System security and tools

Subtopics covered :1. System Vulnerability and Abuse2. Techs. And Tools for Protecting Info

Resources

Group members are:3. Karan Bhandari(39)4. Gurshawn Singh(35)

5. Nishad Prabhu(3)

As we all know, Technology has

tremendously affected us and our way

of living.

Daily Mail is now Best as E-mail,

Newspapers are on Large screens,

Communication is highly globalized

and storage is within the size range of

our fingers.

But, All this does come with its

drawbacks… Viruses ! Trojans !

Introduction

A set of things working together as parts of a mechanism or

an interconnecting network.

Due to storage of electronic data, Access points are Endless

The potential for unauthorized access, abuse or fraud is high

Why Systems are Vulnerable ?

To gain access a user must be authorized and authenticated – established by using passwords

Passwords have their disadvantages

New technologies like tokens, smart cards, and biometric authentication

Access control

Malicious software: Viruses, Worms, Trojan Horses and Spyware

Malicious software programs are referred to as

malware and include a variety of threats such

as computer viruses, worms and trojan horses.

COMPUTER VIRUS: a rogue software

program. viruses usually deliver a payload.

WORMS: are independent computer programs

TROJAN HORSE: appears to be benign but then does something other than expected.

SPYWARE: install themselves on computer to monitor user activities

KEYLOGGERS: record every keystroke made on a computer.

Hackers and Computer Crime

A HACKER is an individual who intends to gain

unauthorized access to a computer system.

Hacker vs. cracker

hacker activities include theft, damage and cyber

vandalism.

Spoofing and Sniffing

Hackers attempting to hide their true identities often

spoof, or misrepresent themselves

This is known as SPOOFING.

A SNIFFER is a type of eavesdropping program that

monitors information travelling over a network.

Denial of Service Attacks

In a DoS attack, hackers flood a network server or web

server with many thousands of false communications or

requests for services to crash the network

A Distributed denial-of-service (DDoS) attack uses

numerous computers from different launch points to

inundate and overwhelm the network.

Computer Crime

Computer crime is defined by the U.S.

Department of Justice as “any violations of

criminal law that involve a knowledge of

computer technology for their perpetrations,

invesigation or prosecution.

Identity Theft

Identity Theft is a crime in which an imposter

obtains key pieces of personal information.

Popular tactic is a form of spoofing called PHISHING.

EVIL TWINS and PHARMING are harder to detect.

Click Fraud & Global Threat

CLICK FRAUD: occurs when an individual or

computer program fraudulently clicks on an online

ad without any intention of learning more about the

advertiser or making a purchase.

GLOBAL THREAT: Involves Cyber terrorism and

cyber warfare.

Internet Threats: Employees

Malicious intruders seeking system access

sometimes trick employees into revealing

their passwords and other information.

This practice is called SOCIAL

ENGINEERING.

Software Vulnerability

Software poses a constant threat to information

systems, causing untold losses in productivity.

There may be presence of hidden Bugs or Program

Code Defects.

Zero defects cannot be achieved in larger programs

Technologies and tools for protecting information

resources

• Securing systems

• Ensuring system availability

• Ensuring software quality

Firewalls

Combination of hardware and software that controls traffic

Acts as a gatekeeper

There are a no. of firewall screening technologies like

-Static packet filtering

-Stateful inspection

-Network address translation(NAT)

-Application proxy filtering

Intrusion detection systems

Placed at the hotspots

Generates a alarm if it finds a suspicious or

anomalous event

Looks for known methods of computer attacks

Detects removal or modification of files

Examines events as they are happening

Anti-Virus and Anti-spyware

Checks for presence of viruses

Most softwares are effective only against

known viruses

Available widely

Encryption

Transforming plain text or data into cipher , using an

encryption key

Two methods to encrypt network traffic

- Secure socket layer

- Secure hypertext transfer protocol

Two alternate methods to encrypt

-Symmetric key encryption

-Public key encryption

Ensuring system availability

Ensuring system and application availability is a

must for companies eg. Airline service

Fault tolerant systems use special software to

detect harware failures and automatically switch to

backup

Should not be confused with high availability

computing