I.T Security Threats


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

I.T Security Threats

  1. 1. This is not a beginner’s presentation. Audience who take thispresentation are expected to be experienced in M.S office,Internet, LAN,O/S (Windows) & general P.C troubleshooting.They are expected to understand I.T Security problems likeVirus, Spyware, Malware & Botnet and their Remedies. Presenation done by uK Mishra,Your coments will be
  2. 2. What is Information?It is not an easy task to define what is really meaning of the term "information".instinctively, information is sequence of symbols, which have some meaning to theperson receiving it. People communicate by exchanging information among them.The importance of information can be valued quantitatively, depending on thecontext. Sometimes information can be valued through monetary amount and thataspect makes exchange of information very important in todays human society. Presenation done by uK Mishra,Your coments will be
  3. 3. Information AgeThe human society is undergoing a fundamental transformation: from an industrialsociety to the information society. Information age technologies increasingly pervadeall industrial and societal activities and are accelerating the globalization ofeconomies.Worlds industrial competitiveness, its jobs, its quality of life and the sustainability ofgrowth depend on it being at the leading edge of the development and take-up ofinformation age technologies. At the same time, the technologies underpinning thedevelopment of the information society are in rapid evolution. Advances ininformation processing and communication are opening up exciting new possibilities.There is a shift from stand-alone systems to networked information and processes. Presenation done by uK Mishra,Your coments will be
  4. 4. Information Age and the InternetIn the age when communications and media have tremendous impact on ourlives,information and information technologies are becoming more and more important.Internet as a “network of networks” is becoming the most popular media for theinformation transfer. In the age of information everybody needs and usesinformation. That is why Internet is not only a tool of the modern age, it is also itssymptom. Fast information exchange in almost every segment of our daily lifehelped the Internet to move on from an oddity to the most popular medium.TheInternet is growing faster than previously thought. Internet’s user population isgrowing 175 % per yearThe Internet is going commercial. Saving money and energy is an essential partof every business. That is why electronic commerce and on-line money making isbecoming more and more popular Presenation done by uK Mishra,Your coments will be
  5. 5. IT SECURITYInformation security is the process of protecting information. It protects its availability,privacy and integrity. Access to stored information on computer databases has increasedgreatly. More companies store business and individual information on computer thanever before. Much of the information stored is highly confidential and not for publicviewing.Information security means guarding information and information systems againstunauthorized access, disruption, disclosure, modification, use or destruction.Many businesses are solely based on information stored in computers. Personal staffdetails, client lists, salaries, bank account details, marketing and sales information mayall be stored on a database. Without this information, it would often be very hard for abusiness to operate. Information security systems need to be implemented to protect thisinformation Presenation done by uK Mishra,Your coments will be
  6. 6. Types of Threats 1. Adware Adware, or advertising-supported software, displays advertising banners or pop-ups on your computer when you use the application. This is not necessarily a bad thing. Such advertising can fund the development of useful software, which is then distributed free (for example, the Opera web browser). •installs itself on your computer without your consent •installs itself in applications other than the one it came with and displays advertising when you use those applications •hijacks your web browser in order to display more ads (see Browser hijackers) •gathers data on your web browsing without your consent and sends it to others via the internet (see Spyware) •is designed to be difficult to uninstall .Adware can slow down your PC. It can also slow down your internet connection bydownloading advertisements. Sometimes programming flaws in the adware can makeyour computer unstable.Advertising pop-ups can also distract you and waste your time if they have to be closedbefore you can continue using yourPresenation done by uK PC. Mishra,Your coments will be
  7. 7. 2. Backdoor TrojansA backdoor Trojan allows someone to take control of another user’scomputer via the internet without their permission.A backdoor Trojan may pose as legitimate software, just as other Trojan horse programsdo, so that users run it. Alternatively – as is now increasingly common – users mayallow Trojans onto their computer by following a link in spam mail.Once the Trojan is run, it adds itself to the computer’s startup routine. It can thenmonitor the computer until the user is connected to the internet. When the computergoes online, the person who sent the Trojan can perform many actions – for example,run programs on the infected computer, access personal files, modify and upload files,track the user’s keystrokes, or send out spam mail Examples Trojan-Spy.HTML.Smitfraud.c [Kaspersky], Phish-BankFraud.eml.a [McAfee], Presenation done by uK Trj/Citifraud.A [Panda coments will be Mishra,Your Software], generic5 [AVG
  8. 8. 3. BluejackingBluejacking is sending anonymous, unwanted messages to other userswith Bluetooth-enabled mobile phones or laptops.Bluejacking depends on the ability of Bluetooth phones to detect and contact otherBluetooth devices nearby. The Bluejacker uses a feature originally intended forexchanging contact details or “electronic business cards”. He or she adds a newentryin the phone’s address book, types in a message, and chooses to send it viaBluetooth.The phone searches for other Bluetooth phones and, if it fi nds one, sends themessage Presenation done by uK Mishra,Your coments will be
  9. 9. 4. BluesnarfingBluesnarfing is the theft of data from a Bluetooth phone.Like Bluejacking, Bluesnarfing depends on the ability of Bluetooth-enabled devices todetect and contact others nearby.In theory, a Bluetooth user running the right software on their laptop can discover anearby phone, connect to it without your confirmation, and download your phonebook,pictures of contacts and calendar.Your mobile phone’s serial number Presenation be downloaded and used to clone the can also done by uKphone. Mishra,Your coments will be
  10. 10. 5. Boot Sector VirusesBoot sector viruses spread by modifying the program that enables yourcomputer to start up.When you switch on a computer, the hardware looks for the boot sector program –which is usually on the hard disk, but can be on a floppy disk or CD – and runs it.Thisprogram then loads the rest of the operating system into memory.A boot sector virus replaces the original boot sector with its own, modified version(andusually hides the original somewhere else on the hard disk). When you next start up,the infected boot sector is used and the virus becomes active Presenation done by uK Mishra,Your coments will be
  11. 11. 6. Browser HijackersBrowser hijackers change the default home and search pages in yourinternet browser.Some websites run a script that changes the settings in your browserwithout your permission. This hijacker can add shortcuts to your “Favorites” folder or,more seriously,can change the page that is first displayed when you open the browser Presenation done by uK Mishra,Your coments will be
  12. 12. 7. Chain Letters An electronic chain letter is an email that urges you to forward copies to other people.Chain letters, like virus hoaxes, depend on you, rather than on computer code, to propagate themselves. The main types are:1. Hoaxes about terrorist attacks, premium-rate phone line scams, thefts from ATMs and so forth.2. False claims that companies are offering free flights, free mobile phones, or cash rewards if you forward email.3. Petitions. Even if genuine, they continue to circulate long after their expiry date.4. Jokes and pranks, e.g. the claim that the internet would be closed formaintenance on 1 April. Presenation done by uK The solution to the Mishra,Your coments will be chain letter problem is simple: don’t forward such mail
  13. 13. 8. Denial of Service attack(DoS)denial-of-service (DoS) attack prevents users from accessing a computer orwebsite.In a DoS attack, a hacker attempts to overload or shut down a computer, so thatlegitimate users can no longer access it. Typical DoS attacks target web serversand aim to make websites unavailable. No data is stolen or compromised, but theinterruption to the service can be costly for a company.The most common type of DoS attack involves sending more traffic to a computer thanit can handle. Rudimentary methods include sending outsized data packets or sendingemail attachments with names that are longer than permitted by the mail programs Presenation done by uK Mishra,Your coments will be
  14. 14. 9. CookiesCookies are files on your computer that enable websites to rememberyour details.When you visit a website, it can place a fi le called a cookie on your computer. Thisenables the website to remember your details and track your visits. Cookies can be athreat to confidentiality, but not to your data.Cookies were designed to be helpful. For example, if you submit your ID when you visita website, a cookie can store this data, so that you don’t have to re-enter it next time.Cookies also have benefits for webmasters, as they show which web pages are well used,providing useful input when planning a redesign of the site.If you prefer to remain anonymous, use the security settings on your internet browser todisable cookies. Presenation done by uK Mishra,Your coments will be
  15. 15. 10. DialersDialers change the number used for dial-up internet access to a premium-ratenumber.Dialers are not always malicious. Legitimate companies that offer downloads or gamesmay expect you to use a premium-rate line to access their services. A pop-up promptsyou to download the dialer and tells you how much calls will cost.Other dialers may install themselves without your knowledge when you click on apop-up message (for example, a message warning you about a virus on your computerand offering a solution). These do not offer access to any special services – they simplydivert your connection so that you access the internet via a premium-rate number Presenation done by uK Mishra,Your coments will be
  16. 16. 11. Document VirusesDocument or “macro” viruses take advantage of macros – commands that areembedded in files and run automatically.Many applications, such as word processing and spreadsheet programs, usemacros.A macro virus is a macro program that can copy itself and spread from one file toanother. If you open a file that contains a macro virus, the virus copies itself into theapplication’s startup files. The computer is now infected. Presenation done by uK Mishra,Your coments will be
  17. 17. 12. Email Viruses Many of the most creative viruses distribute themselves automatically by email. Typically, email-aware viruses depend on the user double-clicking on an attachment. This runs the malicious code, which will then mail itself to other people from that computer. The Netsky virus, for example, searches the computer for files that may contain email addresses, and then uses the email client on your computer to senditself to those addresses. Some viruses, like Sobig-F, don’t even need to use your email client; they include their own “SMTP engine” for constructing and sending the email messages. Even an attachment that appears to be a safe type of file, e.g. a file with a .txt extension, can pose a threat. That file may be a malicious VBS script with the real file type (.vbs) hidden from view Presenation done by uK Mishra,Your coments will be
  18. 18. 13. Internet WormsWorms are programs that create copies of themselves and spread via internetconnections.Worms differ from computer viruses because they can propagate themselves, ratherthan using a carrier program or file. They simply create exact copies of themselves anduse communication between computers to spread.Internet worms can travel between connected computers by exploiting security “holes”in the computer’s operating system. The Blaster worm, for example, takes advantage ofa weakness in the Remote Procedure Call service that runs on unpatched Windows NT,2000 and XP computers and uses it to send a copy of itself to another computer Presenation done by uK Mishra,Your coments will be
  19. 19. 14. MousetrappingMouse trapping prevents you from leaving a website.If you are redirected to a bogus website, you may find that you cannot quit with theback or close buttons. In some cases, entering a new web address does not enableyouto escape either.The site that mousetraps you will either not allow you to visit another address, or willopen another browser window displaying the same site. Some mousetraps let you quitafter a number of attempts, but others do not. To escape, use a bookmark or“Favorite”, or open the list of recently-visited addressesand select the next-to-last. You can also press Ctrl+Alt+Del and use the Task Managerto shut down the browser or, if that fails, restart the computer.To reduce the risk of mousetrapping, you can disable Javascript in your internetbrowser. This prevents you from being trapped at sites that use this script, but it alsoaffects the look and feel of websites. Presenation done by uK Mishra,Your coments will be
  20. 20. 15. Obfuscated spamObfuscated spam is email that has been disguised in an attempt to fool anti-spam software.Spammers are constantly trying to find ways to modify or conceal their messagesso thatyour anti-spam software can’t read them, but you can.The simplest example of this “obfuscation” is putting spaces between the letters ofwords, hoping that anti-spam software will not read the letters as one word, forexampleVIAGRAAnother common technique is to use misspellings or non-standard characters, forexampleV!agra Presenation done by uK Mishra,Your coments will be
  21. 21. 16. Parasitic virusesPharming redirects you from a legitimate website to a bogus copy, allowingcriminals to steal the information you enter.Pharming exploits the way that website addresses are composed.Each computer on the internet has a numerical “IP address”, e.g.,these are not easy to remember, so web addresses also have a domain name, likesophos.com. Every time you type in an address, the domain name has to be turnedback into the IP address. A DNS or Domain Name Server on the internet handlesthis,unless a “local host file” on your computer has already done itTo avoid pharming, make sure that you use secure web connections when youaccesssensitive sites. Just look for the https:// prefix in the web address. If a hacker tries tomimic a secure site, a message will warn you that the site’s certificate does notmatchthe address being visited. Presenation done by uK Mishra,Your coments will be
  22. 22. 17. Page-jackingPage-jacking is the use of replicas of reputable web pages to catch users andredirect them to other websites.Scammers copy pages from an established website and put them on a new site thatappears to be legitimate. They register this new site with major search engines, so thatusers doing a search find and follow links to it. When the user arrives at the website,they are automatically redirected to a different site that displays advertising or offersof different services. They may also find that they cannot escape from the site withoutrestarting their computer (just like mousetrapping). Presenation done by uK Mishra,Your coments will be
  23. 23. 18. PhishingPhishing is the use of bogus emails and websites to trick you into supplyingconfi dential or personal information.Typically, you receive an email that appears to come from a reputable organization,such as a bank. The email includes what appears to be a link to the organization’swebsite. However, if you follow the link, you are connected to a replica of thewebsite.Any details you enter, such as account numbers, PINs or passwords, can be stolenandused by the hackers who created the bogus site. Presenation done by uK Mishra,Your coments will be
  24. 24. 19.BotnetA botnet or robot network is a group of computers running a computer applicationcontrolled and manipulated only by the owner or the software source. The botnet mayrefer to a legitimate network of several computers that share program processingamongst them.Different Types of BotsXtremBot, Agobot, Forbot, Phatbot.Botnets may range from one thousand drones to tens of thousands of drones.The larger the botnet, the more recognition and potential there is for financialgain. The source computer can rent services of the botnet to third parties.Common uses of botnets include:• Spamming – After taking advantage of a victims’ computer systems, thebotnet commander may use the drones to harvest email addresses and sendspam or phishing mails. Presenation done by uK Mishra,Your coments will be
  25. 25. • Traffic Monitoring – The malware may also be created for the discovery andinterception of sensitive data passing through a drone machine. Such malwarewould sniff for user IDs and passwords.• Denial of Service Attacks – This refers to an attempt to make resourcesunavailable to its users. For example, the botnet may attack a network in order todisrupt a service through overloading the resources of the drone’s computer system.Such attacks may be carried out to disable the web site of a competitor.• Keylogging – Some bots install keylogging programs in drone computers. Suchprograms filter for key sequences that come before or after keywords such as“Gmail” or “PayPal.”• Mass Identity Theft – Such thefts are often attributed to botnet attacks. This maybe a phishing attack, in which the perpetrator presents himself as a legitimatecompany in order to obtain personal information, such as user IDs, accountnumbers or passwords.• Botnet Spread – Drones in the network are often used to spread other botnets toother computers.• Pay-per-Click Systems Abuse – Drone machines can be used to automaticallyclick on a site upon browser activation. By artificially increasing the click counter ofan ad, the botnet commander may benefit from Google Adsense, or other affiliateprograms. Presenation done by uK Mishra,Your coments will be
  26. 26. 20.MalwareMalware is an abbreviated term used to describe a "malicioussoftware" program. Malware includes things like spyware or adwareprograms, such as tracking cookies, which are used to monitor yoursurfing habits. It also includes more sinister items, such askeyloggers, Trojan horses, worms, and viruses. Presenation done by uK Mishra,Your coments will be
  27. 27. 21 SpywareSpyware refers to programs that use your Internetconnection to send information from your personalcomputer to some other computer, normally without yourknowledge or permission. Most often this information is arecord of your ongoing browsing habits, downloads, or itcould be more personal data like your name and addressSome programs that have included spyware, likeRealPlayer, disclose this information in their terms andconditions when RealPlayer is installed, though mostusers dont read the terms and conditions when theyinstall software, particularly if it is free. KaZaA, a free filesharing program, also includes spyware and there aremany others. Presenation done by uK Mishra,Your coments will be
  28. 28. It is estimated that 90% of all computers on the Internet are infected with spyware.Some telltale signs of spyware infection are:•Your computer slows to a crawl due to several spyware programs using up yourmemory resources.•Advertisements pop up even when you are offline.•You click on a link to go to one site, but your browser gets hijacked and you endup at another site.•Your computer is dialing up numbers on its own that show up on your phone bill.•When you enter a search item, a new and unexpected site handles the search.•Your bookmarks change on their own.•You click your Home button but it takes you to a new site, and when you switchthe setting back, the new site appears again anyway.•You get pop-up ads that address you by name even when you have not visitedsite at which you have registered. Presenation done by uK Mishra,Your coments will be
  29. 29. 22.Social MediaA number of well-reputed social networking and Web 2.0 sites werecompromised in 2007. The hackers are able to glean very specificinformation from site such as LinkedIn and Facebook and then use it todisguise their attacks as friendly and authentic solicitations. Given thepopularity and interactivity of the social media sites, they tend toexpose their users to cyber criminals in nearly the same way as InstantMessaging. We believe that Social Media sites will be one of the top 5vulnerabilities in 2008Social networking sites are ideal havens for online criminal activities as theyprovide a combination of two key factors: a huge number of users and a high-level of trust among these users,Demerits.1. Malware, 2. Spam, 3. Targeted attack through employees, 4. Phishing, 5.Human error, leading to leaked corporate data. Presenation done by uK Mishra,Your coments will be
  30. 30. Prevention better than cureDespite the security risks social networks can bring into acorporate environment, So disabling access to such sites isnot the best option as more and more businesses rely onthese tools to support their daily operations.Enterprises then need to make sure its employees areeducated about security threats related to social networkingsites, and implement a comprehensive access and datacontrol strategy to prevent data loss."If the enterprise can govern the access of information toonly the right employees, loss of data by the attackersgetting into the network could be minimized," Organizationscan reap the benefits of social and business networkingonline, while keeping the fraudsters at bay." Presenation done by uK Mishra,Your coments will be
  31. 31. 23.VoIP With over 250 million Skype users today, and research that estimates 1.2 billion VoIP users by 2012, the cyber criminals have found a large, attractive and easy target. More than twice the number of VoIP-related vulnerabilities were reported in 2007 versus the previous year—several high-profile “vishing” attacks, and acriminal phreaking (or fraud) conviction—so it’s clear that VoIP threats have arrived and there’s no sign of a slowdown Presenation done by uK Mishra,Your coments will be
  32. 32. 24.Instant Messaging The National Vulnerability Database reports more than twice the number of AIM (AOL), YIM (Yahoo), and MSN Messenger vulnerabilities for 2007 over the prior year. Even more significant is the finding that there were 10 high-severity risks in 2007, compared with zero in 2006. That’s not all, the top IM virus families of 2005 through 2007 are actively being replace with new and multiple versions makingsignature based products ineffective. Although IM malware has existed for years, it is likely that the cyber criminals will chose this avenue to attack un-protected PCs. Presenation done by uK Mishra,Your coments will be
  33. 33. Q&A Presenation done by uKMishra,Your coments will be
  34. 34. Thank You Presenation done by uK Mishra,Your coments will be