1. COMPUTER
SECURITY
Presentation By:
Prarthana Manandhar
Praphulla Lal Shrestha

2. 01
Introduction To Computer
Security
Security Threats and
Attacks
Security Services
02
03
04
05
06
Security Mechanisms
Security Awareness
Seurity Policies

3. Introduction to Computer Security
• Computer security basically is the protection of
computer systems and information from harm,
theft, and unauthorized use.
• It is the process of preventing and detecting
unauthorized use of your computer system.
• Computer Security mainly focuses on three
factors:
I. Security Attacks
II. Security Services
III. Security Mechanisms

4. Why is Computer
Security Important?
• Cyber Crime is on the rise
• Damage is Significant
• Cyber Security builds trust
• Our identities protect our data
• Every organization has
vulnerabilities.

5. QUICK FACTS
● 95% of Computer Security breaches
are due to human error.
● There is a hacker attack every 39
seconds
● Share prices fall 7.27% on average
after a breach
● Approximately $6 trillion is expected
to be spent globally on cybersecurity
by 2021
● Unfilled cybersecurity jobs worldwide
is already over 4 million

6. Security threat and security attack
• Threat is a possible danger that might exploit
vulnerability. The actions that cause it to occur
are the security attacks.
• A security attack may be a passive attack or an
active attack.
The aim of a passive attack is to get
information from the system but it does not
affect the system resources. Passive attacks
are difficult to detect but can be prevented.
An active attack tries to alter the system
resources or affect its operations. Active attack
may modify the data or create a false data.
Active attacks are difficult to prevent.

7. Security Attacks on Users, Computer hardware and
Computer Software
• Attacks on users could be to the identity user and to the privacy of user. Identity attacks
result in someone else acting on your behalf by using personal information like
password, PIN number in an ATM, credit card number, social security number etc. Attacks
on the privacy of user involve tracking of users habits and actions—the website user
visits, the buying habit of the user etc. Cookies and spam mails are used for attacking the
privacy of users.
• Attacks on computer hardware could be due to a natural calamity like floods or
earthquakes; due to power related problems like power fluctuations, etc or by
destructive actions of a burglar.
• Software attacks harm the data stored in the computer. Software attacks may be due to
malicious software, or, due to hacking. Malicious software or malware is a software code
included into the system with a purpose to harm the system. Hacking is intruding into
another computer or network to perform an illegal act.
This chapter will discuss the malicious software and hacking in detail.

8. Malicious Software
Malware is any software intentionally designed to
cause damage to a computer, server, client, or
computer network.
Malware is typically delivered in the form of a link or
file over email and requires the user to click on the
link or open the file to execute the malware.
Malware has actually been a threat to individuals and
organizations since the early 1970s when the
Creeper virus first appeared
A wide variety of malware types exist:-
1. Computer Viruses
2. Worms
3. Trojan Horses
4. Ransom ware
5. Java scripts and Java applets
6. Spyware, etc.

9. Virus
• A computer virus is a computer program that, when
executed, replicates itself by modifying other computer
programs
• It can attach itself to other healthy programs.
• It is difficult to trace a virus after it has spread across a
network.
• Viruses can be spread through email and text message
attachments, Internet file downloads, and social media
scam links.
• Computer viruses cause billions of dollars' worth of
economic damage each year.
• If a virus has entered in the system then there might be
frequent pop-up windows, Frequent crashes, Unusually
slow computer performance, Unknown programs that
start up when you turn on your computer, Unusual
activities like password changes.
• Examples of virus:- Melissa, I Love You.

10. Worms
• A computer worm is a type of malware that spreads
copies of itself from computer to computer without
any human interaction.
• Computer worms could arrive as attachments in
spam emails or instant messages (IMs).
• When computer is infected with worms then it
starts to take up free space of your hard drive,
programs might crash, your files may be replaced
or deleted.
• A worm is however different from a virus. A worm
does not modify a program like a virus.
• Examples of worms:- Code Red, Nimda

11. Trojan Horse
• A Trojan horse or Trojan is a type of malware that is
often disguised as legitimate software.
• The term “Trojan” derives from the ancient Greek
story about the deceptive Trojan horse which led
to the fall of the city of Troy.
• A Trojan must be executed by its victim to do its
work.
• Trojan horses contain programs that corrupt the data
or damage the files, corrupt software applications.
• Trojan horse does not replicate themselves like
viruses.
• If your computer is breached by Trojan malware
then, computer will start frequent crashing,
redirected to unfamiliar websites when browsing
online, increase in pop-ups.

12. Java Scripts, Java applets and ActiveX Controls
Java Scripts
• JavaScript is a dynamic computer programming
language, most commonly used as a part of web
pages, whose implementations allow client-side script
to interact with the user and make dynamic pages.
• JavaScript is widely used in Netscape, Internet
Explorer, and other web browsers.
• JavaScript also allows website creators to run any
code they want when a user visits their website.
• Cyber criminals frequently manipulate the code on
countless websites to make it perform malicious
functions. If we’re browsing a malfunctioned website,
the attackers can easily get access to our device.

13. Java Applets and ActiveX Controls
• Applets (Java programs), and ActiveX controls are
used with Microsoft technology, generally used to
provide added functionality such as sound and
animation which are inserted in Web page.
• Anyone who uses the Internet will eventually access
websites that contain mobile code.
• If these programs are designed with a malicious
intention, then it can be disastrous for the client
machine.
• Java’s design and security measures are better
designed and inherently safer than ActiveX, which
provides very few restrictions on the developer.

14. Hacking
• Hacking is the activity of identifying weaknesses in a
computer system or a network to exploit the security to
gain access to personal data or business data.
• Hackers are the one who are responsible for hacking and
are increasingly growing in sophistication, using stealthy
attack methods designed to go completely unnoticed by
cyber security software and IT teams.
• Hacking is not always done for malicious purposes,
nowadays most references to hacking as unlawful
activity by cybercriminals motivated by financial gain,
protest, spying, and even just for the “fun” of the
challenge.
• Nowadays, hacking has become a multibillion-dollar
industry with extremely sophisticated and successful
techniques
• There are various ways hackers invade our privacy by
packet sniffing, email hacking, password cracking.

15. Packet Sniffing
• The act of capturing data packet across the computer
network is called packet sniffing.
• It is mostly used by crackers and hackers to collect
information illegally about network. It is also used by ISPs,
advertisers and governments.
• Packet sniffing attacks normally go undetected.
• Ethereal and Zx Sniffer are some freeware packet sniffers.
• Telnet, FTP, SMTP are some services that are commonly
sniffed.

16. Password Cracking
• Password cracking is the process of guessing the
correct password to an account in an unauthorized
way.
• Password cracking can be done for several reasons,
but the most malicious reason is in order to gain
unauthorized access to a computer without the
computer owner’s awareness.
• One of the most common types of password attacks is
a dictionary attack.
• The password is generally stored in the system in an
encrypted form. Password cracker is an application
that tries to obtain a password

17. Email Hacking
• Email hacking is the unauthorized access to, or
manipulation of an account or email correspondence.
• Fraudster get our email by tricking us into clicking on
a link in an SMS or email.
• Once they access your account, they read all your
correspondence, have access to all your contacts and
send emails from your account.
• Hackers use packet replay to retransmit message
packets over a network. Packet replay may cause
serious security threats to programs that require
authentication sequences.

18. SECURITY SERVICES
• The security services provide specific
kind of protection to system
resources.
• Security services ensure
Confidentiality, Integrity,
Authentication, and Non-
Repudiation of data or message
stored on the computer, or when
transmitted over the network.
• Additionally, it provides assurance
for access control and availability of
resources to its authorized users.
Security
Services
Confidenti
ality
Integrity
Authentic
ation
Non-
Repudiation
Access
Control
Availability

19. THE CIA TRIAD
Computer security is mainly concerned with these three
main areas:
1. Confidentiality is ensuring that information is available
only to the intended audience
2.Integrity is protecting information from being modified
by unauthorized parties
3.Availability is making data and resources requested by
authorized users available to them when requested.

20. CONFIDENTIALITY
Typically, this involves ensuring that only those who are
authorized have access to specific assets and that those
who are unauthorized are actively prevented from
obtaining access.
Confidentiality can be violated in many ways, for
example, through direct attacks designed to gain
unauthorized access to systems, applications, and
databases in order to steal or tamper with data.
A failure to maintain confidentiality means that someone
who shouldn’t have access has managed to get access to
private information.
01
Some information security basics to
keep your data confidential are:
Encryption
Password
Two-factor authentication
Biometric verification

21. INTEGRITY
Integrity is about ensuring that data has not been tampered
with and, therefore, can be trusted. It is correct, authentic, and
reliable.
Ecommerce customers, for example, expect product and
pricing information to be accurate, and that quantity, pricing,
availability, and other information will not be altered after they
place an order.
Ensuring integrity involves protecting data in use, in transit
(such as when sending an email or uploading or downloading a
file), and when it is stored, whether on a laptop, a portable
storage device, in the data center, or in the cloud.
Integrity goes hand in hand with the concept of non-
repudiation: the inability to deny something. Non-repudiation
assists in ensuring integrity.
02
Some security controls designed to maintain the
information include:
Encryption
User access controls
Version control
Backup and recovery
procedures
Error detection software

22. AVAILABILITY
Simply, availability means that networks, systems, and
applications are up and running. It ensures that authorized
users have timely, reliable access to resources when they are
needed.
Many things can jeopardize availability, including hardware or
software failure, power failure, natural disasters, and human
error. Perhaps the most well-known attack that threatens
availability is the Denial-of-service attack
In Denial of service attack the performance of a system,
website, web-based application, or web-based service is
intentionally and maliciously degraded, or the system becomes
completely unreachable.
To prevent data loss from such occurrences, a backup copy
may be stored in a geographically isolated location, perhaps
even in a fireproof, waterproof safe.
03
Encryption
Password
Two-factor authentication
Biometric verification

23. OTHER SECURITY SERVICES
Authentication:
It is the process of ensuring and confirming
the identity of the user before revealing any
information to the user. Authentication is
facilitated by the use of username and
password, smart cards, biometric methods like
retina scanning and fingerprints.
Non-Repudiation:
Basically, to repudiate means to deny.
Nonrepudiation is the assurance that
someone cannot deny something.
Typically, nonrepudiation refers to the ability
to ensure that a party to a contract or a
communication cannot deny the authenticity
of their signature on a document or the
sending of a message that they originated.

24. SECURITY MECHANISMS
Security mechanisms are technical tools
and techniques that are used to implement
security services.
A mechanism might operate by itself, or
with others, to provide a particular service.
Security mechanisms deal with prevention,
detection, and recovery from a security
attack.

25. SECURITY MECHANISMS
Intoduction
INTRUSION DETECTION
SYSTEM
Functions
Types
Username and Password
Smart Card
Biometrics
USER IDENTIFICATION AND
AUTHENTICATION
Secret Key Cryptography
Public Key Cryptography
Hash Functions
CRYPTOGRAPHY FIREWALL
Introduction
DIGITAL SIGNATURE
Virus Protection Software
Data and Information Backups
Secure Socket Layer(SSL)
IP Security Protocol
OTHER MECHANISMS
1.
2.
3.
4.
5.
6.

26. ● The prefix “crypt” means “hidden” and suffix
“graphy” means “writing”. So Cryptography is
the science of writing information in
“hidden” or “secret” form.
● Cryptography is necessary when
communicating data over any network,
particularly the Internet.
● It protects the data in transit and also the
data stored on the disk.
CRYPTOGRAPHY

27. COMMON TERMS USED IN
CRYPTOGRAPHY
Plaintext
Cipher and Code
Cipher Text It is the coded message or the encrypted data.
Encryption
Decryption
Cipher is an algorithm for performing encryption or decryption. A cipher
converts the original message, called plaintext, into cipher text using a key.
Plaintext is ordinary readable text i.e. unencrypted data
Encryption is the process of converting normal message (plaintext) into
meaningless message (Cipher text).
Decryption is the process of converting meaningless message (Cipher
text) into its original form (Plaintext).
Plain Text Encryption Cipher Text Decryption Plain Text
Readable format
Non- encrypted data
Readable format
Non- encrypted data
Non- Readable format
Encrypted data
ALICE BOB
HARRY

28. CRYPTOGRAPHIC KEY
● A cryptographic key is a string of bits used by a cryptographic
algorithm to transform plain text into cipher text or vice versa.
● Like a physical key, it locks (encrypts) data so that only
someone with the right key can unlock (decrypt) it.
● The size of key is also important. The larger the key, the harder
it is to crack a block of encrypted data.
● The three cryptographic schemes are as follows:
○ Secret Key Cryptography (SKC)
○ Public Key Cryptography (PKC)
○ Hash Functions
Shift by 3
Attack
Dwwdfn

29. SECRET KEY CRYPTOGRAPHY
• Secret-key cryptography is also called symmetric
cryptography because the same key is used to both
encrypt and decrypt the data.
• In this type of cryptography the same key is used by
both parties.
• The sender uses this key and an encryption algorithm
to encrypt data; the receiver uses the same key and
the corresponding decryption algorithm to decrypt
the data.
• One of the big issues with secret key cryptography is
the logistical dilemma of how to get the key from
one party to the other without giving access to the
attacker.
• Secret key cryptography scheme are generally
categorized as
• Stream Ciphers
• Block Ciphers.

30. STREAM CIPHER AND BLOCK CIPHER
Stream Cipher
• Stream ciphers convert one symbol of
plaintext directly into a symbol of cipher text.
• It converts one byte of plain text at a time.
• Uses 8 bits at a time.
• It is easier to reverse the encrypted text to
plain text.
• Stream cipher is fast in comparison to block
cipher.
Block Cipher
• Block Cipher encrypt a group of plaintext
symbols as one block.
• It converts plaintext block wise at a time.
• Uses 64 bits or more at a time.
• It is difficult to reverse the encrypted text to
plain text
• Block cipher is slow as compared to stream
cipher.

31. PUBLIC KEY CRYPTOGRAPHY
• In public-key cryptography, there are two keys: a
private key and a public key.
• The public key can be shared freely and may be known
publicly.
• The private key is never revealed to anyone and is kept
secret.
• The two keys are mathematically related although
knowledge of one key does not allow someone to
easily determine the other key.
• Because a pair of keys is required for encryption and
decryption; public-key cryptography is also called
asymmetric encryption.

33. HASH FUNCTIONS
• Hash functions are one-way encryption
algorithms that, in some sense, use no key.
• The meaning of the verb “to hash” – to chop
or scramble something , that means hash
functions “scramble” data and convert it
into a numerical value.
• No matter how long the input is, the output
value is always of the same length.
• Hash functions are generally used to ensure
that the file has not been altered by an
intruder or virus.

34. 34
A Video will explain this much clearly

35. DIGITAL SIGNATURE
Bring the attention of your audience over a key
concept using icons or illustrations
35
In the physical world, it is common to use handwritten
signatures on handwritten or typed messages. They are used
to bind signatory to the message.
Similarly, a digital signature is a technique that binds a
person/entity to the digital data. This binding can be
independently verified by receiver as well as any third party.
Digital signature is a cryptographic value that is calculated
from the data and a secret key known only by the signer.
Digital signatures are easy for a user to produce, but difficult
for anyone else to forge. Digital signature scheme is a type of
asymmetric cryptography. Digital signatures use the public-
key cryptography, which employs two keys—private key and
public key.

36. 36
How do Digital Signatures Work?
ALICE
BOB

37. 37
How do Digital Signatures Work?
Contd…
• Each person adopting this scheme has a public-private key pair.
• Generally, the key pairs used for encryption/decryption and signing/verifying are
different. The private key used for signing is referred to as the signature key and the
public key as the verification key.
• Signer feeds data to the hash function and generates hash of data.
• Hash value and signature key are then fed to the signature algorithm which produces
the digital signature on given hash. Signature is appended to the data and then both are
sent to the verifier.
• Verifier feeds the digital signature and the verification key into the verification
algorithm. The verification algorithm gives some value as output.
• Verifier also runs same hash function on received data to generate hash value.
• For verification, this hash value and output of verification algorithm are compared.
Based on the comparison result, verifier decides whether the digital signature is valid.
• Since digital signature is created by ‘private’ key of signer and no one else can have this
key; the signer cannot repudiate signing the data in future.

38. 38
Importance of Digital Signature
Contd…
Out of all cryptographic primitives, the digital signature using public key cryptography is
considered as very important and useful tool to achieve information security. Some
importance of Digital Security can be listed as follows:
Message authentication − When the verifier validates the digital signature using public key
of a sender, he is assured that signature has been created only by sender who possess the
corresponding secret private key and no one else.
Data Integrity − In case an attacker has access to the data and modifies it, the digital
signature verification at receiver end fails. The hash of modified data and the output
provided by the verification algorithm will not match. Hence, receiver can safely deny the
message assuming that data integrity has been breached.
Non-repudiation − Since it is assumed that only the signer has the knowledge of the
signature key, he can only create unique signature on a given data. Thus the receiver can
present data and the digital signature to a third party as evidence if any dispute arises in
the future.

39. 39
A Video will explain this much clearly

40. A firewall is a network security mechanism
that monitors incoming and outgoing network
traffic and permits or blocks
data packets based on a set of security rules.
Its purpose is to establish a barrier between
your internal network and incoming traffic
from external sources (such as the internet) in
order to block malicious traffic like viruses and
hackers.
A firewall can be a hardware component, a
software component, or a combination of
both.
FIREWALL

41. Functions of Firewall
• As a Network Security Post. All traffic that enters or exits the
network must go through a firewall as a security post that
will conduct an inspection.
• It prevents valuable information from being leaked without
knowing. In this case, a firewall is useful to prevent users on
the network from sending valuable confidential files to other
parties.
• Firewalls can be used for hiding the structure and contents of
a local network from external users.
• It prevents modification of other Party Data. For example in
business matters for financial statement information,
product specifications, and others that are company secrets
and will have a negative impact if known to other parties.
Firewall prevents modification of these data so that they
remain safe.

42. How Firewall Works
Firewall match the network traffic against the rule set defined
in its table. Once the rule is matched, associate action is
applied to the network traffic.
From the perspective of a server, network traffic can be either
outgoing or incoming. Firewall maintains a distinct set of rules
for both the cases. Mostly the outgoing traffic, originated
from the server itself, allowed to pass.
Incoming traffic is treated differently. Most traffic which
reaches on the firewall is one of these three major Transport
Layer protocols- TCP(Transmission Control Protocol) UDP(User
Datagram Protocol) or ICMP(Internet Control Message
Protocol).
All these types have a source address and destination
address. Also, TCP and UDP have port numbers. ICMP
uses type code instead of port number which identifies
purpose of that packet.

43. 02
03
01
Types of Firewall
Packet Filter Firewall
(First Generation)
Circuit Filter Firewall
(Second Generation)
Application- Level Gateway
(Third Generation)

44. Packet Filter Firewall
Packet filtering firewall is used to control network access by
monitoring outgoing and incoming packet and allowing them
to pass or stop based on source and destination IP address,
protocols and ports.
The IP packet header is checked for the source and the
destination IP addresses and the port combinations.
Packet firewalls treat each packet in isolation. They have no
ability to tell whether a packet is part of an existing stream of
traffic. Only It can allow or deny the packets based on unique
packet headers.
Packet filtering is fast, easy to use, simple and cost effective. A
majority of routers in the market provide packet filtering
capability. It is used in small and medium businesses.
01

45. Packet Filter Firewall
01
Contd…
Packet filtering firewall maintains a filtering table which decides whether the packet will be
forwarded or discarded. From the given filtering table, the packets will be Filtered
according to following rules:
Incoming packets from network 192.168.21.0 are blocked.
Incoming packets destined for internal TELNET server (port 23) are blocked.
Incoming packets destined for host 192.168.21.3 are blocked.
All well-known services to the network 192.168.21.0 are allowed.

46. Circuit Filter Firewall
02
Where packet filter firewall examines the packet
headers, circuit filter firewalls examine a variety of
elements of each data packet and compare them to a
database of trusted information.
So the filtering decisions would not only be based on
defined rules, but also on packet’s history in the state
table.
These elements include source and destination IP
addresses, ports, and applications. Incoming data
packets are required to sufficiently match the trusted
information in order to be allowed through the firewall.
Since this firewall does a lot of inspection it is also
known as a “stateful inspection” firewall.
TCP Request TCP Request
TCP Response TCP Response

47. Application- Level Gateway
03
Application- Level Gateway is also called Proxy
Server.
A proxy server is a type of gateway that hides
the true network address of the computer(s)
connecting through it.
A proxy server creates a virtual connection
between the source and the destination
hosts.
The client must send a request to the firewall,
where it is then evaluated against a set of
security rules and then permitted or blocked.
Most notably, proxy firewalls monitor traffic
for layer 7 protocols such as HTTP and FTP,
and use both stateful and deep packet
inspection to detect malicious traffic.
Application level gateways or proxy server

48. BASIC SLIDES
Elementary Layouts
Users Identification and Authentication
Identification is the ability to identify uniquely a user of a system or an
application that is running in the system.
Authentication is the ability to prove that a user or application is genuinely
who that person or what that application claims to be.
For example, consider a user who logs on to a system by entering a user ID
and password. The system uses the user ID to identify the user. The system
authenticates the user at the time of logon by checking that the supplied
password is correct.
We will briefly discuss the following 3 authentication mechanisms:
i. User name and password
ii. Smart Card
iii. Biometrics—Fingerprints, Iris/retina scan

49. PICTURES PLACEHOLDERS
Username and Passwords
• The combination of username and password is the most
common method of user identification and
authentication.
• The systems that use password authentication first
require the user to have a username and a password.
• Next time, when the user uses the system, user enters
their username and password.
• The system checks the username and password by
comparing it to the stored password for that username.
• If it matches, the user is authenticated and is granted
access to the system

50. CLOSURE SLIDES
Ways to Make Passwords Safe
The problem with password is that, for them to be
effective, they need to be an uncommon word, of eight
letters or more and not used anywhere else.
According to Microsoft’s TechNet, for a password to be
effective, it needs to meet the following criteria:
• Changed every 60 days
• At least eight characters long
• Use both upper and lower case characters
• Contain a combination of alphanumeric characters and
symbols
• Unique (only used for this particular profile/website)
• Stored using a reversible encryption.
According to CERT, approximately
80% of all network security issues are
caused by bad passwords.
Any invalid user if gets to know of a
valid password can get access to the
system and a simple password can be
easily cracked.

51. A smart card is a physical card that has
an embedded integrated chip that acts as a security
token.
Smart cards are typically the same size as a driver's
license or credit card and can be made out of metal
or plastic.
Smart cards are used for a variety of applications,
though most commonly are used for credit cards and
other payment cards.
Smart cards are used in secure identity applications
like employee-ID badges, citizen-ID documents,
electronic passports, driver license and online
authentication devices.
SMART CARD

52. • Smart card microprocessors or memory chips exchange data with card readers and other
systems over a serial interface. The smart card itself is powered by an external source, usually
the smart card reader.
• A smart card communicates with readers either via direct physical contact or using a short-
range wireless connectivity standard such as RFID or NFC.
• The card reader then passes data from the smart card to its intended destination, usually a
payment or authentication system connected to the smart card reader over a network
connection.
How Smart Cards Work?

53. Biometrics is the science and technology of measuring and
statistically analyzing biological data.
Biometric devices are for “authentication and verification” of an
individual with the help of the unique, measurable and biological
trait of that individual.
• Three Types of Biometrics Security
We can mostly label biometrics into three groups:
i. Biological biometrics (use traits at a genetic and molecular
level which may include features like DNA or your blood)
ii. Morphological biometrics ( involve the structure of your
body. More physical traits like your eye, fingerprint, or the
shape of your face)
iii. Behavioral biometrics (based on patterns unique to each
person. How you walk, speak, or even type on a keyboard )
Biometric Techniques

54. Facial Recognition
Voice Recognition Fingerprint Scanning
Iris Rcognition

55. Intrusion Detection System
55
Intrusion basically refers to any unauthorized activity.
An Intrusion Detection System (IDS) is a system that
monitors network traffic for suspicious activity and issues alerts
when such activity is discovered.
It is a software application that scans a network or a system for
harmful activity or policy breaching.
Any malicious activity or violation is typically reported or
collected centrally using a security information and event
management system.

56. Detection Method of IDS
56
1.Signature-based Method:
Signature-based IDS detects the attacks on the basis of the specific
patterns such as number of bytes or number of 1’s or number of 0’s in the
network traffic.
It also detects on the basis of the already known malicious instruction
sequence that is used by the malware.
The detected patterns in the IDS are known as signatures. Signature-
based IDS can easily detect the attacks whose pattern (signature) already
exists in system but it is quite difficult to detect the new malware attacks
as their pattern (signature) is not known.

57. Detection Method of IDS
57
2. Anomaly-based Method:
Anomaly-based IDS was introduced to detect the unknown
malware attacks as new malware are developed rapidly.
In anomaly-based IDS there is use of machine learning to
create a trustful activity model and anything coming is
compared with that model and it is declared suspicious if it is
not found in model.
Machine learning based method has a better generalized
property in comparison to signature-based IDS as these
models can be trained according to the applications and
hardware configurations.

58. The aim of security awareness is to enhance
security of the organization’s resources by
improving the awareness of the need to secure
system resources
Security awareness teaches users to spot
phishing, avoid risks online, and use good cyber-
hygiene practices at work and at home.
In order to make the users and people in an
organization aware of the security practices to be
followed, frequent training programs should be
conducted in organizations.
SECURITY AWARENESS

59. Security Policies
• A security policy is a written document in an organization
outlining how to protect the organization from threats,
including computer security threats, and how to handle
situations when they do occur.
• To be practical and implementable, policies must be
defined by standards, guidelines, and procedures.
• The security policy states what is, and what is not allowed.
A security policy must be comprehensive, up-to-date,
complete, delivered effectively, and available to all staff.
• Generally, security policies are included within a security
plan. A security plan details how the rules put forward by
the security policy will be implemented
• The security policy also includes physical security of the
computers.

60. Formulation of Security Policies
Security policies are defined based on an
organization’s needs. A security policy includes
approaches and techniques that an organization is
going to apply or include in order to secure its
resources. The steps followed while formulating the
security policy are:
• Analyzing Current Security Policies:
The vulnerabilities and the current security policies
must be analyzed by the security administrators before
defining an effective security policy. The security
administrator is required to study the existing
documents containing details of the physical security
policies, network security policies, data security
policies, disaster recovery plans, and contingency
plans.

61. • Identifying IT Assets that Need to be Secure
The security administrator must identify the IT resources of an organization
that need to be secure. It may include the following:
oPhysical resources like computers, servers like database servers and web
servers, local networks that are used to share the local computer with the
remote computer, private networks shared by two or more organizations,
corporate network permanently connected to the Internet, laptop, manuals,
backup media, communication equipment, network cables, and CDs.
oInformation resources like password, data, or applications. The data of an
organization can be classified for security purposes based upon the
sensitivity and the integrity of data. For example, public information, internal
information, confidential information, and secret information.

62. • Identifying Security Threats and Likely Security Attacks
After identifying the IT assets and classifying them, a security administrator
must identify the various security threats to the assets.
For example, in a bank the security threat to the database storing the
account details of the customers may be:
1. Unauthorized access to information
2. Attacks of viruses
3. Worms and Trojan horses
4. Natural disasters like earthquake, fire etc.

63. • Defining the Proactive and Reactive Security Strategies
A proactive strategy is a pre-attack strategy. It involves identifying possible
damage from each type of attack, determining the vulnerabilities that each
type of attack can exploit, minimizing those vulnerabilities and making a
contingency plan.
A contingency plan specifies the actions to be taken in case an attack
penetrates into a system and damages the IT assets of the organization. A
contingency plan aims at keeping the computer functional and ensuring the
availability, integrity, and confidentiality of data. However, it is not possible
for the security administrator to prepare a computer against all attacks. A
reactive strategy is implemented on the failure of the proactive strategy. It
defines the steps to be taken after the attack. It aims at identifying the cause
of attack, vulnerabilities used to attack the system, damage caused by the
attack, and repairing of the damage caused by the attack.

64. • Computer Fundamentals, Anita Goel, Pearson Education India
• Introduction to Computers, Peter Norton,
• Confidentiality, Integrity, & Availability: Basics of Information Security | Smart Eye Technology
• What Is The CIA Triad? (f5.com)
• Cryptography Digital signatures - Tutorialspoint
• https://www.edureka.co/blog/what-is-computer-security/
• https://en.wikipedia.org/wiki/Malware
• https://www.guru99.com/what-is-hacking-an-introduction.html
• https://www.geeksforgeeks.org/what-is-packet-sniffing/
• https://www.techopedia.com/definition/4044/password-cracking
References

65. Thank You!
Do you have any questions?
Feel free to ask!