Itc chapter # 11
Download as PPTX, PDF1 like260 views
This document provides an introduction to computer and data security. It discusses security principles like confidentiality, integrity, and availability. It also describes common security threats like denial of service attacks, viruses, trojans, and backdoors. The document outlines different types of attacks and how we can protect against them using anti-virus software, firewalls, cryptography, steganography, and watermarking.
![Introduction to Computing 10Chapter # 11
How Do We Protect
Anti-virus software
Personal Anti-virus SW on your machine
Make sure it is set to scan all executables, compressed files,
e-mail, e-mail attachments, web pages
Keep your virus information files up to date!!!
Firewalls
A combination of hardware and software resources positioned
between the local (trusted) network and [an untrusted network]
It ensures that all communication between an organization's network
and the Internet connection conforms to the organization's security
policy
It tracks and controls communications, deciding whether to pass,
reject, encrypt, or log communications](https://image.slidesharecdn.com/itc-chapter11-171001095012/85/Itc-chapter-11-10-320.jpg)
Itc chapter # 11
- 1. COMPUTER & DATA SECURITY Introduction to Computing CHAPTER # 11
- 2. Introduction to Computing 2Chapter # 11 Security Security is about the protection of assets It can be computer, network or data security Security is a set of procedures that protect You, your employees, and your peers Paper or electronic media Hardware, software, and networks It protects from damage, theft, or change There can be different security measures Prevention measures taken to protect your assets from being damaged Detection measures taken to allow you to detect when an asset has been damaged, how it was damaged and who damaged it Reaction measures that allow you to recover your assets
- 3. Introduction to Computing 3Chapter # 11 Computer Security Computer security is information security as applied to computers and networks The field covers all the processes and mechanisms by which computer-based equipment, information, networks and services are protected from unintended or unauthorized access, change or destruction It also includes protection from unplanned events and natural disasters
- 4. Introduction to Computing 4Chapter # 11 Security Properties Confidentiality ensures that the data is only read by the intended recipients Integrity ensures that all of the data has not been corrupted from its original source The system continues to operate properly. Availability Actions by an attacker do not prevent users from having access to use of the system guarantees that the data is usable upon demand Accountability it is audit information that is kept and protected so that security actions can be traced to the responsible party
- 5. Introduction to Computing 5Chapter # 11 Highly Vulnerable Financial institutions and banks Internet service providers Government and defense agencies Multinational corporations Pharmaceutical companies Contractors to various government agencies Anyone on the Internet
- 6. Introduction to Computing 6Chapter # 11 Types of Attacks Denial of Service (D.o.S) attacks D.o.S attacks have one goal – to knock your service off the net Crash your host Flood your host Flood the network connecting to your host Viruses A computer virus attaches itself to files on the target machine Master Boot Sector/Boot Sector viruses File viruses, Macro viruses Stealth viruses, Polymorphic viruses
- 7. Introduction to Computing 7Chapter # 11 Types of Attacks Trojans Trojans are programs that appear to perform a desirable and necessary function that perform functions unknown to (and probably unwanted by) the user Worms Worms are memory resident viruses Unlike a virus, which seeds itself in the computer's hard disk or file system, a worm will only maintain a functional copy of itself in active memory Worms frequently “sleep” until some event triggers their activity e.g. send password file to hacker, send copy of registry to hacker Worms and Trojans are frequent methods by which Backdoors are enabled on a system Backdoors Such programs give remote access to the computer from anywhere on the Internet e.g. Back Orifice, BO2K, Sub-Seven)
- 8. Introduction to Computing 8Chapter # 11 Types of Attacks Sniffers Devices that capture network packets Extremely difficult to detect because they are passive Scanners Programs that automatically detect security weaknesses in remote or local hosts Tells the hacker What services are currently running What users own those services Whether anonymous logins are supported Whether certain network services require authentication Password Crackers Some actually try to decrypt Most simply try “brute force” or intelligent “brute force” Dictionary words, days of year, initials
- 9. Introduction to Computing 9Chapter # 11 Types of Attacks Social Engineering “This is MIS, I can fix your e-mail box, what’s your password?” Email Spoofing It tricks the user in believing that the email originated from a certain user such as an administrator although it actually originated from a hacker Such emails may solicit personal information such as credit card details and passwords Examining the email header may provide some additional information about the origin of the email
- 10. Introduction to Computing 10Chapter # 11 How Do We Protect Anti-virus software Personal Anti-virus SW on your machine Make sure it is set to scan all executables, compressed files, e-mail, e-mail attachments, web pages Keep your virus information files up to date!!! Firewalls A combination of hardware and software resources positioned between the local (trusted) network and [an untrusted network] It ensures that all communication between an organization's network and the Internet connection conforms to the organization's security policy It tracks and controls communications, deciding whether to pass, reject, encrypt, or log communications
- 11. Introduction to Computing 11Chapter # 11 Cryptography Cryptography is the practice and study of techniques for secure communication in the presence of third parties Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering Applications of cryptography include ATM cards, computer passwords, and electronic commerce Simply – secret codes Encryption Converting data to unreadable codes to prevent anyone form accessing this information Need a “key” to find the original data keys take a few million-trillion years to guess Public keys An ingenious system of proving you know your password without disclosing your password. Also used for digital signatures Used heavily in SSL connections Hashing Creating fingerprints of documents
- 12. Introduction to Computing 12Chapter # 11 Cryptography Symmetric encryption Authentication Asymmetric encryption Public Key Infrastructure
- 13. Introduction to Computing 13Chapter # 11 Steganography Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message It is a form of security through obscurity Message appears to be something else images, articles, shopping lists, or some other cover-text Classically, the hidden message may be in invisible ink between the visible lines of a private letter Messages do not attract attention to themselves It is high security technique for long data transmission
- 14. Introduction to Computing 14Chapter # 11 Watermarking Watermarking is the process of hiding digital information in a carrier signal It is a technique in which a kind of marker is embedded in a signal such as audio or image data Used to identify ownership of the copyright of such signal Digital watermarks may be used to verify the authenticity or integrity of the carrier signal or to show the identity of its owners It is prominently used for tracing copyright infringements and for banknote authentication