SlideShare a Scribd company logo

Quality of Information and Malware by Ashok Panwar

Download as PPTX, PDF
A
Ashok Panwar

1. The document discusses information security from an engineering and company perspective. It describes information as all the data a company owns, manages, and exchanges both internally and externally. 2. It explains that Claude Shannon's studies in the 1940s helped quantify information and define concepts like entropy and perfect secrecy. These concepts are important for analyzing classic cryptosystems but are not the focus of the document. 3. The document states that a company's information is its most valuable asset, as loss of data would make it difficult for the company to recover and remain competitive. Proper information security policies are vital for protection.

1 of 26
Presented by:- Ashok Panwar Technical Officer in ECIL (NPCIL) Tarapur, Mumbai
 Under engineering point of view: • Study of the characteristics and statistics of the language that will allow an analysis from a mathematical, scientific and technical focus.  Under company point of view: • All data that the company owns and manages and messages that persons and/or machines exchange inside an organization. Presented by:- Ashok Panwar Technical Officer in ECIL 2
 The study made by Claude Shannon in the years after the 2nd World War has allowed, besides other things: • To quantify the quantity of information. • To measure the entropy of information. • To define a system with a perfect secret. • To calculate the redundancy and rate of language. • To find the distance of unicity. The whole study made by Shannon is oriented to classic cryptosystems that encrypt letters, which are not of interest in this book. Nevertheless, in one of the following chapters we can see these systems on detail since they allow to analyze easily the perfect secret systems.  3 Presented by:- Ashok Panwar Technical Officer in ECIL
• It will be understood as: – The entire data and files that the company owns. – All the exchanged messages. – All the records about clients and providers. – All the records about products. – Definitely, the know-how of the organization. • If this information gets lost or it´s degraded, it will be very difficult for the company to recover itself to continue being competitive. For this reason, it is vital to implant security policies. 4 Presented by:- Ashok Panwar Technical Officer in ECIL
• The introduction of policies and actions to assure information security in the company is being taken into account only since last years of the past decade. In this new century, it is an estrategic factor for the develop and the success of such company. After the facts occurred in the Twin Towers in year 2001, several companies have disappear after loosing all its own information. It is a warning for all of us. • Success in one company will highly depend on the quality of information that it´s generated and managed. Thus, one company will have quality of information if this allows, besides other things, confidentiality, integrity and disponibility. 5 Presented by:- Ashok Panwar Technical Officer in ECIL
• Information (data) will be altered by many factors, affecting this basically to the aspects of confidentiality, integrity and disponibility of the company. • From the point of view of the company, one of the most important problems can be the one related with computing crimes, either by external or internal factors. We must be very careful with the internal factor. A dissatisfied employee... 6 Presented by:- Ashok Panwar Technical Officer in ECIL
Solution seems to be very simple: to apply new technics and security policies ... The treatment and vulnerability of the information will be influenced by other themes, like the current legal aspects. Besides, companies depend more on their communications and on their networkings everyday, what increases their insecurity. ... This idea is just starting to be seriously considered. Policy 1 Policy 2 Polícy 3 Polícy 4 Solution 7 Presented by:- Ashok Panwar Technical Officer in ECIL
A non authorized person could: • Classify and declassify data. • Filter information. • Alter information. • Erase information. • Usurp data. • Have a look at classified information. • Deduce confidential data. Therefore, protection of data results obvious 8 Presented by:- Ashok Panwar Technical Officer in ECIL
 The most elemental action to protect data is to determine a good policy of security copies or backups: • Complete Backup  All the data (the first time). • Incremental Backups  Only the files that have been created or modified since the last backup are copied. • Ellaboration of backup plans according to the total volume of generated information  Type of copies, cycle of this operation, correct labeling.  Diary, weekly, monthly: table creation. • Stablishing who, how and where data are kept. 9 Presented by:- Ashok Panwar Technical Officer in ECIL
• Hacker: – Initial definition inicial proposed by MIT engineers who were proud about their knowledge in computers. – Besides many other classifications we find White Hat´s one (not criminal in general), Black Hat (criminal in general) and Grey Hat (reconverted by companies). • Cracker: – Person who tries, ilegally, to break the security of a system only for entertainment or personal purposes. • Script kiddie: – An inexpert person, perhaps a boy, which uses programs downloaded from the Internet to attack systems. 10 Presented by:- Ashok Panwar Technical Officer in ECIL
Companies related to New Information Technologies NITs make use of several technics and tools for networks in order to provide data exchange: • File transference (ftp) • Information and data transference through Internet (http) • Remote connections to machines and servers (telnet) All these technics will suffer risks attacks on the part of computing delinquents, but ... 11 Presented by:- Ashok Panwar Technical Officer in ECIL
Even though being well organized these groups of delinquents, first of all we have to take it easy so we won't become paranoic. Futhermore, we must catch on that the real enemy can be inside our "home"... The solution continues being still the same: the implantation of an adecuate security policy inside the company. 12 Presented by:- Ashok Panwar Technical Officer in ECIL
These are actions that vulnerate confidentiality, integrity and disponibility of information. – Attacks to computers and network systems:  Fraud Misappropiation  Robbery  Sabotage  Spionage  Blackmail  Revelation  Mascarade  Virus  Worms  Trojans  Spam Let´s see some 13 Presented by:- Ashok Panwar Technical Officer in ECIL
Fraud Deliberated act of data manipulation by harming to a physical or juridical person that suffers this way an economic loss. The author of the crime obtains this way a benefice which uses to be economic. Sabotage Action by which it is desired to harm one company deliberately obstructing its functioning, damaging their equipment, tools, software, etc. The author does not usually obtain economic benefices but creates great chaos into the organization. 14 Presented by:- Ashok Panwar Technical Officer in ECIL
Blackmail Action that consists of demanding a certain quantity of money in order of not making public privileged or confidential information and that can affect thoroughly to that company, usually to its corporative image. Mascarade Utilization of one key by a non authorized person that gets into the system supplanting an identity. This way, the intruder will own then the documentation,information and data of other users that can be used, for instance, to blackmail the organization. 15 Presented by:- Ashok Panwar Technical Officer in ECIL
Virus Code designed to be introduced into a program, to modify or to destroy data. It is copied automatically to other programs to perpetuate its life cycle. It is very common that it spreads through templates, application macros and executable files. Worms Virus activated and transmited through the network. Its purpose it´s to multiplicate itself until running out the space of disks or RAM. It uses to be one of the most dangerous attacks because it normally produces collapses into the networks as we already know. 16 Presented by:- Ashok Panwar Technical Officer in ECIL
Trojans Virus that gets into the computer and shows a similar behaviour to that fact referred on the greek mithology. Thus, it seems to be an inoffensive thing or program when it is actually doing another thing and spreading itself. It can be very dangerous when the programmer or the company itself installs it into one program. Spam The spam or not desired email, although it cannot be properly considered as a real attack, the fact is that nowadays, it can produce important information losses in companies and organisms. 17 Presented by:- Ashok Panwar Technical Officer in ECIL
Communications nowadays work this way and they will grow more every time to become open systems like, for instance, current wireless networks, so new menaces will rise... This constant confrontation between the dark side or the evil (the Ying) and the light side or the good (the Yang), like this symbol belonging to ancestral religions and philosophies shows, will be inevitable in an intercomunicated and open system like current ones. There are lots of crimes and menaces. Perhaps in an inmediate future new crimes and attacks to computing and network systems will appear that, right now, we still do not know how they will be or which vulnerability will they exploit. 18 Presented by:- Ashok Panwar Technical Officer in ECIL
 Next slides are only a brief and elemental introduction to the world of computing viruses, oriented besides to the world of PCs and to the Windows environment. It does not seek to be a document that goes deeply into the virus and malware world as we could expect due to the importance of them nowadays.  This paragraph is included exactly on this chapter as one more factor to be taken into account as soon as the quality of information that we manage.  Many people consider this as minor theme; however, inside the companies this is one of the most important problems that responsibles in IT security may face. 19 Presented by:- Ashok Panwar Technical Officer in ECIL
• First example: John von Neuman in 1949. • First virus: M. Gouglas of Bell Laboratories creates the Core War in 1960. • Firsts attacks to PCs between 1985 and 1987: – Virus Jerusalem and Brain. • Inoffensives (balls, letters that move, etc.) – They just annoy and obstruct the work but do not destroy any information. They could reside inside the PC. • Malicious (Friday 13, Blaster, Nimbda, etc.) – They destroy all the data and affect to the integrity and disponibility of the system. They must be removed. http://www.virusbtn.com/ More information available in: 20 Presented by:- Ashok Panwar Technical Officer in ECIL
• They are transmited just through the execution of one program. This is very important to remember. • The email, by definition, cannot contain virus since is being formed only by text. Nevertheless, many times they contain attached files or either the visors execute any code into the email client of the user and these can have a virus included. This is the most critical point in security regarding virus; the trusting user, tempted by something, cheated with the denominated social engineeering, etc., opens the file. There resides the danger. • Web environment is still more dangerous. One link can launch a Java (or any other language) program that will be executed by the client and will infect or destroy the machine. 21 Presented by:- Ashok Panwar Technical Officer in ECIL
• There are some virus that infect programs with extensions exe, com and sys, for example. – They reside into the memory when the host is executed and they spread themselves to other files. • And some that infect the system and the boot sector and entrance tables (determined areas of the disk). – They are directly installed there and therefore they reside into the memory. 22 Presented by:- Ashok Panwar Technical Officer in ECIL
• Protect the removable disks -today mainly with USB flash technology- with the security jumper. It is a basic writing protection and also very elemental. • Install an antivirus SW and periodically keep it up-to-date. It is recommendable to do it once a week at least. • Execute the antivirus scan on the hard disk once a month. • Execute always the antivirus scan to every disk or CD introduced into the system and to the files downloaded from the Internet or attached in e-mails. • If you are not sure, resort to freeware tools in Internet (*). • Control the access of unknown people to the computer. • Use legal software, with license. http://www.virustotal.com/en/indexf.html 23 Presented by:- Ashok Panwar Technical Officer in ECIL
• Stop remote connections. • Do not activate the mouse or the keyboard. • Shutdown the system and disconnect it. • Boot with a bootable or emergency diskette protected and execute then an antivirus program. • If possible, make a backup of the files. Note: make backups often. • Format low level the hard disk if there´s no solution . • Install again the operative system and restore with data from backups. 24 Presented by:- Ashok Panwar Technical Officer in ECIL
1. What is the difference between the concept of information and its quality according to what a company or engineering studies understand? 2. Why is it said that the information of a company is its most valuable asset? Compare this asset with its own stuff and pose situations on which both are lost, which situation could be more damaging for the continuity of such company? 3. As security responsibles we´ve detected that somebody is making illegal actions, for example non authorized copies of information. What attitude shall we take? 4. What measures could be the most adecuated in order to minimize the virus attacks in our company? 5. If we desire to have our company protected both physically and logically, what should we do? 25 Presented by:- Ashok Panwar Technical Officer in ECIL
26

Recommended

USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
ijmvsc
 
Its report 050516
Its report 050516Its report 050516
Its report 050516
subramanian K
 
Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4
Sarah K Miller
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
IJNSA Journal
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
CBIZ, Inc.
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
Priscila Bernardes
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
Joel Cardella
 
Managing insider threat
Managing insider threatManaging insider threat
Managing insider threat
milliemill
 

Recommended

USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
ijmvsc
 
Its report 050516
Its report 050516Its report 050516
Its report 050516
subramanian K
 
Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4Cybersecurity for IAEM Region 4
Cybersecurity for IAEM Region 4
Sarah K Miller
 
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSESE-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
E-COMMERCE SYSTEMS SECURITY FOR SMALL BUSINESSES
IJNSA Journal
 
Social Engineering Audit & Security Awareness
Social Engineering Audit & Security AwarenessSocial Engineering Audit & Security Awareness
Social Engineering Audit & Security Awareness
CBIZ, Inc.
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
Priscila Bernardes
 
GRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of usersGRRCON 2013: Imparting security awareness to all levels of users
GRRCON 2013: Imparting security awareness to all levels of users
Joel Cardella
 
Managing insider threat
Managing insider threatManaging insider threat
Managing insider threat
milliemill
 
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Richard Common
 
Security Awareness Training Summary
Security Awareness Training SummarySecurity Awareness Training Summary
Security Awareness Training Summary
SNP Technologies, Inc.
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
abercius24
 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety Communications
Kory Edwards
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.
CAS
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
Jahangirnagar University
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
Chapter11
Chapter11Chapter11
Chapter11
Izaham
 
Human Error in Cyber Security
Human Error in Cyber SecurityHuman Error in Cyber Security
Human Error in Cyber Security
Antti Ollila
 
Ce hv8 module 09 social engineering
Ce hv8 module 09 social engineeringCe hv8 module 09 social engineering
Ce hv8 module 09 social engineering
Mehrdad Jingoism
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
Ahmed Musaad
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
Kory Edwards
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
Major Hayden
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
Murray Security Services
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial Planners
Michael O'Phelan
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
Nicholas Davis
 
Securing information systems
Securing information systemsSecuring information systems
Securing information systems
Prof. Othman Alsalloum
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up Summary
Nicholas Davis
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
The Network Support Company
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
Ahmad Sharifi
 
Secureview 2q 2011
Secureview 2q 2011Secureview 2q 2011
Secureview 2q 2011
Felipe Prado
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developers
techtutorus
 

More Related Content

What's hot

Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest Link
Richard Common
 
Security Awareness Training Summary
Security Awareness Training SummarySecurity Awareness Training Summary
Security Awareness Training Summary
SNP Technologies, Inc.
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
abercius24
 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety Communications
Kory Edwards
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.
CAS
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
Jahangirnagar University
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
David Menken
 
Chapter11
Chapter11Chapter11
Chapter11
Izaham
 
Human Error in Cyber Security
Human Error in Cyber SecurityHuman Error in Cyber Security
Human Error in Cyber Security
Antti Ollila
 
Ce hv8 module 09 social engineering
Ce hv8 module 09 social engineeringCe hv8 module 09 social engineering
Ce hv8 module 09 social engineering
Mehrdad Jingoism
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
Ahmed Musaad
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
Kory Edwards
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
Major Hayden
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
Murray Security Services
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial Planners
Michael O'Phelan
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
Nicholas Davis
 
Securing information systems
Securing information systemsSecuring information systems
Securing information systems
Prof. Othman Alsalloum
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up Summary
Nicholas Davis
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
The Network Support Company
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
Ahmad Sharifi
 

What's hot (20)

Insiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest LinkInsiders Guide to Social Engineering - End-Users are the Weakest Link
Insiders Guide to Social Engineering - End-Users are the Weakest Link
 
Security Awareness Training Summary
Security Awareness Training SummarySecurity Awareness Training Summary
Security Awareness Training Summary
 
Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"Social Engineering: "The Cyber-Con"
Social Engineering: "The Cyber-Con"
 
Cyber Threat to Public Safety Communications
Cyber Threat to Public Safety CommunicationsCyber Threat to Public Safety Communications
Cyber Threat to Public Safety Communications
 
The need for effective information security awareness practices.
The need for effective information security awareness practices.The need for effective information security awareness practices.
The need for effective information security awareness practices.
 
Social engineering: A Human Hacking Framework
Social engineering: A Human Hacking FrameworkSocial engineering: A Human Hacking Framework
Social engineering: A Human Hacking Framework
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
 
Chapter11
Chapter11Chapter11
Chapter11
 
Human Error in Cyber Security
Human Error in Cyber SecurityHuman Error in Cyber Security
Human Error in Cyber Security
 
Ce hv8 module 09 social engineering
Ce hv8 module 09 social engineeringCe hv8 module 09 social engineering
Ce hv8 module 09 social engineering
 
Social engineering tales
Social engineering tales Social engineering tales
Social engineering tales
 
Social Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized AccessSocial Engineering-The Underpinning of Unauthorized Access
Social Engineering-The Underpinning of Unauthorized Access
 
Five things I learned about information security
Five things I learned about information securityFive things I learned about information security
Five things I learned about information security
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 
Cyber Security for Financial Planners
Cyber Security for Financial PlannersCyber Security for Financial Planners
Cyber Security for Financial Planners
 
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
University of Wisconsin-Madison, Information Security 365/765 Course Summary,...
 
Securing information systems
Securing information systemsSecuring information systems
Securing information systems
 
Information Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up SummaryInformation Security Fall Semester 2016 - Course Wrap Up Summary
Information Security Fall Semester 2016 - Course Wrap Up Summary
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
 

Similar to Quality of Information and Malware by Ashok Panwar

Secureview 2q 2011
Secureview 2q 2011Secureview 2q 2011
Secureview 2q 2011
Felipe Prado
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developers
techtutorus
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
JIEMS Akkalkuwa
 
Research Paper Sentence OutlineResearch Question How e-commer.docx
Research Paper Sentence OutlineResearch Question How e-commer.docxResearch Paper Sentence OutlineResearch Question How e-commer.docx
Research Paper Sentence OutlineResearch Question How e-commer.docx
audeleypearl
 
Computer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docxComputer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docx
donnajames55
 
Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...
Quinnipiac University
 
Network security
Network securityNetwork security
Network security
mena kaheel
 
Forensics
ForensicsForensics
Forensics
Laura Aviles
 
Information Security And The Healthcare
Information Security And The HealthcareInformation Security And The Healthcare
Information Security And The Healthcare
Tracy Berry
 
Inconvenient Truth(s) - On Application Security (from 2007)
Inconvenient Truth(s) - On Application Security (from 2007)Inconvenient Truth(s) - On Application Security (from 2007)
Inconvenient Truth(s) - On Application Security (from 2007)
Dinis Cruz
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
christiandean12115
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
Institute of Chartered Secretaries and Administrators
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
Rwik Kumar Dutta
 
Lesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryptionLesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryption
Lexume1
 
computer and society impact of Computer in society
computer and society impact of Computer in society computer and society impact of Computer in society
computer and society impact of Computer in society
Sumama Shakir
 
Social & professional issues in IT
Social & professional issues in ITSocial & professional issues in IT
Social & professional issues in IT
Rohana K Amarakoon
 
Lesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryptionLesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryption
Lexume1
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptx
asharshaikh8
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
monacofamily
 
Ethical hacking.
Ethical hacking.Ethical hacking.
Ethical hacking.
Khushboo Aggarwal
 

Similar to Quality of Information and Malware by Ashok Panwar (20)

Secureview 2q 2011
Secureview 2q 2011Secureview 2q 2011
Secureview 2q 2011
 
Cyber security for Developers
Cyber security for DevelopersCyber security for Developers
Cyber security for Developers
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
 
Research Paper Sentence OutlineResearch Question How e-commer.docx
Research Paper Sentence OutlineResearch Question How e-commer.docxResearch Paper Sentence OutlineResearch Question How e-commer.docx
Research Paper Sentence OutlineResearch Question How e-commer.docx
 
Computer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docxComputer ForensicsDiscussion 1Forensics Certifications Ple.docx
Computer ForensicsDiscussion 1Forensics Certifications Ple.docx
 
Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...Ethical Hacking A high-level information security study on protecting a comp...
Ethical Hacking A high-level information security study on protecting a comp...
 
Network security
Network securityNetwork security
Network security
 
Forensics
ForensicsForensics
Forensics
 
Information Security And The Healthcare
Information Security And The HealthcareInformation Security And The Healthcare
Information Security And The Healthcare
 
Inconvenient Truth(s) - On Application Security (from 2007)
Inconvenient Truth(s) - On Application Security (from 2007)Inconvenient Truth(s) - On Application Security (from 2007)
Inconvenient Truth(s) - On Application Security (from 2007)
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
 
Ethical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its ProspectsEthical Hacking, Its relevance and Its Prospects
Ethical Hacking, Its relevance and Its Prospects
 
Lesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryptionLesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryption
 
computer and society impact of Computer in society
computer and society impact of Computer in society computer and society impact of Computer in society
computer and society impact of Computer in society
 
Social & professional issues in IT
Social & professional issues in ITSocial & professional issues in IT
Social & professional issues in IT
 
Lesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryptionLesson2.9 o u2l6 who cares about encryption
Lesson2.9 o u2l6 who cares about encryption
 
Ashar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptxAshar Shaikh A-84 SEMINAR.pptx
Ashar Shaikh A-84 SEMINAR.pptx
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Ethical hacking.
Ethical hacking.Ethical hacking.
Ethical hacking.
 

More from Ashok Panwar

Simulation and Performance Analysis of AODV using NS 2.34 by Ashok Panwar
Simulation and Performance Analysis of AODV using NS 2.34 by Ashok PanwarSimulation and Performance Analysis of AODV using NS 2.34 by Ashok Panwar
Simulation and Performance Analysis of AODV using NS 2.34 by Ashok Panwar
Ashok Panwar
 
Secure Routing with AODV Protocol for MANET by Ashok Panwar
Secure Routing with AODV Protocol for MANET by Ashok PanwarSecure Routing with AODV Protocol for MANET by Ashok Panwar
Secure Routing with AODV Protocol for MANET by Ashok Panwar
Ashok Panwar
 
Secure Mail Application's by Ashok Panwar
Secure Mail Application's by Ashok PanwarSecure Mail Application's by Ashok Panwar
Secure Mail Application's by Ashok Panwar
Ashok Panwar
 
Routing Protocols in MANET's by Ashok Panwar
Routing Protocols in MANET's by Ashok PanwarRouting Protocols in MANET's by Ashok Panwar
Routing Protocols in MANET's by Ashok Panwar
Ashok Panwar
 
Performance Analysis of AODV Protocol on Black-Hole Attack by Ashok Panwar
Performance Analysis of AODV Protocol on Black-Hole Attack by Ashok PanwarPerformance Analysis of AODV Protocol on Black-Hole Attack by Ashok Panwar
Performance Analysis of AODV Protocol on Black-Hole Attack by Ashok Panwar
Ashok Panwar
 
Network Management by Ashok Panwar
Network Management by Ashok PanwarNetwork Management by Ashok Panwar
Network Management by Ashok Panwar
Ashok Panwar
 
Introduction to Security Management by Ashok Panwar
Introduction to Security Management by Ashok PanwarIntroduction to Security Management by Ashok Panwar
Introduction to Security Management by Ashok Panwar
Ashok Panwar
 
Firewalls & Trusted Systems by Ashok Panwar
Firewalls & Trusted Systems by Ashok PanwarFirewalls & Trusted Systems by Ashok Panwar
Firewalls & Trusted Systems by Ashok Panwar
Ashok Panwar
 
Ad-hoc Networks by Ashok Panwar
Ad-hoc Networks by Ashok PanwarAd-hoc Networks by Ashok Panwar
Ad-hoc Networks by Ashok Panwar
Ashok Panwar
 
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok Panwar
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok PanwarAd hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok Panwar
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok Panwar
Ashok Panwar
 
Ad-hoc networking with AODV
Ad-hoc networking with AODVAd-hoc networking with AODV
Ad-hoc networking with AODV
Ashok Panwar
 

More from Ashok Panwar (11)

Simulation and Performance Analysis of AODV using NS 2.34 by Ashok Panwar
Simulation and Performance Analysis of AODV using NS 2.34 by Ashok PanwarSimulation and Performance Analysis of AODV using NS 2.34 by Ashok Panwar
Simulation and Performance Analysis of AODV using NS 2.34 by Ashok Panwar
 
Secure Routing with AODV Protocol for MANET by Ashok Panwar
Secure Routing with AODV Protocol for MANET by Ashok PanwarSecure Routing with AODV Protocol for MANET by Ashok Panwar
Secure Routing with AODV Protocol for MANET by Ashok Panwar
 
Secure Mail Application's by Ashok Panwar
Secure Mail Application's by Ashok PanwarSecure Mail Application's by Ashok Panwar
Secure Mail Application's by Ashok Panwar
 
Routing Protocols in MANET's by Ashok Panwar
Routing Protocols in MANET's by Ashok PanwarRouting Protocols in MANET's by Ashok Panwar
Routing Protocols in MANET's by Ashok Panwar
 
Performance Analysis of AODV Protocol on Black-Hole Attack by Ashok Panwar
Performance Analysis of AODV Protocol on Black-Hole Attack by Ashok PanwarPerformance Analysis of AODV Protocol on Black-Hole Attack by Ashok Panwar
Performance Analysis of AODV Protocol on Black-Hole Attack by Ashok Panwar
 
Network Management by Ashok Panwar
Network Management by Ashok PanwarNetwork Management by Ashok Panwar
Network Management by Ashok Panwar
 
Introduction to Security Management by Ashok Panwar
Introduction to Security Management by Ashok PanwarIntroduction to Security Management by Ashok Panwar
Introduction to Security Management by Ashok Panwar
 
Firewalls & Trusted Systems by Ashok Panwar
Firewalls & Trusted Systems by Ashok PanwarFirewalls & Trusted Systems by Ashok Panwar
Firewalls & Trusted Systems by Ashok Panwar
 
Ad-hoc Networks by Ashok Panwar
Ad-hoc Networks by Ashok PanwarAd-hoc Networks by Ashok Panwar
Ad-hoc Networks by Ashok Panwar
 
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok Panwar
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok PanwarAd hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok Panwar
Ad hoc On-demand Distance Vector (AODV) Routing Protocol by Ashok Panwar
 
Ad-hoc networking with AODV
Ad-hoc networking with AODVAd-hoc networking with AODV
Ad-hoc networking with AODV
 

Recently uploaded

Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
APNIC
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
Tarandeep Singh
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
k4ncd0z
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
APNIC
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
3a0sd7z3
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Donato Onofri
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
thezot
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
3a0sd7z3
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
rtunex8r
 

Recently uploaded (12)

Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
 
Bengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal BrandingBengaluru Dreamin' 24 - Personal Branding
Bengaluru Dreamin' 24 - Personal Branding
 
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理一比一原版(USYD毕业证)悉尼大学毕业证如何办理
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
 
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
 
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
 
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process HollowingHijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
 
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
 

Quality of Information and Malware by Ashok Panwar

  • 1. Presented by:- Ashok Panwar Technical Officer in ECIL (NPCIL) Tarapur, Mumbai
  • 2.  Under engineering point of view: • Study of the characteristics and statistics of the language that will allow an analysis from a mathematical, scientific and technical focus.  Under company point of view: • All data that the company owns and manages and messages that persons and/or machines exchange inside an organization. Presented by:- Ashok Panwar Technical Officer in ECIL 2
  • 3.  The study made by Claude Shannon in the years after the 2nd World War has allowed, besides other things: • To quantify the quantity of information. • To measure the entropy of information. • To define a system with a perfect secret. • To calculate the redundancy and rate of language. • To find the distance of unicity. The whole study made by Shannon is oriented to classic cryptosystems that encrypt letters, which are not of interest in this book. Nevertheless, in one of the following chapters we can see these systems on detail since they allow to analyze easily the perfect secret systems.  3 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 4. • It will be understood as: – The entire data and files that the company owns. – All the exchanged messages. – All the records about clients and providers. – All the records about products. – Definitely, the know-how of the organization. • If this information gets lost or it´s degraded, it will be very difficult for the company to recover itself to continue being competitive. For this reason, it is vital to implant security policies. 4 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 5. • The introduction of policies and actions to assure information security in the company is being taken into account only since last years of the past decade. In this new century, it is an estrategic factor for the develop and the success of such company. After the facts occurred in the Twin Towers in year 2001, several companies have disappear after loosing all its own information. It is a warning for all of us. • Success in one company will highly depend on the quality of information that it´s generated and managed. Thus, one company will have quality of information if this allows, besides other things, confidentiality, integrity and disponibility. 5 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 6. • Information (data) will be altered by many factors, affecting this basically to the aspects of confidentiality, integrity and disponibility of the company. • From the point of view of the company, one of the most important problems can be the one related with computing crimes, either by external or internal factors. We must be very careful with the internal factor. A dissatisfied employee... 6 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 7. Solution seems to be very simple: to apply new technics and security policies ... The treatment and vulnerability of the information will be influenced by other themes, like the current legal aspects. Besides, companies depend more on their communications and on their networkings everyday, what increases their insecurity. ... This idea is just starting to be seriously considered. Policy 1 Policy 2 Polícy 3 Polícy 4 Solution 7 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 8. A non authorized person could: • Classify and declassify data. • Filter information. • Alter information. • Erase information. • Usurp data. • Have a look at classified information. • Deduce confidential data. Therefore, protection of data results obvious 8 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 9.  The most elemental action to protect data is to determine a good policy of security copies or backups: • Complete Backup  All the data (the first time). • Incremental Backups  Only the files that have been created or modified since the last backup are copied. • Ellaboration of backup plans according to the total volume of generated information  Type of copies, cycle of this operation, correct labeling.  Diary, weekly, monthly: table creation. • Stablishing who, how and where data are kept. 9 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 10. • Hacker: – Initial definition inicial proposed by MIT engineers who were proud about their knowledge in computers. – Besides many other classifications we find White Hat´s one (not criminal in general), Black Hat (criminal in general) and Grey Hat (reconverted by companies). • Cracker: – Person who tries, ilegally, to break the security of a system only for entertainment or personal purposes. • Script kiddie: – An inexpert person, perhaps a boy, which uses programs downloaded from the Internet to attack systems. 10 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 11. Companies related to New Information Technologies NITs make use of several technics and tools for networks in order to provide data exchange: • File transference (ftp) • Information and data transference through Internet (http) • Remote connections to machines and servers (telnet) All these technics will suffer risks attacks on the part of computing delinquents, but ... 11 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 12. Even though being well organized these groups of delinquents, first of all we have to take it easy so we won't become paranoic. Futhermore, we must catch on that the real enemy can be inside our "home"... The solution continues being still the same: the implantation of an adecuate security policy inside the company. 12 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 13. These are actions that vulnerate confidentiality, integrity and disponibility of information. – Attacks to computers and network systems:  Fraud Misappropiation  Robbery  Sabotage  Spionage  Blackmail  Revelation  Mascarade  Virus  Worms  Trojans  Spam Let´s see some 13 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 14. Fraud Deliberated act of data manipulation by harming to a physical or juridical person that suffers this way an economic loss. The author of the crime obtains this way a benefice which uses to be economic. Sabotage Action by which it is desired to harm one company deliberately obstructing its functioning, damaging their equipment, tools, software, etc. The author does not usually obtain economic benefices but creates great chaos into the organization. 14 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 15. Blackmail Action that consists of demanding a certain quantity of money in order of not making public privileged or confidential information and that can affect thoroughly to that company, usually to its corporative image. Mascarade Utilization of one key by a non authorized person that gets into the system supplanting an identity. This way, the intruder will own then the documentation,information and data of other users that can be used, for instance, to blackmail the organization. 15 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 16. Virus Code designed to be introduced into a program, to modify or to destroy data. It is copied automatically to other programs to perpetuate its life cycle. It is very common that it spreads through templates, application macros and executable files. Worms Virus activated and transmited through the network. Its purpose it´s to multiplicate itself until running out the space of disks or RAM. It uses to be one of the most dangerous attacks because it normally produces collapses into the networks as we already know. 16 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 17. Trojans Virus that gets into the computer and shows a similar behaviour to that fact referred on the greek mithology. Thus, it seems to be an inoffensive thing or program when it is actually doing another thing and spreading itself. It can be very dangerous when the programmer or the company itself installs it into one program. Spam The spam or not desired email, although it cannot be properly considered as a real attack, the fact is that nowadays, it can produce important information losses in companies and organisms. 17 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 18. Communications nowadays work this way and they will grow more every time to become open systems like, for instance, current wireless networks, so new menaces will rise... This constant confrontation between the dark side or the evil (the Ying) and the light side or the good (the Yang), like this symbol belonging to ancestral religions and philosophies shows, will be inevitable in an intercomunicated and open system like current ones. There are lots of crimes and menaces. Perhaps in an inmediate future new crimes and attacks to computing and network systems will appear that, right now, we still do not know how they will be or which vulnerability will they exploit. 18 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 19.  Next slides are only a brief and elemental introduction to the world of computing viruses, oriented besides to the world of PCs and to the Windows environment. It does not seek to be a document that goes deeply into the virus and malware world as we could expect due to the importance of them nowadays.  This paragraph is included exactly on this chapter as one more factor to be taken into account as soon as the quality of information that we manage.  Many people consider this as minor theme; however, inside the companies this is one of the most important problems that responsibles in IT security may face. 19 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 20. • First example: John von Neuman in 1949. • First virus: M. Gouglas of Bell Laboratories creates the Core War in 1960. • Firsts attacks to PCs between 1985 and 1987: – Virus Jerusalem and Brain. • Inoffensives (balls, letters that move, etc.) – They just annoy and obstruct the work but do not destroy any information. They could reside inside the PC. • Malicious (Friday 13, Blaster, Nimbda, etc.) – They destroy all the data and affect to the integrity and disponibility of the system. They must be removed. http://www.virusbtn.com/ More information available in: 20 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 21. • They are transmited just through the execution of one program. This is very important to remember. • The email, by definition, cannot contain virus since is being formed only by text. Nevertheless, many times they contain attached files or either the visors execute any code into the email client of the user and these can have a virus included. This is the most critical point in security regarding virus; the trusting user, tempted by something, cheated with the denominated social engineeering, etc., opens the file. There resides the danger. • Web environment is still more dangerous. One link can launch a Java (or any other language) program that will be executed by the client and will infect or destroy the machine. 21 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 22. • There are some virus that infect programs with extensions exe, com and sys, for example. – They reside into the memory when the host is executed and they spread themselves to other files. • And some that infect the system and the boot sector and entrance tables (determined areas of the disk). – They are directly installed there and therefore they reside into the memory. 22 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 23. • Protect the removable disks -today mainly with USB flash technology- with the security jumper. It is a basic writing protection and also very elemental. • Install an antivirus SW and periodically keep it up-to-date. It is recommendable to do it once a week at least. • Execute the antivirus scan on the hard disk once a month. • Execute always the antivirus scan to every disk or CD introduced into the system and to the files downloaded from the Internet or attached in e-mails. • If you are not sure, resort to freeware tools in Internet (*). • Control the access of unknown people to the computer. • Use legal software, with license. http://www.virustotal.com/en/indexf.html 23 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 24. • Stop remote connections. • Do not activate the mouse or the keyboard. • Shutdown the system and disconnect it. • Boot with a bootable or emergency diskette protected and execute then an antivirus program. • If possible, make a backup of the files. Note: make backups often. • Format low level the hard disk if there´s no solution . • Install again the operative system and restore with data from backups. 24 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 25. 1. What is the difference between the concept of information and its quality according to what a company or engineering studies understand? 2. Why is it said that the information of a company is its most valuable asset? Compare this asset with its own stuff and pose situations on which both are lost, which situation could be more damaging for the continuity of such company? 3. As security responsibles we´ve detected that somebody is making illegal actions, for example non authorized copies of information. What attitude shall we take? 4. What measures could be the most adecuated in order to minimize the virus attacks in our company? 5. If we desire to have our company protected both physically and logically, what should we do? 25 Presented by:- Ashok Panwar Technical Officer in ECIL
  • 26. 26

Editor's Notes

  1. NOTAS SOBRE EL TEMA:
  2. NOTAS SOBRE EL TEMA:
  3. NOTAS SOBRE EL TEMA:
  4. NOTAS SOBRE EL TEMA:
  5. NOTAS SOBRE EL TEMA:
  6. NOTAS SOBRE EL TEMA:
  7. NOTAS SOBRE EL TEMA:
  8. NOTAS SOBRE EL TEMA:
  9. NOTAS SOBRE EL TEMA:
  10. NOTAS SOBRE EL TEMA:
  11. NOTAS SOBRE EL TEMA:
  12. NOTAS SOBRE EL TEMA:
  13. NOTAS SOBRE EL TEMA:
  14. NOTAS SOBRE EL TEMA:
  15. NOTAS SOBRE EL TEMA:
  16. NOTAS SOBRE EL TEMA:
  17. NOTAS SOBRE EL TEMA:
  18. NOTAS SOBRE EL TEMA:
  19. NOTAS SOBRE EL TEMA:
  20. NOTAS SOBRE EL TEMA:
  21. NOTAS SOBRE EL TEMA:
  22. NOTAS SOBRE EL TEMA:
  23. NOTAS SOBRE EL TEMA:
  24. NOTAS SOBRE EL TEMA:
  25. NOTAS SOBRE EL TEMA: