SlideShare une entreprise Scribd logo

Lecture 2.pptx

Télécharger en tant que PPTX, PDF
M
MuhammadRehan856177

Computer Networks and implications with IT infrastructure

Business
1  sur  15
Lecture 2 Components of IT Infrastructure Author: Muhammad Rehan
Objective • Revision of basic security terms, threat, threat agent, vulnerability, Risk etc. • Virtual Operating System and Environment, installation • Computer network, Network components, • Protocols, IP Address. Transport Layer, Network Layer • Organizational Infrastructure and loopholes Understanding of common cyber security threats and risks
Security Terms Authentication: The process of identifying a user’s identity, making sure that they can have access to the system and/or files. This can be accomplished either by a password, retina scan, or fingerprint scan, sometimes even a combination of the above. Botnet: A combination of the words “robot” and “network”, a botnet is a network of computers that have been infected with a virus, and now are working continuously in order to create security breaches. Data Breach: The result of a hacker successfully breaking into a system, gaining control of its network and exposing its data. DDoS: The acronym stands for Distributed Denial of Service and is a favorite Black Hat tool. Using multiple hosts and users, hackers bombard a website with a tidal wave of requests to such an extent that it locks up the system and forces it to temporarily shut down. Domain: A series of computers and associated peripherals (routers, printers, scanners), that are all connected as one entity. Encryption: Coding used to protect your information from hackers. Think of it like the code cipher used to send a top-secret coded spy message. Exploit: A means of attack on a computer system, either a series of commands, malicious software, or piece of infected data.
Security Terms … Firewall: Any technology, be it software or hardware, used to keep intruders out. Hacker, Black Hat: Any hacker who attempts to gain unauthorized access to a system with the intent to cause mischief, damage, or theft. They can be motivated by greed, a political agenda Hacker, White Hat: A hacker who is invited to test out computer systems and servers, looking for vulnerabilities, for the purposes of informing the host of where security needs to be buffed up. Malware: A portmanteau of “malicious” and “software”, describing a wide variety of bad software used to infect and/or damage a system. Ransomware, worms, viruses, and trojans are all considered malware. It most often delivered via spam emails. Man in the Middle Attack: An attack on the “middleman”, in this case, defined as the Wi-Fi system that connects users to the Internet. Hackers who commit Man in the Middle Attacks can break the Wi-Fi’s encryption and use this as a means of stealing your personal data because they’re now in the system. Phishing: A scam where a hacker poses as a legitimate business or organization (especially credit card companies, banks, charities, Internet providers, other utilities) in order to fool the victim into giving them sensitive personal information or inducing them to click a link or attachment that ends up delivering malware.
Security Terms … Ransomware: A form of malware that hijacks your system and encrypts your files, denying you access to them until you send money to unlock everything. Spoofing: When a hacker changes the IP address of an email so that it seems to come from a trusted source. Spyware: A form of malware used by hackers to spy on you and your computer activities. Trojan Horse: Yet another form of malware, this one a misleading computer program that looks innocent, but in fact allows the hacker into your system via a back door, allowing them to control your computer. Virus: Malware which changes, corrupts, or destroys information, and is then passed on to other systems. VPN: An acronym standing for Virtual Private Network, a VPN is a method of connecting a series of computers and devices in a private encrypted network, with each user’s IP address being replaced by the VPN’s IP address. Users get Internet anonymity, making it difficult for hackers to attack. Worm: Malware that can reproduce itself for the purposes of spreading itself to other computers in the network. Particularly nasty, worms can either be simply a means of slowing down a system by eating up resources, or by committing exploits such as installing back doors or stealing data.
Security threats for business • Phishing • SMS-Based Phishing • PDF Scams • Malware & Ransomware • Database exposure • Credential Stuffing • Accidental Sharing • Man-In-The-Middle
How to prevent threats Phishing: • First, watch for unusual emails and instant messages. They may start with unusual wording such as “Dear Customer” instead of using your name, have bad grammar, or have a generic signature. • Second, be cautious in clicking links or giving sensitive information, even if it appears legitimate. If in doubt, directly contact the source to make sure they sent the message. • And third, install anti-phishing toolbars on internet browsers. These toolbars alert you to sites containing phishing information. SMS-Based Phishing: • First, never open a link in a text message. Most banks and businesses do not ask for information via SMS message - they call or mail you. • Second, watch for misspellings or generic language. Like email phishing, smishing often contains generic language like “Dear Customer, “Sir,” or “Madam.” • And third, if you think the message is legitimate, call the business directly or go to your online account to give the information. This ensures no valuable data falls into the wrong hands.
How to prevent threats … PDF Scams: • First, train your employees to watch for generic or unusual email addresses. For example, if someone gets bank statements through email, ensure the sender’s email address is from the bank and not a generic address. • Second, watch for unusual and generic headings. Instead of using your name, PDF scams often use generic terms like “Sir” or “Madam.” • And third, make sure you have updated and secure virus protection on your computers and network. If someone happens to open up a PDF scam, having security in place goes a long way in protecting your business and alerting your IT department. Malware & Ransomware: • First, make sure you keep all your computer software and hardware updated. Outdated software, drivers, and other plugins are common security vulnerabilities. If you have an IT service provider, check with them to make sure this is happening on your servers. • Second, enable click-to-play plugins to keep Flash or Java from running unless you click a link. This reduces the risk of running malware programs with Flash or Java. • And third, removing old software, sometimes referred to as Legacy Apps, reduces risk. For example, if your computer has Windows 10, but you run programs designed for Windows 7, these are considered Legacy Apps and may be a security risk. Your software company should be able to give you an updated program designed for Windows 10.
How to prevent threats … Database exposure: • First, if you have a private server, keep the physical hardware in a secure and locked room. This helps prevent theft if your building is robbed, and it keeps unauthorized personnel from accessing it with a portable hard drive. • Second, make sure you have a database firewall and web application firewall. A locked door protects your physical server and hardware, and firewalls protect your server on the internet. • Third, keep access to the server limited. Each person with a login to the server is a potential leak, so the fewer logins, the better. • And fourth, encrypt the data on the server and keep a regular backup. Credential Stuffing: • First, implement 2-Factor Authentication for account logins. This requires an email or phone verification along with the standard username and password. • Second, use different passwords for every account and program your employee’s access. If one account is hacked, the hacker will not have access to more accounts with the same password. • And third, never share passwords with other people. If you have a shared account for some reason, always give the password verbally, never through electronic communication.
How to prevent threats … Accidental Sharing: • First, limit the number of employees who have access to data. The more people who have access to information, the higher the chance for human error in sharing the data. • And second, implement user activity monitoring software. This allows you to track and discover if your data is in danger. It also provides solutions to prevent accidental sharing. Man-In-The-Middle: • First, avoid WiFi connections that are not secure. If you have employees working remotely, don’t allow them to access sensitive company data over public WiFi networks. • Second, make sure your employees do not interact with websites that are not secure. If a URL is not a secure website, it will only show “HTTP” instead of “HTTPS” in front of the URL. The browser should also show an alert that the URL is not secure. If this happens, leave the site immediately. • And third, make sure that your internet connections and internet devices are always updated with the latest security updates. Having outdated software or unsecured internet portals creates potential access points for MITM hackers.
Computer Network Components Computer network components are the major parts which are needed to install the software. Some important network components are NIC, switch, cable, hub, router, and modem. NIC: • NIC stands for network interface card. • NIC is a hardware component used to connect a computer with another computer onto a network • It can support a transfer rate of 10,100 to 1000 Mb/s. • The MAC address or physical address is encoded on the network card chip which is assigned by the IEEE to identify a network card uniquely. The MAC address is stored in the PROM (Programmable read-only memory). Two types of NIC: • Wired NIC • Wireless NIC
Computer Network Components … Hub: A Hub is a hardware device that divides the network connection among multiple devices. When computer requests for some information from a network, it first sends the request to the Hub through cable. Switch: A switch is a hardware device that connects multiple devices on a computer network. A Switch contains more advanced features than Hub. The Switch contains the updated table that decides where the data is transmitted or not. Switch delivers the message to the correct destination based on the physical address present in the incoming message. Router: A router is a hardware device which is used to connect a LAN with an internet connection. It is used to receive, analyze and forward the incoming packets to another network. • A router works in a Layer 3 (Network layer) of the OSI Reference model. • A router forwards the packet based on the information available in the routing table. • It determines the best path from the available paths for the transmission of the packet.
Security Operations Center (soc) The function of a security operations team and, frequently, of a security operations center (SOC), is to monitor, detect, investigate, and respond to cyber threats around the clock. 10 key functions performed by the SOC: 1. Take Stock of Available Resources 2. Preparation and Preventative Maintenance 3. Continuous Proactive Monitoring 4. Alert Ranking and Management 5. Threat Response 6. Recovery and Remediation 7. Log Management 8. Root Cause Investigation 9. Security Refinement and Improvement 10. Compliance Management
Protocols, IP Address There are three main types of network protocols: • Network management protocols • Network communication protocols • Network security protocols Examples: TCP/IP (Transmission Control Protocol/Internet Protocol) HTTPS (Secure HyperText Transmission Protocol) SMTP (Simple Mail Transfer Protocol) DNS (Domain Name System)
OSI Model • Physical Layer (Deals with the hardware of networks.) • Data Link Layer (This layer receives data from the physical layer and compiles it into a transform form called framing or frame.) • Network Layer (This layer performs real time processing and transfers data from nodes to nodes.) • Transport Layer (This layer transmits data from source to destination node.) • Session Layer (The session layer creates a session between the source and the destination nodes and terminates sessions on completion of the communication process.) • Presentation Layer (The functions of encryption and decryption are defined on this layer.) • Application Layer (This layer works at the user end to interact with user applications. QoS (quality of service), file transfer and email are the major popular services of the application layer.)

Recommandé

Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0Adebisi Tolulope
 
Information security
Information securityInformation security
Information securityLaxmiprasad Bansod
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsDrPraveenKumar37
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.angelaag98
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
 
Computer security
Computer securityComputer security
Computer securityEktaVaswani2
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyHaider Ali Malik
 

Recommandé

Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0Adebisi Tolulope
 
Information security
Information securityInformation security
Information securityLaxmiprasad Bansod
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsDrPraveenKumar37
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.angelaag98
 
Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Secure: Handout for small business leaders on "How to be Secure"
Frontier Secure: Handout for small business leaders on "How to be Secure" Frontier Small Business
 
Computer security
Computer securityComputer security
Computer securityEktaVaswani2
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity TrainingWindstoneHealth
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyHaider Ali Malik
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptxJoselitoJMebolos
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptxSibyJames1
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxKirti Verma
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”tunzida045
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”tunzida045
 
Cyber crime & security
Cyber crime & security Cyber crime & security
Cyber crime & security aravindanvaithilinga
 
Computing safety
Computing safetyComputing safety
Computing safetyBrulius
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Data security
Data security Data security
Data security Laura Breese
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeSalma Zafar
 
Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security Sanguine_Eva
 
Internet security
Internet securityInternet security
Internet securityat1211
 
Cyber-Security-.ppt
Cyber-Security-.pptCyber-Security-.ppt
Cyber-Security-.pptkarthikvcyber
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingSyed Irshad Ali
 
E Commerce security
E Commerce securityE Commerce security
E Commerce securityMayank Kashyap
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacyArdit Meti
 
Cyber-Security.ppt
Cyber-Security.pptCyber-Security.ppt
Cyber-Security.pptSeniorGaming
 
Lecture 10.pptx
Lecture 10.pptxLecture 10.pptx
Lecture 10.pptxMuhammadRehan856177
 
Event Programming JavaScript
Event Programming JavaScriptEvent Programming JavaScript
Event Programming JavaScriptMuhammadRehan856177
 

Contenu connexe

Similaire à Lecture 2.pptx

2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptxSibyJames1
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxKirti Verma
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”tunzida045
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”tunzida045
 
Computing safety
Computing safetyComputing safety
Computing safetyBrulius
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security Sanguine_Eva
 
Internet security
Internet securityInternet security
Internet securityat1211
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingWilliam Mann
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacyArdit Meti
 
Cyber-Security.ppt
Cyber-Security.pptCyber-Security.ppt
Cyber-Security.pptSeniorGaming
 

Similaire à Lecture 2.pptx (20)

Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptx
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptx
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”
 
Cyber crime & security
Cyber crime & security Cyber crime & security
Cyber crime & security
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 
Data security
Data security Data security
Data security
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber Crime and Security
Cyber Crime and Security Cyber Crime and Security
Cyber Crime and Security
 
Internet security
Internet securityInternet security
Internet security
 
Cyber-Security-.ppt
Cyber-Security-.pptCyber-Security-.ppt
Cyber-Security-.ppt
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
 
Cyber-Security.ppt
Cyber-Security.pptCyber-Security.ppt
Cyber-Security.ppt
 

Plus de MuhammadRehan856177

Introduction to JavaScript (1).ppt
Introduction to JavaScript (1).pptIntroduction to JavaScript (1).ppt
Introduction to JavaScript (1).pptMuhammadRehan856177
 

Plus de MuhammadRehan856177 (10)

Lecture 10.pptx
Lecture 10.pptxLecture 10.pptx
Lecture 10.pptx
 
Event Programming JavaScript
Event Programming JavaScriptEvent Programming JavaScript
Event Programming JavaScript
 
Intrusion .ppt
Intrusion .pptIntrusion .ppt
Intrusion .ppt
 
Botnets Attacks.pptx
Botnets Attacks.pptxBotnets Attacks.pptx
Botnets Attacks.pptx
 
Lecture 3.pptx
Lecture 3.pptxLecture 3.pptx
Lecture 3.pptx
 
Lecture 2.pptx
Lecture 2.pptxLecture 2.pptx
Lecture 2.pptx
 
Lecture 2.ppt
Lecture 2.pptLecture 2.ppt
Lecture 2.ppt
 
Introduction to JavaScript (1).ppt
Introduction to JavaScript (1).pptIntroduction to JavaScript (1).ppt
Introduction to JavaScript (1).ppt
 
3. HTML Forms.ppt
3. HTML Forms.ppt3. HTML Forms.ppt
3. HTML Forms.ppt
 
2. HTML Tables.ppt
2. HTML Tables.ppt2. HTML Tables.ppt
2. HTML Tables.ppt
 

Dernier

KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...noida100girls
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurSuhani Kapoor
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppelCorporation
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in managementchhavia330
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Tina Ji
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 

Dernier (20)

KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service JamshedpurVIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
VIP Call Girl Jamshedpur Aashi 8250192130 Independent Escort Service Jamshedpur
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation SlidesKeppel Ltd. 1Q 2024 Business Update Presentation Slides
Keppel Ltd. 1Q 2024 Business Update Presentation Slides
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in management
 
Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdf
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 

Lecture 2.pptx

  • 1. Lecture 2 Components of IT Infrastructure Author: Muhammad Rehan
  • 2. Objective • Revision of basic security terms, threat, threat agent, vulnerability, Risk etc. • Virtual Operating System and Environment, installation • Computer network, Network components, • Protocols, IP Address. Transport Layer, Network Layer • Organizational Infrastructure and loopholes Understanding of common cyber security threats and risks
  • 3. Security Terms Authentication: The process of identifying a user’s identity, making sure that they can have access to the system and/or files. This can be accomplished either by a password, retina scan, or fingerprint scan, sometimes even a combination of the above. Botnet: A combination of the words “robot” and “network”, a botnet is a network of computers that have been infected with a virus, and now are working continuously in order to create security breaches. Data Breach: The result of a hacker successfully breaking into a system, gaining control of its network and exposing its data. DDoS: The acronym stands for Distributed Denial of Service and is a favorite Black Hat tool. Using multiple hosts and users, hackers bombard a website with a tidal wave of requests to such an extent that it locks up the system and forces it to temporarily shut down. Domain: A series of computers and associated peripherals (routers, printers, scanners), that are all connected as one entity. Encryption: Coding used to protect your information from hackers. Think of it like the code cipher used to send a top-secret coded spy message. Exploit: A means of attack on a computer system, either a series of commands, malicious software, or piece of infected data.
  • 4. Security Terms … Firewall: Any technology, be it software or hardware, used to keep intruders out. Hacker, Black Hat: Any hacker who attempts to gain unauthorized access to a system with the intent to cause mischief, damage, or theft. They can be motivated by greed, a political agenda Hacker, White Hat: A hacker who is invited to test out computer systems and servers, looking for vulnerabilities, for the purposes of informing the host of where security needs to be buffed up. Malware: A portmanteau of “malicious” and “software”, describing a wide variety of bad software used to infect and/or damage a system. Ransomware, worms, viruses, and trojans are all considered malware. It most often delivered via spam emails. Man in the Middle Attack: An attack on the “middleman”, in this case, defined as the Wi-Fi system that connects users to the Internet. Hackers who commit Man in the Middle Attacks can break the Wi-Fi’s encryption and use this as a means of stealing your personal data because they’re now in the system. Phishing: A scam where a hacker poses as a legitimate business or organization (especially credit card companies, banks, charities, Internet providers, other utilities) in order to fool the victim into giving them sensitive personal information or inducing them to click a link or attachment that ends up delivering malware.
  • 5. Security Terms … Ransomware: A form of malware that hijacks your system and encrypts your files, denying you access to them until you send money to unlock everything. Spoofing: When a hacker changes the IP address of an email so that it seems to come from a trusted source. Spyware: A form of malware used by hackers to spy on you and your computer activities. Trojan Horse: Yet another form of malware, this one a misleading computer program that looks innocent, but in fact allows the hacker into your system via a back door, allowing them to control your computer. Virus: Malware which changes, corrupts, or destroys information, and is then passed on to other systems. VPN: An acronym standing for Virtual Private Network, a VPN is a method of connecting a series of computers and devices in a private encrypted network, with each user’s IP address being replaced by the VPN’s IP address. Users get Internet anonymity, making it difficult for hackers to attack. Worm: Malware that can reproduce itself for the purposes of spreading itself to other computers in the network. Particularly nasty, worms can either be simply a means of slowing down a system by eating up resources, or by committing exploits such as installing back doors or stealing data.
  • 6. Security threats for business • Phishing • SMS-Based Phishing • PDF Scams • Malware & Ransomware • Database exposure • Credential Stuffing • Accidental Sharing • Man-In-The-Middle
  • 7. How to prevent threats Phishing: • First, watch for unusual emails and instant messages. They may start with unusual wording such as “Dear Customer” instead of using your name, have bad grammar, or have a generic signature. • Second, be cautious in clicking links or giving sensitive information, even if it appears legitimate. If in doubt, directly contact the source to make sure they sent the message. • And third, install anti-phishing toolbars on internet browsers. These toolbars alert you to sites containing phishing information. SMS-Based Phishing: • First, never open a link in a text message. Most banks and businesses do not ask for information via SMS message - they call or mail you. • Second, watch for misspellings or generic language. Like email phishing, smishing often contains generic language like “Dear Customer, “Sir,” or “Madam.” • And third, if you think the message is legitimate, call the business directly or go to your online account to give the information. This ensures no valuable data falls into the wrong hands.
  • 8. How to prevent threats … PDF Scams: • First, train your employees to watch for generic or unusual email addresses. For example, if someone gets bank statements through email, ensure the sender’s email address is from the bank and not a generic address. • Second, watch for unusual and generic headings. Instead of using your name, PDF scams often use generic terms like “Sir” or “Madam.” • And third, make sure you have updated and secure virus protection on your computers and network. If someone happens to open up a PDF scam, having security in place goes a long way in protecting your business and alerting your IT department. Malware & Ransomware: • First, make sure you keep all your computer software and hardware updated. Outdated software, drivers, and other plugins are common security vulnerabilities. If you have an IT service provider, check with them to make sure this is happening on your servers. • Second, enable click-to-play plugins to keep Flash or Java from running unless you click a link. This reduces the risk of running malware programs with Flash or Java. • And third, removing old software, sometimes referred to as Legacy Apps, reduces risk. For example, if your computer has Windows 10, but you run programs designed for Windows 7, these are considered Legacy Apps and may be a security risk. Your software company should be able to give you an updated program designed for Windows 10.
  • 9. How to prevent threats … Database exposure: • First, if you have a private server, keep the physical hardware in a secure and locked room. This helps prevent theft if your building is robbed, and it keeps unauthorized personnel from accessing it with a portable hard drive. • Second, make sure you have a database firewall and web application firewall. A locked door protects your physical server and hardware, and firewalls protect your server on the internet. • Third, keep access to the server limited. Each person with a login to the server is a potential leak, so the fewer logins, the better. • And fourth, encrypt the data on the server and keep a regular backup. Credential Stuffing: • First, implement 2-Factor Authentication for account logins. This requires an email or phone verification along with the standard username and password. • Second, use different passwords for every account and program your employee’s access. If one account is hacked, the hacker will not have access to more accounts with the same password. • And third, never share passwords with other people. If you have a shared account for some reason, always give the password verbally, never through electronic communication.
  • 10. How to prevent threats … Accidental Sharing: • First, limit the number of employees who have access to data. The more people who have access to information, the higher the chance for human error in sharing the data. • And second, implement user activity monitoring software. This allows you to track and discover if your data is in danger. It also provides solutions to prevent accidental sharing. Man-In-The-Middle: • First, avoid WiFi connections that are not secure. If you have employees working remotely, don’t allow them to access sensitive company data over public WiFi networks. • Second, make sure your employees do not interact with websites that are not secure. If a URL is not a secure website, it will only show “HTTP” instead of “HTTPS” in front of the URL. The browser should also show an alert that the URL is not secure. If this happens, leave the site immediately. • And third, make sure that your internet connections and internet devices are always updated with the latest security updates. Having outdated software or unsecured internet portals creates potential access points for MITM hackers.
  • 11. Computer Network Components Computer network components are the major parts which are needed to install the software. Some important network components are NIC, switch, cable, hub, router, and modem. NIC: • NIC stands for network interface card. • NIC is a hardware component used to connect a computer with another computer onto a network • It can support a transfer rate of 10,100 to 1000 Mb/s. • The MAC address or physical address is encoded on the network card chip which is assigned by the IEEE to identify a network card uniquely. The MAC address is stored in the PROM (Programmable read-only memory). Two types of NIC: • Wired NIC • Wireless NIC
  • 12. Computer Network Components … Hub: A Hub is a hardware device that divides the network connection among multiple devices. When computer requests for some information from a network, it first sends the request to the Hub through cable. Switch: A switch is a hardware device that connects multiple devices on a computer network. A Switch contains more advanced features than Hub. The Switch contains the updated table that decides where the data is transmitted or not. Switch delivers the message to the correct destination based on the physical address present in the incoming message. Router: A router is a hardware device which is used to connect a LAN with an internet connection. It is used to receive, analyze and forward the incoming packets to another network. • A router works in a Layer 3 (Network layer) of the OSI Reference model. • A router forwards the packet based on the information available in the routing table. • It determines the best path from the available paths for the transmission of the packet.
  • 13. Security Operations Center (soc) The function of a security operations team and, frequently, of a security operations center (SOC), is to monitor, detect, investigate, and respond to cyber threats around the clock. 10 key functions performed by the SOC: 1. Take Stock of Available Resources 2. Preparation and Preventative Maintenance 3. Continuous Proactive Monitoring 4. Alert Ranking and Management 5. Threat Response 6. Recovery and Remediation 7. Log Management 8. Root Cause Investigation 9. Security Refinement and Improvement 10. Compliance Management
  • 14. Protocols, IP Address There are three main types of network protocols: • Network management protocols • Network communication protocols • Network security protocols Examples: TCP/IP (Transmission Control Protocol/Internet Protocol) HTTPS (Secure HyperText Transmission Protocol) SMTP (Simple Mail Transfer Protocol) DNS (Domain Name System)
  • 15. OSI Model • Physical Layer (Deals with the hardware of networks.) • Data Link Layer (This layer receives data from the physical layer and compiles it into a transform form called framing or frame.) • Network Layer (This layer performs real time processing and transfers data from nodes to nodes.) • Transport Layer (This layer transmits data from source to destination node.) • Session Layer (The session layer creates a session between the source and the destination nodes and terminates sessions on completion of the communication process.) • Presentation Layer (The functions of encryption and decryption are defined on this layer.) • Application Layer (This layer works at the user end to interact with user applications. QoS (quality of service), file transfer and email are the major popular services of the application layer.)