The document discusses system security and tools used to protect information resources. It covers topics like system vulnerability and abuse, as well as technologies and tools used for protection. One section summarizes a group project on this topic led by Karan Bhandari, Gurshawn Singh, and Nishad Prabhu. The document then explains why systems are vulnerable and various security threats like malicious software, hackers, spoofing, denial of service attacks, and identity theft. It concludes by describing technologies like firewalls, intrusion detection systems, anti-virus software, encryption, and ways to ensure system availability.

1. System security and tools
Subtopics covered :
1. System Vulnerability and Abuse
2. Techs. And Tools for Protecting Info Resources
Group members are:
1. Karan Bhandari(39)
2. Gurshawn Singh(35)
3. Nishad Prabhu(3)

2. Introduction
As we all know, Technology has tremendously
affected us and our way of living.
Daily Mail is now Best as E-mail, Newspapers
are on Large screens, Communication is highly
globalized and storage is within the size range
of our fingers.
But, All this does come with its drawbacks…
Viruses ! Trojans !

3. Why Systems are Vulnerable ?
A set of things working together as parts of a mechanism or
an interconnecting network.
Due to storage of electronic data, Access points are Endless
The potential for unauthorized access, abuse or fraud is high

4. Access control
To gain access a user must be authorized and
authenticated – established by using passwords
Passwords have their disadvantages
New technologies like tokens, smart cards, and
biometric authentication

5. Malicious software:
Viruses, Worms, Trojan Horses and
Spyware
Malicious software programs are referred to as
malware and include a variety of threats such as
computer viruses, worms and trojan horses.
COMPUTER VIRUS: a rogue software program.
viruses usually deliver a payload.

6. WORMS: are independent computer programs
TROJAN HORSE: appears to be benign but then does
something other than expected.
SPYWARE: install themselves on computer to monitor user
activities
KEYLOGGERS: record every keystroke made on a computer.

8. Hackers and Computer Crime
A HACKER is an individual who intends to gain
unauthorized access to a computer system.
Hacker vs. cracker
hacker activities include theft, damage and cyber
vandalism.

9. Spoofing and Sniffing
Hackers attempting to hide their true identities often
spoof, or misrepresent themselves
This is known as SPOOFING.
A SNIFFER is a type of eavesdropping program that
monitors information travelling over a network.

11. Denial of Service Attacks
In a DoS attack, hackers flood a network server or web
server with many thousands of false communications or
requests for services to crash the network
A Distributed denial-of-service (DDoS) attack uses
numerous computers from different launch points to
inundate and overwhelm the network.

12. Computer Crime
Computer crime is defined by the U.S. Department of
Justice as “any violations of criminal law that involve
a knowledge of computer technology for their
perpetrations, invesigation or prosecution.

14. Identity Theft
Identity Theft is a crime in which an imposter obtains key
pieces of personal information.
Popular tactic is a form of spoofing called PHISHING.
EVIL TWINS and PHARMING are harder to detect.

16. Click Fraud & Global Threat
CLICK FRAUD: occurs when an individual or computer
program fraudulently clicks on an online ad without any
intention of learning more about the advertiser or making
a purchase.
GLOBAL THREAT: Involves Cyber terrorism and cyber
warfare.

17. Internet Threats: Employees
Malicious intruders seeking system access sometimes
trick employees into revealing their passwords and
other information.
This practice is called SOCIAL ENGINEERING.

18. Software Vulnerability
Software poses a constant threat to information systems,
causing untold losses in productivity.
There may be presence of hidden Bugs or Program Code
Defects.
Zero defects cannot be achieved in larger programs

19. Technologies and tools for
protecting information resources
• Securing systems
• Ensuring system availability
• Ensuring software quality

20. Firewalls
Combination of hardware and software that controls traffic
Acts as a gatekeeper
There are a no. of firewall screening technologies like
-Static packet filtering
-Stateful inspection
-Network address translation(NAT)
-Application proxy filtering

21. Intrusion detection systems
Placed at the hotspots
Generates a alarm if it finds a suspicious or anomalous
event
Looks for known methods of computer attacks
Detects removal or modification of files
Examines events as they are happening

22. Anti-Virus and Anti-spyware
Checks for presence of viruses
Most softwares are effective only against known viruses
Available widely

23. Encryption
Transforming plain text or data into cipher , using an encryption key
Two methods to encrypt network traffic
- Secure socket layer
- Secure hypertext transfer protocol
Two alternate methods to encrypt
-Symmetric key encryption
-Public key encryption

24. Ensuring system availability
Ensuring system and application availability is a must
for companies eg. Airline service
Fault tolerant systems use special software to detect
harware failures and automatically switch to backup
Should not be confused with high availability
computing