SlideShare a Scribd company logo

Chapter 1.ppt

Download as PPT, PDF
A
abrahamermias1

very nice

Technology
1 of 52
Computer Security & Privacy Chapter 1
Computer Security “The most secure computers are those not connected to the Internet and shielded from any interference”
Computer Security Computer security is about provisions and policies adopted to protect information and property from theft, corruption, or natural disaster while allowing the information and property to remain accessible and productive to its intended users.
Computer Security Network security on the other hand deals with provisions and policies adopted to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network- accessible resources. Internet Not Sufficient!!
Computer Security Security Goals Integrity Confidentiality Availaibility
1) Spoofing Attack 2) Brut Force Attack 3) Malware Attack 4) Virus/Worm Attack 5) SMURF Attack 6) SYN Attack 7) Trojan Horse 8) Logic Bomb 9) Ping of Death 10)Packet Sniffing 11)Eavesdropping 12)Cracking 13)Session Hijacking 14)War Dialing 15)DoS/DDoS 16)Blackout/ Brownout 17)Serge/Spike 18)Traffic Analysis 19)Wire Tapping Assignment 1 (15%): • Pick two topics. • Read about these security attack related keywords and write a three page/topic (maximum) summary of your findings including any recorded history of significant damages created by these attacks. • Send your report by email in pdf format (Use your name as the file name Ex. Kedir Ali). • Bonus: While reading, if you find keywords other than these, send them on the second page of your report. Computer Security
Computer Security/ Overview Security: The prevention and protection of computer assets from unauthorized access, use, alteration, degradation, destruction, and other threats. Privacy: The right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information. Security/Privacy Threat: Any person, act, or object that poses a danger to computer security/privacy. Definitions
Computer Security / History Until 1960s computer security was limited to physical protection of computers In the 60s and 70s  Evolutions  Computers became interactive  Multiuser/Multiprogramming was invented  More and more data started to be stored in computer databases Organizations and individuals started to worry about  What the other persons using computers are doing to their data  What is happening to their private data stored in large databases
Computer Security / History In the 80s and 90s  Evolutions  Personal computers were popularized  LANs and Internet invaded the world  Applications such as E-commerce, E-government and E-health started to develop  Viruses become majors threats  Organizations and individuals started to worry about  Who has access to their computers and data  Whether they can trust a mail, a website, etc.  Whether their privacy is protected in the connected world
Computer Security / History Famous security problems  Morris worm – Internet Worm  November 2, 1988 a worm attacked more than 60,000 computers around the USA  The worm attacks computers, and when it has installed itself, it multiplies itself, freezing the computer  It exploited UNIX security holes in Sendmail and Finger  A nationwide effort enabled to solve the problem within 12 hours Robert Morris became the first person to be indicted under the Computer Fraud and Abuse Act.  He was sentenced to three years of probation, 400 hours of community service and a fine of $10,050 He is currently an associate professor at the Massachusetts Institute of Technology (MIT)
Computer Security / History Famous security problems …  NASA shutdown In 1990, an Australian computer science student was charged for shutting down NASA’s computer system for 24 hours  Airline computers In 1998, a major travel agency discovered that someone penetrated its ticketing system and has printed airline tickets illegally  Bank theft In 1984, a bank manager was able to steal $25 million through un-audited computer transactions
Computer Security / History Famous security problems …  In Ethiopia  Employees of a company managed to change their salaries by fraudulently modifying the company’s database  In 1990s Internet password theft Hundreds of dial-up passwords were stolen and sold to other users Many of the owners lost tens of thousands of Birr each  A major company suspended the use of a remote login software by technicians who were looking at the computer of the General Manager  In Africa: Cote d’Ivoire  An employee who has been fired by his company deleted all the data in his company’s computer
Computer Security / History Early Efforts 1960s: Marked as the beginning of true computer security 1970s: Tiger teams Government and industry sponsored crackers who attempted to break down defenses of computer systems in order to uncover vulnerabilities so that patches can be developed 1970s: Research and modeling Identifying security requirements Formulating security policy models Defining recommended guidelines and controls Development of secure systems
Computer Security / Legal Issues In the US, legislation was enacted with regards to computer security and privacy starting from late 1960s. European Council adopted a convention on Cyber- crime in 2001. The World Summit for Information Society considered computer security and privacy as a subject of discussion in 2003 and 2005. The Ethiopian Penal Code of 2005 has articles on data and computer related crimes.
Computer Security /Attacks Interruption: An attack on availability Interception: An attack on confidentiality Modification: An attack on integrity Fabrication: An attack on authenticity Categories of Attacks
Computer Security /Attacks Categories of Attacks/Threats (W. Stallings) Normal flow of information Interruption Interception Modification Fabrication Source Destination Attack
Computer Security /Vulnerabilities Physical vulnerabilities (Ex. Buildings) Natural vulnerabilities (Ex. Earthquake) Hardware and Software vulnerabilities (Ex. Failures) Media vulnerabilities (Ex. Disks can be stolen) Communication vulnerabilities (Ex. Wires can be tapped) Human vulnerabilities (Ex. Insiders) Types of Vulnerabilities
Computer Security / Countermeasures Computer security controls Authentication (Password, Cards, Biometrics) (What we know, have, are!) Encryption Auditing Administrative procedures Standards Certifications Physical Security Laws
Computer Security / The Human Factor The human factor is an important component of computer security Some organizations view technical solutions as “their solutions” for computer security. However:  Technology is fallible (imperfect)  Ex. UNIX holes that opened the door for Morris worm  The technology may not be appropriate  Ex. It is difficult to define all the security requirements and find a solution that satisfies those requirements  Technical solutions are usually (very) expensive  Ex. Antivirus purchased by ETC to protect its Internet services  Given all these, someone, a human, has to implement the solution
Computer Security / The Human Factor Competence of the security staff Ex. Crackers may know more than the security team Understanding and support of management Ex. Management does not want to spend money on security Staff’s discipline to follow procedures Ex. Staff members choose simple passwords Staff members may not be trustworthy Ex. Bank theft
Computer Security / Physical Security Physical security protects your physical computer facility (your building, your computer room, your computer, your disks and other media) [Chuck Easttom]. Physical security is the use of physical controls to protect premises, site, facility, building or other physical asset of an organization [Lawrence Fennelly]
Computer Security / Physical Security In the early days of computing physical security was simple because computers were big, standalone, expensive machines It is almost impossible to move them (not portable) They were very few and it is affordable to spend on physical security for them Management was willing to spend money Everybody understands and accepts that there is restriction
Computer Security / Physical Security Today Computers are more and more portable (PC, laptop, PDA, Smartphone) There are too many of them to have good physical security for each of them They are not “too expensive” to justify spending more money on physical security until a major crisis occurs Users don’t accept restrictions easily Accessories (ex. Network components) are not considered as important for security until there is a problem Access to a single computer may endanger many more computers connected through a network
Computer Security / Physical Security => Physical security is much more difficult to achieve today than some decades ago Why?
Computer Security / Physical Security Natural Disasters  Fire and smoke  Fire can occur anywhere  Solution – Minimize risk Good policies: NO SMOKING, etc.. Fire extinguisher, good procedure and training Fireproof cases (and other techniques) for backup tapes Fireproof doors  Climate  Heat  Direct sun  Humidity Threats and vulnerabilities
Computer Security / Physical Security Natural Disasters …  Hurricane, storm, cyclone  Earthquakes  Water  Flooding can occur even when a water tab is not properly closed  Electric supply  Voltage fluctuation Solution: Voltage regulator  Lightning Threats and vulnerabilities … Solution  Avoid having servers in areas often hit by Natural Disasters!
Computer Security / Physical Security People Intruders  Thieves  People who have been given access unintentionally by the insiders  Employees, contractors, etc. who have access to the facilities  External thieves  Portable computing devices can be stolen outside the organization’s premises Loss of a computing device Mainly laptop Threats and vulnerabilities …
Computer Security / Physical Security Safe area Safe area often is a locked place where only authorized personnel can have access Organizations usually have safe area for keeping computers and related devices
Computer Security / Physical Security Is the area inaccessible through other openings (window, roof-ceilings, ventilation hole, etc.)? Design of the building with security in mind Know the architecture of your building Safe area … Challenges During opening hours, is it always possible to detect when unauthorized person tries to get to the safe area? Surveillance/guards, video-surveillance, automatic- doors with security code locks, alarms, etc. Put signs so that everybody sees the safe area
Computer Security / Physical Security Are the locks reliable?  The effectiveness of locks depends on the design, manufacture, installation and maintenance of the keys!  Among the attacks on locks are:  Illicit keys Duplicate keys Avoid access to the key by unauthorized persons even for a few seconds Change locks/keys frequently Key management procedure Lost keys Notify responsible person when a key is lost There should be no label on keys  Circumventing of the internal barriers of the lock Directly operating the bolt completely bypassing the locking mechanism which remains locked  Forceful attacks: Punching, Drilling, Hammering, etc. Safe area…Locks
Computer Security / Physical Security Surveillance with guards The most common in Ethiopia Not always the most reliable since it adds a lot of human factor Not always practical for users (employees don’t like to be questioned by guards wherever they go) Safe area… Surveillance
Computer Security / Physical Security Safe area… Surveillance Surveillance with video  Uses Closed Circuit Television (CCTV)  Started in the 1960s  Become more and more popular with the worldwide increase of theft and terrorism  Advantages  A single person can monitor more than one location  The intruder doesn’t see the security personnel  It is cheaper after the initial investment  It can be recorded and be used for investigation  Since it can be recorded the security personnel is more careful  Today’s digital video-surveillance can use advanced techniques such as face recognition to detect terrorists, wanted people, etc.  Drawback  Privacy concerns
Computer Security / Physical Security Choose employees carefully Personal integrity should be as important a factor in the hiring process as technical skills Create an atmosphere in which the levels of employee loyalty, morale, and job satisfaction are high Remind employees, on a regular basis, of their continuous responsibilities to protect the organization’s information Internal Human factor - Personnel
Computer Security / Physical Security Establish procedures for proper destruction and disposal of obsolete programs, reports, and data Act defensively when an employee must be discharged, either for cause or as part of a cost reduction program Such an employee should not be allowed access to the system and should be carefully watched until he or she leaves the premises Any passwords used by the former employee should be immediately disabled Internal Human factor – Personnel …
Computer Security / Attacks & Threats Computer Security Attacks and Threats
Computer Security / Attacks & Threats A computer security threat is any person, act, or object that poses a danger to computer security Computer world is full of threats! … refer to the first assignment… And so is the real world! Thieves, pick-pockets, burglars, murderers, drunk drivers, …
Computer Security / Attacks & Threats What is the right attitude?  To do what you do in real life What do you do in real life?  You learn about the threats  What are the threats  How can these threats affect you  What is the risk for you to be attacked by these threats  How you can protect yourself from these risks  How much does the protection cost  What you can do to limit the damage in case you are attacked  How you can recover in case you are attacked  Then, you protect yourself in order to limit the risk but to continue to live your life You need to do exactly the same thing with computers!
Computer Security / Attacks & Threats Types of Threats/Attacks … (Chuck Eastom) Hacking Attack: Any attempt to gain unauthorized access to your system Denial of Service (DoS) Attack Blocking access from legitimate users Physical Attack: Stealing, breaking or damaging of computing devices
Computer Security / Attacks & Threats Malware Attack: A generic term for software that has malicious purpose Examples Viruses Trojan horses Spy-wares New ones: Spam/scam, identity theft, e-payment frauds, etc. Types of Threats/Attacks (Chuck Eastom)
Computer Security /Threats Viruses “A small program that replicates and hides itself inside other programs usually without your knowledge.” Symantec Similar to biological virus: Replicates and Spreads Malware Attack: Worms An independent program that reproduces by copying itself from one computer to another It can do as much harm as a virus It often creates denial of service
Computer Security /Threats Trojan horses (Ancient Greek tale of the city of Troy and the wooden horse) - ?? Secretly downloading a virus or some other type of mal- ware on to your computers. Spy-wares “A software that literally spies on what you do on your computer.” Example: Simple Cookies and Key Loggers Malware Attack…
Computer Security /Threats Infection mechanisms First, the virus should search for and detect objects to infect Installation into the infectable object Writing on the boot sector Add some code to executable programs Add some code to initialization/auto-executable programs Write a macro in a word file … Most software based attacks are commonly called Viruses: How do viruses work?
Computer Security /Threats Trigger mechanism Date Number of infections First use How do viruses work? … Effects: It can be anything A message Deleting files Formatting disk Overloading processor/memory Etc.
Computer Security /Threats Adolescents Ethically normal and of average/above average intelligence. Tended to understand the difference between what is right and wrong Typically do not accept any responsibility for problems caused Who Writes Virus
Computer Security /Threats The College Student Ethically normal Despite expressing that what is illegal is “wrong” Are not typically concerned about the results of their actions related to their virus writing Who Writes Virus … The Adult (smallest category) Ethically abnormal
Computer Security /Threats Three categories Scanners Activity monitors Change detection software Anti-Virus There are Generic solutions Ex. Integrity checking Virus specific solution Ex. Looking for known viruses
Computer Security /Threats Functions of anti-viruses Identification of known viruses Detection of suspected viruses Blocking of possible viruses Disinfection of infected objects Deletion and overwriting of infected objects Anti-Virus …
Computer Security /Threats Hacking: is any attempt to intrude or gain unauthorized access to your system either via some operating system flaw or other means. The purpose may or may not be for malicious purposes. Hackers/Intrusion Attack: Cracking: is hacking conducted for malicious purposes.
Computer Security /Threats DoS Attack: is blocking access of legitimate users to a service. Denial of Service (DoS) Attack: Distributed DoS Attack: is accomplished by tricking routers into attacking a target or using Zumbie hosts to simultaneously attack a given target with large number of packets.
Computer Security /Threats Simple illustration of DoS attack (from Easttom) C:>Ping <address of X> -l 65000 –w 0 -t Ping Ping Ping Ping Web Server X Legitimate User
Encryption Encryption: The conversion of data into ciphertext, that cannot be easily understood by unauthorized people. Decryption: The process of converting encrypted data back into its original form so that it can be understood. Text: Human, readable sequences of characters Plaintext: What you have before encryption Ciphertext: Encrypted text Cipher: Usually refers to the method of encryption
The End Please Ask… or …

Recommended

Chapter 1 a
Chapter 1 aChapter 1 a
Chapter 1 akibrutry
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)Rohana K Amarakoon
 
chapter 1 security.ppt
chapter 1 security.pptchapter 1 security.ppt
chapter 1 security.pptgirmawodajo
 
Security in IT (data and cyber security)
Security in IT (data and cyber security)Security in IT (data and cyber security)
Security in IT (data and cyber security)Rohana K Amarakoon
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Cyber security & Data Protection
Cyber security & Data ProtectionCyber security & Data Protection
Cyber security & Data ProtectionDr. Hemant Kumar Singh
 
Security - Chapter 1.ppt
Security - Chapter 1.pptSecurity - Chapter 1.ppt
Security - Chapter 1.pptWorknehEdimealem
 
0857290053.pdf
0857290053.pdf0857290053.pdf
0857290053.pdfCrystal Sanchez
 

Recommended

Chapter 1 a
Chapter 1 aChapter 1 a
Chapter 1 akibrutry
 
security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)Rohana K Amarakoon
 
chapter 1 security.ppt
chapter 1 security.pptchapter 1 security.ppt
chapter 1 security.pptgirmawodajo
 
Security in IT (data and cyber security)
Security in IT (data and cyber security)Security in IT (data and cyber security)
Security in IT (data and cyber security)Rohana K Amarakoon
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
Cyber security & Data Protection
Cyber security & Data ProtectionCyber security & Data Protection
Cyber security & Data ProtectionDr. Hemant Kumar Singh
 
Security - Chapter 1.ppt
Security - Chapter 1.pptSecurity - Chapter 1.ppt
Security - Chapter 1.pptWorknehEdimealem
 
0857290053.pdf
0857290053.pdf0857290053.pdf
0857290053.pdfCrystal Sanchez
 
Chapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdfChapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdfEthioDotNetDeveloper
 
IT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notesIT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notesAsst.prof M.Gokilavani
 
IT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdfIT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdfAsst.prof M.Gokilavani
 
Beekman5 std ppt_12
Beekman5 std ppt_12Beekman5 std ppt_12
Beekman5 std ppt_12Department of Education - Philippines
 
Forensics
ForensicsForensics
ForensicsLaura Aviles
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityBryCunal
 
TAMUC LO 7
TAMUC LO 7TAMUC LO 7
TAMUC LO 7Dr. Christopher Jones
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxCRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxNune SrinivasRao
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsSimeon Ogao
 
sc.pptx
sc.pptxsc.pptx
sc.pptxWorknehEdimealem
 
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxRunning head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxhealdkathaleen
 
Need for cyber security
Need for cyber securityNeed for cyber security
Need for cyber securityJetking
 
Lecture 8 privacy, security, ergonomics and the environment
Lecture 8 privacy, security, ergonomics and the environment Lecture 8 privacy, security, ergonomics and the environment
Lecture 8 privacy, security, ergonomics and the environment Jenny Coloma
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Understand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming ProcessUnderstand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming ProcessCasey Robertson
 
Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007Chris Hammond-Thrasher
 
Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03kbzdox ivanovich
 
Notacd02
Notacd02Notacd02
Notacd02Azmiah Mahmud
 
Ict form 4 chapter 1(answer)
Ict form 4 chapter 1(answer)Ict form 4 chapter 1(answer)
Ict form 4 chapter 1(answer)smkengkilili2011
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

More Related Content

Similar to Chapter 1.ppt

IT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notesIT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notesAsst.prof M.Gokilavani
 
IT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdfIT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdfAsst.prof M.Gokilavani
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityBryCunal
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxCRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxNune SrinivasRao
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsSimeon Ogao
 
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxRunning head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxhealdkathaleen
 
Need for cyber security
Need for cyber securityNeed for cyber security
Need for cyber securityJetking
 
Lecture 8 privacy, security, ergonomics and the environment
Lecture 8 privacy, security, ergonomics and the environment Lecture 8 privacy, security, ergonomics and the environment
Lecture 8 privacy, security, ergonomics and the environment Jenny Coloma
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Understand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming ProcessUnderstand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming ProcessCasey Robertson
 
Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03kbzdox ivanovich
 
Ict form 4 chapter 1(answer)
Ict form 4 chapter 1(answer)Ict form 4 chapter 1(answer)
Ict form 4 chapter 1(answer)smkengkilili2011
 

Similar to Chapter 1.ppt (20)

Chapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdfChapter 1 - Introduction.pdf
Chapter 1 - Introduction.pdf
 
IT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notesIT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notes
 
IT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdfIT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdf
 
Beekman5 std ppt_12
Beekman5 std ppt_12Beekman5 std ppt_12
Beekman5 std ppt_12
 
Forensics
ForensicsForensics
Forensics
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
TAMUC LO 7
TAMUC LO 7TAMUC LO 7
TAMUC LO 7
 
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptxCRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
CRYPTOGRAPHY AND NETWORK SECURITY ppt by me.pptx
 
Cat21:Development Mangement Information Systems
Cat21:Development Mangement Information SystemsCat21:Development Mangement Information Systems
Cat21:Development Mangement Information Systems
 
sc.pptx
sc.pptxsc.pptx
sc.pptx
 
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docxRunning head CYBERSECURITY IN FINANCIAL DOMAIN .docx
Running head CYBERSECURITY IN FINANCIAL DOMAIN .docx
 
Need for cyber security
Need for cyber securityNeed for cyber security
Need for cyber security
 
Lecture 8 privacy, security, ergonomics and the environment
Lecture 8 privacy, security, ergonomics and the environment Lecture 8 privacy, security, ergonomics and the environment
Lecture 8 privacy, security, ergonomics and the environment
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProject
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Understand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming ProcessUnderstand Ethics and Security in the Programming Process
Understand Ethics and Security in the Programming Process
 
Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007Infosec Workshop - PacINET 2007
Infosec Workshop - PacINET 2007
 
Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03Rainer+3e Student Pp Ts Ch03
Rainer+3e Student Pp Ts Ch03
 
Notacd02
Notacd02Notacd02
Notacd02
 
Ict form 4 chapter 1(answer)
Ict form 4 chapter 1(answer)Ict form 4 chapter 1(answer)
Ict form 4 chapter 1(answer)
 

Recently uploaded

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Chapter 1.ppt

  • 1. Computer Security & Privacy Chapter 1
  • 2. Computer Security “The most secure computers are those not connected to the Internet and shielded from any interference”
  • 3. Computer Security Computer security is about provisions and policies adopted to protect information and property from theft, corruption, or natural disaster while allowing the information and property to remain accessible and productive to its intended users.
  • 4. Computer Security Network security on the other hand deals with provisions and policies adopted to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network- accessible resources. Internet Not Sufficient!!
  • 6. 1) Spoofing Attack 2) Brut Force Attack 3) Malware Attack 4) Virus/Worm Attack 5) SMURF Attack 6) SYN Attack 7) Trojan Horse 8) Logic Bomb 9) Ping of Death 10)Packet Sniffing 11)Eavesdropping 12)Cracking 13)Session Hijacking 14)War Dialing 15)DoS/DDoS 16)Blackout/ Brownout 17)Serge/Spike 18)Traffic Analysis 19)Wire Tapping Assignment 1 (15%): • Pick two topics. • Read about these security attack related keywords and write a three page/topic (maximum) summary of your findings including any recorded history of significant damages created by these attacks. • Send your report by email in pdf format (Use your name as the file name Ex. Kedir Ali). • Bonus: While reading, if you find keywords other than these, send them on the second page of your report. Computer Security
  • 7. Computer Security/ Overview Security: The prevention and protection of computer assets from unauthorized access, use, alteration, degradation, destruction, and other threats. Privacy: The right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information. Security/Privacy Threat: Any person, act, or object that poses a danger to computer security/privacy. Definitions
  • 8. Computer Security / History Until 1960s computer security was limited to physical protection of computers In the 60s and 70s  Evolutions  Computers became interactive  Multiuser/Multiprogramming was invented  More and more data started to be stored in computer databases Organizations and individuals started to worry about  What the other persons using computers are doing to their data  What is happening to their private data stored in large databases
  • 9. Computer Security / History In the 80s and 90s  Evolutions  Personal computers were popularized  LANs and Internet invaded the world  Applications such as E-commerce, E-government and E-health started to develop  Viruses become majors threats  Organizations and individuals started to worry about  Who has access to their computers and data  Whether they can trust a mail, a website, etc.  Whether their privacy is protected in the connected world
  • 10. Computer Security / History Famous security problems  Morris worm – Internet Worm  November 2, 1988 a worm attacked more than 60,000 computers around the USA  The worm attacks computers, and when it has installed itself, it multiplies itself, freezing the computer  It exploited UNIX security holes in Sendmail and Finger  A nationwide effort enabled to solve the problem within 12 hours Robert Morris became the first person to be indicted under the Computer Fraud and Abuse Act.  He was sentenced to three years of probation, 400 hours of community service and a fine of $10,050 He is currently an associate professor at the Massachusetts Institute of Technology (MIT)
  • 11. Computer Security / History Famous security problems …  NASA shutdown In 1990, an Australian computer science student was charged for shutting down NASA’s computer system for 24 hours  Airline computers In 1998, a major travel agency discovered that someone penetrated its ticketing system and has printed airline tickets illegally  Bank theft In 1984, a bank manager was able to steal $25 million through un-audited computer transactions
  • 12. Computer Security / History Famous security problems …  In Ethiopia  Employees of a company managed to change their salaries by fraudulently modifying the company’s database  In 1990s Internet password theft Hundreds of dial-up passwords were stolen and sold to other users Many of the owners lost tens of thousands of Birr each  A major company suspended the use of a remote login software by technicians who were looking at the computer of the General Manager  In Africa: Cote d’Ivoire  An employee who has been fired by his company deleted all the data in his company’s computer
  • 13. Computer Security / History Early Efforts 1960s: Marked as the beginning of true computer security 1970s: Tiger teams Government and industry sponsored crackers who attempted to break down defenses of computer systems in order to uncover vulnerabilities so that patches can be developed 1970s: Research and modeling Identifying security requirements Formulating security policy models Defining recommended guidelines and controls Development of secure systems
  • 14. Computer Security / Legal Issues In the US, legislation was enacted with regards to computer security and privacy starting from late 1960s. European Council adopted a convention on Cyber- crime in 2001. The World Summit for Information Society considered computer security and privacy as a subject of discussion in 2003 and 2005. The Ethiopian Penal Code of 2005 has articles on data and computer related crimes.
  • 15. Computer Security /Attacks Interruption: An attack on availability Interception: An attack on confidentiality Modification: An attack on integrity Fabrication: An attack on authenticity Categories of Attacks
  • 16. Computer Security /Attacks Categories of Attacks/Threats (W. Stallings) Normal flow of information Interruption Interception Modification Fabrication Source Destination Attack
  • 17. Computer Security /Vulnerabilities Physical vulnerabilities (Ex. Buildings) Natural vulnerabilities (Ex. Earthquake) Hardware and Software vulnerabilities (Ex. Failures) Media vulnerabilities (Ex. Disks can be stolen) Communication vulnerabilities (Ex. Wires can be tapped) Human vulnerabilities (Ex. Insiders) Types of Vulnerabilities
  • 18. Computer Security / Countermeasures Computer security controls Authentication (Password, Cards, Biometrics) (What we know, have, are!) Encryption Auditing Administrative procedures Standards Certifications Physical Security Laws
  • 19. Computer Security / The Human Factor The human factor is an important component of computer security Some organizations view technical solutions as “their solutions” for computer security. However:  Technology is fallible (imperfect)  Ex. UNIX holes that opened the door for Morris worm  The technology may not be appropriate  Ex. It is difficult to define all the security requirements and find a solution that satisfies those requirements  Technical solutions are usually (very) expensive  Ex. Antivirus purchased by ETC to protect its Internet services  Given all these, someone, a human, has to implement the solution
  • 20. Computer Security / The Human Factor Competence of the security staff Ex. Crackers may know more than the security team Understanding and support of management Ex. Management does not want to spend money on security Staff’s discipline to follow procedures Ex. Staff members choose simple passwords Staff members may not be trustworthy Ex. Bank theft
  • 21. Computer Security / Physical Security Physical security protects your physical computer facility (your building, your computer room, your computer, your disks and other media) [Chuck Easttom]. Physical security is the use of physical controls to protect premises, site, facility, building or other physical asset of an organization [Lawrence Fennelly]
  • 22. Computer Security / Physical Security In the early days of computing physical security was simple because computers were big, standalone, expensive machines It is almost impossible to move them (not portable) They were very few and it is affordable to spend on physical security for them Management was willing to spend money Everybody understands and accepts that there is restriction
  • 23. Computer Security / Physical Security Today Computers are more and more portable (PC, laptop, PDA, Smartphone) There are too many of them to have good physical security for each of them They are not “too expensive” to justify spending more money on physical security until a major crisis occurs Users don’t accept restrictions easily Accessories (ex. Network components) are not considered as important for security until there is a problem Access to a single computer may endanger many more computers connected through a network
  • 24. Computer Security / Physical Security => Physical security is much more difficult to achieve today than some decades ago Why?
  • 25. Computer Security / Physical Security Natural Disasters  Fire and smoke  Fire can occur anywhere  Solution – Minimize risk Good policies: NO SMOKING, etc.. Fire extinguisher, good procedure and training Fireproof cases (and other techniques) for backup tapes Fireproof doors  Climate  Heat  Direct sun  Humidity Threats and vulnerabilities
  • 26. Computer Security / Physical Security Natural Disasters …  Hurricane, storm, cyclone  Earthquakes  Water  Flooding can occur even when a water tab is not properly closed  Electric supply  Voltage fluctuation Solution: Voltage regulator  Lightning Threats and vulnerabilities … Solution  Avoid having servers in areas often hit by Natural Disasters!
  • 27. Computer Security / Physical Security People Intruders  Thieves  People who have been given access unintentionally by the insiders  Employees, contractors, etc. who have access to the facilities  External thieves  Portable computing devices can be stolen outside the organization’s premises Loss of a computing device Mainly laptop Threats and vulnerabilities …
  • 28. Computer Security / Physical Security Safe area Safe area often is a locked place where only authorized personnel can have access Organizations usually have safe area for keeping computers and related devices
  • 29. Computer Security / Physical Security Is the area inaccessible through other openings (window, roof-ceilings, ventilation hole, etc.)? Design of the building with security in mind Know the architecture of your building Safe area … Challenges During opening hours, is it always possible to detect when unauthorized person tries to get to the safe area? Surveillance/guards, video-surveillance, automatic- doors with security code locks, alarms, etc. Put signs so that everybody sees the safe area
  • 30. Computer Security / Physical Security Are the locks reliable?  The effectiveness of locks depends on the design, manufacture, installation and maintenance of the keys!  Among the attacks on locks are:  Illicit keys Duplicate keys Avoid access to the key by unauthorized persons even for a few seconds Change locks/keys frequently Key management procedure Lost keys Notify responsible person when a key is lost There should be no label on keys  Circumventing of the internal barriers of the lock Directly operating the bolt completely bypassing the locking mechanism which remains locked  Forceful attacks: Punching, Drilling, Hammering, etc. Safe area…Locks
  • 31. Computer Security / Physical Security Surveillance with guards The most common in Ethiopia Not always the most reliable since it adds a lot of human factor Not always practical for users (employees don’t like to be questioned by guards wherever they go) Safe area… Surveillance
  • 32. Computer Security / Physical Security Safe area… Surveillance Surveillance with video  Uses Closed Circuit Television (CCTV)  Started in the 1960s  Become more and more popular with the worldwide increase of theft and terrorism  Advantages  A single person can monitor more than one location  The intruder doesn’t see the security personnel  It is cheaper after the initial investment  It can be recorded and be used for investigation  Since it can be recorded the security personnel is more careful  Today’s digital video-surveillance can use advanced techniques such as face recognition to detect terrorists, wanted people, etc.  Drawback  Privacy concerns
  • 33. Computer Security / Physical Security Choose employees carefully Personal integrity should be as important a factor in the hiring process as technical skills Create an atmosphere in which the levels of employee loyalty, morale, and job satisfaction are high Remind employees, on a regular basis, of their continuous responsibilities to protect the organization’s information Internal Human factor - Personnel
  • 34. Computer Security / Physical Security Establish procedures for proper destruction and disposal of obsolete programs, reports, and data Act defensively when an employee must be discharged, either for cause or as part of a cost reduction program Such an employee should not be allowed access to the system and should be carefully watched until he or she leaves the premises Any passwords used by the former employee should be immediately disabled Internal Human factor – Personnel …
  • 35. Computer Security / Attacks & Threats Computer Security Attacks and Threats
  • 36. Computer Security / Attacks & Threats A computer security threat is any person, act, or object that poses a danger to computer security Computer world is full of threats! … refer to the first assignment… And so is the real world! Thieves, pick-pockets, burglars, murderers, drunk drivers, …
  • 37. Computer Security / Attacks & Threats What is the right attitude?  To do what you do in real life What do you do in real life?  You learn about the threats  What are the threats  How can these threats affect you  What is the risk for you to be attacked by these threats  How you can protect yourself from these risks  How much does the protection cost  What you can do to limit the damage in case you are attacked  How you can recover in case you are attacked  Then, you protect yourself in order to limit the risk but to continue to live your life You need to do exactly the same thing with computers!
  • 38. Computer Security / Attacks & Threats Types of Threats/Attacks … (Chuck Eastom) Hacking Attack: Any attempt to gain unauthorized access to your system Denial of Service (DoS) Attack Blocking access from legitimate users Physical Attack: Stealing, breaking or damaging of computing devices
  • 39. Computer Security / Attacks & Threats Malware Attack: A generic term for software that has malicious purpose Examples Viruses Trojan horses Spy-wares New ones: Spam/scam, identity theft, e-payment frauds, etc. Types of Threats/Attacks (Chuck Eastom)
  • 40. Computer Security /Threats Viruses “A small program that replicates and hides itself inside other programs usually without your knowledge.” Symantec Similar to biological virus: Replicates and Spreads Malware Attack: Worms An independent program that reproduces by copying itself from one computer to another It can do as much harm as a virus It often creates denial of service
  • 41. Computer Security /Threats Trojan horses (Ancient Greek tale of the city of Troy and the wooden horse) - ?? Secretly downloading a virus or some other type of mal- ware on to your computers. Spy-wares “A software that literally spies on what you do on your computer.” Example: Simple Cookies and Key Loggers Malware Attack…
  • 42. Computer Security /Threats Infection mechanisms First, the virus should search for and detect objects to infect Installation into the infectable object Writing on the boot sector Add some code to executable programs Add some code to initialization/auto-executable programs Write a macro in a word file … Most software based attacks are commonly called Viruses: How do viruses work?
  • 43. Computer Security /Threats Trigger mechanism Date Number of infections First use How do viruses work? … Effects: It can be anything A message Deleting files Formatting disk Overloading processor/memory Etc.
  • 44. Computer Security /Threats Adolescents Ethically normal and of average/above average intelligence. Tended to understand the difference between what is right and wrong Typically do not accept any responsibility for problems caused Who Writes Virus
  • 45. Computer Security /Threats The College Student Ethically normal Despite expressing that what is illegal is “wrong” Are not typically concerned about the results of their actions related to their virus writing Who Writes Virus … The Adult (smallest category) Ethically abnormal
  • 46. Computer Security /Threats Three categories Scanners Activity monitors Change detection software Anti-Virus There are Generic solutions Ex. Integrity checking Virus specific solution Ex. Looking for known viruses
  • 47. Computer Security /Threats Functions of anti-viruses Identification of known viruses Detection of suspected viruses Blocking of possible viruses Disinfection of infected objects Deletion and overwriting of infected objects Anti-Virus …
  • 48. Computer Security /Threats Hacking: is any attempt to intrude or gain unauthorized access to your system either via some operating system flaw or other means. The purpose may or may not be for malicious purposes. Hackers/Intrusion Attack: Cracking: is hacking conducted for malicious purposes.
  • 49. Computer Security /Threats DoS Attack: is blocking access of legitimate users to a service. Denial of Service (DoS) Attack: Distributed DoS Attack: is accomplished by tricking routers into attacking a target or using Zumbie hosts to simultaneously attack a given target with large number of packets.
  • 50. Computer Security /Threats Simple illustration of DoS attack (from Easttom) C:>Ping <address of X> -l 65000 –w 0 -t Ping Ping Ping Ping Web Server X Legitimate User
  • 51. Encryption Encryption: The conversion of data into ciphertext, that cannot be easily understood by unauthorized people. Decryption: The process of converting encrypted data back into its original form so that it can be understood. Text: Human, readable sequences of characters Plaintext: What you have before encryption Ciphertext: Encrypted text Cipher: Usually refers to the method of encryption