Computer security threats & prevention,Its a proper introduction about computer security and threats and prevention with reference. Have info about threats and their prevention.
Computer security threats & prevention,Its a proper introduction about computer security and threats and prevention with reference. Have info about threats and their prevention.
F. Questier, Computer security, workshop for Lib@web international training program 'Management of Electronic Information and Digital Libraries', university of Antwerp, October 2015
Basic Network Attacks
The active and passive attacks can be differentiated on the basis of what are they, how they are performed and how much extent of damage they cause to the system resources. But, majorly the active attack modifies the information and causes a lot of damage to the system resources and can affect its operation. Conversely, the passive attack does not make any changes to the system resources and therefore doesn’t causes any damage.
FellowBuddy.com is an innovative platform that brings students together to share notes, exam papers, study guides, project reports and presentation for upcoming exams.
We connect Students who have an understanding of course material with Students who need help.
Benefits:-
# Students can catch up on notes they missed because of an absence.
# Underachievers can find peer developed notes that break down lecture and study material in a way that they can understand
# Students can earn better grades, save time and study effectively
Our Vision & Mission – Simplifying Students Life
Our Belief – “The great breakthrough in your life comes when you realize it, that you can learn anything you need to learn; to accomplish any goal that you have set for yourself. This means there are no limits on what you can be, have or do.”
Like Us - https://www.facebook.com/FellowBuddycom
This training creates the awareness of the security threats facing individuals, business owner’s, and corporations in today’s society and induces a’ plan-protection’ attitude. It enriches individuals, students’, business owners’ and workers’ approach to handling these threats and responding appropriately when these threats occur.
What is Information Security?
Information security means that the confidentiality, integrity and availability of information assets is maintained.
Confidentiality: This means that information is only used by people who are authorized to access it.
Integrity: It ensures that information remains intact and unaltered. Any changes to the information through malicious action, natural disaster, or even a simple innocent mistake are tracked.
Availability: This means that the information is accessible when authorized users need it.
Information Security Threats:
Most common types of information security threats are:
Theft of confidential information by hacking
System sabotage by hackers
Phishing and other social engineering attacks
Virus, spyware and malware
Social Media-the fraud threat
Theft of Confidential Information:
One of the major threat to information security is the theft of confidential data by hacking. This includes theft of employee information or theft of trade secrets and other intellectual property (IP).
Theft of Employee Information
Employee information includes credit card information, corporate credit card information, social security number , address, etc. It also includes theft of healthcare records as they contain personal information such date of birth, address, and name of relatives.
Theft of Trade Secrets and other Intellectual Property (IP)
Technology from various verticals including IT, aerospace, and telecommunications are constantly stolen by outsiders or insiders (industrial espionage). China is a growing offender as it continues to advance in technology relying on theft of international trade secrets and IP.
Piracy/copyright infringement.
Corporate business strategies including marketing strategies, product introduction strategies.
System Sabotage:
What is system sabotage?
Planting malware on networks of target organization and generating an enormous amount of transaction activity resulting in malfunction or crash of the system.
Who would perpetrate it?
System sabotage is usually committed by disgruntled ex-employees and by remote cyber-attackers for no particular reason.
The most sensational case of system sabotage: One of the recent examples is the sabotage of Sony PlayStation.
Phishing:
To obtain confidential data about individuals-customers, clients, employees or vendors that can be used to commit various types of identity fraud such as:
Opening bank accounts in victim’s name
Applying for loans in victim’s name
Applying for credit cards in victim’s name
Obtaining medical services in victims name (e-death)
Other kind of more sophisticated social engineering attacks include spear-phishing.
Spear-phishing targets specific individuals such as AP manger, controller, senior accountant to gain access to corporate bank accounts and transfer funds abroad.
Other threats include:
Smishing: Phishing via SMS (texting)
Vishing: Phishing via voice (phone)
Mobile hackin
This educational PPT provides Primary Goals of Network Security, The Security Trinity, Information Security, Risk Assessment, Security Models, Basic Security Terminologies, Threats, Vulnerabilities, and Attacks, Know Yourself - The Threat and Vulnerability Landscape, Privacy, Anonymity and Pseudo-anonymity, Security, Vulnerabilities, Threats and Adversaries, Know Your Enemy - the Current Threat and Vulnerability Landscape, Security Bugs and Vulnerabilities - The Vulnerability Landscape, Malware, viruses, rootkits and RATs
Spyware, Adware, Scareware, PUPs & Browser hijacking, Phishing, Vishing and SMShing, Spamming & Doxing, Security services, Policy, Mechanism, and Standards, and the basic principles and steps of System development. Besides, because of covering the most basic and advanced network and computer security issues, policies, and principles in easy way, it can help you to create an awareness how to use an internet and how to protect your physical as well as logical assets.
F. Questier, Computer security, workshop for Lib@web international training program 'Management of Electronic Information and Digital Libraries', university of Antwerp, October 2015
Basic Network Attacks
The active and passive attacks can be differentiated on the basis of what are they, how they are performed and how much extent of damage they cause to the system resources. But, majorly the active attack modifies the information and causes a lot of damage to the system resources and can affect its operation. Conversely, the passive attack does not make any changes to the system resources and therefore doesn’t causes any damage.
FellowBuddy.com is an innovative platform that brings students together to share notes, exam papers, study guides, project reports and presentation for upcoming exams.
We connect Students who have an understanding of course material with Students who need help.
Benefits:-
# Students can catch up on notes they missed because of an absence.
# Underachievers can find peer developed notes that break down lecture and study material in a way that they can understand
# Students can earn better grades, save time and study effectively
Our Vision & Mission – Simplifying Students Life
Our Belief – “The great breakthrough in your life comes when you realize it, that you can learn anything you need to learn; to accomplish any goal that you have set for yourself. This means there are no limits on what you can be, have or do.”
Like Us - https://www.facebook.com/FellowBuddycom
This training creates the awareness of the security threats facing individuals, business owner’s, and corporations in today’s society and induces a’ plan-protection’ attitude. It enriches individuals, students’, business owners’ and workers’ approach to handling these threats and responding appropriately when these threats occur.
What is Information Security?
Information security means that the confidentiality, integrity and availability of information assets is maintained.
Confidentiality: This means that information is only used by people who are authorized to access it.
Integrity: It ensures that information remains intact and unaltered. Any changes to the information through malicious action, natural disaster, or even a simple innocent mistake are tracked.
Availability: This means that the information is accessible when authorized users need it.
Information Security Threats:
Most common types of information security threats are:
Theft of confidential information by hacking
System sabotage by hackers
Phishing and other social engineering attacks
Virus, spyware and malware
Social Media-the fraud threat
Theft of Confidential Information:
One of the major threat to information security is the theft of confidential data by hacking. This includes theft of employee information or theft of trade secrets and other intellectual property (IP).
Theft of Employee Information
Employee information includes credit card information, corporate credit card information, social security number , address, etc. It also includes theft of healthcare records as they contain personal information such date of birth, address, and name of relatives.
Theft of Trade Secrets and other Intellectual Property (IP)
Technology from various verticals including IT, aerospace, and telecommunications are constantly stolen by outsiders or insiders (industrial espionage). China is a growing offender as it continues to advance in technology relying on theft of international trade secrets and IP.
Piracy/copyright infringement.
Corporate business strategies including marketing strategies, product introduction strategies.
System Sabotage:
What is system sabotage?
Planting malware on networks of target organization and generating an enormous amount of transaction activity resulting in malfunction or crash of the system.
Who would perpetrate it?
System sabotage is usually committed by disgruntled ex-employees and by remote cyber-attackers for no particular reason.
The most sensational case of system sabotage: One of the recent examples is the sabotage of Sony PlayStation.
Phishing:
To obtain confidential data about individuals-customers, clients, employees or vendors that can be used to commit various types of identity fraud such as:
Opening bank accounts in victim’s name
Applying for loans in victim’s name
Applying for credit cards in victim’s name
Obtaining medical services in victims name (e-death)
Other kind of more sophisticated social engineering attacks include spear-phishing.
Spear-phishing targets specific individuals such as AP manger, controller, senior accountant to gain access to corporate bank accounts and transfer funds abroad.
Other threats include:
Smishing: Phishing via SMS (texting)
Vishing: Phishing via voice (phone)
Mobile hackin
This educational PPT provides Primary Goals of Network Security, The Security Trinity, Information Security, Risk Assessment, Security Models, Basic Security Terminologies, Threats, Vulnerabilities, and Attacks, Know Yourself - The Threat and Vulnerability Landscape, Privacy, Anonymity and Pseudo-anonymity, Security, Vulnerabilities, Threats and Adversaries, Know Your Enemy - the Current Threat and Vulnerability Landscape, Security Bugs and Vulnerabilities - The Vulnerability Landscape, Malware, viruses, rootkits and RATs
Spyware, Adware, Scareware, PUPs & Browser hijacking, Phishing, Vishing and SMShing, Spamming & Doxing, Security services, Policy, Mechanism, and Standards, and the basic principles and steps of System development. Besides, because of covering the most basic and advanced network and computer security issues, policies, and principles in easy way, it can help you to create an awareness how to use an internet and how to protect your physical as well as logical assets.
2. LEARNING OUTCOMES:
At the end of this topic, students should
be able to:
Define computer security risks.
Identify types of security risks.
2
3. DEFINITION
Computer Security Risks
Definition : is any event or action that
could cause a loss of or damage to
computer hardware, software, data,
information, or processing capability.
3
5. Types of Computer Security Risks
Internet and network
Internet and network
attack
attack
Unauthorized access and use
Unauthorized access and use
Hardware theft
Hardware theft
Software theft
Software theft
Information theft
Information theft
System failure
System failure
5
6. Internet and network attacks
• Information transmitted over networks has a
higher degree of security risk than information
kept on an organization’s premises.
7. 1. Malware
1. Malware 5. Spoofing
5. Spoofing
Internet and
network attacks
2. Botnets
2. Botnets 4. Denial of service attacks
4. Denial of service attacks
7
3. Back Doors
3. Back Doors
8. Malware
Malware (malicious software) – which are program
that act without a user’s knowledge and deliberately
alter the computer operation.
Type of malware:
i. Computer viruses
ii. Worms
iii. Trojan Horses
iv. Rootkit
v. Back door
vi. Spyware
9. Malware
Symptoms Malware
•• Operating system runs much slower than usual
• Available memory is less than expected
• Files become corrupted
• Screen displays unusual message or image
• Music or unusual sound plays randomly
• Existing programs and files disappear
9
10. Malware
Symptoms Malware
• Programs or files do not work properly
• Unknown programs or files mysteriously appear
• System properties change
• Operating system does not start up
• Operating system shuts down unexpectedly
10
11. Malware
1. Worm
Definition :
Worm is a program that copies itself repeatedly,
for example in memory or on a network, using up
resources and possibly shutting down the
computer or network.
11
12. Malware
2. Computer Virus
Definition :
Computer virus is a potentially damaging computer
program that affects, or infects, a computer
negatively by altering the way the computer works
without the user’s knowledge or permission.
12
13. Malware
2. Computer Virus
it can spread throughout and may damage files
and system software, including the operating
system.
13
14. Internet and network attacks
Malware
3. Trojan horse
Definition :
Trojan horse is a program that hides within or
looks like a legitimate program. It does not
replicate itself to other computers.
14
15. Internet and network attacks
Malware
3. Trojan horse
it can spread throughout and may damage files
and system software, including the operating
system.
15
16. Internet and network attacks
Malware
4. Rootkit
Definition :
Is a program that hides in a computer and allows
someone from a remote location to take full control
of the computer.
The rootkit author can execute programs, change
settings, monitor activity, and access files on the
remote computer
16
17. Internet and network attacks
Malware
5. Spyware & Adware
Spyware is a program placed on a computer
without the users knowledge that secretly collects
information about the user.
Adware is a program that displays an online
advertisement in a banner or pop-up window on
web pages, e-mail messages or other internet
services
17
18. Botnets
Definition :
a group of compromised computers connected to a
network such as the Internet that are used as part of
a network that attacks other networks, usually for
nefarious purposes.
19. Back Door
Definition :
A program or set of instructions in a program that allow users
to bypass security controls when accessing a program,
computer, or network
20. Denial of Service Attacks
Definition :
Denial of service attacks or DoS attack, is an assault whose
purpose is to disrupt computer access to an Internet
service such as the Web or e-mail.
21. Spoofing
Definition :
A technique intruders use to make their network or
Internet transmission appear legitimate to a victim computer
or network.
22. Unauthorized Access and Use
Unauthorized access
The use of a computer or network without permission.
Unauthorized use
The use of a computer or its data for unapproved or
possibly illegal activities.
23. Hardware Theft and Vandalism
Hardware theft
Is the act of stealing computer equipment.
Hardware vandalism
The act of defacing or destroying computer
equipment.
25. Information Theft
Occurs when someone steals personal or
confidential information.
If stolen, the loss of information can cause as
much damage as (if not more than) hardware or
software theft.
26. System Failure
A system failure is the prolonged malfunction of a
computer
A variety of factors can lead to system failure,
including:
Aging hardware
Natural disasters
Electrical power problems
Noise, undervoltages, and overvoltages
Errors in computer programs