COMPUTER SECURITY

AGENDA What is Computer Security

Key Components Levels Challenges Attacks

Desktop Security Why it is important Virus/Worms/Trojans Tips

Web Security Malwares: spyware, keylogger, rootkits. Wi-Fi security.

What is Computer SecurityKey concepts of

security includes : CIA.

Confidentiality Integrity Availability

Security Requirement

Confidentiality – student grades Integrity – patient information Availability – authentication service Authenticity – admission ticket Non-repudiation – stock sell order

Levels

Low: Minor damage to organizational assets, small financial loss, etc.

Moderate: Significant damage to organization. High: Causing life threatening injuries, organizations

financially crashed.

Challenges Not simple – easy to get it wrong Must consider potential attacks Must decide where to deploy mechanisms Requires regular monitoring : a process, not an

event Too often an after-thought

Note Terms:

ThreatVulnerabilityAttack

Attacks

Active Attacks: Interception, monitoring.

Passive Attacks: Man –in-the-middle, Denial of Service, Modification.

Desktop Security

In-secured compromised system implications Crash Sensitive, important data loss/leakage Financial loss Slow performance Programs/Software do not work as intended Network broadcast Infect other systems

Virus v/s Worm v/s Trojan

Virus: A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels.

Almost all viruses are attached to an executable file, which means the virus may exist on a system but will not be active or able to spread until a user runs or opens the malicious host file or program.

Contd… Worm: Computer worms are similar to viruses in

that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate.

Trojans: It is a harmful piece of software that looks legitimate. Users are typically tricked into loading and executing it on their systems.

Trojans are also known to create back doors to give malicious users access to the system.

Tips Use Linux Anti-virus: Update, Real-time Scan, Full Scan Flash, Acrobat Reader, Java, Real Player, Quick Time needs

to be updated regularly Use Firewall Sandbox: Sandboxie Safe web browser File Sharing Management Network Connection Usage User Account Control

Contd.. Lock screen Avoid working in Administrator login Beware of social engineering tricks used to steal sensitive

information services.msc to know which programs are automatically

started Be cautious regarding removable storage Be cautious while browsing web and checking emails Peer-to-peer sharing like BitTorrent is dangerous Password management System password Boot loader password

Contd..

‘Delete’ does not permanently delete ‘Shift + Delete’ also does not permanently delete ‘format’ is misleading So, shred Sanitize browser of shared computer after use –

Clear History, cache, cookies, reset browser Sanitize your device before selling/giving for repair

Web Security

Malware: short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of executable code, scripts, active content, and other software. 'Malware' is a general term used to refer to a variety of forms of hostile or intrusive software.

Spyware A small piece of software that watch web pages one

visit and report that information May allow people to record the information Install without knowledge or by tricking Often runs even when the program that it rides upon

is not running At the start up Watches web activities and tracks every web site Reports to the spyware website about the web activities

done by us Spyware website creates profile of every individual Website delivers targeted ads to the individual

Contd..

How it hides in the system Install at multiple locations at the hard disk Anti-spyware if detects any such spyware; other

spywares are still alive in the machine Spyware can inject itself in some other

application Silent Spyware vs. destructive program Hiding itself in the windows registry files

Keylogger Often installed in two parts

.exe file Automatically launches as startup

.dll file.exe file launches .dll file and it does most

of the damage Records all keystrokes :

Keystrokes recorded may be sent to the attacker directly or saved in a file and sent at regular intervalsAttacker examines the key strokes and gets necessary information

RootKits

Used by intruder to gain access to someone’s PC without being detected

Made of series of files and tools Can be installed similar to shareware Replace important components of OS with new

software of same size, creation date etc. Installs backdoor daemon, automatic program Many also install keyloggers or sniffers May also send the log of the system

Wi-Fi Security

WAR DRIVERS: Common kind of intruder which looks for unprotected networks which he can break into.

They user software which makes it easy to find unprotected networks. Some use high power antennas in order to find as many networks as they can.

In business networks they target, they look for proprietary business information or be looking to do malicious damage.

When they target a home network, they might look for personal information, such as credit card numbers, or be looking to damage computers.

Wi-Fi Hotspot

Wi-Fi hotspot allows people with laptops , PDAS or other devices

Food restaurants, hotels and airports , free Connected to a network and vulnerable to other

people ex file sharing feature Use of sniffer to capture packets of others

Evil Twins

Evil twin hack, hacker creates a twin of existing hotspot to fool the people. (SSID)

He uses special tool (hotspotter)

Hotspotter will act as an access point to allow the client to authenticate and associate

Security Tips for Wi-Fi

Use Encryption methods (WPA 2) WEP: Wireless Encryption Protocol. WPA: Wi-Fi Protected Access.

Use of Intrusion detection system. (Honeypot) Position network antennas so signal does not reach

outside the building

Thank You