Meaning of the word CYBER :- Combining form relating to information technology, the Internet, and virtual reality.<br />Because of the increased reliance on powerful, networked computers to help run businesses and keep track of our personal information, industries have been formed around the practice of network and computer security.<br />Computer security is a general term that covers a wide area of computing and information processing. Industries that depend on computer systems and networks to conduct daily business transactions and access crucial information regard their data as an important part of their overall assets. Maintain the security of each Cyber field is must today, because today 95% of hi-tech security systems are runs on completely computer controlled environment. But today 75-80% of PC users and 50% of commercial organisations are not aware on it. That is the important of my seminar on this Cyber audience.<br />To implement Security to our Cyber field, we must use some Software and Infrastructure Tools and Management systems on the organization. And that is the main aim of this seminar. Everything is briefly described on it, to understand even the beginners or basic PC users. <br />
Popular Attacking Elements & Methods<br />Virus<br />Phishing<br />Bots<br />Hackers<br />Malware<br />Password Cracking<br />Social Engineering<br />Spyware<br />
Virus<br />A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.<br />
System related issues</li></ul>Solution<br />Use an effective trusted Anti-Virus Software, which include features like anti-spam, anti-rootkit, URL filtering, heuristic scanning, frequent online updates.<br />And also these programs must be light weight and user friendly as much as possible, to reduce the amount of resource usage and thereby increase the overall system performance. <br />
Phishing<br />In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT Administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake.<br />
Issues of Concern<br /><ul><li>Loss of Confidential Data and Information
Violation over Intellectual Property and terms
Cause massive loss for large organizations and enterprises
Mislead a large user community on Internet </li></ul>Solution<br /><ul><li>Don’t configure your system or applications with unknown proxy server settings.
Don’t click unknown links in trustless websites.
Use a good Firewall software available in the market.
Don’t download unknown files from strange users over the internet.
Aware people about phishing and warn about suspicious websites.
And strictly use trusted services in internet and application field of your computing.</li></li></ul><li>Hackers<br />In common usage, a hacker is a person who breaks into computers, usually by gaining access to administrative controls. The subculture that has evolved around hackers is often referred to as the computer underground. Proponents claim to be motivated by artistic and political ends, and are often unconcerned about the use of illegal means to achieve them. <br />Other uses of the word hacker exist that are not related to computer security (computer programmer and home computer hobbyists), but these are rarely used by the mainstream media.<br />
Types of Hackers<br />White Hat Hacker<br />Grey Hat Hacker<br />Black Hat Hacker<br />Script Kiddie<br />Hacktivist<br />
Malware<br />Malware, short for malicious software, is software designed to infiltrate or damage a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.<br />
Password Cracking<br />Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. The purpose of password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk, but involves system administration privileges), to gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crackable passwords. On a file-by file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file's access is restricted.<br />
Social Engineering<br />This article is about manipulation of individuals. For social engineering in terms of influencing popular behaviour, see Social engineering (political science).<br />Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access; in most cases the attacker never comes face-to-face with the victim.<br />
Spyware<br />Spyware is a type of malware that is installed surreptitiously on personal computers to collect information about users, their computer or browsing habits without their informed consent. <br />While the term spyware suggests software that secretly monitors the user's behaviour, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.<br />
Other Attacking Methods<br />DDOS or (Distributed Denial of Service Attack)A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts of a person or people to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as banks, credit card payment gateways, and even root name servers.<br />
Simple Layout of the working of DDOS Attack<br />
2. DCOM Exploit<br /> DCOM(Distributed Component Object Model) Exploitation is one of the most widely used exploiting method on Cyber world…<br />DCOM is an enhanced version of COM(Component Object Model).<br />Component Object Model (COM) is a binary-interface standard for software componentry introduced by Microsoft in 1993. It is used to enable inter-process communication and dynamic object creation in a large range of programming languages. The term COM is often used in the software development industry as an umbrella term that encompasses the OLE, OLE Automation, ActiveX, COM+ and DCOM technologies.<br />And Distributed Component Object Model (DCOM) is a proprietary Microsoft technology for communication among software components distributed across networked computers. DCOM, which originally was called "Network OLE", extends Microsoft's COM, and provides the communication substrate under Microsoft's COM+ application server infrastructure. It has been deprecated in favor of the Microsoft .NET Framework.<br />
DCOM using some other Microsoft services like RPC(Request Procedure Calling) for IRC and other Web activities through the network.<br />Attackers use and exploit this procedure vulnerabilities.. Most of the Security software are aware on it..But the threat over it still remain…<br />
How COM or DCOM systems works on the Internet<br />
Be Safe – But How?:-<br /><ul><li>Don’t run any unknown Program on your system or network.
Keep the infected computer in complete isolation to prevent the spreading of malware.
While using internet, Don’t click unknown links without any knowledge bout them even it came from your friend too. They may install spywares or keylogger to your system or steal confidential data from the system.
Use proper security tools. A good Anti-Virus Software and Firewall Software are better to protect your computer.
If you smell any suspicious activity on your system then isolate it from external media or storage to prevent spreading.
Contact a technical expert if you are a Entry-Level User.
Also scan suspicious external media before access the files on it.
Compression or encryption will keep files from virus infection.</li></li></ul><li>If you became a victim of Cyber criminal activities- Then what is your next step?<br /> <br /><ul><li>Don’t delete or destroy any data or evidence that related to the incident.
Report the Incident to your near Cyber cell Dept.
If your confidential information or banking accounts have a role in these incidents then immediately cancel all account traffic and transaction. Also cancel your Debit or Credit card temporarily.
Aware all others about it and its characteristics and possibilities of such situation.</li></li></ul><li>Conclusion<br />I hope that my presentation will be helpful for my audience to improve their knowledge about cyber security and to overcome several security loopholes on their computer operation. Also it helps to aware normal people about emerging security threats. Simple and practical prevention methods are explained in the Seminar to prevent PCs from infection.<br />