Introduction of Computer Security.....Introduction of Computer Security..... What is Computer Security?• Lock the doors and windows and you are secure

NOT• Call the police when you feel insecure

Really?• Computers are powerful, programmable machines

Whoever programs them controls them (and not you)

• Networks are ubiquitous Carries genuine as well as malicious traffic

End result: Complete computer security is unattainable, it is a cat and mouse game; Similar to crime vs. law enforcement.

Definition Which I Defined About Definition Which I Defined About Computer Security… Computer Security…

Computer security is information security as applied to computing devices such as computers and smart phones, as well as computer networks such as private and public networks, including the Internet.

The Definition From WikipediaThe Definition From Wikipedia

Computer Security is the protection of computing systems and the data that User store or access.

Goals Of Computer security…. Goals Of Computer security….

• Integrity: Guarantee that the data is what we expect.

•Confidentiality: The information must just be accessible to the

authorized people.

•Reliability: Computers should work without having unexpected problems.

•Authentication: Guarantee that only authorized persons can access to the resources.

Basic Security…Basic Security…

Why is Computer Security Why is Computer Security Important?Important?

alsoalso….….

Password guessing

Phishing

Spoofing

Back door

Buffer overflow

Denial-of-service

Man-in-the-middle

Security AttacksSecurity AttacksAttack on the computer system itselfAttack on the computer system itself

Have you ever experienced one of these?Have you ever experienced one of these?

Password GuessingPassword Guessing Obvious

PhishingPhishing Trick users into revealing security information

SpoofingSpoofing Malicious user masquerades as authorized user

Back doorBack door A backdoor is a program placed by a black-

hacker that allows him to access a system. A backdoor have many functionalities such as keyboard-sniffer, display spying, etc.

Buffer overflowBuffer overflow Defect that could cause a system to crash and

leave the user with heightened privileges

Denial of serviceDenial of service Attach that prevents authorized user from

accessing the system

Man in the middleMan in the middle Network communication is intercepted in an

attempt to obtain key data

More Attacks…More Attacks…

1. Packet Sniffing (Internet traffic consists of data “packets”, and these can be “sniffed”)

2. Man in the Middle(Insert a router in the path between client and server, and change the packets as they pass through)

3. DNS hijacking(Insert malicious routes into DNS tables to send traffic for genuine sites to malicious sites)

4. Phishing(An evil website pretends to be a trusted website)Example:

1. You type, by mistake, “mibank.com” instead of “mybank.com”mibank.com designs the site to look like mybank.com so the user types

in their info as usual2. BAD! Now an evil person has your info!

VirusVirusPiece of code that automatically reproduces itself. It’s attached to other programs or files, but requires user intervention to propagate.

Attacks on Computer For Virusi. Infect Executable filesii. Infect Boot sectorsiii. Infect Documents (macros), scripts (web pages), etc.

Source of VirusIt can be create itself in computer system. It also create with storage elements, mails, downloaded files or shared folders.

WormWormPiece of code that automatically reproduces itself over the network. It doesn’t need the user intervention to propagate (autonomous).

Attacks on Computer For WormIt infects computer via buffer overflow, file sharing, configuration errors and other vulnerabilities.

What It search?

It search Email addresses, DNS, IP, networkneighborhood for hacking or Maliciousprograms Backdoor, DDoS agent, etc.

Social EngineeringSocial Engineering

•Manipulating a person or persons into divulging confidential information.

Would us also have to aware about this?

1. Yes, cause Social engineers are a lot more cunning than you.

2. It also can Happen with Corporate Executive & Most of theme are fooled by this hackers.

Here’s a small Example of Social Here’s a small Example of Social engineer’s work..engineer’s work..

How can we protect our How can we protect our Computers & Us from this Computers & Us from this kind of threats..kind of threats..

For computer access

1. User knowledge (Name, password, PIN)

2. Smart card (A card with an embedded memory chip used for identification)

3. Biometrics (Human characteristics such as fingerprints, retina or voice patterns)

Guideline For Password....Guideline For Password....

1. Easy to remember, hard to guess

2. Don’t use family or pet names

3. Don’t make it accessible

4. Use combination uppercase/lowercase letters, digits and special characters

5. Don’t leave computer when logged in

6. Don’t ever tell anyone

7. Don’t include in an email

8. Don’t use the same password in lots of places

On InternetOn Internet

CAPTCHASoftware that verifies that the user is not another computer

You have to look at a weird set of characters and key them back in. Why does this work?

•FFinger print analyseringer print analyser

Some Other Techniques of Securing Computer.... Ensuring computer and network security

i. Cryptographyii. Secure networksiii. Antivirus softwareiv. Firewalls

In addition, users have to practice “safe computing”

1. Not downloading from unsafe websites2. Not opening attachments3. Not trusting what you see on websites4. Avoiding Scams

CryptographyCryptographySecret Codes

Encryptiono Converting data to unreadable codes to prevent anyone form

accessing this information.o Need a “key” to find the original data – keys take a few

million-trillion years to guess.

Public keysAn ingenious system of proving you know your password without

disclosing your password. Also used for digital signatures.o Used heavily in SSL connections.

Hashingo Creating fingerprints of documents.

Conclusion

Its not that easy to protect yourself or your computer from threats & attacks. But its not that much harder either. So just follow some rules & you are protected from this threats & attacks.

Computer security is for protect the user. So we will follow the rules to protect ourselves.