System Securtiy , Navneet Baboo, RN College.pptx

SYSTEM SECURITY

HELLO! I am Vishal I am here because I love to give presentations. You can find me at @iamvishal9993 2

CONTENTS Introduction What is system security Damage from insecurity A n attack with a case study Security Measures Taken Security assurance Summary 3

Introduction Communication is a boon: - Given us the capability of solving problems in a distributive yet collective manner. However the boon is accompanied with the concern for security. Building a bug-free design is impossible: - designers ensure that the bugs do not come in the way of normal functionality. - however a single bug can subvert the entire security of an entity. 4

Description of the System Proper description of a system and its boundary is extremely import an t. A system is vague entity that comprises the totality of the computing and the communication environment. A system boundary demarcates between what is attempted to be protected (system) and what is unprotected (external world). 5

The security of a system is a system property that reflects the system’s ability to protect itself from accidental or deliberate external attack. 6

Why s ystem security? 7

52,000,000+ data breaches happened in 2022 alone 8

$6 Trillion+ USD Goabal cost of cybercrime 137% I ncrease in scams from the year prior! 847,376 C omplaints 9

Damage from insecurity Denial of service The system is forced into a state where normal service are unavilable or where service provision is significantly degraded. Corruption of programs of data The programs or data in the system may be modified in an unauthorised way. Disclosure of confidential information Information that is managed by the system may be exposed to people who are not authorized to read or use that information. 10

Vulnerability A weakness in a system that may be exploited to cause loss or harm A weak password system which makes it easy for users to set guessable passwords Some Terms Attack An exploitation of a system’s vulnerability that is a deliberate attempt to cause some damage An impersonation of an authorized user to gain access to records system 11

Like 12

What is Buffer Overflow attack A Buffer Overflow Attack happens when a program tries to fill a block of memory (a memory buffer) with more data than a buffer is supposed to hold. Buffers are essentially the areas of storage that temporarily hold data while it is being transferred from one location to another. 13

How is it done When a hacker sends malicious inputs to a vulnerable application, they can force the application to execute malicious code to take control of the machine or crash the system. 14

A case of buffer overflow attack Overwriting the memory of WhatsApp’s VoIP stack is how Pegasus took advantage of the buffer overflow to collect data on what was supposed to be encrypted exchanges. WhatsApp, the most popular instant messenger, isn’t without vulnerabilities. Though the end-to-end encryption attracts more users—especially security enthusiasts—WhatsApp isn’t as secure as it’s marketed by Facebook. A critical bug was discovered in May in WhatsApp VoIP, the feature responsible for audio and video calls, which allowed an attacker to take over a mobile device. The vulnerability was reported as a buffer overflow bug. 15

A case of buffer overflow attack(Pegasus) An attacker can call the target person and within minutes of the call (even if it’s a missed call), “… the phone starts revealing its encrypted content, mirrored on a computer screen halfway across the world. It then transmits back the most intimate details such as private messages and location and even turns on the camera and microphone to live-stream meetings,” according to the Financial Times . In fact, the security bug can help an attacker gain complete access to a device, including its camera and microphone sensors and file storage. 16

Some Pegasus Victims 17 Ashwini Vaishnaw UNION MINISTER FOR RAILWAYS, MP Vaishnaw was reportedly targeted for possible surveillance in 2017 Emmanuel Macron FRENCH PRESIDENT Macon has changed his mobile phone and number after reports that he was targeted by Israeli-made spyware. Jamal Khashoggi JOURNALIST Jamal Khashoggi was killed and dismembered at the Saudi consulate in Istanbul, Turkey Jeff Bezos AMAZON CEO Amazon CEO Jeff Bezos had his phone hacked, and the primary suspect for the hacking is Saudi Crown Prince Mohammed bin Salman.

How Do You Prevent A Buffer Overflow Attack? You can prevent a buffer overflow attack by: Performing routine code auditing (automated or manual). Providing training including bounds checking, use of unsafe functions, and group standards. Using compiler tools such as StackShield , StackGuard , and Libsafe . Using safe functions such as strncat instead of strcat , strncpy instead of strcpy , etc Periodically scan your application with one or more of the commonly available scanners that look for buffer overflow flaws in your server products and your custom web applications 18

Security System Goal: Integrity: The objects in the system mustn’t be accessed by any unauthorized user & any user not having sufficient rights should not be allowed to modify the important system files and resources. Secrecy: The objects of the system must be accessible only to a limited number of authorized users. Not everyone should be able to view the system files. Availability: All the resources of the system must be accessible to all the authorized users i.e. only one user/process should not have the right to hog all the system resources. 19

Security Measures Taken To protect the system, Security measures can be taken at the following levels: Physical: The sites containing computer systems must be physically secured against armed and malicious intruders. The workstations must be carefully protected. Human: Only appropriate users must have the authorization to access the system. Phishing(collecting confidential information) and Dumpster Diving(collecting basic information so as to gain unauthorized access) must be avoided. 20

Security Measures Taken To protect the system, Security measures can be taken at the following levels: Operating system: The system must protect itself from accidental or purposeful security breaches. Networking System: Almost all of the information is shared between different systems via a network. Intercepting these data could be just as harmful as breaking into a computer. Henceforth, Network should be properly secured against such attacks. 21

Security assurance Vulnerability avoidance The system is designed so that vulnerabilities do not occur. For example, if there is no external network connection then external attack is impossible. Attack detection and elimination The system is designed so that attacks on vulnerabilities area detected and neutralized before they result in an exposure.For example, virus checkers find and remove viruses before they infect a system. Exposure limitation and recovery The system is designed so that the adverse consequences of a successful attack are minimized. For example, a backup policy allows damaged information to be restored. 22

Summary Security is a system property that reflects the system’s ability to protect itself from malicious use A system has to be secure if we are to be confident in its dependability Damage indludes - Denial of service - Loss or corruption of data - Disclosure of confidential information 23

Summary Security can be maintained through strategies such as - Vulnerability avoidance - Attack detection and elimination - Exposure limitation and recovery 24

25 THANKS ! Any questions? You can find me at: @iamvishal9993 [email protected]

System Securtiy , Navneet Baboo, RN College.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

System Securtiy , Navneet Baboo, RN College.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Pray For The Peace Of Jerusalem and You Will Prosper

Don_t_Waste_Your_Life_God.....powerpoint

VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf

Fertility awareness methods for women in the society

Chapter 5 Arithmetic Functions Computer Organisation and Architecture

syakira bhasa inggris (1) (1).pptx.......