Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security & Privacy

Published byDolores Rico Giménez Modified over 6 years ago

Similar presentations

Presentation on theme: "Information Security & Privacy"— Presentation transcript:

1 Information Security & Privacy
April 20, 2016

2 LEARNING GOALS Understand security attacks’ preps
Discuss the major threats to information systems 2

3 The Security Problem 2013 FBI Computer Crime and Security Survey
90% of large companies and government agencies reported computer security breach 80% reported sizeable financial loss Only 40% indicated security attacks came from outside the company 85% reported as victim of computer virus 3

4 TCP/IP-based Communications
Requesting a web page from eiu.edu: Computer 1 (User PC) Web browser Get index.php in default folder from eiu.edu Formatting Prg. Packet Creator From: :1234 To: :80 ……. Signal Generator Computer 2 (web server) Transmission media 4

5 TCP/IP Packet TCP/IP Packets or computer messages have two parts:
Communications protocols Actual message to be delivered Source IP Address: Source Program: Web Browser 1234 Destination IP Address: Destination Program: Server Program 80 Formatting scheme: ASCII Get index.php From: server eiu.edu Location: Home directory Message to be delivered Protocols tell the receiving computer: - Sender’s ID - How to read the message 5

6 Received: from hotmail. com (bay103-f21. bay103. hotmail. com [65. 54
Received: from hotmail.com (bay103-f21.bay103.hotmail.com [ ])      by barracuda1.eiu.edu (Spam Firewall) with ESMTP id B10BA1F52DC      for Wed, 18 Feb :14: (CST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;      Wed, 18 Feb :14: Message-ID: Received: from by by103fd.bay103.hotmail.msn.com with HTTP;      Thu, 19 Feb :14:58 GMT X-Originating-IP: [ ] X-Originating- X-Sender: In-Reply-To: X-PH: From: To: X-ASG-Orig-Subj: RE: FW: Same cell# Subject: RE: FW: Same cell# Date: Thu, 19 Feb :14: Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-OriginalArrivalTime: 19 Feb :14: (UTC) FILETIME=[DCA31D60:01C62D0D] X-Virus-Scanned: by Barracuda Spam Firewall at eiu.edu X-Barracuda-Spam-Score: 0.00 Hi, I just wanted to let you know that I have received the packet you sent. 6

7 Test Your TCP/IP knowledge
You have received an from a potential business partner who pretends to be overseas. Which of the following could help determine the location of the computer he/she used to send the message? Check the domain name that appears in the sender’s address The destination IP address The Source IP address that appears in the communication protocols’ part of the From: To: Subject: meeting ____________________ Hi, I couldn’t make it to the meeting because I am overseas in business. 7

8 Attack strategy Scanning Password Guessing
Ping messages (To know if a potential target exist, is connected to the network, and is responsive) Supervisory messages (To know if victim available) Tracert, Traceroute (to know about the route that leads to target) Check the Internet (e.g. for latest systems vulnerabilities Password Guessing Trying different usernames and passwords in an attempt to “break” a password and gain an unauthorized access. Password Guessing, Dictionary attack, Brute Force attack Guessing passwords and stealing password file and using password cracking tools to break the password Use Social engineering strategy to get other information By tricking employees to provide passwords, keys and other info. over the telephone By phishing i.e. misleading people to provide confidential info through s, fake websites, etc. 8

9 Test Your Attacks Strategy Knowledge
An attacker is preparing an attack. He got the IP address of a potential target. Which of the following could he use in order to determine whether or not the potential target exist, is connected to the network, and is maybe responsive? Do some scanning using the connected command Use the tracert command Do some scanning by sending ping messages to the target computer None of the above Which of the following has more chance of succeeding? An attack launched by a hacker using a computer that is not part of the target corporate network. An attack launched by a hacker using a computer that is part of the target corporate network. a and b have the same chance of succeeding 9

10 Major security threats
Denial of Service (DoS) attacks The attacker makes a target (usually a server) crash in order to deny service to legitimate users Content attack / Malware attack Sending messages with illicit or malicious content System intrusion Getting unauthorized access to a network 10

11 Content attacks / Malware attacks
Incoming messages with: Malicious content (or malware) Viruses (infect files on a single computer) Worms (Propagate across system by themselves) Trojan horses (programs that appear to be benign, but do damage or take control of a target computer) Illicit content Pornography Sexually or racially harassing s Spams (unsolicited commercial s) Q: Besides through s, how can a computer system be a victim of a virus, worm, or Trojan horse attack? 11

12 Trojan horse A computer program When executed, a Trojan horse could
That appears as a useful program like a game, a screen saver, etc. But, is really a program designed to do damage or to open the door for a hacker to take control of the host computer When executed, a Trojan horse could Format disks Delete files Allow a remote computer to take control of the host computer. This kind of Trojan is called Back Door. NetBus and SubSeven used to be attackers’ favorite programs for target remote control 12

13 Trojan horse NetBus Interface 13

14 Review Questions What is a type of malware that spreads itself, not just from file to file, but also from computer to computer? Computer virus Worm Trojan horse None of the above What is a malware that opens a way into the network for future attacks? Open Door Back Door 14

Download ppt "Information Security & Privacy"

Similar presentations

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.

Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Computer Viruses.

Computer Viruses.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.

Network Security. Permission granted to reproduce for educational use only.© Goodheart-Willcox Co., Inc. Objectives  Give examples of common network.
Threats To A Computer Network

Threats To A Computer Network
Information Security & Privacy November 13, 2014.

Information Security & Privacy November 13, 2014.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Threats and Attacks Principles of Information Security, 2nd Edition

Threats and Attacks Principles of Information Security, 2nd Edition
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Cyber Crime & Security Raghunath M D BSNL Mobile Services,

Cyber Crime & Security Raghunath M D BSNL Mobile Services,
ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.

ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.
Malware  Viruses  E-mail Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.

Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Cyber crime & Security Prepared by : Rughani Zarana.

Cyber crime & Security Prepared by : Rughani Zarana.
1 Final Exam Review (Part 2) BUS3500 - Abdou Illia, Fall 2007 (Thursday 12/6/2007)

1 Final Exam Review (Part 2) BUS Abdou Illia, Fall 2007 (Thursday 12/6/2007)
Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail (email) Electronic Mail (email) Domain mail server collects incoming mail.

Lecture#2 on Internet and World Wide Web. Internet Applications Electronic Mail ( ) Electronic Mail ( ) Domain mail server collects incoming mail.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

Similar presentations

Ads by Google