SlideShare ist ein Scribd-Unternehmen logo

Cyber security

Als PPTX, PDF herunterladen
A
ankit yadav

A presentation Taken by me and my friend Manu on Cybersecurity

Bildung
1 von 42
Cybersecurity Reality vs Hollywood
Reality !!
What Is Cybersecurity • Secrecy or Confidentiality • Integrity • Availability
SECRECY OR CONFIDENTIALITY INTEGRITY IT MEANS THAT ONLY AUTHORIZED PEOPLE SHOULD BE ABLE TO ACCESS OR READ SPECIFIC COMPUTER SYSTEM IT MEANS THAT ONLY AUTHORIZED PEOPLE SHOULD HAVE THE ABILITY TO USE OR MODIFY SYSTEMS
AVAILABILITY IT MEANS THAT AUTHORISED PEOPLE SHOULD ALWAYS HAVE ACCESS TO THEIR SYSTEMS EVERY TIME THEY NEED TO
What Is Hacking  Hacking is an attempt to exploit a computer system or a private network inside a computer.  Simply put, it is the unauthorised access to or control over computer network security systems for some illicit purpose.
Hackers A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security.
Types Of Hackers White Hat/ Ethical Hackers: Someone who gains access to a system with a view to find out and fix the weaknesses and not exploit them for personal gains. Black Hat/ Crackers: The main intention here is to steal corporate data, violate privacy rights, transfer funds from bank accounts etc.
Types Of Hackers Grey Hat: They breaks into computer systems without authority with a view to identify weaknesses and reveal them to the system owner. Hacktivists: A hacker who use hacking to send social, religious, and political Messages. This is usually done by hijacking websites and leaving the message on the hijacked website.
Transformers We can co-exist with humans, while we rebuild our own planet
Social Engineering Fraudwatchinternational.com
Major types of Attacks Brute force:  A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Phishing:  Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.  It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
Major types of Attacks DOS / DDOS (Denial Of Service):  A denial-of-service attack is a security event that occurs when an attacker takes action that prevents legitimate users from accessing targeted computer systems, devices or other network resources.  Denial-of-service (DoS) attacks typically flood servers, systems or networks with traffic in order to overwhelm the victim resources and make it difficult or impossible for legitimate users to use them. While an attack that crashes a server can often be dealt with successfully by simply rebooting the system, flooding attacks can be more difficult to recover from.
Major types of Attacks IP SPOOFING  IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonates another machine by manipulating IP packets. IP Spoofing involves modifying the packet header with a forged (spoofed) source IP address, a checksum, and the order value.
Major types of Attacks MAN IN THE MIDDLE (MITM) ATTACK  A man-in-the-middle attack is a type of cyberattack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other.  A man-in-the-middle attack allows a malicious actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. Man-in-the-middle attacks can be abbreviated in many ways, including MITM, MitM, MiM or MIM.
Key Concepts of a Man-in-the-Middle Attack  Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.  A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.  Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late Major types of Attacks
Major types of Attacks Viruses  A virus requires an active host program or an already infected system to run and cause damage by infecting other files or documents.  They are usually attached to executable file or word documents.  Can be activated at a certain time or an event.  Spread via mails or flash drives. Worms  A worm is self replicating and self propagating  Worms are usually destructive while viruses can do a lot of other things.
Major types of Attacks Trojan  Very powerful malware, often disguised as useful software.  Usually very sophisticated and can be anything. e.g. games, song etc.  However, they cannot replicate themselves.  Types: Backdoor Trojan, Info stealer Trojan, Trojan Downloader, Trojan DDoS Prevention  Using good anti-malware software's.  Downloading files form trusted websites.
Major types of Attacks Adware  Displays unwanted banner advertisements.  Often bundled with freeware that can be downloaded from the internet.  Usually included to recover costs of software development in order to distribute the application for free.  Can Hijack the browser to display some certain page when it starts up.  Some of them can even monitor the web usage, referred to as SPYWARE  Data collected can be sent back to hackers or advertising agencies.
Major types of Attacks Ransomware ●Locks your computer and you cannot access anything until you pay some amount of money. ●Targets anyone and everyone ●Payments are often requested in form of cryptocurrencies(Like Bitcoin). ●Infects mostly through email links and downloads. ●WannaCry infected more than 200,000 computers in over 150 countries ●Lucky in Feb,2016, extorted more than 17,000 $ from a hospital. ●CTB Locker in 2014, was one of the first ransomwares that was sold as an underground service program.
PREVENTIONS  Data Backups  Turn off external applications like Dropbox  Never open spam emails or suspicious links  Use good antivirus
Brute force:  Never ever use a dictionary word as your password  Include different numbers and characters in your password  The bigger the better. Phishing:  Vigilance (Do not open things all willy nilly  Use of email filters and proper antivirus softwares  Common technical sense
Some Preventions and Precautions DOS/DDOS:  Over provision Bandwidth  Creating a DDOS play book  Employing a DDOS specialist e.g. Cloudfare, Akamei.  Using Load Balancers
 IP SPOOFING AND MITM PREVENTION  Use authentication based on key exchange between the machines on your network; something like IPsec will significantly cut down on the risk of spoofing.  Use an access control list to deny private IP addresses on your downstream interface.  Implement filtering of both inbound and outbound traffic.  Configure your routers and switches if they support such configuration, to reject packets originating from outside your local network that claim to originate from within.  Enable encryption sessions on your router so that trusted hosts that are outside your network can securely communicate with your local hosts. Some Preventions and Precautions
CYBER SECURITY MEASURES  ANTIVIRUS  FIREWALLS  ENCRYPTION  SSL & HTTPS  MULTI-FACTOR AUTHENTICATION
CYBER SECURITY MEASURES  ANTIVIRUS  Features of Antivirus Software  Background Scanning  Full System Scans  Virus Definitions  Background Scanning  Antivirus software scans all the files that you open from the back-end; this is also termed as on access scanning. It gives a real time protection safeguarding the computer from threats and other malicious attacks. 
CYBER SECURITY MEASURES  Full System Scans  Full system scans are generally not essential when you already have an on access scanning facility. Full system scans are essential when you install antivirus software for the first time or you have updated your antivirus software recently. This is done to make sure that there are no viruses present hidden on your system. Full system scans are also useful when you repair your infected computer.  Virus Definitions  Antivirus software depends on the virus definitions to identify malware. That is the reason it updates on the new viruses definitions. Malware definitions contain signatures for any new viruses and other malware that has been classified as wild. If the antivirus software scans any application or file and if it finds the file infected by a malware that is similar to the malware in the malware definition. Then antivirus software terminates the file from executing pushing it to the quarantine. The malware is processed accordingly corresponding to the type of virus protection.
CYBER SECURITY MEASURES  SIGNATURE-BASED DETECTION - This is most common in Traditional antivirus software that checks all the .EXE files and validates it with the known list of viruses and other types of malware. or it checks if the unknown executable files shows any misbehavior as a sign of unknown viruses.  HEURISTIC-BASED DETECTION - This type of detection is most commonly used in combination with signature-based detection. Heuristic technology is deployed in most of the antivirus programs. This helps the antivirus software to detect new or a variant or an altered version of malware, even in the absence of the latest virus definitions.
CYBER SECURITY MEASURES  BEHAVIORAL-BASED DETECTION - This type of detection is used in Intrusion Detection mechanism. This concentrates more in detecting the characteristics of the malware during execution. This mechanism detects malware only while the malware performs malware actions.  SANDBOX DETECTION - It functions most likely to that of behavioral based detection method. It executes any applications in the virtual environment to track what kind of actions it performs. Verifying the actions of the program that are logged in, the antivirus software can identify if the program is malicious or not.  DATA MINING TECHNIQUES - This is of the latest trends in detecting a malware. With a set of program features, Data mining helps to find if the program is malicious or not.
CYBER SECURITY MEASURES  FIREWALL  At their most basic, firewalls work like a filter between your computer/network and the Internet. You can program what you want to get out and what you want to get in. Everything else is not allowed. There are several different methods firewalls use to filter out information, and some are used in combination. These methods work at different layers of a network, which determines how specific the filtering options can be.  Firewalls can be used in a number of ways to add security to your home or business.
CYBER SECURITY MEASURES  ENCRYPTION  Encryption is a modern form of cryptography that allows a user to hide information from others. Encryption uses a complex algorithm called a cipher in order to turn normalized data (plaintext) into a series of seemingly random characters (cipher text) that is unreadable by those without a special key in which to decrypt it. Those that possess the key can decrypt the data in order to view the plaintext again rather than the random character string of cipher text.
CYBER SECURITY MEASURES  SSL  SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.
CYBER SECURITY MEASURES  How SSL Works  When a Web browser tries to connect to a website using SSL, the browser will first request the web server identify itself. This prompts the web server to send the browser a copy of the SSL Certificate. The browser checks to see if the SSL Certificate is trusted -- if the SSL Certificate is trusted, then the browser sends a message to the Web server. The server then responds to the browser with a digitally signed acknowledgement to start an SSL encrypted session. This allows encrypted data to be shared between the browser and the server. You may notice that your browsing session now starts with https (and not http).
CYBER SECURITY MEASURES  HTTPS  HTTPS pages typically use one of two secure protocols to encrypt communications - SSL (Secure Sockets Layer) or TLS (Transport Layer Security). Both the TLS and SSL protocols use what is known as an 'asymmetric' Public Key Infrastructure (PKI) system. An asymmetric system uses two 'keys' to encrypt communications, a 'public' key and a 'private' key. Anything encrypted with the public key can only be decrypted by the private key and vice-versa.
CYBER SECURITY MEASURES  MULTI-FACTOR AUTHENTICATION  Multi-factor authentication (MFA) is a method of confirming a user's claimed identity in which a user is granted access only after successfully presenting 2 or more pieces of evidence (or factors) to an authentication mechanism  Hence it makes it harder for the hackers to break into your system as they need to hack both the factors to pass through.
CYBER SECURITY MEASURES  Authentication factors  Knowledge factors  Knowledge factors are the most commonly used form of authentication. In this form, the user is required to prove knowledge of a secret in order to authenticate.  Possession factors  Possession factors ("something the user and only the user has") have been used for authentication for centuries, in the form of a key to a lock. The basic principle is that the key embodies a secret which is shared between the lock and the key, and the same principle underlies possession factor authentication in computer systems. A security token is an example of a possession factor.  Inherence factors  These are factors associated with the user, and are usually bio-metric methods, including fingerprint readers, retina scanners or voice recognition.
CYBER SECURITY MEASURES  PENETRATION TESTING  It is a method of testing in which the areas of weakness in the software systems in terms of security are put to test to determine, if ‘weak-point’ is indeed one, that can be broken into or not.  Performed for: Websites/Servers/Networks  It starts with a list of Vulnerabilities/potential problem areas that would cause a security breach for the system.  Devise penetration tests that would work (attack your system) from both within the network and outside (externally).  If unauthorized access is possible, then the system has to be corrected and the series of steps need to be re-run until the problem area is fixed.
BEING A CYBER-EXPERT Industry Status Last year ethical hacking was estimated to be a US$ 3.8 billion industry in the US alone. According to Nasscom, India will require at least 77,000 ethical hackers every year whereas we are producing only 15,000 in a year, currently. Ethical hacking is growing at a tremendous pace and offers a plethora of lucrative job opportunities  Growth areas  The information security industry is going at a current worldwide growth rate of 21%. Frost & Sullivan have estimated that there are 2.28 million information security professionals worldwide which is expected to increase to nearly 4.2 million by 2015. The need for information security for security compliance in India is mandatory for all companies with an IT backbone. The requirement for such personnel is especially high with organisations in the IT/ITES space. ● A fresher may work as an intern for a couple of months and can start with a minimum of Rs 2.5 lakh per annum. ● th one year of experience, one can expect upto Rs 4.5 lakh per annum. ● Those with work experience five years or more can get from 10-12 lakh per annum.
PRESENTED BY ANKIT YADAV MANU GUPTA TEAM I.R.I.S

Empfohlen

Computer security
Computer securityComputer security
Computer security
sruthiKrishnaG
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020
SecPod Technologies
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
srivijaymanickam
 
Types of Cyber-Attacks
Types of Cyber-AttacksTypes of Cyber-Attacks
Types of Cyber-Attacks
techexpert2345
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
phanleson
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
wajug
 
Computer virus
Computer virusComputer virus
Computer virus
sajeena81
 

Empfohlen

Computer security
Computer securityComputer security
Computer security
sruthiKrishnaG
 
8 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 20208 Types of Cyber Attacks That Can Bother CISOs in 2020
8 Types of Cyber Attacks That Can Bother CISOs in 2020
SecPod Technologies
 
Types of attacks and threads
Types of attacks and threadsTypes of attacks and threads
Types of attacks and threads
srivijaymanickam
 
Types of Cyber-Attacks
Types of Cyber-AttacksTypes of Cyber-Attacks
Types of Cyber-Attacks
techexpert2345
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
krishh sivakrishna
 
Ch03 Network and Computer Attacks
Ch03 Network and Computer AttacksCh03 Network and Computer Attacks
Ch03 Network and Computer Attacks
phanleson
 
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
Wajug: Cyber war, Cyber Attacks and Ethical Hacking - Frédéric de Pauw - Dece...
wajug
 
Computer virus
Computer virusComputer virus
Computer virus
sajeena81
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
Ardit Meti
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
Mark Silver
 
Security threats
Security threatsSecurity threats
Security threats
Qamar Farooq
 
Firewall
FirewallFirewall
Firewall
sajeena81
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
Kenny Huang Ph.D.
 
Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hacking
anonymousrider
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
Geeks Anonymes
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
EC-Council
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Connecting Up
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
Alapan Banerjee
 
Netiquette
NetiquetteNetiquette
Netiquette
sajeena81
 
1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a review1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a review
INFOGAIN PUBLICATION
 
Intruders detection
Intruders detectionIntruders detection
Intruders detection
Ehtisham Ali
 
Desktop Pc Computer Security
Desktop Pc Computer SecurityDesktop Pc Computer Security
Desktop Pc Computer Security
Nicholas Davis
 
SDK Whitepaper
SDK WhitepaperSDK Whitepaper
SDK Whitepaper
hanniw79
 
Information Technology - System Threats
Information Technology - System ThreatsInformation Technology - System Threats
Information Technology - System Threats
Drishti Bhalla
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
Anuradha Moti T
 
System Security- Firewalls and ID System
System Security- Firewalls and ID SystemSystem Security- Firewalls and ID System
System Security- Firewalls and ID System
Gayathridevi120
 
Network security
Network securityNetwork security
Network security
Md. Asifur Rahman Siddiki
 
Internet Security in Web 2.0
Internet Security in Web 2.0 Internet Security in Web 2.0
Internet Security in Web 2.0
Arjunsinh Sindhav
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
Nitesh Dubey
 

Weitere ähnliche Inhalte

Was ist angesagt?

Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
Ardit Meti
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Connecting Up
 
1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a review1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a review
INFOGAIN PUBLICATION
 
Intruders detection
Intruders detectionIntruders detection
Intruders detection
Ehtisham Ali
 
Desktop Pc Computer Security
Desktop Pc Computer SecurityDesktop Pc Computer Security
Desktop Pc Computer Security
Nicholas Davis
 

Was ist angesagt? (20)

Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
 
Anatomy of a cyber attack
Anatomy of a cyber attackAnatomy of a cyber attack
Anatomy of a cyber attack
 
Security threats
Security threatsSecurity threats
Security threats
 
Firewall
FirewallFirewall
Firewall
 
Cyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoSCyber Attack Analysis : Part I DDoS
Cyber Attack Analysis : Part I DDoS
 
Cehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hackingCehv6 module 01 introduction to ethical hacking
Cehv6 module 01 introduction to ethical hacking
 
Cyber Attack Methodologies
Cyber Attack MethodologiesCyber Attack Methodologies
Cyber Attack Methodologies
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Netiquette
NetiquetteNetiquette
Netiquette
 
1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a review1 ijaems sept-2015-3-different attacks in the network a review
1 ijaems sept-2015-3-different attacks in the network a review
 
Intruders detection
Intruders detectionIntruders detection
Intruders detection
 
Desktop Pc Computer Security
Desktop Pc Computer SecurityDesktop Pc Computer Security
Desktop Pc Computer Security
 
SDK Whitepaper
SDK WhitepaperSDK Whitepaper
SDK Whitepaper
 
Information Technology - System Threats
Information Technology - System ThreatsInformation Technology - System Threats
Information Technology - System Threats
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
 
System Security- Firewalls and ID System
System Security- Firewalls and ID SystemSystem Security- Firewalls and ID System
System Security- Firewalls and ID System
 
Network security
Network securityNetwork security
Network security
 

Ähnlich wie Cyber security

Basics of System Security and Tools
Basics of System Security and ToolsBasics of System Security and Tools
Basics of System Security and Tools
Karan Bhandari
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
srtwgwfwwgw
 

Ähnlich wie Cyber security (20)

Internet Security in Web 2.0
Internet Security in Web 2.0 Internet Security in Web 2.0
Internet Security in Web 2.0
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Cyber Security Company.docx
Cyber Security Company.docxCyber Security Company.docx
Cyber Security Company.docx
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering students
 
CyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topicCyberSecurity presentation for basic knowledge about this topic
CyberSecurity presentation for basic knowledge about this topic
 
SAMPLE ATTACKS PRESENTATION.pdf
SAMPLE ATTACKS PRESENTATION.pdfSAMPLE ATTACKS PRESENTATION.pdf
SAMPLE ATTACKS PRESENTATION.pdf
 
viruses.pptx
viruses.pptxviruses.pptx
viruses.pptx
 
IT Security.pdf
IT Security.pdfIT Security.pdf
IT Security.pdf
 
L N Yadav Cyber SECURITY.ppt
L N Yadav Cyber SECURITY.pptL N Yadav Cyber SECURITY.ppt
L N Yadav Cyber SECURITY.ppt
 
L N Yadav Cyber SECURITY2.ppt
L N Yadav Cyber SECURITY2.pptL N Yadav Cyber SECURITY2.ppt
L N Yadav Cyber SECURITY2.ppt
 
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
10 Types Of Cyber Attacks And How They Can Affect You- Detox technologies.pdf
 
cybersecurity
cybersecuritycybersecurity
cybersecurity
 
Computer security and
Computer security andComputer security and
Computer security and
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Basics of System Security and Tools
Basics of System Security and ToolsBasics of System Security and Tools
Basics of System Security and Tools
 
Computer security 7.pptx
Computer security 7.pptxComputer security 7.pptx
Computer security 7.pptx
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
 
cyber security
cyber security cyber security
cyber security
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
 
Cyber Security - All Over World
Cyber Security - All Over WorldCyber Security - All Over World
Cyber Security - All Over World
 

Kürzlich hochgeladen

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 

Kürzlich hochgeladen (20)

Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 

Cyber security

  • 1.
  • 3.
  • 5. What Is Cybersecurity • Secrecy or Confidentiality • Integrity • Availability
  • 6. SECRECY OR CONFIDENTIALITY INTEGRITY IT MEANS THAT ONLY AUTHORIZED PEOPLE SHOULD BE ABLE TO ACCESS OR READ SPECIFIC COMPUTER SYSTEM IT MEANS THAT ONLY AUTHORIZED PEOPLE SHOULD HAVE THE ABILITY TO USE OR MODIFY SYSTEMS
  • 7. AVAILABILITY IT MEANS THAT AUTHORISED PEOPLE SHOULD ALWAYS HAVE ACCESS TO THEIR SYSTEMS EVERY TIME THEY NEED TO
  • 8. What Is Hacking  Hacking is an attempt to exploit a computer system or a private network inside a computer.  Simply put, it is the unauthorised access to or control over computer network security systems for some illicit purpose.
  • 9. Hackers A Hacker is a person who finds and exploits the weakness in computer systems and/or networks to gain access. Hackers are usually skilled computer programmers with knowledge of computer security.
  • 10. Types Of Hackers White Hat/ Ethical Hackers: Someone who gains access to a system with a view to find out and fix the weaknesses and not exploit them for personal gains. Black Hat/ Crackers: The main intention here is to steal corporate data, violate privacy rights, transfer funds from bank accounts etc.
  • 11. Types Of Hackers Grey Hat: They breaks into computer systems without authority with a view to identify weaknesses and reveal them to the system owner. Hacktivists: A hacker who use hacking to send social, religious, and political Messages. This is usually done by hijacking websites and leaving the message on the hijacked website.
  • 12. Transformers We can co-exist with humans, while we rebuild our own planet
  • 14. Major types of Attacks Brute force:  A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Phishing:  Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.  It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message.
  • 15. Major types of Attacks DOS / DDOS (Denial Of Service):  A denial-of-service attack is a security event that occurs when an attacker takes action that prevents legitimate users from accessing targeted computer systems, devices or other network resources.  Denial-of-service (DoS) attacks typically flood servers, systems or networks with traffic in order to overwhelm the victim resources and make it difficult or impossible for legitimate users to use them. While an attack that crashes a server can often be dealt with successfully by simply rebooting the system, flooding attacks can be more difficult to recover from.
  • 16. Major types of Attacks IP SPOOFING  IP Spoofing is a technique used to gain unauthorized access to machines, whereby an attacker illicitly impersonates another machine by manipulating IP packets. IP Spoofing involves modifying the packet header with a forged (spoofed) source IP address, a checksum, and the order value.
  • 17. Major types of Attacks MAN IN THE MIDDLE (MITM) ATTACK  A man-in-the-middle attack is a type of cyberattack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other.  A man-in-the-middle attack allows a malicious actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. Man-in-the-middle attacks can be abbreviated in many ways, including MITM, MitM, MiM or MIM.
  • 18. Key Concepts of a Man-in-the-Middle Attack  Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.  A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.  Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late Major types of Attacks
  • 19. Major types of Attacks Viruses  A virus requires an active host program or an already infected system to run and cause damage by infecting other files or documents.  They are usually attached to executable file or word documents.  Can be activated at a certain time or an event.  Spread via mails or flash drives. Worms  A worm is self replicating and self propagating  Worms are usually destructive while viruses can do a lot of other things.
  • 20. Major types of Attacks Trojan  Very powerful malware, often disguised as useful software.  Usually very sophisticated and can be anything. e.g. games, song etc.  However, they cannot replicate themselves.  Types: Backdoor Trojan, Info stealer Trojan, Trojan Downloader, Trojan DDoS Prevention  Using good anti-malware software's.  Downloading files form trusted websites.
  • 21. Major types of Attacks Adware  Displays unwanted banner advertisements.  Often bundled with freeware that can be downloaded from the internet.  Usually included to recover costs of software development in order to distribute the application for free.  Can Hijack the browser to display some certain page when it starts up.  Some of them can even monitor the web usage, referred to as SPYWARE  Data collected can be sent back to hackers or advertising agencies.
  • 22. Major types of Attacks Ransomware ●Locks your computer and you cannot access anything until you pay some amount of money. ●Targets anyone and everyone ●Payments are often requested in form of cryptocurrencies(Like Bitcoin). ●Infects mostly through email links and downloads. ●WannaCry infected more than 200,000 computers in over 150 countries ●Lucky in Feb,2016, extorted more than 17,000 $ from a hospital. ●CTB Locker in 2014, was one of the first ransomwares that was sold as an underground service program.
  • 23. PREVENTIONS  Data Backups  Turn off external applications like Dropbox  Never open spam emails or suspicious links  Use good antivirus
  • 24. Brute force:  Never ever use a dictionary word as your password  Include different numbers and characters in your password  The bigger the better. Phishing:  Vigilance (Do not open things all willy nilly  Use of email filters and proper antivirus softwares  Common technical sense
  • 25. Some Preventions and Precautions DOS/DDOS:  Over provision Bandwidth  Creating a DDOS play book  Employing a DDOS specialist e.g. Cloudfare, Akamei.  Using Load Balancers
  • 26.  IP SPOOFING AND MITM PREVENTION  Use authentication based on key exchange between the machines on your network; something like IPsec will significantly cut down on the risk of spoofing.  Use an access control list to deny private IP addresses on your downstream interface.  Implement filtering of both inbound and outbound traffic.  Configure your routers and switches if they support such configuration, to reject packets originating from outside your local network that claim to originate from within.  Enable encryption sessions on your router so that trusted hosts that are outside your network can securely communicate with your local hosts. Some Preventions and Precautions
  • 27. CYBER SECURITY MEASURES  ANTIVIRUS  FIREWALLS  ENCRYPTION  SSL & HTTPS  MULTI-FACTOR AUTHENTICATION
  • 28. CYBER SECURITY MEASURES  ANTIVIRUS  Features of Antivirus Software  Background Scanning  Full System Scans  Virus Definitions  Background Scanning  Antivirus software scans all the files that you open from the back-end; this is also termed as on access scanning. It gives a real time protection safeguarding the computer from threats and other malicious attacks. 
  • 29. CYBER SECURITY MEASURES  Full System Scans  Full system scans are generally not essential when you already have an on access scanning facility. Full system scans are essential when you install antivirus software for the first time or you have updated your antivirus software recently. This is done to make sure that there are no viruses present hidden on your system. Full system scans are also useful when you repair your infected computer.  Virus Definitions  Antivirus software depends on the virus definitions to identify malware. That is the reason it updates on the new viruses definitions. Malware definitions contain signatures for any new viruses and other malware that has been classified as wild. If the antivirus software scans any application or file and if it finds the file infected by a malware that is similar to the malware in the malware definition. Then antivirus software terminates the file from executing pushing it to the quarantine. The malware is processed accordingly corresponding to the type of virus protection.
  • 30. CYBER SECURITY MEASURES  SIGNATURE-BASED DETECTION - This is most common in Traditional antivirus software that checks all the .EXE files and validates it with the known list of viruses and other types of malware. or it checks if the unknown executable files shows any misbehavior as a sign of unknown viruses.  HEURISTIC-BASED DETECTION - This type of detection is most commonly used in combination with signature-based detection. Heuristic technology is deployed in most of the antivirus programs. This helps the antivirus software to detect new or a variant or an altered version of malware, even in the absence of the latest virus definitions.
  • 31. CYBER SECURITY MEASURES  BEHAVIORAL-BASED DETECTION - This type of detection is used in Intrusion Detection mechanism. This concentrates more in detecting the characteristics of the malware during execution. This mechanism detects malware only while the malware performs malware actions.  SANDBOX DETECTION - It functions most likely to that of behavioral based detection method. It executes any applications in the virtual environment to track what kind of actions it performs. Verifying the actions of the program that are logged in, the antivirus software can identify if the program is malicious or not.  DATA MINING TECHNIQUES - This is of the latest trends in detecting a malware. With a set of program features, Data mining helps to find if the program is malicious or not.
  • 32. CYBER SECURITY MEASURES  FIREWALL  At their most basic, firewalls work like a filter between your computer/network and the Internet. You can program what you want to get out and what you want to get in. Everything else is not allowed. There are several different methods firewalls use to filter out information, and some are used in combination. These methods work at different layers of a network, which determines how specific the filtering options can be.  Firewalls can be used in a number of ways to add security to your home or business.
  • 33. CYBER SECURITY MEASURES  ENCRYPTION  Encryption is a modern form of cryptography that allows a user to hide information from others. Encryption uses a complex algorithm called a cipher in order to turn normalized data (plaintext) into a series of seemingly random characters (cipher text) that is unreadable by those without a special key in which to decrypt it. Those that possess the key can decrypt the data in order to view the plaintext again rather than the random character string of cipher text.
  • 34. CYBER SECURITY MEASURES  SSL  SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted links between a web server and a browser in an online communication. The usage of SSL technology ensures that all data transmitted between the web server and browser remains encrypted.
  • 35. CYBER SECURITY MEASURES  How SSL Works  When a Web browser tries to connect to a website using SSL, the browser will first request the web server identify itself. This prompts the web server to send the browser a copy of the SSL Certificate. The browser checks to see if the SSL Certificate is trusted -- if the SSL Certificate is trusted, then the browser sends a message to the Web server. The server then responds to the browser with a digitally signed acknowledgement to start an SSL encrypted session. This allows encrypted data to be shared between the browser and the server. You may notice that your browsing session now starts with https (and not http).
  • 36. CYBER SECURITY MEASURES  HTTPS  HTTPS pages typically use one of two secure protocols to encrypt communications - SSL (Secure Sockets Layer) or TLS (Transport Layer Security). Both the TLS and SSL protocols use what is known as an 'asymmetric' Public Key Infrastructure (PKI) system. An asymmetric system uses two 'keys' to encrypt communications, a 'public' key and a 'private' key. Anything encrypted with the public key can only be decrypted by the private key and vice-versa.
  • 37. CYBER SECURITY MEASURES  MULTI-FACTOR AUTHENTICATION  Multi-factor authentication (MFA) is a method of confirming a user's claimed identity in which a user is granted access only after successfully presenting 2 or more pieces of evidence (or factors) to an authentication mechanism  Hence it makes it harder for the hackers to break into your system as they need to hack both the factors to pass through.
  • 38. CYBER SECURITY MEASURES  Authentication factors  Knowledge factors  Knowledge factors are the most commonly used form of authentication. In this form, the user is required to prove knowledge of a secret in order to authenticate.  Possession factors  Possession factors ("something the user and only the user has") have been used for authentication for centuries, in the form of a key to a lock. The basic principle is that the key embodies a secret which is shared between the lock and the key, and the same principle underlies possession factor authentication in computer systems. A security token is an example of a possession factor.  Inherence factors  These are factors associated with the user, and are usually bio-metric methods, including fingerprint readers, retina scanners or voice recognition.
  • 39. CYBER SECURITY MEASURES  PENETRATION TESTING  It is a method of testing in which the areas of weakness in the software systems in terms of security are put to test to determine, if ‘weak-point’ is indeed one, that can be broken into or not.  Performed for: Websites/Servers/Networks  It starts with a list of Vulnerabilities/potential problem areas that would cause a security breach for the system.  Devise penetration tests that would work (attack your system) from both within the network and outside (externally).  If unauthorized access is possible, then the system has to be corrected and the series of steps need to be re-run until the problem area is fixed.
  • 40. BEING A CYBER-EXPERT Industry Status Last year ethical hacking was estimated to be a US$ 3.8 billion industry in the US alone. According to Nasscom, India will require at least 77,000 ethical hackers every year whereas we are producing only 15,000 in a year, currently. Ethical hacking is growing at a tremendous pace and offers a plethora of lucrative job opportunities  Growth areas  The information security industry is going at a current worldwide growth rate of 21%. Frost & Sullivan have estimated that there are 2.28 million information security professionals worldwide which is expected to increase to nearly 4.2 million by 2015. The need for information security for security compliance in India is mandatory for all companies with an IT backbone. The requirement for such personnel is especially high with organisations in the IT/ITES space. ● A fresher may work as an intern for a couple of months and can start with a minimum of Rs 2.5 lakh per annum. ● th one year of experience, one can expect upto Rs 4.5 lakh per annum. ● Those with work experience five years or more can get from 10-12 lakh per annum.
  • 41.