SlideShare a Scribd company logo

CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx

Download as PPTX, PDF
S
sangeeta borde

This presentation will be helpful for the PG students.To study Cyber Security Subject Module No-1

Education
1 of 23
Ch.2 Introduction to Information Security By- Prof.Sangeeta M.Borde Assistant Professor Science & Computer Science Department
Basic Security Concepts: • Three basic security concepts important to information on the internet are – 1. Confidentiality 2. Integrity 3. Availability. Concepts relating to the people who use that information are authentication, authorization, and nonrepudiation.
Important Terms: • When information is read or copied by someone not authorized to do so, the result is known as a loss of confidentiality. • Information can be corrupted when it is available on an insecure network. When information is modified in unexpected ways, the result is known as a loss of integrity. • Information can be erased or become inaccessible, resulting in loss of availability. This means that people who are authorized to get information cannot get what they need.
Authentication and Authorization • Authentication and authorization go hand in hand. • Authentication and authorization are the two words used in the security world. • They might sound similar but are completely different from each other. • Authentication is used to authenticate someone's identity, whereas authorization is a way to provide permission to someone to access a particular resource. • These are the two basic security terms and hence need to be understood thoroughly. In this topic, we will discuss what authentication and authorization are and how they are differentiated from each other.
Security Attacks: What is a Security attack? • Security attacks jeopardize the system's security. • These are the unauthorized or illegal actions that are taken against the government, corporate, or private IT assets in order to destroy, modify, or steal sensitive data. They are further classified into active and passive attacks, in which the attacker gets unlawful access to the system's resources. • Interruption • Interceptor • Modification • Fabrication • Viruses
SECURITY ATTACKS :
Types of Attacks: • Passive Attacks Definition: A passive attack attempts to learn or make use of information from the system but does not affect system resources. • Active Attacks Definition: Modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service: • masquerade of one entity as some other • replay previous messages (as shown above in Stallings Figure 1.3b) • modify/alter (part of) messages in transit to produce an unauthorized effect • denial of service - prevents or inhibits the normal use or management of communications facilities • Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success.
Passive attack: • Detecting a passive attack is very difficult and impossible in many cases because it does not involve data alteration in any way. However, you can implement protective measures to stop it, including: 1.Using encryption techniques to scramble messages, making them unreadable for any unintended recipients. Two types of encryption can be implemented in this case: 1. Symmetric keys (same key on both ends)—we still have a problem exchanging the secret key secretly. 2. Public-key encryption where each party (whether it is a user, program or system) involved in the communication has two keys, one public and one private that must be kept secret. An example of this type is using SSL/TLS certificates(HTTPS) that are used to ensure the validity of machine identities between a web server and someone’s browser. 2.Avoid posting sensitive information publicly (e.g. private and company information) that can be used by outside hackers to invade your private network.
Passive Attacks: The two most common use cases of passive attacks are: 1.Traffic analysis: In this type, an attacker monitors communication channels to collect a range of information, including human and machine identities, locations of these identities and types of encryption used, if applicable. 2.Release of message contents: In this type, an attacker will monitor an unprotected communication medium—like unencrypted email or telephone call—and intercept it for sensitive information.
passive attacks • In passive attacks, the attacker observes the messages, then copies and saves them and can use them for malicious purposes. The attacker does not try to change the information or content he/she gathered. Although passive attacks do not harm the system, they can be a danger to the confidentiality of the message. • Unlike active attacks, in passive attacks, victims do not get informed about the attack. It is difficult to detect as there is no alteration in the message. Passive attacks can be prevented by using some encryption techniques. We can try the below-listed measures to prevent these attacks - • We should avoid posting sensitive information or personal information online. Attackers can use this information to hack your network. • We should use the encryption method for the messages and make the messages unreadable for any unintended intruder.
Active Attacks:
Active attacks: • In active attacks, the attacker intercepts the connection and efforts to modify the message's content. It is dangerous for integrity and availability of the message. Active attacks involve Masquerade, Modification of message, Repudiation, Replay, and Denial of service. The system resources can be changed due to active attacks. So, the damage done with active attacks can be harmful to the system and its resources. • In active attacks, the victim gets notified about the attack. The implication of an active attack is typically difficult and requires more effort. Active attacks can be prevented by using some techniques. We can try the below- listed measures to prevent these attacks - • Use of a one-time password helps in the authentication of the transactions between two parties. • There could be a generation of the random session key that will be valid for a single transaction. It should prevent the malicious user from retransmitting the actual information once the session ends
The most common types of active attacks are: • Masquerade attacks. Cybercriminals use a manipulated, spoofed or stolen identity to gain unauthorized access to systems, or authorization to conduct certain privileged actions. They may use identifiers, such as device, digital signature, network address or certificate to impersonate legitimate access identification. • Modification of message attacks. Cybercriminals take advantage of security weaknesses in email protocols to inject malicious content into the email message. They may modify some portion of a message, such as the packet header address, to delay, reorder or direct a message to a different destination. • Repudiation attacks. Cybercriminals attempt to change the authoring information of malicious actions by logging the wrong data in log files. They use this to deny or repudiate actions that they have taken, such as making a transaction or sending a message. • Replay attacks. Cybercriminals eavesdrop on a secure network communication, intercept it and resend it under the cloak of authentic messages. They capture this transmitted authentication or access control information to gain unauthorized access. • Denial of service attacks. Cybercriminals make a system or network unavailable to its intended users by overwhelming it with traffic or requests that consume resources. They prevent legitimate users from accessing information systems, devices, or other network resources.
Difference between Passive & Active Attacks On the basis of Active attack Passive attack Definition In active attacks, the attacker intercepts the connection and efforts to modify the message's content. In passive attacks, the attacker observes the messages, then copy and save them and can use it for malicious purposes. Modification In an active attack, the attacker modifies the actual information. In passive attacks, information remains unchanged. Victim In active attacks, the victim gets notified about the attack. Unlike active attacks, in passive attacks, victims do not get informed about the attack. System's impact The damage done with active attacks can be harmful to the system and its resources. The passive attacks do not harm the system. System resources In active attacks, the system resources can be changed. In passive attacks, the system resources remain unchanged. Dangerous for They are dangerous for the integrity and availability of the message. They can be dangerous for confidentiality of the message. Emphasis on In active attacks, attention is on detection. In active attacks, attention is on prevention. Types Active attacks involve Masquerade, Modification of message, Repudiation, Replay, and Denial of service. It involves traffic analysis, the release of a message. Prevention Active attacks are tough to restrict from entering systems or networks. Unlike active attacks, passive attacks are easy to prohibit. Highly complex Lower complexity
E-Commerce: Security •E-Commerce Challenges • Trusting others electronically • Trusting the medium • Public-key infrastructure (PKI) • The Certificate Authority. • Security threats – the real threats and the perceptions • Network connectivity and availability issues • Global economic issues
What is Computer Forensics? • The process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable.‖ (McKemmish, 1999) What will Computer Forensics do? Computer forensics, innovators of image copying technology, defined the principles of the science of computer forensics and formalized an approved and accepted methodology to COLLECT, ANALYSE, and PRESENT suspect data to a Court of Law.
Characteristics of Computer Forensics:
Some areas of Computer Forensics o Image Capture - The Imaging process is fundamental to any computer investigation. o Image Processing - The processing software consists of two modules, GenX and GenText, running automatically to index and extract text from all areas of the target image. • Investigation - Once the processing has taken place full searches of all areas of the disk take only seconds.
Steganography • Steganography is the practice of concealing information within another message or physical object to avoid detection. • A steganography technique involves hiding sensitive information within an ordinary, non-secret file or message so that it will not be detected. • The sensitive information will then be extracted from the ordinary file or message at its destination, thus avoiding detection. Steganography is an additional step that can be used in conjunction with encryption in order to conceal or protect data.
Steganography Examples Include • Writing with invisible ink • Embedding text in a picture (like an artist hiding their initials in a painting they’ve done) • Backward masking a message in an audio file (remember those stories of evil messages recorded backward on rock and roll records?) • Concealing information in either metadata or within a file header • Hiding an image in a video, viewable only if the video is played at a particular frame rate • Embedding a secret message in either the green, blue, or red channels of an RRB image • Steganography can be used both for constructive and destructive purposes. For example, education and business institutions, intelligence agencies, the military, and certified ethical hackers use steganography to embed confidential messages and information in plain sight.
APPLICATIONS  Intellectual Property theft  Industrial espionage  Employment disputes  Fraud investigations  Misuse of the Internet and email in the workplace  Forgeries related matters  Bankruptcy investigations  Issues concerned the regulatory compliance ADVANTAGES & DISADVANTAGES
RESEARCH AREAS IN CYBER SECURITY • THE ROLE GOV. IN CYBER SECURITY: POLICIES & REGULATIONS • IMPORTANCE OF USER EDUCATION & AWARENESS IN CS • LEGAL IMPLICATIONS IN CS • THE ROLE OF MACHINE LEARNING IN CS • THE EFFECTIVENESS OF DIFFERENT CS MEASURES & THEIR COST EFFECTIVENESS. • THE IMPACT OF INTERNET OF THINGS ON CS • CS IN HEALTHCARE INDUSTRIES:CHALLENGES & SOLUTIONS
THANK YOU

Recommended

Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introductionDr.Florence Dayana
 
Chapter-I introduction
Chapter-I introductionChapter-I introduction
Chapter-I introductionDr.Florence Dayana
 
cryptography introduction.pptx
cryptography introduction.pptxcryptography introduction.pptx
cryptography introduction.pptxBisharSuleiman
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementBhadra Gowdra
 
typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdfsurajthakur474818
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Types of Cyber Security Attacks- Active & Passive Attak
Types of Cyber Security Attacks- Active & Passive AttakTypes of Cyber Security Attacks- Active & Passive Attak
Types of Cyber Security Attacks- Active & Passive AttakSouma Maiti
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurvkarthi314
 

Recommended

Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introductionDr.Florence Dayana
 
Chapter-I introduction
Chapter-I introductionChapter-I introduction
Chapter-I introductionDr.Florence Dayana
 
cryptography introduction.pptx
cryptography introduction.pptxcryptography introduction.pptx
cryptography introduction.pptxBisharSuleiman
 
Information Security Management
Information Security ManagementInformation Security Management
Information Security ManagementBhadra Gowdra
 
typesofattacks-180418113629.pdf
typesofattacks-180418113629.pdftypesofattacks-180418113629.pdf
typesofattacks-180418113629.pdfsurajthakur474818
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Types of Cyber Security Attacks- Active & Passive Attak
Types of Cyber Security Attacks- Active & Passive AttakTypes of Cyber Security Attacks- Active & Passive Attak
Types of Cyber Security Attacks- Active & Passive AttakSouma Maiti
 
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurS.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavur
S.Karthika,II-M.sc(Computer Science),Bon Secours college for women,thanjavurvkarthi314
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
IT.pptx
IT.pptxIT.pptx
IT.pptxRaaviKapoor
 
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...karthikasivakumar3
 
cryptographic security
cryptographic securitycryptographic security
cryptographic securityPriyamvada Singh
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityAparnaSunil24
 
1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a review1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a reviewINFOGAIN PUBLICATION
 
Lec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesLec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesBilalMehmood44
 
Unit 1
Unit 1Unit 1
Unit 1Vinod Kumar Gorrepati
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyUmangThakkar26
 
Understanding Network Attacks and Session Hijacking.pdf
Understanding Network Attacks and Session Hijacking.pdfUnderstanding Network Attacks and Session Hijacking.pdf
Understanding Network Attacks and Session Hijacking.pdfUzairAhmad435046
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdfdeepakbharathi16
 
Cryptography Network Security Introduction
Cryptography Network Security IntroductionCryptography Network Security Introduction
Cryptography Network Security IntroductionAlwyn Rajiv
 
Lec 01.pdf
Lec 01.pdfLec 01.pdf
Lec 01.pdfMohammedElkayesh
 
DataCommunication Network - Unit 5.pdf
DataCommunication Network - Unit 5.pdfDataCommunication Network - Unit 5.pdf
DataCommunication Network - Unit 5.pdfkrishnapriya673257
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itlavakumar Thatisetti
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
SEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxSEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxGauravWankar2
 
System Security enviroment in operating system
System Security enviroment in operating system System Security enviroment in operating system
System Security enviroment in operating system Kushagr sharma
 
Advance C Programming UNIT 4-FILE HANDLING IN C.pdf
Advance C Programming UNIT 4-FILE HANDLING IN C.pdfAdvance C Programming UNIT 4-FILE HANDLING IN C.pdf
Advance C Programming UNIT 4-FILE HANDLING IN C.pdfsangeeta borde
 
FYBSC(CS)_UNIT-1_Pointers in C.pptx
FYBSC(CS)_UNIT-1_Pointers in C.pptxFYBSC(CS)_UNIT-1_Pointers in C.pptx
FYBSC(CS)_UNIT-1_Pointers in C.pptxsangeeta borde
 

More Related Content

Similar to CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx

information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...karthikasivakumar3
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityAparnaSunil24
 
1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a review1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a reviewINFOGAIN PUBLICATION
 
Lec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesLec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesBilalMehmood44
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyUmangThakkar26
 
Understanding Network Attacks and Session Hijacking.pdf
Understanding Network Attacks and Session Hijacking.pdfUnderstanding Network Attacks and Session Hijacking.pdf
Understanding Network Attacks and Session Hijacking.pdfUzairAhmad435046
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdfdeepakbharathi16
 
Cryptography Network Security Introduction
Cryptography Network Security IntroductionCryptography Network Security Introduction
Cryptography Network Security IntroductionAlwyn Rajiv
 
DataCommunication Network - Unit 5.pdf
DataCommunication Network - Unit 5.pdfDataCommunication Network - Unit 5.pdf
DataCommunication Network - Unit 5.pdfkrishnapriya673257
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itlavakumar Thatisetti
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
SEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxSEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxGauravWankar2
 
System Security enviroment in operating system
System Security enviroment in operating system System Security enviroment in operating system
System Security enviroment in operating system Kushagr sharma
 

Similar to CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx (20)

information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
IT.pptx
IT.pptxIT.pptx
IT.pptx
 
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...
Network security-S.Karthika II-M.Sc computer science,Bon Securous college for...
 
cryptographic security
cryptographic securitycryptographic security
cryptographic security
 
Module-1.ppt cryptography and network security
Module-1.ppt cryptography and network securityModule-1.ppt cryptography and network security
Module-1.ppt cryptography and network security
 
1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a review1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a review
 
Lec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devicesLec 2- Hardening and whitelisting of devices
Lec 2- Hardening and whitelisting of devices
 
Unit 1
Unit 1Unit 1
Unit 1
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Understanding Network Attacks and Session Hijacking.pdf
Understanding Network Attacks and Session Hijacking.pdfUnderstanding Network Attacks and Session Hijacking.pdf
Understanding Network Attacks and Session Hijacking.pdf
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Data information and security unit 1.pdf
Data information and security unit 1.pdfData information and security unit 1.pdf
Data information and security unit 1.pdf
 
Cryptography Network Security Introduction
Cryptography Network Security IntroductionCryptography Network Security Introduction
Cryptography Network Security Introduction
 
Lec 01.pdf
Lec 01.pdfLec 01.pdf
Lec 01.pdf
 
DataCommunication Network - Unit 5.pdf
DataCommunication Network - Unit 5.pdfDataCommunication Network - Unit 5.pdf
DataCommunication Network - Unit 5.pdf
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
SEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxSEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptx
 
System Security enviroment in operating system
System Security enviroment in operating system System Security enviroment in operating system
System Security enviroment in operating system
 

More from sangeeta borde

Advance C Programming UNIT 4-FILE HANDLING IN C.pdf
Advance C Programming UNIT 4-FILE HANDLING IN C.pdfAdvance C Programming UNIT 4-FILE HANDLING IN C.pdf
Advance C Programming UNIT 4-FILE HANDLING IN C.pdfsangeeta borde
 
FYBSC(CS)_UNIT-1_Pointers in C.pptx
FYBSC(CS)_UNIT-1_Pointers in C.pptxFYBSC(CS)_UNIT-1_Pointers in C.pptx
FYBSC(CS)_UNIT-1_Pointers in C.pptxsangeeta borde
 
UNIT-5_Array in c_part1.pptx
UNIT-5_Array in c_part1.pptxUNIT-5_Array in c_part1.pptx
UNIT-5_Array in c_part1.pptxsangeeta borde
 
CH.4FUNCTIONS IN C (1).pptx
CH.4FUNCTIONS IN C (1).pptxCH.4FUNCTIONS IN C (1).pptx
CH.4FUNCTIONS IN C (1).pptxsangeeta borde
 
3. Test Scenarios & Test Cases with Excel Sheet Format (1).pdf
3. Test Scenarios & Test Cases with Excel Sheet Format (1).pdf3. Test Scenarios & Test Cases with Excel Sheet Format (1).pdf
3. Test Scenarios & Test Cases with Excel Sheet Format (1).pdfsangeeta borde
 
2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx
2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx
2022-23TYBSC(CS)-Python Prog._Chapter-1.pptxsangeeta borde
 
2022-23TYBSC(CS)-PYTHON_PROG_ControlStructure.pptx
2022-23TYBSC(CS)-PYTHON_PROG_ControlStructure.pptx2022-23TYBSC(CS)-PYTHON_PROG_ControlStructure.pptx
2022-23TYBSC(CS)-PYTHON_PROG_ControlStructure.pptxsangeeta borde
 

More from sangeeta borde (7)

Advance C Programming UNIT 4-FILE HANDLING IN C.pdf
Advance C Programming UNIT 4-FILE HANDLING IN C.pdfAdvance C Programming UNIT 4-FILE HANDLING IN C.pdf
Advance C Programming UNIT 4-FILE HANDLING IN C.pdf
 
FYBSC(CS)_UNIT-1_Pointers in C.pptx
FYBSC(CS)_UNIT-1_Pointers in C.pptxFYBSC(CS)_UNIT-1_Pointers in C.pptx
FYBSC(CS)_UNIT-1_Pointers in C.pptx
 
UNIT-5_Array in c_part1.pptx
UNIT-5_Array in c_part1.pptxUNIT-5_Array in c_part1.pptx
UNIT-5_Array in c_part1.pptx
 
CH.4FUNCTIONS IN C (1).pptx
CH.4FUNCTIONS IN C (1).pptxCH.4FUNCTIONS IN C (1).pptx
CH.4FUNCTIONS IN C (1).pptx
 
3. Test Scenarios & Test Cases with Excel Sheet Format (1).pdf
3. Test Scenarios & Test Cases with Excel Sheet Format (1).pdf3. Test Scenarios & Test Cases with Excel Sheet Format (1).pdf
3. Test Scenarios & Test Cases with Excel Sheet Format (1).pdf
 
2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx
2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx
2022-23TYBSC(CS)-Python Prog._Chapter-1.pptx
 
2022-23TYBSC(CS)-PYTHON_PROG_ControlStructure.pptx
2022-23TYBSC(CS)-PYTHON_PROG_ControlStructure.pptx2022-23TYBSC(CS)-PYTHON_PROG_ControlStructure.pptx
2022-23TYBSC(CS)-PYTHON_PROG_ControlStructure.pptx
 

Recently uploaded

Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 

Recently uploaded (20)

Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 

CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx

  • 1. Ch.2 Introduction to Information Security By- Prof.Sangeeta M.Borde Assistant Professor Science & Computer Science Department
  • 2. Basic Security Concepts: • Three basic security concepts important to information on the internet are – 1. Confidentiality 2. Integrity 3. Availability. Concepts relating to the people who use that information are authentication, authorization, and nonrepudiation.
  • 3. Important Terms: • When information is read or copied by someone not authorized to do so, the result is known as a loss of confidentiality. • Information can be corrupted when it is available on an insecure network. When information is modified in unexpected ways, the result is known as a loss of integrity. • Information can be erased or become inaccessible, resulting in loss of availability. This means that people who are authorized to get information cannot get what they need.
  • 4. Authentication and Authorization • Authentication and authorization go hand in hand. • Authentication and authorization are the two words used in the security world. • They might sound similar but are completely different from each other. • Authentication is used to authenticate someone's identity, whereas authorization is a way to provide permission to someone to access a particular resource. • These are the two basic security terms and hence need to be understood thoroughly. In this topic, we will discuss what authentication and authorization are and how they are differentiated from each other.
  • 5. Security Attacks: What is a Security attack? • Security attacks jeopardize the system's security. • These are the unauthorized or illegal actions that are taken against the government, corporate, or private IT assets in order to destroy, modify, or steal sensitive data. They are further classified into active and passive attacks, in which the attacker gets unlawful access to the system's resources. • Interruption • Interceptor • Modification • Fabrication • Viruses
  • 7. Types of Attacks: • Passive Attacks Definition: A passive attack attempts to learn or make use of information from the system but does not affect system resources. • Active Attacks Definition: Modification of the data stream or the creation of a false stream and can be subdivided into four categories: masquerade, replay, modification of messages, and denial of service: • masquerade of one entity as some other • replay previous messages (as shown above in Stallings Figure 1.3b) • modify/alter (part of) messages in transit to produce an unauthorized effect • denial of service - prevents or inhibits the normal use or management of communications facilities • Active attacks present the opposite characteristics of passive attacks. Whereas passive attacks are difficult to detect, measures are available to prevent their success.
  • 8. Passive attack: • Detecting a passive attack is very difficult and impossible in many cases because it does not involve data alteration in any way. However, you can implement protective measures to stop it, including: 1.Using encryption techniques to scramble messages, making them unreadable for any unintended recipients. Two types of encryption can be implemented in this case: 1. Symmetric keys (same key on both ends)—we still have a problem exchanging the secret key secretly. 2. Public-key encryption where each party (whether it is a user, program or system) involved in the communication has two keys, one public and one private that must be kept secret. An example of this type is using SSL/TLS certificates(HTTPS) that are used to ensure the validity of machine identities between a web server and someone’s browser. 2.Avoid posting sensitive information publicly (e.g. private and company information) that can be used by outside hackers to invade your private network.
  • 9. Passive Attacks: The two most common use cases of passive attacks are: 1.Traffic analysis: In this type, an attacker monitors communication channels to collect a range of information, including human and machine identities, locations of these identities and types of encryption used, if applicable. 2.Release of message contents: In this type, an attacker will monitor an unprotected communication medium—like unencrypted email or telephone call—and intercept it for sensitive information.
  • 10. passive attacks • In passive attacks, the attacker observes the messages, then copies and saves them and can use them for malicious purposes. The attacker does not try to change the information or content he/she gathered. Although passive attacks do not harm the system, they can be a danger to the confidentiality of the message. • Unlike active attacks, in passive attacks, victims do not get informed about the attack. It is difficult to detect as there is no alteration in the message. Passive attacks can be prevented by using some encryption techniques. We can try the below-listed measures to prevent these attacks - • We should avoid posting sensitive information or personal information online. Attackers can use this information to hack your network. • We should use the encryption method for the messages and make the messages unreadable for any unintended intruder.
  • 12. Active attacks: • In active attacks, the attacker intercepts the connection and efforts to modify the message's content. It is dangerous for integrity and availability of the message. Active attacks involve Masquerade, Modification of message, Repudiation, Replay, and Denial of service. The system resources can be changed due to active attacks. So, the damage done with active attacks can be harmful to the system and its resources. • In active attacks, the victim gets notified about the attack. The implication of an active attack is typically difficult and requires more effort. Active attacks can be prevented by using some techniques. We can try the below- listed measures to prevent these attacks - • Use of a one-time password helps in the authentication of the transactions between two parties. • There could be a generation of the random session key that will be valid for a single transaction. It should prevent the malicious user from retransmitting the actual information once the session ends
  • 13. The most common types of active attacks are: • Masquerade attacks. Cybercriminals use a manipulated, spoofed or stolen identity to gain unauthorized access to systems, or authorization to conduct certain privileged actions. They may use identifiers, such as device, digital signature, network address or certificate to impersonate legitimate access identification. • Modification of message attacks. Cybercriminals take advantage of security weaknesses in email protocols to inject malicious content into the email message. They may modify some portion of a message, such as the packet header address, to delay, reorder or direct a message to a different destination. • Repudiation attacks. Cybercriminals attempt to change the authoring information of malicious actions by logging the wrong data in log files. They use this to deny or repudiate actions that they have taken, such as making a transaction or sending a message. • Replay attacks. Cybercriminals eavesdrop on a secure network communication, intercept it and resend it under the cloak of authentic messages. They capture this transmitted authentication or access control information to gain unauthorized access. • Denial of service attacks. Cybercriminals make a system or network unavailable to its intended users by overwhelming it with traffic or requests that consume resources. They prevent legitimate users from accessing information systems, devices, or other network resources.
  • 14. Difference between Passive & Active Attacks On the basis of Active attack Passive attack Definition In active attacks, the attacker intercepts the connection and efforts to modify the message's content. In passive attacks, the attacker observes the messages, then copy and save them and can use it for malicious purposes. Modification In an active attack, the attacker modifies the actual information. In passive attacks, information remains unchanged. Victim In active attacks, the victim gets notified about the attack. Unlike active attacks, in passive attacks, victims do not get informed about the attack. System's impact The damage done with active attacks can be harmful to the system and its resources. The passive attacks do not harm the system. System resources In active attacks, the system resources can be changed. In passive attacks, the system resources remain unchanged. Dangerous for They are dangerous for the integrity and availability of the message. They can be dangerous for confidentiality of the message. Emphasis on In active attacks, attention is on detection. In active attacks, attention is on prevention. Types Active attacks involve Masquerade, Modification of message, Repudiation, Replay, and Denial of service. It involves traffic analysis, the release of a message. Prevention Active attacks are tough to restrict from entering systems or networks. Unlike active attacks, passive attacks are easy to prohibit. Highly complex Lower complexity
  • 15. E-Commerce: Security •E-Commerce Challenges • Trusting others electronically • Trusting the medium • Public-key infrastructure (PKI) • The Certificate Authority. • Security threats – the real threats and the perceptions • Network connectivity and availability issues • Global economic issues
  • 16. What is Computer Forensics? • The process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable.‖ (McKemmish, 1999) What will Computer Forensics do? Computer forensics, innovators of image copying technology, defined the principles of the science of computer forensics and formalized an approved and accepted methodology to COLLECT, ANALYSE, and PRESENT suspect data to a Court of Law.
  • 18. Some areas of Computer Forensics o Image Capture - The Imaging process is fundamental to any computer investigation. o Image Processing - The processing software consists of two modules, GenX and GenText, running automatically to index and extract text from all areas of the target image. • Investigation - Once the processing has taken place full searches of all areas of the disk take only seconds.
  • 19. Steganography • Steganography is the practice of concealing information within another message or physical object to avoid detection. • A steganography technique involves hiding sensitive information within an ordinary, non-secret file or message so that it will not be detected. • The sensitive information will then be extracted from the ordinary file or message at its destination, thus avoiding detection. Steganography is an additional step that can be used in conjunction with encryption in order to conceal or protect data.
  • 20. Steganography Examples Include • Writing with invisible ink • Embedding text in a picture (like an artist hiding their initials in a painting they’ve done) • Backward masking a message in an audio file (remember those stories of evil messages recorded backward on rock and roll records?) • Concealing information in either metadata or within a file header • Hiding an image in a video, viewable only if the video is played at a particular frame rate • Embedding a secret message in either the green, blue, or red channels of an RRB image • Steganography can be used both for constructive and destructive purposes. For example, education and business institutions, intelligence agencies, the military, and certified ethical hackers use steganography to embed confidential messages and information in plain sight.
  • 21. APPLICATIONS  Intellectual Property theft  Industrial espionage  Employment disputes  Fraud investigations  Misuse of the Internet and email in the workplace  Forgeries related matters  Bankruptcy investigations  Issues concerned the regulatory compliance ADVANTAGES & DISADVANTAGES
  • 22. RESEARCH AREAS IN CYBER SECURITY • THE ROLE GOV. IN CYBER SECURITY: POLICIES & REGULATIONS • IMPORTANCE OF USER EDUCATION & AWARENESS IN CS • LEGAL IMPLICATIONS IN CS • THE ROLE OF MACHINE LEARNING IN CS • THE EFFECTIVENESS OF DIFFERENT CS MEASURES & THEIR COST EFFECTIVENESS. • THE IMPACT OF INTERNET OF THINGS ON CS • CS IN HEALTHCARE INDUSTRIES:CHALLENGES & SOLUTIONS