You may also want to share the presentation with them by providing the link to your presentation, if they want more information.
  5. © Copyright Showeet.com – Creative & Free PowerPoint Templates