Computer Security Products Computer Security Products Inc ...
Computer security
-
Upload
kawsar-ahmed -
Category
Documents
-
view
50 -
download
1
Transcript of Computer security
Introduction of Computer Security.....Introduction of Computer Security..... What is Computer Security?• Lock the doors and windows and you are secure
NOT• Call the police when you feel insecure
Really?• Computers are powerful, programmable machines
Whoever programs them controls them (and not you)
• Networks are ubiquitous Carries genuine as well as malicious traffic
End result: Complete computer security is unattainable, it is a cat and mouse game; Similar to crime vs. law enforcement.
Definition Which I Defined About Definition Which I Defined About Computer Security… Computer Security…
Computer security is information security as applied to computing devices such as computers and smart phones, as well as computer networks such as private and public networks, including the Internet.
The Definition From WikipediaThe Definition From Wikipedia
Computer Security is the protection of computing systems and the data that User store or access.
Goals Of Computer security…. Goals Of Computer security….
• Integrity: Guarantee that the data is what we expect.
•Confidentiality: The information must just be accessible to the
authorized people.
•Reliability: Computers should work without having unexpected problems.
•Authentication: Guarantee that only authorized persons can access to the resources.
Basic Security…Basic Security…
Why is Computer Security Why is Computer Security Important?Important?
alsoalso….….
Password guessing
Phishing
Spoofing
Back door
Buffer overflow
Denial-of-service
Man-in-the-middle
Security AttacksSecurity AttacksAttack on the computer system itselfAttack on the computer system itself
Have you ever experienced one of these?Have you ever experienced one of these?
Password GuessingPassword Guessing Obvious
PhishingPhishing Trick users into revealing security information
SpoofingSpoofing Malicious user masquerades as authorized user
Back doorBack door A backdoor is a program placed by a black-
hacker that allows him to access a system. A backdoor have many functionalities such as keyboard-sniffer, display spying, etc.
Buffer overflowBuffer overflow Defect that could cause a system to crash and
leave the user with heightened privileges
Denial of serviceDenial of service Attach that prevents authorized user from
accessing the system
Man in the middleMan in the middle Network communication is intercepted in an
attempt to obtain key data
More Attacks…More Attacks…
1. Packet Sniffing (Internet traffic consists of data “packets”, and these can be “sniffed”)
2. Man in the Middle(Insert a router in the path between client and server, and change the packets as they pass through)
3. DNS hijacking(Insert malicious routes into DNS tables to send traffic for genuine sites to malicious sites)
4. Phishing(An evil website pretends to be a trusted website)Example:
1. You type, by mistake, “mibank.com” instead of “mybank.com”mibank.com designs the site to look like mybank.com so the user types
in their info as usual2. BAD! Now an evil person has your info!
VirusVirusPiece of code that automatically reproduces itself. It’s attached to other programs or files, but requires user intervention to propagate.
Attacks on Computer For Virusi. Infect Executable filesii. Infect Boot sectorsiii. Infect Documents (macros), scripts (web pages), etc.
Source of VirusIt can be create itself in computer system. It also create with storage elements, mails, downloaded files or shared folders.
WormWormPiece of code that automatically reproduces itself over the network. It doesn’t need the user intervention to propagate (autonomous).
Attacks on Computer For WormIt infects computer via buffer overflow, file sharing, configuration errors and other vulnerabilities.
What It search?
It search Email addresses, DNS, IP, networkneighborhood for hacking or Maliciousprograms Backdoor, DDoS agent, etc.
Social EngineeringSocial Engineering
•Manipulating a person or persons into divulging confidential information.
Would us also have to aware about this?
1. Yes, cause Social engineers are a lot more cunning than you.
2. It also can Happen with Corporate Executive & Most of theme are fooled by this hackers.
Here’s a small Example of Social Here’s a small Example of Social engineer’s work..engineer’s work..
How can we protect our How can we protect our Computers & Us from this Computers & Us from this kind of threats..kind of threats..
For computer access
1. User knowledge (Name, password, PIN)
2. Smart card (A card with an embedded memory chip used for identification)
3. Biometrics (Human characteristics such as fingerprints, retina or voice patterns)
Guideline For Password....Guideline For Password....
1. Easy to remember, hard to guess
2. Don’t use family or pet names
3. Don’t make it accessible
4. Use combination uppercase/lowercase letters, digits and special characters
5. Don’t leave computer when logged in
6. Don’t ever tell anyone
7. Don’t include in an email
8. Don’t use the same password in lots of places
On InternetOn Internet
CAPTCHASoftware that verifies that the user is not another computer
You have to look at a weird set of characters and key them back in. Why does this work?
•FFinger print analyseringer print analyser
Some Other Techniques of Securing Computer.... Ensuring computer and network security
i. Cryptographyii. Secure networksiii. Antivirus softwareiv. Firewalls
In addition, users have to practice “safe computing”
1. Not downloading from unsafe websites2. Not opening attachments3. Not trusting what you see on websites4. Avoiding Scams
CryptographyCryptographySecret Codes
Encryptiono Converting data to unreadable codes to prevent anyone form
accessing this information.o Need a “key” to find the original data – keys take a few
million-trillion years to guess.
Public keysAn ingenious system of proving you know your password without
disclosing your password. Also used for digital signatures.o Used heavily in SSL connections.
Hashingo Creating fingerprints of documents.
Conclusion
Its not that easy to protect yourself or your computer from threats & attacks. But its not that much harder either. So just follow some rules & you are protected from this threats & attacks.
Computer security is for protect the user. So we will follow the rules to protect ourselves.