SlideShare ist ein Scribd-Unternehmen logo
1 von 35
Downloaden Sie, um offline zu lesen
BASIC CONCEPTS IN
COMPUTER SECURITY
ARZATH AREEFF
WHAT IS COMPUTER SECURITY?
•Computer security is refers to techniques for
ensuring that data stored in a computer cannot
be read or compromised by any individuals
without authorization.
•Most computer security measures involve data
encryption and passwords.
•The purpose of computer security is to device
ways to prevent the weaknesses from being
WHAT IS COMPUTER SECURITY?
•We are addressing three important aspects of
any computer-related system such as
confidentiality, integrity, and availability.
WHAT IS COMPUTER SECURITY?
•These are the three goals in
computing Security.
1.Confidentiality
2.Integrity
3.Availability
THREE GOALS IN COMPUTING SECURITY
•Confidentiality: ensures that computer-related
assets are accessed only by authorized parties.
Confidentiality is sometimes
called secrecy or privacy.
•Integrity: it means that assets can be modified
only by authorized parties or only in authorized
ways.
•Availability: it means that assets are accessible
THREE GOALS IN COMPUTING SECURITY
•One of the challenges in building
a secure system is finding the right balance
among the goals, which often conflict.
VULNERABILITY
•Vulnerability is a weakness in the security
system.
•Weaknesses can appear in any element of a
computer, both in the hardware, operating
system, and the software.
The types of vulnerabilities we might find as
they apply to the assets of hardware, software,
and data.
•These three assets and the connections among
HARDWARE VULNERABILITY
•Hardware is more visible than software, largely
because it is composed of physical objects.
•it is rather simple to attack by adding devices,
changing them, removing them, intercepting the
traffic to them, or flooding them with traffic
until they can no longer function.
HARDWARE VULNERABILITY
•other ways that computer hardware can be
attacked physically.
•Computers have been drenched with water,
burned, frozen, gassed, and electrocuted with
power surges.
SOFTWARE VULNERABILITIES
•Software can be replaced, changed, or
destroyed maliciously, or it can be modified,
deleted, or misplaced accidentally. Whether
intentional or not, these attacks exploit the
software’s vulnerabilities.
SOFTWARE VULNERABILITIES
•Sometimes, the attacks are obvious, as when
the software no longer runs. More subtle are
attacks in which the software has been altered
but seems to run normally.
DATA VULNERABILITY
•a data attack is a more widespread and serious
problem than either a hardware or software
attack.
•data items have greater public value than
hardware and software because more people
know how to use or interpret data.
THREATS
•A threat to a computing system is a set of
circumstances that has the potential to cause
loss or harm.
•There are many threats to a computer system,
including human-initiated and computer-
initiated ones.
•A threat is blocked by control of a vulnerability.
•We can view any threat as being one of four
THREATS
•An interception means that
some unauthorized party has
gained access to an asset.
The outside party can be a
person, a program, or a
computing system.
THREATS
•In an interruption is an asset of the system
becomes lost, unavailable, or unusable.
THREATS
•If an unauthorized party not only accesses but
tampers with an asset, is called as
a modification.
THREATS
•An unauthorized party might create
a fabrication of counterfeit objects on a
computing system.
•The intruder may insert spurious transactions
to a network communication system or add
records to an existing database.
ATTACKS
•A human who exploits a vulnerability
perpetrates an attack on the system. An attack
can also be launched by another system, as
when one
•system sends an overwhelming set of messages
to another, virtually shutting down the second
system's ability to function.
ATTACKS
•Unfortunately, we have seen this type of attack
frequently, as denial-of-service attacks flood
servers with more messages than they can
handle.
CONTROL
•The control is an action, device, procedure or
technique that removes or reduces a
vulnerability.
•We use a control as a protective measure.
•There are so many ways to controle.
HOW TO SECURE THE COMPUTER
•There are two ways
1.Physical secure
2.Other secure methods
PHYSICALLY SECURE COMPUTERS
•Obtain physical
computer locks for all
your computers
PHYSICALLY SECURE COMPUTERS
•Attach mobile
proximity alarms to
your computers.
PHYSICALLY SECURE COMPUTERS
•Store computers in an
area with secure access.
•Or place the computers in
a locked room
PHYSICALLY SECURE COMPUTERS IN
YOUR COLLEGE
•Station security guards at
entry points to the college
building.
PHYSICALLY SECURE COMPUTERS IN
YOUR COLLEGE
•Verify windows and
doors are properly
locked after office
hours.
SECURE THE COMPUTER
•Choose a good secured
operating system
SECURE THE COMPUTER
•Choose a web browser
based on its security and
vulnerabilities because
most malware will come
through via your web
browser
SECURE THE COMPUTER
•When setting up, use
strong passwords in your
user account, router
account etc. Hackers may
use dictionary attacks and
brute force attacks.
SECURE THE COMPUTER
•When downloading
software (including
antivirus software), get it
from a trusted source
SECURE THE COMPUTER
•Install good antivirus
software because Antivirus
software is designed to
deal with modern malware
including viruses, Trojans,
key loggers, rootkits, and
worms.
SECURE THE COMPUTER
•Download and install a
firewall
SECURE THE COMPUTER
•Close all ports. Hackers
use port scanning
(Ubuntu Linux has all
ports closed by default)
SOURCES AND CITATIONS
• Security in Computing, Fourth EditionBy Charles P. Pfleeger
• http://lifehacker.com/5848296/how-do-i-keep-my-computer-secure-at-the-office
• http://it.ojp.gov/documents/asp/disciplines/section1-2.htm
• http://www.pcpro.co.uk/blogs/2011/01/21/how-to-physically-secure-your-business-
hardware/
• http://www.us-cert.gov/nav/nt01/
• http://blog.chromium.org/2008/10/new-approach-to-browser-security-google.html
• http://www.avast.com
• http://www.trendsecure.com
• http://www.lavasoft.com
• http://www.zonealarm.com
• http://www.personalfirewall.comodo.com/
• http://www.remote-exploit.org/backtrack.html
• http://www.grc.com/securitynow.htm
• http://www.hackerhighschool.org/
• http://www.symantec.com/norton/products/library/article.jsp?aid=internet_iq
THANK YOU
HAVE A SECURED
WORLD 

Weitere ähnliche Inhalte

Was ist angesagt?

The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentationelihuwalker
 
Cia security model
Cia security modelCia security model
Cia security modelImran Ahmed
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security FundamentalsRahmat Suhatman
 
Database Security Management
Database Security Management Database Security Management
Database Security Management Ahsin Yousaf
 
Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety Sadaf Walliyani
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Operating System Security
Operating System SecurityOperating System Security
Operating System SecurityRamesh Upadhaya
 
Network security
Network securityNetwork security
Network securityEstiak Khan
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?Faith Zeller
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 

Was ist angesagt? (20)

The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
IT Security Presentation
IT Security PresentationIT Security Presentation
IT Security Presentation
 
Information security
Information securityInformation security
Information security
 
Cia security model
Cia security modelCia security model
Cia security model
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
Database Security Management
Database Security Management Database Security Management
Database Security Management
 
Computer security
Computer securityComputer security
Computer security
 
Computer Security and safety
Computer Security and safety Computer Security and safety
Computer Security and safety
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Operating System Security
Operating System SecurityOperating System Security
Operating System Security
 
Network security
Network securityNetwork security
Network security
 
Network security
Network securityNetwork security
Network security
 
What is Network Security?
What is Network Security?What is Network Security?
What is Network Security?
 
Web security
Web securityWeb security
Web security
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & prevention
 

Ähnlich wie Basic concepts in computer security

OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYRohitK71
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.pptmiki304759
 
Threats to information security
Threats to information securityThreats to information security
Threats to information securityswapneel07
 
security introduction and overview lecture1 .pptx
security introduction and overview lecture1 .pptxsecurity introduction and overview lecture1 .pptx
security introduction and overview lecture1 .pptxnagwaAboElenein
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module     1).pptxSystem Security Sem 2(Module     1).pptx
System Security Sem 2(Module 1).pptxrahulkumarcscsf21
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lectureZara Nawaz
 
Computer Security update and virus .pptx
Computer Security  update and virus .pptxComputer Security  update and virus .pptx
Computer Security update and virus .pptxlnatanzenebe21
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1limsh
 
Lecture 2 using an operating system
Lecture 2   using an operating systemLecture 2   using an operating system
Lecture 2 using an operating systemMaxwell Musonda
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
attack vectors by chimwemwe.pptx
attack vectors  by chimwemwe.pptxattack vectors  by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Computer Security
Computer SecurityComputer Security
Computer SecurityAkNirojan
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1123aleena
 
Application of security computer
Application of security computerApplication of security computer
Application of security computeribrahimzubairu2003
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 

Ähnlich wie Basic concepts in computer security (20)

OPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITYOPERATING SYSTEM SECURITY
OPERATING SYSTEM SECURITY
 
Chapter Last.ppt
Chapter Last.pptChapter Last.ppt
Chapter Last.ppt
 
Threats to information security
Threats to information securityThreats to information security
Threats to information security
 
security introduction and overview lecture1 .pptx
security introduction and overview lecture1 .pptxsecurity introduction and overview lecture1 .pptx
security introduction and overview lecture1 .pptx
 
System Security Sem 2(Module 1).pptx
System Security Sem 2(Module     1).pptxSystem Security Sem 2(Module     1).pptx
System Security Sem 2(Module 1).pptx
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
Computer Security update and virus .pptx
Computer Security  update and virus .pptxComputer Security  update and virus .pptx
Computer Security update and virus .pptx
 
BAIT1103 Chapter 1
BAIT1103 Chapter 1BAIT1103 Chapter 1
BAIT1103 Chapter 1
 
Lecture 2 using an operating system
Lecture 2   using an operating systemLecture 2   using an operating system
Lecture 2 using an operating system
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
attack vectors by chimwemwe.pptx
attack vectors  by chimwemwe.pptxattack vectors  by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
203135 Muhammad Usama.pptx
203135 Muhammad Usama.pptx203135 Muhammad Usama.pptx
203135 Muhammad Usama.pptx
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer Privacy
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
E sec chaptr-1
E sec chaptr-1E sec chaptr-1
E sec chaptr-1
 
Security.pdf
Security.pdfSecurity.pdf
Security.pdf
 
Application of security computer
Application of security computerApplication of security computer
Application of security computer
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
 

Kürzlich hochgeladen

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxAna-Maria Mihalceanu
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 

Kürzlich hochgeladen (20)

Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 

Basic concepts in computer security

  • 1. BASIC CONCEPTS IN COMPUTER SECURITY ARZATH AREEFF
  • 2. WHAT IS COMPUTER SECURITY? •Computer security is refers to techniques for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization. •Most computer security measures involve data encryption and passwords. •The purpose of computer security is to device ways to prevent the weaknesses from being
  • 3. WHAT IS COMPUTER SECURITY? •We are addressing three important aspects of any computer-related system such as confidentiality, integrity, and availability.
  • 4. WHAT IS COMPUTER SECURITY? •These are the three goals in computing Security. 1.Confidentiality 2.Integrity 3.Availability
  • 5. THREE GOALS IN COMPUTING SECURITY •Confidentiality: ensures that computer-related assets are accessed only by authorized parties. Confidentiality is sometimes called secrecy or privacy. •Integrity: it means that assets can be modified only by authorized parties or only in authorized ways. •Availability: it means that assets are accessible
  • 6. THREE GOALS IN COMPUTING SECURITY •One of the challenges in building a secure system is finding the right balance among the goals, which often conflict.
  • 7. VULNERABILITY •Vulnerability is a weakness in the security system. •Weaknesses can appear in any element of a computer, both in the hardware, operating system, and the software. The types of vulnerabilities we might find as they apply to the assets of hardware, software, and data. •These three assets and the connections among
  • 8. HARDWARE VULNERABILITY •Hardware is more visible than software, largely because it is composed of physical objects. •it is rather simple to attack by adding devices, changing them, removing them, intercepting the traffic to them, or flooding them with traffic until they can no longer function.
  • 9. HARDWARE VULNERABILITY •other ways that computer hardware can be attacked physically. •Computers have been drenched with water, burned, frozen, gassed, and electrocuted with power surges.
  • 10. SOFTWARE VULNERABILITIES •Software can be replaced, changed, or destroyed maliciously, or it can be modified, deleted, or misplaced accidentally. Whether intentional or not, these attacks exploit the software’s vulnerabilities.
  • 11. SOFTWARE VULNERABILITIES •Sometimes, the attacks are obvious, as when the software no longer runs. More subtle are attacks in which the software has been altered but seems to run normally.
  • 12. DATA VULNERABILITY •a data attack is a more widespread and serious problem than either a hardware or software attack. •data items have greater public value than hardware and software because more people know how to use or interpret data.
  • 13. THREATS •A threat to a computing system is a set of circumstances that has the potential to cause loss or harm. •There are many threats to a computer system, including human-initiated and computer- initiated ones. •A threat is blocked by control of a vulnerability. •We can view any threat as being one of four
  • 14. THREATS •An interception means that some unauthorized party has gained access to an asset. The outside party can be a person, a program, or a computing system.
  • 15. THREATS •In an interruption is an asset of the system becomes lost, unavailable, or unusable.
  • 16. THREATS •If an unauthorized party not only accesses but tampers with an asset, is called as a modification.
  • 17. THREATS •An unauthorized party might create a fabrication of counterfeit objects on a computing system. •The intruder may insert spurious transactions to a network communication system or add records to an existing database.
  • 18. ATTACKS •A human who exploits a vulnerability perpetrates an attack on the system. An attack can also be launched by another system, as when one •system sends an overwhelming set of messages to another, virtually shutting down the second system's ability to function.
  • 19. ATTACKS •Unfortunately, we have seen this type of attack frequently, as denial-of-service attacks flood servers with more messages than they can handle.
  • 20. CONTROL •The control is an action, device, procedure or technique that removes or reduces a vulnerability. •We use a control as a protective measure. •There are so many ways to controle.
  • 21. HOW TO SECURE THE COMPUTER •There are two ways 1.Physical secure 2.Other secure methods
  • 22. PHYSICALLY SECURE COMPUTERS •Obtain physical computer locks for all your computers
  • 23. PHYSICALLY SECURE COMPUTERS •Attach mobile proximity alarms to your computers.
  • 24. PHYSICALLY SECURE COMPUTERS •Store computers in an area with secure access. •Or place the computers in a locked room
  • 25. PHYSICALLY SECURE COMPUTERS IN YOUR COLLEGE •Station security guards at entry points to the college building.
  • 26. PHYSICALLY SECURE COMPUTERS IN YOUR COLLEGE •Verify windows and doors are properly locked after office hours.
  • 27. SECURE THE COMPUTER •Choose a good secured operating system
  • 28. SECURE THE COMPUTER •Choose a web browser based on its security and vulnerabilities because most malware will come through via your web browser
  • 29. SECURE THE COMPUTER •When setting up, use strong passwords in your user account, router account etc. Hackers may use dictionary attacks and brute force attacks.
  • 30. SECURE THE COMPUTER •When downloading software (including antivirus software), get it from a trusted source
  • 31. SECURE THE COMPUTER •Install good antivirus software because Antivirus software is designed to deal with modern malware including viruses, Trojans, key loggers, rootkits, and worms.
  • 32. SECURE THE COMPUTER •Download and install a firewall
  • 33. SECURE THE COMPUTER •Close all ports. Hackers use port scanning (Ubuntu Linux has all ports closed by default)
  • 34. SOURCES AND CITATIONS • Security in Computing, Fourth EditionBy Charles P. Pfleeger • http://lifehacker.com/5848296/how-do-i-keep-my-computer-secure-at-the-office • http://it.ojp.gov/documents/asp/disciplines/section1-2.htm • http://www.pcpro.co.uk/blogs/2011/01/21/how-to-physically-secure-your-business- hardware/ • http://www.us-cert.gov/nav/nt01/ • http://blog.chromium.org/2008/10/new-approach-to-browser-security-google.html • http://www.avast.com • http://www.trendsecure.com • http://www.lavasoft.com • http://www.zonealarm.com • http://www.personalfirewall.comodo.com/ • http://www.remote-exploit.org/backtrack.html • http://www.grc.com/securitynow.htm • http://www.hackerhighschool.org/ • http://www.symantec.com/norton/products/library/article.jsp?aid=internet_iq
  • 35. THANK YOU HAVE A SECURED WORLD 

Hinweis der Redaktion

  1. keep laptop and desktop computers properly secured to desks.
  2. Proximity alarms will alert you when equipment is removed outside of a specific radius.
  3. This may prevent unauthorized persons or visitors from stealing computers and other equipment.
  4. Enforce a rule that requires all visitors to remain in the lobby or to sign a visitor log that requires them to provide identification.
  5. This can help prevent theft or burglary from occurring.