15
Information Security and Privacy Presented by:- Joy Chakraborty, Roll: 11BM91S01, Ph.D Scholar, 2011, VGSOM, IIT- Kharagpur 1

Information security and privacy

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: Information security and privacy

1

Information Security and Privacy

Presented by:-

Joy Chakraborty,

Roll: 11BM91S01,

Ph.D Scholar, 2011, VGSOM, IIT-Kharagpur

Page 2: Information security and privacy

2

What is a Computer Virus?• Any program that has the ability to reproduce and attach itself to other

programs is referred to as a computer virus.

• A virus can be designed to do various kinds of damage. It can perform a variety of functions ranging from annoying (e.g., popping up messages as a

joke) to dangerous (e.g., deleting files or destroying your hard disk).

• To qualify as a virus, a program must be able to replicate (make copies of) itself. This can mean copying itself to different places on the same computer or looking for ways to reach other computers, such as by infecting disks or traveling across networks.

• Computer viruses, unlike biological viruses, don’t spring up out of nowhere—they’re created by people.

Page 3: Information security and privacy

3

How Computer viruses work?

Page 4: Information security and privacy

4

Few Popular Types of Viruses• File Infector Viruses - The most “traditional” form of computer virus is the file infector virus, which hides

within the code of another program. Before the advent of the Internet, file infector viruses accounted for probably 85% of all virus infections.

• Boot Sector Viruses - Boot sector viruses reside in the part of the disk that is read into memory and executed when your computer first boots up. Once loaded, the virus can then infect any other disk used by the computer; a disk-based boot sector virus can also infect a PC’s hard disk.

• Trojan Horses - Trojan horses are becoming more common, primarily through the spread of Internet-based e-mail. These e-mail Trojans spread as innocent-looking attachments to e-mail messages; when you click to open the attachment, you launch the virus.

• Chat and Instant Messaging Viruses - Most chat and IM programs let you send files across to other users; and many users are also accustomed to accepting any files sent to them when they’re chatting leading to transfer of viruses.

• E-mail viruses – E-mail viruses can be transmitted via email messages sent across private networks or the Internet. According to Kaspersky Lab, the research arm of the company that produces Kaspersky Anti-Virus software, e-mail viruses accounted for 90% of all virus attacks in 2001.

• Worms – A worm is a program whose purpose is to duplicate itself. Worms replicate themselves very quickly; a network infected with a worm can be brought to its knees within a matter of hours

Page 5: Information security and privacy

5

Life-cycle of a computer virus

Page 6: Information security and privacy

6

What can a virus do?• Copy themselves to other programs or areas of a disk.

• Replicate as rapidly and frequently as possible, filling up the infected system’s disks and memory, rendering the system useless.

• Display information on the screen.

• Modify, corrupt, or destroy selected files.

• Erase the contents of entire disks.

• Lie dormant for a specified time or until a given condition is met, and then becomes active.

• Open a “back door” to the infected system that allows someone else to access and even take control of the system through a network or Internet connection.

Page 7: Information security and privacy

7

How one can pick up a virus?• Receiving an infected file attached to an e-mail message, or a virus hidden

within the message itself.

• Viruses can even be spread through online chat rooms and instant messenger programs.

• Downloading an infected file to your computer across a network, an online service, or the Internet.

• Receiving an infected disk (a diskette, a CD created by someone with a CD-R drive, a high-capacity floppy disk and so on) from another user.

• Copying to a disk a document file that is infected. An infected document might be copied from another disk or received as an attachment to an e-mail message.

Page 8: Information security and privacy

8

Common virus infection symptoms

• Programs quit working or freeze up.

• Documents become inaccessible.

• Computer freezes up or won’t start properly.

• The CAPS LOCK key quits working—or works intermittently.

• Files increase in size.

• Frequent error messages appear onscreen.

• Strange messages or pictures appear onscreen.

• PC emits strange sounds.

• Friends and colleagues inform you that they’ve received strange e-mails from you, that you don’t remember sending.

Page 9: Information security and privacy

9

Prevention against Viruses

• Restrict your file downloading to known or secure sources

• Don’t open any e-mail attachments you weren’t expecting

• Use an up-to-date anti-virus program or service

• Create backup copies of all your important data

• Enable virus protection in all your applications

• Usage of Firewalls

Page 10: Information security and privacy

10

Usage of Firewalls

• A firewall is a barrier to keep destructive forces away from your property, if one has been using the Internet for any length of time, and especially if one works at a larger company and browse the Web while he is at work

• Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.

• Firewalls have helped protect computers in large companies for years. Now, they're a critical component of home networks, as well.

Page 11: Information security and privacy

11

Data Security issues in USA• Computer security in USA has received attention in recent years by reports of

striking computer viruses and dramatic computer crimes that involve large sums of money.

• The FBI uniform crime statistics do not separate computer from other sorts of crime.

• Most of the incidents that are detected is not publicized because of shame, or because of fear of damage to the organization’s or its management’s reputation, or because of an agreement not to prosecute if the criminal goes away.

• US Dollar estimates of computer crime losses are only vague estimates and range from $ 300 million to $ 500 billion per year. [Most of the expenses come from the time and effort required to locate and remove viruses, restore systems, rebuild lost or corrupted data, and ensure against future attacks.]

• Protection against computer crimes is made difficult due to the multiplicity of targets and points of penetration.

Page 12: Information security and privacy

12

Categories of Security Breaches• Computer crime cases that involve software security breaches can be classified into 4

categories: Interruption Interception Modification Fabrication

• In an Interruption, an asset (hardware, software, or data) of the Computer-Based Information System (CBIS) becomes unavailable, unusable or lost.

• An Interception occurs when an unauthorized party has gained access to an asset.

• Modification represents the security breach when an unauthorized party not only accesses but tampers with an asset.

• Fabrication refers to introduction of counterfeit objects into a CBIS.

Page 13: Information security and privacy

13

The Privacy Act of 1974• The Privacy Act of 1974 (Dec.31, 1974) states :

No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains.

• The Privacy Act mandates that each US Govt. agency have in place an administrative and physical security system to prevent the unauthorized release of personal records.

• Federal agencies are subject to damages if an individual’s rights are violated.

• There are specific exceptions allowing the use of personal records:

1. For statistical purposes by the Census Bureau and the Bureau of Labor Statistics2. For routine uses within a U.S. government agency3. For law enforcement purposes4. For congressional investigations5. Other administrative purposes

Page 14: Information security and privacy

14

References:-• “Appendix C – Computer Viruses”, Introduction to Computers by Peter

Norton, sixth edition, McGraw Hill companies.

• “Social and Ethical Issues in Information Systems”, (Chapter-19), Principles of Information Systems – A Managerial Approach, by Ralph M. Stair, Boyd and Fraser Publishing company.

• Computer Security Institute (CSI), http://www.gocsi.com

• IBM Anti-virus Research, http://www.research.ibm.com/antivirus

• “How Firewalls work”, http://www.howstuffworks.com/firewall.htm

• Wikipedia sources