SlideShare ist ein Scribd-Unternehmen logo

Security and ethics

Als PPTX, PDF herunterladen
Argie242424
Argie242424

this presentation is a part of a operating system discussion

Bildung
1 von 29
ROLE OF OPERATING SYSTEM IN SECURITY System Survivability System survivability - is defined as “the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents (Linger, 2002).” • The term system refers to any system. It’s used here in the broadest possible sense from laptop to distributed system to supercomputer. • A mission is a very high-level set of requirements or goals. • In a timely manner refers to system response time, a critical factor for most systems. • The terms attack, failure, and accident refer to any potentially damaging incident, regardless of the cause, whether intentional or not.
backup and recovery, policies in place and performing other archiving techniques - are standard operating procedure for most computing systems. Backups, with one set stored off-site, are also crucial to disaster recovery. The disaster could come from anywhere. Here are just a few of the threats: • water from a fire upstairs • fire from an electrical connection • malfunctioning server • corrupted archival media • intrusion from unauthorized users
Security Breaches Unintentional Intrusions  An unintentional attack - is defined as any breach of security or modification of data that was not the result of a planned intrusion.  accidental incomplete modification of data - When non- synchronized processes access data records and modify some of a record’s fields, An example was given in Chapter 5 when we discussed the topic of a race in a database with two processes working on the same student record and writing different versions of it to the database.
Intentional Attacks  Intentional unauthorized access includes denial of service attacks, browsing, wiretapping, repeated trials, trapdoors, and trash collection. Intentional Unauthorized Access  Denial of service (DoS) attacks - are synchronized attempts to deny service to authorized users by causing a computer (usually a Web server) to perform a task (often an unproductive task) over and over, thereby making the system unavailable to perform the work it is designed to do.  Browsing is when unauthorized users gain the capability to search through storage, directories, or files for information they aren’t privileged to read.
 Wiretapping - is nothing new. Just as telephone lines can be tapped, so can most data communication lines. There are two reasons for passive tapping: to copy data while bypassing any authorization procedures and  to collect specific information (such as passwords) that will permit the tapper to enter the system at a later date. Active wiretapping is when the data being sent is modified Two methods of active wiretapping are: “between lines transmission” and “piggyback entry.” Between lines doesn’t alter the messages sent by the legitimate user, but it inserts additional messages into the communication line while the legitimate user is pausing.
Piggyback entry intercepts and modifies the original messages. Repeated trials - describes the method used to enter systems by guessing authentic passwords. Average time required for a human and computer to guess passwords up to 10 alphabetic characters (A–Z) using brute force.
 Trapdoors - including backdoor passwords, are defined as unspecified and undocumented entry points to the system.  Trash collection - also known as dumpster diving - is an evening pastime for those who enjoy perusing anything and everything thrown out by system users—the discarded disks, CDs, faxes, printer ribbons, as well as printouts of source code, programs, memory dumps, and notes.
 Viruses  A virus - is defined as a small program written to alter the way a computer operates, without the permission or knowledge of the user. A virus must meet two criteria:  • It must be self-executing. Often, this means placing its own code in the path of another program.  • It must be self-replicating. Usually, this is accomplished by copying itself from infected files to clean files as shown in Figure 11.2. Viruses can infect desktop computers and network servers alike and spread each time the host file is executed.
A file infector virus attacks a clean file (a) by attaching a small program to it (b), which executes every time the infected file runs.
 Worms  A worm - is a memory-resident program that copies itself from one system to the next without requiring the aid of an infected program file.  Trojans  A Trojan - (originally called a Trojan Horse) is a destructive program that’s disguised as a legitimate or harmless program that sometimes carries within itself the means to allow the program’s creator to secretly access the user’s system.
There are five recognized types of viruses:  File infector virus - Infects files on the computer, normally executable files such as .exe and .com files commonly found on Microsoft operating systems. These viruses commonly become resident in memory and then infect any clean executable program that runs on that computer.  Boot sector virus - Infects the boot record, the system area of a floppy disk or hard drive. These viruses activate whenever the user starts up (powers on) the computer. Most boot sector viruses were written for MS-DOS, but other operating systems are potential targets.  Master boot record virus - Infects the boot record of a disk, saving a legitimate copy of the master boot record in a different location on the volume.
 Multipartite virus - Infects both the boot record and program files, making them especially difficult to repair. Successful removal requires that all instances of the virus be removed at once—on the boot records as well as all instances of files infected with the virus. Should any instance of the infection remain, the virus will infect the system again.  Macro virus - Infects data files (such as word processing documents, spreadsheets, etc.), though newer versions now infect other program files as well. Computer users are advised to disable the automatic execution of macros on files they don’t completely trust. macro virus - works by attaching itself to the template which, in turn, is attached to word processing documents.
 Intruders have been known to capture user passwords by using a Trojan to replace the standard login program on the computer with an identical fake login that captures keystrokes. Once it’s installed, it works like this: 1. The user sees a login prompt and types in the user ID. 2. The user sees a password prompt and types in the password. 3. The rogue program records both the user ID and password and sends a typical login failure message to the user. Then the program stops running and returns control to the legitimate program. 4. Now, the user sees the legitimate login prompt and retypes the user ID. 5. The user sees the legitimate password prompt and retypes the password. 6. Finally, the user gains access to the system, unaware that the rogue program has stored the first attempt and recorded the user ID and password.
 Bombs  A logic bomb - is a destructive program with a fuse—a certain triggering event (such as a certain keystroke or connection with the Internet).  A time bomb - is similar to a logic bomb but is triggered by a specific time, such as a day of the year.  Blended Threats  A blended threat - combines into one program the characteristics of other attacks, including a virus, a worm, a trojan, spyware, key loggers, and other malicious code.
System protection  Antivirus software - can be purchased to protect systems from attack by malicious software.  The level of protection is usually in proportion to the importance of its data. Medical data should be highly protected. Information about current viruses is available from vendors and government agencies  dedicated to system security, such as those listed in Table 11.5.
 Firewall - is a set of hardware and/or software designed to protect a system by disguising its IP address from outsiders who don’t have authorization to access it or ask for information about it. The typical tasks of the firewall are to: • log activities that access the Internet • maintain access control based on the senders’ or receivers’ IP addresses • maintain access control based on the services that are requested • hide the internal network from unauthorized users requesting network information • verify that virus protection is installed and being enforced • perform authentication based on the source of a request from the Internet
shows the threats (viruses, worms, and Trojans) as of September 2009.
 proxy server - hides important network information from outsiders by making the network server invisible.  Authentication - is verification that an individual trying to access a system is authorized to do so.  Kerberos - One popular authentication tool. - The Kerberos protocol uses strong cryptography (the science of coding messages) so that a client can prove its identity to a server, and vice versa, across an insecure network connection.  Using Kerberos, when client A attempts to access server B, the user is authenticated (a) and receives a ticket for the session (b). Once the ticket is issued, client and server can communicate at will (c). Without the ticket, access is not granted.
 Encryption  The most extreme protection for sensitive data is with encryption—putting it into a secret code.  private key - is a pair of two prime numbers (usually with 75 or more digits each) chosen by the person who wants to receive a private message.  public key - Once the message receiver has the product, k, it can be posted in any public place, even an online directory, for anyone to see, because the private key can’t be decoded from the public key.  Packet sniffers also called sniffers - are programs that reside on computers attached to the network.  Spoofing - is a security threat that relies on cleartext transmission whereby the assailant falsifies the IP addresses of an Internet server by changing the address recorded in packets it sends over the Internet.
Password Management  Passwords - are one of the easiest and most effective protection schemes to implement, but only if they’re used correctly. There are several reliable techniques for generating a good password: • Using a minimum of eight characters, including numbers and non-alphanumeric characters • Creating a misspelled word or joining bits of phrases into a word that’s easy to remember • Following a certain pattern on the keyboard, generating new passwords easily by starting your sequence with a different letter each time • Creating acronyms from memorable sentences, such as MDWB4YOIA, which stands for: “My Dog Will Be 4 Years Old In April”
• If the operating system differentiates between upper- and lowercase characters (as UNIX and Linux do), users should take advantage of that feature by using both in the password: MDwb4YOia • Avoiding any words that appear in any dictionary Number of combinations of passwords depending on their length and available character set.
 Dictionary attack - is the term used to describe a method of breaking encrypted passwords. Password Alternatives  smart card – a credit-card-sized calculator that requires both something you have and something you know.  Biometrics - the science and technology of identifying individuals based on the unique biological characteristics of each person.  A graphical password is created by clicking certain areas of the photo in a certain sequence.
 Social Engineering - means looking in and around the user’s desk for a written reminder, trying the user logon ID as the password, searching logon scripts, and even telephoning friends and co-workers to learn the names of a user’s family members, pets, vacation destinations, favorite hobbies, car model, etc.  Phishing (pronounced “fishing”) - is a form of social engineering whereby an intruder pretends to be a legitimate entity and contacts unwary users asking them to reconfirm their personal and/or financial information. Ethics  ethics—the rules or standards of behavior that members of the computer-using community are expected to follow, demonstrating the principles of right and wrong.
 For the system’s owner, ethical lapses by authorized or unauthorized users can have severe consequences: • Illegally copied software can result in lawsuits and fines of several times the retail price of each product for each transgression. Several industry associations publish toll- free numbers encouraging disgruntled employees to turn in their employers who use illegal software. • Plagiarism, the unauthorized copying of copyrighted work (including but not limited to music, movies, textbook material, databases), is illegal and punishable by law in the United States as well as in many other nations. When the original work is on paper, most users know the proper course of action, but when the original is in electronic form, some people don’t recognize the ethical issues involved.
• Eavesdropping on e-mail, data, or voice communications is sometimes illegal and usually unwarranted, except under certain circumstances. If calls or messages must be monitored, the participants should always be notified before the monitoring begins. • Cracking, sometimes called hacking, is gaining access to another computer system to monitor or change data, and it’s seldom an ethical activity. Although it’s seen as a sport by certain people, each break-in should cause the system’s owner and users to question the validity of the system’s data.
• Unethical use of technology, defined as unauthorized access to private or protected computer systems or electronic information, is a murky area of the law, but it’s clearly the wrong thing to do. Legally, the justice system has great difficulty keeping up with each specific form of unauthorized access because the technology changes so quickly. Therefore, system owners can’t rely on the law for guidance. Instead, they must aggressively teach their users about what is and is not ethical behavior. How can users be taught to behave ethically? A continuing series of security awareness and ethics communications to computer users is more effective than a single announcement. Specific activities can include the following:
• Publish policies that clearly state which actions will and will not be condoned. • Teach a regular seminar on the subject including real-life case histories. • Conduct open discussions of ethical questions such as: Is it okay to read someone else’s e-mail? Is it right for someone else to read your e-mail? Is it ethical for a competitor to read your data? Is it okay if someone scans your bank account? Is it right for someone to change the results of your medical test? Is it acceptable for someone to copy your software program and put it on the Internet? Is it acceptable for someone to copy a government document and put it on the Internet? THE END: THANK YOU!!!

Empfohlen

Understanding operating systems 5th ed ch11
Understanding operating systems 5th ed ch11Understanding operating systems 5th ed ch11
Understanding operating systems 5th ed ch11BarrBoy
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
03 Data Recovery - Notes
03 Data Recovery - Notes03 Data Recovery - Notes
03 Data Recovery - NotesKranthi
 
Log Analysis
Log AnalysisLog Analysis
Log AnalysisNSConclave
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsNeilg42
 

Empfohlen

Understanding operating systems 5th ed ch11
Understanding operating systems 5th ed ch11Understanding operating systems 5th ed ch11
Understanding operating systems 5th ed ch11BarrBoy
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsSCREAM138
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - NotesKranthi
 
03 Data Recovery - Notes
03 Data Recovery - Notes03 Data Recovery - Notes
03 Data Recovery - NotesKranthi
 
Log Analysis
Log AnalysisLog Analysis
Log AnalysisNSConclave
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsNeilg42
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
Data recovery
Data recoveryData recovery
Data recoverygupta8741
 
Attack lecture #2 ppt
Attack lecture #2 pptAttack lecture #2 ppt
Attack lecture #2 pptvasanthimuniasamy
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
Bit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesBit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesLumension
 
Cyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital DomainCyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital Domainppd1961
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic toolsParsons Corporation
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensiknewbie2019
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Data recovery tools
Data recovery toolsData recovery tools
Data recovery toolsuniversity of Gujrat, pakistan
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics pptRoshiniVijayakumar1
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensicsn|u - The Open Security Community
 
Windowsforensics
WindowsforensicsWindowsforensics
WindowsforensicsSantosh Khadsare
 
Linux forensics
Linux forensicsLinux forensics
Linux forensicsSantosh Khadsare
 
Mitppt
MitpptMitppt
MitpptAarti Prakash
 
System_security.pptx
System_security.pptxSystem_security.pptx
System_security.pptxSusmitaSaha812194
 

Weitere ähnliche Inhalte

Was ist angesagt?

Data recovery
Data recoveryData recovery
Data recoverygupta8741
 
Bit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesBit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesLumension
 
Cyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital DomainCyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital Domainppd1961
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx9905234521
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensiknewbie2019
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 

Was ist angesagt? (20)

Network forensic
Network forensicNetwork forensic
Network forensic
 
Data recovery
Data recoveryData recovery
Data recovery
 
Attack lecture #2 ppt
Attack lecture #2 pptAttack lecture #2 ppt
Attack lecture #2 ppt
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
Bit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesBit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it Compares
 
Cyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital DomainCyber Forensic - Policing the Digital Domain
Cyber Forensic - Policing the Digital Domain
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
 
Memory forensics.pptx
Memory forensics.pptxMemory forensics.pptx
Memory forensics.pptx
 
Information security
Information securityInformation security
Information security
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Digital forensic tools
Digital forensic toolsDigital forensic tools
Digital forensic tools
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
 
Data recovery tools
Data recovery toolsData recovery tools
Data recovery tools
 
Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics ppt
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
 
Windowsforensics
WindowsforensicsWindowsforensics
Windowsforensics
 
Linux forensics
Linux forensicsLinux forensics
Linux forensics
 

Ähnlich wie Security and ethics

Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber securityBansari Shah
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkgUmang Gupta
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Komal Mehfooz
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System ThreatsReddhi Basu
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Computing safety
Computing safetyComputing safety
Computing safetyBrulius
 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewareAJAY VISHKARMA
 
Software security
Software securitySoftware security
Software securityjes_d
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacyArdit Meti
 

Ähnlich wie Security and ethics (20)

Mitppt
MitpptMitppt
Mitppt
 
System_security.pptx
System_security.pptxSystem_security.pptx
System_security.pptx
 
Types of attacks in cyber security
Types of attacks in cyber securityTypes of attacks in cyber security
Types of attacks in cyber security
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
23 network security threats pkg
23 network security threats pkg23 network security threats pkg
23 network security threats pkg
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz) Security & threats Presentation => (Presenter: Komal Mehfooz)
Security & threats Presentation => (Presenter: Komal Mehfooz)
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System Threats
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Protection and security
Protection and securityProtection and security
Protection and security
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Malicious
MaliciousMalicious
Malicious
 
UNIT-4.docx
UNIT-4.docxUNIT-4.docx
UNIT-4.docx
 
Network management and security
Network management and securityNetwork management and security
Network management and security
 
Ch02 System Threats and Risks
Ch02 System Threats and RisksCh02 System Threats and Risks
Ch02 System Threats and Risks
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for maleware
 
Network security
Network securityNetwork security
Network security
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Software security
Software securitySoftware security
Software security
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
 

Kürzlich hochgeladen

ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxlancelewisportillo
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4MiaBumagat1
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 

Kürzlich hochgeladen (20)

ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptxQ4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
Q4-PPT-Music9_Lesson-1-Romantic-Opera.pptx
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4ANG SEKTOR NG agrikultura.pptx QUARTER 4
ANG SEKTOR NG agrikultura.pptx QUARTER 4
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 

Security and ethics

  • 1. ROLE OF OPERATING SYSTEM IN SECURITY System Survivability System survivability - is defined as “the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents (Linger, 2002).” • The term system refers to any system. It’s used here in the broadest possible sense from laptop to distributed system to supercomputer. • A mission is a very high-level set of requirements or goals. • In a timely manner refers to system response time, a critical factor for most systems. • The terms attack, failure, and accident refer to any potentially damaging incident, regardless of the cause, whether intentional or not.
  • 2. backup and recovery, policies in place and performing other archiving techniques - are standard operating procedure for most computing systems. Backups, with one set stored off-site, are also crucial to disaster recovery. The disaster could come from anywhere. Here are just a few of the threats: • water from a fire upstairs • fire from an electrical connection • malfunctioning server • corrupted archival media • intrusion from unauthorized users
  • 3. Security Breaches Unintentional Intrusions  An unintentional attack - is defined as any breach of security or modification of data that was not the result of a planned intrusion.  accidental incomplete modification of data - When non- synchronized processes access data records and modify some of a record’s fields, An example was given in Chapter 5 when we discussed the topic of a race in a database with two processes working on the same student record and writing different versions of it to the database.
  • 4. Intentional Attacks  Intentional unauthorized access includes denial of service attacks, browsing, wiretapping, repeated trials, trapdoors, and trash collection. Intentional Unauthorized Access  Denial of service (DoS) attacks - are synchronized attempts to deny service to authorized users by causing a computer (usually a Web server) to perform a task (often an unproductive task) over and over, thereby making the system unavailable to perform the work it is designed to do.  Browsing is when unauthorized users gain the capability to search through storage, directories, or files for information they aren’t privileged to read.
  • 5.  Wiretapping - is nothing new. Just as telephone lines can be tapped, so can most data communication lines. There are two reasons for passive tapping: to copy data while bypassing any authorization procedures and  to collect specific information (such as passwords) that will permit the tapper to enter the system at a later date. Active wiretapping is when the data being sent is modified Two methods of active wiretapping are: “between lines transmission” and “piggyback entry.” Between lines doesn’t alter the messages sent by the legitimate user, but it inserts additional messages into the communication line while the legitimate user is pausing.
  • 6. Piggyback entry intercepts and modifies the original messages. Repeated trials - describes the method used to enter systems by guessing authentic passwords. Average time required for a human and computer to guess passwords up to 10 alphabetic characters (A–Z) using brute force.
  • 7.  Trapdoors - including backdoor passwords, are defined as unspecified and undocumented entry points to the system.  Trash collection - also known as dumpster diving - is an evening pastime for those who enjoy perusing anything and everything thrown out by system users—the discarded disks, CDs, faxes, printer ribbons, as well as printouts of source code, programs, memory dumps, and notes.
  • 8.  Viruses  A virus - is defined as a small program written to alter the way a computer operates, without the permission or knowledge of the user. A virus must meet two criteria:  • It must be self-executing. Often, this means placing its own code in the path of another program.  • It must be self-replicating. Usually, this is accomplished by copying itself from infected files to clean files as shown in Figure 11.2. Viruses can infect desktop computers and network servers alike and spread each time the host file is executed.
  • 9. A file infector virus attacks a clean file (a) by attaching a small program to it (b), which executes every time the infected file runs.
  • 10.  Worms  A worm - is a memory-resident program that copies itself from one system to the next without requiring the aid of an infected program file.  Trojans  A Trojan - (originally called a Trojan Horse) is a destructive program that’s disguised as a legitimate or harmless program that sometimes carries within itself the means to allow the program’s creator to secretly access the user’s system.
  • 11. There are five recognized types of viruses:  File infector virus - Infects files on the computer, normally executable files such as .exe and .com files commonly found on Microsoft operating systems. These viruses commonly become resident in memory and then infect any clean executable program that runs on that computer.  Boot sector virus - Infects the boot record, the system area of a floppy disk or hard drive. These viruses activate whenever the user starts up (powers on) the computer. Most boot sector viruses were written for MS-DOS, but other operating systems are potential targets.  Master boot record virus - Infects the boot record of a disk, saving a legitimate copy of the master boot record in a different location on the volume.
  • 12.  Multipartite virus - Infects both the boot record and program files, making them especially difficult to repair. Successful removal requires that all instances of the virus be removed at once—on the boot records as well as all instances of files infected with the virus. Should any instance of the infection remain, the virus will infect the system again.  Macro virus - Infects data files (such as word processing documents, spreadsheets, etc.), though newer versions now infect other program files as well. Computer users are advised to disable the automatic execution of macros on files they don’t completely trust. macro virus - works by attaching itself to the template which, in turn, is attached to word processing documents.
  • 13.  Intruders have been known to capture user passwords by using a Trojan to replace the standard login program on the computer with an identical fake login that captures keystrokes. Once it’s installed, it works like this: 1. The user sees a login prompt and types in the user ID. 2. The user sees a password prompt and types in the password. 3. The rogue program records both the user ID and password and sends a typical login failure message to the user. Then the program stops running and returns control to the legitimate program. 4. Now, the user sees the legitimate login prompt and retypes the user ID. 5. The user sees the legitimate password prompt and retypes the password. 6. Finally, the user gains access to the system, unaware that the rogue program has stored the first attempt and recorded the user ID and password.
  • 14.
  • 15.  Bombs  A logic bomb - is a destructive program with a fuse—a certain triggering event (such as a certain keystroke or connection with the Internet).  A time bomb - is similar to a logic bomb but is triggered by a specific time, such as a day of the year.  Blended Threats  A blended threat - combines into one program the characteristics of other attacks, including a virus, a worm, a trojan, spyware, key loggers, and other malicious code.
  • 16. System protection  Antivirus software - can be purchased to protect systems from attack by malicious software.  The level of protection is usually in proportion to the importance of its data. Medical data should be highly protected. Information about current viruses is available from vendors and government agencies  dedicated to system security, such as those listed in Table 11.5.
  • 17.  Firewall - is a set of hardware and/or software designed to protect a system by disguising its IP address from outsiders who don’t have authorization to access it or ask for information about it. The typical tasks of the firewall are to: • log activities that access the Internet • maintain access control based on the senders’ or receivers’ IP addresses • maintain access control based on the services that are requested • hide the internal network from unauthorized users requesting network information • verify that virus protection is installed and being enforced • perform authentication based on the source of a request from the Internet
  • 18. shows the threats (viruses, worms, and Trojans) as of September 2009.
  • 19.  proxy server - hides important network information from outsiders by making the network server invisible.  Authentication - is verification that an individual trying to access a system is authorized to do so.  Kerberos - One popular authentication tool. - The Kerberos protocol uses strong cryptography (the science of coding messages) so that a client can prove its identity to a server, and vice versa, across an insecure network connection.  Using Kerberos, when client A attempts to access server B, the user is authenticated (a) and receives a ticket for the session (b). Once the ticket is issued, client and server can communicate at will (c). Without the ticket, access is not granted.
  • 20.
  • 21.  Encryption  The most extreme protection for sensitive data is with encryption—putting it into a secret code.  private key - is a pair of two prime numbers (usually with 75 or more digits each) chosen by the person who wants to receive a private message.  public key - Once the message receiver has the product, k, it can be posted in any public place, even an online directory, for anyone to see, because the private key can’t be decoded from the public key.  Packet sniffers also called sniffers - are programs that reside on computers attached to the network.  Spoofing - is a security threat that relies on cleartext transmission whereby the assailant falsifies the IP addresses of an Internet server by changing the address recorded in packets it sends over the Internet.
  • 22. Password Management  Passwords - are one of the easiest and most effective protection schemes to implement, but only if they’re used correctly. There are several reliable techniques for generating a good password: • Using a minimum of eight characters, including numbers and non-alphanumeric characters • Creating a misspelled word or joining bits of phrases into a word that’s easy to remember • Following a certain pattern on the keyboard, generating new passwords easily by starting your sequence with a different letter each time • Creating acronyms from memorable sentences, such as MDWB4YOIA, which stands for: “My Dog Will Be 4 Years Old In April”
  • 23. • If the operating system differentiates between upper- and lowercase characters (as UNIX and Linux do), users should take advantage of that feature by using both in the password: MDwb4YOia • Avoiding any words that appear in any dictionary Number of combinations of passwords depending on their length and available character set.
  • 24.  Dictionary attack - is the term used to describe a method of breaking encrypted passwords. Password Alternatives  smart card – a credit-card-sized calculator that requires both something you have and something you know.  Biometrics - the science and technology of identifying individuals based on the unique biological characteristics of each person.  A graphical password is created by clicking certain areas of the photo in a certain sequence.
  • 25.  Social Engineering - means looking in and around the user’s desk for a written reminder, trying the user logon ID as the password, searching logon scripts, and even telephoning friends and co-workers to learn the names of a user’s family members, pets, vacation destinations, favorite hobbies, car model, etc.  Phishing (pronounced “fishing”) - is a form of social engineering whereby an intruder pretends to be a legitimate entity and contacts unwary users asking them to reconfirm their personal and/or financial information. Ethics  ethics—the rules or standards of behavior that members of the computer-using community are expected to follow, demonstrating the principles of right and wrong.
  • 26.  For the system’s owner, ethical lapses by authorized or unauthorized users can have severe consequences: • Illegally copied software can result in lawsuits and fines of several times the retail price of each product for each transgression. Several industry associations publish toll- free numbers encouraging disgruntled employees to turn in their employers who use illegal software. • Plagiarism, the unauthorized copying of copyrighted work (including but not limited to music, movies, textbook material, databases), is illegal and punishable by law in the United States as well as in many other nations. When the original work is on paper, most users know the proper course of action, but when the original is in electronic form, some people don’t recognize the ethical issues involved.
  • 27. • Eavesdropping on e-mail, data, or voice communications is sometimes illegal and usually unwarranted, except under certain circumstances. If calls or messages must be monitored, the participants should always be notified before the monitoring begins. • Cracking, sometimes called hacking, is gaining access to another computer system to monitor or change data, and it’s seldom an ethical activity. Although it’s seen as a sport by certain people, each break-in should cause the system’s owner and users to question the validity of the system’s data.
  • 28. • Unethical use of technology, defined as unauthorized access to private or protected computer systems or electronic information, is a murky area of the law, but it’s clearly the wrong thing to do. Legally, the justice system has great difficulty keeping up with each specific form of unauthorized access because the technology changes so quickly. Therefore, system owners can’t rely on the law for guidance. Instead, they must aggressively teach their users about what is and is not ethical behavior. How can users be taught to behave ethically? A continuing series of security awareness and ethics communications to computer users is more effective than a single announcement. Specific activities can include the following:
  • 29. • Publish policies that clearly state which actions will and will not be condoned. • Teach a regular seminar on the subject including real-life case histories. • Conduct open discussions of ethical questions such as: Is it okay to read someone else’s e-mail? Is it right for someone else to read your e-mail? Is it ethical for a competitor to read your data? Is it okay if someone scans your bank account? Is it right for someone to change the results of your medical test? Is it acceptable for someone to copy your software program and put it on the Internet? Is it acceptable for someone to copy a government document and put it on the Internet? THE END: THANK YOU!!!