Lecture-2 about programming download.pptx
- 1. 1 Information Security Lecture # 2 Dr. Shafiq Hussain Associate Professor & Chairperson Department of Computer Science
- 2. 2 Objectives • Introduction to Information security
- 3. 3 Issues of Information Security • Cyber threats: The increasing sophistication of cyber attacks, including malware, phishing, and ransomware, makes it difficult to protect information systems and the information they store.
- 4. 4 Issues of Information Security (Cont..) • Human error: People can inadvertently put information at risk through actions such as losing laptops or smartphones, clicking on malicious links, or using weak passwords.
- 5. 5 Issues of Information Security (Cont..) • Insider threats: Employees with access to sensitive information can pose a risk if they intentionally or unintentionally cause harm to the organization.
- 6. 6 Issues of Information Security (Cont..) • Legacy systems: Older information systems may not have the security features of newer systems, making them more vulnerable to attack.
- 7. 7 Issues of Information Security (Cont..) • Complexity: The increasing complexity of information systems and the information they store makes it difficult to secure them effectively.
- 8. 8 Issues of Information Security (Cont..) • Mobile and IoT devices: The growing number of mobile devices and internet of things (IoT) devices creates new security challenges as they can be easily lost or stolen, and may have weak security controls.
- 9. 9 Issues of Information Security (Cont..) • Integration with third-party systems: Integrating information systems with third-party systems can introduce new security risks, as the third-party systems may have security vulnerabilities..
- 10. 10 Issues of Information Security (Cont..) • Data privacy: Protecting personal and sensitive information from unauthorized access, use, or disclosure is becoming increasingly important as data privacy regulations become more strict.
- 11. 11 Issues of Information Security (Cont..) • Globalization: The increasing globalization of business makes it more difficult to secure information, as data may be stored, processed, and transmitted across multiple countries with different security requirements.
- 12. 12 Important Concepts in Information Security Vulnerability • Vulnerability is a weakness which allows an attacker to reduce a system's information assurance. • Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.
- 13. 13 Important Concepts in Information Security (Cont..) Vulnerability • To exploit vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. • In this frame, vulnerability is also known as the attack surface.
- 14. 14 Important Concepts in Information Security (Cont..) Vulnerability • Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. • This practice generally refers to software vulnerabilities in computing systems.
- 15. 15 Important Concepts in Information Security (Cont..) Backdoors • A backdoor in a computer system, is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected.
- 16. 16 Important Concepts in Information Security (Cont..) Backdoors • The backdoor may take the form of an installed program or could be a modification to an existing program or hardware device. • It may also do fake information about disk and memory usage.
- 17. 17 Important Concepts in Information Security (Cont..) Denial-of-service attack • Unlike other exploits, denials of service attacks are not used to gain unauthorized access or control of a system. • They are instead designed to render it unusable.
- 18. 18 Important Concepts in Information Security (Cont..) Denial-of-service attack • Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once.
- 19. 19 Important Concepts in Information Security (Cont..) Denial-of-service attack • These types of attack are, in practice, very hard to prevent, because the behaviour of whole networks needs to be analyzed, not only the behaviour of small pieces of code.
- 20. 20 Important Concepts in Information Security (Cont..) Denial-of-service attack • Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion.
- 21. 21 Important Concepts in Information Security (Cont..) Direct-access attacks • An unauthorized user gaining physical access to a computer (or part thereof) can perform many functions, install different types of devices to compromise security, including operating system modifications, software worms, key loggers, and covert listening devices.
- 22. 22 Important Concepts in Information Security (Cont..) Direct-access attacks • The attacker can also easily download large quantities of data onto backup media, for instance CD-R/DVD- R, tape; or portable devices such as key drives, digital cameras or digital audio players.
- 23. 23 Important Concepts in Information Security (Cont..) Direct-access attacks • Another common technique is to boot an operating system contained on a CD-ROM or other bootable media and read the data from the hard drive(s) this way.
- 24. 24 Important Concepts in Information Security (Cont..) Direct-access attacks • The only way to defeat this is to encrypt the storage media and store the key separate from the system. • Direct-access attacks are the only type of threat to Standalone computers (never connect to internet), in most cases.
- 25. 25 Important Concepts in Information Security (Cont..) Eavesdropping • Eavesdropping is the act of listening to a private conversation, typically between hosts on a network. • For instance, programs such as Carnivore and NarusInsight have been used by the FBI and NSA to eavesdrop on the systems of internet service providers.
- 26. 26 Important Concepts in Information Security (Cont..) Spoofing • Spoofing of user identity describes a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
- 27. 27 Important Concepts in Information Security (Cont..) Tampering • Tampering describes an intentional modification of products in a way that would make them harmful to the consumer.
- 28. 28 Questions Any Question Please? You can contact me at: drshafiq@uosahiwal.edu.pk Your Query will be answered within one working day.
- 29. 29 Further Readings • Chapter No. 1 Computer_Security_Principles_and_Practice_(3rd_E dition) By William Stallings and Lawrie Brown
- 30. 30 Thanks