Upload
karan-bhandari
View
430
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
System security and tools
Subtopics covered :1. System Vulnerability and Abuse2. Techs. And Tools for Protecting Info
Resources
Group members are:3. Karan Bhandari(39)4. Gurshawn Singh(35)
5. Nishad Prabhu(3)
As we all know, Technology has
tremendously affected us and our way
of living.
Daily Mail is now Best as E-mail,
Newspapers are on Large screens,
Communication is highly globalized
and storage is within the size range of
our fingers.
But, All this does come with its
drawbacks… Viruses ! Trojans !
Introduction
A set of things working together as parts of a mechanism or
an interconnecting network.
Due to storage of electronic data, Access points are Endless
The potential for unauthorized access, abuse or fraud is high
Why Systems are Vulnerable ?
To gain access a user must be authorized and authenticated – established by using passwords
Passwords have their disadvantages
New technologies like tokens, smart cards, and biometric authentication
Access control
Malicious software: Viruses, Worms, Trojan Horses and Spyware
Malicious software programs are referred to as
malware and include a variety of threats such
as computer viruses, worms and trojan horses.
COMPUTER VIRUS: a rogue software
program. viruses usually deliver a payload.
WORMS: are independent computer programs
TROJAN HORSE: appears to be benign but then does something other than expected.
SPYWARE: install themselves on computer to monitor user activities
KEYLOGGERS: record every keystroke made on a computer.
Hackers and Computer Crime
A HACKER is an individual who intends to gain
unauthorized access to a computer system.
Hacker vs. cracker
hacker activities include theft, damage and cyber
vandalism.
Spoofing and Sniffing
Hackers attempting to hide their true identities often
spoof, or misrepresent themselves
This is known as SPOOFING.
A SNIFFER is a type of eavesdropping program that
monitors information travelling over a network.
Denial of Service Attacks
In a DoS attack, hackers flood a network server or web
server with many thousands of false communications or
requests for services to crash the network
A Distributed denial-of-service (DDoS) attack uses
numerous computers from different launch points to
inundate and overwhelm the network.
Computer Crime
Computer crime is defined by the U.S.
Department of Justice as “any violations of
criminal law that involve a knowledge of
computer technology for their perpetrations,
invesigation or prosecution.
Identity Theft
Identity Theft is a crime in which an imposter
obtains key pieces of personal information.
Popular tactic is a form of spoofing called PHISHING.
EVIL TWINS and PHARMING are harder to detect.
Click Fraud & Global Threat
CLICK FRAUD: occurs when an individual or
computer program fraudulently clicks on an online
ad without any intention of learning more about the
advertiser or making a purchase.
GLOBAL THREAT: Involves Cyber terrorism and
cyber warfare.
Internet Threats: Employees
Malicious intruders seeking system access
sometimes trick employees into revealing
their passwords and other information.
This practice is called SOCIAL
ENGINEERING.
Software Vulnerability
Software poses a constant threat to information
systems, causing untold losses in productivity.
There may be presence of hidden Bugs or Program
Code Defects.
Zero defects cannot be achieved in larger programs
Technologies and tools for protecting information
resources
• Securing systems
• Ensuring system availability
• Ensuring software quality
Firewalls
Combination of hardware and software that controls traffic
Acts as a gatekeeper
There are a no. of firewall screening technologies like
-Static packet filtering
-Stateful inspection
-Network address translation(NAT)
-Application proxy filtering
Intrusion detection systems
Placed at the hotspots
Generates a alarm if it finds a suspicious or
anomalous event
Looks for known methods of computer attacks
Detects removal or modification of files
Examines events as they are happening
Anti-Virus and Anti-spyware
Checks for presence of viruses
Most softwares are effective only against
known viruses
Available widely
Encryption
Transforming plain text or data into cipher , using an
encryption key
Two methods to encrypt network traffic
- Secure socket layer
- Secure hypertext transfer protocol
Two alternate methods to encrypt
-Symmetric key encryption
-Public key encryption
Ensuring system availability
Ensuring system and application availability is a
must for companies eg. Airline service
Fault tolerant systems use special software to
detect harware failures and automatically switch to
backup
Should not be confused with high availability
computing