Information Security- Threats and Attacks, Types of Threats,Trespassing, Espionage, Software Attacks, Trojan Horse, Worms,Worm Propagation Model, Virus

1. INFORMATION SECURITY
THREATS AND ATTACKS
PRESENTED TO: PRESENTED BY:
MISS. AKANKSHA DHEERAJ KATARIA

2. THREATS
 Threat: an object, person, or other entity that represents a
constant danger to an asset
 Management must be informed of the different threats
facing the organization
 By examining each threat category, management effectively
protects information through policy, education, training,
and technology controls

3. THREATS
The 2004 Computer Security Institute (CSI)/Federal
Bureau of Investigation (FBI) survey found:
 79 percent of organizations reported cyber security
breaches within the last 12 months
 54 percent of those organizations reported financial
losses totaling over $141 million

4. TYPES

5. Includes acts performed without malicious intent
Causes include:
 Inexperience
 Improper training
 Incorrect assumptions
Employees are among the greatest threats to an
organization’s data
ACTS OF HUMAN ERROR OR
FAILURE

6. Employee mistakes can easily lead to:
Revelation of classified data
Entry of erroneous data
Accidental data deletion or modification
Data storage in unprotected areas
Failure to protect information
Many of these threats can be prevented with
controls

8.  Access of protected information by unauthorized individuals
 Competitive intelligence (legal) vs. industrial
espionage (illegal)
 Shoulder surfing occurs anywhere a person accesses
confidential information
 Controls let trespassers know they are encroaching on
organization’s cyberspace
 Hackers uses skill, guile, or fraud to bypass controls
protecting others’ information
DELIBERATE ACTS OF ESPIONAGE OR
TRESPASS

10. Illegal taking of another’s physical, electronic, or
intellectual property
Physical theft is controlled relatively easily
Electronic theft is more complex problem; evidence
of crime not readily apparent
DELIBERATE ACTS OF THEFT

11. Malicious software (malware) designed to damage,
destroy, or deny service to target systems
Includes viruses, worms, Trojan horses, logic bombs,
back doors, and denial-of-services attacks
DELIBERATE SOFTWARE ATTACKS

12. TROJAN HORSE
Useful program that contains hidden code that
when invoked performs some unwanted or
harmful function
Can be used to accomplish functions indirectly
that an unauthorized user could not accomplish
directly
User may set file permission so everyone has
access

14.  Use network connections to spread from
system to system
 Electronic mail facility
 A worm mails a copy of itself to other systems
 Remote execution capability
 A worm executes a copy of itself on another system
 Remote log-in capability
 A worm logs on to a remote system as a user and then uses
commands to copy itself from one system to the other
WORMS

15. WORM PROPAGATION MODEL

16.  It is a computer program designed to copy itself and attach
itself to other files stored on a computer.
 It moves from computer to computer through by attaching
itself to files or boot records of disks.
 It can be sent through a network or a removable storage
device.
 Example:-
 Nimda virus (Garbage in subject in e-mail)
 Sircam Virus & Klez Virus (Some Long Note in
e-mail along with executable virus file)
VIRUS (VITAL INFORMATION
RESOURCE UNDER SIEGE )

17.  Password crack: attempting to reverse calculate a password
 Brute force: trying every possible combination of options of
a password
 Dictionary: selects specific accounts to attack and uses
commonly used passwords (i.e., the dictionary) to guide
guesses
ATTACKS

18.  Man-in-the-middle: attacker monitors network packets,
modifies them, and inserts them back into network