Upload
farazmajeed27
View
311
Download
13
Embed Size (px)
Citation preview
SIALKOT CAMPUSGROUP MEMBERS:FRAZ MAJEED -------- SAJID -------- HAMEED -------- NASEEM
UNDERSTANDING THE NEED FOR SECURITY MEASURES
• BASIC SECURITY CONCEPTS
• THREATS TO USERS
• ONLINE SPYING TOOLS
• COPUTER RELATED INJURIES
• THREATS TO HARDWARE
• BASIC SECURITY CONCEPTS
COMPUTER SECURITY: Computer Security is the protection of computing system & the data that they store access. IMPORTANCE:1. Computer security supporting critical business process,2. Computer security protecting personal and sensitive
information3. Computer security enabling people to carry out their
jobs , education & research
THREATS A threat is anything that can cause
harm. In the context of computer security, a threat can be a burglar, virus, an earth quake, or a simple user error
EXAMPLES:The threats you face :
VIRUSES:1. Damage worth f1.8bn in 12 days on
the internet in 2003.
THREATS VIRUS BACK DOOR:1. Hidden after effects with potentially
impact
DEGREES OF HARM DEF:It is defined as injuries ,suffering, disability or death.EXAMPLE:There is probably no threats flooding . If u don’t use anti-virus software ,however there is a very good chance that your computer will become infected
COUNTERMEASURES A countermeasure is any step you take to
ward off a threat to protect yourself, your data , or computer from harm.
CLASSES:1. The first shield the user from personal
harm , such as threats to personal property
2. The second safeguard protects the computer system from physical hazards such as power problems
COMPUTER RELATING INJURIES
Computer use can cause physical injuries to the user.
Prolonged mouse & keyboard use, staring at a monitor for too long, & poor seating condition are the primary causes of such injuries.
THREATS TO USERS In this topic we will discuss about the
threats which user face.These are: IDENTITY THEFT LOSS OF PRIVACY PUBLIC RECORDS ON THE INTERNET
IDENTITY THEFT
The fraudulent practice of using another persons name & personal information in order to obtain its personal documents or credits etc.
e.g. With the right information an
identity thief can virtually become the victim, obtaining a drivers license , bank accounts & other items in the victims name.
DEF:-
METHODS OF IDENTITY THEFT
Identity thieves can use several methods low-tech as well as high-tech to obtain the information they need.
1. Shoulder Surfing2. Snagging3. Dumpster Diving4. Social Engineering
Low-Tech Methods:
Shoulder surfing
DEF: Shoulder surfing refers
to using direct observation techniques,
such as looking over
someone's shoulder, to
get information. It is
commonly used to obtain passwords, PINs
and security codes.etc
SHOULDER SURFING EXAMPLE:Someone might shoulder surf when
you areEntering your computer password ,
ATM pinOr credit card number.
Criminals often use this technique to gain access to your personal accounts or to read personal information , such as e-mails .
How to prevent shoulder surfing
To prevent shoulder surfing ,experts recommend that you shield your paper work and your keyboard from view of others while filling some type of form or typing your PIN or passwords.
Snagging A thief can try snagging information by listening on a Telephone extension or through a Wire tap while the victim gives credit card number or other personal information to someone.
Telephone Extension:An additional telephone set that is connected to the same telephone line.
DUMPSTER DIVING In general, dumpster diving
involves searching through trash or garbage looking for something useful.
In IT world , DUMPSTER DIVING is a security attack which involves going through materials or files that have been thrown into the RECYCLE BIN.
ainedInformation stolen by thieves :
Possible issues resulting from stolen info- :
Dumpster diving stats:
•Identity theft •Americans receive over 4 million tons of junk mail each year.
•Street address •Loan fraud
•Phone number •Benefits fraud •Identity theft victims claim that 88% of the stolen information thieves obtained by D.D
•Email address •Employment related fraud
•Bank account information
•Bank fraud
•Other personal information
•Other identity fraud
HOW TO PREVENT YOURSELF FROM DUMPSTER DIVING
-Never discard documents containing information such as a Social Security number, driver's license number, or bank account number into a public trash bin.
• -Always shred important documents you choose to discard.
• -Thoroughly cut up all old credit and debit cards so that the information is not legible .
Social engineering DEF: An art of deceiving
people. It is an effective
technique which thief uses to obtain someone’s personal information under the pretext of something legitimate.
SOCIAL ENGINEERING EXAMPLE:
Claim to be a system administrator at the website of the victims bank ; and ask for the victim’s user ID and password for a system check.
With this information thief can go online and access the victim’s account information directly through bank website.
LOSS OF PRIVACYPrivacy can be lost through
many ways . likeWhenever you use “store
loyalty ” card to buy groceries , the purchases are logged in database.
As it is your medical ,financial and credit records are available to anybody who authorize to view them.
LOSS OF PRIVACYe.g. Many insurance companies maintain data
bases filled with info- about you . You might expect these firms to know your name & address , but you might be surprised to know that , they know how many times each month you put gas in your car or buy a magazine .
A lot of companies do not keep this info- confidential , they may sell it to other companies who are interested in knowing about you.
PUBLIC RECORDS ON THE INTERNET
Your personal info- is available to anybody who has the few dollars to buy it from commercial public record services .
Some companies will give you detailed reports about most people .
These reports include info- such as : Background information Criminal records etc
background information It includes marriage,
divorce ,adoption , driving , credit history & bankruptcies records .
AND along with many other legal records , are available to anybody who wants to view them.There are no. of companies that collect public records , package them and sell them to anyone who wishes to purchase.
CRIMINAL RECORDS Criminal records include:
federal crimes(like bank fraud , bribery , hacking etc)
Felony crimes(like robbery , escaping from prison , murder , kidnapping etc )
Misdemeanor crimes(like vandalism , trespassing , petty theft etc)
ETC. These type of records are available on internet. Any one can buy this information through commercial public record sources.
ONLINE SPYING TOOLS Software developers
have created many ways to track your activities online.
These tools were created for benign purposes, now they are also being used in ways most consumers do not appreciate
DESCRIBED IN 4 SECTIONS 1. COOKIES
2. WEB BUGS
3. SPYWARE
4. SPAM
COOKIES It is a small text file that a web server asks your
browser to place on your computer. It contains info- that identifies your computer
COOKIESe.g. your IP Address Your User name or E-mail address &
info- about your visit to the web site. Your last time visit to site , which pages
you visit, which downlaod & how long you were at the site.
ARE COOKIES SAFE ? Each browser has its own set of cookies
. Each website can read only its own
cookies . Size=4096 bytes or 4KB . 20 cookies per site , allow by browser . Per browser allow 300 cookies , if more
cookies are created an old cookie will be deleted .
FOR HOW LONG COOKIES LIVE ?
When it created an expiry time is also provided :
1. Deleted if the expiry time has passed .2. Depend on server .3. If no time is given, cookies are deleted
as the browser window is closed .4. Depend on user .
SIGNIFICANT THREATS TO PRIVACY
Despite their helpful purposes there are threats to privacy .
They can be used to store & report many types of information & these info- can be used against your wishes.
SIGNIFICANT THREATS TO PRIVACY
e.g. The cookies maker might use the cookie to
determine what kind of advertisement will appear on your screen the next time you visit web site
All the info- that cookie stores can be used against your wishes.
Your PC may be storing hundreds or thousands of cookies , many of them you don’t want to keep them on your system,
TOOLS FOR REMOVING COOKIES
FOLLOWING TOOLS 1. REAL CLEAR COOKIES2. SUPER CLEAR COOKIES
WEB BUGS A small GIF-format
(graphics interchange format) image file that can be embedded in a Web page.
A web bug can be as small as a single pixel that can be easily hidden.
• A web bug is an object embedded in a web page or email, which ,(usually invisibly) allows checking that a user has accessed the content
• Behind the tiny image ,however the lies code that allowing the bug’s creator to track many of your online activities.
• It can record pages you view, keyword, personal info- & other data.
ANTI WEB-BUG A number of anti-
web bugs now exist. To remove anti web-bugs , one of the following is :
1. HOPE ANTI ROOTKIT HIJACKERS WEB BUG
SPYWARE Internet advertising is a
common source of spyware.
It is used to refer to many different kinds of software that can track a computer user’s activities & report them to the someone else.
SPYWARE e.g. You install and register a program it
may ask u to fill out a form. These info- sends to the developer, who stores it in database.
In this manner they are seen as perfectly because the user is aware about this information.
THREATS More commonly, spyware is
installed on a computer without user’s knowledge & collects the info-.
It can land on your pc from Web-pages , E-mail messages.
Spyware can track virtually anything you do & secretly report these activities to someone else.
ANTI SPYWARE To secure your PC from spyware ,
spyware-killing products are following:
1. SPYWARE TERMINATOR 2. COUNTER SPY3. MALWARE BYTES
SPAM The availability of your private info- might
be troubling , the consequence for the most users is called spam or (Internet “JUNK MAIL”).
The correct term for spam is unsolicited commercial E-mail(UCE) .
UCE: is a legal term used to describe an electronic promotional message sent to consumer without the request or consent.
SPAM
People who sent out these endless streams of spam , (spammers) get e-mail addresses in following ways :
1. Purchasing e-mail address from brokers .2. “Harvesting” e-mail address from
Internet.3. Generating random strings of characters
in an attempt to match legitimate address.
ANTI SPAM SOFTWARES 1. SPAM FIGHTER2. CA ANTI SPAM SOFTWARE3. CLOUD MARK DESKTOP
THREATS TO HARDWARE Threats to your computer’s hardware
involves incidents that have an effect on the operation or maintenance of the computer
POWER RELATED THREATS It affect computer in two
ways:-1. Power fluctuations , when
the strength of your electrical service rises or falls , can cause component failures
2. Power failure , when power is lost altogether , cause systems to shut down.
COUNTER MEASURES AGAINST POWER-RELATED PROBLEMS
YOU CAN EQUIP YOUR SYSTEM WITH ONE OF THE FOLLOWING DEVICES:
Protect against voltage spikes, these inexpensive plugs can be bought in most hardware stores.
Protect additional functions . They are safeguard against line noise .
SURGE SUPPRESSORS
LINE CONDITIONERS
UNINTERRUPTIBLE POWER SUPPLIES
They are essentially a battery backup for your computer .
Protect system from electrical events including a total loss of power .
THEFT & VANDALISM A vandal can do
tremendous damage to a computer , resulting in total loss of the system & the data it stores .
Special locks are available that can attach a system unit , monitor , or other equipment to a desk , making it very difficult to move
NATURAL DISASTER Disaster planning addresses
natural & man-made disasters . It is not called “disaster prevention” because things like earth-quakes & hurricanes are hard to predict & impossible to prevent.
CATEGORIES1. Be aware that a disaster could strike &
anticipate . when conditions are right ;e.g. If you live on the East Coast of the
United States , you know when to anticipate a hurricane .