SlideShare une entreprise Scribd logo

BAIT1003 Chapter 11

L
limsh
FormationTechnologie
1  sur  43
BAIT1003 IT Fundamentals Chapter 11 Ethics and Computer Security
Objectives Define the term, computer security risks, and briefly describe the types of cybercrime perpetrators Describe various types of Internet and network attacks and identify ways to safeguard against these attacks Identify safeguards against hardware and software theft Discuss techniques to prevent unauthorized computer access and use Recognize issues related to information accuracy, intellectual property rights, codes of conduct, and green computing
Computer Security Risks • A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability. • Some breaches to computer security are accidental, many are intentional. • Some intruders do no damage; other intruders indicate some evidence of their presence either by leaving a message or by deliberately altering or damaging data
Computer Security Risks • An intentional breach of computer security often involves a deliberate act that is against the law. • Any illegal act involving a computer generally is referred to as computer crime. • Cybercrime refers to online or Internet-based illegal acts • Software used by cybercriminals is called crimeware
Computer Security Risks • Perpetrators of cybercrime and other intrusions fall into seven basic categories: Hacker Cracker Unethical employee Script Kiddie Cyberextortionist Corporate spy Cyberterrorist
Computer Security Risks Hacker • Originally complimentary word for a computer enthusiast • Now a derogatory meaning refers to someone who accesses a computer or network illegally • Some claim the intent of their security breaches is to improve security Cracker • Someone who accesses computer or network illegally but has the intent of destroying data, stealing information, or other malicious action • Both hackers and crackers have advanced computer and network skills Script Kiddie Corporate spy • Same intent as a cracker but does not have the technical skills and knowledge • Often use prewritten hacking and cracking programs to break into computers • Have excellent computer and networking skills and are hired to break into a specific computer or steal its proprietary data and information, or to help identify security risks in their own organization • Unscrupulous companies hire them, a practice known as corporate espionage, to gain a competitive advantage
Computer Security Risks Unethical employees • • • • Break into their employers’ computers for variety of reasons Simply want to exploit security weakness Seek financial gains from selling confidential information Disgruntled employees may want revenge Cyberextortionist • Use e-mail as a vehicle for extortion • Send an organization a threatening e-mail indicating they will expose confidential information, exploit security flaw, or launch an attack to compromise organization’s network – if not paid a sum of money Cyberterrorist • Use Internet or network to destroy or damage computers for political reasons • Might target the nation’s air traffic control system, electricitygenerating companies, or telecommunications infrastructure • Cyberwarfare – an attack whose goal ranges from disabling a government’s computer network to crippling a country
Computer Security Risks • Computers and computer users are exposed to several types of security risks: Internet and network attacks Unauthorized access and use Hardware theft Software theft Information theft System failure
Internet & Network Attacks • Information transmitted over networks has a higher degree of security risk than information kept on an organization’s premises • To determine if your computer is vulnerable to an Internet or network attack, use an online security service • An online security service is a Web site that evaluates your computer to check for Internet and email vulnerabilities and provides recommendations of how to address the vulnerabilities
Internet & Network Attacks • Some popular online security services: Name of Online Service Web address McAfee FreeScan http://home.mcafee.com/downloads/freevirus-scan Symantec Security Check https://security.symantec.com/ Trend Micro House Call http://housecall.trendmicro.com/ Kaspersky Virus Scan http://www.kaspersky.com/virus-scanner
Internet & Network Attacks • Internet and network attacks that jeopardize security: Computer viruses Botnets Worms Trojan horses Rootkits Denial of service Back doors Spoofing
Internet & Network Attacks - Computer viruses & other malware • Computer viruses, worms, Trojan horses and rootkits are classified as malware (malicious software), which are programs that act without a user’s knowledge and deliberately alter the computer’s operations • A computer virus is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission
Internet & Network Attacks - Computer viruses & other malware • A worm is a program that copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer or network • A Trojan horse is a program that hides within or looks like a legitimate program. Unlike a virus or worm, a Trojan horse does not replicate itself to other computers • A rootkit is a program that hides in a computer and allows someone from a remote location to take full control of the computer. Once installed, the rootkit author can execute programs, change settings, monitor activity, and access files on the remote computer
Internet & Network Attacks - Computer viruses & other malware • Unscrupulous programmers write malware and then test it to ensure it can deliver its payload • The payload is the destructive event or prank the program is intended to deliver • Malware delivers its payload on a computer in various ways: 1. When a user opens an infected file 2. When a user runs an infected program 3. When a user boots the computer with infected removable media inserted in a drive or plugged in a port 4. When a user connects an unprotected computer to a network 5. When a certain condition or even occurs, such as computer’s clock changing to specific data
Internet & Network Attacks - Computer viruses & other malware • A computer infected by a virus, worm, Trojan horse, or rootkit has one or more of the following symptoms: – – – – – – – – – – – Operating system runs much slower than usual Available memory is less than expected Files become corrupted Screen displays unusual message or image Music or unusual sound plays randomly Existing programs and files disappear Programs or files do not work properly Unknown programs or files mysteriously appear System properties change Operating system does not start up Operating system shuts down unexpectedly
Safeguards against Computer viruses & other malware Tips for preventing viruses and other malware: 1. Never start a computer with removable media inserted in the drives or plugged in the ports, unless the media are uninfected 2. Never open an e-mail attachment unless you are expecting it and it is from a trusted source. 3. Set the macro security in programs so that you can enable or disable macros. Enable macros only if the document is from a trusted source and you are expecting it. 4. Install an antivirus program on all of your computers. Update the software and the virus signature files regularly. 5. Scan all downloaded programs for viruses and other malware. 6. If the antivirus program flags an e-mail attachment as infected, delete or quarantine the attachment immediately. 7. Before using any removable media, scan the media for malware. Follow this procedure even for shrink-wrapped software from major developers. Some commercial software has been infected and distributed to unsuspecting users. 8. Install a personal firewall program. 9. Stay informed about new virus alerts and virus hoaxes.
Safeguards against Computer viruses & other malware • A trusted source is an organization or person you believe will not Popular Antivirus Programs send a virus infected file AVG Anti-virus knowingly. Avast! Antivirus F-Secure Anti-virus • An antivirus program protects a Kaspersky Anti-virus computer against viruses by McAfee VirusScan identifying and removing any Norton Antivirus computer viruses found in memory, on storage media, or on Trend Micro Antivirus Vexira Antivirus incoming files. CA Antivirus
Safeguards against Computer viruses & other malware • Techniques that antivirus programs use to identify virus is to look for virus signatures and to inoculate existing program files. • A virus signature, also called a virus definition, is a known specific pattern of virus code. • Computer users should update their antivirus program’s signature files regularly. • To inoculate a program file, the antivirus program records information such as the file size and file creation date in a separate inoculation file. • The antivirus program then uses this information to detect if a virus tampers with the data describing the inoculated program file.
Safeguards against Computer viruses & other malware • If an antivirus program identifies an infected file, it attempts to remove the malware. • If the antivirus cannot remove the infection, it often quarantines the infected file. • A quarantine is a separate area of the hard disk that holds the infected file until the infection can be removed.
Safeguards against Computer viruses & other malware • A virus hoax is an e-mail message that warns users of a nonexistent virus or other malware. • These hoaxes are in the form of a chain letter that requests the user to send a copy of the e-mail message to as many people as possible. • Do not forward the message. Visit a web site that publishes a list of virus alerts and virus hoaxes.
Internet & Network Attacks - Botnets, DoS Attacks, Back Doors & Spoofing • A botnet is a group of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks, usually for nefarious purposes. • A compromised computer, known as a zombie, is one whose owner is unaware the computer is being controlled remotely by an outsider. • A bot is a program that performs a repetitive task on a network. • The perpetrator uses botnet to send spam e-mail, spread viruses/malware, or commit a distributed denial of service attack.
Internet & Network Attacks - Botnets, DoS Attacks, Back Doors & Spoofing • A denial of service attack or DoS attack, is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. • Perpetrators use an unsuspecting computer to send influx of confusing data messages or useless traffic to a computer network. • The victim computer network slows down considerably and eventually becomes unresponsive or unavailable, blocking legitimate visitors from accessing the network. • DDoS (distributed DoS) attack uses a zombie army to attack computers or networks.
Internet & Network Attacks - Botnets, DoS Attacks, Back Doors & Spoofing • A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network. • Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network. • E-mail spoofing occurs when the e-mail header are altered so that it appears the e-mail originated from a different sender. • E-mail spoofing is used for virus hoaxes, spam, and phishing spams. • IP spoofing occurs when an intruder computer fools a network into believing its IP address is associated with a trusted source.
Safeguards against Botnets, DoS Attacks, Back Doors, & Spoofing • A firewall is hardware and/or software that protects a network’s resources from intrusion by users on another network such as the Internet. • Organizations use firewalls to protect network resources from outsiders and to restrict employees’ access to sensitive data. • A personal firewall is a utility program that detects and protects a personal computer and its data from unauthorized intrusions. Stand-Alone Personal Firewall Software BitDefender Internet Security CA Personal Firewall McAfee Internet Security Norton Personal Firewall Webroot Desktop Firewall ZoneAlarm Pro
Safeguards against Botnets, DoS Attacks, Back Doors, & Spoofing • Intrusion detection software automatically analyzes all network traffic, assesses system vulnerabilities, identifies any unauthorized intrusions, and notifies network administrators of suspicious behavior patterns or system breaches. • A honeypot is a vulnerable computer that is set up to entice an intruder to break into it. • These computers, which appear real to the intruder, actually are separated safely from the organization’s network.
Unauthorized Access & Use • Unauthorized access is the use of a computer or network without permission. • Unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities. • Eg. an employee using an organization’s computer to send personal e-mail messages, using word processing software to track his or her child’s soccer league scores, etc.
Safeguards against Unauthorized Access & Use • Have a written acceptable use policy (AUP) that outlines the computer activities for which the computer and network may or may not be used. • An access control is a security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer. • Identification verifies that an individual is a valid user. • Authentication verifies that the individual is the person he or she claims to be.
Safeguards against Unauthorized Access & Use • Three methods of identification and authentication – Usernames and passwords • A username or user ID – unique combination of characters, such as letters of the alphabet or numbers, that identifies one specific user • A password is a private combination of characters associated with the username that allows access to certain computer resources – Possessed objects • E.g. badges, cards, smart cards, keys • Used in combination with personal identification number (PIN) – Biometric devices • Authenticates a person’s identify by translating a personal characteristic, such as fingerprint, into digital code that is compared with a digital code stored in the computer verifying a physical or behavioral characteristic
Hardware Theft & Vandalism • Hardware theft is the act of stealing computer equipment. • Hardware vandalism is the act of defacing or destroying computer equipment
Safeguards against Hardware Theft & Vandalism • Physical access controls (e.g. locked doors, alarm) • Physical security devices (e.g. cables lock equipment) • Real time location system (RTLS) – RFID tags • Password-protect portable storage devices
Software Theft • Software theft occurs when someone 1. Steals software media • Physically stealing the media that contain the software or the hardware that contains the media 2. Intentionally erases programs • Dishonest programmers intentionally remove or disable the programs they have written for the company after termination 3. Illegally copies a program • • Software stolen from software manufacturers Software piracy is the unauthorized and illegal duplication of copyrighted software 4. Illegally registers and/or activates a program • Users illegally obtain registration numbers and/or activation codes using key generator (keygen) program
Safeguards against Software Theft • Keep original software boxes and media in secure location • Escort terminated employee off the premise immediately • Software manufacturers issue users license agreement – the right to use the software
Information Theft • Information theft occurs when someone steals personal or confidential information. • Both business and home users can fall victim to information theft. • E.g. an individual first gain unauthorized access to a computer then steal credit card numbers stored in a firm’s accounting department
Safeguards against Information Theft • Encryption – process of converting data into unreadable characters to prevent unauthorized access. • To read the data, the recipient must decrypt or decipher it into readable form. • Digital signature – encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the message sender. • Digital certificate – a notice that guarantees a user or Web site is legitimate.
System Failure • A system failure is the prolonged malfunction of a computer that can cause loss of hardware, software, data, or information. • An undervoltage occurs when electrical supply drops. • A blackout is a complete power failure. • An overvoltage or power surge, occurs when the incoming electrical power increases more than five percent above the normal volts.
Safeguards against System Failure • Surge protector (surge suppressor) uses special electrical components to smooth out minor noise, provide stable current flow, and keep an overvoltage from reaching the computer and other electronic equipment. • Uninterruptible power supply (UPS) is a device that contains surge protection circuits and one or more batteries that can provide power during a temporary or permanent loss of power.
Computer Ethics • Ethics is the standards that determine whether an action is good or bad. • Computer ethics are the moral guidelines that govern the use of computers and information systems. • Seven frequently discussed areas of computer ethics: Unauthorized use of computers and networks Software theft (piracy) Codes of conduct Information accuracy Information privacy Intellectual property rights Green computing
Information Accuracy • Information accuracy today is a concern because many users access information maintained by other people or companies, such as on the Internet. • Do not assume that because the information is on the Web that it is correct. • Some individuals and organizations raise questions about the ethics of using computers to alter graphical output such as a retouched photo.
Intellectual Property Rights • Intellectual property (IP) refers to unique and original works such as ideas, inventions, art, writings, processes, company and product names, and logos. • Intellectual property rights are the rights to which creators are entitled for their work. • A copyright gives authors and artists exclusive rights to duplicate, publish, and sell their materials.
Codes of Conduct • An IT code of conduct is a written guideline that helps determine whether a specific computer action is ethical or unethical. IT Code of Conduct 1. Computers may not be used to harm other people. 2. Employees may not interfere with others’ computer work. 3. Employees may not copy or use software illegally. 4. Employees may not use others’ computer resources without authorization. 5. Employees may not use others’ intellectual property as their own. 6. Computers may not be used to steal.
Green Computing • Green computing involves reducing the electricity and environmental waste while using a computer. • Personal computers, display devices, and printers should comply with guidelines of the ENERGY STAR program – help reduce the amount of electricity used • Power usage effectiveness (PUE) is a ratio that measures how much power enters the computer facility, or data center, against the amount of power required to run the computers. Green Computing Suggestions 1. Use computers and devices that comply with the ENERGY STAR program. 2. Do not leave the computer running overnight. 3. Turn off the monitor, printer, and other devices when not in use. 4. Use LCD monitors instead of CRT monitors. 5. Use paperless methods to communicate. 6. Recycle paper and buy recycled paper.
Information Privacy • Information privacy refers to the right of individuals and companies to deny or restrict the collection and use of information about them. How to safeguard personal information 1. Fill in only necessary information on rebate, warranty, and registration forms. 2. Do not write your telephone number on charge or credit receipts. 3. If merchants ask personal questions, find out why they want to know before releasing the information. 4. Limit the amount of information you provide to Web sites. Fill in only required information. 5. Install a cookie manager to filter cookies. 6. Clear your history file when you are finishing browsing. 7. Set up a free e-mail account. Use this e-mail address for merchant forms. 8. Turn off file and printer sharing on your Internet connection. 9. Install a personal firewall. 10. Do not reply to spam for any reason.
Summary Perpetrators • • • • • • • Hacker Cracker Script Kiddie Corporate Spy Unethical employee Cyberextortionist Cyberterrorist Security Risks Computer Ethics • Internet & Network Attacks • Unauthorized access and use • Hardware theft • Software theft • Information theft • System failure • Unauthorized use of computers & network • Software piracy • Information accuracy • Intellectual property rights • Codes of conduct • Information privacy • Green computing

Recommandé

Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety Sadaf Walliyani
 
Cyber security and safety
Cyber security and safetyCyber security and safety
Cyber security and safetyDooremoore
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsN.Jagadish Kumar
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 
Cyber safety
Cyber safetyCyber safety
Cyber safetyYash Jain
 
Email Headers – Expert Forensic Analysis
Email Headers – Expert Forensic AnalysisEmail Headers – Expert Forensic Analysis
Email Headers – Expert Forensic AnalysisforensicEmailAnalysis
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptYash Diwakar
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crimehomeworkping4
 

Recommandé

Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety Sadaf Walliyani
 
Cyber security and safety
Cyber security and safetyCyber security and safety
Cyber security and safetyDooremoore
 
Cyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsCyber forensic-Evedidence collection tools
Cyber forensic-Evedidence collection toolsN.Jagadish Kumar
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 
Cyber safety
Cyber safetyCyber safety
Cyber safetyYash Jain
 
Email Headers – Expert Forensic Analysis
Email Headers – Expert Forensic AnalysisEmail Headers – Expert Forensic Analysis
Email Headers – Expert Forensic AnalysisforensicEmailAnalysis
 
Ransomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptRansomware: WanaCry, WanCrypt
Ransomware: WanaCry, WanCryptYash Diwakar
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crimehomeworkping4
 
BriMor Labs Live Response Collection
BriMor Labs Live Response CollectionBriMor Labs Live Response Collection
BriMor Labs Live Response CollectionBriMorLabs
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...Lenur Dzhemiliev
 
Cyber crime ✔
Cyber crime ✔Cyber crime ✔
Cyber crime ✔hubbysoni
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2Manu Mathew Cherian
 
Ethics in IT and System Usage
Ethics in IT and System UsageEthics in IT and System Usage
Ethics in IT and System Usagetushki92
 
Ransomware
RansomwareRansomware
RansomwareAkshita Pillai
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
Computer Worms
Computer WormsComputer Worms
Computer Wormssadique_ghitm
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentationikmal91
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifactsn|u - The Open Security Community
 
IDEA to Detect Duplicate Invoice Payments
IDEA to Detect Duplicate Invoice PaymentsIDEA to Detect Duplicate Invoice Payments
IDEA to Detect Duplicate Invoice PaymentsAuditWare Systems Ltd.
 
Cyber security
Cyber securityCyber security
Cyber securityDr. Kishor Nikam
 
Current Trends in Fraud Prevention
Current Trends in Fraud PreventionCurrent Trends in Fraud Prevention
Current Trends in Fraud PreventionBlackbaud
 
Malware forensics
Malware forensicsMalware forensics
Malware forensicsSameera Amjad
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityMd Nishad
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
Security Code Review 101
Security Code Review 101Security Code Review 101
Security Code Review 101Paul Ionescu
 
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...idsecconf
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
BAIT1103 Tutorial 8
BAIT1103 Tutorial 8BAIT1103 Tutorial 8
BAIT1103 Tutorial 8limsh
 
Group Assignment - Internet Security
Group Assignment - Internet SecurityGroup Assignment - Internet Security
Group Assignment - Internet Securitylimsh
 

Contenu connexe

Tendances

BriMor Labs Live Response Collection
BriMor Labs Live Response CollectionBriMor Labs Live Response Collection
BriMor Labs Live Response CollectionBriMorLabs
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptOoXair
 
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...Lenur Dzhemiliev
 
Cyber crime ✔
Cyber crime ✔Cyber crime ✔
Cyber crime ✔hubbysoni
 
Ethics in IT and System Usage
Ethics in IT and System UsageEthics in IT and System Usage
Ethics in IT and System Usagetushki92
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentationikmal91
 
IDEA to Detect Duplicate Invoice Payments
IDEA to Detect Duplicate Invoice PaymentsIDEA to Detect Duplicate Invoice Payments
IDEA to Detect Duplicate Invoice PaymentsAuditWare Systems Ltd.
 
Current Trends in Fraud Prevention
Current Trends in Fraud PreventionCurrent Trends in Fraud Prevention
Current Trends in Fraud PreventionBlackbaud
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and SecurityMd Nishad
 
Ransomware
Ransomware Ransomware
Ransomware Armor
 
Security Code Review 101
Security Code Review 101Security Code Review 101
Security Code Review 101Paul Ionescu
 
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...idsecconf
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 

Tendances (20)

BriMor Labs Live Response Collection
BriMor Labs Live Response CollectionBriMor Labs Live Response Collection
BriMor Labs Live Response Collection
 
IT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.pptIT Security Awareness-v1.7.ppt
IT Security Awareness-v1.7.ppt
 
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
OWASP Top 10 Vulnerabilities - A5-Broken Access Control; A6-Security Misconfi...
 
Cyber crime ✔
Cyber crime ✔Cyber crime ✔
Cyber crime ✔
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
 
Ethics in IT and System Usage
Ethics in IT and System UsageEthics in IT and System Usage
Ethics in IT and System Usage
 
Ransomware
RansomwareRansomware
Ransomware
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer Privacy
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
 
Trojan Horse Presentation
Trojan Horse PresentationTrojan Horse Presentation
Trojan Horse Presentation
 
Windows forensic artifacts
Windows forensic artifactsWindows forensic artifacts
Windows forensic artifacts
 
IDEA to Detect Duplicate Invoice Payments
IDEA to Detect Duplicate Invoice PaymentsIDEA to Detect Duplicate Invoice Payments
IDEA to Detect Duplicate Invoice Payments
 
Cyber security
Cyber securityCyber security
Cyber security
 
Current Trends in Fraud Prevention
Current Trends in Fraud PreventionCurrent Trends in Fraud Prevention
Current Trends in Fraud Prevention
 
Malware forensics
Malware forensicsMalware forensics
Malware forensics
 
Cyber Crime and Security
Cyber Crime and SecurityCyber Crime and Security
Cyber Crime and Security
 
Ransomware
Ransomware Ransomware
Ransomware
 
Security Code Review 101
Security Code Review 101Security Code Review 101
Security Code Review 101
 
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
Vm escape: case study virtualbox bug hunting and exploitation - Muhammad Alif...
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 

En vedette

BAIT1103 Tutorial 8
BAIT1103 Tutorial 8BAIT1103 Tutorial 8
BAIT1103 Tutorial 8limsh
 
Group Assignment - Internet Security
Group Assignment - Internet SecurityGroup Assignment - Internet Security
Group Assignment - Internet Securitylimsh
 
BAIT2164 Tutorial 8
BAIT2164 Tutorial 8BAIT2164 Tutorial 8
BAIT2164 Tutorial 8limsh
 
BAIT1103 Tutorial 7
BAIT1103 Tutorial 7BAIT1103 Tutorial 7
BAIT1103 Tutorial 7limsh
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3limsh
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
BAIT1103 Chapter 2
BAIT1103 Chapter 2BAIT1103 Chapter 2
BAIT1103 Chapter 2limsh
 
BAIT1103 Assignment Presentation
BAIT1103 Assignment PresentationBAIT1103 Assignment Presentation
BAIT1103 Assignment Presentationlimsh
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.pptAeman Khan
 

En vedette (9)

BAIT1103 Tutorial 8
BAIT1103 Tutorial 8BAIT1103 Tutorial 8
BAIT1103 Tutorial 8
 
Group Assignment - Internet Security
Group Assignment - Internet SecurityGroup Assignment - Internet Security
Group Assignment - Internet Security
 
BAIT2164 Tutorial 8
BAIT2164 Tutorial 8BAIT2164 Tutorial 8
BAIT2164 Tutorial 8
 
BAIT1103 Tutorial 7
BAIT1103 Tutorial 7BAIT1103 Tutorial 7
BAIT1103 Tutorial 7
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
BAIT1103 Chapter 2
BAIT1103 Chapter 2BAIT1103 Chapter 2
BAIT1103 Chapter 2
 
BAIT1103 Assignment Presentation
BAIT1103 Assignment PresentationBAIT1103 Assignment Presentation
BAIT1103 Assignment Presentation
 
Cybercrime.ppt
Cybercrime.pptCybercrime.ppt
Cybercrime.ppt
 

Similaire à BAIT1003 Chapter 11

Computer security risks
Computer security risksComputer security risks
Computer security risksAasim Mushtaq
 
Computer security risks
Computer security risksComputer security risks
Computer security risksdison gapor
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)Zara Nawaz
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
презентация1
презентация1презентация1
презентация1sagidullaa01
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacyArdit Meti
 
Online access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.GauthamOnline access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.GauthamJoelGautham
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityGeevarghese Titus
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxKirti Verma
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptxDibyesh1
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).pptGooglePay16
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information systemOnline
 
Computer security: hackers and Viruses
Computer security: hackers and VirusesComputer security: hackers and Viruses
Computer security: hackers and VirusesWasif Ali Syed
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
Network and Security | by M.Hassaan Anjum
Network and Security | by M.Hassaan AnjumNetwork and Security | by M.Hassaan Anjum
Network and Security | by M.Hassaan AnjumHassaan Anjum
 

Similaire à BAIT1003 Chapter 11 (20)

Computer security risks
Computer security risksComputer security risks
Computer security risks
 
Computer security risks
Computer security risksComputer security risks
Computer security risks
 
Information Security (Malicious Software)
Information Security (Malicious Software)Information Security (Malicious Software)
Information Security (Malicious Software)
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 
презентация1
презентация1презентация1
презентация1
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
 
Online access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.GauthamOnline access and computer security.pptx_S.Gautham
Online access and computer security.pptx_S.Gautham
 
Computer security
Computer securityComputer security
Computer security
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
computer security
computer securitycomputer security
computer security
 
BCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptxBCE L-3omputer security Basics.pptx
BCE L-3omputer security Basics.pptx
 
Lecture 5.1.pptx
Lecture 5.1.pptxLecture 5.1.pptx
Lecture 5.1.pptx
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Security (IM).ppt
Security (IM).pptSecurity (IM).ppt
Security (IM).ppt
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
 
Computer security: hackers and Viruses
Computer security: hackers and VirusesComputer security: hackers and Viruses
Computer security: hackers and Viruses
 
Security Basics
Security BasicsSecurity Basics
Security Basics
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Network and Security | by M.Hassaan Anjum
Network and Security | by M.Hassaan AnjumNetwork and Security | by M.Hassaan Anjum
Network and Security | by M.Hassaan Anjum
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
 

Plus de limsh

BAIT2164 Topics for Revision
BAIT2164 Topics for RevisionBAIT2164 Topics for Revision
BAIT2164 Topics for Revisionlimsh
 
BAIT2164 Tutorial 9
BAIT2164 Tutorial 9BAIT2164 Tutorial 9
BAIT2164 Tutorial 9limsh
 
BAIT2164 Tutorial 6 (Part 2)
BAIT2164 Tutorial 6 (Part 2)BAIT2164 Tutorial 6 (Part 2)
BAIT2164 Tutorial 6 (Part 2)limsh
 
BAIT2164 Tutorial 6 (Part 1)
BAIT2164 Tutorial 6 (Part 1)BAIT2164 Tutorial 6 (Part 1)
BAIT2164 Tutorial 6 (Part 1)limsh
 
BAIT2164 Tutorial 5
BAIT2164 Tutorial 5BAIT2164 Tutorial 5
BAIT2164 Tutorial 5limsh
 
BAIT2164 Tutorial 4
BAIT2164 Tutorial 4BAIT2164 Tutorial 4
BAIT2164 Tutorial 4limsh
 
BAIT2164 Tutorial 3
BAIT2164 Tutorial 3BAIT2164 Tutorial 3
BAIT2164 Tutorial 3limsh
 
BAIT2164 Tutorial 2
BAIT2164 Tutorial 2BAIT2164 Tutorial 2
BAIT2164 Tutorial 2limsh
 
BAIT2164 Tutorial 1
BAIT2164 Tutorial 1BAIT2164 Tutorial 1
BAIT2164 Tutorial 1limsh
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8limsh
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7limsh
 
BAIT1103 Tutorial 6
BAIT1103 Tutorial 6BAIT1103 Tutorial 6
BAIT1103 Tutorial 6limsh
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6limsh
 
BAIT1103 Tutorial 5
BAIT1103 Tutorial 5BAIT1103 Tutorial 5
BAIT1103 Tutorial 5limsh
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5limsh
 
BAIT1103 Tutorial 4
BAIT1103 Tutorial 4BAIT1103 Tutorial 4
BAIT1103 Tutorial 4limsh
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4limsh
 
BAIT1103 Tutorial 3
BAIT1103 Tutorial 3BAIT1103 Tutorial 3
BAIT1103 Tutorial 3limsh
 
BAIT1103 Tutorial 2
BAIT1103 Tutorial 2BAIT1103 Tutorial 2
BAIT1103 Tutorial 2limsh
 
BAIT1103 Tutorial 1
BAIT1103 Tutorial 1BAIT1103 Tutorial 1
BAIT1103 Tutorial 1limsh
 

Plus de limsh (20)

BAIT2164 Topics for Revision
BAIT2164 Topics for RevisionBAIT2164 Topics for Revision
BAIT2164 Topics for Revision
 
BAIT2164 Tutorial 9
BAIT2164 Tutorial 9BAIT2164 Tutorial 9
BAIT2164 Tutorial 9
 
BAIT2164 Tutorial 6 (Part 2)
BAIT2164 Tutorial 6 (Part 2)BAIT2164 Tutorial 6 (Part 2)
BAIT2164 Tutorial 6 (Part 2)
 
BAIT2164 Tutorial 6 (Part 1)
BAIT2164 Tutorial 6 (Part 1)BAIT2164 Tutorial 6 (Part 1)
BAIT2164 Tutorial 6 (Part 1)
 
BAIT2164 Tutorial 5
BAIT2164 Tutorial 5BAIT2164 Tutorial 5
BAIT2164 Tutorial 5
 
BAIT2164 Tutorial 4
BAIT2164 Tutorial 4BAIT2164 Tutorial 4
BAIT2164 Tutorial 4
 
BAIT2164 Tutorial 3
BAIT2164 Tutorial 3BAIT2164 Tutorial 3
BAIT2164 Tutorial 3
 
BAIT2164 Tutorial 2
BAIT2164 Tutorial 2BAIT2164 Tutorial 2
BAIT2164 Tutorial 2
 
BAIT2164 Tutorial 1
BAIT2164 Tutorial 1BAIT2164 Tutorial 1
BAIT2164 Tutorial 1
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8
 
BAIT1103 Chapter 7
BAIT1103 Chapter 7BAIT1103 Chapter 7
BAIT1103 Chapter 7
 
BAIT1103 Tutorial 6
BAIT1103 Tutorial 6BAIT1103 Tutorial 6
BAIT1103 Tutorial 6
 
BAIT1103 Chapter 6
BAIT1103 Chapter 6BAIT1103 Chapter 6
BAIT1103 Chapter 6
 
BAIT1103 Tutorial 5
BAIT1103 Tutorial 5BAIT1103 Tutorial 5
BAIT1103 Tutorial 5
 
BAIT1103 Chapter 5
BAIT1103 Chapter 5BAIT1103 Chapter 5
BAIT1103 Chapter 5
 
BAIT1103 Tutorial 4
BAIT1103 Tutorial 4BAIT1103 Tutorial 4
BAIT1103 Tutorial 4
 
BAIT1103 Chapter 4
BAIT1103 Chapter 4BAIT1103 Chapter 4
BAIT1103 Chapter 4
 
BAIT1103 Tutorial 3
BAIT1103 Tutorial 3BAIT1103 Tutorial 3
BAIT1103 Tutorial 3
 
BAIT1103 Tutorial 2
BAIT1103 Tutorial 2BAIT1103 Tutorial 2
BAIT1103 Tutorial 2
 
BAIT1103 Tutorial 1
BAIT1103 Tutorial 1BAIT1103 Tutorial 1
BAIT1103 Tutorial 1
 

Dernier

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...RKavithamani
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 

Dernier (20)

How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 

BAIT1003 Chapter 11

  • 2. Objectives Define the term, computer security risks, and briefly describe the types of cybercrime perpetrators Describe various types of Internet and network attacks and identify ways to safeguard against these attacks Identify safeguards against hardware and software theft Discuss techniques to prevent unauthorized computer access and use Recognize issues related to information accuracy, intellectual property rights, codes of conduct, and green computing
  • 3. Computer Security Risks • A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability. • Some breaches to computer security are accidental, many are intentional. • Some intruders do no damage; other intruders indicate some evidence of their presence either by leaving a message or by deliberately altering or damaging data
  • 4. Computer Security Risks • An intentional breach of computer security often involves a deliberate act that is against the law. • Any illegal act involving a computer generally is referred to as computer crime. • Cybercrime refers to online or Internet-based illegal acts • Software used by cybercriminals is called crimeware
  • 5. Computer Security Risks • Perpetrators of cybercrime and other intrusions fall into seven basic categories: Hacker Cracker Unethical employee Script Kiddie Cyberextortionist Corporate spy Cyberterrorist
  • 6. Computer Security Risks Hacker • Originally complimentary word for a computer enthusiast • Now a derogatory meaning refers to someone who accesses a computer or network illegally • Some claim the intent of their security breaches is to improve security Cracker • Someone who accesses computer or network illegally but has the intent of destroying data, stealing information, or other malicious action • Both hackers and crackers have advanced computer and network skills Script Kiddie Corporate spy • Same intent as a cracker but does not have the technical skills and knowledge • Often use prewritten hacking and cracking programs to break into computers • Have excellent computer and networking skills and are hired to break into a specific computer or steal its proprietary data and information, or to help identify security risks in their own organization • Unscrupulous companies hire them, a practice known as corporate espionage, to gain a competitive advantage
  • 7. Computer Security Risks Unethical employees • • • • Break into their employers’ computers for variety of reasons Simply want to exploit security weakness Seek financial gains from selling confidential information Disgruntled employees may want revenge Cyberextortionist • Use e-mail as a vehicle for extortion • Send an organization a threatening e-mail indicating they will expose confidential information, exploit security flaw, or launch an attack to compromise organization’s network – if not paid a sum of money Cyberterrorist • Use Internet or network to destroy or damage computers for political reasons • Might target the nation’s air traffic control system, electricitygenerating companies, or telecommunications infrastructure • Cyberwarfare – an attack whose goal ranges from disabling a government’s computer network to crippling a country
  • 8. Computer Security Risks • Computers and computer users are exposed to several types of security risks: Internet and network attacks Unauthorized access and use Hardware theft Software theft Information theft System failure
  • 9. Internet & Network Attacks • Information transmitted over networks has a higher degree of security risk than information kept on an organization’s premises • To determine if your computer is vulnerable to an Internet or network attack, use an online security service • An online security service is a Web site that evaluates your computer to check for Internet and email vulnerabilities and provides recommendations of how to address the vulnerabilities
  • 10. Internet & Network Attacks • Some popular online security services: Name of Online Service Web address McAfee FreeScan http://home.mcafee.com/downloads/freevirus-scan Symantec Security Check https://security.symantec.com/ Trend Micro House Call http://housecall.trendmicro.com/ Kaspersky Virus Scan http://www.kaspersky.com/virus-scanner
  • 11. Internet & Network Attacks • Internet and network attacks that jeopardize security: Computer viruses Botnets Worms Trojan horses Rootkits Denial of service Back doors Spoofing
  • 12. Internet & Network Attacks - Computer viruses & other malware • Computer viruses, worms, Trojan horses and rootkits are classified as malware (malicious software), which are programs that act without a user’s knowledge and deliberately alter the computer’s operations • A computer virus is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission
  • 13. Internet & Network Attacks - Computer viruses & other malware • A worm is a program that copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer or network • A Trojan horse is a program that hides within or looks like a legitimate program. Unlike a virus or worm, a Trojan horse does not replicate itself to other computers • A rootkit is a program that hides in a computer and allows someone from a remote location to take full control of the computer. Once installed, the rootkit author can execute programs, change settings, monitor activity, and access files on the remote computer
  • 14. Internet & Network Attacks - Computer viruses & other malware • Unscrupulous programmers write malware and then test it to ensure it can deliver its payload • The payload is the destructive event or prank the program is intended to deliver • Malware delivers its payload on a computer in various ways: 1. When a user opens an infected file 2. When a user runs an infected program 3. When a user boots the computer with infected removable media inserted in a drive or plugged in a port 4. When a user connects an unprotected computer to a network 5. When a certain condition or even occurs, such as computer’s clock changing to specific data
  • 15. Internet & Network Attacks - Computer viruses & other malware • A computer infected by a virus, worm, Trojan horse, or rootkit has one or more of the following symptoms: – – – – – – – – – – – Operating system runs much slower than usual Available memory is less than expected Files become corrupted Screen displays unusual message or image Music or unusual sound plays randomly Existing programs and files disappear Programs or files do not work properly Unknown programs or files mysteriously appear System properties change Operating system does not start up Operating system shuts down unexpectedly
  • 16. Safeguards against Computer viruses & other malware Tips for preventing viruses and other malware: 1. Never start a computer with removable media inserted in the drives or plugged in the ports, unless the media are uninfected 2. Never open an e-mail attachment unless you are expecting it and it is from a trusted source. 3. Set the macro security in programs so that you can enable or disable macros. Enable macros only if the document is from a trusted source and you are expecting it. 4. Install an antivirus program on all of your computers. Update the software and the virus signature files regularly. 5. Scan all downloaded programs for viruses and other malware. 6. If the antivirus program flags an e-mail attachment as infected, delete or quarantine the attachment immediately. 7. Before using any removable media, scan the media for malware. Follow this procedure even for shrink-wrapped software from major developers. Some commercial software has been infected and distributed to unsuspecting users. 8. Install a personal firewall program. 9. Stay informed about new virus alerts and virus hoaxes.
  • 17. Safeguards against Computer viruses & other malware • A trusted source is an organization or person you believe will not Popular Antivirus Programs send a virus infected file AVG Anti-virus knowingly. Avast! Antivirus F-Secure Anti-virus • An antivirus program protects a Kaspersky Anti-virus computer against viruses by McAfee VirusScan identifying and removing any Norton Antivirus computer viruses found in memory, on storage media, or on Trend Micro Antivirus Vexira Antivirus incoming files. CA Antivirus
  • 18. Safeguards against Computer viruses & other malware • Techniques that antivirus programs use to identify virus is to look for virus signatures and to inoculate existing program files. • A virus signature, also called a virus definition, is a known specific pattern of virus code. • Computer users should update their antivirus program’s signature files regularly. • To inoculate a program file, the antivirus program records information such as the file size and file creation date in a separate inoculation file. • The antivirus program then uses this information to detect if a virus tampers with the data describing the inoculated program file.
  • 19. Safeguards against Computer viruses & other malware • If an antivirus program identifies an infected file, it attempts to remove the malware. • If the antivirus cannot remove the infection, it often quarantines the infected file. • A quarantine is a separate area of the hard disk that holds the infected file until the infection can be removed.
  • 20. Safeguards against Computer viruses & other malware • A virus hoax is an e-mail message that warns users of a nonexistent virus or other malware. • These hoaxes are in the form of a chain letter that requests the user to send a copy of the e-mail message to as many people as possible. • Do not forward the message. Visit a web site that publishes a list of virus alerts and virus hoaxes.
  • 21. Internet & Network Attacks - Botnets, DoS Attacks, Back Doors & Spoofing • A botnet is a group of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks, usually for nefarious purposes. • A compromised computer, known as a zombie, is one whose owner is unaware the computer is being controlled remotely by an outsider. • A bot is a program that performs a repetitive task on a network. • The perpetrator uses botnet to send spam e-mail, spread viruses/malware, or commit a distributed denial of service attack.
  • 22. Internet & Network Attacks - Botnets, DoS Attacks, Back Doors & Spoofing • A denial of service attack or DoS attack, is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. • Perpetrators use an unsuspecting computer to send influx of confusing data messages or useless traffic to a computer network. • The victim computer network slows down considerably and eventually becomes unresponsive or unavailable, blocking legitimate visitors from accessing the network. • DDoS (distributed DoS) attack uses a zombie army to attack computers or networks.
  • 23. Internet & Network Attacks - Botnets, DoS Attacks, Back Doors & Spoofing • A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network. • Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network. • E-mail spoofing occurs when the e-mail header are altered so that it appears the e-mail originated from a different sender. • E-mail spoofing is used for virus hoaxes, spam, and phishing spams. • IP spoofing occurs when an intruder computer fools a network into believing its IP address is associated with a trusted source.
  • 24. Safeguards against Botnets, DoS Attacks, Back Doors, & Spoofing • A firewall is hardware and/or software that protects a network’s resources from intrusion by users on another network such as the Internet. • Organizations use firewalls to protect network resources from outsiders and to restrict employees’ access to sensitive data. • A personal firewall is a utility program that detects and protects a personal computer and its data from unauthorized intrusions. Stand-Alone Personal Firewall Software BitDefender Internet Security CA Personal Firewall McAfee Internet Security Norton Personal Firewall Webroot Desktop Firewall ZoneAlarm Pro
  • 25. Safeguards against Botnets, DoS Attacks, Back Doors, & Spoofing • Intrusion detection software automatically analyzes all network traffic, assesses system vulnerabilities, identifies any unauthorized intrusions, and notifies network administrators of suspicious behavior patterns or system breaches. • A honeypot is a vulnerable computer that is set up to entice an intruder to break into it. • These computers, which appear real to the intruder, actually are separated safely from the organization’s network.
  • 26. Unauthorized Access & Use • Unauthorized access is the use of a computer or network without permission. • Unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities. • Eg. an employee using an organization’s computer to send personal e-mail messages, using word processing software to track his or her child’s soccer league scores, etc.
  • 27. Safeguards against Unauthorized Access & Use • Have a written acceptable use policy (AUP) that outlines the computer activities for which the computer and network may or may not be used. • An access control is a security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer. • Identification verifies that an individual is a valid user. • Authentication verifies that the individual is the person he or she claims to be.
  • 28. Safeguards against Unauthorized Access & Use • Three methods of identification and authentication – Usernames and passwords • A username or user ID – unique combination of characters, such as letters of the alphabet or numbers, that identifies one specific user • A password is a private combination of characters associated with the username that allows access to certain computer resources – Possessed objects • E.g. badges, cards, smart cards, keys • Used in combination with personal identification number (PIN) – Biometric devices • Authenticates a person’s identify by translating a personal characteristic, such as fingerprint, into digital code that is compared with a digital code stored in the computer verifying a physical or behavioral characteristic
  • 29. Hardware Theft & Vandalism • Hardware theft is the act of stealing computer equipment. • Hardware vandalism is the act of defacing or destroying computer equipment
  • 30. Safeguards against Hardware Theft & Vandalism • Physical access controls (e.g. locked doors, alarm) • Physical security devices (e.g. cables lock equipment) • Real time location system (RTLS) – RFID tags • Password-protect portable storage devices
  • 31. Software Theft • Software theft occurs when someone 1. Steals software media • Physically stealing the media that contain the software or the hardware that contains the media 2. Intentionally erases programs • Dishonest programmers intentionally remove or disable the programs they have written for the company after termination 3. Illegally copies a program • • Software stolen from software manufacturers Software piracy is the unauthorized and illegal duplication of copyrighted software 4. Illegally registers and/or activates a program • Users illegally obtain registration numbers and/or activation codes using key generator (keygen) program
  • 32. Safeguards against Software Theft • Keep original software boxes and media in secure location • Escort terminated employee off the premise immediately • Software manufacturers issue users license agreement – the right to use the software
  • 33. Information Theft • Information theft occurs when someone steals personal or confidential information. • Both business and home users can fall victim to information theft. • E.g. an individual first gain unauthorized access to a computer then steal credit card numbers stored in a firm’s accounting department
  • 34. Safeguards against Information Theft • Encryption – process of converting data into unreadable characters to prevent unauthorized access. • To read the data, the recipient must decrypt or decipher it into readable form. • Digital signature – encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the message sender. • Digital certificate – a notice that guarantees a user or Web site is legitimate.
  • 35. System Failure • A system failure is the prolonged malfunction of a computer that can cause loss of hardware, software, data, or information. • An undervoltage occurs when electrical supply drops. • A blackout is a complete power failure. • An overvoltage or power surge, occurs when the incoming electrical power increases more than five percent above the normal volts.
  • 36. Safeguards against System Failure • Surge protector (surge suppressor) uses special electrical components to smooth out minor noise, provide stable current flow, and keep an overvoltage from reaching the computer and other electronic equipment. • Uninterruptible power supply (UPS) is a device that contains surge protection circuits and one or more batteries that can provide power during a temporary or permanent loss of power.
  • 37. Computer Ethics • Ethics is the standards that determine whether an action is good or bad. • Computer ethics are the moral guidelines that govern the use of computers and information systems. • Seven frequently discussed areas of computer ethics: Unauthorized use of computers and networks Software theft (piracy) Codes of conduct Information accuracy Information privacy Intellectual property rights Green computing
  • 38. Information Accuracy • Information accuracy today is a concern because many users access information maintained by other people or companies, such as on the Internet. • Do not assume that because the information is on the Web that it is correct. • Some individuals and organizations raise questions about the ethics of using computers to alter graphical output such as a retouched photo.
  • 39. Intellectual Property Rights • Intellectual property (IP) refers to unique and original works such as ideas, inventions, art, writings, processes, company and product names, and logos. • Intellectual property rights are the rights to which creators are entitled for their work. • A copyright gives authors and artists exclusive rights to duplicate, publish, and sell their materials.
  • 40. Codes of Conduct • An IT code of conduct is a written guideline that helps determine whether a specific computer action is ethical or unethical. IT Code of Conduct 1. Computers may not be used to harm other people. 2. Employees may not interfere with others’ computer work. 3. Employees may not copy or use software illegally. 4. Employees may not use others’ computer resources without authorization. 5. Employees may not use others’ intellectual property as their own. 6. Computers may not be used to steal.
  • 41. Green Computing • Green computing involves reducing the electricity and environmental waste while using a computer. • Personal computers, display devices, and printers should comply with guidelines of the ENERGY STAR program – help reduce the amount of electricity used • Power usage effectiveness (PUE) is a ratio that measures how much power enters the computer facility, or data center, against the amount of power required to run the computers. Green Computing Suggestions 1. Use computers and devices that comply with the ENERGY STAR program. 2. Do not leave the computer running overnight. 3. Turn off the monitor, printer, and other devices when not in use. 4. Use LCD monitors instead of CRT monitors. 5. Use paperless methods to communicate. 6. Recycle paper and buy recycled paper.
  • 42. Information Privacy • Information privacy refers to the right of individuals and companies to deny or restrict the collection and use of information about them. How to safeguard personal information 1. Fill in only necessary information on rebate, warranty, and registration forms. 2. Do not write your telephone number on charge or credit receipts. 3. If merchants ask personal questions, find out why they want to know before releasing the information. 4. Limit the amount of information you provide to Web sites. Fill in only required information. 5. Install a cookie manager to filter cookies. 6. Clear your history file when you are finishing browsing. 7. Set up a free e-mail account. Use this e-mail address for merchant forms. 8. Turn off file and printer sharing on your Internet connection. 9. Install a personal firewall. 10. Do not reply to spam for any reason.
  • 43. Summary Perpetrators • • • • • • • Hacker Cracker Script Kiddie Corporate Spy Unethical employee Cyberextortionist Cyberterrorist Security Risks Computer Ethics • Internet & Network Attacks • Unauthorized access and use • Hardware theft • Software theft • Information theft • System failure • Unauthorized use of computers & network • Software piracy • Information accuracy • Intellectual property rights • Codes of conduct • Information privacy • Green computing