SlideShare a Scribd company logo

Information-Security-Lecture-6.pptx

Download as PPTX, PDF
A
anbersattar

IS

Software
1 of 22
Reference: Corporate & Network Security, Chapter 1 Raymond R. Panko :
Copyright Pearson Prentice-Hall 2010  The threat environment—attackers and their attacks  Basic security terminology  Employee and ex-employee threats  Traditional external attackers  The criminal era and competitor threats  Cyberwar and cyberterror 2
Copyright Pearson Prentice-Hall 2010  Trojan Horses ◦ Rootkits  Take control of the super user account (root, administrator, etc.)  Can hide themselves from file system detection  Can hide malware from detection  Extremely difficult to detect (ordinary antivirus programs find few rootkits) 3 Rootkit detection programs often are specific to particular rootkits
Copyright Pearson Prentice-Hall 2010  Trojan Horses ◦ Rootkits 4 In 2005 Sony BMG downloaded a rootkit onto the PCs of people playing Sony BMG media disks. The discovery of this digital rights management (DRM) rootkit generated extreme negative publicity. The negative publicity increased when it was discovered that the rootkit left the PC open to attack by anyone. Lemos, http://www.securityfocus.com
Copyright Pearson Prentice-Hall 2010  Mobile Code 5 When you download a webpage it may contain executable code as well as text, images, sounds, and video. This is called mobile code because it executes on whatever machine downloads the webpage. In most cases mobile code is innocent and often is necessary if a user wishes to use a website’s functionality.
Copyright Pearson Prentice-Hall 2010  Mobile Code ◦ Executable code on a webpage ◦ Code is executed automatically when the webpage is downloaded ◦ Javascript, Microsoft Active-X controls, etc. ◦ Hostile code can do damage if computer has vulnerability 6
Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware 7 Social engineering attacks take advantage of flawed human judgment by convincing the victim to take actions that are counter to security policies
Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware ◦ Social engineering is attempting to trick users into doing something that goes against security policies 8 For example if an employee receives an email message warning about a mass layoff being imminent, he or she may open an attachment and therefore download a virus, worm, or trojan horse.
Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware ◦ Several types of malware use social engineering  Spam  Phishing  Spear phishing (aimed at individuals or specific groups)  Hoaxes 9
Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware  Spam 10 The bane of all email users is spam which is defined as unsolicited commercial e-mail. In addition to being annoying, spam messages are often fraudulent or advertize dangerous products
Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware  Spam 11 Spam has become a common vehicle for distributing viruses, worms, trojan horses, and many other types of malware According to MessageLabs, 73% of all e-mail messages were spam in March 2009. http://www.messagelabs.com
Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware  Spam 12 Even the load on networks caused by simply transmitting and storing spam can be significant. New forms of spam consist of image bodies in stead of text bodies to avoid detection from scanning programs. Image spam messages are much larger than traditional text spam messages.
Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware  Phishing (this is a normal phishing attack) 13 In phishing attacks victims receive email messages that appear to come from a bank or another firm with which the victim does business. The message may even direct the victim to an authentic-looking website. The official appearance of the message and website often fool the victim into giving out sensitive information. A Gartner survey in 2007 revealed that US consumers were scammed out of USD 3.2 billion that year.
Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware  Phishing 14 In 2004 when phishing was fairly new but already well known to consumers, a study showed consumers a group of email messages and asked whether each email was a phishing attack or not. The consumers judged 28% of the phishing messages to be legitimate messages. They also believed a fair number of legitimate messages were phishing messages.
Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware  Spear phishing (aimed at individuals or specific groups) 15 Normally phishing attacks tend to appeal broadly to many people so they can dupe as many people as possible. In one case a number of CEOs received a message disguising itself as a court order. The message directed the CEOs to a website uscourts.com. There the CEOs could find court documents and a plug-in to view the documents. The plug-in was spyware ! (http://www.pcworld.com) ; 2008
Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware  Hoaxes 16 The sulfnbk.exe hoax told computers that a virus called AOL.exe was travelling around the Internet. The hoax said that they should delete the file sulfnbk.exe. Victims who did so were really deleting their AOL access Other hoaxes have tried to persuade victims to delete their antivirus protection and even critical operating files needed for their computers operation.
Copyright Pearson Prentice-Hall 2010 17
Copyright Pearson Prentice-Hall 2010 18
Copyright Pearson Prentice-Hall 2010 19
Copyright Pearson Prentice-Hall 2010 20
 Unsubscribe from legitimate mailings that you no longer want to receive.  Be selective about the Web sites where you register your email address.  Avoid publishing your email address on the Internet.  Delete all spam.  Avoid clicking on suspicious links in email or IM messages as these may be links to spoofed websites. Copyright Pearson Prentice-Hall 2010 21
 Open unknown email attachments. These attachments could infect your computer.  Reply to spam. Typically the sender’s email address is forged, and replying may only result in more spam.  Fill out forms in messages that ask for personal or financial information or passwords  Buy products or services from spam messages.  Open spam messages. Copyright Pearson Prentice-Hall 2010 22

Recommended

Information-Security-Lecture-5.pptx
Information-Security-Lecture-5.pptxInformation-Security-Lecture-5.pptx
Information-Security-Lecture-5.pptxanbersattar
 
Information-Security-Lecture-4.pptx
Information-Security-Lecture-4.pptxInformation-Security-Lecture-4.pptx
Information-Security-Lecture-4.pptxanbersattar
 
Information-Security-Lecture-7.pptx
Information-Security-Lecture-7.pptxInformation-Security-Lecture-7.pptx
Information-Security-Lecture-7.pptxanbersattar
 
File000145
File000145File000145
File000145Desmond Devendran
 
Cybercrime
CybercrimeCybercrime
CybercrimeVinil Patel
 
Cybercrime
CybercrimeCybercrime
CybercrimeKeller Williams Lynchburg
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crimemukeshkaran
 
External threats to information system: Malicious software and computer crimes
External threats to information system: Malicious software and computer crimesExternal threats to information system: Malicious software and computer crimes
External threats to information system: Malicious software and computer crimesSouman Guha
 

Recommended

Information-Security-Lecture-5.pptx
Information-Security-Lecture-5.pptxInformation-Security-Lecture-5.pptx
Information-Security-Lecture-5.pptxanbersattar
 
Information-Security-Lecture-4.pptx
Information-Security-Lecture-4.pptxInformation-Security-Lecture-4.pptx
Information-Security-Lecture-4.pptxanbersattar
 
Information-Security-Lecture-7.pptx
Information-Security-Lecture-7.pptxInformation-Security-Lecture-7.pptx
Information-Security-Lecture-7.pptxanbersattar
 
File000145
File000145File000145
File000145Desmond Devendran
 
Cybercrime
CybercrimeCybercrime
CybercrimeVinil Patel
 
Cybercrime
CybercrimeCybercrime
CybercrimeKeller Williams Lynchburg
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crimemukeshkaran
 
External threats to information system: Malicious software and computer crimes
External threats to information system: Malicious software and computer crimesExternal threats to information system: Malicious software and computer crimes
External threats to information system: Malicious software and computer crimesSouman Guha
 
It presentation cyber crime
It presentation cyber crimeIt presentation cyber crime
It presentation cyber crimeAshish Ojha
 
Security and ethical challenges
Security and ethical challengesSecurity and ethical challenges
Security and ethical challengesVishakha Joshi
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-bBbAOC
 
Cyber crime and its types
Cyber crime and its typesCyber crime and its types
Cyber crime and its typesDINESH KAMBLE
 
Cyber crime
Cyber crimeCyber crime
Cyber crime24sneha
 
Powerpoint
PowerpointPowerpoint
PowerpointMarcelomazzocato
 
Hamza
HamzaHamza
HamzaHamzaBaqee
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII studentsAkiumi Hasegawa
 
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South AfricaCyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South AfricaJacqueline Fick
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introductionsunnysmith
 
Presentation1
Presentation1Presentation1
Presentation1Rachel Lasotas
 
Cybercrime and IT ACT
Cybercrime and IT ACTCybercrime and IT ACT
Cybercrime and IT ACTAkshay Bhardwaj
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineeringVi Tính Hoàng Nam
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBCapyn
 
Historical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes newHistorical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes newDr. Arun Verma
 
Social engineering
Social engineeringSocial engineering
Social engineeringlokenra
 
Computer crime (1)
Computer crime (1)Computer crime (1)
Computer crime (1)Shahd Elbadri
 
Cybercrime
CybercrimeCybercrime
Cybercrimeecommerce
 
Cybercrime
CybercrimeCybercrime
CybercrimeYash Kothari
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on SonyNick Bilogorskiy
 
8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catchiYogi
 
Guest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptxGuest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptxGudipudiDayanandam
 

More Related Content

What's hot

It presentation cyber crime
It presentation cyber crimeIt presentation cyber crime
It presentation cyber crimeAshish Ojha
 
Security and ethical challenges
Security and ethical challengesSecurity and ethical challenges
Security and ethical challengesVishakha Joshi
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-bBbAOC
 
Cyber crime and its types
Cyber crime and its typesCyber crime and its types
Cyber crime and its typesDINESH KAMBLE
 
Cyber crime
Cyber crimeCyber crime
Cyber crime24sneha
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII studentsAkiumi Hasegawa
 
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South AfricaCyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South AfricaJacqueline Fick
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introductionsunnysmith
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineeringVi Tính Hoàng Nam
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBCapyn
 
Historical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes newHistorical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes newDr. Arun Verma
 
Social engineering
Social engineeringSocial engineering
Social engineeringlokenra
 

What's hot (20)

It presentation cyber crime
It presentation cyber crimeIt presentation cyber crime
It presentation cyber crime
 
Security and ethical challenges
Security and ethical challengesSecurity and ethical challenges
Security and ethical challenges
 
Module 3 social engineering-b
Module 3 social engineering-bModule 3 social engineering-b
Module 3 social engineering-b
 
Cyber crime and its types
Cyber crime and its typesCyber crime and its types
Cyber crime and its types
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Powerpoint
PowerpointPowerpoint
Powerpoint
 
Hamza
HamzaHamza
Hamza
 
Lecture about network and host security to NII students
Lecture about network and host security to NII studentsLecture about network and host security to NII students
Lecture about network and host security to NII students
 
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South AfricaCyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
Cyber Crime 101: The Impact of Cyber Crime on Higher Education in South Africa
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
 
Presentation1
Presentation1Presentation1
Presentation1
 
Cybercrime and IT ACT
Cybercrime and IT ACTCybercrime and IT ACT
Cybercrime and IT ACT
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineering
 
csa2014 IBC
csa2014 IBCcsa2014 IBC
csa2014 IBC
 
Historical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes newHistorical genesis and evolution of cyber crimes new
Historical genesis and evolution of cyber crimes new
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Computer crime (1)
Computer crime (1)Computer crime (1)
Computer crime (1)
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on Sony
 

Similar to Information-Security-Lecture-6.pptx

8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catchiYogi
 
Guest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptxGuest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptxGudipudiDayanandam
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0dkp205
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingmentAswani34
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptxSibyJames1
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences MagazineThe Lifesciences Magazine
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
The process of computer security
The process of computer securityThe process of computer security
The process of computer securityWritingHubUK
 
Network Threats
Network ThreatsNetwork Threats
Network ThreatsDan Oblak
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Securitydkp205
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing AttacksRapid7
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security9784
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsDrPraveenKumar37
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
 
Week3-CyberSecurity 8th Semester important.pdf
Week3-CyberSecurity 8th Semester important.pdfWeek3-CyberSecurity 8th Semester important.pdf
Week3-CyberSecurity 8th Semester important.pdfMArshad35
 
14 cyber threats
14 cyber threats14 cyber threats
14 cyber threatsmahesh43211
 
Computer Security for Lawyers
Computer Security for LawyersComputer Security for Lawyers
Computer Security for LawyersMark Lanterman
 

Similar to Information-Security-Lecture-6.pptx (20)

8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch8 threats that even antivirus cannot catch
8 threats that even antivirus cannot catch
 
Guest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptxGuest Lecture-Computer and Cyber Security.pptx
Guest Lecture-Computer and Cyber Security.pptx
 
100812 internet security2.0
100812 internet security2.0100812 internet security2.0
100812 internet security2.0
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 
Edu 03 assingment
Edu 03 assingmentEdu 03 assingment
Edu 03 assingment
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptx
 
7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine7 Types of Cyber Security Threats | The Lifesciences Magazine
7 Types of Cyber Security Threats | The Lifesciences Magazine
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
The process of computer security
The process of computer securityThe process of computer security
The process of computer security
 
M
MM
M
 
Network Threats
Network ThreatsNetwork Threats
Network Threats
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Security
 
I.T Security Threats
I.T Security ThreatsI.T Security Threats
I.T Security Threats
 
Combating Phishing Attacks
Combating Phishing AttacksCombating Phishing Attacks
Combating Phishing Attacks
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering students
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
 
Week3-CyberSecurity 8th Semester important.pdf
Week3-CyberSecurity 8th Semester important.pdfWeek3-CyberSecurity 8th Semester important.pdf
Week3-CyberSecurity 8th Semester important.pdf
 
14 cyber threats
14 cyber threats14 cyber threats
14 cyber threats
 
Computer Security for Lawyers
Computer Security for LawyersComputer Security for Lawyers
Computer Security for Lawyers
 

Recently uploaded

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 

Recently uploaded (20)

5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 

Information-Security-Lecture-6.pptx

  • 1. Reference: Corporate & Network Security, Chapter 1 Raymond R. Panko :
  • 2. Copyright Pearson Prentice-Hall 2010  The threat environment—attackers and their attacks  Basic security terminology  Employee and ex-employee threats  Traditional external attackers  The criminal era and competitor threats  Cyberwar and cyberterror 2
  • 3. Copyright Pearson Prentice-Hall 2010  Trojan Horses ◦ Rootkits  Take control of the super user account (root, administrator, etc.)  Can hide themselves from file system detection  Can hide malware from detection  Extremely difficult to detect (ordinary antivirus programs find few rootkits) 3 Rootkit detection programs often are specific to particular rootkits
  • 4. Copyright Pearson Prentice-Hall 2010  Trojan Horses ◦ Rootkits 4 In 2005 Sony BMG downloaded a rootkit onto the PCs of people playing Sony BMG media disks. The discovery of this digital rights management (DRM) rootkit generated extreme negative publicity. The negative publicity increased when it was discovered that the rootkit left the PC open to attack by anyone. Lemos, http://www.securityfocus.com
  • 5. Copyright Pearson Prentice-Hall 2010  Mobile Code 5 When you download a webpage it may contain executable code as well as text, images, sounds, and video. This is called mobile code because it executes on whatever machine downloads the webpage. In most cases mobile code is innocent and often is necessary if a user wishes to use a website’s functionality.
  • 6. Copyright Pearson Prentice-Hall 2010  Mobile Code ◦ Executable code on a webpage ◦ Code is executed automatically when the webpage is downloaded ◦ Javascript, Microsoft Active-X controls, etc. ◦ Hostile code can do damage if computer has vulnerability 6
  • 7. Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware 7 Social engineering attacks take advantage of flawed human judgment by convincing the victim to take actions that are counter to security policies
  • 8. Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware ◦ Social engineering is attempting to trick users into doing something that goes against security policies 8 For example if an employee receives an email message warning about a mass layoff being imminent, he or she may open an attachment and therefore download a virus, worm, or trojan horse.
  • 9. Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware ◦ Several types of malware use social engineering  Spam  Phishing  Spear phishing (aimed at individuals or specific groups)  Hoaxes 9
  • 10. Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware  Spam 10 The bane of all email users is spam which is defined as unsolicited commercial e-mail. In addition to being annoying, spam messages are often fraudulent or advertize dangerous products
  • 11. Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware  Spam 11 Spam has become a common vehicle for distributing viruses, worms, trojan horses, and many other types of malware According to MessageLabs, 73% of all e-mail messages were spam in March 2009. http://www.messagelabs.com
  • 12. Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware  Spam 12 Even the load on networks caused by simply transmitting and storing spam can be significant. New forms of spam consist of image bodies in stead of text bodies to avoid detection from scanning programs. Image spam messages are much larger than traditional text spam messages.
  • 13. Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware  Phishing (this is a normal phishing attack) 13 In phishing attacks victims receive email messages that appear to come from a bank or another firm with which the victim does business. The message may even direct the victim to an authentic-looking website. The official appearance of the message and website often fool the victim into giving out sensitive information. A Gartner survey in 2007 revealed that US consumers were scammed out of USD 3.2 billion that year.
  • 14. Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware  Phishing 14 In 2004 when phishing was fairly new but already well known to consumers, a study showed consumers a group of email messages and asked whether each email was a phishing attack or not. The consumers judged 28% of the phishing messages to be legitimate messages. They also believed a fair number of legitimate messages were phishing messages.
  • 15. Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware  Spear phishing (aimed at individuals or specific groups) 15 Normally phishing attacks tend to appeal broadly to many people so they can dupe as many people as possible. In one case a number of CEOs received a message disguising itself as a court order. The message directed the CEOs to a website uscourts.com. There the CEOs could find court documents and a plug-in to view the documents. The plug-in was spyware ! (http://www.pcworld.com) ; 2008
  • 16. Copyright Pearson Prentice-Hall 2010  Social Engineering in Malware  Hoaxes 16 The sulfnbk.exe hoax told computers that a virus called AOL.exe was travelling around the Internet. The hoax said that they should delete the file sulfnbk.exe. Victims who did so were really deleting their AOL access Other hoaxes have tried to persuade victims to delete their antivirus protection and even critical operating files needed for their computers operation.
  • 21.  Unsubscribe from legitimate mailings that you no longer want to receive.  Be selective about the Web sites where you register your email address.  Avoid publishing your email address on the Internet.  Delete all spam.  Avoid clicking on suspicious links in email or IM messages as these may be links to spoofed websites. Copyright Pearson Prentice-Hall 2010 21
  • 22.  Open unknown email attachments. These attachments could infect your computer.  Reply to spam. Typically the sender’s email address is forged, and replying may only result in more spam.  Fill out forms in messages that ask for personal or financial information or passwords  Buy products or services from spam messages.  Open spam messages. Copyright Pearson Prentice-Hall 2010 22

Editor's Notes

  1. When you take a control of any type of computer or system by tricking the user (user & password ko compromise krna trick kr k) this is known as social engineering
  2. Some legitimate files which is being present inside your computer is not actually a legitimate files Hoaxes: These can take the form of false virus alerts (such as the "Good Times" hoax), chain letters, or attempts to spread false information about some issue (such as warnings that the Federal Government is about to tax e-mail).