SlideShare a Scribd company logo

Security & threats Presentation => (Presenter: Komal Mehfooz)

Download as PPTX, PDF
Komal Mehfooz
Komal Mehfooz

Presenter: Komal Mehfooz

Engineering
1 of 25
GROUP MEMBERS Names: Komal Mehfooz Rafia Khalid Hazeema Mateen Iqra Sohail
 The state of being free from danger or threat.  The system is designed to provide maximum security against toxic spills. Or another definition is: In the context of computer science, security is the prevention of, or protection against, access to information by unauthorized recipients, and. intentional but unauthorized destruction or alteration of that information.
 Security violations (or misuse) of the system can be categorized as intentional (malicious) or accidental.  It is easier to protect against accidental misuse than against malicious misuse. For the most part, protection mechanisms are the core of protection from accidents. Note: In discussion of security , we use the terms intruder and cracker for those attempting to breach security.  A threat is the potential for a security violation, such as the discovery of a vulnerability, whereas an attack is the attempt to break security.
Breach of confidentiality: This type of violation involves unauthorized reading of data (or theft of information). Typically, a breach of confidentiality is the goal of an intruder. Capturing secret data from a system or a data stream, such as credit-card information or identity information for identity theft, can result directly in money for the intruder.
Breach of integrity: This violation involves unauthorized modification of data. Such attacks can, for example, result in passing of liability to an innocent party or modification of the source code of an important commercial application. Breach of availability: This violation involves unauthorized destruction of data. Some crackers would rather wreak havoc and gain status or bragging rights than gain financially. Web-site defacement is a common example of this type of security breach. Theft of service: This violation involves unauthorized use of resources. For example, an intruder (or intrusion program) may install a daemon on a system that acts as a file server.
Denial of service: (DOS) This violation involves preventing legitimate use of the system. Denial-of-service, or DOS , attacks are sometimes accidental. The original Internet worm turned into a DOS attack when a bug failed to delay its rapid spread.  Attackers use several standard methods in their attempts to breach security. The most common is masquerading, in which one participant in a communication pretends to be someone else (another host or another person).  By masquerading, attackers breach authentication, the correctness of identification; they can then gain access that they would not normally be allowed or escalate their privileges—obtain privileges to which they would not normally be entitled. Another common attack is to replay a captured exchange of data.  A replay attack consists of the malicious or fraudulent repeat of a valid data transmission. Sometimes the replay comprises the entire attack—for example, in a repeat of a request to transfer money. But frequently it is done along with message modification, again to escalate privileges.
To protect a system, we must take security measures at  Physical: four levels: The site or sites containing the computer systems must be physically secured against armed or surreptitious entry by intruders. Both the machine rooms and the terminals or workstations that have access to the machines must be secured.  Human: Authorization must be done carefully to assure that only appropriate users have access to the system. Even authorized users, however, may be “encouraged” to let others use their access (in exchange for a bribe, for example). They may also be tricked into allowing access via social engineering. One type of social- engineering attack is phishing.
 Operating system: The system must protect itself from accidental or purposeful security breaches. A runaway process could constitute an accidental denial-of-service attack. A query to a service could reveal passwords. A stack overflow could allow the launching of an unauthorized process. The list of possible breaches is almost endless.  Network: Much computer data in modern systems travels over private Leased lines, shared lines like the Internet , wireless connections , or dial-up lines. Intercepting these data could be just as harmful as breaking into a Computer ; and interruption of communications could constitute a remote denial-of service attack, diminishing users use of and trust in the system.
 In computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.  A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.
What is Malware ? Malware is a malicious software. This software include the program that exploit the vulnerabilities in computing system. The purpose of malicious software is harm you or steal the information from you.
Types of Threats:  In computing, a Trojan horse is a program which purports to do some benign task, but secretly performs some additional malicious task. A classic example is a password-grabbing login program which prints authentic-looking "username“ and "password" prompts, and waits for a user to type in the information.  When this happens, the password grabber stashes the information away for its creator, then prints out an "invalid password" message before running the real login program. The unsuspecting user thinks they made a typing mistake and reenters the information, none the wiser. TROJAN HORSE
Spyware is software which collects information from a computer and transmits it to someone else. The exact information spyware gathers may vary, but can include anything which potentially has value: Different Ways: 1. Usernames and passwords. These might be harvested from files on the machine, or by recording what the user types using a key logger. A key logger differs from a Trojan horse in that a key logger passively captures key strokes only; no active deception is involved. 2. Email addresses, which would have value to a spammer. 3. Bank account and credit card numbers. 4. Software license keys, to facilitate software pirating.
The oldest type of malicious software. This program is embedded with some other program. When certain condition meets, the logic bomb will destroy your pc.  It also crash at particular date which is fixed by attacker. It will be included in legitimate or authorized person like this: legitimate code if date is Friday the 13th: crash_computer legitimate code E.g.: if some antivirus trying to delete or clean the logic bomb. The logic bomb will destroy the pc.
One special kind of back door is a RAT, which stands for Remote Administration Tool or Remote Access Trojan, depending on who's asked. These programs allow a computer to be monitored and controlled remotely; username = read_username() password = read_password() if tisername i s "133t h4ck0r": return ALLOW^LOGIN if username and password are valid: return ALLOW_LOGIN e l s e: return DENY^LOGIN
A virus is malware that, when executed, tries to replicate itself into other executable code; when it succeeds, the code is said to be infected. The infected code, when run, can infect new code in turn. This self-replication into existing executable code is the key defining characteristic of a virus. Types of Viruses: 1. Parasitic virus: Traditional and common virus. This will be attached with EXE files and search for other EXE file to infect them. 2. Memory Resident Virus: Present in your system memory as a system program. From here onwards it will infects all program that executes. 3. Boot Sector Virus: Infects the boot record and spread when the system is booted from the disk containing the virus. 4. Stealth Virus: This virus hides itself from detection of antivirus scanning.
A worm shares several characteristics with a Virus.  The most important characteristic is that worms are self-replicating too, but self-replication of a worm is distinct in two ways. First, worms are standalone, and do not rely on other executable code. Second, worms spread from machine to machine across networks.
 The stack- or buffer-overflow attack is the most common way for an attacker outside the system, on a network or dial-up connection, to gain unauthorized access to the target system. An authorized user of the system may also use this exploit for privilege escalation.  Essentially, the attack exploits a bug in a program. The bug can be a simple case of poor programming , in which the programmer neglected to code bounds checking on an input field. In this case, the attacker sends more data than the program was expecting. By using trial and error, or by examining the source code of the attacked program if it is available, the attacker determines the vulnerability and writes a program to do the following:
Three Steps:  1. Overflow an input field, command-line argument, or input buffer—for example, on a network daemon—until it writes into the stack.  2. Overwrite the current return address on the stack with the address of the exploit code loaded in step 3.  3. Write a simple set of code for the next space in the stack that includes the commands that the attacker wishes to execute—for instance, spawn a shell.
Note: that a careful programmer could have performed bounds checking on the sizeof argv[1] by using the strncpy() function rather than strcpy(), replacing the line “ strcpy(buffer, argv[1]); ” with “ strncpy(buffer, argv[1], sizeof(buffer)-1); ”. Unfortunately, good bounds checking is the exception rather than the norm. #include < stdio.h > #define BUFFER SIZE 256 int main(int argc, char *argv[]) { char buffer[BUFFER SIZE]; if (argc < 2) return -1; else { strcpy(buffer,argv[1]); return 0; } } Example: C program with buffer-overflow condition.
Code Segment:  A cracker could execute a buffer-overflow attack. Her goal is to replace the return address in the stack frame so that it now points to the code segment containing the attacking program.  The programmer first writes a short code segment such as the following: #include <stdio.h> int main(int argc, char *argv[]) { execvp(‘‘ bin sh’’,‘‘ bin sh’’, NULL); return 0; } Using the execvp() system call, this code segment creates a shell process.
THANK YOU

Recommended

Computer security
Computer securityComputer security
Computer securitysruthiKrishnaG
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Cyber security
Cyber security Cyber security
Cyber security ankit yadav
 
Presentation1
Presentation1Presentation1
Presentation1aisyah2007
 
Access Controls Attacks
Access Controls AttacksAccess Controls Attacks
Access Controls AttacksHafiza Abas
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8Shruthi Reddy
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System ThreatsReddhi Basu
 
Security threats
Security threatsSecurity threats
Security threatsIntegral university, India
 

Recommended

Computer security
Computer securityComputer security
Computer securitysruthiKrishnaG
 
Different types of attacks in internet
Different types of attacks in internetDifferent types of attacks in internet
Different types of attacks in internetRohan Bharadwaj
 
Cyber security
Cyber security Cyber security
Cyber security ankit yadav
 
Presentation1
Presentation1Presentation1
Presentation1aisyah2007
 
Access Controls Attacks
Access Controls AttacksAccess Controls Attacks
Access Controls AttacksHafiza Abas
 
Ns unit 6,7,8
Ns unit 6,7,8Ns unit 6,7,8
Ns unit 6,7,8Shruthi Reddy
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System ThreatsReddhi Basu
 
Security threats
Security threatsSecurity threats
Security threatsIntegral university, India
 
Sam sam
Sam sam Sam sam
Sam sam malvvv
 
Access control attacks by Yaakub bin Idris
Access control attacks by Yaakub bin IdrisAccess control attacks by Yaakub bin Idris
Access control attacks by Yaakub bin IdrisHafiza Abas
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacksphanleson
 
Program Threats
Program ThreatsProgram Threats
Program Threatsguestab0ee0
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethicsArgie242424
 
Virus-trojan and salami attacks
Virus-trojan and salami attacksVirus-trojan and salami attacks
Virus-trojan and salami attacksariifuddin
 
Cyber Attacks
Cyber AttacksCyber Attacks
Cyber AttacksInsiya Tarwala
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and virusesAamlan Saswat Mishra
 
Computer Virus
Computer Virus Computer Virus
Computer Virus bebo
 
Cyber Security-Ethical Hacking
Cyber Security-Ethical HackingCyber Security-Ethical Hacking
Cyber Security-Ethical HackingViral Parmar
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking PresentationAnimesh Behera
 
Learn Hacking With Gflixacademy
Learn Hacking With GflixacademyLearn Hacking With Gflixacademy
Learn Hacking With GflixacademyGaurav Mishra
 
Types of malware threats
Types of malware threatsTypes of malware threats
Types of malware threatsEC-Council
 
The trojan horse virus
The trojan horse virusThe trojan horse virus
The trojan horse virusHTS Hosting
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and RisksInformation Technology
 
Attack lecture #2 ppt
Attack lecture #2 pptAttack lecture #2 ppt
Attack lecture #2 pptvasanthimuniasamy
 
Intruders detection
Intruders detectionIntruders detection
Intruders detectionEhtisham Ali
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating systemAbdullah Khosa
 
Security R U Totally Secure !
Security R U Totally Secure ! Security R U Totally Secure !
Security R U Totally Secure ! trendy updates
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Securitypadmeshagrekar
 
Unit 7
Unit 7Unit 7
Unit 7Vinod Kumar Gorrepati
 
System Security
System SecuritySystem Security
System SecurityReddhi Basu
 

More Related Content

What's hot

Sam sam
Sam sam Sam sam
Sam sam malvvv
 
Access control attacks by Yaakub bin Idris
Access control attacks by Yaakub bin IdrisAccess control attacks by Yaakub bin Idris
Access control attacks by Yaakub bin IdrisHafiza Abas
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacksphanleson
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethicsArgie242424
 
Virus-trojan and salami attacks
Virus-trojan and salami attacksVirus-trojan and salami attacks
Virus-trojan and salami attacksariifuddin
 
Computer Virus
Computer Virus Computer Virus
Computer Virus bebo
 
Cyber Security-Ethical Hacking
Cyber Security-Ethical HackingCyber Security-Ethical Hacking
Cyber Security-Ethical HackingViral Parmar
 
Learn Hacking With Gflixacademy
Learn Hacking With GflixacademyLearn Hacking With Gflixacademy
Learn Hacking With GflixacademyGaurav Mishra
 
Types of malware threats
Types of malware threatsTypes of malware threats
Types of malware threatsEC-Council
 
The trojan horse virus
The trojan horse virusThe trojan horse virus
The trojan horse virusHTS Hosting
 
Intruders detection
Intruders detectionIntruders detection
Intruders detectionEhtisham Ali
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating systemAbdullah Khosa
 
Security R U Totally Secure !
Security R U Totally Secure ! Security R U Totally Secure !
Security R U Totally Secure ! trendy updates
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Securitypadmeshagrekar
 

What's hot (20)

Sam sam
Sam sam Sam sam
Sam sam
 
Access control attacks by Yaakub bin Idris
Access control attacks by Yaakub bin IdrisAccess control attacks by Yaakub bin Idris
Access control attacks by Yaakub bin Idris
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
 
Program Threats
Program ThreatsProgram Threats
Program Threats
 
Security and ethics
Security and ethicsSecurity and ethics
Security and ethics
 
Virus-trojan and salami attacks
Virus-trojan and salami attacksVirus-trojan and salami attacks
Virus-trojan and salami attacks
 
Cyber Attacks
Cyber AttacksCyber Attacks
Cyber Attacks
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
 
Computer Virus
Computer Virus Computer Virus
Computer Virus
 
Cyber Security-Ethical Hacking
Cyber Security-Ethical HackingCyber Security-Ethical Hacking
Cyber Security-Ethical Hacking
 
Hacking Presentation
Hacking PresentationHacking Presentation
Hacking Presentation
 
Learn Hacking With Gflixacademy
Learn Hacking With GflixacademyLearn Hacking With Gflixacademy
Learn Hacking With Gflixacademy
 
Types of malware threats
Types of malware threatsTypes of malware threats
Types of malware threats
 
The trojan horse virus
The trojan horse virusThe trojan horse virus
The trojan horse virus
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
 
Attack lecture #2 ppt
Attack lecture #2 pptAttack lecture #2 ppt
Attack lecture #2 ppt
 
Intruders detection
Intruders detectionIntruders detection
Intruders detection
 
Protection and security of operating system
Protection and security of operating systemProtection and security of operating system
Protection and security of operating system
 
Security R U Totally Secure !
Security R U Totally Secure ! Security R U Totally Secure !
Security R U Totally Secure !
 
Types of Attack in Information and Network Security
Types of Attack in Information and Network SecurityTypes of Attack in Information and Network Security
Types of Attack in Information and Network Security
 

Similar to Security & threats Presentation => (Presenter: Komal Mehfooz)

Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking pptNitesh Dubey
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Webdpd
 
What is a Hacker (part 2): How data is stolen
What is a Hacker (part 2): How data is stolenWhat is a Hacker (part 2): How data is stolen
What is a Hacker (part 2): How data is stolenKlaus Drosch
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskDr. Lasantha Ranwala
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network SecurityDushyant Singh
 
a documentation of final year SRS for AI drons.ppt
a documentation of final year SRS for AI drons.ppta documentation of final year SRS for AI drons.ppt
a documentation of final year SRS for AI drons.pptNebiyuTeferaShite
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 

Similar to Security & threats Presentation => (Presenter: Komal Mehfooz) (20)

Unit 7
Unit 7Unit 7
Unit 7
 
System Security
System SecuritySystem Security
System Security
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
System tThreats
System tThreatsSystem tThreats
System tThreats
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
Tutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the WebTutorial 09 - Security on the Internet and the Web
Tutorial 09 - Security on the Internet and the Web
 
Basics of hacking
Basics of hackingBasics of hacking
Basics of hacking
 
What is a Hacker (part 2): How data is stolen
What is a Hacker (part 2): How data is stolenWhat is a Hacker (part 2): How data is stolen
What is a Hacker (part 2): How data is stolen
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and risk
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
 
Basics of Network Security
Basics of Network SecurityBasics of Network Security
Basics of Network Security
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Hacking
HackingHacking
Hacking
 
a documentation of final year SRS for AI drons.ppt
a documentation of final year SRS for AI drons.ppta documentation of final year SRS for AI drons.ppt
a documentation of final year SRS for AI drons.ppt
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
 
Dhams hacking
Dhams hackingDhams hacking
Dhams hacking
 

Recently uploaded

High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 

Recently uploaded (20)

High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 

Security & threats Presentation => (Presenter: Komal Mehfooz)

  • 1. GROUP MEMBERS Names: Komal Mehfooz Rafia Khalid Hazeema Mateen Iqra Sohail
  • 2.
  • 3.  The state of being free from danger or threat.  The system is designed to provide maximum security against toxic spills. Or another definition is: In the context of computer science, security is the prevention of, or protection against, access to information by unauthorized recipients, and. intentional but unauthorized destruction or alteration of that information.
  • 4.  Security violations (or misuse) of the system can be categorized as intentional (malicious) or accidental.  It is easier to protect against accidental misuse than against malicious misuse. For the most part, protection mechanisms are the core of protection from accidents. Note: In discussion of security , we use the terms intruder and cracker for those attempting to breach security.  A threat is the potential for a security violation, such as the discovery of a vulnerability, whereas an attack is the attempt to break security.
  • 5. Breach of confidentiality: This type of violation involves unauthorized reading of data (or theft of information). Typically, a breach of confidentiality is the goal of an intruder. Capturing secret data from a system or a data stream, such as credit-card information or identity information for identity theft, can result directly in money for the intruder.
  • 6. Breach of integrity: This violation involves unauthorized modification of data. Such attacks can, for example, result in passing of liability to an innocent party or modification of the source code of an important commercial application. Breach of availability: This violation involves unauthorized destruction of data. Some crackers would rather wreak havoc and gain status or bragging rights than gain financially. Web-site defacement is a common example of this type of security breach. Theft of service: This violation involves unauthorized use of resources. For example, an intruder (or intrusion program) may install a daemon on a system that acts as a file server.
  • 7. Denial of service: (DOS) This violation involves preventing legitimate use of the system. Denial-of-service, or DOS , attacks are sometimes accidental. The original Internet worm turned into a DOS attack when a bug failed to delay its rapid spread.  Attackers use several standard methods in their attempts to breach security. The most common is masquerading, in which one participant in a communication pretends to be someone else (another host or another person).  By masquerading, attackers breach authentication, the correctness of identification; they can then gain access that they would not normally be allowed or escalate their privileges—obtain privileges to which they would not normally be entitled. Another common attack is to replay a captured exchange of data.  A replay attack consists of the malicious or fraudulent repeat of a valid data transmission. Sometimes the replay comprises the entire attack—for example, in a repeat of a request to transfer money. But frequently it is done along with message modification, again to escalate privileges.
  • 8.
  • 9. To protect a system, we must take security measures at  Physical: four levels: The site or sites containing the computer systems must be physically secured against armed or surreptitious entry by intruders. Both the machine rooms and the terminals or workstations that have access to the machines must be secured.  Human: Authorization must be done carefully to assure that only appropriate users have access to the system. Even authorized users, however, may be “encouraged” to let others use their access (in exchange for a bribe, for example). They may also be tricked into allowing access via social engineering. One type of social- engineering attack is phishing.
  • 10.  Operating system: The system must protect itself from accidental or purposeful security breaches. A runaway process could constitute an accidental denial-of-service attack. A query to a service could reveal passwords. A stack overflow could allow the launching of an unauthorized process. The list of possible breaches is almost endless.  Network: Much computer data in modern systems travels over private Leased lines, shared lines like the Internet , wireless connections , or dial-up lines. Intercepting these data could be just as harmful as breaking into a Computer ; and interruption of communications could constitute a remote denial-of service attack, diminishing users use of and trust in the system.
  • 11.  In computer security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm.  A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.
  • 12. What is Malware ? Malware is a malicious software. This software include the program that exploit the vulnerabilities in computing system. The purpose of malicious software is harm you or steal the information from you.
  • 13. Types of Threats:  In computing, a Trojan horse is a program which purports to do some benign task, but secretly performs some additional malicious task. A classic example is a password-grabbing login program which prints authentic-looking "username“ and "password" prompts, and waits for a user to type in the information.  When this happens, the password grabber stashes the information away for its creator, then prints out an "invalid password" message before running the real login program. The unsuspecting user thinks they made a typing mistake and reenters the information, none the wiser. TROJAN HORSE
  • 14. Spyware is software which collects information from a computer and transmits it to someone else. The exact information spyware gathers may vary, but can include anything which potentially has value: Different Ways: 1. Usernames and passwords. These might be harvested from files on the machine, or by recording what the user types using a key logger. A key logger differs from a Trojan horse in that a key logger passively captures key strokes only; no active deception is involved. 2. Email addresses, which would have value to a spammer. 3. Bank account and credit card numbers. 4. Software license keys, to facilitate software pirating.
  • 15. The oldest type of malicious software. This program is embedded with some other program. When certain condition meets, the logic bomb will destroy your pc.  It also crash at particular date which is fixed by attacker. It will be included in legitimate or authorized person like this: legitimate code if date is Friday the 13th: crash_computer legitimate code E.g.: if some antivirus trying to delete or clean the logic bomb. The logic bomb will destroy the pc.
  • 16.
  • 17. One special kind of back door is a RAT, which stands for Remote Administration Tool or Remote Access Trojan, depending on who's asked. These programs allow a computer to be monitored and controlled remotely; username = read_username() password = read_password() if tisername i s "133t h4ck0r": return ALLOW^LOGIN if username and password are valid: return ALLOW_LOGIN e l s e: return DENY^LOGIN
  • 18. A virus is malware that, when executed, tries to replicate itself into other executable code; when it succeeds, the code is said to be infected. The infected code, when run, can infect new code in turn. This self-replication into existing executable code is the key defining characteristic of a virus. Types of Viruses: 1. Parasitic virus: Traditional and common virus. This will be attached with EXE files and search for other EXE file to infect them. 2. Memory Resident Virus: Present in your system memory as a system program. From here onwards it will infects all program that executes. 3. Boot Sector Virus: Infects the boot record and spread when the system is booted from the disk containing the virus. 4. Stealth Virus: This virus hides itself from detection of antivirus scanning.
  • 19. A worm shares several characteristics with a Virus.  The most important characteristic is that worms are self-replicating too, but self-replication of a worm is distinct in two ways. First, worms are standalone, and do not rely on other executable code. Second, worms spread from machine to machine across networks.
  • 20.  The stack- or buffer-overflow attack is the most common way for an attacker outside the system, on a network or dial-up connection, to gain unauthorized access to the target system. An authorized user of the system may also use this exploit for privilege escalation.  Essentially, the attack exploits a bug in a program. The bug can be a simple case of poor programming , in which the programmer neglected to code bounds checking on an input field. In this case, the attacker sends more data than the program was expecting. By using trial and error, or by examining the source code of the attacked program if it is available, the attacker determines the vulnerability and writes a program to do the following:
  • 21. Three Steps:  1. Overflow an input field, command-line argument, or input buffer—for example, on a network daemon—until it writes into the stack.  2. Overwrite the current return address on the stack with the address of the exploit code loaded in step 3.  3. Write a simple set of code for the next space in the stack that includes the commands that the attacker wishes to execute—for instance, spawn a shell.
  • 22. Note: that a careful programmer could have performed bounds checking on the sizeof argv[1] by using the strncpy() function rather than strcpy(), replacing the line “ strcpy(buffer, argv[1]); ” with “ strncpy(buffer, argv[1], sizeof(buffer)-1); ”. Unfortunately, good bounds checking is the exception rather than the norm. #include < stdio.h > #define BUFFER SIZE 256 int main(int argc, char *argv[]) { char buffer[BUFFER SIZE]; if (argc < 2) return -1; else { strcpy(buffer,argv[1]); return 0; } } Example: C program with buffer-overflow condition.
  • 23.
  • 24. Code Segment:  A cracker could execute a buffer-overflow attack. Her goal is to replace the return address in the stack frame so that it now points to the code segment containing the attacking program.  The programmer first writes a short code segment such as the following: #include <stdio.h> int main(int argc, char *argv[]) { execvp(‘‘ bin sh’’,‘‘ bin sh’’, NULL); return 0; } Using the execvp() system call, this code segment creates a shell process.