System Security

By

Farhan Ahmad

farhanahmad@uet.edu.pk

Department of Chemical Engineering,

University of Engineering & Technology Lahore

Threat

Degree of harm

Countermeasures

2

Basic Security Concepts

3

Threat - anything that can cause harm

Not harmful unless it exploits an existing vulnerability

Vulnerability – anything that has not been protected against

threat making it open to harm

Is a weakness

Security - to neutralize threats

Threat

4

Level / Intensity of potential damage

Security Risk – potential that a given threat will exploit

vulnerabilities

Likelihood that something will happen that cause harm

Probability × severity

Include all parts of system

Potential data loss

Loss of privacy

Inability to use hardware

Inability to use software

Degrees of harm

5

Any step that is taken for protection to keep the threat away

The deployment of a set of security measures/services/control

to protect against a security threat

Backup of data

Firewall

Two classes of countermeasures:

Shield from personal harm

Shield from physical harm

Countermeasures

6

Theft of information

Loss of privacy

Cookies

Spyware

Web bugs

Spam

Threats to User

7

Theft of Information

Identity Theft

Impersonation by private information

Thief can ‘become’ the victim

Reported incidents rising

Methods of stealing information

Shoulder surfing

Snagging

Dumpster diving

Social engineering

High-tech methods

8

Loss of Privacy

Personal information is stored electronically

Purchases are stored in a database

Data is sold to other companies

Public records on the Internet

Internet use is monitored and logged

None of these techniques are illegal

9

Cookies

Files delivered from a web site

Originally improved a site’s function

Cookies now track history and passwords

Browsers include cookie blocking tools

10

Web Bugs

Small programs embedded in gif images

Gets around cookie blocking tools

Companies use to track usage

Blocked with spyware killers

11

Spyware

Software downloaded to a computer

Designed to record personal information

Typically undesired software

Hides from users

Several programs exist to eliminate

12

Spam

Unsolicited commercial email

Networks and PCs need a spam blocker

Stop spam before reaching the inbox

Spammers acquire addresses using many methods

CAN-SPAM Act passed in 2003

13

Power-related threat

Theft and Vandalism

Natural disaster

Threats to Hardware

14

Power-related threats

Affect the operation or reliability

Power-related threats

Power fluctuations

Power spikes or browns out

Power loss

Countermeasures

Surge suppressors

Line conditioners

Uninterruptible power supplies

Generators

15

Theft and Vandalism

Thieves steal the entire computer

Accidental or intentional damage

Countermeasures

Keep the PC in a secure area

Lock the computer to a desk

Do not eat near the computer

Watch equipment

Chase away loiterers

Handle equipment with care

16

Natural disasters

Disasters differ by location

Typically result in total loss

Disaster planning

Plan for recovery

List potential disasters

Plan for all eventualities

Practice all plans

17

The most serious threat

Data is the reason for computers

Data is very difficult to replace

Protection is difficult

Data is intangible

Malwares or viruses

Cyber crimes

Cyber terrorism

Threats to Data

18

Malwares

Common threat to information

Viruses, worms, trojan horses, rootkits etc.

Ranges from annoying to catastrophic

Countermeasures

Anti-malware software

Popup blockers

Spyware blocker

Do not open unknown email

19

Stealing the computer, damage or stealing the information

Using a computer in an illegal act

Fraud and theft are common acts

Internet fraud

Hacking

Cybercrime

20

Most common cybercrime

Fraudulent website

Have names similar to legitimate sites

Internet fraud

21

Using a computer to enter another network

Cost users $1.6 trillion in 2003

Hackers motivation

Recreational hacking

Financial hackers

Grudge hacking

Hacking methods

Sniffing

Social engineering

Spoofing

Hacking

22

Cyber warfare

Attacks made at a nations information

Targets include power plants or telecommunication

Threat first realized in 1996

Organizations combat cyber terrorism

Cyber terrorism

23

Protective Measures

24

Guard your papers

Shred unneeded papers

Pick up you mail quickly

Check statements immediately

Keep records for 3 years

Avoiding Identity Theft

25

Guard your personal information

Be wary giving out information

Avoid giving account numbers

Never give personal information in e-mail

Ensure online shopping is secure

Avoiding Identity Theft

26

Look at the big picture

Review your credit report yearly

Develop an efficient filing system

Know your liability limits

Avoiding Identity Theft

27

Be wary filling out forms

Guard your primary email address

Have a ‘spam account’ for forms

Know your legal rights

Protecting the Privacy

28

Dealing with cookies

Browsers provide settings to block cookies

No cookies to all cookies allowed

Without cookies some sites crash

Cookies can be deleted

Browsers

Spyware programs

Managing Cookies and Spyware

29

Cookie types

Session cookies

Cookies for the current site

Persistent cookies

Stored on hard drive until deleted

First-party cookies

Installed by the current site

Third-party cookies

Installed by an ad

Managing Cookies and Spyware

30

Deleting cookies

Managing Cookies and Spyware

31

Removing web bugs and spyware

Install a spyware removal program

None are 100% effective, use two

Install a pop-up blocker

Are extremely effective

Managing Cookies and Spyware

32

Evading spam

Contact your ISP

Use mail program’s filters

Use an anti-spam program

Use an online account for purchasing

Managing Cookies and Spyware

33

Viruses and worms

Purchase a good anti-virus product

Keep the product updated

Keep your OS up to date

Protection From Malware

34

Limit physical access

Easiest way to harm or steal data

Build an account for each user

Require a password for access

Software and hardware password

Protecting Your System

35

Use a firewall

Protects from unauthorized remote use

Makes your computer invisible

Protecting Your System

36

Backup often

Backup is a copy of a file

Restore replaces a file on disk

Organizations backup at least daily

Home users should backup weekly

Protecting Your System

37

OS generates messages for events

Provides clues about computer health

Can alert to potential problems

Windows includes the Event Viewer

System Events

38

Event Viewer

39

Store media in the proper container

Floppy disks in a hard case

CD should be in a sleeve

Thumb disks should be closed

Handling Storage Media

40

Avoid magnetism

Magnets erase the contents of disks

Magnets found in

Speakers

Televisions and CRT monitors

Radios

Handling Storage Media

41

Heat and cold

Avoid extreme temperatures

Heat expands media

Cold contracts media

Floppies and CD-ROMs are susceptible

Handling Storage Media

42

Moisture

Do not use wet media

CDs can be wiped off

Floppy disks must dry

Handling Storage Media

43

Dust, dirt, and fingerprints

Dirty or scratched media will fail

Handle media by the edge

Clean CDs with gentle strokes

Handling Storage Media

44

Never store near large electronics

Store in dry, climate controlled rooms

Plan for natural disasters

Stack equipment safely

Storing Computer Equipment

45

Computers should be spotless

Avoid eating or smoking at computer

Clean the dust from inside the system

Change the filters if present

Keeping Your Computer Clean