SlideShare a Scribd company logo

Lecture 2.pptx

Download as PPTX, PDF
M
MuhammadRehan856177

Computer Networks and implications with IT infrastructure

1 of 15
Lecture 2 Components of IT Infrastructure Author: Muhammad Rehan
Objective • Revision of basic security terms, threat, threat agent, vulnerability, Risk etc. • Virtual Operating System and Environment, installation • Computer network, Network components, • Protocols, IP Address. Transport Layer, Network Layer • Organizational Infrastructure and loopholes Understanding of common cyber security threats and risks
Security Terms Authentication: The process of identifying a user’s identity, making sure that they can have access to the system and/or files. This can be accomplished either by a password, retina scan, or fingerprint scan, sometimes even a combination of the above. Botnet: A combination of the words “robot” and “network”, a botnet is a network of computers that have been infected with a virus, and now are working continuously in order to create security breaches. Data Breach: The result of a hacker successfully breaking into a system, gaining control of its network and exposing its data. DDoS: The acronym stands for Distributed Denial of Service and is a favorite Black Hat tool. Using multiple hosts and users, hackers bombard a website with a tidal wave of requests to such an extent that it locks up the system and forces it to temporarily shut down. Domain: A series of computers and associated peripherals (routers, printers, scanners), that are all connected as one entity. Encryption: Coding used to protect your information from hackers. Think of it like the code cipher used to send a top-secret coded spy message. Exploit: A means of attack on a computer system, either a series of commands, malicious software, or piece of infected data.
Security Terms … Firewall: Any technology, be it software or hardware, used to keep intruders out. Hacker, Black Hat: Any hacker who attempts to gain unauthorized access to a system with the intent to cause mischief, damage, or theft. They can be motivated by greed, a political agenda Hacker, White Hat: A hacker who is invited to test out computer systems and servers, looking for vulnerabilities, for the purposes of informing the host of where security needs to be buffed up. Malware: A portmanteau of “malicious” and “software”, describing a wide variety of bad software used to infect and/or damage a system. Ransomware, worms, viruses, and trojans are all considered malware. It most often delivered via spam emails. Man in the Middle Attack: An attack on the “middleman”, in this case, defined as the Wi-Fi system that connects users to the Internet. Hackers who commit Man in the Middle Attacks can break the Wi-Fi’s encryption and use this as a means of stealing your personal data because they’re now in the system. Phishing: A scam where a hacker poses as a legitimate business or organization (especially credit card companies, banks, charities, Internet providers, other utilities) in order to fool the victim into giving them sensitive personal information or inducing them to click a link or attachment that ends up delivering malware.
Security Terms … Ransomware: A form of malware that hijacks your system and encrypts your files, denying you access to them until you send money to unlock everything. Spoofing: When a hacker changes the IP address of an email so that it seems to come from a trusted source. Spyware: A form of malware used by hackers to spy on you and your computer activities. Trojan Horse: Yet another form of malware, this one a misleading computer program that looks innocent, but in fact allows the hacker into your system via a back door, allowing them to control your computer. Virus: Malware which changes, corrupts, or destroys information, and is then passed on to other systems. VPN: An acronym standing for Virtual Private Network, a VPN is a method of connecting a series of computers and devices in a private encrypted network, with each user’s IP address being replaced by the VPN’s IP address. Users get Internet anonymity, making it difficult for hackers to attack. Worm: Malware that can reproduce itself for the purposes of spreading itself to other computers in the network. Particularly nasty, worms can either be simply a means of slowing down a system by eating up resources, or by committing exploits such as installing back doors or stealing data.
Security threats for business • Phishing • SMS-Based Phishing • PDF Scams • Malware & Ransomware • Database exposure • Credential Stuffing • Accidental Sharing • Man-In-The-Middle
How to prevent threats Phishing: • First, watch for unusual emails and instant messages. They may start with unusual wording such as “Dear Customer” instead of using your name, have bad grammar, or have a generic signature. • Second, be cautious in clicking links or giving sensitive information, even if it appears legitimate. If in doubt, directly contact the source to make sure they sent the message. • And third, install anti-phishing toolbars on internet browsers. These toolbars alert you to sites containing phishing information. SMS-Based Phishing: • First, never open a link in a text message. Most banks and businesses do not ask for information via SMS message - they call or mail you. • Second, watch for misspellings or generic language. Like email phishing, smishing often contains generic language like “Dear Customer, “Sir,” or “Madam.” • And third, if you think the message is legitimate, call the business directly or go to your online account to give the information. This ensures no valuable data falls into the wrong hands.
How to prevent threats … PDF Scams: • First, train your employees to watch for generic or unusual email addresses. For example, if someone gets bank statements through email, ensure the sender’s email address is from the bank and not a generic address. • Second, watch for unusual and generic headings. Instead of using your name, PDF scams often use generic terms like “Sir” or “Madam.” • And third, make sure you have updated and secure virus protection on your computers and network. If someone happens to open up a PDF scam, having security in place goes a long way in protecting your business and alerting your IT department. Malware & Ransomware: • First, make sure you keep all your computer software and hardware updated. Outdated software, drivers, and other plugins are common security vulnerabilities. If you have an IT service provider, check with them to make sure this is happening on your servers. • Second, enable click-to-play plugins to keep Flash or Java from running unless you click a link. This reduces the risk of running malware programs with Flash or Java. • And third, removing old software, sometimes referred to as Legacy Apps, reduces risk. For example, if your computer has Windows 10, but you run programs designed for Windows 7, these are considered Legacy Apps and may be a security risk. Your software company should be able to give you an updated program designed for Windows 10.
How to prevent threats … Database exposure: • First, if you have a private server, keep the physical hardware in a secure and locked room. This helps prevent theft if your building is robbed, and it keeps unauthorized personnel from accessing it with a portable hard drive. • Second, make sure you have a database firewall and web application firewall. A locked door protects your physical server and hardware, and firewalls protect your server on the internet. • Third, keep access to the server limited. Each person with a login to the server is a potential leak, so the fewer logins, the better. • And fourth, encrypt the data on the server and keep a regular backup. Credential Stuffing: • First, implement 2-Factor Authentication for account logins. This requires an email or phone verification along with the standard username and password. • Second, use different passwords for every account and program your employee’s access. If one account is hacked, the hacker will not have access to more accounts with the same password. • And third, never share passwords with other people. If you have a shared account for some reason, always give the password verbally, never through electronic communication.
How to prevent threats … Accidental Sharing: • First, limit the number of employees who have access to data. The more people who have access to information, the higher the chance for human error in sharing the data. • And second, implement user activity monitoring software. This allows you to track and discover if your data is in danger. It also provides solutions to prevent accidental sharing. Man-In-The-Middle: • First, avoid WiFi connections that are not secure. If you have employees working remotely, don’t allow them to access sensitive company data over public WiFi networks. • Second, make sure your employees do not interact with websites that are not secure. If a URL is not a secure website, it will only show “HTTP” instead of “HTTPS” in front of the URL. The browser should also show an alert that the URL is not secure. If this happens, leave the site immediately. • And third, make sure that your internet connections and internet devices are always updated with the latest security updates. Having outdated software or unsecured internet portals creates potential access points for MITM hackers.
Computer Network Components Computer network components are the major parts which are needed to install the software. Some important network components are NIC, switch, cable, hub, router, and modem. NIC: • NIC stands for network interface card. • NIC is a hardware component used to connect a computer with another computer onto a network • It can support a transfer rate of 10,100 to 1000 Mb/s. • The MAC address or physical address is encoded on the network card chip which is assigned by the IEEE to identify a network card uniquely. The MAC address is stored in the PROM (Programmable read-only memory). Two types of NIC: • Wired NIC • Wireless NIC
Computer Network Components … Hub: A Hub is a hardware device that divides the network connection among multiple devices. When computer requests for some information from a network, it first sends the request to the Hub through cable. Switch: A switch is a hardware device that connects multiple devices on a computer network. A Switch contains more advanced features than Hub. The Switch contains the updated table that decides where the data is transmitted or not. Switch delivers the message to the correct destination based on the physical address present in the incoming message. Router: A router is a hardware device which is used to connect a LAN with an internet connection. It is used to receive, analyze and forward the incoming packets to another network. • A router works in a Layer 3 (Network layer) of the OSI Reference model. • A router forwards the packet based on the information available in the routing table. • It determines the best path from the available paths for the transmission of the packet.
Security Operations Center (soc) The function of a security operations team and, frequently, of a security operations center (SOC), is to monitor, detect, investigate, and respond to cyber threats around the clock. 10 key functions performed by the SOC: 1. Take Stock of Available Resources 2. Preparation and Preventative Maintenance 3. Continuous Proactive Monitoring 4. Alert Ranking and Management 5. Threat Response 6. Recovery and Remediation 7. Log Management 8. Root Cause Investigation 9. Security Refinement and Improvement 10. Compliance Management
Protocols, IP Address There are three main types of network protocols: • Network management protocols • Network communication protocols • Network security protocols Examples: TCP/IP (Transmission Control Protocol/Internet Protocol) HTTPS (Secure HyperText Transmission Protocol) SMTP (Simple Mail Transfer Protocol) DNS (Domain Name System)
OSI Model • Physical Layer (Deals with the hardware of networks.) • Data Link Layer (This layer receives data from the physical layer and compiles it into a transform form called framing or frame.) • Network Layer (This layer performs real time processing and transfers data from nodes to nodes.) • Transport Layer (This layer transmits data from source to destination node.) • Session Layer (The session layer creates a session between the source and the destination nodes and terminates sessions on completion of the communication process.) • Presentation Layer (The functions of encryption and decryption are defined on this layer.) • Application Layer (This layer works at the user end to interact with user applications. QoS (quality of service), file transfer and email are the major popular services of the application layer.)

Recommended

Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
Adebisi Tolulope
 
Information security
Information securityInformation security
Information security
Laxmiprasad Bansod
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering students
DrPraveenKumar37
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.angelaag98
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Small Business
 
Computer security
Computer securityComputer security
Computer security
EktaVaswani2
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
Cybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Cybersecurity : Tips and Tools to Properly Protect Your Digital AssetsCybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Cybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Samuel862293
 

Recommended

Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
Adebisi Tolulope
 
Information security
Information securityInformation security
Information security
Laxmiprasad Bansod
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering students
DrPraveenKumar37
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.angelaag98
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Small Business
 
Computer security
Computer securityComputer security
Computer security
EktaVaswani2
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
WindstoneHealth
 
Cybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Cybersecurity : Tips and Tools to Properly Protect Your Digital AssetsCybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Cybersecurity : Tips and Tools to Properly Protect Your Digital Assets
Samuel862293
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
Haider Ali Malik
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptx
SibyJames1
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptx
Kirti Verma
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
Art Ocain
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”
tunzida045
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”
tunzida045
 
Cyber crime & security
Cyber crime & security Cyber crime & security
Cyber crime & security
aravindanvaithilinga
 
Computing safety
Computing safetyComputing safety
Computing safety
Brulius
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
Adeel Khurram
 
Data security
Data security Data security
Data security
Laura Breese
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Salma Zafar
 
Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security
Sanguine_Eva
 
Internet security
Internet securityInternet security
Internet securityat1211
 
Common Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptxCommon Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptx
KalponikPrem
 
Cyber-Security-.ppt
Cyber-Security-.pptCyber-Security-.ppt
Cyber-Security-.ppt
karthikvcyber
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
JenetSilence
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingSyed Irshad Ali
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
Mayank Kashyap
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 
Lecture 10.pptx
Lecture 10.pptxLecture 10.pptx
Lecture 10.pptx
MuhammadRehan856177
 
Event Programming JavaScript
Event Programming JavaScriptEvent Programming JavaScript
Event Programming JavaScript
MuhammadRehan856177
 

More Related Content

Similar to Lecture 2.pptx

Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
Haider Ali Malik
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
JoselitoJMebolos
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptx
SibyJames1
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptx
Kirti Verma
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
Art Ocain
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”
tunzida045
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”
tunzida045
 
Cyber crime & security
Cyber crime & security Cyber crime & security
Cyber crime & security
aravindanvaithilinga
 
Computing safety
Computing safetyComputing safety
Computing safety
Brulius
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
Adeel Khurram
 
Data security
Data security Data security
Data security
Laura Breese
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Salma Zafar
 
Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security
Sanguine_Eva
 
Internet security
Internet securityInternet security
Internet securityat1211
 
Common Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptxCommon Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptx
KalponikPrem
 
Cyber-Security-.ppt
Cyber-Security-.pptCyber-Security-.ppt
Cyber-Security-.ppt
karthikvcyber
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
JenetSilence
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
Mayank Kashyap
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
William Mann
 

Similar to Lecture 2.pptx (20)

Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptx
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptx
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”
 
Cyber crime & security
Cyber crime & security Cyber crime & security
Cyber crime & security
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 
Data security
Data security Data security
Data security
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security
 
Internet security
Internet securityInternet security
Internet security
 
Common Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptxCommon Types of Cyber Attacks & How to Prevent Them.pptx
Common Types of Cyber Attacks & How to Prevent Them.pptx
 
Cyber-Security-.ppt
Cyber-Security-.pptCyber-Security-.ppt
Cyber-Security-.ppt
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 

More from MuhammadRehan856177

Lecture 10.pptx
Lecture 10.pptxLecture 10.pptx
Lecture 10.pptx
MuhammadRehan856177
 
Event Programming JavaScript
Event Programming JavaScriptEvent Programming JavaScript
Event Programming JavaScript
MuhammadRehan856177
 
Intrusion .ppt
Intrusion .pptIntrusion .ppt
Intrusion .ppt
MuhammadRehan856177
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
MuhammadRehan856177
 
Lecture 3.pptx
Lecture 3.pptxLecture 3.pptx
Lecture 3.pptx
MuhammadRehan856177
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
MuhammadRehan856177
 
Lecture 2.ppt
Lecture 2.pptLecture 2.ppt
Lecture 2.ppt
MuhammadRehan856177
 
Introduction to JavaScript (1).ppt
Introduction to JavaScript (1).pptIntroduction to JavaScript (1).ppt
Introduction to JavaScript (1).ppt
MuhammadRehan856177
 
3. HTML Forms.ppt
3. HTML Forms.ppt3. HTML Forms.ppt
3. HTML Forms.ppt
MuhammadRehan856177
 
2. HTML Tables.ppt
2. HTML Tables.ppt2. HTML Tables.ppt
2. HTML Tables.ppt
MuhammadRehan856177
 

More from MuhammadRehan856177 (10)

Lecture 10.pptx
Lecture 10.pptxLecture 10.pptx
Lecture 10.pptx
 
Event Programming JavaScript
Event Programming JavaScriptEvent Programming JavaScript
Event Programming JavaScript
 
Intrusion .ppt
Intrusion .pptIntrusion .ppt
Intrusion .ppt
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
Lecture 3.pptx
Lecture 3.pptxLecture 3.pptx
Lecture 3.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Lecture 2.ppt
Lecture 2.pptLecture 2.ppt
Lecture 2.ppt
 
Introduction to JavaScript (1).ppt
Introduction to JavaScript (1).pptIntroduction to JavaScript (1).ppt
Introduction to JavaScript (1).ppt
 
3. HTML Forms.ppt
3. HTML Forms.ppt3. HTML Forms.ppt
3. HTML Forms.ppt
 
2. HTML Tables.ppt
2. HTML Tables.ppt2. HTML Tables.ppt
2. HTML Tables.ppt
 

Recently uploaded

Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)
Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)
Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)
Lviv Startup Club
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
WilliamRodrigues148
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
Kirill Klimov
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
NZSG
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
taqyed
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
SynapseIndia
 
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
bosssp10
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
agatadrynko
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
SOFTTECHHUB
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
Norma Mushkat Gaffin
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Arihant Webtech Pvt. Ltd
 
Project File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdfProject File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdf
RajPriye
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
DerekIwanaka1
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
usawebmarket
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Adam Smith
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
Cynthia Clay
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdfBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
daothibichhang1
 
In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
Adani case
 

Recently uploaded (20)

Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)
Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)
Helen Lubchak: Тренди в управлінні проєктами та miltech (UA)
 
Training my puppy and implementation in this story
Training my puppy and implementation in this storyTraining my puppy and implementation in this story
Training my puppy and implementation in this story
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
 
Premium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern BusinessesPremium MEAN Stack Development Solutions for Modern Businesses
Premium MEAN Stack Development Solutions for Modern Businesses
 
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
 
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdfikea_woodgreen_petscharity_cat-alogue_digital.pdf
ikea_woodgreen_petscharity_cat-alogue_digital.pdf
 
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
Hamster Kombat' Telegram Game Surpasses 100 Million Players—Token Release Sch...
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
 
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdfSearch Disrupted Google’s Leaked Documents Rock the SEO World.pdf
Search Disrupted Google’s Leaked Documents Rock the SEO World.pdf
 
Project File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdfProject File Report BBA 6th semester.pdf
Project File Report BBA 6th semester.pdf
 
BeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdfBeMetals Investor Presentation_June 1, 2024.pdf
BeMetals Investor Presentation_June 1, 2024.pdf
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
 
The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...The Influence of Marketing Strategy and Market Competition on Business Perfor...
The Influence of Marketing Strategy and Market Competition on Business Perfor...
 
Putting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptxPutting the SPARK into Virtual Training.pptx
Putting the SPARK into Virtual Training.pptx
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdfBài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
Bài tập - Tiếng anh 11 Global Success UNIT 1 - Bản HS.doc.pdf
 
In the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptxIn the Adani-Hindenburg case, what is SEBI investigating.pptx
In the Adani-Hindenburg case, what is SEBI investigating.pptx
 

Lecture 2.pptx

  • 1. Lecture 2 Components of IT Infrastructure Author: Muhammad Rehan
  • 2. Objective • Revision of basic security terms, threat, threat agent, vulnerability, Risk etc. • Virtual Operating System and Environment, installation • Computer network, Network components, • Protocols, IP Address. Transport Layer, Network Layer • Organizational Infrastructure and loopholes Understanding of common cyber security threats and risks
  • 3. Security Terms Authentication: The process of identifying a user’s identity, making sure that they can have access to the system and/or files. This can be accomplished either by a password, retina scan, or fingerprint scan, sometimes even a combination of the above. Botnet: A combination of the words “robot” and “network”, a botnet is a network of computers that have been infected with a virus, and now are working continuously in order to create security breaches. Data Breach: The result of a hacker successfully breaking into a system, gaining control of its network and exposing its data. DDoS: The acronym stands for Distributed Denial of Service and is a favorite Black Hat tool. Using multiple hosts and users, hackers bombard a website with a tidal wave of requests to such an extent that it locks up the system and forces it to temporarily shut down. Domain: A series of computers and associated peripherals (routers, printers, scanners), that are all connected as one entity. Encryption: Coding used to protect your information from hackers. Think of it like the code cipher used to send a top-secret coded spy message. Exploit: A means of attack on a computer system, either a series of commands, malicious software, or piece of infected data.
  • 4. Security Terms … Firewall: Any technology, be it software or hardware, used to keep intruders out. Hacker, Black Hat: Any hacker who attempts to gain unauthorized access to a system with the intent to cause mischief, damage, or theft. They can be motivated by greed, a political agenda Hacker, White Hat: A hacker who is invited to test out computer systems and servers, looking for vulnerabilities, for the purposes of informing the host of where security needs to be buffed up. Malware: A portmanteau of “malicious” and “software”, describing a wide variety of bad software used to infect and/or damage a system. Ransomware, worms, viruses, and trojans are all considered malware. It most often delivered via spam emails. Man in the Middle Attack: An attack on the “middleman”, in this case, defined as the Wi-Fi system that connects users to the Internet. Hackers who commit Man in the Middle Attacks can break the Wi-Fi’s encryption and use this as a means of stealing your personal data because they’re now in the system. Phishing: A scam where a hacker poses as a legitimate business or organization (especially credit card companies, banks, charities, Internet providers, other utilities) in order to fool the victim into giving them sensitive personal information or inducing them to click a link or attachment that ends up delivering malware.
  • 5. Security Terms … Ransomware: A form of malware that hijacks your system and encrypts your files, denying you access to them until you send money to unlock everything. Spoofing: When a hacker changes the IP address of an email so that it seems to come from a trusted source. Spyware: A form of malware used by hackers to spy on you and your computer activities. Trojan Horse: Yet another form of malware, this one a misleading computer program that looks innocent, but in fact allows the hacker into your system via a back door, allowing them to control your computer. Virus: Malware which changes, corrupts, or destroys information, and is then passed on to other systems. VPN: An acronym standing for Virtual Private Network, a VPN is a method of connecting a series of computers and devices in a private encrypted network, with each user’s IP address being replaced by the VPN’s IP address. Users get Internet anonymity, making it difficult for hackers to attack. Worm: Malware that can reproduce itself for the purposes of spreading itself to other computers in the network. Particularly nasty, worms can either be simply a means of slowing down a system by eating up resources, or by committing exploits such as installing back doors or stealing data.
  • 6. Security threats for business • Phishing • SMS-Based Phishing • PDF Scams • Malware & Ransomware • Database exposure • Credential Stuffing • Accidental Sharing • Man-In-The-Middle
  • 7. How to prevent threats Phishing: • First, watch for unusual emails and instant messages. They may start with unusual wording such as “Dear Customer” instead of using your name, have bad grammar, or have a generic signature. • Second, be cautious in clicking links or giving sensitive information, even if it appears legitimate. If in doubt, directly contact the source to make sure they sent the message. • And third, install anti-phishing toolbars on internet browsers. These toolbars alert you to sites containing phishing information. SMS-Based Phishing: • First, never open a link in a text message. Most banks and businesses do not ask for information via SMS message - they call or mail you. • Second, watch for misspellings or generic language. Like email phishing, smishing often contains generic language like “Dear Customer, “Sir,” or “Madam.” • And third, if you think the message is legitimate, call the business directly or go to your online account to give the information. This ensures no valuable data falls into the wrong hands.
  • 8. How to prevent threats … PDF Scams: • First, train your employees to watch for generic or unusual email addresses. For example, if someone gets bank statements through email, ensure the sender’s email address is from the bank and not a generic address. • Second, watch for unusual and generic headings. Instead of using your name, PDF scams often use generic terms like “Sir” or “Madam.” • And third, make sure you have updated and secure virus protection on your computers and network. If someone happens to open up a PDF scam, having security in place goes a long way in protecting your business and alerting your IT department. Malware & Ransomware: • First, make sure you keep all your computer software and hardware updated. Outdated software, drivers, and other plugins are common security vulnerabilities. If you have an IT service provider, check with them to make sure this is happening on your servers. • Second, enable click-to-play plugins to keep Flash or Java from running unless you click a link. This reduces the risk of running malware programs with Flash or Java. • And third, removing old software, sometimes referred to as Legacy Apps, reduces risk. For example, if your computer has Windows 10, but you run programs designed for Windows 7, these are considered Legacy Apps and may be a security risk. Your software company should be able to give you an updated program designed for Windows 10.
  • 9. How to prevent threats … Database exposure: • First, if you have a private server, keep the physical hardware in a secure and locked room. This helps prevent theft if your building is robbed, and it keeps unauthorized personnel from accessing it with a portable hard drive. • Second, make sure you have a database firewall and web application firewall. A locked door protects your physical server and hardware, and firewalls protect your server on the internet. • Third, keep access to the server limited. Each person with a login to the server is a potential leak, so the fewer logins, the better. • And fourth, encrypt the data on the server and keep a regular backup. Credential Stuffing: • First, implement 2-Factor Authentication for account logins. This requires an email or phone verification along with the standard username and password. • Second, use different passwords for every account and program your employee’s access. If one account is hacked, the hacker will not have access to more accounts with the same password. • And third, never share passwords with other people. If you have a shared account for some reason, always give the password verbally, never through electronic communication.
  • 10. How to prevent threats … Accidental Sharing: • First, limit the number of employees who have access to data. The more people who have access to information, the higher the chance for human error in sharing the data. • And second, implement user activity monitoring software. This allows you to track and discover if your data is in danger. It also provides solutions to prevent accidental sharing. Man-In-The-Middle: • First, avoid WiFi connections that are not secure. If you have employees working remotely, don’t allow them to access sensitive company data over public WiFi networks. • Second, make sure your employees do not interact with websites that are not secure. If a URL is not a secure website, it will only show “HTTP” instead of “HTTPS” in front of the URL. The browser should also show an alert that the URL is not secure. If this happens, leave the site immediately. • And third, make sure that your internet connections and internet devices are always updated with the latest security updates. Having outdated software or unsecured internet portals creates potential access points for MITM hackers.
  • 11. Computer Network Components Computer network components are the major parts which are needed to install the software. Some important network components are NIC, switch, cable, hub, router, and modem. NIC: • NIC stands for network interface card. • NIC is a hardware component used to connect a computer with another computer onto a network • It can support a transfer rate of 10,100 to 1000 Mb/s. • The MAC address or physical address is encoded on the network card chip which is assigned by the IEEE to identify a network card uniquely. The MAC address is stored in the PROM (Programmable read-only memory). Two types of NIC: • Wired NIC • Wireless NIC
  • 12. Computer Network Components … Hub: A Hub is a hardware device that divides the network connection among multiple devices. When computer requests for some information from a network, it first sends the request to the Hub through cable. Switch: A switch is a hardware device that connects multiple devices on a computer network. A Switch contains more advanced features than Hub. The Switch contains the updated table that decides where the data is transmitted or not. Switch delivers the message to the correct destination based on the physical address present in the incoming message. Router: A router is a hardware device which is used to connect a LAN with an internet connection. It is used to receive, analyze and forward the incoming packets to another network. • A router works in a Layer 3 (Network layer) of the OSI Reference model. • A router forwards the packet based on the information available in the routing table. • It determines the best path from the available paths for the transmission of the packet.
  • 13. Security Operations Center (soc) The function of a security operations team and, frequently, of a security operations center (SOC), is to monitor, detect, investigate, and respond to cyber threats around the clock. 10 key functions performed by the SOC: 1. Take Stock of Available Resources 2. Preparation and Preventative Maintenance 3. Continuous Proactive Monitoring 4. Alert Ranking and Management 5. Threat Response 6. Recovery and Remediation 7. Log Management 8. Root Cause Investigation 9. Security Refinement and Improvement 10. Compliance Management
  • 14. Protocols, IP Address There are three main types of network protocols: • Network management protocols • Network communication protocols • Network security protocols Examples: TCP/IP (Transmission Control Protocol/Internet Protocol) HTTPS (Secure HyperText Transmission Protocol) SMTP (Simple Mail Transfer Protocol) DNS (Domain Name System)
  • 15. OSI Model • Physical Layer (Deals with the hardware of networks.) • Data Link Layer (This layer receives data from the physical layer and compiles it into a transform form called framing or frame.) • Network Layer (This layer performs real time processing and transfers data from nodes to nodes.) • Transport Layer (This layer transmits data from source to destination node.) • Session Layer (The session layer creates a session between the source and the destination nodes and terminates sessions on completion of the communication process.) • Presentation Layer (The functions of encryption and decryption are defined on this layer.) • Application Layer (This layer works at the user end to interact with user applications. QoS (quality of service), file transfer and email are the major popular services of the application layer.)