Interactive Powerpoint_How to Master effective communication
Foundations Computer Security Fundamentals
1. FOUNDATIONS OF COMPUTER SECURITY
COMPUTER SECURITY BASICALLY IS THE PROTECTION OF COMPUTER
SYSTEMS AND INFORMATION FROM HARM, THEFT, AND UNAUTHORIZED USE.
IT IS THE PROCESS OF PREVENTING AND DETECTING UNAUTHORIZED USE
OF YOUR COMPUTER SYSTEM.
• COMPUTER SECURITY REFERS TO TECHNIQUES FOR ENSURING THAT DATA
STORED IN A COMPUTER CANNOT BE READ OR COMPROMISED BY ANY
INDIVIDUALS WITHOUT AUTHORIZATION.
2. FOUNDATIONS OF COMPUTER
SECURITY
• INFORMATION SECURITY IS SECURING INFORMATION FROM UNAUTHORIZED
ACCESS, MODIFICATION & DELETION
• CYBERSECURITY IS DEFINED AS PROTECTING COMPUTER SYSTEMS, WHICH
COMMUNICATE OVER THE COMPUTER NETWORKS
3. NEED OF COMPUTER SECURITY
• NEED OF COMPUTER SECURITY:
• 1. FOR PREVENTION OF DATA THEFT SUCH AS BANK ACCOUNT NUMBERS,
CREDIT CARD INFORMATION, PASSWORDS, WORK RELATED DOCUMENTS OR
SHEETS, ETC.
• 2. TO MAKE DATA REMAIN SAFE AND CONFIDENTIAL.
• 3. TO PROVIDE CONFIDENTIALITY WHICH ENSURES THAT ONLY THOSE
INDIVIDUALS SHOULD EVER BE ABLE TO VIEW DATA THEY ARE NOT ENTITLED
TO.
• 4. TO PROVIDE INTEGRITY WHICH ENSURES THAT ONLY AUTHORIZED
INDIVIDUALS SHOULD EVER BE ABLE CHANGE OR MODIFY INFORMATION.
• 5. TO PROVIDE AVAILABILITY WHICH ENSURE THAT THE DATA OR SYSTEM
ITSELF IS AVAILABLE FOR USE WHEN AUTHORIZED USER WANTS IT.
• 6. TO PROVIDE AUTHENTICATION WHICH DEALS WITH THE DESIRE TO
ENSURE THAT AN AUTHORIZED INDIVIDUAL.
4. NEED OF SECURITY
• TO KEEP CONFIDENTIAL INFORMATION OUT OF THE WRONG HANDS
• TO MAINTAIN THE INTEGRITY OF THE SYSTEM AND THE DATA SO IT CAN BE
TRUSTED
• TO GUARANTEE THAT THE SYSTEM AND DATA IS THERE AND ABLE TO BE
ACCESSED AT WILL.
5. SECURITY BASICS/CIA MODEL/PRINCIPLES OF SECURITY
• IT CONSISTS OF CONFIDENTIALITY, INTEGRITY AND AVAILABILITY.
• THIS MODEL IS DESIGNED TO GUIDE THE ORGANIZATION WITH THE
POLICIES OF CYBER SECURITY IN THE AREA OF INFORMATION SECURITY.
7. CONFIDENTIALITY
● THE PRINCIPLE OF CONFIDENTIALITY SPECIFIES THAT ONLY THE SENDER AND INTENDED
RECIPIENT SHOULD BE ABLE TO ACCESS THE CONTENTS OF A MESSAGE.
● CONFIDENTIALITY GETS COMPROMISED IF AN UNAUTHORIZED PERSON IS ABLE TO
ACCESS THE CONTENTS OF A MESSAGE
User A
Computer
User B
Computer
User B
Computer
User A
Computer
User C
Computer
M
M
Fig.
Confidentiality
Fig. Loss of
Confidentiality
(interception attack)
8.
9. SECURITY BASICS/CIA MODEL/PRINCIPLES OF SECURITY
CONFIDENTIALITY IS THE ACTION OF HIDING SOMETHING OR PREVENTING IT
FROM BEING KNOWN.
ALSO, THERE IS A NEED TO KEEP INFORMATION SECRET FROM OTHER THIRD
PARTIES, SO THAT JUST THE RIGHT PEOPLE CAN HAVE ACCESS TO IT
IT DEFINES THE RULES THAT LIMITS THE ACCESS OF INFORMATION.
CONFIDENTIALITY TO RESTRICT THE SENSITIVE INFORMATION FROM BEING
ACCESSED BY CYBER ATTACKERS AND HACKERS AND UNAUTHORIZED PERSON.
10. SECURITY BASICS/CIA MODEL/PRINCIPLES OF SECURITY
CONFIDENTIALITY MAINTAIN BY USER ID /PASSWORD/OTP
VARIOUS WAYS TO ENSURE CONFIDENTIALITY:
TWO-FACTOR AUTHENTICATION, DATA ENCRYPTION, DATA CLASSIFICATION,
BIOMETRIC VERIFICATION, AND SECURITY TOKENS.
11. INTEGRITY
WHEN THE CONTENTS OF THE MESSAGE ARE CHANGED AFTER THE SENDER
SENDS IT, BUT BEFORE IT REACHES THE INTENDED RECIPIENT, WE SAY THAT
THE INTEGRITY OF THE MESSAGE IS LOST
CHANGE OF CONTENT OF A MESSAGE DURING TRANSMISSION SUCH TYPE OF
ATTACK IS KNOWN AS MODIFICATION ATTACK.
User B
Computer
User A
Computer
User C
Computer
Transfer
1000Rs
Fig. loss of Integrity (modification attack)
Transfer
5000Rs
Transfer
1000Rs
12.
13. SECURITY BASICS/CIA MODEL/PRINCIPLES OF SECURITY
INTEGRITY:
THIS ASSURES THAT THE DATA IS CONSISTENT, ACCURATE AND
TRUSTWORTHY DURING THE TRANSMISSION.
IT MEANS THAT THE DATA WITHIN THE TRANSMISSION SHOULD NOT BE
CHANGED, ALTERED, DELETED OR ILLEGALLY BEING ACCESSED.
• THERE SHOULD BE TOOLS AND TECHNOLOGIES IMPLEMENTED TO DETECT
ANY CHANGE OR BREACH IN THE DATA.
• VARIOUS ORGANIZATIONS USES A CHECKSUM, AND EVEN CRYPTOGRAPHIC
CHECKSUM TO VERIFY THE INTEGRITY OF DATA.
14. SECURITY BASICS/CIA MODEL/PRINCIPLES OF SECURITY
Integrity:
Example in real life − Let’s say you are doing an online payment of 5 USD, but your
information is tampered without your knowledge in a way by sending to the seller 500
USD, this would cost you too much.
In this case cryptography plays a very major role in ensuring data integrity.
15. AVAILABILITY
PRINCIPLE OF AVAILABILITY ENSURES THAT RESOURCES
SHOULD BE AVAILABLE TO AUTHORIZED PARTIES AT ALL TIMES
WITHOUT ANY INTERRUPTION.
Server
Attacker
Client
Service
Unavailable
Fig. Attack on Availability (interruption attack)
16. SECURITY BASICS/CIA MODEL/PRINCIPLES OF SECURITY
AVAILABILITY
AVAILABILITY REFERS TO THE ABILITY TO ACCESS DATA OR A RESOURCE WHEN IT IS
NEEDED.THE INFORMATION HAS VALUE ONLY IF THE AUTHORIZED PEOPLE CAN ACCESS AT
RIGHT TIME
ALL NECESSARY COMPONENTS LIKE HARDWARE, SOFTWARE, NETWORKS, DEVICES AND
SECURITY EQUIPMENT SHOULD ALL BE MAINTAINED AND UPGRADED
THIS WILL ENSURE THE SMOOTH FUNCTIONING AND ACCESS OF DATA WITHOUT ANY
DISRUPTION
17. SECURITY BASICS/CIA MODEL/PRINCIPLES OF SECURITY
AVAILABILITY….
IT ALSO INVOLVES OPTING FOR EXTRA SECURITY EQUIPMENT IN CASE OF ANY
DISASTER. UTILITIES LIKE FIREWALLS, DISASTER RECOVERY PLANS, PROXY
SERVERS AND A PROPER BACKUP SOLUTION SHOULD ENSURE TO COPE WITH
DOS ATTACKS.
EXAMPLE IN REAL LIFE − LET’S SAY A HACKER HAS COMPROMISED A WEBSERVER
OF A BANK AND PUT IT DOWN. YOU AS AN AUTHENTICATED USER WANT TO DO AN
E-BANKING TRANSFER BUT IT IS IMPOSSIBLE TO ACCESS IT, THE UNDONE
TRANSFER IS A MONEY LOST FOR THE BANK.
18. SECURITY BASICS/CIA MODEL/PRINCIPLES OF SECURITY
ACCOUNTABILITY :
ACCOUNTABILITY IS AN ESSENTIAL PART OF AN INFORMATION SECURITY PLAN.
ACCOUNTABILITY GUARANTEES THAT ALL OPERATIONS CARRIED OUT BY
INDIVIDUALS, SYSTEMS CAN BE IDENTIFIED (IDENTIFICATION) AND THAT THE
TRACE TO THE AUTHOR (TRACEABILITY)
ONE EXAMPLE WOULD BE A POLICY STATEMENT THAT ALL EMPLOYEES MUST
AVOID INSTALLING OUTSIDE SOFTWARE ON A COMPANY-OWNED
INFORMATION INFRASTRUCTURE.
19. SECURITY BASICS/CIA MODEL/PRINCIPLES OF SECURITY
ACCOUNTABILITY……
THE PERSON IN CHARGE OF INFORMATION SECURITY SHOULD PERFORM
PERIODIC CHECKS TO SEE THAT THE POLICY IS BEING FOLLOWED.
EVERY INFORMATION ASSET SHOULD BE "OWNED" BY AN INDIVIDUAL IN THE
ORGANIZATION WHO IS PRIMARILY RESPONSIBLE EACH ONE.
THE DUTIES AND RESPONSIBILITIES OF ALL EMPLOYEES, AS THEY RELATE TO
INFORMATION NEED TO BE SPECIFIED IN DETAIL.
20. NON-REPUDIATION
SOMETIMES USER SEND THE MESSAGE AND LATER REFUSES THAT HE HAD
NOT SENT THAT MESSAGE.
THE PRINCIPLE OF NON-REPUDIATION REDUCE SUCH POSSIBILITIES.
EG. USER A REQUEST FOR FUND TRANSFER TO A BANK , BANK COMPLETE THE
FUND TRANSFER AS PER REQUEST OF USER A BUT LATER USER A REFUSE
THAT HE HAS NOT MADE SUCH TYPE OF REQUEST.
PRINCIPLE OF NON-REPUDIATION IMPLEMENT BY USING DIGITAL SIGNATURES.
ACCESS CONTROL
PRINCIPLE OF ACCESS CONTROL DETERMINES WHO SHOULD BE ABLE TO
ACCESS WHAT. UNDER ACCESS CONTROL WE DECIDE ROLE OF USERS AND
ALSO RULE FOR USERS TO ACCESS DIFFERENT RESOURCES OF THE
ORGANIZATION.
21. SECURITY BASICS/CIA MODEL/PRINCIPLES OF SECURITY
NON REPUDIATION IS THE ASSURANCE THAT SOMEONE CANNOT DENY
SOMETHING.
NONREPUDIATION IS A WAY TO GUARANTEE THAT THE SENDER OF A MESSAGE
CANNOT LATER DENY HAVING SENT THE MESSAGE AND THAT THE RECIPIENT
CANNOT DENY HAVING RECEIVED THE MESSAGE.
TYPICALLY, NONREPUDIATION REFERS TO THE ABILITY TO ENSURE THAT A PARTY
CANNOT DENY THE AUTHENTICITY OF THEIR SIGNATURE ON A DOCUMENT OR THE
SENDING OF A MESSAGE THAT THEY ORIGINATED.
EMAIL NONREPUDIATION INVOLVES METHODS SUCH AS EMAIL TRACKING THAT
ARE DESIGNED TO ENSURE THAT THE SENDER CANNOT DENY HAVING SENT A
MESSAGE AND/OR THAT THE RECIPIENT CANNOT DENY HAVING RECEIVED IT.
• NONREPUDIATION CAN BE OBTAINED THROUGH THE USE OF:
• DIGITAL SIGNATURES-
• CONFIRMATION SERVICES –
• TIMESTAMPS --
22. SECURITY BASICS/CIA MODEL/PRINCIPLES OF
SECURITY
• RELIABILITY:
COMPUTERS NEED TO BE RELIABLE FOR PEOPLE TO USE THEM AND HAVE
CONFIDENCE IN THEM. IF THEY ARE NOT RELIABLE, THEN THEY WILL QUICKLY BE
ABANDONED.
**************************************************************************************
***********************
• COMPUTER SYSTEMS NEED TO BE RELIABLE IF THEY ARE TO BE CONFIDENTLY
USED. IF PEOPLE CANNOT RELY ON THEM, THEN THEY WILL QUICKLY BE
ABANDONED.
23. DEFINATIONS
THREAT
A POTENTIAL CAUSE TO A INCIDENT THAT BECOME HARMFUL FOR SYSTEM OR ORGANIZATION.
AN UNDESIRED EVENT THAT MAY RESULT IN LOSS, DISCLOSURE OR DAMAGE TO ORG ASSET.
• THREAT IS POTENTIAL FOR VIOLATION OF SECURITY
RISK
.
RISK CALCULATIONS RISK = ASSETS X THREATS X VULNERABILITIES
•. A COMPUTER SECURITY RISK IS ANY EVENT OR ACTION THAT COULD CAUSE A LOSS OR DAMAGE TO
COMPUTER HARDWARE, SOFTWARE, DATA, OR INFORMATION OR RISK IS PROBABILITY OF THREATS
THAT MAY OCCUR BECAUSE OF PRESENCE OF VULNERABILITY IN A SYSTEM
24. • QUANTITATIVE RISK ANALYSIS:
-A PROCESS OF ASSIGNING A NUMERIC VALUE TO THE PROBABILITY OF LOSS BASED ON
KNOWN RISKS, ON FINANCIAL VALUES OF THE ASSETS AND ON PROBABILITY OF
THREATS.
- IT IS USED TO DETERMINE POTENTIAL DIRECT AND INDIRECT COSTS TO THE COMPANY
BASED ON VALUES ASSIGNED TO COMPANY ASSETS AND THEIR EXPOSURE TO RISK.
ASSETS CAN BE RATED AS THE COST OF REPLACING AN ASSET, THE COST OF LOST
PRODUCTIVITY, OR THE COST OF DIMINISHED BRAND REPUTATION. IN THIS 100%
QUANTITATIVE RISK ANALYSIS IS NOT POSSIBLE.
• QUALITATIVE RISK ANALYSIS:
-A COLLABORATIVE PROCESS OF ASSIGNING RELATIVE VALUES TO ASSETS, ASSESSING
THEIR RISK EXPOSURE AND ESTIMATING THE COST OF CONTROLLING THE RISK.
-IT UTILIZES RELATIVE MEASURES AND APPROXIMATE COSTS RATHER THAN PRECISE
VALUATION AND COST DETERMINATION. ASSETS CAN BE RATED BASED ON CRITICALITY -
VERY IMPORTANT, IMPORTANT, NOT-IMPORTANT ETC. VULNERABILITIES CAN BE RATED
BASED ON HOW IT IS FIXED - FIXED SOON, SHOULD BE FIXED, FIX IF SUITABLE ETC.
THREATS CAN BE RATED BASED ON SCALE OF LIKELY - LIKELY, UNLIKELY, VERY LIKELY
ETC. IN THIS 100% QUALITATIVE RISK ANALYSIS IS FEASIBLE.
25. DEFINATIONS
COUNTERMEASURE
AN ACTION, PROCEDURE, OR TECHNIQUE THAT REDUCES A THREAT, A VULNERABILITY.
ASSET
ASSET IS ANY THING (HARDWARE, SOFTWARE, DATA,INFORMATION) THAT OWNER WANT TO
SECURE.
OR
ASSET IS ANY DATA, DEVICE, OR OTHER COMPONENT OF THE ENVIRONMENT THAT
SUPPORTS INFORMATION-RELATED ACTIVITIES.
ASSETS GENERALLY INCLUDE HARDWARE, SOFTWARE AND CONFIDENTIAL INFORMATION
26. DEFINITION'S
VULNERABILITY IS A WEAKNESS IN THE INFORMATION INFRASTRUCTURE OF ORG
IT WILL ACCIDENTALLY OR INTENTIONALLY DAMAGE THE ASSET •
IT IS A WEAKNESS IN COMPUTER SYSTEM & NETWORK. THE TERM "VULNERABILITY" REFERS
TO THE SECURITY FLAWS IN A SYSTEM THAT ALLOWS AN ATTACK TO BE SUCCESSFUL.
TESTING FOR VULNERABILITIES IS USEFUL FOR MAINTAINING ON-GOING SECURITY
VULNERABILITIES CAN BE……………
– PROGRAMS WITH UNNECESSARY PRIVILEGE
– ACCOUNTS DEFAULT PASSWORD NOT CHANGED
– PROGRAM WITH KNOWN FAULTS.
– WEAK ACCESS CONTROL
– WEAK FIREWALL
27. HACKING
• HACKING IN SIMPLE TERMS MEANS AN ILLEGAL INTRUSION INTO A
COMPUTER SYSTEM AND/OR NETWORK.
• GOVERNMENT WEBSITES ARE THE HOT TARGET OF THE HACKERS
DUE TO THE PRESS COVERAGE, IT RECEIVES.
• /OR /
• HACKING IS THE ACT OF IDENTIFYING AND THEN EXPLOITING
WEAKNESSES IN A COMPUTER SYSTEM OR NETWORK, USUALLY TO
GAIN UNAUTHORIZED ACCESS TO PERSONAL OR ORGANIZATIONAL
DATA.
• HACKING IS NOT ALWAYS A MALICIOUS ACTIVITY, BUT THE TERM
HAS MOSTLY NEGATIVE CONNOTATIONS DUE TO ITS ASSOCIATION
WITH CYBERCRIME.
29. VIRUSES
VIRUS IS A PROGRAM WHICH ATTACHES ITSELF TO ANOTHER PROGRAM AND CAUSES DAMAGE TO
THE COMPUTER SYSTEM OR THE NETWORK.
IT IS LOADED ONTO YOUR COMPUTER WITHOUT YOUR KNOWLEDGE AND RUNS AGAINST YOUR
WISHES
ALMOST ALL VIRUSES ARE ATTACHED TO AN EXECUTABLE FILE, WHICH MEANS THE VIRUS MAY
EXIST ON YOUR COMPUTER BUT IT ACTUALLY CANNOT INFECT YOUR COMPUTER UNLESS YOU RUN
OR OPEN THE MALICIOUS PROGRAM.
COMPUTER VIRUS ATTACH ITSELF TO A PROGRAM OR FILE ENABLING IT TO SPREAD FROM ONE
COMPUTER TO ANOTHER , LEAVING INFECTION AS IT TRAVELS FROM PC TO PC OR OVER NETWORK.
IT COPIES ITSELF INTO PREVIOUSLY UNINFECTED PROGRAMS OR FILES, AND EXECUTES OVER
OTHER SOURCE OF ATTACK.
IT CAN CAUSE THE LOSS OR ALTERATION OF PROGRAM OR DATA AND CAN BREAK CONFIDENTIALITY.
IT IS ALMOST ATTACHED WITH EXECUTABLE FILE.
30. VIRUS
• DEFINITION: VIRUS IS A PROGRAM WHICH ATTACHES ITSELF TO ANOTHER
PROGRAM AND CAUSES DAMAGE TO THE COMPUTER SYSTEM OR THE
NETWORK. IT IS LOADED ONTO YOUR COMPUTER WITHOUT YOUR
KNOWLEDGE AND RUNS AGAINST YOUR WISHES. DURING THE LIFECYCLE OF
VIRUS IT GOES THROUGH THE FOLLOWING FOUR PHASES:
• 1. DORMANT PHASE: THE VIRUS IS IDLE AND ACTIVATED BY SOME EVENT.
• 2. PROPAGATION PHASE: IT PLACES AN IDENTICAL COPY OF ITSELF INTO
OTHER PROGRAMS OR INTO CERTAIN SYSTEM AREAS ON THE DISK.
• 3. TRIGGERING PHASE: THE VIRUS IS ACTIVATED TO PERFORM THE
FUNCTION FOR WHICH IT WAS INTENDED.
• 4. EXECUTION PHASE: THE FUNCTION OF VIRUS IS PERFORMED
•
31. PHASES OF VIRUSES
A TYPICAL VIRUS GOES THROUGH PHASES OF:
– DORMANT
– PROPAGATION
– TRIGGERING
– EXECUTION
32. PHASES OF VIRUSES
• DURING THE LIFECYCLE OF VIRUS IT GOES THROUGH THE FOLLOWING FOUR
PHASES:
• 1. DORMANT PHASE:
THE VIRUS IS IDLE AND ACTIVATED BY SOME EVENT.
THE VIRUS WILL BE ACTIVATED BY SOME EVENT SUCH AS A DATE, THE PRESENCE OF
ANOTHER PROGRAM OR FILE, OR THE CAPACITY OF THE DISK EXCEEDING SOME LIMIT.
NOT ALL VIRUSES HAVE THIS STAGE.
• 2. PROPAGATION PHASE:
• IT PLACES AN IDENTICAL COPY OF ITSELF INTO OTHER PROGRAMS OR INTO CERTAIN
SYSTEM AREAS ON THE DISK.
33. PHASES OF VIRUSES
• 3. TRIGGERING PHASE:
THE VIRUS IS ACTIVATED TO PERFORM THE FUNCTION FOR WHICH IT WAS
INTENDED.
4. EXECUTION PHASE:
THE FUNCTION OF VIRUS IS PERFORMED.
THE FUNCTION MAY BE HARMLESS, SUCH AS A MESSAGE ON THE SCREEN, OR
DAMAGING, SUCH AS THE DESTRUCTION OF PROGRAMS AND DATA FILES.
34.
35. STEPS
VIRUS PROGRAM IS LAUNCHED.
VIRUS CODE IS LOADED INTO DESTINATION.
VIRUS DELIVERS ITSELF DESTRUCTIVE PAYLOAD.
VIRUS COPIES ITSELF TO ANOTHER PROGRAM.
CHARACTERISTICS ARE: HARD TO DETECT, NOT EASILY DESTROYABLE,
SPREADS INFECTION WIDELY,
EASY TO CREATE, MACHINE AND OPERATING SYSTEM INDEPENDENT
37. TYPES OF VIRUSES
PARASITIC VIRUSES: IT ATTACHES ITSELF TO EXECUTABLE CODE AND
REPLICATES ITSELF. ONCE CODE IS INFECTED IT WILL FIND ANOTHER
PROGRAM TO INFECT.
MEMORY RESIDENT VIRUSES: A MEMORY-RESIDENT VIRUS IS A VIRUS THAT
IS LOCATED IN THE MEMORY OF A COMPUTER, EVEN AFTER THE 'HOST'
APPLICATION OR PROGRAM HAS STOPPED RUNNING (BEEN
TERMINATED).LIVES IN MEMORY AFTER ITS EXECUTION IT BECOMES A PART
OF OPERATING SYSTEM OR APPLICATION AND CAN MANIPULATE ANY FILE
THAT IS EXECUTED, COPIED OR MOVED.
NON- RESIDENT VIRUSES: NON-MEMORY-RESIDENT VIRUSES ARE ONLY
ACTIVATED ONCE THE APPLICATION OR PROGRAM IS STARTED.IT EXECUTES
ITSELF AND TERMINATES OR DESTROYS AFTER SPECIFIC TIME.
38. TYPES OF VIRUSES
OVERWRITING VIRUSES: IT OVERWRITES THE CODE WITH ITS OWN CODE.
SOME VIRUSES ARE DESIGNED SPECIFICALLY TO DESTROY A FILE OR
APPLICATION'S DATA. AFTER INFECTING A SYSTEM, AN OVERWRITE VIRUS
BEGINS OVERWRITING FILES WITH ITS OWN CODE. THESE VIRUSES CAN
TARGET SPECIFIC FILES OR APPLICATIONS OR SYSTEMATICALLY OVERWRITE
ALL FILES ON AN INFECTED DEVICE.
BOOT SECTOR VIRUSES :A BOOT SECTOR IS A RESERVED SECTION OF A DISK
THAT CONTAINS THE CODE AND DATA NEEDED TO START THE OPERATING
SYSTEM (OS) OF A COMPUTER. A BOOT SECTOR VIRUS IS A TYPE OF MALWARE
THAT INFECTS A SYSTEM'S BOOT PARTITION OR THE MASTER BOOT RECORD
(MBR) OF A HARD DISK
39. TYPES OF VIRUSES
STEALTH VIRUS: THIS VIRUS HIDES THE MODIFICATION IT HAS MADE IN THE FILE
OR BOOT RECORD.
MACRO VIRUSES: THESE ARE NOT EXECUTABLE. IT AFFECTS MICROSOFT WORD
LIKE DOCUMENTS, THEY CAN SPREADS THROUGH EMAIL.
POLYMORPHIC VIRUSES: IT PRODUCES FULLY OPERATIONAL COPIES OF ITSELF, IN
AN ATTEMPT TO AVOID SIGNATURE DETECTION.
COMPANION VIRUSES: CREATES A PROGRAM INSTEAD OF MODIFYING AN EXISTING
FILE.
EMAIL VIRUSES: VIRUS GETS EXECUTED WHEN EMAIL ATTACHMENT IS OPEN BY
RECIPIENT. VIRUS SENDS ITSELF TO EVERYONE ON THE MAILING LIST OF SENDER.
METAMORPHIC VIRUSES: KEEPS REWRITING ITSELF EVERY TIME, IT MAY CHANGE
THEIR BEHAVIOR AS WELL AS APPEARANCE CODE
40. HOW TO DEAL WITH COMPUTER VIRUSES
STEP 1: USE A RELIABLE ANTIVIRUS PROGRAM
IF YOU ALREADY HAVE ANTIVIRUS SOFTWARE INSTALLED ON YOUR COMPUTER AND IT
STILL GOT INFECTED WITH A VIRUS, THE SOFTWARE YOU WERE USING IS MOST
LIKELY UNRELIABLE.
UNINSTALL IT, AND GET A NEW ONE.
YOU CAN DOWNLOAD ONE ONLINE OR BUY AN INSTALLER FROM YOUR LOCAL TECH
SHOP.
STEP 2: SCAN YOUR COMPUTER
A WIDE VARIETY OF MALICIOUS PROGRAMS EXIST TODAY, AND SOME OF THE MOST
COMMON INCLUDE TROJANS, VIRUSES, WORMS, AND RANSOMWARE.
IN ORDER TO CHECK IF YOUR COMPUTER IS ACTUALLY INFECTED WITH ANY OF THESE
(AS WELL AS IDENTIFY WHICH OF THEM MAY HAVE INFECTED YOUR COMPUTER),
PERFORM A FULL SCAN OF YOUR COMPUTER USING YOUR NEW ANTIVIRUS SOFTWARE,
AND MAKE SURE THAT THE ANTIVIRUS IS FULLY UPDATED BEFORE YOU START THE
SCAN.
41. HOW TO DEAL WITH COMPUTER VIRUSES
STEP 3: REMOVE THE MALWARE
• ONCE YOUR SOFTWARE IDENTIFIES THE INFECTION, IT WILL PROVIDE YOU WITH PROMPTS
ON HOW TO TREAT IT.
• ANTIVIRUS PROGRAMS ALL HAVE DIFFERENT METHODS, BUT SOME OF THE MOST COMMON
OPTIONS INCLUDE PERMANENT DELETION OF THE VIRUS OR STORING IT IN A SECURE
FOLDER (A.K.A. “QUARANTINE”) WHERE IT WON’T BE ABLE TO CAUSE MORE DAMAGE.
STEP 4: STOP FUTURE INFECTIONS
• WHEN IT COMES TO VIRUS PROTECTION, PREVENTION IS ALWAYS BETTER THAN CURE. YOU
CAN PREVENT YOUR COMPUTER FROM GETTING INFECTED BY TAKING THESE
PRECAUTIONARY MEASURES:
• PERFORM SCANS USING YOUR ANTIVIRUS SOFTWARE AT REGULAR INTERVALS.
• MOST PROGRAMS HAVE THE OPTION TO SCHEDULE AUTOMATIC SCANS BASED ON YOUR
PREFERRED DEGREE OF FREQUENCY: DAILY, WEEKLY, BI-WEEKLY, AND SO ON.
• DO NOT OPEN SUSPICIOUS-LOOKING EMAILS. THEY COULD BE INFECTED WITH SPYWARE.
• ONLY VISIT SECURE WEBSITES
43. WORM
A COMPUTER WORM IS A PIECE OF SOFTWARE THAT COPIES ITSELF FROM ONE COMPUTER
TO ANOTHER. UNLIKE A VIRUS, IT IS A STANDALONE PROGRAM THAT DOESN’T REQUIRE A
HOST. IT USUALLY DOESN’T TARGET FILES ON AN INDIVIDUAL COMPUTER. INSTEAD, IT
TAKES ON ENTIRE NETWORKS IN AN ATTEMPT TO CREATE LARGE BOTNETS
A WORM IS SIMILAR TO A VIRUS BY DESIGN AND IS CONSIDERED TO BE A SUB-CLASS OF
A VIRUS.
WORMS SPREAD FROM COMPUTER TO COMPUTER, BUT UNLIKE A VIRUS, IT HAS THE
CAPABILITY TO TRAVEL WITHOUT ANY HUMAN ACTION.
THE BIGGEST DANGER WITH A WORM IS ITS CAPABILITY TO REPLICATE ITSELF ON
YOUR SYSTEM
SO RATHER THAN YOUR COMPUTER SENDING OUT A SINGLE WORM, IT COULD SEND
OUT HUNDREDS OR THOUSANDS OF COPIES OF ITSELF, CREATING A HUGE
DEVASTATING EFFECT.
DUE TO THE COPYING NATURE OF A WORM AND ITS CAPABILITY TO TRAVEL ACROSS
NETWORKS THE END RESULT IN MOST CASES IS THAT THE WORM CONSUMES TOO
MUCH SYSTEM MEMORY (OR NETWORK BANDWIDTH), CAUSING WEB SERVERS,
NETWORK SERVERS AND INDIVIDUAL COMPUTERS TO STOP RESPONDING
48. TROJAN HORSE
A TROJAN HORSE, OR TROJAN, IS A TYPE OF MALICIOUS CODE OR SOFTWARE THAT LOOKS
LEGITIMATE BUT CAN TAKE CONTROL OF YOUR COMPUTER.
OR
A TROJAN HORSE OR TROJAN IS A TYPE OF MALWARE THAT IS OFTEN DISGUISED AS
LEGITIMATE SOFTWARE. TROJANS CAN BE EMPLOYED BY CYBER-THIEVES AND HACKERS
TRYING TO GAIN ACCESS TO USERS' SYSTEMS
A TROJAN IS DESIGNED TO DAMAGE, DISRUPT, STEAL YOUR DATA OR PERFORM HARMFUL
ACTION ON NETWORK.
• ONCE ACTIVATED, TROJANS CAN ENABLE CYBER-CRIMINALS TO SPY ON YOU, STEAL YOUR
SENSITIVE DATA, AND GAIN BACKDOOR ACCESS TO YOUR SYSTEM. THESE ACTIONS CAN
INCLUDE:
• DELETING DATA
• BLOCKING DATA
• MODIFYING DATA
• COPYING DATA
• DISRUPTING THE PERFORMANCE OF COMPUTERS OR COMPUTER NETWORKS
• UNLIKE COMPUTER VIRUSES AND WORMS, TROJANS ARE NOT ABLE TO SELF-REPLICATE
49. TYPES OF TROJAN MALWARE
• BACKDOOR TROJAN
• DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACK TROJAN
• DOWNLOADER TROJAN
• FAKE AV TROJAN
• GAME-THIEF TROJAN
• RANSOM TROJAN
• REMOTE ACCESS TROJAN
• MAIL FINDER TROJAN
• SMS
• SMS TROJAN
50. BACK-DOOR ATTACK & FRONT-DOOR ATTACK
BACK-DOOR ATTACK
• IN THE WORLD OF CYBERSECURITY, A BACKDOOR REFERS TO ANY METHOD BY WHICH
AUTHORIZED AND UNAUTHORIZED USERS ARE ABLE TO GET AROUND
NORMAL SECURITY MEASURES AND GAIN HIGH LEVEL USER ACCESS (AKA ROOT ACCESS) ON A
COMPUTER SYSTEM, NETWORK, OR SOFTWARE APPLICATION.
• A NETWORK ADMINISTRATOR (NA) MAY INTENTIONALLY CREATE OR INSTALL
A BACKDOOR PROGRAM FOR TROUBLESHOOTING OR OTHER OFFICIAL
USE. HACKERS USE BACKDOORS TO INSTALL MALICIOUS SOFTWARE (MALWARE) FILES OR
PROGRAMS, MODIFY CODE OR DETECT FILES AND GAIN SYSTEM AND/OR DATA ACCESS.
51. FRONT-DOOR ATTACK
• ALL FRONT-DOOR ATTACKS REQUIRE THE ACTIONS OF THE USER TO ALLOW THE VIRUS TO
INFECT THE SYSTEM. THIS IS WHY THEY ARE REFERRED TO AS A FRONT-DOOR ATTACK, AS
METAPHORICALLY, THE USER IS TRICKED INTO OPENING THE FRONT DOOR AND LETTING
THE VIRUS IN. THE MOST COMMON WAYS IN WHICH THIS STYLE OF ATTACK IS DISGUISED
ARE EMAILS, WEB BROWSING OR DOWNLOADS.
• ONCE YOU'VE ALLOWED THE VIRUS TO ENTER YOUR SYSTEM, IT THEN HAS CONTROL OF ALL
OF YOUR DATA. THE HACKERS THEN HAVE THE ABILITY TO RUN A PROGRAM WITH ALL YOUR
RIGHTS AND PRIVILEGES. THIS ALSO MEANS THAT THEY CAN DELETE ALL OF YOUR STORED
FILES TOO.
BACK-DOOR ATTACK & FRONT-DOOR ATTACK
52. INTRUDERS
• A OUTSIDE PERSON WHO TRY TO ACCESS ORGANIZATION RESOURCES WITHOUT
PERMISSION IS KNOWN AS INTRUDER. INTRUDERS ARE EXTREMELY PATIENT PERSONS.
THEY ALWAYS TRY TO FIND OUT A WEAK POINT OF SYSTEM SECURITY TO GAIN ACCESS TO
SYSTEM.
• INTRUDERS ARE EXTREMELY PATIENCE SINCE THE PROCESS TO GAIN ACCESS REQUIRES
PERSISTENCE AND DETERMINATION
• IF FIRST ATTACK GETS FAIL THEY TRY IN DIFFERENT ANGLE (SEARCH FOR ANOTHER
POSSIBLE VULNERABILITY)
• SECOND ATTACK MAY BE BLOCKED/FAIL, THEY TRY FOR THIRD AND SO ON TILL THEY GET
VULNERABILITY OR ACCESS
• THERE ARE THREE CATEGORIES OF INTRUDERS.
1) NOT TECHNICALLY EXPERT TO WRITE VULNERABLE SCRIPTS.
2) CAPABLE OF WRITING SCRIPTS TO EXPLOIT EXISTING VULNERABILITY.
3) CAPABLE WRITING SCRIPTS TO EXPLOIT EXISTING VULNERABILITY AND ALSO CAPABLE
TO FIND OUT NEW VULNERABILITIES.
53. TYPES/CLASSES OF INTRUDERS
THREE CLASSES OF INTRUDERS: –
MASQUERADER:
AN INDIVIDUAL WHO IS NOT AUTHORIZED TO USE THE COMPUTER AND WHO
PENETRATES A SYSTEM’S ACCESS CONTROLS TO EXPLOIT A LEGITIMATE USER’S
ACCOUNT
MISFEASOR:
A LEGITIMATE USER WHO ACCESSES DATA, PROGRAMS, OR RESOURCES FOR
WHICH SUCH ACCESS IS NOT AUTHORIZED, OR WHO IS AUTHORIZED FOR SUCH
ACCESS BUT MISUSES HIS OR HER PRIVILEGES
CLANDESTINE USER:
AN INDIVIDUAL WHO SEIZES SUPERVISORY CONTROL OF THE SYSTEM AND USES
THIS CONTROL TO EVADE AUDITING AND ACCESS CONTROLS OR TO SUPPRESS
AUDIT COLLECTION
54. INSIDERS
AN INSIDER THREAT IS A MALICIOUS THREAT TO AN ORGANIZATION THAT COMES FROM
PEOPLE WITHIN THE ORGANIZATION, SUCH AS EMPLOYEES, FORMER EMPLOYEES,
CONTRACTORS OR BUSINESS ASSOCIATES, WHO HAVE INSIDE INFORMATION.
INSIDERS ARE AUTHORIZED USERS WHO TRY TO ACCESS SYSTEM OR NETWORK FOR WHICH
HE IS UNAUTHORIZED.
MORE DANGEROUS THAN OUTSIDE INTRUDERS
MOST DIFFICULT TO DETECT AND PREVENT
HAVE ACCESS AND KNOWLEDGE TO CAUSE IMMEDIATE DAMAGE TO AN ORGANIZATION.
HAVE KNOWLEDGE OF THE SECURITY SYSTEMS IN PLACE AND WILL BE BETTER ABLE TO
AVOID DETECTION.
EMPLOYEES ARE NOT THE ONLY INSIDERS BUT THERE ARE OTHER PEOPLE WHO HAVE
ACCESS LIKE CONTRACTORS OR PARTNERS.
THERE IS NO SECURITY MECHANISM TO PROTECT SYSTEM FROM INSIDERS. SO THEY CAN
HAVE ALL THE ACCESS TO CARRY OUT CRIMINAL ACTIVITY LIKE FRAUD
55. PREVENTING INSIDER ATTACKER
FOR PREVENTING INSIDER ATTACKER
• ENFORCE LEAST PRIVILEGE, ALLOW ACCESS TO RESOURCES THAT EMPLOYEE NEED TO
DO THEIR JOB
• SET LOGS TO SEE WHAT USERS ACCESS AND WHAT COMMANDS THEY ARE ENTERING.
• PROTECT SENSITIVE RESOURCES WITH STRONG AUTHENTICATION
• UPON TERMINATION, DELETE EMPLOYEES COMPUTER AND NETWORK ACCESS.