Uploaded byprimeteacher32
PPTX, PDF2,118 views

Computer and Network Security

This document discusses computer and network security. It begins by noting that computers are becoming faster, less expensive, and more networked, increasing their importance and the need for security. It then discusses different types of attackers like hackers, malware, and social engineering. It provides examples of attacks like Stuxnet and cyber espionage attributed to China. It also discusses groups like Anonymous and defensive measures like antivirus software.

Embed presentation

Downloaded 56 times
COMPUTER AND NETWORK SECURITY
7.1 INTRODUCTION • COMPUTERS GETTING FASTER AND LESS EXPENSIVE • UTILITY OF NETWORKED COMPUTERS INCREASING • SHOPPING AND BANKING • MANAGING PERSONAL INFORMATION • CONTROLLING INDUSTRIAL PROCESSES • INCREASING USE OF COMPUTERS  GROWING IMPORTANCE OF COMPUTER SECURITY
HACKERS AND ATTACKERS • ORIGINAL MEANING OF HACKER: EXPLORER, RISK TAKER, SYSTEM INNOVATOR • MIT’S TECH MODEL RAILROAD CLUB IN 1950S • MODERN MEANING OF HACKER ATTACKER: SOMEONE WHO GAINS UNAUTHORIZED ACCESS TO COMPUTERS AND COMPUTER NETWORKS
TYPES OF ATTACKS MALWARE • MALICIOUS SOFTWARE • PROGRAMS OR SCRIPTS USED TO: • INTERCEPT DATA • STEAL INFORMATION • LAUNCH OTHER ATTACKS • DAMAGE A COMPUTER • MALWARE ATTACKS OCCUR AT AN ORGANIZATION ONCE EVERY 3 MINUTES SOCIAL ENGINEERING • PSYCHOLOGICAL ATTACKING • NON-TECHNICAL METHOD OF INTRUSION THAT RELIES ON: • HUMAN INTERACTION • TRICKERY • MANIPULATION • EXPLOITING THE WEAKEST LINK IN THE CHAIN
SOCIAL ENGINEERING
AWARENESS
COMPUTER FRAUD AND ABUSE ACT • CRIMINALIZES WIDE VARIETY OF HACKER-RELATED ACTIVITIES • TRANSMITTING CODE THAT DAMAGES A COMPUTER • ACCESSING ANY INTERNET-CONNECTED COMPUTER WITHOUT AUTHORIZATION • TRANSMITTING CLASSIFIED GOVERNMENT INFORMATION • TRAFFICKING IN COMPUTER PASSWORDS • COMPUTER FRAUD • COMPUTER EXTORTION • MAXIMUM PENALTY: 20 YEARS IN PRISON AND $250,000 FINE
CASE STUDY: FIRESHEEP • OCTOBER 2010: ERIC BUTLER RELEASED FIRESHEEP EXTENSION TO FIREFOX BROWSER • FIRESHEEP MADE IT POSSIBLE FOR ORDINARY COMPUTER USERS TO EASILY SIDEJACK WEB SESSIONS • MORE THAN 500,000 DOWNLOADS IN FIRST WEEK • ATTRACTED GREAT DEAL OF MEDIA ATTENTION • EARLY 2011: FACEBOOK AND TWITTER ANNOUNCED OPTIONS TO USE THEIR SITES SECURELY 1-8
ACT UTILITARIAN ANALYSIS • RELEASE OF FIRESHEEP LED MEDIA TO FOCUS ON SECURITY PROBLEM • BENEFITS WERE HIGH: A FEW MONTHS LATER FACEBOOK AND TWITTER MADE THEIR SITES MORE SECURE • HARMS WERE MINIMAL: NO EVIDENCE THAT RELEASE OF FIRESHEEP CAUSED BIG INCREASE IN IDENTITY THEFT OR MALICIOUS PRANKS • CONCLUSION: RELEASE OF FIRESHEEP WAS GOOD
VIRTUE ETHICS ANALYSIS • BY RELEASING FIRESHEEP, BUTLER HELPED PUBLIC UNDERSTAND LACK OF SECURITY ON UNENCRYPTED WIRELESS NETWORKS • BUTLER’S STATEMENTS CHARACTERISTIC OF SOMEONE INTERESTED IN PROTECTING PRIVACY • BUTLER DEMONSTRATED COURAGE BY TAKING RESPONSIBILITY FOR THE PROGRAM • BUTLER DEMONSTRATED BENEVOLENCE BY MAKING PROGRAM FREELY AVAILABLE • HIS ACTIONS AND STATEMENTS WERE CHARACTERISTIC OF SOMEONE INTERESTED IN THE PUBLIC GOOD
KANTIAN ANALYSIS • ACCESSING SOMEONE ELSE’S USER ACCOUNT IS AN INVASION OF THEIR PRIVACY AND IS WRONG • BUTLER PROVIDED A TOOL THAT MADE IT MUCH SIMPLER FOR PEOPLE TO DO SOMETHING THAT IS WRONG, SO HE HAS SOME MORAL ACCOUNTABILITY FOR THEIR MISDEEDS • BUTLER WAS WILLING TO TOLERATE SHORT-TERM INCREASE IN PRIVACY VIOLATIONS IN HOPE THAT MEDIA PRESSURE WOULD FORCE WEB RETAILERS TO ADD SECURITY • HE TREATED VICTIMS OF FIRESHEEP AS A MEANS TO HIS END • IT WAS WRONG FOR BUTLER TO RELEASE FIRESHEEP
MALWARE • THERE IS NO STANDARDIZED CLASSIFICATION OF MALWARE BUT ONE WAY IS BY PRIMARY TRAITS. • HOW IT CIRCULATES TO OTHER NETWORKS • EMAIL, STORAGE PERIPHERALS, PHYSICAL CONNECTIONS • HOW IT INFECTS FILES/MACHINES • MEMORY, AUTO RUN SCRIPTS, EXE, PARASITE VS. SYMBIOTE • HOW IT CONCEALS ITSELF • MUTATE(DISCUSS MORE LATER) • THE CAPABILITIES OF ITS PAYLOAD • WHAT DOES IT DO? & WHY DOES IT DO IT? • THIS IS ENDLESS – STEAL PASSWORDS, DELETE FILES, CORRUPT DATA, ETC.
TYPES OF MALWARE Question Virus Worm Trojan What is it? Malicious computer code that replicates without human intervention Malicious program that uses a computer network to replicate Program that masquerades as a benign activity that delivers something malicious How does it circulate? Files Network Files User action to circulate? Transmit infected file to a secondary party None Transmit infected file to a secondary party How does it infect? When app is executed it replicates in a new file and delivers payload. Vulnerability in application When app is executed it delivers payload.
THE INTERNET WORM • ROBERT TAPPAN MORRIS, JR. • GRADUATE STUDENT AT CORNELL • RELEASED WORM ONTO INTERNET FROM MIT COMPUTER • EFFECT OF WORM • SPREAD TO SIGNIFICANT NUMBERS OF UNIX COMPUTERS • INFECTED COMPUTERS KEPT CRASHING OR BECAME UNRESPONSIVE • TOOK A DAY FOR FIXES TO BE PUBLISHED • IMPACT ON MORRIS • SUSPENDED FROM CORNELL • 3 YEARS’ PROBATION + 400 HOURS COMMUNITY SERVICE • $150,000 IN LEGAL FEES AND FINES
ETHICAL EVALUATION • KANTIAN EVALUATION • MORRIS USED OTHERS BY GAINING ACCESS TO THEIR COMPUTERS WITHOUT PERMISSION • SOCIAL CONTRACT THEORY EVALUATION • MORRIS VIOLATED PROPERTY RIGHTS OF ORGANIZATIONS • UTILITARIAN EVALUATION • BENEFITS: ORGANIZATIONS LEARNED OF SECURITY FLAWS • HARMS: TIME SPENT BY THOSE FIGHTING WORM, UNAVAILABLE COMPUTERS, DISRUPTED NETWORK TRAFFIC, MORRIS’S PUNISHMENTS • VIRTUE ETHICS EVALUATION • MORRIS SELFISHLY USED INTERNET AS EXPERIMENTAL LAB • HE DECEITFULLY RELEASED WORM FROM MIT INSTEAD OF CORNELL • HE AVOIDED TAKING RESPONSIBILITY FOR HIS ACTIONS • MORRIS WAS WRONG TO HAVE RELEASED THE INTERNET WORM
ANTIVIRUS SOFTWARE PACKAGES • ALLOW COMPUTER USERS TO DETECT AND DESTROY VIRUSES • MUST BE KEPT UP-TO-DATE TO BE MOST EFFECTIVE • MANY PEOPLE DO NOT KEEP THEIR ANTIVIRUS SOFTWARE PACKAGES UP-TO-DATE • CONSUMERS NEED TO BEWARE OF FAKE ANTIVIRUS APPLICATIONS
DEFENSIVE MEASURES • SECURITY PATCHES: CODE UPDATES TO REMOVE SECURITY VULNERABILITIES • ANTI-MALWARE TOOLS: SOFTWARE TO SCAN HARD DRIVES, DETECT FILES THAT CONTAIN VIRUSES OR SPYWARE, AND DELETE THESE FILES • FIREWALL: A SOFTWARE APPLICATION INSTALLED ON A SINGLE COMPUTER THAT CAN SELECTIVELY BLOCK NETWORK TRAFFIC TO AND FROM THAT COMPUTER
TYPES OF ATTACKERS • CYBER TERRORISTS • CYBERTERRORISM- PREMEDITATED, POLITICALLY MOTIVATED ATTACKS • DESIGNED TO: • CAUSE PANIC • PROVOKE VIOLENCE • RESULT IN FINANCIAL CATASTROPHE • CYBER CRIMINALS • INDIVIDUALS WHO LAUNCH ATTACKS AGAINST OTHER USERS AND THEIR COMPUTERS • A LOOSE NETWORK OF ATTACKERS, IDENTITY THIEVES, AND FINANCIAL FRAUDSTERS WHO ARE HIGHLY MOTIVATED, LESS RISK-AVERSE, WELL-FUNDED, AND TENACIOUS • INSTEAD OF ATTACKING A COMPUTER TO SHOW OFF THEIR TECHNOLOGY SKILLS (FAME), CYBERCRIMINALS HAVE A MORE FOCUSED GOAL OF FINANCIAL GAIN (FORTUNE): CYBERCRIMINALS STEAL INFORMATION OR LAUNCH ATTACKS TO GENERATE INCOME • ATTACKERS • A PERSON WHO USES ADVANCED COMPUTER SKILLS TO ATTACK COMPUTERS
STUXNET WORM (2009) • ATTACKED SCADA SYSTEMS RUNNING SIEMENS SOFTWARE • TARGETED FIVE INDUSTRIAL FACILITIES IN IRAN THAT WERE USING CENTRIFUGES TO ENRICH URANIUM • CAUSED TEMPORARY SHUTDOWN OF IRAN’S NUCLEAR PROGRAM • WORM MAY HAVE BEEN CREATED BY ISRAELI DEFENSE FORCES
CYBER ESPIONAGE ATTRIBUTED TO PEOPLE’S LIBERATION ARMY • HUNDREDS OF COMPUTER SECURITY BREACHES IN MORE THAN A DOZEN COUNTRIES INVESTIGATED BY MANDIANT • HUNDREDS OF TERABYTES OF DATA STOLEN • MANDIANT BLAMED UNIT 61398 OF THE PEOPLE’S LIBERATION ARMY • CHINA’S FOREIGN MINISTRY STATED THAT ACCUSATION WAS GROUNDLESS AND IRRESPONSIBLE
ANONYMOUS • ANONYMOUS: LOOSELY ORGANIZED INTERNATIONAL MOVEMENT OF HACKTIVISTS (HACKERS WITH A SOCIAL OR POLITICAL CAUSE) • VARIOUS DDOS ATTACKS ATTRIBUTED TO ANONYMOUS MEMBERS Year Victim Reason 2008 Church of Scientology Attempted suppression of Tom Cruise interview 2009 RIAA, MPAA RIAA, MPAA’s attempt to take down the Pirate Bay 2009 PayPal, VISA, MasterCard Financial organizations freezing funds flowing to Julian Assange of WikiLeaks 2012 U.S. Dept. of Justice, RIAA, MPAA U.S. Dept. of Justice action against Megaupload

More Related Content

PPTX
RASPBERRY PI
byVaishaliSrigadhi
 
PPTX
Raspberry pi
byPravesh Sahu
 
PPTX
Raspberry Pi Introduction
byMichal Sedlak
 
PPTX
Presentation on Raspberry pi
byOpenDev
 
PDF
Introduction to Raspberrypi
byIheb Ben Salem
 
PPT
Cybercrime 1
bynayakslideshare
 
PPTX
Computer security risks
byAasim Mushtaq
 
PPT
Digital Logic Circuits
bysathish sak
 
RASPBERRY PI
byVaishaliSrigadhi
 
Raspberry pi
byPravesh Sahu
 
Raspberry Pi Introduction
byMichal Sedlak
 
Presentation on Raspberry pi
byOpenDev
 
Introduction to Raspberrypi
byIheb Ben Salem
 
Cybercrime 1
bynayakslideshare
 
Computer security risks
byAasim Mushtaq
 
Digital Logic Circuits
bysathish sak
 

What's hot

PPT
Raspberry-Pi
byRehan Fazal
 
PPTX
Hacking
bySitwat Rao
 
PPT
Raspberrypi best ppt
bySOMRAJ GAUTAM
 
PPTX
Features of ATMEL microcontrollers
bySuraj Shandilya
 
PPTX
Arduino : how to get started
by동호 손
 
PPTX
Raspberry pi
byPrashant Kumar
 
PPTX
iot-based-smart-mirror-using-raspberry-pi-IJERTCONV6IS13131
bySaiKiran101146
 
PPT
Raspberry Pi Presentation
byGeekizer
 
PPTX
DLD Lecture No 21 BCD Multiplier and Magnitude Comparator.pptx
bySaveraAyub2
 
PPTX
1.Arduino Ecosystem.pptx
byMohamed Essam
 
PPTX
Computer Security Presentation
byPraphullaShrestha1
 
PPTX
cyber security notes
bySHIKHAJAIN163
 
PDF
Arduino presentation
byMichael Senkow
 
PPTX
Cyber Crime and Cyber Security
bySazed Salman
 
PPT
Seminar Presentation on raspberry pi
byGeorgekutty Francis
 
PPTX
Cyber crime & security
bypinkutinku26
 
PPT
Basic Electronics presentation v2 (1).ppt
bySATHISHKUMARC37
 
PPTX
Cyber terrorism
byshaympariyar
 
PPTX
Introduction to the Arduino
byWingston
 
PPTX
Microprocessor - Intel Pentium Series
byLaguna State Polytechnic University
 
Raspberry-Pi
byRehan Fazal
 
Hacking
bySitwat Rao
 
Raspberrypi best ppt
bySOMRAJ GAUTAM
 
Features of ATMEL microcontrollers
bySuraj Shandilya
 
Arduino : how to get started
by동호 손
 
Raspberry pi
byPrashant Kumar
 
iot-based-smart-mirror-using-raspberry-pi-IJERTCONV6IS13131
bySaiKiran101146
 
Raspberry Pi Presentation
byGeekizer
 
DLD Lecture No 21 BCD Multiplier and Magnitude Comparator.pptx
bySaveraAyub2
 
1.Arduino Ecosystem.pptx
byMohamed Essam
 
Computer Security Presentation
byPraphullaShrestha1
 
cyber security notes
bySHIKHAJAIN163
 
Arduino presentation
byMichael Senkow
 
Cyber Crime and Cyber Security
bySazed Salman
 
Seminar Presentation on raspberry pi
byGeorgekutty Francis
 
Cyber crime & security
bypinkutinku26
 
Basic Electronics presentation v2 (1).ppt
bySATHISHKUMARC37
 
Cyber terrorism
byshaympariyar
 
Introduction to the Arduino
byWingston
 
Microprocessor - Intel Pentium Series
byLaguna State Polytechnic University
 

Viewers also liked

PPTX
Snort ppt
byaAlcantar93
 
PPTX
Key management and distribution
byRiya Choudhary
 
PPT
Anton Chuvakin on Honeypots
byAnton Chuvakin
 
PPTX
Hcl
byRiya Choudhary
 
DOCX
Intrusion Detection System
byDevil's Cafe
 
PDF
Essential Guide to Protect Your Data [Key Management Techniques]
bySISA Information Security Pvt.Ltd
 
PPT
Wireshark Basics
byYoram Orzach
 
PPTX
Industrial Training - Network Intrusion Detection System Using Snort
byDisha Bedi
 
ODP
Snort
byMichael Boman
 
PPTX
Snort IDS/IPS Basics
byMahendra Pratap Singh
 
PPTX
Key management
byBrandon Byungyong Jo
 
PDF
Database Firewall with Snort
byNarudom Roongsiriwong, CISSP
 
PPTX
Improving intrusion detection system by honeypot
bymmubashirkhan
 
PPTX
Intrusion Prevention System
byVishwanath Badiger
 
PPTX
Futurex Secure Key Injection Solution
byGreg Stone
 
PPT
Network Intrusion Detection System Using Snort
byDisha Bedi
 
PPTX
Wireshark
bySourav Roy
 
PPTX
Intrusion detection
byUmesh Dhital
 
PPTX
Intrusion Detection System(IDS)
byshraddha_b
 
PPTX
Intrusion detection system
byAparna Bhadran
 
Snort ppt
byaAlcantar93
 
Key management and distribution
byRiya Choudhary
 
Anton Chuvakin on Honeypots
byAnton Chuvakin
 
Hcl
byRiya Choudhary
 
Intrusion Detection System
byDevil's Cafe
 
Essential Guide to Protect Your Data [Key Management Techniques]
bySISA Information Security Pvt.Ltd
 
Wireshark Basics
byYoram Orzach
 
Industrial Training - Network Intrusion Detection System Using Snort
byDisha Bedi
 
Snort
byMichael Boman
 
Snort IDS/IPS Basics
byMahendra Pratap Singh
 
Key management
byBrandon Byungyong Jo
 
Database Firewall with Snort
byNarudom Roongsiriwong, CISSP
 
Improving intrusion detection system by honeypot
bymmubashirkhan
 
Intrusion Prevention System
byVishwanath Badiger
 
Futurex Secure Key Injection Solution
byGreg Stone
 
Network Intrusion Detection System Using Snort
byDisha Bedi
 
Wireshark
bySourav Roy
 
Intrusion detection
byUmesh Dhital
 
Intrusion Detection System(IDS)
byshraddha_b
 
Intrusion detection system
byAparna Bhadran
 

Similar to Computer and Network Security

PPT
Chapter 3 Computer Crimes
byMar Soriano
 
PPT
security and ethical challenges
byVineet Dubey
 
PPTX
9 - Security
byRaymond Gao
 
PPT
Cyber Crime
byAccenture
 
PPTX
Week_7.pptx Computer science topic 7 Notes
byFrancisOdoom5
 
PPT
Security and ethical challenges in mis
byI P Abir
 
PPTX
c13.security_and_ethics.pptx managemet info
bytasniahnuha
 
PPT
Lecture8 to identify the (Cyber Crime).ppt
byengrkarimullah5806
 
PPTX
BAIT1003 Chapter 11
bylimsh
 
PPTX
Introduction to ethics
bySaqib Raza
 
PPT
Citi NCR-Gurgaon 2010 -Presentation2.ppt
byluckysingh25898
 
PPT
obrien13e_chap011.ppt
byPradeep513562
 
DOCX
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
byLillian Ekwosi-Egbulem
 
PPTX
Security
bychian417
 
PPTX
23 network security threats pkg
byUmang Gupta
 
PPT
Need for security
byUniversity of Central Punjab
 
PPT
Cybercrime presentation
byRajat Jain
 
PDF
[OrangeCon 2025 Keynote] Geeks to Giants: The Journey from Hacking Subculture...
byMarco Balduzzi
 
PPTX
Network security presentation
byKudzai Rerayi
 
PPTX
Cybercrime(this)
byYadiy Zak-One
 
Chapter 3 Computer Crimes
byMar Soriano
 
security and ethical challenges
byVineet Dubey
 
9 - Security
byRaymond Gao
 
Cyber Crime
byAccenture
 
Week_7.pptx Computer science topic 7 Notes
byFrancisOdoom5
 
Security and ethical challenges in mis
byI P Abir
 
c13.security_and_ethics.pptx managemet info
bytasniahnuha
 
Lecture8 to identify the (Cyber Crime).ppt
byengrkarimullah5806
 
BAIT1003 Chapter 11
bylimsh
 
Introduction to ethics
bySaqib Raza
 
Citi NCR-Gurgaon 2010 -Presentation2.ppt
byluckysingh25898
 
obrien13e_chap011.ppt
byPradeep513562
 
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
byLillian Ekwosi-Egbulem
 
Security
bychian417
 
23 network security threats pkg
byUmang Gupta
 
Need for security
byUniversity of Central Punjab
 
Cybercrime presentation
byRajat Jain
 
[OrangeCon 2025 Keynote] Geeks to Giants: The Journey from Hacking Subculture...
byMarco Balduzzi
 
Network security presentation
byKudzai Rerayi
 
Cybercrime(this)
byYadiy Zak-One
 

More from primeteacher32

PPT
Software Development Life Cycle
byprimeteacher32
 
PPTX
Variable Scope
byprimeteacher32
 
PPTX
Returning Data
byprimeteacher32
 
PPTX
Intro to Functions
byprimeteacher32
 
PPTX
Introduction to GUIs with guizero
byprimeteacher32
 
PPTX
Function Parameters
byprimeteacher32
 
PPTX
Nested Loops
byprimeteacher32
 
PPT
Conditional Loops
byprimeteacher32
 
PPTX
Introduction to Repetition Structures
byprimeteacher32
 
PPTX
Input Validation
byprimeteacher32
 
PPTX
Windows File Systems
byprimeteacher32
 
PPTX
Nesting Conditionals
byprimeteacher32
 
PPTX
Conditionals
byprimeteacher32
 
PPT
Intro to Python with GPIO
byprimeteacher32
 
PPTX
Variables and Statements
byprimeteacher32
 
PPTX
Variables and User Input
byprimeteacher32
 
PPT
Intro to Python
byprimeteacher32
 
PPTX
Raspberry Pi
byprimeteacher32
 
PPT
Hardware vs. Software Presentations
byprimeteacher32
 
PPTX
Block chain security
byprimeteacher32
 
Software Development Life Cycle
byprimeteacher32
 
Variable Scope
byprimeteacher32
 
Returning Data
byprimeteacher32
 
Intro to Functions
byprimeteacher32
 
Introduction to GUIs with guizero
byprimeteacher32
 
Function Parameters
byprimeteacher32
 
Nested Loops
byprimeteacher32
 
Conditional Loops
byprimeteacher32
 
Introduction to Repetition Structures
byprimeteacher32
 
Input Validation
byprimeteacher32
 
Windows File Systems
byprimeteacher32
 
Nesting Conditionals
byprimeteacher32
 
Conditionals
byprimeteacher32
 
Intro to Python with GPIO
byprimeteacher32
 
Variables and Statements
byprimeteacher32
 
Variables and User Input
byprimeteacher32
 
Intro to Python
byprimeteacher32
 
Raspberry Pi
byprimeteacher32
 
Hardware vs. Software Presentations
byprimeteacher32
 
Block chain security
byprimeteacher32
 

Recently uploaded

PPTX
High quality Job Seeker Presentation is guidance for job seeker to apply on t...
byAgungFitraSandhi
 
PDF
Promoting mental health and wellness among students.pdf
bysangwanmnk
 
PPTX
Poston Boston University appointment 2008
byRobert Poston
 
PPTX
Cleaning validation IN PHARMACEUTICAL INDUSTRIES
byGayatri Lobhe
 
PDF
Hybrid Work, Future Skills & the Human Edge in Asia’s Workplace
byBase Camp
 
PDF
Latitude & Longitude ,timezone and international Time zone
bykisankumar4241
 
PPTX
COMPUTER SYSTEMS AND BINARY NUMBERS ARCH
bywakandapemah
 
PPTX
UCSP 11_12 Q2 0902 Kinship Ties and Social Networks_ Kinship by Marriage PS.pptx
byjoshuabraga1197
 
PDF
Lecture 1 the 3rd line of defence ; Adaptive immunity.pdf
bylangkvin
 
PPTX
Salesforce_Food_Distribution_Project.pptx
byfbinsta3426
 
PPTX
NTS - Learning from Successful Job Searchers
byBruce Bennett
 
PDF
Step-by-Step Process for Buying a Verified Apple Pay ....pdf
bybxi4tn48i3wkgpbyyfg
 
PPTX
Cybersecurity is the practice of protect
by727822tuad019
 
PPTX
CSE448 Industry CO-OP Project II​ - Internship.pptx
byBijoyRoy19
 
PPT
Introduction to Services Selection Board (SSB)
bykrishmirji
 
PPTX
CENTRAL GOVERNMENT HEALTH SCHEME (CGHS)-1.pptx
byAnkushDuttaGupta
 
PDF
CURRICULUM VITAE THOMAS K. GIRARD, MA, CDP CONTACT info@thomaskgirard.com
byThomas GIRARD, MA, CDP
 
PDF
CV Simone Enea Riccò 2025, Marketing & Digital Director, AI Strategy Leader, ...
bySimone Enea Riccò
 
PDF
Secondary Citizenship 4 Student Textbook.pdf
byKuorwel Ngang Jacob
 
PPTX
WEPP MODEL for computing soil erosion .pptx
bysnehilchandrakar
 
High quality Job Seeker Presentation is guidance for job seeker to apply on t...
byAgungFitraSandhi
 
Promoting mental health and wellness among students.pdf
bysangwanmnk
 
Poston Boston University appointment 2008
byRobert Poston
 
Cleaning validation IN PHARMACEUTICAL INDUSTRIES
byGayatri Lobhe
 
Hybrid Work, Future Skills & the Human Edge in Asia’s Workplace
byBase Camp
 
Latitude & Longitude ,timezone and international Time zone
bykisankumar4241
 
COMPUTER SYSTEMS AND BINARY NUMBERS ARCH
bywakandapemah
 
UCSP 11_12 Q2 0902 Kinship Ties and Social Networks_ Kinship by Marriage PS.pptx
byjoshuabraga1197
 
Lecture 1 the 3rd line of defence ; Adaptive immunity.pdf
bylangkvin
 
Salesforce_Food_Distribution_Project.pptx
byfbinsta3426
 
NTS - Learning from Successful Job Searchers
byBruce Bennett
 
Step-by-Step Process for Buying a Verified Apple Pay ....pdf
bybxi4tn48i3wkgpbyyfg
 
Cybersecurity is the practice of protect
by727822tuad019
 
CSE448 Industry CO-OP Project II​ - Internship.pptx
byBijoyRoy19
 
Introduction to Services Selection Board (SSB)
bykrishmirji
 
CENTRAL GOVERNMENT HEALTH SCHEME (CGHS)-1.pptx
byAnkushDuttaGupta
 
CURRICULUM VITAE THOMAS K. GIRARD, MA, CDP CONTACT info@thomaskgirard.com
byThomas GIRARD, MA, CDP
 
CV Simone Enea Riccò 2025, Marketing & Digital Director, AI Strategy Leader, ...
bySimone Enea Riccò
 
Secondary Citizenship 4 Student Textbook.pdf
byKuorwel Ngang Jacob
 
WEPP MODEL for computing soil erosion .pptx
bysnehilchandrakar
 

Computer and Network Security

  • 1.
  • 2.
    7.1 INTRODUCTION • COMPUTERSGETTING FASTER AND LESS EXPENSIVE • UTILITY OF NETWORKED COMPUTERS INCREASING • SHOPPING AND BANKING • MANAGING PERSONAL INFORMATION • CONTROLLING INDUSTRIAL PROCESSES • INCREASING USE OF COMPUTERS  GROWING IMPORTANCE OF COMPUTER SECURITY
  • 3.
    HACKERS AND ATTACKERS •ORIGINAL MEANING OF HACKER: EXPLORER, RISK TAKER, SYSTEM INNOVATOR • MIT’S TECH MODEL RAILROAD CLUB IN 1950S • MODERN MEANING OF HACKER ATTACKER: SOMEONE WHO GAINS UNAUTHORIZED ACCESS TO COMPUTERS AND COMPUTER NETWORKS
  • 4.
    TYPES OF ATTACKS MALWARE •MALICIOUS SOFTWARE • PROGRAMS OR SCRIPTS USED TO: • INTERCEPT DATA • STEAL INFORMATION • LAUNCH OTHER ATTACKS • DAMAGE A COMPUTER • MALWARE ATTACKS OCCUR AT AN ORGANIZATION ONCE EVERY 3 MINUTES SOCIAL ENGINEERING • PSYCHOLOGICAL ATTACKING • NON-TECHNICAL METHOD OF INTRUSION THAT RELIES ON: • HUMAN INTERACTION • TRICKERY • MANIPULATION • EXPLOITING THE WEAKEST LINK IN THE CHAIN
  • 5.
  • 6.
  • 7.
    COMPUTER FRAUD ANDABUSE ACT • CRIMINALIZES WIDE VARIETY OF HACKER-RELATED ACTIVITIES • TRANSMITTING CODE THAT DAMAGES A COMPUTER • ACCESSING ANY INTERNET-CONNECTED COMPUTER WITHOUT AUTHORIZATION • TRANSMITTING CLASSIFIED GOVERNMENT INFORMATION • TRAFFICKING IN COMPUTER PASSWORDS • COMPUTER FRAUD • COMPUTER EXTORTION • MAXIMUM PENALTY: 20 YEARS IN PRISON AND $250,000 FINE
  • 8.
    CASE STUDY: FIRESHEEP •OCTOBER 2010: ERIC BUTLER RELEASED FIRESHEEP EXTENSION TO FIREFOX BROWSER • FIRESHEEP MADE IT POSSIBLE FOR ORDINARY COMPUTER USERS TO EASILY SIDEJACK WEB SESSIONS • MORE THAN 500,000 DOWNLOADS IN FIRST WEEK • ATTRACTED GREAT DEAL OF MEDIA ATTENTION • EARLY 2011: FACEBOOK AND TWITTER ANNOUNCED OPTIONS TO USE THEIR SITES SECURELY 1-8
  • 9.
    ACT UTILITARIAN ANALYSIS •RELEASE OF FIRESHEEP LED MEDIA TO FOCUS ON SECURITY PROBLEM • BENEFITS WERE HIGH: A FEW MONTHS LATER FACEBOOK AND TWITTER MADE THEIR SITES MORE SECURE • HARMS WERE MINIMAL: NO EVIDENCE THAT RELEASE OF FIRESHEEP CAUSED BIG INCREASE IN IDENTITY THEFT OR MALICIOUS PRANKS • CONCLUSION: RELEASE OF FIRESHEEP WAS GOOD
  • 10.
    VIRTUE ETHICS ANALYSIS •BY RELEASING FIRESHEEP, BUTLER HELPED PUBLIC UNDERSTAND LACK OF SECURITY ON UNENCRYPTED WIRELESS NETWORKS • BUTLER’S STATEMENTS CHARACTERISTIC OF SOMEONE INTERESTED IN PROTECTING PRIVACY • BUTLER DEMONSTRATED COURAGE BY TAKING RESPONSIBILITY FOR THE PROGRAM • BUTLER DEMONSTRATED BENEVOLENCE BY MAKING PROGRAM FREELY AVAILABLE • HIS ACTIONS AND STATEMENTS WERE CHARACTERISTIC OF SOMEONE INTERESTED IN THE PUBLIC GOOD
  • 11.
    KANTIAN ANALYSIS • ACCESSINGSOMEONE ELSE’S USER ACCOUNT IS AN INVASION OF THEIR PRIVACY AND IS WRONG • BUTLER PROVIDED A TOOL THAT MADE IT MUCH SIMPLER FOR PEOPLE TO DO SOMETHING THAT IS WRONG, SO HE HAS SOME MORAL ACCOUNTABILITY FOR THEIR MISDEEDS • BUTLER WAS WILLING TO TOLERATE SHORT-TERM INCREASE IN PRIVACY VIOLATIONS IN HOPE THAT MEDIA PRESSURE WOULD FORCE WEB RETAILERS TO ADD SECURITY • HE TREATED VICTIMS OF FIRESHEEP AS A MEANS TO HIS END • IT WAS WRONG FOR BUTLER TO RELEASE FIRESHEEP
  • 12.
    MALWARE • THERE ISNO STANDARDIZED CLASSIFICATION OF MALWARE BUT ONE WAY IS BY PRIMARY TRAITS. • HOW IT CIRCULATES TO OTHER NETWORKS • EMAIL, STORAGE PERIPHERALS, PHYSICAL CONNECTIONS • HOW IT INFECTS FILES/MACHINES • MEMORY, AUTO RUN SCRIPTS, EXE, PARASITE VS. SYMBIOTE • HOW IT CONCEALS ITSELF • MUTATE(DISCUSS MORE LATER) • THE CAPABILITIES OF ITS PAYLOAD • WHAT DOES IT DO? & WHY DOES IT DO IT? • THIS IS ENDLESS – STEAL PASSWORDS, DELETE FILES, CORRUPT DATA, ETC.
  • 13.
    TYPES OF MALWARE QuestionVirus Worm Trojan What is it? Malicious computer code that replicates without human intervention Malicious program that uses a computer network to replicate Program that masquerades as a benign activity that delivers something malicious How does it circulate? Files Network Files User action to circulate? Transmit infected file to a secondary party None Transmit infected file to a secondary party How does it infect? When app is executed it replicates in a new file and delivers payload. Vulnerability in application When app is executed it delivers payload.
  • 14.
    THE INTERNET WORM •ROBERT TAPPAN MORRIS, JR. • GRADUATE STUDENT AT CORNELL • RELEASED WORM ONTO INTERNET FROM MIT COMPUTER • EFFECT OF WORM • SPREAD TO SIGNIFICANT NUMBERS OF UNIX COMPUTERS • INFECTED COMPUTERS KEPT CRASHING OR BECAME UNRESPONSIVE • TOOK A DAY FOR FIXES TO BE PUBLISHED • IMPACT ON MORRIS • SUSPENDED FROM CORNELL • 3 YEARS’ PROBATION + 400 HOURS COMMUNITY SERVICE • $150,000 IN LEGAL FEES AND FINES
  • 15.
    ETHICAL EVALUATION • KANTIANEVALUATION • MORRIS USED OTHERS BY GAINING ACCESS TO THEIR COMPUTERS WITHOUT PERMISSION • SOCIAL CONTRACT THEORY EVALUATION • MORRIS VIOLATED PROPERTY RIGHTS OF ORGANIZATIONS • UTILITARIAN EVALUATION • BENEFITS: ORGANIZATIONS LEARNED OF SECURITY FLAWS • HARMS: TIME SPENT BY THOSE FIGHTING WORM, UNAVAILABLE COMPUTERS, DISRUPTED NETWORK TRAFFIC, MORRIS’S PUNISHMENTS • VIRTUE ETHICS EVALUATION • MORRIS SELFISHLY USED INTERNET AS EXPERIMENTAL LAB • HE DECEITFULLY RELEASED WORM FROM MIT INSTEAD OF CORNELL • HE AVOIDED TAKING RESPONSIBILITY FOR HIS ACTIONS • MORRIS WAS WRONG TO HAVE RELEASED THE INTERNET WORM
  • 16.
    ANTIVIRUS SOFTWARE PACKAGES •ALLOW COMPUTER USERS TO DETECT AND DESTROY VIRUSES • MUST BE KEPT UP-TO-DATE TO BE MOST EFFECTIVE • MANY PEOPLE DO NOT KEEP THEIR ANTIVIRUS SOFTWARE PACKAGES UP-TO-DATE • CONSUMERS NEED TO BEWARE OF FAKE ANTIVIRUS APPLICATIONS
  • 17.
    DEFENSIVE MEASURES • SECURITYPATCHES: CODE UPDATES TO REMOVE SECURITY VULNERABILITIES • ANTI-MALWARE TOOLS: SOFTWARE TO SCAN HARD DRIVES, DETECT FILES THAT CONTAIN VIRUSES OR SPYWARE, AND DELETE THESE FILES • FIREWALL: A SOFTWARE APPLICATION INSTALLED ON A SINGLE COMPUTER THAT CAN SELECTIVELY BLOCK NETWORK TRAFFIC TO AND FROM THAT COMPUTER
  • 18.
    TYPES OF ATTACKERS •CYBER TERRORISTS • CYBERTERRORISM- PREMEDITATED, POLITICALLY MOTIVATED ATTACKS • DESIGNED TO: • CAUSE PANIC • PROVOKE VIOLENCE • RESULT IN FINANCIAL CATASTROPHE • CYBER CRIMINALS • INDIVIDUALS WHO LAUNCH ATTACKS AGAINST OTHER USERS AND THEIR COMPUTERS • A LOOSE NETWORK OF ATTACKERS, IDENTITY THIEVES, AND FINANCIAL FRAUDSTERS WHO ARE HIGHLY MOTIVATED, LESS RISK-AVERSE, WELL-FUNDED, AND TENACIOUS • INSTEAD OF ATTACKING A COMPUTER TO SHOW OFF THEIR TECHNOLOGY SKILLS (FAME), CYBERCRIMINALS HAVE A MORE FOCUSED GOAL OF FINANCIAL GAIN (FORTUNE): CYBERCRIMINALS STEAL INFORMATION OR LAUNCH ATTACKS TO GENERATE INCOME • ATTACKERS • A PERSON WHO USES ADVANCED COMPUTER SKILLS TO ATTACK COMPUTERS
  • 19.
    STUXNET WORM (2009) •ATTACKED SCADA SYSTEMS RUNNING SIEMENS SOFTWARE • TARGETED FIVE INDUSTRIAL FACILITIES IN IRAN THAT WERE USING CENTRIFUGES TO ENRICH URANIUM • CAUSED TEMPORARY SHUTDOWN OF IRAN’S NUCLEAR PROGRAM • WORM MAY HAVE BEEN CREATED BY ISRAELI DEFENSE FORCES
  • 20.
    CYBER ESPIONAGE ATTRIBUTEDTO PEOPLE’S LIBERATION ARMY • HUNDREDS OF COMPUTER SECURITY BREACHES IN MORE THAN A DOZEN COUNTRIES INVESTIGATED BY MANDIANT • HUNDREDS OF TERABYTES OF DATA STOLEN • MANDIANT BLAMED UNIT 61398 OF THE PEOPLE’S LIBERATION ARMY • CHINA’S FOREIGN MINISTRY STATED THAT ACCUSATION WAS GROUNDLESS AND IRRESPONSIBLE
  • 21.
    ANONYMOUS • ANONYMOUS: LOOSELYORGANIZED INTERNATIONAL MOVEMENT OF HACKTIVISTS (HACKERS WITH A SOCIAL OR POLITICAL CAUSE) • VARIOUS DDOS ATTACKS ATTRIBUTED TO ANONYMOUS MEMBERS Year Victim Reason 2008 Church of Scientology Attempted suppression of Tom Cruise interview 2009 RIAA, MPAA RIAA, MPAA’s attempt to take down the Pirate Bay 2009 PayPal, VISA, MasterCard Financial organizations freezing funds flowing to Julian Assange of WikiLeaks 2012 U.S. Dept. of Justice, RIAA, MPAA U.S. Dept. of Justice action against Megaupload

Editor's Notes

  • #6 An approach of exploiting and exposing peoples insecurities through a manner of psychological attacks or warfare: Displaying Confidence – the key attribute in any socially engineering tactic Act like you own it and people will believe Authority – Impersonating an authority figure or citing one “Do you know who I am…!” Intimidation – To frighten and coerce by threatening “What’s your name, I am going to contact your manager” Consensus – Influenced by what others do or wanting to satisfy a request “I talked with someone before and then were very accommodating with handling this situation” Urgency/Scarcity – Immediate action required “I am leaving to go to the company headquarters and need to get that file” Familiarity – Victim is well-known or well received (flattery, compliments) “I remember how helpful you were a couple of weeks ago” Impersonation Pretending to be someone you are not Never give information out Dumpster Diving Digging through trash to obtain information Tailgating and Shoulder Surfing Waiting for an action to take place and then capitalizes on the result Security door Use of a credit card Phishing False information in a digital format in order to solicit information from a user. Spam Nonsense emails that circumvent filters to try and deliver payloads Hoaxes Email impersonations to convince individuals to undermine the security of the system URL hijacking (Typo Squatting) Scams that take advantage on common misspellings Watering Hole Attack Setting malware on sites where specific groups of individuals congregate Reverse Social Engineering Attacker gets victim to contact them
  • #7 Social Engineering Phone calls from you instead of to you Asked questions that seem harmless
  • #9 Sidejacking: hijacking of an open Web session by capturing a user’s cookie Sidejacking possible on unencrypted wireless networks because many sites send cookies “in the clear” Internet security community complained about sidejacking vulnerability for years, but ecommerce sites did not change practices