1. 2 what is security? computer security deals with the prevention and detection of, and the...
TRANSCRIPT
1
2
What is security? Computer Security deals with the prevention and detection of, and the reaction to, unauthorized actions by users of a
computer system or network.
3
Attacks/Threats Physical Access Modification Denial of Service Invasions of Privacy
4
Physical Attacks Hardware theft File/Information Theft Information modification Software installation
5
Access Attacks Attempt to gain information that the
attacker is unauthorized to see Password pilfering An attack against confidentiality
Snooping Eavesdropping Interception
6
Modification Attacks An attempt to modify information an
attacker is not authorized to modify An attack against information
integrity Changes Insertion Deletion
7
Denial-Of-Service Attacks Deny the use of resources to
legitimate users of a system Denial of access to information Denial of access to applications Denial of access to systems Denial of access to communications
8
Privacy Attacks Collection of information about
you your computer configuration your computer use your surfing habits
9
Malware
Trap DoorLogic BombsTrojan HorsesWormsBacteriaVirusesMobile Code
10
Malware – collection of techniques/programs that produce undesirable effects on a computer system or network
Differentiate based on Needs host program Independent Replicate Don’t replicate
11
Malware
Needs HostProgram
Independent
Logic Bomb
WormsBacteriaTrapdoor
TrojanHorse
Virus
12
Worms Programs that use network connections to
spread from system to system Once active on a system can behave as
another form of malware Propagates
Search for other systems to infect Establish connection with remote system Copy itself to remote system and executes
13
The Great Worm Robert Morris released the most famous
worm in 1988 Crashed 6000 machines on the Internet
(10%) Exploited bug in fingerd program Bug in worm crashed machines which
prevented the worm from spreading Estimated damage $100 million Three years probation, 400 hrs community
service , $10,500 fine
14
Bacteria Programs that do not explicitly
damage files Sole purpose is to replicate
themselves within a system Reproduce exponentially taking up
Processor capacity Memory Disk space
15
Viruses Infect other programs by modifying
them First one written in 1983 by USC
student Fred Cohen to demonstrate the concept
Approximately 53,000 exist Modification includes copy of virus
16
How Virus are spread Peer to peer networks Via email attachments Via media FTP sites Chat and instant messaging Commercial software Web surfing Illegal software
17
Types of Viruses Parasitic
Traditional virus and most common Attaches itself to executable files and
replicates Memory resident
Lodges in memory as part of OS Infects every program that executes
18
Boot sector Infects master boot record or boot
record Spreads when system boots Seldom seen anymore
Stealth Designed to hide itself from detection
by antivirus software
19
Polymorphic Mutates with every infection Functionally equivalent but distinctly different
bit patterns Inserts superfluous instructions or interchange
order of independent instructions Makes detection of signature of virus difficult Mutation engine creates random key and
encrypts virus Upon execution the encrypted virus is
decrypted and then run
20
Macro Viruses Make up two thirds of all viruses Platform independent Word documents are the common
vehicle rather than executable code “Concept” 1995 first Word macro
virus Easily spread
21
Melissa Virus March 1999 Spread in Word documents via email Once opened virus would send itself
to the first 50 people in Outlook address book
Infected normal.dot so any file opened latter would be infected
Used Visual Basic for applications Fastest spreading virus ever seen
22
Antivirus software
Some of the common methods used are checksumming and signature based scanning.
Now a days antivirus softwares use a method called Heuristics.
Limits ability of virus to update files The common antivirus softwares available in
the market are
23
Virus Detection and Prevention Tips Do not open an email from an unknown,
suspicious or untrustworthy source Do not open any files attached to an email Turn off preview pane in email client Enable macro virus protection in all your
applications Beware of pirated software Don’t accept files while chatting or
messaging
24
Do not download any files from strangers. Exercise caution when downloading files
from the Internet. Turn on view file extensions so you can
see what type of file you are downloading Save files to disk on download rather than
launch application Update your anti-virus software regularly. Back up your files on a regular basis.
25
Privacy
CookiesSpyware
26
Cookies A cookie is a piece of text-based
information transmitted between a Web site (server) and your browser
Saved on your hard drive Netscape – cookies.txt IE – separate files in cookies folder
27
Sent by Web site for future retrieval Used to maintain state Can be
Persistent and have expiration date Session only Third party
Transferred via HTTP Headers JavaScript Java Applications Email with HTML content
28
How to disable cookies in MS Internet Explorer V6 – Default
29
Spyware
30
Spyware Spyware is software/hardware that spies
on what you do on your computer Often is it employs a user's Internet
connection in the background (the so-called "backchannel") without their knowledge or explicit permission.
Installed without the user’s knowledge with shareware/freeware
31
Spyware Capabilities Record addresses of
Web pages visited Record recipient
addresses of each email you send
Record the sender addresses of each email you receive
Recording the contents of each email you send/receive
Corporations to monitor computer usage of employees
Computer crackers to capture confidential information
Parents to monitor use of family computer
Advertising and marketing companies to assemble marketing data to serve personalized ads to individual users
Who uses SPYWARES?
32
What haven’t we covered? Security in the wireless environment Authentication systems and their
vulnerabilities Operating systems configuration Network security Security Appliances E-mail privacy
33
Thank you for attending
BY DWITIKRUSHNA NAYAK
24I&E/2K