In present world, where computers/laptops and smart phone made it possible to extract other's secrets, a need has been imminent to handle such problems by Cyber Security Regime, which not only be launched by individuls(IT Expert) of organizations but the governments of the country should also play a vital role.

1. Sabir Raja

2. Cyber Security
• Cyber Security, also known as Computer Security
or IT Security, is the protection of computer
systems from the theft or damage to the
hardware, software or the information on them, as
well as from disruption or misdirection of the
services they provide

3. • It includes controlling physical access to the
hardware, as well as protecting against harm
that may come via network access, data and
code injection, and due to malpractice by
operators, whether intentional, accidental, or
being tricked into deviating from secure
procedures

4. • The field is of growing importance due to the
increasing reliance on computer systems and the
Internet in most societies, wireless networks such
as Bluetooth and Wi-Fi and the growth of Smart
devices, including smartphones, televisions and
tiny devices as part of the Internet

5. What is a Cyber Crime
• Cyber crime encompasses any criminal act
dealing with computers and networks (called
hacking)
• Additionally, cyber crime also includes
traditional crimes conducted through the
Internet
• A major attack vector of Cyber Crime is to
exploit broken software

6. • Software security vulnerabilities are caused
by defective specification, design, and
implementation
• Unfortunately, common development
practices leave software with many
vulnerabilities
• To have a secure Cyber Infrastructure, the
supporting software must contain few, if any,
vulnerabilities

7. What is Vulnerability
• In Cyber or Computer Security, a vulnerability is a
weakness which allows an attacker to reduce a
system's information assurance or
• A weakness of an asset or group of assets that can
be exploited by one or more threats or
• A flaw / weakness in a system's design,
implementation, or operation and management
that could be exploited to violate the system's
security policy

8. • To secure a computer system, it is important to
understand the attacks that can be made against
it, and these threats can typically be classified into
one of the following categories
– Backdoors
– Denial-of-service attack
– Direct-access attacks
– Eavesdropping
– Spoofing
– Tampering
– Phishing
– Clickjacking
– Social engineering

9. Backdoors
• A backdoor is a method, often secret, of bypassing normal
authentication in a product, computer system, crypto system or
algorithm etc. Backdoors are often used for securing unauthorized
remote access to a computer, or obtaining access to plaintext in
cryptographic systems
• A backdoor may take the form of a hidden part of a program, a
separate program (e.g. Back Orifice may subvert the system
through a rootkit), or may be a hardware feature
• Default passwords can function as backdoors if they are not
changed by the user. Some debugging features can also act as
backdoors if they are not removed in the release version

10. • Computer worms, such as Sobig and Mydoom, install a
backdoor on the affected computer (generally a PC on
broadband running Microsoft Windows and Microsoft
Outlook)
• Such backdoors appear to be installed so that spammers can
send junk email from the infected machines
• Others, such as the Sony/BMG rootkit, placed secretly on
millions of music CDs through late 2005, are intended as
DRM (Digital rights management) measures and, in that
case, as data gathering agents

11. Denial of Service Attack
• Denial of Service Attack (DoS attack) is a cyber-attack where the
perpetrator seeks to make a machine or network resource
unavailable to its intended users by temporarily or indefinitely
disrupting services of a host connected to the Internet
• Denial of service is typically accomplished by flooding the targeted
machine or resource with superfluous requests in an attempt to
overload systems and prevent some or all legitimate requests from
being fulfilled

12. Direct Access Attacks
• An unauthorized user gaining physical access to a computer is most
likely able to directly copy data from it
• They may also compromise security by making operating system
modifications, installing software worms, keyloggers, covert
listening devices or using wireless mice
• Even when the system is protected by standard security measures,
these may be able to be by-passed by booting another operating
system or tool from a CD ROM or other bootable media

13. Eavesdropping
• Eavesdropping is the act of surreptitiously listening to a private
conversation, typically between hosts on a network
• For instance, programs such as Carnivore and NarusInsight have
been used by the FBI and NSA to eavesdrop on the systems of
internet service providers
• Even machines that operate as a closed system (i.e., with no contact
to the outside world) can be eavesdropped upon via monitoring the
faint electro-magnetic transmissions generated by the hardware;
TEMPEST is a specification by the NSA referring to these attacks
• TEMPEST is a National Security Agency specification and a NATO
certificationreferring to spying on information systems through
leaking emanations, including unintentional radio or electrical
signals, sounds, and vibrations

14. Spoofing
• Spoofing, is a fraudulent or malicious practice in which
communication is sent from an unknown source disguised as a
source known to the receiver
• Spoofing is most prevalent in communication mechanisms that lack
a high level of security

15. Tampering
• Tampering describes a malicious modification of products.
So called "Evil Maid" attacks (A kernel mode rootkit variant
called a bootkit, it can infect startup code like the Master
Boot Record (MBR), Volume Boot Record (VBR) or boot
sector ) and security services planting of surveillance
capability into routersare the examples

16. Phishing
• Phishing is the attempt to acquire sensitive information such
as usernames, passwords, and credit card details directly
from users
• Phishing is typically carried out by email spoofing or instant
messaging, and it often directs users to enter details at a
fake website whose look and feel are almost identical to the
legitimate one
• Preying on a victim's trust, phishing can be classified as a
form of social engineering

17. Clickjacking
• Clickjacking is a malicious technique in which an attacker tricks a
user into clicking on a button or link on another webpage while the
user intended to click on the top level page
• This is done using multiple transparent or opaque layers. The
attacker is basically "hijacking" the clicks meant for the top level
page and routing them to some other irrelevant page, most likely
owned by someone else
• A similar technique can be used to hijack keystrokes
• Carefully drafting a combination of stylesheets, iframes, buttons
and text boxes, a user can be led into believing that they are typing
the password or other information on some authentic webpage
while it is being channeled into an invisible frame controlled by the
attacker

18. Social Engineering
• Social engineering aims to convince a user to disclose secrets
such as passwords, card numbers
• A popular and profitable cyber scam involves fake CEO emails
sent to accounting and finance departments
• In early 2016, the FBI reported that the scam has cost US
businesses more than $2bn in about two years
• In May 2016, the Milwaukee Bucks NBA team was the victim of
this type of cyber scam with a perpetrator impersonating the
team's president Peter Feigin, resulting in the handover of all
the team's employees' 2015 W-2 (Wage and Tax Statement )
tax forms

19. Key Trends from 2015
1
9

20. Questions Answer…

21. Attacks are focusing on higher
value data targets
2013
800,000,000+ records
breached, with no signs
of decreasing in the
future
2014
1,000,000,000 records
breached, while CISOs cite
increasing risks from
external threats
2015
Healthcare mega-breaches
set the trend for high value
targets of sensitive
information

22. Why do Breaches Happen?
 Configuration Errors
 “Weak” defaults
 Easy passwords
 “Bugs”
 Input validation
 Installing suspect
applications
 Clicking malicious
links
 Phishing Emails
 Watering Hole attacks
MalwareVulnerabilities

23. Need of cyber security
 Cyber security is necessary since it helps in
securing data from threats such as data theft or
misuse, also safeguards your system from viruses.

24. Major security problems
 Virus
 Hacker
 Malware
 Trojan horses
 Password cracking

25. Viruses and Worms
 A Virus is a “program that is loaded onto your
computer without your knowledge and runs
against your wishes

26. Solution
 Install a security suite that protects the computer
against threats such as viruses and worms.

27. Hackers
 In common a hacker is a person who breaks
into computers, usually by gaining access to
administrative controls.

28. How To prevent hacking
 It may be impossible to prevent computer hacking,
however effective security controls including strong
passwords, and the use of firewalls can helps.

29. Malware
 The word "malware" comes from the term
"Malicious Software."
 Malware is any software that infects and damages a
computer system without the owner's knowledge or
permission.

30. To Stop Malware
 Download an anti-malware program that also
helps prevent infections
 Activate Network Threat Protection, Firewall,
Antivirus

31. Trojan Horses
 Trojan horses are email viruses that can duplicate
themselves, steal information, or harm the computer
system.
 These viruses are the most serious threats to
computers

32. How to Avoid Trojans
 Security suites, such as Avast Internet Security, will
prevent you from downloading Trojan Horses

33. Password Cracking
 Password attacks are attacks by hackers that are able
to determine passwords or find passwords to different
protected electronic areas and social network sites.

34. Securing Password
 Use always Strong password
 Never use same password for two different sites

35. Cyber Security is Everyone’s Responsibility

37. SAFETY TIPS TO CYBER CRIME
 Use antivirus Software and update regularly
 Insert Firewalls
 Uninstall unnecessary software
 Maintain backup
 Check security settings
 BIOS , Administrator and User Pass Word
 Block all USBs ports
 Remove CD Drive etc etc
 Physically locking of computers
 Be aware of insider threats
 No use of Internet

38. Conclusion
Cybercrime is indeed getting the recognition it
deserves
However, it is not going to be restricted that
easily
In fact , it is highly likely that cyber crime and its
hackers will continue developing and upgrading
to stay ahead of the law
So, to make us a safer we must Implement our
organizational Cyber Security Plan in true letter
and spirit