SlideShare a Scribd company logo

Security Threats

Download as PPTX, PDF
Yasmeen Shaikh
Yasmeen Shaikh

This is small presentation prepared showing different types of Security Threats.

Software
1 of 31
DEFINING SECURITY Security means to protect information. It deals with the prevention and detection of unauthorized actions by users of a computer. Lately it has been extended to include privacy, confidentiality, and integrity.
This definition implies that you have to know the information and the value of that information in order to develop protective measures. A rough classification of protective measures in computer security is as follows:
Prevention—Take measures that prevent your information from being damaged, altered, or stolen. Preventive measures can range from locking the server room door to setting up high-level security policies.
Detection—Take measures that allow you to detect when information has been damaged, altered, or stolen, how it has been damaged, altered, or stolen, and who has caused the damage. Various tools are available to help detect intrusions, damage or alterations, and viruses.
Reaction—Take measures that allow recovery of information, even if information is lost or damaged.
The above measures are all very well, but if you do not understand how information may be compromised, you cannot take measures to protect it. You must examine the components on how information can be compromised:
Confidentiality :-The prevention of unauthorized disclosure of information. This can be the result of poor security measures or information leaks by personnel. An example of poor security measures would be to allow anonymous access to sensitive information.
Integrity. The prevention of erroneous modification of information. Authorized users are probably the biggest cause of errors and omissions and the alteration of data. Storing incorrect data within the system can be as bad as losing data. Malicious attackers also can modify, delete, or corrupt information that is vital to the correct operation of business functions.
Availability. The prevention of unauthorized with holding of information or resources. This does not apply just to personnel withholding information. Information should be as freely available as possible to authorized users.
Authentication. The process of verifying that users are who they claim to be when logging onto a system. Generally, the use of user names and passwords accomplishes this. More sophisticated is the use of smart cards and retina scanning. The process of authentication does not grant the user access rights to resources—this is achieved through the authorization process.
Authorization. The process of allowing only authorized users access to sensitive information. An authorization process uses the appropriate security authority to determine whether a user should have access to resources.
HISTORY OF SECURITY • Computers and networks originally were built to ease the exchange of information. Early information technology (IT) infrastructures were built around central computers or mainframe solutions while others were developed around the personal computer. What some thought impossible became reality and today businesses are being driven by the power of the personal computer that users access with just a user name and password. • But as the information revolution opened new avenues for IT, it also opened new possibilities for crime. Attackers used these opportunities to steal passwords and gain access to information or to create disastrous effects on networks and computers.
Threats Motives/Goals Methods Security Policies • Employees • Malicious • Ignorant • Non-employees • Outside attackers • Natural disasters • Floods • Earthquakes • Hurricanes • Riots and wars • Deny services • Steal information • Alter information • Damage information • Delete information • Make a joke • Show off • Social engineering • Viruses, Trojan horses, worms • Packet replay • Packet modification • IP spoofing • Mail bombing • Various hacking tools • Password cracking • Vulnerabilities • Assets • Information and data • Productivity • Hardware • Personnel
THREATS In Computer Security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm. A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.
• Viruses. Attackers can develop harmful code known as viruses. Using hacking techniques, they can break into systems and plant viruses. Viruses in general are a threat to any environment. They come in different forms and although not always malicious, they always take up time. Viruses can also be spread via e-mail and disks.
• Worms. These are programs that run independently and travel from computer to computer across network connections. Worms may have portions of themselves running on many different computers. Worms do not change other programs, although they may carry other code that does.
• Trojan horses. These are malicious programs or software code hidden inside what looks like a normal program. When a user runs the normal program, the hidden code runs as well. It can then start deleting files and causing other damage to the computer. Trojan horses are normally spread by e-mail attachments. The Melissa virus that caused denial-of-service attacks throughout the world in 1999 was a type of Trojan horse.
• Eavesdropping. E-mail headers and contents are transmitted in the clear text if no encryption is used. As a result, the contents of a message can be read or altered in transit. The header can be modified to hide or change the sender, or to redirect the message.
• Password cracking. This is a technique attackers use to surreptitiously gain system access through another user's account. This is possible because users often select weak passwords. The two major problems with passwords is when they are easy to guess based on knowledge of the user (for example, wife's maiden name) and when they are susceptible to dictionary attacks (that is, using a dictionary as the source of guesses). • Denial-of-service attacks. This attack exploits the need to have a service available. It is a growing trend on the Internet because Web sites in general are open doors ready for abuse. People can easily flood the Web server with communication in order to keep it busy. Therefore, companies connected to the Internet should prepare for (DoS) attacks. They also are difficult to trace and allow other types of attacks to be subdued.
• E-mail hacking. Electronic mail is one of the most popular features of the Internet. With access to Internet e-mail, someone can potentially correspond with any one of millions of people worldwide. Some of the threats associated with e-mail are: • Packet replay. This refers to the recording and retransmission of message packets in the network. Packet replay is a significant threat for programs that require authentication sequences, because an intruder could replay legitimate authentication sequence messages to gain access to a system. Packet replay is frequently undetectable, but can be prevented by using packet time stamping and packet sequence counting. • Packet modification. This involves one system intercepting and modifying a packet destined for another system. Packet information may not only be modified, it could also be destroyed.
• Network spoofing. In network spoofing, a system presents itself to the network as though it were a different system (computer A impersonates computer B by sending B's address instead of its own). The reason for doing this is that systems tend to operate within a group of other trusted systems. Trust is imparted in a one-to-one fashion; computer A trusts computer B (this does not imply that system B trusts system A). Implied with this trust is that the system administrator of the trusted system is performing the job properly and maintaining an appropriate level of security for the system. Network spoofing occurs in the following manner: if computer A trusts computer B and computer C spoofs (impersonates) computer B, then computer C can gain otherwise-denied access to computer A.
THANK YOU!
• A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack). • §Example[edit] • Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends Alice's password (or hash) read from the last session, which Bob accepts thus granting access to Eve
• Eavesdropping. This allows a cracker (hacker) to make a complete copy of network activity. As a result, a cracker can obtain sensitive information such as passwords, data, and procedures for performing functions. It is possible for a cracker to eavesdrop by wiretapping, using radio, or using auxiliary ports on terminals. It is also possible to eavesdrop using software that monitors packets sent over the network. In most cases, it is difficult to detect eavesdropping.

Recommended

New internet security
New internet securityNew internet security
New internet securityuniversity of mumbai
 
internet security
internet securityinternet security
internet securityCheryl Tanicala-Roldan
 
Computer security
Computer securityComputer security
Computer securityRoshanMaharjan13
 
Chapter 11
Chapter 11Chapter 11
Chapter 11Mohd Khairil Borhanudin
 
cyber_security
cyber_securitycyber_security
cyber_securityJana Baxter
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet securityuniversity of mumbai
 
Computer Security
Computer SecurityComputer Security
Computer SecurityVaibhavi Patel
 
Hacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksHacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksSrikanth VNV
 

Recommended

New internet security
New internet securityNew internet security
New internet securityuniversity of mumbai
 
internet security
internet securityinternet security
internet securityCheryl Tanicala-Roldan
 
Computer security
Computer securityComputer security
Computer securityRoshanMaharjan13
 
Chapter 11
Chapter 11Chapter 11
Chapter 11Mohd Khairil Borhanudin
 
cyber_security
cyber_securitycyber_security
cyber_securityJana Baxter
 
NewIinternet security
NewIinternet securityNewIinternet security
NewIinternet securityuniversity of mumbai
 
Computer Security
Computer SecurityComputer Security
Computer SecurityVaibhavi Patel
 
Hacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksHacking Vs Cracking in Computer Networks
Hacking Vs Cracking in Computer NetworksSrikanth VNV
 
Computer security
Computer securityComputer security
Computer securityfiza1975
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Securitydkp205
 
A to z of Cyber Crime
A to z of Cyber CrimeA to z of Cyber Crime
A to z of Cyber CrimeJessore University of Science & Technology, Jessore.
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESShyam Kumar Singh
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
Need For Ethical & Security Issue In It
Need For Ethical & Security Issue In ItNeed For Ethical & Security Issue In It
Need For Ethical & Security Issue In ItSonali Srivastava
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentationKudzai Rerayi
 
1 security goals
1 security goals1 security goals
1 security goalsdrewz lin
 
Fp611 kuliah 2
Fp611 kuliah 2Fp611 kuliah 2
Fp611 kuliah 2Anis Mardhiyah
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network securityIGZ Software house
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemInternational Journal of Engineering Inventions www.ijeijournal.com
 
Computer security and
Computer security andComputer security and
Computer security andRana Usman Sattar
 
Cyber Space Operation- Offensive Cyber Space Operation
Cyber Space Operation- Offensive Cyber Space OperationCyber Space Operation- Offensive Cyber Space Operation
Cyber Space Operation- Offensive Cyber Space OperationRubal Sagwal
 
The legend of the children of lir final
The legend of the children of lir finalThe legend of the children of lir final
The legend of the children of lir finalzukowskadorota
 
Киевкая Русь
Киевкая Русь Киевкая Русь
Киевкая Русь pliginairina1992
 

More Related Content

What's hot

Computer security
Computer securityComputer security
Computer securityfiza1975
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Securitydkp205
 
SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESShyam Kumar Singh
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer PrivacySaqib Raza
 
Need For Ethical & Security Issue In It
Need For Ethical & Security Issue In ItNeed For Ethical & Security Issue In It
Need For Ethical & Security Issue In ItSonali Srivastava
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
Data Network Security
Data Network SecurityData Network Security
Data Network SecurityAtif Rehmat
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentationKudzai Rerayi
 
1 security goals
1 security goals1 security goals
1 security goalsdrewz lin
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Cyber Space Operation- Offensive Cyber Space Operation
Cyber Space Operation- Offensive Cyber Space OperationCyber Space Operation- Offensive Cyber Space Operation
Cyber Space Operation- Offensive Cyber Space OperationRubal Sagwal
 

What's hot (20)

Computer security
Computer securityComputer security
Computer security
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Security
 
A to z of Cyber Crime
A to z of Cyber CrimeA to z of Cyber Crime
A to z of Cyber Crime
 
Security threats
Security threatsSecurity threats
Security threats
 
SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURES
 
11 Computer Privacy
11 Computer Privacy11 Computer Privacy
11 Computer Privacy
 
Need For Ethical & Security Issue In It
Need For Ethical & Security Issue In ItNeed For Ethical & Security Issue In It
Need For Ethical & Security Issue In It
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpoint
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
Data Network Security
Data Network SecurityData Network Security
Data Network Security
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
 
1 security goals
1 security goals1 security goals
1 security goals
 
Fp611 kuliah 2
Fp611 kuliah 2Fp611 kuliah 2
Fp611 kuliah 2
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
 
Introduction Network security
Introduction Network securityIntroduction Network security
Introduction Network security
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 
Honey Pot Intrusion Detection System
Honey Pot Intrusion Detection SystemHoney Pot Intrusion Detection System
Honey Pot Intrusion Detection System
 
Computer security and
Computer security andComputer security and
Computer security and
 
Cyber Space Operation- Offensive Cyber Space Operation
Cyber Space Operation- Offensive Cyber Space OperationCyber Space Operation- Offensive Cyber Space Operation
Cyber Space Operation- Offensive Cyber Space Operation
 

Viewers also liked

The legend of the children of lir final
The legend of the children of lir finalThe legend of the children of lir final
The legend of the children of lir finalzukowskadorota
 
Cargo tally loading supervision & marine surveyors
Cargo tally loading supervision & marine surveyorsCargo tally loading supervision & marine surveyors
Cargo tally loading supervision & marine surveyors1. Vietnam Inspection Group
 
New year new babies(1)
New year new babies(1)New year new babies(1)
New year new babies(1)Ranbeer Singh
 
Week3 Project: Putting It all together
Week3 Project: Putting It all togetherWeek3 Project: Putting It all together
Week3 Project: Putting It all togetherDelroy Souden
 
Install joomla di_xampp
Install joomla di_xamppInstall joomla di_xampp
Install joomla di_xamppyoyoqnaliu
 

Viewers also liked (12)

The legend of the children of lir final
The legend of the children of lir finalThe legend of the children of lir final
The legend of the children of lir final
 
Киевкая Русь
Киевкая Русь Киевкая Русь
Киевкая Русь
 
Cargo tally loading supervision & marine surveyors
Cargo tally loading supervision & marine surveyorsCargo tally loading supervision & marine surveyors
Cargo tally loading supervision & marine surveyors
 
IC Photo Book 2015_SM
IC Photo Book 2015_SMIC Photo Book 2015_SM
IC Photo Book 2015_SM
 
Adam Resume
Adam ResumeAdam Resume
Adam Resume
 
New year new babies(1)
New year new babies(1)New year new babies(1)
New year new babies(1)
 
LlArts 2014
LlArts 2014LlArts 2014
LlArts 2014
 
Week3 Project: Putting It all together
Week3 Project: Putting It all togetherWeek3 Project: Putting It all together
Week3 Project: Putting It all together
 
Macro economics
Macro economicsMacro economics
Macro economics
 
Flickr Quick Guidelines
Flickr Quick GuidelinesFlickr Quick Guidelines
Flickr Quick Guidelines
 
Bc6a89f06c6c5e6b1cca8d423c1dff8e
Bc6a89f06c6c5e6b1cca8d423c1dff8eBc6a89f06c6c5e6b1cca8d423c1dff8e
Bc6a89f06c6c5e6b1cca8d423c1dff8e
 
Install joomla di_xampp
Install joomla di_xamppInstall joomla di_xampp
Install joomla di_xampp
 

Similar to Security Threats

Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Cengage Learning
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxJenetSilence
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedBule Hora University
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security ritik shukla
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptxKnownId
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer SystemManesh T
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computingManoj VNV
 

Similar to Security Threats (20)

System Security
System SecuritySystem Security
System Security
 
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
Compusecuraphobia – The Fear of HOPING Your Computer is Secure - Course Techn...
 
3-UnitV_security.pptx
3-UnitV_security.pptx3-UnitV_security.pptx
3-UnitV_security.pptx
 
attack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptxattack vectors by chimwemwe.pptx
attack vectors by chimwemwe.pptx
 
cyber-warfare.pptx
cyber-warfare.pptxcyber-warfare.pptx
cyber-warfare.pptx
 
Chapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganisedChapter1 intro network_security_sunorganised
Chapter1 intro network_security_sunorganised
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
 
Types of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsTypes of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security Threats
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
 
cryptographic security
cryptographic securitycryptographic security
cryptographic security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Crime And Security
Cyber Crime And Security Cyber Crime And Security
Cyber Crime And Security
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
Information Systems.pptx
Information Systems.pptxInformation Systems.pptx
Information Systems.pptx
 
Security in Computer System
Security in Computer SystemSecurity in Computer System
Security in Computer System
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
 
Chapter- I introduction
Chapter- I introductionChapter- I introduction
Chapter- I introduction
 
Chapter-I introduction
Chapter-I introductionChapter-I introduction
Chapter-I introduction
 
Security in network computing
Security in network computingSecurity in network computing
Security in network computing
 

Recently uploaded

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfproinshot.com
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfryanfarris8
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...software pro Development
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidPhilip Schwarz
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 

Recently uploaded (20)

Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Exploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdfExploring the Best Video Editing App.pdf
Exploring the Best Video Editing App.pdf
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...How to Choose the Right Laravel Development Partner in New York City_compress...
How to Choose the Right Laravel Development Partner in New York City_compress...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 

Security Threats

  • 1.
  • 2.
  • 3. DEFINING SECURITY Security means to protect information. It deals with the prevention and detection of unauthorized actions by users of a computer. Lately it has been extended to include privacy, confidentiality, and integrity.
  • 4. This definition implies that you have to know the information and the value of that information in order to develop protective measures. A rough classification of protective measures in computer security is as follows:
  • 5. Prevention—Take measures that prevent your information from being damaged, altered, or stolen. Preventive measures can range from locking the server room door to setting up high-level security policies.
  • 6. Detection—Take measures that allow you to detect when information has been damaged, altered, or stolen, how it has been damaged, altered, or stolen, and who has caused the damage. Various tools are available to help detect intrusions, damage or alterations, and viruses.
  • 7. Reaction—Take measures that allow recovery of information, even if information is lost or damaged.
  • 8. The above measures are all very well, but if you do not understand how information may be compromised, you cannot take measures to protect it. You must examine the components on how information can be compromised:
  • 9. Confidentiality :-The prevention of unauthorized disclosure of information. This can be the result of poor security measures or information leaks by personnel. An example of poor security measures would be to allow anonymous access to sensitive information.
  • 10. Integrity. The prevention of erroneous modification of information. Authorized users are probably the biggest cause of errors and omissions and the alteration of data. Storing incorrect data within the system can be as bad as losing data. Malicious attackers also can modify, delete, or corrupt information that is vital to the correct operation of business functions.
  • 11. Availability. The prevention of unauthorized with holding of information or resources. This does not apply just to personnel withholding information. Information should be as freely available as possible to authorized users.
  • 12. Authentication. The process of verifying that users are who they claim to be when logging onto a system. Generally, the use of user names and passwords accomplishes this. More sophisticated is the use of smart cards and retina scanning. The process of authentication does not grant the user access rights to resources—this is achieved through the authorization process.
  • 13. Authorization. The process of allowing only authorized users access to sensitive information. An authorization process uses the appropriate security authority to determine whether a user should have access to resources.
  • 14.
  • 15. HISTORY OF SECURITY • Computers and networks originally were built to ease the exchange of information. Early information technology (IT) infrastructures were built around central computers or mainframe solutions while others were developed around the personal computer. What some thought impossible became reality and today businesses are being driven by the power of the personal computer that users access with just a user name and password. • But as the information revolution opened new avenues for IT, it also opened new possibilities for crime. Attackers used these opportunities to steal passwords and gain access to information or to create disastrous effects on networks and computers.
  • 16. Threats Motives/Goals Methods Security Policies • Employees • Malicious • Ignorant • Non-employees • Outside attackers • Natural disasters • Floods • Earthquakes • Hurricanes • Riots and wars • Deny services • Steal information • Alter information • Damage information • Delete information • Make a joke • Show off • Social engineering • Viruses, Trojan horses, worms • Packet replay • Packet modification • IP spoofing • Mail bombing • Various hacking tools • Password cracking • Vulnerabilities • Assets • Information and data • Productivity • Hardware • Personnel
  • 17.
  • 18. THREATS In Computer Security a threat is a possible danger that might exploit a vulnerability to breach security and thus cause possible harm. A threat can be either "intentional" (i.e., intelligent; e.g., an individual cracker or a criminal organization) or "accidental" (e.g., the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event.
  • 19. • Viruses. Attackers can develop harmful code known as viruses. Using hacking techniques, they can break into systems and plant viruses. Viruses in general are a threat to any environment. They come in different forms and although not always malicious, they always take up time. Viruses can also be spread via e-mail and disks.
  • 20. • Worms. These are programs that run independently and travel from computer to computer across network connections. Worms may have portions of themselves running on many different computers. Worms do not change other programs, although they may carry other code that does.
  • 21. • Trojan horses. These are malicious programs or software code hidden inside what looks like a normal program. When a user runs the normal program, the hidden code runs as well. It can then start deleting files and causing other damage to the computer. Trojan horses are normally spread by e-mail attachments. The Melissa virus that caused denial-of-service attacks throughout the world in 1999 was a type of Trojan horse.
  • 22. • Eavesdropping. E-mail headers and contents are transmitted in the clear text if no encryption is used. As a result, the contents of a message can be read or altered in transit. The header can be modified to hide or change the sender, or to redirect the message.
  • 23. • Password cracking. This is a technique attackers use to surreptitiously gain system access through another user's account. This is possible because users often select weak passwords. The two major problems with passwords is when they are easy to guess based on knowledge of the user (for example, wife's maiden name) and when they are susceptible to dictionary attacks (that is, using a dictionary as the source of guesses). • Denial-of-service attacks. This attack exploits the need to have a service available. It is a growing trend on the Internet because Web sites in general are open doors ready for abuse. People can easily flood the Web server with communication in order to keep it busy. Therefore, companies connected to the Internet should prepare for (DoS) attacks. They also are difficult to trace and allow other types of attacks to be subdued.
  • 24. • E-mail hacking. Electronic mail is one of the most popular features of the Internet. With access to Internet e-mail, someone can potentially correspond with any one of millions of people worldwide. Some of the threats associated with e-mail are: • Packet replay. This refers to the recording and retransmission of message packets in the network. Packet replay is a significant threat for programs that require authentication sequences, because an intruder could replay legitimate authentication sequence messages to gain access to a system. Packet replay is frequently undetectable, but can be prevented by using packet time stamping and packet sequence counting. • Packet modification. This involves one system intercepting and modifying a packet destined for another system. Packet information may not only be modified, it could also be destroyed.
  • 25. • Network spoofing. In network spoofing, a system presents itself to the network as though it were a different system (computer A impersonates computer B by sending B's address instead of its own). The reason for doing this is that systems tend to operate within a group of other trusted systems. Trust is imparted in a one-to-one fashion; computer A trusts computer B (this does not imply that system B trusts system A). Implied with this trust is that the system administrator of the trusted system is performing the job properly and maintaining an appropriate level of security for the system. Network spoofing occurs in the following manner: if computer A trusts computer B and computer C spoofs (impersonates) computer B, then computer C can gain otherwise-denied access to computer A.
  • 26.
  • 27.
  • 28.
  • 30. • A replay attack (also known as playback attack) is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack). • §Example[edit] • Suppose Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping on the conversation and keeps the password (or the hash). After the interchange is over, Eve (posing as Alice) connects to Bob; when asked for a proof of identity, Eve sends Alice's password (or hash) read from the last session, which Bob accepts thus granting access to Eve
  • 31. • Eavesdropping. This allows a cracker (hacker) to make a complete copy of network activity. As a result, a cracker can obtain sensitive information such as passwords, data, and procedures for performing functions. It is possible for a cracker to eavesdrop by wiretapping, using radio, or using auxiliary ports on terminals. It is also possible to eavesdrop using software that monitors packets sent over the network. In most cases, it is difficult to detect eavesdropping.