SlideShare une entreprise Scribd logo

Security threats

Qamar Farooq
Qamar Farooq

Security threats To ecommerce threats

Technologie
1  sur  54
Télécharger pour lire hors ligne
   most sophisticated types of crime ware facing the Internet today Bots oftentimes spread themselves across the Internet by searching for vulnerable, unprotected computers to infect. When they find an exposed computer, they quickly infect the machine and then report back to their master. Their goal is then to stay hidden until they are awoken by their master to perform a task.
  Other ways in which a bot infects a machine include being downloaded by a Trojan, installed by a malicious Web site or being emailed directly to a person from an already infected machine. Bots do not work alone, but are part of a network of infected machines called a ―botnet.‖ Botnets are created by attackers repeatedly infecting victim computers using one or several of the techniques mentioned above
  From spamming to hosting fraudulent Web sites, modern cybercrime at some point will make use of a botnet. Symantec reported nearly 9,000 different variations of the three most popular bots (Spybot, Gaobot, Randex) in the first half of 2005 alone.
 Denial of Service  knock Web sites offline, making them unusable by their customers  Extortion  warned in advance in what is known as a protection racket or extortion  the criminal threatens to knock the company’s Web site or online service off the Internet for a period of time if they are not paid
 Identity Theft  sometimes they play the main and supporting role by not only infecting a computer, but also stealing personal information from the victim and sending it to the criminal.  Spam  Botnets operate at the heart of today's spam industry— bots both harvest email addresses for spammers and are also used to spam messages out. Sending spam through botnets is particularly common since it makes spammers more difficult to detect as they can send messages from many machines (all the infected machines in the botnet) rather than through a single machine.
 Phishing  Much like spammers, phisher’s use bots to identify potential victims and send fraudulent emails, which appear to come from a legitimate organization such as the user’s bank.  Bots are also used by phishers to host the phony Web sites, which are used to steal people’s personal information and serve as collection points (―dead drop‖ or ―egg drop‖ servers) for stolen data
    a Trojan horse program presents itself as a useful computer program, while it actually causes havoc and damage to your computer. Increasingly, Trojans are the first stage of an attack and their primary purpose is to stay hidden while downloading and installing a stronger threat such as a bot. Unlike viruses and worms, Trojan horses cannot spread by themselves. They are often delivered to a victim through an email message where it masquerades as an image or joke, or by a malicious website, which installs the Trojan horse on a computer through vulnerabilities in web browser software such as Microsoft Internet Explorer.
 After it is installed, the Trojan horse lurks silently on the infected machine, invisibly carrying out its misdeeds, such as downloading spyware, while the victim continues on with their normal activities.
   Spyware is a general term used for programs that covertly monitor your activity on your computer, gathering personal information, such as usernames, passwords, account numbers, files, and even driver’s license or social security numbers. Some spyware focuses on monitoring a person’s Internet behaviour; this type of spyware often tracks the places you visit and things you do on the web, the emails you write and receive, as well as your Instant Messaging (IM) conversations. After gathering this information, the spyware then transmits that information to another computer, usually for advertising purposes.
 Spyware is similar to a Trojan horse in that users unknowingly install the product when they install something else. However, while this software is almost always unwelcome, it can be used in some instances for monitoring in conjunction with an investigation and in accordance with organizational policy.
 Most often spyware is installed unknowingly with some other software that you intentionally install. For example, if you install a "free" music or file sharing service or download a screensaver, it may also install spyware. Some Web pages will attempt to install spyware when you visit their page.
 Trojans and spyware are developed by professionals. Trojans and spyware are often created by professional crimeware authors who sell their software on the black market for use in online fraud and other illegal activities.
   IP spoofing – In the context of computer security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. An attacker may fake their IP address so the receiver thinks it is sent from a location that it is not actually from. There are various forms and results to this attack. ◦ The attack may be directed to a specific computer addressed as though it is from that same computer. This may make the computer think that it is talking to itself. This may cause some operating systems such as Windows to crash or lock up.
 Man in the middle attack ◦ Session hijacking - An attacker may watch a session open on a network. Once authentication is complete, they may attack the client computer to disable it, and use IP spoofing to claim to be the client who was just authenticated and steal the session. This attack can be prevented if the two legitimate systems share a secret which is checked periodically during the session.
    This is an attack where DNS information is falsified. This attack can succeed under the right conditions, but may not be real practical as an attack form. The attacker will send incorrect DNS information which can cause traffic to be diverted. The DNS information can be falsified since name servers do not verify the source of a DNS reply. When a DNS request is sent, an attacker can send a false DNS reply with additional bogus information which the requesting DNS server may cache. This attack can be used to divert users from a correct webserver such as a bank and capture information from customers when they attempt to logon. Password cracking - Used to get the password of a user or administrator on a network and gain unauthorized access.
   DNS provides distributed host information used for mapping domain names and IP addresses. To improve productivity, the DNS server caches the most recent data for quick retrieval. This cache can be attacked and the information spoofed to redirect a network connection or block access to the Web sites),a devious tactic called DNS cache poisoning. The best defence against problems such as DNS cache poisoning is to run the latest version of the DNS software for the operating system in use. New versions track pending and serialize them to help prevents spoofing.
   Unlike other exploits, denial of service attacks are not used to gain unauthorized access or control of a system. They are instead designed to render it unusable. Attackers can deny service to individual victims, such as by deliberately entering a wrong password 3 consecutive times and thus causing the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once.
      In a Denial of Service (DoS) attack, the attacker sends a stream of requests to a service on the server machine in the hope of exhausting all resources like "memory" or consuming all processor capacity. DoS Attacks Involve: Jamming Networks Flooding Service Ports Misconfiguring Routers Flooding Mail Servers
  attacks are common, where a large number of compromised hosts (commonly referred to as "zombie computers", used as part of a botnet with, for example; a worm, trojan horse, or backdoor exploit to control them) are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion. There are also commonly vulnerabilities in applications that cannot be used to take control over a computer, but merely make the target application malfunction or crash. This is known as a denial-of-service exploit.
   In Distributed DoS (DDoS) attack, a hacker installs an agent or daemon on numerous hosts. The hacker sends a command to the master, which resides in any of the many hosts. The master communicates with the agents residing in other servers to commence the attack. DDoS are harder to combat because blocking a single IP address or network will not stop them. The traffic can derive from hundred or even thousands of individual systems and sometimes the users are not even aware that their computers are part of the attack.
           DDoS Attacks Involve: FTP Bounce Attacks Port Scanning Attack Ping Flooding Attack Smurf Attack SYN Flooding Attack IP Fragmentation/Overlapping Fragment Attack IP Sequence Prediction Attack DNS Cache Poisoning SNMP Attack Send Mail Attack
      Unlike a password-based attack, the denial-of-service attack prevents normal use of your computer or network by valid users. After gaining access to your network, the attacker can do any of the following: Randomize the attention of your internal Information Systems staff so that they do not see the intrusion immediately, which allows the attacker to make more attacks during the diversion. Send invalid data to applications or network services, which causes abnormal termination or behaviour of the applications or services. Flood a computer or the entire network with traffic until a shutdown occurs because of the overload. Block traffic, which results in a loss of access to network resources by authorized users.
◦ An indirect attack is an attack launched by a third party computer. By using someone else's computer to launch an attack, it becomes far more difficult to track down the actual attacker.
  A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. rootkit is a software or hardware device designed to gain administrator-level control over a computer system without being detected.
    Someone who has gained access to a computer can install any type of devices to compromise security, including operating system modifications, software worms and covert listening devices. The attacker can also easily download large quantities of data onto backup media, for instance CD-R/DVD-R, tape; or portable devices such as keydrives, digital cameras or digital audio players. Another common technique is to boot an operating system contained on a CD-ROM or other bootable media and read the data from the harddrive(s) this way. The only way to defeat this is to encrypt the storage media and store the key separate from the system.
   an attacker who has gained access to data paths in your network to "listen in" or interpret (read) the traffic. When an attacker is eavesdropping on your communications, it is referred to as sniffing or snooping. The ability of an eavesdropper to monitor the network is generally the biggest security problem that administrators face in an enterprise. Without strong encryption services that are based on cryptography, your data can be read by others as it traverses the network.
    Most networks and operating systems use the IP address of a computer to identify a valid entity. In certain cases, it is possible for an IP address to be falsely assumed— identity spoofing. An attacker might also use special programs to construct IP packets that appear to originate from valid addresses inside the corporate intranet. After gaining access to the network with a valid IP address, the attacker can modify, reroute, or delete your data.
       This means your access rights to a computer and network resources are determined by who you are, that is, your user name and your password. Older applications do not always protect identity information as it is passed through the network for validation. This might allow an eavesdropper to gain access to the network by posing as a valid user. When an attacker finds a valid user account, the attacker has the same rights as the real user. Therefore, if the user has administrator-level rights, the attacker also can create accounts for subsequent access at a later time. After gaining access to your network with a valid account, an attacker can do any of the following: Obtain lists of valid user and computer names and network information. Modify server and network configurations, including access controls and routing tables. Modify, reroute, or delete your data.
   A key is a secret code or number necessary to interpret secured information. Although obtaining a key is a difficult and resourceintensive process for an attacker, it is possible. After an attacker obtains a key, that key is referred to as a compromised key. An attacker uses the compromised key to gain access to a secured communication without the sender or receiver being aware of the attack. With the compromised key, the attacker can decrypt or modify data, and try to use the compromised key to compute additional keys, which might allow the attacker access to other secured communications.
    A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key. Using a sniffer, an attacker can do any of the following: Analyze your network and gain information to eventually cause your network to crash or to become corrupted. Read your communications.
      An application-layer attack targets application servers by deliberately causing a fault in a server's operating system or applications. This results in the attacker gaining the ability to bypass normal access controls. The attacker takes advantage of this situation, gaining control of your application, system, or network, and can do any of the following: Read, add, delete, or modify your data or operating system. Introduce a virus program that uses your computers and software applications to copy viruses throughout your network. Introduce a sniffer program to analyze your network and gain information that can eventually be used to crash or to corrupt your systems and network. Abnormally terminate your data applications or operating systems. Disable other security controls to enable future attacks
  It hasn't been getting a lot of media attention lately, but the threat to corporate security and intellectual property from insiders remains one of the biggest challenges facing IT departments today. According to the most recent survey by the American Society for Industrial Security in Alexandria, Va., current and former employees and on-site contractors with authorized access to facilities and networks continue to pose the most significant risk to intellectual property such as research data, customer files and financial information.
 Experts say that all security programs should focus on people, process and technology, so we've broken the list into those three categories.
        Require new hires to go through a security orientation Don't overlook the sensitive data on common office peripherals, such as copiers and printers Establish a corporate "neighborhood watch" program Check the backgrounds of all employees who handle sensitive data. Make sure the passwords for systems administrators have the strongest level of authentication and are given to the smallest potential audience. Require systems administrators to take two consecutive weeks of vacation annually Develop a policy-setting "security council Integrate IT procedures and HR procedures
       Establish a reliable system for assigning access to company data. Determine, based on job function, seniority and other roles, who needs to have access to which company resources and why. Require employees to sign a nondisclosure contract on their date of hire Keep an inventory of your IT assets Keep an inventory of your IT assets Make the ability to support your company's information access policy one of the criteria for buying new software or systems. Evaluate the security of your business partners and vendors.
     Identify dormant IDs or orphaned accounts Have an automated system for resetting passwords on a regular basis Make sure that the accounts belonging to laidoff employees aren't simply deleted Convert physical access-control devices from electronic systems to network-enabled devices Collect historical data for individual employees regarding network activity and file-access attempts and then employ a formula to calculate a risk factor for each event.
      66% said their co-workers, not hackers, pose the greatest risk to consumer privacy; only 10% said hackers are the greatest threat. 62% reported incidents at work that put customer data at risk for identity theft. 46% said it would be ―easy,‖ ―very easy‖ or ―extremely easy‖ for workers to remove sensitive data from the corporate database. 32% said they’re unaware of internal company policies to protect customer data 28% said their company does not have a written security policy or they didn’t know if it has one. Base: Survey of 500 U.S. workers and managers who handle sensitive customer information at work. Source: Harris Interactive Inc., Rochester, N.Y.,
   A website defacement is the unauthorized substitution of a web page or a part of it by a system cracker This is a very common form of attack that seriously damages the trust and the reputation of a website. A website defacement is the unauthorized substitution of a web page or a part of it by a system cracker
   A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities.
 Any security issues that are found will be presented to the system owner, together with an assessment of their impact, and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine the feasibility of an attack and the amount of business impact of a successful exploit, if discovered.
   Laptop theft is a significant threat to users of laptop computers. Many methods to protect the data and to prevent theft have been developed, including alarms, laptop locks, and visual deterrents such as stickers or labels. Victims can lose hardware, software, and essential data that has not been backed up. Thieves also may have access to sensitive data and personal information. Some systems authorise access based on credentials stored on the laptop including MAC addresses, web cookies, cryptographic keys and stored passwords.
   According to the FBI, losses due to laptop theft totaled more than $6.7 million dollars in 2005. The Computer Security Institute/FBI Computer Crime & Security Survey found the average theft of a laptop to cost a company $89,000.[c A Laptop/Notebook is stolen or lost every 12 seconds According to a survey done in India 90% of the Laptops are being lost/stolen during the travel
      Provides current location along with IP address and service provider. Customize reporting on Laptop Location as per your choice. Secure web page for every user to monitor the laptop/ persons location. Remotely launch the data encryption once theft is reported. Automatic/ silent data encryption if Laptop is not connected to internet for a specified period. Works in stealth mode.
     Fastest tracking of Laptop once theft is reported. Tracks the laptops/ Employee locations on regular basis. Protects Sensitive data/ information being used by competitors due to Laptop theft. Online location statistics is available any time from any where through www.locatelaptop.com. Reporting via email on regular intervals as per your choice.
 GENERAL MISUSE of the Internet  One-third of time spent online at work is non-workrelated. (Websense, IDC)  Internet misuse at work is costing American corporations more than $85 billion annually in lost productivity. (Websense, 2003)  80 percent of companies reported that employees had abused Internet privileges, such as downloading pirated software. (CSI/FBI Computer Crime and Security Survey, 2003)
 HACKING  75% of companies cited employees as a likely source of hacking attacks. (CSI/FBI, 2003)  45% of businesses had reported unauthorized access by insiders. (CSI/FBI, 2003)  INSTANT MESSAGING  80 percent of instant messaging in companies is done over public IM services such as AOL, MSN and Yahoo, exposing companies to security risks. (Radicati, 2003)  There are more than 43 million users of consumer IM at work. (IDC, 2003)  Only one quarter of companies have a clearly defined policy on the user of IM at work. (Silicon.com, 2003)
 PEER-TO-PEER FILE-SHARING  Forty-five percent of the executable files downloaded through Kazaa contain malicious code. (Trusecure, 2004)  73 percent of all movie searches on file-sharing networks were for pornography. (Palisade Systems, 2003)  A company can be liable for up to $150K per pirated work if it is allowing employees to use the corporate network to download copyrighted material. (RIAA, 2003)
 SPYWARE  1 in 3 companies have detected spyware on their network. (Websense UK Survey, 2003)  There more than 7,000 spyware programs. (Aberdeen Group, 2003)
 STREAMING MEDIA  77 percent of weekly online listening to Internet Radio takes place between 5 a.m. and 5 p.m. Pacific time. (Arbitron, 2004)  44 percent of corporate employees actively use streaming media. (Nielsen NetRatings, 2002)  VIRUSES/MALICIOUS CODE  Although 99% of companies use antivirus software, 82% of them were hit by viruses and worms. (CSI/FBI, 2003)  Blended threats made up 54 percent of the top 10 malicious code submissions over the last six months of 2003. (Symantec Internet Security Threat Report, 2003)  The number of malicious code attacks with backdoors, which are often used to steal confidential data, rose nearly 50% in the last year. (Symantec, 2003
   Wireless networking has experienced a huge increase in popularity over the last couple of years. The necessary hardware is widely available to consumers, it is very affordable, and relatively easy to install and configure. Gateway devices, common called "routers" or "firewalls" by consumers, that allow users to share a broadband connection with and protect multiple computers on a home network have been around for a while. The addition of wireless capabilities to these gateway devices gives the user the convenience of taking a computer anywhere in the house, and not have to worry about running wires through walls and crawl spaces and attics to connect computers in various parts of the house.
   Industrial-strength high-performance versions have been around even longer in company environments, allowing employees to roam between offices, cubes, and conference rooms with laptops without ever losing connectivity. It is a great technology that offers many benefits. As the saying goes, however, with privilege comes responsibility. A responsibility that is unfortunately much too often ignored by the person implementing it. A wireless network needs to be properly secured as it poses a number of extremely serious risks and dangers if left wide open and exposed, which many users are unaware of.
    Bandwidth Parasite Masking criminal activity Free access to private data Backdoor into corporate networks

Recommandé

Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Computer Worms
Computer WormsComputer Worms
Computer Wormssadique_ghitm
 
Network security ppt
Network security pptNetwork security ppt
Network security pptOECLIB Odisha Electronics Control Library
 
Computer security
Computer securityComputer security
Computer securityfiza1975
 
Computer security
Computer securityComputer security
Computer securityAyesha Arshad
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Computer worms viruses and Prevention
Computer worms viruses and PreventionComputer worms viruses and Prevention
Computer worms viruses and PreventionPratimesh Pathak
 

Recommandé

Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security VulnerabilitiesSiemplify
 
Computer Worms
Computer WormsComputer Worms
Computer Wormssadique_ghitm
 
Network security ppt
Network security pptNetwork security ppt
Network security pptOECLIB Odisha Electronics Control Library
 
Computer security
Computer securityComputer security
Computer securityfiza1975
 
Computer security
Computer securityComputer security
Computer securityAyesha Arshad
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Computer worms viruses and Prevention
Computer worms viruses and PreventionComputer worms viruses and Prevention
Computer worms viruses and PreventionPratimesh Pathak
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
Hacking presentation BASIC
Hacking presentation BASICHacking presentation BASIC
Hacking presentation BASICLakkireddy Bali Reddy Collage of Engineering
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Computer security
Computer securityComputer security
Computer securityEktaVaswani2
 
Malware
MalwareMalware
MalwareAnoushka Srivastava
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attackskrishh sivakrishna
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptSanjay Kumar
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 
Computer Security
Computer SecurityComputer Security
Computer SecurityFrederik Questier
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
Malware ppt
Malware pptMalware ppt
Malware pptFaiz Khan
 
Malware
MalwareMalware
MalwareTuhin_Das
 
Spyware
SpywareSpyware
SpywareKardan university, kabul , Afghanistan
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security ThreatsQuick Heal Technologies Ltd.
 
Threats to a computer
Threats to a computer Threats to a computer
Threats to a computer FCA - Future Chartered Accountants
 

Contenu connexe

Tendances

Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its typesSai Sakoji
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesVikas Chandwani
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 

Tendances (20)

Cyber attack
Cyber attackCyber attack
Cyber attack
 
Hacking presentation BASIC
Hacking presentation BASICHacking presentation BASIC
Hacking presentation BASIC
 
Cyber security
Cyber securityCyber security
Cyber security
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Computer security
Computer securityComputer security
Computer security
 
Malware
MalwareMalware
Malware
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Hacking & its types
Hacking & its typesHacking & its types
Hacking & its types
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Network security
Network securityNetwork security
Network security
 
Firewall , Viruses and Antiviruses
Firewall , Viruses and AntivirusesFirewall , Viruses and Antiviruses
Firewall , Viruses and Antiviruses
 
Malware ppt
Malware pptMalware ppt
Malware ppt
 
Malware
MalwareMalware
Malware
 
Spyware
SpywareSpyware
Spyware
 
Cia security model
Cia security modelCia security model
Cia security model
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 

En vedette

Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5AfiqEfendy Zaen
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3Education
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 

En vedette (8)

Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
 
Threats to a computer
Threats to a computer Threats to a computer
Threats to a computer
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
 
Chapter 2 program-security
Chapter 2 program-securityChapter 2 program-security
Chapter 2 program-security
 
Program security chapter 3
Program security chapter 3Program security chapter 3
Program security chapter 3
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 
Internet Threats
Internet ThreatsInternet Threats
Internet Threats
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
 

Similaire à Security threats

Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsDrPraveenKumar37
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHackingAve Nawsh
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Ethical hacking trojans, worms and spyware
Ethical hacking trojans, worms and spywareEthical hacking trojans, worms and spyware
Ethical hacking trojans, worms and spywaremissstevenson01
 
SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESShyam Kumar Singh
 
The trojan horse virus
The trojan horse virusThe trojan horse virus
The trojan horse virusHTS Hosting
 
Computer virus
Computer virusComputer virus
Computer virussajeena81
 
Trojan horse and salami attack
Trojan horse and salami attackTrojan horse and salami attack
Trojan horse and salami attackguestc8c7c02bb
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesAvinash Sinha
 
Security Pp Cis
Security Pp CisSecurity Pp Cis
Security Pp CisRobC76
 
Ids 007 trojan horse
Ids 007 trojan horseIds 007 trojan horse
Ids 007 trojan horsejyoti_lakhani
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptxSibyJames1
 
Computing safety
Computing safetyComputing safety
Computing safetyBrulius
 

Similaire à Security threats (20)

Information security
Information securityInformation security
Information security
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering students
 
Information security & EthicalHacking
Information security & EthicalHackingInformation security & EthicalHacking
Information security & EthicalHacking
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
 
Ethical hacking trojans, worms and spyware
Ethical hacking trojans, worms and spywareEthical hacking trojans, worms and spyware
Ethical hacking trojans, worms and spyware
 
SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURES
 
viruses.pptx
viruses.pptxviruses.pptx
viruses.pptx
 
The trojan horse virus
The trojan horse virusThe trojan horse virus
The trojan horse virus
 
Presentation1
Presentation1Presentation1
Presentation1
 
Computer virus
Computer virusComputer virus
Computer virus
 
Trojan horse and salami attack
Trojan horse and salami attackTrojan horse and salami attack
Trojan horse and salami attack
 
Ransomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation TechniquesRansomware Trends 2017 & Mitigation Techniques
Ransomware Trends 2017 & Mitigation Techniques
 
Security Pp Cis
Security Pp CisSecurity Pp Cis
Security Pp Cis
 
Ids 007 trojan horse
Ids 007 trojan horseIds 007 trojan horse
Ids 007 trojan horse
 
Network security
Network securityNetwork security
Network security
 
2nd Class PPT.pptx
2nd Class PPT.pptx2nd Class PPT.pptx
2nd Class PPT.pptx
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
 
Cyber-Security-.ppt
Cyber-Security-.pptCyber-Security-.ppt
Cyber-Security-.ppt
 

Plus de Qamar Farooq

Lahore Electric Supply Company (LESCO).pdf
Lahore Electric Supply Company (LESCO).pdfLahore Electric Supply Company (LESCO).pdf
Lahore Electric Supply Company (LESCO).pdfQamar Farooq
 
Forms of Business Ownership and Organization
Forms of Business Ownership and Organization Forms of Business Ownership and Organization
Forms of Business Ownership and Organization Qamar Farooq
 
Contemporary business 13th edition
Contemporary business 13th edition Contemporary business 13th edition
Contemporary business 13th edition Qamar Farooq
 
Introduction to Supply Chain Management
Introduction to Supply Chain Management Introduction to Supply Chain Management
Introduction to Supply Chain Management Qamar Farooq
 
International Business and Marketing
International Business and MarketingInternational Business and Marketing
International Business and MarketingQamar Farooq
 
The Most Challenging Economy in Decades
The Most Challenging Economy in DecadesThe Most Challenging Economy in Decades
The Most Challenging Economy in DecadesQamar Farooq
 
Today's Environment for Business Ethics and Related Social Issues
Today's Environment for Business Ethics and Related Social Issues Today's Environment for Business Ethics and Related Social Issues
Today's Environment for Business Ethics and Related Social Issues Qamar Farooq
 
Major problem of pakistan
Major problem of pakistanMajor problem of pakistan
Major problem of pakistanQamar Farooq
 
Definitions of Econometric
Definitions of Econometric Definitions of Econometric
Definitions of Econometric Qamar Farooq
 
Small Medium Enterprise In Pakistan
Small Medium Enterprise In PakistanSmall Medium Enterprise In Pakistan
Small Medium Enterprise In PakistanQamar Farooq
 
International Business and Marketing
International Business and Marketing International Business and Marketing
International Business and Marketing Qamar Farooq
 
The Most Challenging economy in Decades
The Most Challenging economy in Decades The Most Challenging economy in Decades
The Most Challenging economy in Decades Qamar Farooq
 
Today's Environment for Business Ethics and Related Social Issues (Chapter 2)
Today's Environment for Business Ethics and Related Social Issues (Chapter 2)Today's Environment for Business Ethics and Related Social Issues (Chapter 2)
Today's Environment for Business Ethics and Related Social Issues (Chapter 2)Qamar Farooq
 
Exports, counter trade
Exports, counter tradeExports, counter trade
Exports, counter tradeQamar Farooq
 
Supply Network Design Lecture 5
Supply Network Design Lecture 5Supply Network Design Lecture 5
Supply Network Design Lecture 5Qamar Farooq
 
Peachtree user guide 2009
Peachtree user guide 2009Peachtree user guide 2009
Peachtree user guide 2009Qamar Farooq
 
Excel 2013 guide book
Excel 2013 guide bookExcel 2013 guide book
Excel 2013 guide bookQamar Farooq
 
The Revenue Cycle
The Revenue Cycle The Revenue Cycle
The Revenue Cycle Qamar Farooq
 
Introduction to Transaction Processing Chapter No. 2
Introduction to Transaction Processing Chapter No. 2Introduction to Transaction Processing Chapter No. 2
Introduction to Transaction Processing Chapter No. 2Qamar Farooq
 
Globalization ( Chapter no. 1)
Globalization ( Chapter no. 1)Globalization ( Chapter no. 1)
Globalization ( Chapter no. 1)Qamar Farooq
 

Plus de Qamar Farooq (20)

Lahore Electric Supply Company (LESCO).pdf
Lahore Electric Supply Company (LESCO).pdfLahore Electric Supply Company (LESCO).pdf
Lahore Electric Supply Company (LESCO).pdf
 
Forms of Business Ownership and Organization
Forms of Business Ownership and Organization Forms of Business Ownership and Organization
Forms of Business Ownership and Organization
 
Contemporary business 13th edition
Contemporary business 13th edition Contemporary business 13th edition
Contemporary business 13th edition
 
Introduction to Supply Chain Management
Introduction to Supply Chain Management Introduction to Supply Chain Management
Introduction to Supply Chain Management
 
International Business and Marketing
International Business and MarketingInternational Business and Marketing
International Business and Marketing
 
The Most Challenging Economy in Decades
The Most Challenging Economy in DecadesThe Most Challenging Economy in Decades
The Most Challenging Economy in Decades
 
Today's Environment for Business Ethics and Related Social Issues
Today's Environment for Business Ethics and Related Social Issues Today's Environment for Business Ethics and Related Social Issues
Today's Environment for Business Ethics and Related Social Issues
 
Major problem of pakistan
Major problem of pakistanMajor problem of pakistan
Major problem of pakistan
 
Definitions of Econometric
Definitions of Econometric Definitions of Econometric
Definitions of Econometric
 
Small Medium Enterprise In Pakistan
Small Medium Enterprise In PakistanSmall Medium Enterprise In Pakistan
Small Medium Enterprise In Pakistan
 
International Business and Marketing
International Business and Marketing International Business and Marketing
International Business and Marketing
 
The Most Challenging economy in Decades
The Most Challenging economy in Decades The Most Challenging economy in Decades
The Most Challenging economy in Decades
 
Today's Environment for Business Ethics and Related Social Issues (Chapter 2)
Today's Environment for Business Ethics and Related Social Issues (Chapter 2)Today's Environment for Business Ethics and Related Social Issues (Chapter 2)
Today's Environment for Business Ethics and Related Social Issues (Chapter 2)
 
Exports, counter trade
Exports, counter tradeExports, counter trade
Exports, counter trade
 
Supply Network Design Lecture 5
Supply Network Design Lecture 5Supply Network Design Lecture 5
Supply Network Design Lecture 5
 
Peachtree user guide 2009
Peachtree user guide 2009Peachtree user guide 2009
Peachtree user guide 2009
 
Excel 2013 guide book
Excel 2013 guide bookExcel 2013 guide book
Excel 2013 guide book
 
The Revenue Cycle
The Revenue Cycle The Revenue Cycle
The Revenue Cycle
 
Introduction to Transaction Processing Chapter No. 2
Introduction to Transaction Processing Chapter No. 2Introduction to Transaction Processing Chapter No. 2
Introduction to Transaction Processing Chapter No. 2
 
Globalization ( Chapter no. 1)
Globalization ( Chapter no. 1)Globalization ( Chapter no. 1)
Globalization ( Chapter no. 1)
 

Dernier

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 

Dernier (20)

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 

Security threats

  • 1.
  • 2.    most sophisticated types of crime ware facing the Internet today Bots oftentimes spread themselves across the Internet by searching for vulnerable, unprotected computers to infect. When they find an exposed computer, they quickly infect the machine and then report back to their master. Their goal is then to stay hidden until they are awoken by their master to perform a task.
  • 3.   Other ways in which a bot infects a machine include being downloaded by a Trojan, installed by a malicious Web site or being emailed directly to a person from an already infected machine. Bots do not work alone, but are part of a network of infected machines called a ―botnet.‖ Botnets are created by attackers repeatedly infecting victim computers using one or several of the techniques mentioned above
  • 4.   From spamming to hosting fraudulent Web sites, modern cybercrime at some point will make use of a botnet. Symantec reported nearly 9,000 different variations of the three most popular bots (Spybot, Gaobot, Randex) in the first half of 2005 alone.
  • 5.  Denial of Service  knock Web sites offline, making them unusable by their customers  Extortion  warned in advance in what is known as a protection racket or extortion  the criminal threatens to knock the company’s Web site or online service off the Internet for a period of time if they are not paid
  • 6.  Identity Theft  sometimes they play the main and supporting role by not only infecting a computer, but also stealing personal information from the victim and sending it to the criminal.  Spam  Botnets operate at the heart of today's spam industry— bots both harvest email addresses for spammers and are also used to spam messages out. Sending spam through botnets is particularly common since it makes spammers more difficult to detect as they can send messages from many machines (all the infected machines in the botnet) rather than through a single machine.
  • 7.  Phishing  Much like spammers, phisher’s use bots to identify potential victims and send fraudulent emails, which appear to come from a legitimate organization such as the user’s bank.  Bots are also used by phishers to host the phony Web sites, which are used to steal people’s personal information and serve as collection points (―dead drop‖ or ―egg drop‖ servers) for stolen data
  • 8.     a Trojan horse program presents itself as a useful computer program, while it actually causes havoc and damage to your computer. Increasingly, Trojans are the first stage of an attack and their primary purpose is to stay hidden while downloading and installing a stronger threat such as a bot. Unlike viruses and worms, Trojan horses cannot spread by themselves. They are often delivered to a victim through an email message where it masquerades as an image or joke, or by a malicious website, which installs the Trojan horse on a computer through vulnerabilities in web browser software such as Microsoft Internet Explorer.
  • 9.  After it is installed, the Trojan horse lurks silently on the infected machine, invisibly carrying out its misdeeds, such as downloading spyware, while the victim continues on with their normal activities.
  • 10.    Spyware is a general term used for programs that covertly monitor your activity on your computer, gathering personal information, such as usernames, passwords, account numbers, files, and even driver’s license or social security numbers. Some spyware focuses on monitoring a person’s Internet behaviour; this type of spyware often tracks the places you visit and things you do on the web, the emails you write and receive, as well as your Instant Messaging (IM) conversations. After gathering this information, the spyware then transmits that information to another computer, usually for advertising purposes.
  • 11.  Spyware is similar to a Trojan horse in that users unknowingly install the product when they install something else. However, while this software is almost always unwelcome, it can be used in some instances for monitoring in conjunction with an investigation and in accordance with organizational policy.
  • 12.  Most often spyware is installed unknowingly with some other software that you intentionally install. For example, if you install a "free" music or file sharing service or download a screensaver, it may also install spyware. Some Web pages will attempt to install spyware when you visit their page.
  • 13.  Trojans and spyware are developed by professionals. Trojans and spyware are often created by professional crimeware authors who sell their software on the black market for use in online fraud and other illegal activities.
  • 14.
  • 15.    IP spoofing – In the context of computer security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage. An attacker may fake their IP address so the receiver thinks it is sent from a location that it is not actually from. There are various forms and results to this attack. ◦ The attack may be directed to a specific computer addressed as though it is from that same computer. This may make the computer think that it is talking to itself. This may cause some operating systems such as Windows to crash or lock up.
  • 16.  Man in the middle attack ◦ Session hijacking - An attacker may watch a session open on a network. Once authentication is complete, they may attack the client computer to disable it, and use IP spoofing to claim to be the client who was just authenticated and steal the session. This attack can be prevented if the two legitimate systems share a secret which is checked periodically during the session.
  • 17.     This is an attack where DNS information is falsified. This attack can succeed under the right conditions, but may not be real practical as an attack form. The attacker will send incorrect DNS information which can cause traffic to be diverted. The DNS information can be falsified since name servers do not verify the source of a DNS reply. When a DNS request is sent, an attacker can send a false DNS reply with additional bogus information which the requesting DNS server may cache. This attack can be used to divert users from a correct webserver such as a bank and capture information from customers when they attempt to logon. Password cracking - Used to get the password of a user or administrator on a network and gain unauthorized access.
  • 18.    DNS provides distributed host information used for mapping domain names and IP addresses. To improve productivity, the DNS server caches the most recent data for quick retrieval. This cache can be attacked and the information spoofed to redirect a network connection or block access to the Web sites),a devious tactic called DNS cache poisoning. The best defence against problems such as DNS cache poisoning is to run the latest version of the DNS software for the operating system in use. New versions track pending and serialize them to help prevents spoofing.
  • 19.    Unlike other exploits, denial of service attacks are not used to gain unauthorized access or control of a system. They are instead designed to render it unusable. Attackers can deny service to individual victims, such as by deliberately entering a wrong password 3 consecutive times and thus causing the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once.
  • 20.       In a Denial of Service (DoS) attack, the attacker sends a stream of requests to a service on the server machine in the hope of exhausting all resources like "memory" or consuming all processor capacity. DoS Attacks Involve: Jamming Networks Flooding Service Ports Misconfiguring Routers Flooding Mail Servers
  • 21.   attacks are common, where a large number of compromised hosts (commonly referred to as "zombie computers", used as part of a botnet with, for example; a worm, trojan horse, or backdoor exploit to control them) are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion. There are also commonly vulnerabilities in applications that cannot be used to take control over a computer, but merely make the target application malfunction or crash. This is known as a denial-of-service exploit.
  • 22.    In Distributed DoS (DDoS) attack, a hacker installs an agent or daemon on numerous hosts. The hacker sends a command to the master, which resides in any of the many hosts. The master communicates with the agents residing in other servers to commence the attack. DDoS are harder to combat because blocking a single IP address or network will not stop them. The traffic can derive from hundred or even thousands of individual systems and sometimes the users are not even aware that their computers are part of the attack.
  • 23.            DDoS Attacks Involve: FTP Bounce Attacks Port Scanning Attack Ping Flooding Attack Smurf Attack SYN Flooding Attack IP Fragmentation/Overlapping Fragment Attack IP Sequence Prediction Attack DNS Cache Poisoning SNMP Attack Send Mail Attack
  • 24.       Unlike a password-based attack, the denial-of-service attack prevents normal use of your computer or network by valid users. After gaining access to your network, the attacker can do any of the following: Randomize the attention of your internal Information Systems staff so that they do not see the intrusion immediately, which allows the attacker to make more attacks during the diversion. Send invalid data to applications or network services, which causes abnormal termination or behaviour of the applications or services. Flood a computer or the entire network with traffic until a shutdown occurs because of the overload. Block traffic, which results in a loss of access to network resources by authorized users.
  • 25. ◦ An indirect attack is an attack launched by a third party computer. By using someone else's computer to launch an attack, it becomes far more difficult to track down the actual attacker.
  • 26.   A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. rootkit is a software or hardware device designed to gain administrator-level control over a computer system without being detected.
  • 27.     Someone who has gained access to a computer can install any type of devices to compromise security, including operating system modifications, software worms and covert listening devices. The attacker can also easily download large quantities of data onto backup media, for instance CD-R/DVD-R, tape; or portable devices such as keydrives, digital cameras or digital audio players. Another common technique is to boot an operating system contained on a CD-ROM or other bootable media and read the data from the harddrive(s) this way. The only way to defeat this is to encrypt the storage media and store the key separate from the system.
  • 28.    an attacker who has gained access to data paths in your network to "listen in" or interpret (read) the traffic. When an attacker is eavesdropping on your communications, it is referred to as sniffing or snooping. The ability of an eavesdropper to monitor the network is generally the biggest security problem that administrators face in an enterprise. Without strong encryption services that are based on cryptography, your data can be read by others as it traverses the network.
  • 29.     Most networks and operating systems use the IP address of a computer to identify a valid entity. In certain cases, it is possible for an IP address to be falsely assumed— identity spoofing. An attacker might also use special programs to construct IP packets that appear to originate from valid addresses inside the corporate intranet. After gaining access to the network with a valid IP address, the attacker can modify, reroute, or delete your data.
  • 30.        This means your access rights to a computer and network resources are determined by who you are, that is, your user name and your password. Older applications do not always protect identity information as it is passed through the network for validation. This might allow an eavesdropper to gain access to the network by posing as a valid user. When an attacker finds a valid user account, the attacker has the same rights as the real user. Therefore, if the user has administrator-level rights, the attacker also can create accounts for subsequent access at a later time. After gaining access to your network with a valid account, an attacker can do any of the following: Obtain lists of valid user and computer names and network information. Modify server and network configurations, including access controls and routing tables. Modify, reroute, or delete your data.
  • 31.    A key is a secret code or number necessary to interpret secured information. Although obtaining a key is a difficult and resourceintensive process for an attacker, it is possible. After an attacker obtains a key, that key is referred to as a compromised key. An attacker uses the compromised key to gain access to a secured communication without the sender or receiver being aware of the attack. With the compromised key, the attacker can decrypt or modify data, and try to use the compromised key to compute additional keys, which might allow the attacker access to other secured communications.
  • 32.     A sniffer is an application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet. Even encapsulated (tunneled) packets can be broken open and read unless they are encrypted and the attacker does not have access to the key. Using a sniffer, an attacker can do any of the following: Analyze your network and gain information to eventually cause your network to crash or to become corrupted. Read your communications.
  • 33.       An application-layer attack targets application servers by deliberately causing a fault in a server's operating system or applications. This results in the attacker gaining the ability to bypass normal access controls. The attacker takes advantage of this situation, gaining control of your application, system, or network, and can do any of the following: Read, add, delete, or modify your data or operating system. Introduce a virus program that uses your computers and software applications to copy viruses throughout your network. Introduce a sniffer program to analyze your network and gain information that can eventually be used to crash or to corrupt your systems and network. Abnormally terminate your data applications or operating systems. Disable other security controls to enable future attacks
  • 34.   It hasn't been getting a lot of media attention lately, but the threat to corporate security and intellectual property from insiders remains one of the biggest challenges facing IT departments today. According to the most recent survey by the American Society for Industrial Security in Alexandria, Va., current and former employees and on-site contractors with authorized access to facilities and networks continue to pose the most significant risk to intellectual property such as research data, customer files and financial information.
  • 35.  Experts say that all security programs should focus on people, process and technology, so we've broken the list into those three categories.
  • 36.         Require new hires to go through a security orientation Don't overlook the sensitive data on common office peripherals, such as copiers and printers Establish a corporate "neighborhood watch" program Check the backgrounds of all employees who handle sensitive data. Make sure the passwords for systems administrators have the strongest level of authentication and are given to the smallest potential audience. Require systems administrators to take two consecutive weeks of vacation annually Develop a policy-setting "security council Integrate IT procedures and HR procedures
  • 37.        Establish a reliable system for assigning access to company data. Determine, based on job function, seniority and other roles, who needs to have access to which company resources and why. Require employees to sign a nondisclosure contract on their date of hire Keep an inventory of your IT assets Keep an inventory of your IT assets Make the ability to support your company's information access policy one of the criteria for buying new software or systems. Evaluate the security of your business partners and vendors.
  • 38.      Identify dormant IDs or orphaned accounts Have an automated system for resetting passwords on a regular basis Make sure that the accounts belonging to laidoff employees aren't simply deleted Convert physical access-control devices from electronic systems to network-enabled devices Collect historical data for individual employees regarding network activity and file-access attempts and then employ a formula to calculate a risk factor for each event.
  • 39.       66% said their co-workers, not hackers, pose the greatest risk to consumer privacy; only 10% said hackers are the greatest threat. 62% reported incidents at work that put customer data at risk for identity theft. 46% said it would be ―easy,‖ ―very easy‖ or ―extremely easy‖ for workers to remove sensitive data from the corporate database. 32% said they’re unaware of internal company policies to protect customer data 28% said their company does not have a written security policy or they didn’t know if it has one. Base: Survey of 500 U.S. workers and managers who handle sensitive customer information at work. Source: Harris Interactive Inc., Rochester, N.Y.,
  • 40.    A website defacement is the unauthorized substitution of a web page or a part of it by a system cracker This is a very common form of attack that seriously damages the trust and the reputation of a website. A website defacement is the unauthorized substitution of a web page or a part of it by a system cracker
  • 41.    A penetration test is a method of evaluating the security of a computer system or network by simulating an attack from a malicious source, known as a Black Hat Hacker, or Cracker. The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities.
  • 42.  Any security issues that are found will be presented to the system owner, together with an assessment of their impact, and often with a proposal for mitigation or a technical solution. The intent of a penetration test is to determine the feasibility of an attack and the amount of business impact of a successful exploit, if discovered.
  • 43.    Laptop theft is a significant threat to users of laptop computers. Many methods to protect the data and to prevent theft have been developed, including alarms, laptop locks, and visual deterrents such as stickers or labels. Victims can lose hardware, software, and essential data that has not been backed up. Thieves also may have access to sensitive data and personal information. Some systems authorise access based on credentials stored on the laptop including MAC addresses, web cookies, cryptographic keys and stored passwords.
  • 44.    According to the FBI, losses due to laptop theft totaled more than $6.7 million dollars in 2005. The Computer Security Institute/FBI Computer Crime & Security Survey found the average theft of a laptop to cost a company $89,000.[c A Laptop/Notebook is stolen or lost every 12 seconds According to a survey done in India 90% of the Laptops are being lost/stolen during the travel
  • 45.       Provides current location along with IP address and service provider. Customize reporting on Laptop Location as per your choice. Secure web page for every user to monitor the laptop/ persons location. Remotely launch the data encryption once theft is reported. Automatic/ silent data encryption if Laptop is not connected to internet for a specified period. Works in stealth mode.
  • 46.      Fastest tracking of Laptop once theft is reported. Tracks the laptops/ Employee locations on regular basis. Protects Sensitive data/ information being used by competitors due to Laptop theft. Online location statistics is available any time from any where through www.locatelaptop.com. Reporting via email on regular intervals as per your choice.
  • 47.  GENERAL MISUSE of the Internet  One-third of time spent online at work is non-workrelated. (Websense, IDC)  Internet misuse at work is costing American corporations more than $85 billion annually in lost productivity. (Websense, 2003)  80 percent of companies reported that employees had abused Internet privileges, such as downloading pirated software. (CSI/FBI Computer Crime and Security Survey, 2003)
  • 48.  HACKING  75% of companies cited employees as a likely source of hacking attacks. (CSI/FBI, 2003)  45% of businesses had reported unauthorized access by insiders. (CSI/FBI, 2003)  INSTANT MESSAGING  80 percent of instant messaging in companies is done over public IM services such as AOL, MSN and Yahoo, exposing companies to security risks. (Radicati, 2003)  There are more than 43 million users of consumer IM at work. (IDC, 2003)  Only one quarter of companies have a clearly defined policy on the user of IM at work. (Silicon.com, 2003)
  • 49.  PEER-TO-PEER FILE-SHARING  Forty-five percent of the executable files downloaded through Kazaa contain malicious code. (Trusecure, 2004)  73 percent of all movie searches on file-sharing networks were for pornography. (Palisade Systems, 2003)  A company can be liable for up to $150K per pirated work if it is allowing employees to use the corporate network to download copyrighted material. (RIAA, 2003)
  • 50.  SPYWARE  1 in 3 companies have detected spyware on their network. (Websense UK Survey, 2003)  There more than 7,000 spyware programs. (Aberdeen Group, 2003)
  • 51.  STREAMING MEDIA  77 percent of weekly online listening to Internet Radio takes place between 5 a.m. and 5 p.m. Pacific time. (Arbitron, 2004)  44 percent of corporate employees actively use streaming media. (Nielsen NetRatings, 2002)  VIRUSES/MALICIOUS CODE  Although 99% of companies use antivirus software, 82% of them were hit by viruses and worms. (CSI/FBI, 2003)  Blended threats made up 54 percent of the top 10 malicious code submissions over the last six months of 2003. (Symantec Internet Security Threat Report, 2003)  The number of malicious code attacks with backdoors, which are often used to steal confidential data, rose nearly 50% in the last year. (Symantec, 2003
  • 52.    Wireless networking has experienced a huge increase in popularity over the last couple of years. The necessary hardware is widely available to consumers, it is very affordable, and relatively easy to install and configure. Gateway devices, common called "routers" or "firewalls" by consumers, that allow users to share a broadband connection with and protect multiple computers on a home network have been around for a while. The addition of wireless capabilities to these gateway devices gives the user the convenience of taking a computer anywhere in the house, and not have to worry about running wires through walls and crawl spaces and attics to connect computers in various parts of the house.
  • 53.    Industrial-strength high-performance versions have been around even longer in company environments, allowing employees to roam between offices, cubes, and conference rooms with laptops without ever losing connectivity. It is a great technology that offers many benefits. As the saying goes, however, with privilege comes responsibility. A responsibility that is unfortunately much too often ignored by the person implementing it. A wireless network needs to be properly secured as it poses a number of extremely serious risks and dangers if left wide open and exposed, which many users are unaware of.
  • 54.     Bandwidth Parasite Masking criminal activity Free access to private data Backdoor into corporate networks