SlideShare a Scribd company logo

CyberSecurity Assignment.pptx

Download as PPTX, PDF
V
VinayPratap58

Cyber Security

Technology
1 of 15
[ A Deemed to be University ] Name :- Vinay Pratap Roll :- MCA / 40015 / 21 Sem :- 3rd Sub :- Cyber Security Presented To :- Dr. Amrita Priyam Ma’am.
INDEX Unauthorized Access by Outsider Anti-Malware Software Network Traffic Analysis
UNAUTHORIZED ACCESS BY OUTSIDER A person gains logical or physical access without permission to a network, system, application, data, or other resource.
PREVENT UNAUTHORIZED ACCESS Strong Password Policy Two Factor Authentication (2FA) and Multifactor Authentication Physical Security Practices Monitoring User Activity Endpoint Security
1. STRONG PASSWORD POLICY Enforce best practices for user passwords—force users to select long passwords including letters, numbers and special characters, and change passwords frequently. Educate users to avoid using terms that can be guessed in a brute force attack, inform them about routine password updating, and to tell them to avoid sharing passwords across systems.
2. TWO FACTOR AUTHENTICATION (2FA) AND MULTIFACTOR AUTHENTICATION Credentials based on user names, passwords, answers to security questions, etc. Are known more generally as knowledge-based security factors. Knowledge-based factors are an important authentication method, but they are inherently weak and easy to compromise. One of the best ways to prevent unauthorized access in your organization is to supplement knowledge-based factors with additional authentication methods:  Possession factors — authentication via objects possessed by the user. For example, a mobile phone, a security token or a physical card.  Inherence factors — authentication via something the user is or has. This includes biometric authentication using fingerprints, iris scans or voice recognition.
3. PHYSICAL SECURITY PRACTICES As important as cybersecurity is, don’t neglect physical security. Train users to always lock devices when walking away from their desks, and to avoid writing down passwords or leaving sensitive documents in the open. Have a clear policy about locking office doors and ensure only authorized parties can enter sensitive areas of your physical facility.
4. MONITORING USER ACTIVITY It is crucial to monitor what is happening with user accounts, to detect anomalous activity such as multiple login attempts, login at unusual hours, or login by users to systems or data they don’t usually access. There are several strategies for monitoring users and accounts:  Log analysis — security analysts can gain visibility into logs of sensitive enterprise systems and uncover suspicious activity  Rule-based alerts — security tools can alert security staff to suspicious activity patterns, such as multiple login attempts or incorrect login to sensitive systems  Behavioural analytics — user and event behavioural analytics (UEBA) monitors users and systems, establishes a baseline of normal activity, and detects any behavior that represents an anomaly and may be malicious.
5. ENDPOINT SECURITY Historically, most security breaches were a result of penetrating the network perimeter. Today, many attacks circumvent network defences by directly targeting endpoints, such as employee workstations, servers, cloud instances. Installing antivirus on every endpoint is the most basic security measure. Beyond antivirus, many organizations are deploying comprehensive endpoint protection measures that include:  Next-generation antivirus (NGAV) – able to detect malware and other threats even if they don’t match known patterns or signatures.  Endpoint detection and response (EDR) – provides visibility and defensive measures on the endpoint itself, when attacks occur on endpoint devices.
ANTI – MALWARE SOFTWARE Anti-malware resources are comprehensive solutions that maintain computer security and protect sensitive data that is transmitted by a network or stored on local devices. Anti-malware tools often include multiple components, including anti-spyware and phishing tools, as well as antivirus solutions for prominent viruses, which are isolated and identified by security resources. Anti-malware tools may employ scanning, strategies, freeware or licensed tools to detect rootkits, worms, trojans and other types of potentially damaging software. Each type of malware resource carries its own interface and system requirements, which impact user solutions for a given device or system.
USES OF ANTIMALWARE The value of antimalware applications is recognized beyond simply scanning files for viruses. Antimalware can help prevent malware attacks by scanning all incoming data to prevent malware from being installed and infecting a computer. Antimalware programs can also detect advanced forms of malware and offer protection against ransomware attacks. Antimalware programs can help in the following ways:  Prevent users of from visiting websites known for containing malware;  Prevent malware from spreading to other computers in a computer system;  Provide insight into the number of infections and the time required for their removal; and  Provide insight into how the malware compromised the device or network.
NETWORK TRAFFICANALYSIS Network traffic analysis (NTA) is a method of monitoring network availability and activity to identify anomalies, including security and operational issues. Common use cases for NTA include:  Collecting a real-time and historical record of what’s happening on your network  Detecting malware such as ransomware activity  Detecting the use of vulnerable protocols and ciphers  Troubleshooting a slow network  Improving internal visibility and eliminating blind spots.
THE KEY BENEFITS OF NETWORK TRAFFIC ANALYSIS  Improved visibility into devices connecting to your network (e.G. Iot devices, healthcare visitors)  Meet compliance requirements  Troubleshoot operational and security issues  Respond to investigations faster with rich detail and additional network context.
THE IMPORTANCE OF NETWORK TRAFFIC ANALYSIS The rise of ransomware as a common attack type in recent years makes network traffic monitoring even more critical. A network monitoring solution should be able to detect activity indicative of ransomware attacks via insecure protocols. Remote desktop protocol (rdp) is another commonly targeted application. Monitoring traffic inside your firewalls allows you to validate rules, gain valuable insight, and can also be used as a source of network traffic-based alerts. Telnet is an unencrypted protocol, session traffic will reveal command line interface (cli) command sequences appropriate for the make and model of the device. CLI strings may reveal login procedures, presentation of user credentials, commands to display boot or running configuration, copying files, and more.
THANK YOU

Recommended

VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Futurekaranwayne
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 
MALWARE
MALWAREMALWARE
MALWAREAnupam Das
 
What is malware
What is malwareWhat is malware
What is malwareMalcolm York
 
Cyber Security-Foundation.ppt
Cyber Security-Foundation.pptCyber Security-Foundation.ppt
Cyber Security-Foundation.pptErAdityaSingh1
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 

Recommended

VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Futurekaranwayne
 
Cyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindCyber Security A Challenges For Mankind
Cyber Security A Challenges For MankindSaurabh Kheni
 
MALWARE
MALWAREMALWARE
MALWAREAnupam Das
 
What is malware
What is malwareWhat is malware
What is malwareMalcolm York
 
Cyber Security-Foundation.ppt
Cyber Security-Foundation.pptCyber Security-Foundation.ppt
Cyber Security-Foundation.pptErAdityaSingh1
 
Vulnerability Assessment Presentation
Vulnerability Assessment PresentationVulnerability Assessment Presentation
Vulnerability Assessment PresentationLionel Medina
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-MalwareArpit Mittal
 
Ppt123
Ppt123Ppt123
Ppt123Faiz Khan
 
Malware
MalwareMalware
MalwareAnoushka Srivastava
 
Firewall
FirewallFirewall
FirewallMuhammad Sohaib Afzaal
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptxNBBNOC
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYMohammad Shakirul islam
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Malware and it's types
Malware and it's typesMalware and it's types
Malware and it's typesAakash Baloch
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and StandardsDirectorate of Information Security | Ditjen Aptika
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationyogendrasinghchahar
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Cyber security
Cyber securityCyber security
Cyber securitymanoj duli
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNcell
 
Network srcurity
Network srcurityNetwork srcurity
Network srcuritysheikhparvez4
 
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...Mohammed Abdul Lateef
 

More Related Content

What's hot

Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-MalwareArpit Mittal
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptxNBBNOC
 
Spoofing
SpoofingSpoofing
SpoofingSanjeev
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Malware and it's types
Malware and it's typesMalware and it's types
Malware and it's typesAakash Baloch
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Securitybelsis
 
Cyber security
Cyber securityCyber security
Cyber securitymanoj duli
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityNcell
 

What's hot (20)

Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Security threats
Security threatsSecurity threats
Security threats
 
Malware & Anti-Malware
Malware & Anti-MalwareMalware & Anti-Malware
Malware & Anti-Malware
 
Ppt123
Ppt123Ppt123
Ppt123
 
Malware
MalwareMalware
Malware
 
Firewall
FirewallFirewall
Firewall
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptx
 
Spoofing
SpoofingSpoofing
Spoofing
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Malware and it's types
Malware and it's typesMalware and it's types
Malware and it's types
 
Web application security
Web application securityWeb application security
Web application security
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and Standards
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Cyber security
Cyber securityCyber security
Cyber security
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 

Similar to CyberSecurity Assignment.pptx

Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...Mohammed Abdul Lateef
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection PresentationMustafash79
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Twobackdoor
 
network_security.docx_2.pdf
network_security.docx_2.pdfnetwork_security.docx_2.pdf
network_security.docx_2.pdfahmed53254
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysisdadkhah077
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attackMark Silver
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
 
unit 2 IT security solution.pptx
unit 2 IT security solution.pptxunit 2 IT security solution.pptx
unit 2 IT security solution.pptxlochanrajdahal
 

Similar to CyberSecurity Assignment.pptx (20)

Network srcurity
Network srcurityNetwork srcurity
Network srcurity
 
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
Traditional Reconnaissance and Attacks, Malicious Software, Defense in Depth,...
 
Intrusion Detection Presentation
Intrusion Detection PresentationIntrusion Detection Presentation
Intrusion Detection Presentation
 
Module 3.pdf
Module 3.pdfModule 3.pdf
Module 3.pdf
 
Module 3.Infrastructure and Network Security:
Module 3.Infrastructure and Network Security:Module 3.Infrastructure and Network Security:
Module 3.Infrastructure and Network Security:
 
Is4560
Is4560Is4560
Is4560
 
Ne Course Part Two
Ne Course Part TwoNe Course Part Two
Ne Course Part Two
 
network_security.docx_2.pdf
network_security.docx_2.pdfnetwork_security.docx_2.pdf
network_security.docx_2.pdf
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
IDS Research
IDS ResearchIDS Research
IDS Research
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An AnalysisSecurity Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
Security Attacks in Stand-Alone Computer and Cloud Computing: An Analysis
 
Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with Fedora
 
185
185185
185
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
 
unit 2 IT security solution.pptx
unit 2 IT security solution.pptxunit 2 IT security solution.pptx
unit 2 IT security solution.pptx
 
Unit 5.pptx
Unit 5.pptxUnit 5.pptx
Unit 5.pptx
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Recently uploaded (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

CyberSecurity Assignment.pptx

  • 1. [ A Deemed to be University ] Name :- Vinay Pratap Roll :- MCA / 40015 / 21 Sem :- 3rd Sub :- Cyber Security Presented To :- Dr. Amrita Priyam Ma’am.
  • 2. INDEX Unauthorized Access by Outsider Anti-Malware Software Network Traffic Analysis
  • 3. UNAUTHORIZED ACCESS BY OUTSIDER A person gains logical or physical access without permission to a network, system, application, data, or other resource.
  • 4. PREVENT UNAUTHORIZED ACCESS Strong Password Policy Two Factor Authentication (2FA) and Multifactor Authentication Physical Security Practices Monitoring User Activity Endpoint Security
  • 5. 1. STRONG PASSWORD POLICY Enforce best practices for user passwords—force users to select long passwords including letters, numbers and special characters, and change passwords frequently. Educate users to avoid using terms that can be guessed in a brute force attack, inform them about routine password updating, and to tell them to avoid sharing passwords across systems.
  • 6. 2. TWO FACTOR AUTHENTICATION (2FA) AND MULTIFACTOR AUTHENTICATION Credentials based on user names, passwords, answers to security questions, etc. Are known more generally as knowledge-based security factors. Knowledge-based factors are an important authentication method, but they are inherently weak and easy to compromise. One of the best ways to prevent unauthorized access in your organization is to supplement knowledge-based factors with additional authentication methods:  Possession factors — authentication via objects possessed by the user. For example, a mobile phone, a security token or a physical card.  Inherence factors — authentication via something the user is or has. This includes biometric authentication using fingerprints, iris scans or voice recognition.
  • 7. 3. PHYSICAL SECURITY PRACTICES As important as cybersecurity is, don’t neglect physical security. Train users to always lock devices when walking away from their desks, and to avoid writing down passwords or leaving sensitive documents in the open. Have a clear policy about locking office doors and ensure only authorized parties can enter sensitive areas of your physical facility.
  • 8. 4. MONITORING USER ACTIVITY It is crucial to monitor what is happening with user accounts, to detect anomalous activity such as multiple login attempts, login at unusual hours, or login by users to systems or data they don’t usually access. There are several strategies for monitoring users and accounts:  Log analysis — security analysts can gain visibility into logs of sensitive enterprise systems and uncover suspicious activity  Rule-based alerts — security tools can alert security staff to suspicious activity patterns, such as multiple login attempts or incorrect login to sensitive systems  Behavioural analytics — user and event behavioural analytics (UEBA) monitors users and systems, establishes a baseline of normal activity, and detects any behavior that represents an anomaly and may be malicious.
  • 9. 5. ENDPOINT SECURITY Historically, most security breaches were a result of penetrating the network perimeter. Today, many attacks circumvent network defences by directly targeting endpoints, such as employee workstations, servers, cloud instances. Installing antivirus on every endpoint is the most basic security measure. Beyond antivirus, many organizations are deploying comprehensive endpoint protection measures that include:  Next-generation antivirus (NGAV) – able to detect malware and other threats even if they don’t match known patterns or signatures.  Endpoint detection and response (EDR) – provides visibility and defensive measures on the endpoint itself, when attacks occur on endpoint devices.
  • 10. ANTI – MALWARE SOFTWARE Anti-malware resources are comprehensive solutions that maintain computer security and protect sensitive data that is transmitted by a network or stored on local devices. Anti-malware tools often include multiple components, including anti-spyware and phishing tools, as well as antivirus solutions for prominent viruses, which are isolated and identified by security resources. Anti-malware tools may employ scanning, strategies, freeware or licensed tools to detect rootkits, worms, trojans and other types of potentially damaging software. Each type of malware resource carries its own interface and system requirements, which impact user solutions for a given device or system.
  • 11. USES OF ANTIMALWARE The value of antimalware applications is recognized beyond simply scanning files for viruses. Antimalware can help prevent malware attacks by scanning all incoming data to prevent malware from being installed and infecting a computer. Antimalware programs can also detect advanced forms of malware and offer protection against ransomware attacks. Antimalware programs can help in the following ways:  Prevent users of from visiting websites known for containing malware;  Prevent malware from spreading to other computers in a computer system;  Provide insight into the number of infections and the time required for their removal; and  Provide insight into how the malware compromised the device or network.
  • 12. NETWORK TRAFFICANALYSIS Network traffic analysis (NTA) is a method of monitoring network availability and activity to identify anomalies, including security and operational issues. Common use cases for NTA include:  Collecting a real-time and historical record of what’s happening on your network  Detecting malware such as ransomware activity  Detecting the use of vulnerable protocols and ciphers  Troubleshooting a slow network  Improving internal visibility and eliminating blind spots.
  • 13. THE KEY BENEFITS OF NETWORK TRAFFIC ANALYSIS  Improved visibility into devices connecting to your network (e.G. Iot devices, healthcare visitors)  Meet compliance requirements  Troubleshoot operational and security issues  Respond to investigations faster with rich detail and additional network context.
  • 14. THE IMPORTANCE OF NETWORK TRAFFIC ANALYSIS The rise of ransomware as a common attack type in recent years makes network traffic monitoring even more critical. A network monitoring solution should be able to detect activity indicative of ransomware attacks via insecure protocols. Remote desktop protocol (rdp) is another commonly targeted application. Monitoring traffic inside your firewalls allows you to validate rules, gain valuable insight, and can also be used as a source of network traffic-based alerts. Telnet is an unencrypted protocol, session traffic will reveal command line interface (cli) command sequences appropriate for the make and model of the device. CLI strings may reveal login procedures, presentation of user credentials, commands to display boot or running configuration, copying files, and more.