1. Cyber Security
Presented By : Nishant Pawar
BBA(CA) Department
Icollege Indapur

2. `
Module 4: Introduction to Cyber Security/
Information Security
• Security Architecture and Models.
• System Security
• OS Security
• Wireless network and Security.

3. `
Chapter 1: Security Architecture and
Models
• Designing Secure OS
• CPU (central Processing Unit); is a microprocessor that contains a
control unit, an arithmetic logic unit(ALU).
• Memory: the OS instruction, application and data are held in the
Basic Input Output System.(BIOS)
• There are basically two types of memories :
• Primary Memory:- (RAM) random access memory, is a type of
temporary storage facility where data can be held and altered.
• is a type of volatile.
• Secondary Memory:- (ROM) Read Only memory, is a type of
permanent storage facility where data can be held and altered.
• Is a type of non-volatile memory.

4. `
• Cache Memory
• Memory Mapping
• Operating States

5. `Chapter 2: System Security

6. `
Desktop Security
• Most attacks fall into two
categories
– Malicious software attacks
– Attacks on hardware

7. `
Malicious Software Attacks
• Malware
– Wide variety of damaging or annoying
attack software
– Enters a computer system without the
owner’s knowledge or consent
• Primary objectives of malware
– Infect a computer system with
destructive software
– Conceal a malicious action

8. `
Hardware Attacks
• Types of hardware that is
targeted includes
– BIOS
– USB devices
– Cell phones
– Physical theft of laptop
computers and information

9. `
BIOS
• Basic Input/Output System (BIOS)
– Coded program embedded on the
processor chip
– Recognizes and controls different
devices on the computer system
• Read Only Memory (ROM) chip
– Older systems
• PROM (Programmable Read Only
Memory) chip
– Newer computers
– Flashing the BIOS
• Reprogramming

10. `
Why E-mail Security
???
The Internet is an expansive network of
computers, much of which is unprotected
against malicious attacks. From the time an
email composed to the time it is read, an email
travels through this unprotected Internet,
exposed to various electronic dangers.

11. `
What is E-mail Privacy
The protection of email from unauthorized
access and inspection is known as electronic
privacy. In countries with a constitutional
guarantee of the secrecy of correspondence,
email is equated with letters and thus legally
protected from all forms of eavesdropping.

12. `
E-mail Security
• PGP-(pretty Good Privacy)
• General purpose application to protect files.
• Can be used to protect e-mail messages.
• Can be used by co-operations and individuals
• PGP is now on an internet standards tracks.
• S/MIME-(Secure/ Multipurpose Internet Mail Extension)
• A security enhancement to MIME.
• Provide similar services to PGP.
• Defines a format for text messages to be sent using email.

13. `
Web Security
• Web Authentication
• SSL and SET
• SSL(Secure Socket Layer)
• It is not a payment protocol, can be used for any secure
communication like credit card numbers.
• SSL is secure data exchange protocol providing-
• Privacy between to internet communications.
• Authentication of servers.

14. Database Security

15. `
Introduction
• Database Security

16. `
What Is Database Security?
Database:
It is a collection of information stored in a computer.
Security:
It is being free from danger.
Database Security:
It is the mechanisms that protect the database against
intentional or accidental threats.
OR
Protection from malicious attempts to steal (view) or
modify data.

17. `
Three Main Aspects
1. Secrecy
2. Integrity
3. Availability

18. `
Secrecy
• It is protecting the database from
unauthorized users.
• Ensures that users are allowed to do the things
they are trying to do.
• For example:-
– The employees should not see the salaries of their
managers.

19. `
Integrity
• Protecting the database from authorized users.
• Ensures that what users are trying to do is
correct.
• For examples,
• An employee should be able to modify his or her
own information.

20. `
Availability
• Authorized users should be able to access data
for Legal purposes as necessary.
• For examples,
– Payment orders regarding taxes should be
made on time by the tax law.

21. `
Importance of Data
• Bank/Demat accounts
• Credit card, Salary, Income tax data
• University admissions, marks/grades
• Land records, licenses
• Data = crown jewels for organizations

22. `
Importance of Data (contd…)
• Recent headlines:
– Personal information of millions of credit card
users stolen
• Laws on privacy in the US
• Theft of US data in India
– Criminal gangs get into identity theft
– Earlier this year in Mumbai
• Hackers steal credit card data using card reader
and make fraudulent purchases
• Hacker creates fake Web site to phish for credit
card information
– Auto-rickshaw license fraud in New Delhi

23. `
Overview
• Levels of data security
• Authorization in databases
• Application Vulnerabilities
• Summary

24. `
Levels of Data Security
• Human level: Corrupt/careless User.
• Network/User Interface.
• Database application program.
• Database system.
• Operating System.
• Physical level.

25. `
Physical/OS Security
• Physical level
– Traditional lock-and-key security.
– Protection from floods, fire, etc.
• E.g. WTC (9/11), fires in IITM, WWW conf website, etc.
– Protection from administrator error
• E.g. delete critical files.
– Solution
• Remote backup for disaster recovery.
• Plus archival backup (e.g. DVDs/tapes).
• Operating system level
– Protection from virus/worm attacks critical.

26. `
Security at the Database/Application
Program
• Authentication and
authorization
mechanisms to allow
specific users access
only to required data
• Authentication: who are
you? Prove it!
• Authorization: what
you are allowed to do?

27. `
Database vs. Application
• Application authenticates/authorizes users
• Application itself authenticates itself to
database
– Database password
DatabaseApplication
Program

28. `
User Authentication
• Password
– Most users abuse passwords. For e.g.
• Easy to guess password
• Share passwords with others
• Smartcards
– Need smartcard
– + a PIN or password
Bill Gates

29. `
User Authentication
• Central authentication systems allow users to
be authenticated centrally
– LDAP or MS Active Directory often used for central
authentication and user management in
organizations
• Single sign-on: authenticate once, and access
multiple applications without fresh
authentication
– Microsoft passport, Pub Cookie etc
– Avoids plethora of passwords
– Password only given to central site, not to
applications.

30. `
Overview
• Levels of data security
• Authorization in databases
• Application Vulnerabilities
• Summary

31. `
Authorization
• Different
authorizations for
different users
– Accounts clerk vs.
– Accounts manager vs.
– End users

32. `
Database/Application Security
• Ensure that only authenticated users can
access the system.
• And can access (read/update) only
data/interfaces that they are authorized to
access.

33. `
Overview
• Levels of data security
• Authorization in databases
• Application Vulnerabilities
• Summary

34. `
Application Security
• Applications are often the biggest source
of insecurity
–Poor coding of application may allow
unauthorized access.
–Application code may be very big, easy to
make mistakes and leave security holes.
–Very large surface area.
• Used in fewer places
– Some security by obfuscation.
– Lots of holes due to poor/hasty programming.

35. `
Top 10 Web Security Vulnerabilities
1. Invalidated input.
2. Broken access control.
3. Broken account/session management.
4. Cross-site scripting (XSS) flaws.
5. Buffer overflows.
6. (SQL) Injection flaws.
7. Improper error handling.
8. Insecure storage.
9. Denial-of-service.
10.Insecure configuration management.

36. `
Overview
• Levels of data security
• Authorization in databases
• Application Vulnerabilities
• Summary

37. `
Summary
• Data security is critical.
• Requires security at different levels.
• Several technical solutions .
• But human training is essential.

38. `
OS Security(Operating System)
• OS security vulnerabilities, Updates and Patches
• OS Integrity Checks.
• Antivirus S/W:-
• A computer program that can copy itself and
infect a computer without permission of the
user.
• Viruses, Worms, Trojan Horses = MALWARE

39. `
Managing Patches
• Patch
– Software security update intended to cover
vulnerabilities that have been discovered after
the program was released
• Automatic update configuration options for
most operating systems
– Install updates automatically
– Download updates but let me choose when to
install them
– Check for updates but let me choose whether to
download and install them
– Never check for updates

40. `
• How viruses spread:
– Internet downloads
– Removable media
– Across the network
– Email attachments

41. `
• Protecting your system
– Antivirus software
1. Standardization
2. Definitions
3. Subscriptions
– Be smart about email attachments
• Unknown senders
• Known senders
– Firewall

42. `
• Recovering from a virus attack
– Run a full system scan (in Safe Mode if necessary)
– Run an “autofix” tool
– Replace infected files
– Reformat hard drive

43. `Chapter 4: Wireless N/W and Security

44. `
Wireless Security
• Make sure your wireless network isn’t wide
open!
– Change default password on the router or
access point
– Secure the connection
– WEP – crackable!
– WPA – best option

45. `
Wireless Security
• Change default password

46. `
Wireless Security
• Secure the connection

47. `
Strong Passwords
• 6 to 8 characters long using lower/upper case letters,
numbers, and symbols (Microsoft recommends 14…)
– 4 characters – 14 million possible passwords – 2 seconds
– 8 characters – 200 trillion possible passwords – 1 year
– 9 characters – 13 quadrillion possible passwords – 70 years
– 10 characters – 840 quadrillion possible passwords – 4000 years
• Avoid words in the dictionary (easier to guess)
• Use a sentence that means something to you
– Every Sunday I go to church at 9
– E$igtc@9
• Change passwords regularly

48. `
• COMPONENTS:
Antennas
Transceivers
Integrated Circuits
Analogue-Digital Converters
LCD Screens
Batteries etc.
• INFRASTRUCTURE:
Cell Towers
Base Stations (access points)
Filters
Routers & Switches
Power Amplifiers
Edge Packets etc.

49. `
Any Questions…???

50. `
Project: 1
Create your Own Email Account

51. `
Login your Email

52. `
Send one Mail to your Friend
Write the Steps for creating email,
Login too, and Sending to your
friend.
Take the Screen shot of your own
email id and print it.