Basic practices for information & computer security

INFORMATION & COMPUTER SECURITY

Basic Practices for

1

CONTENTS

• What is a Threat and a Vulnerability

• Types of Threats

• What is Social Engineering

• Types of Social Engineering

• Information & Computer safety practices

• Quick Tips

• Q&A

2

VULNERABILITY

• “A vulnerability is a flaw or weakness in the system”

• It is loophole in the system’s design, implementation, operation and management

that can be exploited or misused to violet system’s security policy.

3

THREATS

• Threat is a possible danger that might exploit a vulnerability to breach security and

thus cause possible harm.

• Threat can be intentional or accidental.

• An intentional threat can be caused by some criminal organization or community of

unethical hackers.

• An accidental threat can be caused by occurrence of natural disasters such as

earthquakes, fire, tornado.

4

TYPES OF THREATS

• VIRUS

• WORM

• TROJANS

• SPYWARE

• ADWARE

• SPAM/SPIT/SPIM

• SYSTEM ATTACKS

5

• Virus is piece of software that can infect a computer without the permission or

knowledge of the user.

• A typical virus is sent as an attachment which may be hidden.

• It is transmitted over internet or network or through sharing of external portable

devices, removable media such as USB sticks and CDs.

• Worm a self replicating, malicious software program. It uses network to send

copies of itself to other computers on the network.

• Trojan/Trojan horse is nothing but an illegitimate program inside legitimate

program. It creates a secret way for hackers to enter in to your system by installing

backdoor programs.

6

• Spyware is software that is secretly installed on a computer without the user’s

consent. It monitors user activity or interferes with user control over a personal

computer.

• Adware is software which automatically plays, displays, or downloads

advertisements to a computer.

• The adware runs either after a software program has been installed on a computer

or while the application is being used.

• In some cases, adware is accepted by users in exchange for using software free-of-

charge.

• Not all adware types are dangerous. However, some types of adware are also

spyware and therefore a threat to privacy.

7

• SPAM is electronic junk email. The amount of spam has now reached 90 billion

messages a day. Email addresses are collected from chat rooms, websites,

newsgroups and by Trojans which harvest users’ address books.

• Don’t click on SPAM mails, directly delete them.

• SPIM is spam sent via instant messaging systems such as Yahoo! Messenger, MSN

Messenger and ICQ.

• SPIT is Spam over Internet Telephony. These are unwanted, automatically-

dialled, pre-recorded phone calls using Voice over Internet Protocol (VoIP).

• SYSTEM ATTACKS includes various types of attacks intended to destroy, steal or

misuse information over internet or networks.

• Various types includes BOTNET, DOS, DDos attacks, Flooding attacks, Buffer

attacks, TCP-IP attacks etc…

8

SOCIAL ENGINEERING

• “Social Engineering” is a psychological manipulation of people in order to gather

confidential information.

• This is a purposeful act carried out either to misuse someone’s personal information

to cause fraud or gain system access.

9

TYPES OF SOCIAL ENGINEERING

EAVESDROPPING

• “Eavesdropping is a secretly listening to a private conversation of others without

their consent.”

• This is commonly unethical practice.

10


SHOULDER SURFING

• “Shoulder surfing refers to using direct observation techniques such as looking over

someone’s shoulder to get information.”

• It is commonly used to obtain passwords, PINs, security codes and similar types of

data.

11


PHISHING

• Phishing (pronounced “fishing”) is a common form of bluffing in which a fake web

page is produced that looks just like a legitimate web page.

• The fake page is on a server under the control of the attacks.

• Below is the example of phishing.

12


SPOOFING

• “Spoofing is another type of bluffing where some person or program masquerades as

another.”

• Caller-Id spoofing, email id spoofing, IP address spoofing are commonly happening

spoofing incidences in real world.

13


PHARMING

• “Pharming is advance type of social engineering where without conscious of the

innocent user the data is stolen.”

• In this type, the authenticated website’s traffic is diverted to some compromised

website by hacker.

• pharming.gif

14

pharming.gif

INFORMATION & COMPUTER SAFETY PRACTICES

15

PASSWORD PROTECTION

• Always secure your desktop with passwords.

• Employ strong password policies.

• Password should be alphanumeric and it should be more than 8 characters.

• Password should not include your personal information.

• Avoid saving your passwords and sensitive information such as credit card numbers,

policy numbers, bank account information on your computer or mobile.

16

HIDE CONFIDENTIAL FILES ON DISK

• You can secure your confidential files on desktop by hiding files on your computer.

• To hide files on your windows desktop:

• Control Panel Folder Options View Don’t show hidden files.

• To unhide file on your windows desktop:

• Control Panel Folder Options View show hidden files.

17

TURN ON SYSTEM FIREWALL• A Firewall is software or hardware that checks information coming from the

Internet or a network.

• It either blocks or allows that information to pass through to your computer

depending upon your firewall settings.

• Active firewall helps to prevent hackers from gaining access to your computer

through network or internet.

• To turn on firewall:

• Control Panel Windows Firewall Click on Turn windows firewall on/off

18

INSTALL SAFETY SOFTWARE PROGRAMS

• Secure browsing tools:

Ccleaner, AntiVirus Programs, Nessus

• Data safety Tools:

Folder Locker, True Crypt, SafeHouse Explorer, BitLocker

19

DATA BACKUP

• ‘Backup’ refers to the copying and archiving of computer data so it may be used

to restore the original after a data loss event.

• Our data may include important and confidential files such as files from the

workplace, presentations, work materials etc…

• As there are innumerable possibilities of data getting lost, taking a regular backup

of your data is the safety practices for the computer users.

• Take a backup in external portable devices and protect it with passwords.

20

QUICK TIPS

• Avoid sharing personal details such as email-Id, passwords, Bank account

information on telephone.

• Use Recognized Instant Messengers (IM). Don’t use just any.

• Don’t click on SPAM mails, directly delete them.

• Regularly scan computer and external portable devices for viruses.

• Turn off the file sharing when your are working in the network.

• Always check a website name in the browser before entering your private

information.

• Always sign-out from your account when you are working in the internet café.

• Protect your computer and its hard-disk with password.

• Always seek guidance from expert incase of doubt.21

THANK YOU

For any queries please contact me on below id:

[email protected]

Prajkta G Nagapurkar

+91-8690130987

22

mailto:[email protected]