SlideShare une entreprise Scribd logo

Operating Systems: Computer Security

Télécharger en tant que PPTX, PDF
Damian T. Gordon
Damian T. Gordon

Operating Systems: Computer Security

Formation
1  sur  114
Damian Gordon
Operating System Process Manager Memory Manager Network Manager Device Manager File Manager
Operating System Process Manager Memory Manager Network Manager Device Manager Security Manager File Manager
 The operating system uses a number of different ways to protect the system: ◦ Your credentials (e.g. username and password) ◦ Your authorisation (e.g. drwxr-x-r--) ◦ Your location (e.g. inside/outside the LAN) ◦ Your behaviour (e.g. deleting lots of files) ◦ The firewall
 Denial-of-Service (DoS) Attack  Wiretapping  Viruses  Worms  Trojans
 Makes the “victim” computer unavailable to its users. Typically used on computers that act as Web Servers.
 Works by making the “victim” computer perform a task over and over again, thus preventing it from doing other jobs.  For example, if the computer is supposed to take orders from customers, and the first step is for the “victim” computer to identify itself to the customer computer, a DoS attack might keep making the “victim” computer identify itself and therefore unable to do other work.
 A Distributed Denial-of-Service (DDoS) is where the attack source is more than one, often thousands of, unique IP addresses.  It is like to a group of people crowding the entry door to a shop, and not letting legitimate customers enter into the shop or business, disrupting normal operations.
 How does it work?  There are a variety of approaches that can work, we’ll look at a HTTP POST DoS attack.
 How does it work?  There are a variety of approaches that can work, we’ll look at a HTTP POST DoS attack. HTTP POST Attack
 A legitimate HTTP POST header, which includes a 'Content-Length' field to specify the size of the message body to follow. However, the attacker then proceeds to send the actual message body at an extremely slow rate (e.g. 1 byte/110 seconds). HTTP POST Attack
 Due to the entire message being complete, the target server will attempt to obey the 'Content-Length' field in the header, and wait for the entire body of the message to be transmitted, which can take a very long time. HTTP POST Attack
 The attacker establishes hundreds or even thousands of such connections, until all resources for incoming connections on the server (the victim) are used up, hence making any further (including legitimate) connections impossible until all data has been sent. HTTP POST Attack
 Bollywood versus Anonymous
 Bollywood versus Anonymous  Bollywood is the nickname for the Hindi language film industry, based in Mumbai, the capital of Maharashtra in India. Bollywood is also one of the largest centres of film production in the world, and is more formally referred to as Hindi cinema.
 Bollywood versus Anonymous  Anonymous are a loosely associated international network of activist and hacktivist groups. The group became known for a series of well- publicized publicity stunts and Denial-of-Service (DoS) attacks on government, religious, and corporate websites.
 Bollywood versus Anonymous  Anonymous are a loosely associated international network of activist and hacktivist groups. The group became known for a series of well- publicized publicity stunts and Denial-of-Service (DoS) attacks on government, religious, and corporate websites.
 Bollywood versus Anonymous  Bollywood was unhappy with the torrent sites:
 Bollywood versus Anonymous  In 2010, several Bollywood companies hired Aiplex Software to launch DDoS attacks on websites that did not respond to takedown notices.
 Bollywood versus Anonymous  Piracy activists then created Operation Payback in September 2010 in retaliation
 Bollywood versus Anonymous  The original plan was to attack Aiplex Software directly, but upon finding some hours before the planned DDoS that another individual had taken down the firm's website on their own, Operation Payback moved to launching attacks against the websites of copyright stringent organisations Motion Picture Association of America (MPAA) and International Federation of the Phonographic Industry, giving the two websites a combined total downtime of 30 hours.
 Bollywood versus Anonymous  In the following two days, Operation Payback attacked a multitude of sites affiliated with the MPAA, the Recording Industry Association of America (RIAA), and British Phonographic Industry. Law firms such as ACS:Law, Davenport Lyons and Dunlap, Grubb & Weaver (of the US Copyright Group) were also attacked.
 Wiretapping has been around since the 1890s, it’s simply a matter of gaining access to the transmission media and using a device to intercept the signals.
 Wireless wiretapping works in the exact same way, except that there is no need to have physical contact with the transmission media.  This is why we should encrypt wireless transmissions.
 There are two forms of wiretapping: ◦ Passive Wiretapping is where you are recording the data transmitted, but not interfering with it. ◦ Active Wiretapping is where you are recording the data and also modifying it before it is sent onto the receiver.
 The USA PATRIOT Act  Title II: Enhanced Surveillance Procedures USA Patriot Act
 The USA PATRIOT Act  Title II: Enhanced Surveillance Procedures  Section 209 made it easier for authorities to gain access to voicemail as they no longer must apply for a wiretap order, and instead just apply for a normal search warrant.  The FBI can secretly conduct a physical search or wiretap on U.S. citizens to obtain evidence of crime without proving probable cause, as the Fourth Amendment explicitly requires. USA Patriot Act
 The USA PATRIOT Act  On February 9, 2016, the FBI asked Apple Inc. to create a new version of the phone's iOS operating system that could be installed and run in the phone's random access memory to disable certain security features that Apple refers to as "GovtOS“, the FBI had recovered an Apple iPhone 5C owned by the San Bernardino County, California government, that had been issued to its employee, Syed Rizwan Farook, one of the shooters involved in the December 2015 San Bernardino attack. The attack killed 14 people and seriously injured 22. USA Patriot Act What it doesn’t cover
 The USA PATRIOT Act  Apple declined due to its policy to never undermine the security features of its products. The FBI responded by successfully applying to a United States magistrate judge, Sherri Pym, to issue a court order, mandating Apple to create and provide the requested software. The order was not a subpoena, but rather was issued under the All Writs Act of 1789. USA Patriot Act What it doesn’t cover
 The USA PATRIOT Act  On February 16, 2016, Apple chief executive officer Tim Cook released an online statement to Apple customers, explaining the company's motives for opposing the court order. He also stated that while they respect the FBI, the request they made threatens data security by establishing a precedent that the U.S. government could use to force any technology company to create software that could undermine the security of its products. USA Patriot Act What it doesn’t cover
 The USA PATRIOT Act  On March 28, 2016, the FBI said it had unlocked the iPhone with the third party's help, and an anonymous official said that the hack's applications were limited; the Department of Justice vacated the case. USA Patriot Act What it doesn’t cover
 For more detail:  In September 2015, Apple released a white paper detailing the security measures in its iOS 9 operating system.  The iPhone 5C model can be protected by a four- digit PIN code. After more than ten incorrect attempts to unlock the phone with the wrong PIN, the contents of the phone will erase the AES encryption key that protects its stored data.  https://www.apple.com/business/docs/iOS_Secu rity_Guide.pdf USA Patriot Act What it doesn’t cover
 A Computer Virus is a program that alters the way a computer works without permission of the user. It is typically self-executing and self-replicating.
 A Virus is typically written for a specific operating system, so a virus that works on Windows usually won’t work on Linux.  Virus writers exploit vulnerabilities in a specific operating systems.
 Most vulnerable operating systems and applications in 2014 
 Boot Sector Virus  File Infector Virus  Macro Virus  Multipartite Virus  Polymorphic Virus
 Boot Sector Virus: Infects the boot sector. There are two types of boot sector viruses: ◦ Master Boot Record (MBR): A MBR can contain code that locates and invokes its volume record. ◦ Volume Boot Record (VBR): A VBR can contain code that loads and invokes the operating system.
 File Infector Virus: Perhaps the most common type of virus, the file infector takes root in a host file. This type of virus may end up deleting the file that was originally infected, or it may rewrite it or replace it with something else.  Usually infects .COM and .EXE files.
 Macro Virus: This is a virus that can be hidden in data files, like Word documents and Spreadsheets.  Disable macros on files that you don’t trust.
 Multipartite Virus: A virus of this type may spread in multiple ways, and it may take different actions on an infected computer depending on variables, such as the operating system installed or the existence of certain files.  Can infect boot sector and files.
 Polymorphic Virus: A polymorphic Virus can mutate over time or after every contaminated file and changes the code that is used to deliver the payload.
 The Natas Virus Natas Virus
 The Natas Virus  Natas is a memory-resident stealth virus which is highly polymorphic, that affects master boot records, boot sectors of diskettes, files .COM and also .exe programs. Natas Virus
 The Natas Virus  Natas (Satan spelled backwards) is a computer virus written by James Gentile, a then 18-year-old hacker from San Diego, California who went by the alias of "Little Loc" and later "Priest".  The virus was made for a Mexican politician who wanted to win the Mexican elections by affecting all the Mexican Federal Electoral Institute (IFE) computers with a floppy disk. Natas Virus
 The Natas Virus  The virus first appeared in Mexico City in May 1992, spread by a consultant using infected floppy disks. The virus became widespread in Mexico and the southwest United States.  The virus also made its way to the other side of the USA, infecting computers at the United States Secret Service knocking their network offline for approximately three days. Natas Virus
 The Natas Virus  When a file infected with Natas is executed, it becomes memory resident, taking up 5,664 bytes in memory and infects the master boot record and COMMAND.COM. The virus infects files when they are executed, opened or copied, appending its 4,746 bytes to .COM, .EXE and .OVL files. Natas Virus
 A computer worm is program that replicates itself in order to spread to other computers (often using a computer network). Unlike a computer virus, it does not need to attach itself to an existing program
 Worms usually slow down processor time, and take up memory space, they also typically take up network bandwidth.  Some worms that have been created are designed only to spread, and do not attempt to change the systems they pass through. However, as the Morris worm and Mydoom showed, even these worms can cause major disruption by increasing network traffic.
 Since the start of computer networks there have been attempts to create useful worms, for example, the Nachi family of worms tried to download and install patches from Microsoft's website to fix vulnerabilities in the host system—by exploiting those same vulnerabilities.
 In practice, although this may have made these systems more secure, it generated considerable network traffic, rebooted the machine in the course of patching it, and did its work without the consent of the computer's owner.  Several worms, like XSS worms, have been written to research how worms spread. For example, the effects of changes in social activity or user behaviour.
 The ILOVEYOU Worm “I love you” worm
 The ILOVEYOU Worm  ILOVEYOU, sometimes referred to as Love Letter, was a computer worm that attacked tens of millions of Windows personal computers on and after May 4th, 2000.  it started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs“ “I love you” worm
 The ILOVEYOU Worm  The worm did damage on the local machine, overwriting random types of files (including Office files, image files, and audio files; however after overwriting MP3 files the virus would hide the file), and sent a copy of itself to all addresses in the Windows Address Book used by Microsoft Outlook. “I love you” worm
 The ILOVEYOU Worm  The worm originated in the Philippines, thereafter across the world, moving first to Hong Kong, then to Europe, and finally the United States, as employees began their workday that Friday morning. The outbreak was later estimated to have caused US $5.5- 8.7 billion in damages worldwide, and estimated to cost the US $15 billion to remove the worm. “I love you” worm
 A Trojan is a malicious program that misrepresents itself to appear useful, routine, or interesting in order to persuade a victim to install it.
 Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an e-mail attachment disguised to be unsuspicious, (e.g., a routine form to be filled in), or by downloading.  Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.
 Types of things Trojans do: ◦ Destructive Behaviour ◦ Use of Resources, or Identity ◦ Money, Theft, or Ransom ◦ Data Theft ◦ Spying, Surveillance, or Stalking
 Destructive Behaviour ◦ Crashing the computer or device. ◦ Modification or deletion of files. ◦ Data corruption. ◦ Formatting disks, destroying all contents. ◦ Spread malware across the network. ◦ Spy on user activities and access sensitive information.
 Use of Resources, or Identity ◦ Use of the machine as part of a botnet (e.g. to perform automated spamming) ◦ Using computer resources for mining cryptocurrencies ◦ Using the infected computer as proxy for illegal activities and/or attacks on other computers. ◦ Infecting other connected devices on the network.
 Money, Theft, or Ransom ◦ Electronic money theft ◦ Installing ransomware such as CryptoLocker
 Data Theft ◦ Data theft, including for industrial espionage ◦ User passwords or payment card information ◦ User personally identifiable information ◦ Trade secrets
 Spying, Surveillance, or Stalking ◦ Keystroke logging ◦ Watching the user's screen ◦ Viewing the user's webcam ◦ Controlling the computer system remotely
 The Gh0st RAT Trojan Gh0st RAT Trojan
 The Gh0st RAT Trojan  Gh0st RAT is a Trojan horse for the Windows platform that was used to hack into some of the most sensitive computer networks on Earth. It is a cyber spying computer program. The "Rat" part of the name refers to the software's ability to operate as a "Remote Administration Tool". Gh0st RAT Trojan
 The Gh0st RAT Trojan  It can: ◦ Take full control of the remote screen. ◦ Provide real time as well as offline keystroke logging. ◦ Provide live feed of webcam, and microphone. ◦ Download remote binaries on the infected remote host. ◦ Take control of remote shutdown and reboot of host. ◦ Disable infected computer remote keyboard input. ◦ Enter into shell of remote infected host with full control. ◦ Provide a list of all the active processes. Gh0st RAT Trojan
 The Gh0st RAT Trojan  Gh0st Rat was originally made by the C.Rufus Security Team in 2005. Just as with other well-featured “off-the-shelf” trojans like Poison Ivy, Hupigon and DarkComet it has been used by all sorts of people – from script kiddies to resourceful targeted attack actors. Gh0st RAT Trojan
 The Gh0st RAT Trojan  In less than two years (2007-2009) Gh0st Rat infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centres in India, Brussels, London and New York. Gh0st RAT Trojan
 An unintentional attack is any breach of security that was not as a result of a planned intrusion.  For example, if two processes are updating the same record and it results in an incomplete modification of the record, that is an unintentional attack.
 The Year 2000 problem (aka the Millennium bug, or the Y2K bug) was caused by programmers who reduced the four-digit year to two digits.  This made the year 2000 indistinguishable from 1900.
 Unintentional Denial-of-Service  When Michael Jackson died in 2009, websites such as Google and Twitter slowed down or even crashed. Many sites' servers thought the requests were from a virus or spyware trying to cause a denial-of-service attack, warning users that their queries looked like "automated requests from a computer virus or spyware application".
 System protection is multifaceted, four protection methods include: ◦ Antivirus Software ◦ Firewalls ◦ Patch Management ◦ Authentication
 Antivirus Software is used to protect systems from attack by malicious software.
 The software can be preventative, diagnostic, or a combination of both.  As new viruses are identified security vendors and government agencies provide information and updates about them.
 Antivirus software is usually capable of repairing files infected by a virus, but it generally cannot repair the damage done by worms, Trojans, and blended approaches.  This is since viruses usually add code to an existing file, whereas worms, Trojans, and blended approaches usually fully replace files.
 Examples of Antivirus software include: ◦ Bitdefender Antivirus Plus ◦ Kaspersky Anti-Virus ◦ Webroot SecureAnywhere AntiVirus ◦ Emsisoft Anti-Malware ◦ F-Secure Anti-Virus 2015 ◦ Malwarebytes Anti-Exploit ◦ McAfee AntiVirus Plus ◦ Panda Antivirus Pro ◦ Trend Micro Antivirus+ Security ◦ VoodooSoft VoodooShield
 A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules.
 Network firewalls can be software programs running on general purpose hardware, or hardware-based firewall computer appliances, that filter traffic between two or more networks.  Firewall appliances may also offer other functionality to the internal network they protect such as acting as a DHCP or VPN server for that network.
 Network firewalls can be software programs running on general purpose hardware, or hardware-based firewall computer appliances, that filter traffic between two or more networks.  Firewall appliances may also offer other functionality to the internal network they protect such as acting as a DHCP or VPN server for that network.
 Firewalls typically: ◦ Log activities that access the internet ◦ Maintain access control based on the senders’ and receivers’ IP addresses ◦ Maintain access control based on the services being requested ◦ Hide the internal network from unauthorized users ◦ Verify that virus protection is installed and running ◦ Perform authentication based on the source of a request from the Internet
 Firewalls use a combination of packet filtering and proxy servers. ◦ Packet Filtering means that the firewall reviews all of the header information of each packet coming into the computer and going out to make sure there is noting suspicious present. ◦ Proxy Servers sit in between the local computer and network, and intercept all requests to the local computer from the network, and verify them before passing them onto the local computer.
 Examples of Firewalls include: ◦ Bullguard ◦ ZoneAlarm ◦ McAfee ◦ Norton ◦ AVG Anti-virus ◦ Bitdefender ◦ Avira ◦ Kaspersky Lab
 A patch is a piece of software that can be applied to an operating system (or any other software) to correct an issue with that software.
 Most operating systems will have several patches after their initial release and usually update the version of the program when successfully installed.  Software patches can be found through the software developer's website, or are automatically downloaded after each system restart.
 A security patch is a change applied to an operating system to correct a discovered vulnerability.  This corrective action will prevent successful exploitation and remove or mitigate a threat’s capability to exploit a specific vulnerability in that operating system.
 Security patches are the primary method of fixing security vulnerabilities in operating systems.  Currently Microsoft releases its security patches once a month, and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches as soon after a vulnerability announcement as possible.
 Authentication is verification that an individual trying to access the system is authorised to do so.
 Let’s consider passwords, they should be: ◦ Easy to remember ◦ Hard to guess ◦ Changed often ◦ Never written down ◦ Never part of an automated login  Passwords are stored on the system in an encrypted format, so when you type in your password, it is encrypted using the same algorithm, and the two encryptions are compared to verify.
 Top 25 US Passwords in 2016  1. 123456 (Unchanged)  2. password (Unchanged)  3. 12345678 (Up 1)  4. qwerty (Up 1)  5. 12345 (Down 2)  6. 123456789 (Unchanged)  7. football (Up 3)  8. 1234 (Down 1)
 Top 25 US Passwords in 2016  9. 1234567 (Up 2)  10. baseball (Down 2)  11. welcome (New)  12. 1234567890 (New)  13. abc123 (Up 1)  14. 111111 (Up 1)  15. 1qaz2wsx (New)  16. dragon (Down 7)
 Top 25 US Passwords in 2016  17. master (Up 2)  18. monkey (Down 6)  19. letmein (Down 6)  20. login (New)  21. princess (New)  22. qwertyuiop (New)  23. solo (New)  24. passw0rd (New)  25. starwars (New)
 The longer the password, the better. ◦ A password of eight (8) letters, just using lowercase letters has 268 (208,827,064,576) possible combinations. ◦ A password of ten (10) letters, just using lowercase letters has 2610 (141,167,100,000,000) possible combinations. ◦ A password of eight (8) letters, using all letters and numbers has 958 (6,634,204,300,000,000) possible combinations. ◦ A password of ten (10) letters, using all letters and numbers has 9510 (59,873,694,000,000,000,000) possible combinations.
 Where are the passwords stored? ◦ On Windows:  c:windowssystem32configSAM ◦ On Linux  /etc/shadow ◦ On Unix and (some) Apple  /etc/passwd
 Salting  Some operating systems (not Windows) make the passwords even harder to guess by adding in a few extra random bits into the encrypted password. So even if two people have the same password, they will be stored differently.
 Alternatives to passwords: ◦ CAPTCHAs ◦ reCAPTCHAs ◦ Smart Cards ◦ Biometrics
 CAPTCHAs  CAPTCHA ("Completely Automated Public Turing test to tell Computers and Humans Apart") is a type of challenge-response test.  The term was coined in 2003 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford.  This form of CAPTCHA requires that the user type the letters of a distorted image, sometimes with the addition of an obscured sequence of letters or digits that appears on the screen
 reCAPTCHAs  The reCAPTCHA service supplies subscribing websites with images of words that are hard to read for optical character recognition (OCR) software.  The text is obscured with horizontal lines and warped.
 Image reCAPTCHAs  In 2014, reCAPTCHA implemented another system in which users are asked to select one or more images from a selection of nine images.
 Smart Cards  A smart card, chip card, or integrated circuit card (ICC) is any pocket-sized card that has embedded integrated circuits.  Smart cards can be either contact or contactless smart card. Smart cards can provide personal identification, authentication, data storage, and application processing.  Smart cards may provide strong security authentication for single sign-on (SSO) within large organizations.
 Biometrics  Biometrics authentication (or realistic authentication) is used as a form of identification and access control.  Examples include, but are not limited to fingerprint, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odour/scent.  Behavioral characteristics are related to the pattern of behavior of a person, including but not limited to typing rhythm, gait, and voice.
Damian Gordon
Operating System Process Manager Memory Manager Network Manager Device Manager Security Manager File Manager
 The operating system uses a number of different ways to protect the system: ◦ Your credentials (e.g. username and password) ◦ Your authorisation (e.g. drwxr-x-r--) ◦ Your location (e.g. inside/outside the LAN) ◦ Your behaviour (e.g. deleting lots of files) ◦ The firewall
 Intentional Attacks ◦ Denial-of-Service (DoS) Attack ◦ Wiretapping ◦ Viruses ◦ Worms ◦ Trojans  Unintentional Attacks ◦ Parallel writes ◦ Unintentional Denial-of-Service (DoS)
 System protection is multifaceted, four protection methods include: ◦ Antivirus Software ◦ Firewalls ◦ Patch Management ◦ Authentication  CAPTCHAs  reCAPTCHAs  Smart Cards  Biometrics

Recommandé

Types of Cyber Attacks
Types of Cyber AttacksTypes of Cyber Attacks
Types of Cyber AttacksRubal Sagwal
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M SecurityYu-Hsin Hung
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Network Intelligence India
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
penetration testing
penetration testingpenetration testing
penetration testingShitesh Sachan
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 

Recommandé

Types of Cyber Attacks
Types of Cyber AttacksTypes of Cyber Attacks
Types of Cyber AttacksRubal Sagwal
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
IoT/M2M Security
IoT/M2M SecurityIoT/M2M Security
IoT/M2M SecurityYu-Hsin Hung
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Network Intelligence India
 
Social Engineering new.pptx
Social Engineering new.pptxSocial Engineering new.pptx
Social Engineering new.pptxSanthosh Prabhu
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
penetration testing
penetration testingpenetration testing
penetration testingShitesh Sachan
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
Dos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle AttackDos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle Attackmarada0033
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Enterprise Management Associates
 
Malware analysis
Malware analysisMalware analysis
Malware analysisAnne ndolo
 
Information security
Information securityInformation security
Information securityAlaaMahmoud108
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...itnewsafrica
 
Critical infrastructure Protection and Cyber Attack Modeling
Critical infrastructure Protection and Cyber Attack ModelingCritical infrastructure Protection and Cyber Attack Modeling
Critical infrastructure Protection and Cyber Attack ModelingBlaz Ivanc
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...BCM Institute
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS AttacksJignesh Patel
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
Application Security
Application SecurityApplication Security
Application SecurityReggie Niccolo Santos
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Operating Systems: Virtual Memory
Operating Systems: Virtual MemoryOperating Systems: Virtual Memory
Operating Systems: Virtual MemoryDamian T. Gordon
 
Operating Systems: Network Management
Operating Systems: Network ManagementOperating Systems: Network Management
Operating Systems: Network ManagementDamian T. Gordon
 

Contenu connexe

Tendances

Dos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle AttackDos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle Attackmarada0033
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Enterprise Management Associates
 
Malware analysis
Malware analysisMalware analysis
Malware analysisAnne ndolo
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...itnewsafrica
 
Critical infrastructure Protection and Cyber Attack Modeling
Critical infrastructure Protection and Cyber Attack ModelingCritical infrastructure Protection and Cyber Attack Modeling
Critical infrastructure Protection and Cyber Attack ModelingBlaz Ivanc
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...BCM Institute
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in DepthDilum Bandara
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 

Tendances (20)

Dos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle AttackDos & Ddos Attack. Man in The Middle Attack
Dos & Ddos Attack. Man in The Middle Attack
 
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)Identifying Effective Endpoint Detection and Response Platforms (EDRP)
Identifying Effective Endpoint Detection and Response Platforms (EDRP)
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Information security
Information securityInformation security
Information security
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...
Dr Nishal Khusial: Cyber Security- Common Threats, Attacks, Awareness and Bes...
 
Critical infrastructure Protection and Cyber Attack Modeling
Critical infrastructure Protection and Cyber Attack ModelingCritical infrastructure Protection and Cyber Attack Modeling
Critical infrastructure Protection and Cyber Attack Modeling
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
Cyber Resilience – Strengthening Cybersecurity Posture & Preparedness by Phil...
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Network security - Defense in Depth
Network security - Defense in DepthNetwork security - Defense in Depth
Network security - Defense in Depth
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoT
 
Application Security
Application SecurityApplication Security
Application Security
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 

En vedette

Operating Systems: Virtual Memory
Operating Systems: Virtual MemoryOperating Systems: Virtual Memory
Operating Systems: Virtual MemoryDamian T. Gordon
 
Operating Systems: Network Management
Operating Systems: Network ManagementOperating Systems: Network Management
Operating Systems: Network ManagementDamian T. Gordon
 
Operating Systems: File Management
Operating Systems: File ManagementOperating Systems: File Management
Operating Systems: File ManagementDamian T. Gordon
 
Operating Systems: Memory Management
Operating Systems: Memory ManagementOperating Systems: Memory Management
Operating Systems: Memory ManagementDamian T. Gordon
 
James Bond and the OSI Model
James Bond and the OSI ModelJames Bond and the OSI Model
James Bond and the OSI ModelDamian T. Gordon
 
Operating Systems: A History of MacOS
Operating Systems: A History of MacOSOperating Systems: A History of MacOS
Operating Systems: A History of MacOSDamian T. Gordon
 
Operating Systems: Processor Management
Operating Systems: Processor ManagementOperating Systems: Processor Management
Operating Systems: Processor ManagementDamian T. Gordon
 
Operating Systems: Data Structures
Operating Systems: Data StructuresOperating Systems: Data Structures
Operating Systems: Data StructuresDamian T. Gordon
 
Operating Systems: History of Windows
Operating Systems: History of WindowsOperating Systems: History of Windows
Operating Systems: History of WindowsDamian T. Gordon
 
Operating Systems: Process Scheduling
Operating Systems: Process SchedulingOperating Systems: Process Scheduling
Operating Systems: Process SchedulingDamian T. Gordon
 
Operating Systems: The Little-Man Computer
Operating Systems: The Little-Man ComputerOperating Systems: The Little-Man Computer
Operating Systems: The Little-Man ComputerDamian T. Gordon
 
Operating Systems: What happen in 2016?
Operating Systems: What happen in 2016?Operating Systems: What happen in 2016?
Operating Systems: What happen in 2016?Damian T. Gordon
 
Operating Systems 1: Introduction
Operating Systems 1: IntroductionOperating Systems 1: Introduction
Operating Systems 1: IntroductionDamian T. Gordon
 
Operating Systems 1: Syllabus
Operating Systems 1: SyllabusOperating Systems 1: Syllabus
Operating Systems 1: SyllabusDamian T. Gordon
 
Operating Systems: Device Management
Operating Systems: Device ManagementOperating Systems: Device Management
Operating Systems: Device ManagementDamian T. Gordon
 
Operating Systems: A History of Linux
Operating Systems: A History of LinuxOperating Systems: A History of Linux
Operating Systems: A History of LinuxDamian T. Gordon
 
Operating Systems: What happen in 2015?
Operating Systems: What happen in 2015?Operating Systems: What happen in 2015?
Operating Systems: What happen in 2015?Damian T. Gordon
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
Operating Systems: Linux in Detail
Operating Systems: Linux in DetailOperating Systems: Linux in Detail
Operating Systems: Linux in DetailDamian T. Gordon
 

En vedette (20)

Operating Systems: Virtual Memory
Operating Systems: Virtual MemoryOperating Systems: Virtual Memory
Operating Systems: Virtual Memory
 
Operating Systems: Network Management
Operating Systems: Network ManagementOperating Systems: Network Management
Operating Systems: Network Management
 
Simple Data Compression
Simple Data CompressionSimple Data Compression
Simple Data Compression
 
Operating Systems: File Management
Operating Systems: File ManagementOperating Systems: File Management
Operating Systems: File Management
 
Operating Systems: Memory Management
Operating Systems: Memory ManagementOperating Systems: Memory Management
Operating Systems: Memory Management
 
James Bond and the OSI Model
James Bond and the OSI ModelJames Bond and the OSI Model
James Bond and the OSI Model
 
Operating Systems: A History of MacOS
Operating Systems: A History of MacOSOperating Systems: A History of MacOS
Operating Systems: A History of MacOS
 
Operating Systems: Processor Management
Operating Systems: Processor ManagementOperating Systems: Processor Management
Operating Systems: Processor Management
 
Operating Systems: Data Structures
Operating Systems: Data StructuresOperating Systems: Data Structures
Operating Systems: Data Structures
 
Operating Systems: History of Windows
Operating Systems: History of WindowsOperating Systems: History of Windows
Operating Systems: History of Windows
 
Operating Systems: Process Scheduling
Operating Systems: Process SchedulingOperating Systems: Process Scheduling
Operating Systems: Process Scheduling
 
Operating Systems: The Little-Man Computer
Operating Systems: The Little-Man ComputerOperating Systems: The Little-Man Computer
Operating Systems: The Little-Man Computer
 
Operating Systems: What happen in 2016?
Operating Systems: What happen in 2016?Operating Systems: What happen in 2016?
Operating Systems: What happen in 2016?
 
Operating Systems 1: Introduction
Operating Systems 1: IntroductionOperating Systems 1: Introduction
Operating Systems 1: Introduction
 
Operating Systems 1: Syllabus
Operating Systems 1: SyllabusOperating Systems 1: Syllabus
Operating Systems 1: Syllabus
 
Operating Systems: Device Management
Operating Systems: Device ManagementOperating Systems: Device Management
Operating Systems: Device Management
 
Operating Systems: A History of Linux
Operating Systems: A History of LinuxOperating Systems: A History of Linux
Operating Systems: A History of Linux
 
Operating Systems: What happen in 2015?
Operating Systems: What happen in 2015?Operating Systems: What happen in 2015?
Operating Systems: What happen in 2015?
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
 
Operating Systems: Linux in Detail
Operating Systems: Linux in DetailOperating Systems: Linux in Detail
Operating Systems: Linux in Detail
 

Similaire à Operating Systems: Computer Security

Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Qazi Anwar
 
Information-Security-Lecture-6.pptx
Information-Security-Lecture-6.pptxInformation-Security-Lecture-6.pptx
Information-Security-Lecture-6.pptxanbersattar
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Securitydkp205
 
Types of Malware.docx
Types of Malware.docxTypes of Malware.docx
Types of Malware.docxSarahReese14
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network securityBev Robb
 
Cybercrime presentation
Cybercrime presentationCybercrime presentation
Cybercrime presentationRajat Jain
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeMangesh wadibhasme
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?Tyler Shields
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comBusiness.com
 

Similaire à Operating Systems: Computer Security (20)

Hamza
HamzaHamza
Hamza
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
 
Information-Security-Lecture-6.pptx
Information-Security-Lecture-6.pptxInformation-Security-Lecture-6.pptx
Information-Security-Lecture-6.pptx
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
Trojan horseofbyod2
Trojan horseofbyod2Trojan horseofbyod2
Trojan horseofbyod2
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013
 
News Bytes - May 2015
News Bytes - May 2015News Bytes - May 2015
News Bytes - May 2015
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Security
 
Types of Malware.docx
Types of Malware.docxTypes of Malware.docx
Types of Malware.docx
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure"
 
It’s time to boost VoIP network security
It’s time to boost VoIP network securityIt’s time to boost VoIP network security
It’s time to boost VoIP network security
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cybercrime presentation
Cybercrime presentationCybercrime presentation
Cybercrime presentation
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
 
Computer and network security
Computer and network securityComputer and network security
Computer and network security
 
Spyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasmeSpyware presentation by mangesh wadibhasme
Spyware presentation by mangesh wadibhasme
 
Botnet
BotnetBotnet
Botnet
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?
 
A Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.comA Guide to Internet Security For Businesses- Business.com
A Guide to Internet Security For Businesses- Business.com
 

Plus de Damian T. Gordon

Universal Design for Learning, Co-Designing with Students.
Universal Design for Learning, Co-Designing with Students.Universal Design for Learning, Co-Designing with Students.
Universal Design for Learning, Co-Designing with Students.Damian T. Gordon
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesDamian T. Gordon
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud ComputingDamian T. Gordon
 
Evaluating Teaching: SECTIONS
Evaluating Teaching: SECTIONSEvaluating Teaching: SECTIONS
Evaluating Teaching: SECTIONSDamian T. Gordon
 
Evaluating Teaching: MERLOT
Evaluating Teaching: MERLOTEvaluating Teaching: MERLOT
Evaluating Teaching: MERLOTDamian T. Gordon
 
Evaluating Teaching: Anstey and Watson Rubric
Evaluating Teaching: Anstey and Watson RubricEvaluating Teaching: Anstey and Watson Rubric
Evaluating Teaching: Anstey and Watson RubricDamian T. Gordon
 
Designing Teaching: Pause Procedure
Designing Teaching: Pause ProcedureDesigning Teaching: Pause Procedure
Designing Teaching: Pause ProcedureDamian T. Gordon
 
Designing Teaching: ASSURE
Designing Teaching: ASSUREDesigning Teaching: ASSURE
Designing Teaching: ASSUREDamian T. Gordon
 
Designing Teaching: Laurilliard's Learning Types
Designing Teaching: Laurilliard's Learning TypesDesigning Teaching: Laurilliard's Learning Types
Designing Teaching: Laurilliard's Learning TypesDamian T. Gordon
 
Designing Teaching: Gagne's Nine Events of Instruction
Designing Teaching: Gagne's Nine Events of InstructionDesigning Teaching: Gagne's Nine Events of Instruction
Designing Teaching: Gagne's Nine Events of InstructionDamian T. Gordon
 
Designing Teaching: Elaboration Theory
Designing Teaching: Elaboration TheoryDesigning Teaching: Elaboration Theory
Designing Teaching: Elaboration TheoryDamian T. Gordon
 
Universally Designed Learning Spaces: Some Considerations
Universally Designed Learning Spaces: Some ConsiderationsUniversally Designed Learning Spaces: Some Considerations
Universally Designed Learning Spaces: Some ConsiderationsDamian T. Gordon
 

Plus de Damian T. Gordon (20)

Universal Design for Learning, Co-Designing with Students.
Universal Design for Learning, Co-Designing with Students.Universal Design for Learning, Co-Designing with Students.
Universal Design for Learning, Co-Designing with Students.
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
REST and RESTful Services
REST and RESTful ServicesREST and RESTful Services
REST and RESTful Services
 
Serverless Computing
Serverless ComputingServerless Computing
Serverless Computing
 
Cloud Identity Management
Cloud Identity ManagementCloud Identity Management
Cloud Identity Management
 
Containers and Docker
Containers and DockerContainers and Docker
Containers and Docker
 
Introduction to Cloud Computing
Introduction to Cloud ComputingIntroduction to Cloud Computing
Introduction to Cloud Computing
 
Introduction to ChatGPT
Introduction to ChatGPTIntroduction to ChatGPT
Introduction to ChatGPT
 
How to Argue Logically
How to Argue LogicallyHow to Argue Logically
How to Argue Logically
 
Evaluating Teaching: SECTIONS
Evaluating Teaching: SECTIONSEvaluating Teaching: SECTIONS
Evaluating Teaching: SECTIONS
 
Evaluating Teaching: MERLOT
Evaluating Teaching: MERLOTEvaluating Teaching: MERLOT
Evaluating Teaching: MERLOT
 
Evaluating Teaching: Anstey and Watson Rubric
Evaluating Teaching: Anstey and Watson RubricEvaluating Teaching: Anstey and Watson Rubric
Evaluating Teaching: Anstey and Watson Rubric
 
Evaluating Teaching: LORI
Evaluating Teaching: LORIEvaluating Teaching: LORI
Evaluating Teaching: LORI
 
Designing Teaching: Pause Procedure
Designing Teaching: Pause ProcedureDesigning Teaching: Pause Procedure
Designing Teaching: Pause Procedure
 
Designing Teaching: ADDIE
Designing Teaching: ADDIEDesigning Teaching: ADDIE
Designing Teaching: ADDIE
 
Designing Teaching: ASSURE
Designing Teaching: ASSUREDesigning Teaching: ASSURE
Designing Teaching: ASSURE
 
Designing Teaching: Laurilliard's Learning Types
Designing Teaching: Laurilliard's Learning TypesDesigning Teaching: Laurilliard's Learning Types
Designing Teaching: Laurilliard's Learning Types
 
Designing Teaching: Gagne's Nine Events of Instruction
Designing Teaching: Gagne's Nine Events of InstructionDesigning Teaching: Gagne's Nine Events of Instruction
Designing Teaching: Gagne's Nine Events of Instruction
 
Designing Teaching: Elaboration Theory
Designing Teaching: Elaboration TheoryDesigning Teaching: Elaboration Theory
Designing Teaching: Elaboration Theory
 
Universally Designed Learning Spaces: Some Considerations
Universally Designed Learning Spaces: Some ConsiderationsUniversally Designed Learning Spaces: Some Considerations
Universally Designed Learning Spaces: Some Considerations
 

Dernier

ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptshraddhaparab530
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 

Dernier (20)

ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
Integumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.pptIntegumentary System SMP B. Pharm Sem I.ppt
Integumentary System SMP B. Pharm Sem I.ppt
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 

Operating Systems: Computer Security

  • 4.  The operating system uses a number of different ways to protect the system: ◦ Your credentials (e.g. username and password) ◦ Your authorisation (e.g. drwxr-x-r--) ◦ Your location (e.g. inside/outside the LAN) ◦ Your behaviour (e.g. deleting lots of files) ◦ The firewall
  • 5.
  • 6.  Denial-of-Service (DoS) Attack  Wiretapping  Viruses  Worms  Trojans
  • 7.
  • 8.  Makes the “victim” computer unavailable to its users. Typically used on computers that act as Web Servers.
  • 9.  Works by making the “victim” computer perform a task over and over again, thus preventing it from doing other jobs.  For example, if the computer is supposed to take orders from customers, and the first step is for the “victim” computer to identify itself to the customer computer, a DoS attack might keep making the “victim” computer identify itself and therefore unable to do other work.
  • 10.  A Distributed Denial-of-Service (DDoS) is where the attack source is more than one, often thousands of, unique IP addresses.  It is like to a group of people crowding the entry door to a shop, and not letting legitimate customers enter into the shop or business, disrupting normal operations.
  • 11.  How does it work?  There are a variety of approaches that can work, we’ll look at a HTTP POST DoS attack.
  • 12.  How does it work?  There are a variety of approaches that can work, we’ll look at a HTTP POST DoS attack. HTTP POST Attack
  • 13.  A legitimate HTTP POST header, which includes a 'Content-Length' field to specify the size of the message body to follow. However, the attacker then proceeds to send the actual message body at an extremely slow rate (e.g. 1 byte/110 seconds). HTTP POST Attack
  • 14.  Due to the entire message being complete, the target server will attempt to obey the 'Content-Length' field in the header, and wait for the entire body of the message to be transmitted, which can take a very long time. HTTP POST Attack
  • 15.  The attacker establishes hundreds or even thousands of such connections, until all resources for incoming connections on the server (the victim) are used up, hence making any further (including legitimate) connections impossible until all data has been sent. HTTP POST Attack
  • 16.  Bollywood versus Anonymous
  • 17.  Bollywood versus Anonymous  Bollywood is the nickname for the Hindi language film industry, based in Mumbai, the capital of Maharashtra in India. Bollywood is also one of the largest centres of film production in the world, and is more formally referred to as Hindi cinema.
  • 18.  Bollywood versus Anonymous  Anonymous are a loosely associated international network of activist and hacktivist groups. The group became known for a series of well- publicized publicity stunts and Denial-of-Service (DoS) attacks on government, religious, and corporate websites.
  • 19.  Bollywood versus Anonymous  Anonymous are a loosely associated international network of activist and hacktivist groups. The group became known for a series of well- publicized publicity stunts and Denial-of-Service (DoS) attacks on government, religious, and corporate websites.
  • 20.  Bollywood versus Anonymous  Bollywood was unhappy with the torrent sites:
  • 21.  Bollywood versus Anonymous  In 2010, several Bollywood companies hired Aiplex Software to launch DDoS attacks on websites that did not respond to takedown notices.
  • 22.  Bollywood versus Anonymous  Piracy activists then created Operation Payback in September 2010 in retaliation
  • 23.
  • 24.  Bollywood versus Anonymous  The original plan was to attack Aiplex Software directly, but upon finding some hours before the planned DDoS that another individual had taken down the firm's website on their own, Operation Payback moved to launching attacks against the websites of copyright stringent organisations Motion Picture Association of America (MPAA) and International Federation of the Phonographic Industry, giving the two websites a combined total downtime of 30 hours.
  • 25.  Bollywood versus Anonymous  In the following two days, Operation Payback attacked a multitude of sites affiliated with the MPAA, the Recording Industry Association of America (RIAA), and British Phonographic Industry. Law firms such as ACS:Law, Davenport Lyons and Dunlap, Grubb & Weaver (of the US Copyright Group) were also attacked.
  • 26.
  • 27.  Wiretapping has been around since the 1890s, it’s simply a matter of gaining access to the transmission media and using a device to intercept the signals.
  • 28.  Wireless wiretapping works in the exact same way, except that there is no need to have physical contact with the transmission media.  This is why we should encrypt wireless transmissions.
  • 29.
  • 30.  There are two forms of wiretapping: ◦ Passive Wiretapping is where you are recording the data transmitted, but not interfering with it. ◦ Active Wiretapping is where you are recording the data and also modifying it before it is sent onto the receiver.
  • 31.  The USA PATRIOT Act  Title II: Enhanced Surveillance Procedures USA Patriot Act
  • 32.  The USA PATRIOT Act  Title II: Enhanced Surveillance Procedures  Section 209 made it easier for authorities to gain access to voicemail as they no longer must apply for a wiretap order, and instead just apply for a normal search warrant.  The FBI can secretly conduct a physical search or wiretap on U.S. citizens to obtain evidence of crime without proving probable cause, as the Fourth Amendment explicitly requires. USA Patriot Act
  • 33.  The USA PATRIOT Act  On February 9, 2016, the FBI asked Apple Inc. to create a new version of the phone's iOS operating system that could be installed and run in the phone's random access memory to disable certain security features that Apple refers to as "GovtOS“, the FBI had recovered an Apple iPhone 5C owned by the San Bernardino County, California government, that had been issued to its employee, Syed Rizwan Farook, one of the shooters involved in the December 2015 San Bernardino attack. The attack killed 14 people and seriously injured 22. USA Patriot Act What it doesn’t cover
  • 34.  The USA PATRIOT Act  Apple declined due to its policy to never undermine the security features of its products. The FBI responded by successfully applying to a United States magistrate judge, Sherri Pym, to issue a court order, mandating Apple to create and provide the requested software. The order was not a subpoena, but rather was issued under the All Writs Act of 1789. USA Patriot Act What it doesn’t cover
  • 35.  The USA PATRIOT Act  On February 16, 2016, Apple chief executive officer Tim Cook released an online statement to Apple customers, explaining the company's motives for opposing the court order. He also stated that while they respect the FBI, the request they made threatens data security by establishing a precedent that the U.S. government could use to force any technology company to create software that could undermine the security of its products. USA Patriot Act What it doesn’t cover
  • 36.  The USA PATRIOT Act  On March 28, 2016, the FBI said it had unlocked the iPhone with the third party's help, and an anonymous official said that the hack's applications were limited; the Department of Justice vacated the case. USA Patriot Act What it doesn’t cover
  • 37.  For more detail:  In September 2015, Apple released a white paper detailing the security measures in its iOS 9 operating system.  The iPhone 5C model can be protected by a four- digit PIN code. After more than ten incorrect attempts to unlock the phone with the wrong PIN, the contents of the phone will erase the AES encryption key that protects its stored data.  https://www.apple.com/business/docs/iOS_Secu rity_Guide.pdf USA Patriot Act What it doesn’t cover
  • 38.
  • 39.  A Computer Virus is a program that alters the way a computer works without permission of the user. It is typically self-executing and self-replicating.
  • 40.  A Virus is typically written for a specific operating system, so a virus that works on Windows usually won’t work on Linux.  Virus writers exploit vulnerabilities in a specific operating systems.
  • 41.  Most vulnerable operating systems and applications in 2014 
  • 42.  Boot Sector Virus  File Infector Virus  Macro Virus  Multipartite Virus  Polymorphic Virus
  • 43.  Boot Sector Virus: Infects the boot sector. There are two types of boot sector viruses: ◦ Master Boot Record (MBR): A MBR can contain code that locates and invokes its volume record. ◦ Volume Boot Record (VBR): A VBR can contain code that loads and invokes the operating system.
  • 44.  File Infector Virus: Perhaps the most common type of virus, the file infector takes root in a host file. This type of virus may end up deleting the file that was originally infected, or it may rewrite it or replace it with something else.  Usually infects .COM and .EXE files.
  • 45.  Macro Virus: This is a virus that can be hidden in data files, like Word documents and Spreadsheets.  Disable macros on files that you don’t trust.
  • 46.  Multipartite Virus: A virus of this type may spread in multiple ways, and it may take different actions on an infected computer depending on variables, such as the operating system installed or the existence of certain files.  Can infect boot sector and files.
  • 47.  Polymorphic Virus: A polymorphic Virus can mutate over time or after every contaminated file and changes the code that is used to deliver the payload.
  • 48.  The Natas Virus Natas Virus
  • 49.  The Natas Virus  Natas is a memory-resident stealth virus which is highly polymorphic, that affects master boot records, boot sectors of diskettes, files .COM and also .exe programs. Natas Virus
  • 50.  The Natas Virus  Natas (Satan spelled backwards) is a computer virus written by James Gentile, a then 18-year-old hacker from San Diego, California who went by the alias of "Little Loc" and later "Priest".  The virus was made for a Mexican politician who wanted to win the Mexican elections by affecting all the Mexican Federal Electoral Institute (IFE) computers with a floppy disk. Natas Virus
  • 51.  The Natas Virus  The virus first appeared in Mexico City in May 1992, spread by a consultant using infected floppy disks. The virus became widespread in Mexico and the southwest United States.  The virus also made its way to the other side of the USA, infecting computers at the United States Secret Service knocking their network offline for approximately three days. Natas Virus
  • 52.  The Natas Virus  When a file infected with Natas is executed, it becomes memory resident, taking up 5,664 bytes in memory and infects the master boot record and COMMAND.COM. The virus infects files when they are executed, opened or copied, appending its 4,746 bytes to .COM, .EXE and .OVL files. Natas Virus
  • 53.
  • 54.  A computer worm is program that replicates itself in order to spread to other computers (often using a computer network). Unlike a computer virus, it does not need to attach itself to an existing program
  • 55.  Worms usually slow down processor time, and take up memory space, they also typically take up network bandwidth.  Some worms that have been created are designed only to spread, and do not attempt to change the systems they pass through. However, as the Morris worm and Mydoom showed, even these worms can cause major disruption by increasing network traffic.
  • 56.  Since the start of computer networks there have been attempts to create useful worms, for example, the Nachi family of worms tried to download and install patches from Microsoft's website to fix vulnerabilities in the host system—by exploiting those same vulnerabilities.
  • 57.  In practice, although this may have made these systems more secure, it generated considerable network traffic, rebooted the machine in the course of patching it, and did its work without the consent of the computer's owner.  Several worms, like XSS worms, have been written to research how worms spread. For example, the effects of changes in social activity or user behaviour.
  • 58.  The ILOVEYOU Worm “I love you” worm
  • 59.  The ILOVEYOU Worm  ILOVEYOU, sometimes referred to as Love Letter, was a computer worm that attacked tens of millions of Windows personal computers on and after May 4th, 2000.  it started spreading as an email message with the subject line "ILOVEYOU" and the attachment "LOVE-LETTER-FOR-YOU.txt.vbs“ “I love you” worm
  • 60.  The ILOVEYOU Worm  The worm did damage on the local machine, overwriting random types of files (including Office files, image files, and audio files; however after overwriting MP3 files the virus would hide the file), and sent a copy of itself to all addresses in the Windows Address Book used by Microsoft Outlook. “I love you” worm
  • 61.  The ILOVEYOU Worm  The worm originated in the Philippines, thereafter across the world, moving first to Hong Kong, then to Europe, and finally the United States, as employees began their workday that Friday morning. The outbreak was later estimated to have caused US $5.5- 8.7 billion in damages worldwide, and estimated to cost the US $15 billion to remove the worm. “I love you” worm
  • 62.
  • 63.  A Trojan is a malicious program that misrepresents itself to appear useful, routine, or interesting in order to persuade a victim to install it.
  • 64.  Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an e-mail attachment disguised to be unsuspicious, (e.g., a routine form to be filled in), or by downloading.  Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.
  • 65.  Types of things Trojans do: ◦ Destructive Behaviour ◦ Use of Resources, or Identity ◦ Money, Theft, or Ransom ◦ Data Theft ◦ Spying, Surveillance, or Stalking
  • 66.  Destructive Behaviour ◦ Crashing the computer or device. ◦ Modification or deletion of files. ◦ Data corruption. ◦ Formatting disks, destroying all contents. ◦ Spread malware across the network. ◦ Spy on user activities and access sensitive information.
  • 67.  Use of Resources, or Identity ◦ Use of the machine as part of a botnet (e.g. to perform automated spamming) ◦ Using computer resources for mining cryptocurrencies ◦ Using the infected computer as proxy for illegal activities and/or attacks on other computers. ◦ Infecting other connected devices on the network.
  • 68.  Money, Theft, or Ransom ◦ Electronic money theft ◦ Installing ransomware such as CryptoLocker
  • 69.  Data Theft ◦ Data theft, including for industrial espionage ◦ User passwords or payment card information ◦ User personally identifiable information ◦ Trade secrets
  • 70.  Spying, Surveillance, or Stalking ◦ Keystroke logging ◦ Watching the user's screen ◦ Viewing the user's webcam ◦ Controlling the computer system remotely
  • 71.  The Gh0st RAT Trojan Gh0st RAT Trojan
  • 72.  The Gh0st RAT Trojan  Gh0st RAT is a Trojan horse for the Windows platform that was used to hack into some of the most sensitive computer networks on Earth. It is a cyber spying computer program. The "Rat" part of the name refers to the software's ability to operate as a "Remote Administration Tool". Gh0st RAT Trojan
  • 73.  The Gh0st RAT Trojan  It can: ◦ Take full control of the remote screen. ◦ Provide real time as well as offline keystroke logging. ◦ Provide live feed of webcam, and microphone. ◦ Download remote binaries on the infected remote host. ◦ Take control of remote shutdown and reboot of host. ◦ Disable infected computer remote keyboard input. ◦ Enter into shell of remote infected host with full control. ◦ Provide a list of all the active processes. Gh0st RAT Trojan
  • 74.  The Gh0st RAT Trojan  Gh0st Rat was originally made by the C.Rufus Security Team in 2005. Just as with other well-featured “off-the-shelf” trojans like Poison Ivy, Hupigon and DarkComet it has been used by all sorts of people – from script kiddies to resourceful targeted attack actors. Gh0st RAT Trojan
  • 75.  The Gh0st RAT Trojan  In less than two years (2007-2009) Gh0st Rat infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centres in India, Brussels, London and New York. Gh0st RAT Trojan
  • 76.
  • 77.  An unintentional attack is any breach of security that was not as a result of a planned intrusion.  For example, if two processes are updating the same record and it results in an incomplete modification of the record, that is an unintentional attack.
  • 78.  The Year 2000 problem (aka the Millennium bug, or the Y2K bug) was caused by programmers who reduced the four-digit year to two digits.  This made the year 2000 indistinguishable from 1900.
  • 79.  Unintentional Denial-of-Service  When Michael Jackson died in 2009, websites such as Google and Twitter slowed down or even crashed. Many sites' servers thought the requests were from a virus or spyware trying to cause a denial-of-service attack, warning users that their queries looked like "automated requests from a computer virus or spyware application".
  • 80.
  • 81.  System protection is multifaceted, four protection methods include: ◦ Antivirus Software ◦ Firewalls ◦ Patch Management ◦ Authentication
  • 82.  Antivirus Software is used to protect systems from attack by malicious software.
  • 83.  The software can be preventative, diagnostic, or a combination of both.  As new viruses are identified security vendors and government agencies provide information and updates about them.
  • 84.  Antivirus software is usually capable of repairing files infected by a virus, but it generally cannot repair the damage done by worms, Trojans, and blended approaches.  This is since viruses usually add code to an existing file, whereas worms, Trojans, and blended approaches usually fully replace files.
  • 85.  Examples of Antivirus software include: ◦ Bitdefender Antivirus Plus ◦ Kaspersky Anti-Virus ◦ Webroot SecureAnywhere AntiVirus ◦ Emsisoft Anti-Malware ◦ F-Secure Anti-Virus 2015 ◦ Malwarebytes Anti-Exploit ◦ McAfee AntiVirus Plus ◦ Panda Antivirus Pro ◦ Trend Micro Antivirus+ Security ◦ VoodooSoft VoodooShield
  • 86.  A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules.
  • 87.  Network firewalls can be software programs running on general purpose hardware, or hardware-based firewall computer appliances, that filter traffic between two or more networks.  Firewall appliances may also offer other functionality to the internal network they protect such as acting as a DHCP or VPN server for that network.
  • 88.  Network firewalls can be software programs running on general purpose hardware, or hardware-based firewall computer appliances, that filter traffic between two or more networks.  Firewall appliances may also offer other functionality to the internal network they protect such as acting as a DHCP or VPN server for that network.
  • 89.  Firewalls typically: ◦ Log activities that access the internet ◦ Maintain access control based on the senders’ and receivers’ IP addresses ◦ Maintain access control based on the services being requested ◦ Hide the internal network from unauthorized users ◦ Verify that virus protection is installed and running ◦ Perform authentication based on the source of a request from the Internet
  • 90.  Firewalls use a combination of packet filtering and proxy servers. ◦ Packet Filtering means that the firewall reviews all of the header information of each packet coming into the computer and going out to make sure there is noting suspicious present. ◦ Proxy Servers sit in between the local computer and network, and intercept all requests to the local computer from the network, and verify them before passing them onto the local computer.
  • 91.  Examples of Firewalls include: ◦ Bullguard ◦ ZoneAlarm ◦ McAfee ◦ Norton ◦ AVG Anti-virus ◦ Bitdefender ◦ Avira ◦ Kaspersky Lab
  • 92.  A patch is a piece of software that can be applied to an operating system (or any other software) to correct an issue with that software.
  • 93.  Most operating systems will have several patches after their initial release and usually update the version of the program when successfully installed.  Software patches can be found through the software developer's website, or are automatically downloaded after each system restart.
  • 94.  A security patch is a change applied to an operating system to correct a discovered vulnerability.  This corrective action will prevent successful exploitation and remove or mitigate a threat’s capability to exploit a specific vulnerability in that operating system.
  • 95.  Security patches are the primary method of fixing security vulnerabilities in operating systems.  Currently Microsoft releases its security patches once a month, and other operating systems and software projects have security teams dedicated to releasing the most reliable software patches as soon after a vulnerability announcement as possible.
  • 96.  Authentication is verification that an individual trying to access the system is authorised to do so.
  • 97.  Let’s consider passwords, they should be: ◦ Easy to remember ◦ Hard to guess ◦ Changed often ◦ Never written down ◦ Never part of an automated login  Passwords are stored on the system in an encrypted format, so when you type in your password, it is encrypted using the same algorithm, and the two encryptions are compared to verify.
  • 98.  Top 25 US Passwords in 2016  1. 123456 (Unchanged)  2. password (Unchanged)  3. 12345678 (Up 1)  4. qwerty (Up 1)  5. 12345 (Down 2)  6. 123456789 (Unchanged)  7. football (Up 3)  8. 1234 (Down 1)
  • 99.  Top 25 US Passwords in 2016  9. 1234567 (Up 2)  10. baseball (Down 2)  11. welcome (New)  12. 1234567890 (New)  13. abc123 (Up 1)  14. 111111 (Up 1)  15. 1qaz2wsx (New)  16. dragon (Down 7)
  • 100.  Top 25 US Passwords in 2016  17. master (Up 2)  18. monkey (Down 6)  19. letmein (Down 6)  20. login (New)  21. princess (New)  22. qwertyuiop (New)  23. solo (New)  24. passw0rd (New)  25. starwars (New)
  • 101.  The longer the password, the better. ◦ A password of eight (8) letters, just using lowercase letters has 268 (208,827,064,576) possible combinations. ◦ A password of ten (10) letters, just using lowercase letters has 2610 (141,167,100,000,000) possible combinations. ◦ A password of eight (8) letters, using all letters and numbers has 958 (6,634,204,300,000,000) possible combinations. ◦ A password of ten (10) letters, using all letters and numbers has 9510 (59,873,694,000,000,000,000) possible combinations.
  • 102.  Where are the passwords stored? ◦ On Windows:  c:windowssystem32configSAM ◦ On Linux  /etc/shadow ◦ On Unix and (some) Apple  /etc/passwd
  • 103.  Salting  Some operating systems (not Windows) make the passwords even harder to guess by adding in a few extra random bits into the encrypted password. So even if two people have the same password, they will be stored differently.
  • 104.  Alternatives to passwords: ◦ CAPTCHAs ◦ reCAPTCHAs ◦ Smart Cards ◦ Biometrics
  • 105.  CAPTCHAs  CAPTCHA ("Completely Automated Public Turing test to tell Computers and Humans Apart") is a type of challenge-response test.  The term was coined in 2003 by Luis von Ahn, Manuel Blum, Nicholas J. Hopper, and John Langford.  This form of CAPTCHA requires that the user type the letters of a distorted image, sometimes with the addition of an obscured sequence of letters or digits that appears on the screen
  • 106.  reCAPTCHAs  The reCAPTCHA service supplies subscribing websites with images of words that are hard to read for optical character recognition (OCR) software.  The text is obscured with horizontal lines and warped.
  • 107.  Image reCAPTCHAs  In 2014, reCAPTCHA implemented another system in which users are asked to select one or more images from a selection of nine images.
  • 108.  Smart Cards  A smart card, chip card, or integrated circuit card (ICC) is any pocket-sized card that has embedded integrated circuits.  Smart cards can be either contact or contactless smart card. Smart cards can provide personal identification, authentication, data storage, and application processing.  Smart cards may provide strong security authentication for single sign-on (SSO) within large organizations.
  • 109.  Biometrics  Biometrics authentication (or realistic authentication) is used as a form of identification and access control.  Examples include, but are not limited to fingerprint, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odour/scent.  Behavioral characteristics are related to the pattern of behavior of a person, including but not limited to typing rhythm, gait, and voice.
  • 112.  The operating system uses a number of different ways to protect the system: ◦ Your credentials (e.g. username and password) ◦ Your authorisation (e.g. drwxr-x-r--) ◦ Your location (e.g. inside/outside the LAN) ◦ Your behaviour (e.g. deleting lots of files) ◦ The firewall
  • 113.  Intentional Attacks ◦ Denial-of-Service (DoS) Attack ◦ Wiretapping ◦ Viruses ◦ Worms ◦ Trojans  Unintentional Attacks ◦ Parallel writes ◦ Unintentional Denial-of-Service (DoS)
  • 114.  System protection is multifaceted, four protection methods include: ◦ Antivirus Software ◦ Firewalls ◦ Patch Management ◦ Authentication  CAPTCHAs  reCAPTCHAs  Smart Cards  Biometrics