Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Fundamentals

Published byClara Garrison Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Fundamentals"— Presentation transcript:

1 Security Fundamentals
Module 2 unit 1 Security Fundamentals

2 Security basics Confidentiality – keeping data private
Allowing only authorized users to access private files. Integrity – any data that is sent between users must have a guarantee that the data has not been tampered with during transmission. Authentication – all systems should prove the identity of users Associate users with a valid account by requesting that they provide data unique to each user

3 Non-repudiation – once the data has been sent, the sender must not be able to deny sending the data.
Ant-replay – this stops users from resending data in an effort to pretend that they are someone else.

4 Social engineering The use of social tricks or psychology to gain access to secured systems. The goal is to trick people into revealing passwords and other information.

5 Phishing and pharming  Phishing involves getting a user to enter personal information via a fake website. Paypal Ebay yahoo Pharming involves modifying DNS entries, which causes users to be directed to the wrong website when they visit a certain Web address.

6 Mitigating Social Engineering
What makes attacks effective? Authority Intimidation Consensus / social proof Scarcity Urgency Familiarity / liking Trust What makes attacks ineffective? Policy and standard procedures Education and training Accounting (auditing and surveillance)

7 Malware Malware A general term for any type of unwanted software that does mischief or permanent damage to your computer. Malware is created by people to intentionally do mischief of damage to your computer Worms A piece of computer code that is able to send itself to many computers by taking control of a computers ability to transport files and information. They get into your computer via .

8 Trojans and Spyware Trojans get into your computer via a program then damage and destroy programs and files. Spyware downloads into your computer without you knowing that. It can collect personal information about you such as passwords, credit card numbers and web sites you visit, and transmit this to a third party. It can also change the configuration of your computer, or put advertisements on your computer.

9 Adware – software that displays banners or pop- up ads on your computer.
It downloads to your computer when you access certain internet sites, or when you agree to download it when using certain freeware or shareware.

10 Antivirus software Software that detects viruses coming into your computer and attempts to get rid of them.

11 Network Reconnaissance
Reconnaissance attack is a kind of information gathering on network system and services. This enables the attacker to discover vulnerabilities or weaknesses on the network. Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities. 

12 Footprinting Footprinting - Process of collecting information about an organization, its network, its IP address ranges and the people who use them Footprinting is conducted through social engineering and by researching information from printed resources From online resources Footprinting tools/techniques Performing web reconnaissance DNS interrogation

13 Eavesdropping Network Eavesdropping or network sniffing is a network layer attack consisting of capturing packets from the network transmitted by others' computers and reading the data content in search of sensitive information like passwords, session tokens, or any kind of confidential information. The attack could be done using tools called network sniffers. These tools collect packets on the network and, depending on the quality of the tool, analyse the collected data like protocol decoders or stream reassembling

14 Man-in-the-Middle The man-in-the middle attack intercepts a communication between two systems. For example, in an http transaction the target is the TCP connection between client and server. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server. Once the TCP connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication.

15 Man-in-the-Middle

16 Denial of Service A denial-of-service (DoS) or distributed denial- of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users. A DoS attack generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet

17 Exploits Exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behaviour to occur on computer software, hardware, or something electronic (usually computerized). Such behaviour frequently includes things like gaining control of a computer system, allowing privilege escalation, or a denial-of- service attack.

18 Management Create a management and inspection plan
Log and document management / maintenance / system reconfiguration activities

19 Incident Response Procedures and guidelines for dealing with security incidents Different goals Re-establish a secure working system Preserve evidence of the incident with the aim of prosecuting the perpetrators Prevent reoccurrence of the incident National Institute of Standards and Technology (NIST) Computer Security Incident Handling Guide Preparation Detection and Analysis Containment, Eradication, and Recovery Post-incident Activity

20 Patch Management Updates, patches, hotfixes, and service packs
Update policies Windows Automatic Updates Windows / Office / Microsoft Update Linux / Mac OS downloadable updates Application updates Firmware

21 Training / Education

Download ppt "Security Fundamentals"

Similar presentations

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Threats To A Computer Network

Threats To A Computer Network
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.

Analysis of Attack By Matt Kennedy. Different Type of Attacks o Access Attacks o Modification and Repudiation Attacks o DoS Attacks o DDoS Attacks o Attacks.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
APA of Isfahan University of Technology In the name of God.

APA of Isfahan University of Technology In the name of God.
Securing Information Systems

Securing Information Systems
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended.

Lecture 14. Lecture’s outline Privacy The sender and the receiver expect confidentiality. The transmitted message must make sense only to the intended.
PART THREE E-commerce in Action Norton University E-commerce in Action.

PART THREE E-commerce in Action Norton University E-commerce in Action.
UNIT 4 ASSIGNMENT VIRUSES & DESTRUCTIVE PROGRAMS.

UNIT 4 ASSIGNMENT VIRUSES & DESTRUCTIVE PROGRAMS.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Viruses & Destructive Programs

Viruses & Destructive Programs
Software Security Testing Vinay Srinivasan cell: +91 9823104620.

Software Security Testing Vinay Srinivasan cell:
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

Similar presentations

Ads by Google