INTERNETSECURITY with the different threats

PrabinPathak5 10 views 23 slides Jul 15, 2024
Slide 1
Slide 1 of 23
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23

About This Presentation

It is about the security threat and malwares and how to avoid them

Size: 551.09 KB
Language: en
Added: Jul 15, 2024
Slides: 23 pages

Slide Content

INTERNET SECURITY

Computer Security 1) Computer security basically is the protection of computer systems and information from harm, theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of your computer system . 2) Computer security ensures that a business’s data and computer systems are safe from breaches and unauthorized access . 3) Computer security protects individuals and organizations against cyber threats and the loss of important data. 

Computer security types Information security  is securing information from unauthorized access, modification & deletion Application Security  is securing an application by building security features to prevent from Cyber Threats such as SQL injection, DoS attacks, data breaches and etc. C omputer Security   means securing a standalone machine by keeping it updated and patched Network Security  is by securing both the software and hardware technologies Cybersecurity  is defined as protecting computer systems, which communicate over the computer  networks.

Security Threat and Security attack  A threat is malicious act, that has the potential to damage the system or asset while an attack is an intentional act that causes damage to a system or asset . Security Threats  Malware : Malicious software like viruses, worms, Trojans, and ransomware .  Phishing : Attempts to trick individuals into revealing sensitive information such as passwords or credit card numbers .  A Distributed Denial of Service ( DDoS ) attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of internet traffic. DDoS attack uses multiple sources, often compromised computers or devices (botnets), to launch coordinated attacks simultaneously.  Physical Threats : Theft, vandalism, or destruction of hardware, data, or facilities.

Security attack Brute Force Attacks : Attempting to guess passwords or encryption keys through exhaustive trial and error. Man-in-the-Middle ( MitM ) Attacks : Intercepting communication between two parties to eavesdrop or modify the data. SQL Injection : Exploiting vulnerabilities in web applications to execute arbitrary SQL commands on a database. Cross-Site Scripting (XSS) : Injecting malicious scripts into web pages viewed by other users. Data Breaches : Unauthorized access to sensitive data, often resulting in its theft, disclosure, or modification. A Zero-Day Attack refers to a cyber attack that exploits a previously unknown vulnerability or weakness in software or hardware. In other words, the attack occurs on the same day the vulnerability is discovered or made public.

Malicious software Malicious Software refers to any malicious program that causes harm to a computer system or network. Malicious Malware Software attacks a computer or network in the form of viruses, worms, trojans , spyware, adware or rootkits .  Computer Virus A computer virus is a malicious software which self-replicates and attaches itself to other files/programs. It is capable of executing secretly when the host program/file is activated. The different types of Computer virus are Memory-Resident Virus, Program File Virus, Boot Sector Virus, Stealth Virus, Macro Virus, and Email Virus.

Continue.. Worms A worm is a malicious software which similar to that of a computer virus is a self-replicating program, however, in the case of worms, it automatically executes itself. Worms spread over a network and are capable of launching a cumbersome and destructive attack within a short period. Trojan Horses Unlike a computer virus or a worm – the trojan horse is a non-replicating program that appears legitimate. After gaining the trust, it secretly performs malicious and illicit activities when executed. Hackers make use of trojan horses to steal a user’s password information, destroy data or programs on the hard disk. It is hard to detect!

Security services Confidentiality : Definition : Confidentiality ensures that sensitive information is only accessible to authorized individuals, systems, or processes. Objective : The goal is to prevent unauthorized disclosure of data to unauthorized entities. Examples : Encryption, access controls, data classification, and data masking are common techniques used to enforce confidentiality . Integrity : Definition : Integrity ensures that data remains accurate, consistent, and unaltered during storage, transmission, and processing. Objective : The goal is to prevent unauthorized modification, deletion, or corruption of data by ensuring that it remains trustworthy and reliable. Examples : Hash functions, digital signatures, checksums, and file integrity monitoring are used to detect and prevent unauthorized changes to data.

Continue.. Authentication : Definition : Authentication verifies the identity of users, systems, or entities attempting to access resources or services. Objective : The goal is to ensure that users are who they claim to be and that only authorized entities can access sensitive resources or perform specific actions. Examples : Passwords, biometrics, digital certificates, multi-factor authentication (MFA), and security tokens are used to authenticate users and devices . Non-Repudiation : Definition : Non-repudiation ensures that individuals or entities cannot deny their actions or transactions after they have occurred. Objective : The goal is to provide evidence that a particular action, such as sending a message or conducting a transaction, was performed by a specific entity and cannot be repudiated. Examples : Digital signatures, audit logs, transaction logs are used to provide evidence of authenticity and accountability.

Security mechanism concepts One of the most specific security mechanisms in use is cryptographic techniques. Encryption or encryption-like transformations of information are the most common means of providing security. Some of the mechanisms are: 1) Encipherment : 2) Digital Signature: 3) Access Control:

Encipherment Encipherment , also known as encryption  I s the process of converting plaintext data into ciphertext using cryptographic algorithms and keys. Examples : Common encryption algorithms include Advanced Encryption Standard (AES), Rivest Cipher (RC), and Data Encryption Standard (DES). The primary goal of encipherment is to protect the confidentiality of sensitive information by preventing unauthorized access or interception.

Digital signature A digital signature is a cryptographic technique used to validate the authenticity, integrity, and non-repudiation of digital messages, documents, or transactions . How do you create a digital signature? To create a digital signature, signing software -- such as an email program -- is used to provide a one-way hash of the electronic data to be signed. A hash is a fixed-length string of letters and numbers generated by an algorithm. The digital signature creator's private key is used to encrypt the hash. The encrypted hash -- along with other information, such as the hashing algorithm -- is the digital signature.

Continue.. The reason for encrypting the hash instead of the entire message or document is because a hash function can convert an arbitrary input into a fixed-length value, which is usually much shorter. This saves time, as hashing is much faster than signing. The value of a hash is unique to the hashed data. Any change in the data -- even a modification to a single character -- results in a different value. This attribute enables others to use the signer's public key to decrypt the hash to validate the integrity of the data.

Continue.. If the decrypted hash matches a second computed hash of the same data, it proves that the data hasn't changed since it was signed. But, if the two hashes don't match, the data has either been tampered with in some way and is compromised or the signature was created with a private key that doesn't correspond to the public key presented by the signer. This signals an issue with authentication.

Access control Access control is a fundamental component of data security that dictates who's allowed to access and use company information and resources. Through authentication and authorization, access control policies make sure users are who they say they are and that they have appropriate access to company data.

Cryptography Cryptography is the practice of developing and using coded algorithms to protect and obscure transmitted information so that it may only be read by those with the permission and ability to decrypt it.

Continue.. Digital signatures: Cryptography enables the creation and verification of digital signatures, providing a way to authenticate the origin and integrity of digital documents or transactions. Secure payment transactions: Cryptography secures financial transactions by encrypting sensitive payment information, protecting it from unauthorized access or fraud. Blockchain technology: Cryptography underpins blockchain technology, ensuring the immutability and integrity of distributed ledger systems, crucial for applications like cryptocurrencies and smart contracts. Password hashing: Cryptography is used to securely hash and store passwords, protecting user credentials from being compromised in the event of a data breach.

firewall A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.

User Authentication and Authorization Authentication is any procedure by which it can test that someone is who they claim they are. This generally contains a username and a password, but can involve some other method of demonstrating identity, including a smart card, retina scan, voice recognition, or fingerprints. Authentication is similar to displaying the drivers license at the ticket counter at the airport. Authorization is discovering out if the person, once recognized, is allowed to have the resource. This is generally decided by discovering out if that person is a part of a specific group, if that person has paid admission, or has a specific level of security clearance. Authorization is same to checking the guest record at an exclusive party, or checking for the ticket when it can go to the opera.

Intrusion Detection System An intrusion detection system (IDS) is a network security tool that monitors network traffic and devices for known malicious activity, suspicious activity or security policy violations. IDS Detection Types Network intrusion detection systems (NIDS): A system that analyzes incoming network traffic. Host-based intrusion detection systems (HIDS): A system that monitors important operating system files.

Security awareness and policy Security awareness involves educating individuals about potential cybersecurity threats, best practices for protecting personal and organizational data, and fostering a culture of vigilance and responsibility towards maintaining security in digital environments. A security policy is a set of rules, guidelines, and procedures established by an organization to ensure the confidentiality, integrity, and availability of its information assets, outlining the framework for managing security risks and defining responsibilities for personnel.

Formulate security policy. Define objectives Identify assets Risk assessment Legal and regulatory compliance Roles and responsibilities Access control Data protection

Continue.. Security awareness training Incident response plan Physical security measures Compliance monitoring Policy review and updates Enforcement and consequences Documentation and version control Communication and training
Tags
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 10
  • Slides 23
  • Age 505 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
30 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views
View More in This Category