Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
System Security
By
Farhan Ahmad
Department of Chemical Engineering,
University of Engineering & Technology Lahore
Threat
Degree of harm
Countermeasures
2
Basic Security Concepts
3
Threat - anything that can cause harm
Not harmful unless it exploits an existing vulnerability
Vulnerability – anything that has not been protected against
threat making it open to harm
Is a weakness
Security - to neutralize threats
Threat
4
Level / Intensity of potential damage
Security Risk – potential that a given threat will exploit
vulnerabilities
Likelihood that something will happen that cause harm
Probability × severity
Include all parts of system
Potential data loss
Loss of privacy
Inability to use hardware
Inability to use software
Degrees of harm
5
Any step that is taken for protection to keep the threat away
The deployment of a set of security measures/services/control
to protect against a security threat
Backup of data
Firewall
Two classes of countermeasures:
Shield from personal harm
Shield from physical harm
Countermeasures
6
Theft of information
Loss of privacy
Cookies
Spyware
Web bugs
Spam
Threats to User
7
Theft of Information
Identity Theft
Impersonation by private information
Thief can ‘become’ the victim
Reported incidents rising
Methods of stealing information
Shoulder surfing
Snagging
Dumpster diving
Social engineering
High-tech methods
8
Loss of Privacy
Personal information is stored electronically
Purchases are stored in a database
Data is sold to other companies
Public records on the Internet
Internet use is monitored and logged
None of these techniques are illegal
9
Cookies
Files delivered from a web site
Originally improved a site’s function
Cookies now track history and passwords
Browsers include cookie blocking tools
10
Web Bugs
Small programs embedded in gif images
Gets around cookie blocking tools
Companies use to track usage
Blocked with spyware killers
11
Spyware
Software downloaded to a computer
Designed to record personal information
Typically undesired software
Hides from users
Several programs exist to eliminate
12
Spam
Unsolicited commercial email
Networks and PCs need a spam blocker
Stop spam before reaching the inbox
Spammers acquire addresses using many methods
CAN-SPAM Act passed in 2003
13
Power-related threat
Theft and Vandalism
Natural disaster
Threats to Hardware
14
Power-related threats
Affect the operation or reliability
Power-related threats
Power fluctuations
Power spikes or browns out
Power loss
Countermeasures
Surge suppressors
Line conditioners
Uninterruptible power supplies
Generators
15
Theft and Vandalism
Thieves steal the entire computer
Accidental or intentional damage
Countermeasures
Keep the PC in a secure area
Lock the computer to a desk
Do not eat near the computer
Watch equipment
Chase away loiterers
Handle equipment with care
16
Natural disasters
Disasters differ by location
Typically result in total loss
Disaster planning
Plan for recovery
List potential disasters
Plan for all eventualities
Practice all plans
17
The most serious threat
Data is the reason for computers
Data is very difficult to replace
Protection is difficult
Data is intangible
Malwares or viruses
Cyber crimes
Cyber terrorism
Threats to Data
18
Malwares
Common threat to information
Viruses, worms, trojan horses, rootkits etc.
Ranges from annoying to catastrophic
Countermeasures
Anti-malware software
Popup blockers
Spyware blocker
Do not open unknown email
19
Stealing the computer, damage or stealing the information
Using a computer in an illegal act
Fraud and theft are common acts
Internet fraud
Hacking
Cybercrime
20
Most common cybercrime
Fraudulent website
Have names similar to legitimate sites
Internet fraud
21
Using a computer to enter another network
Cost users $1.6 trillion in 2003
Hackers motivation
Recreational hacking
Financial hackers
Grudge hacking
Hacking methods
Sniffing
Social engineering
Spoofing
Hacking
22
Cyber warfare
Attacks made at a nations information
Targets include power plants or telecommunication
Threat first realized in 1996
Organizations combat cyber terrorism
Cyber terrorism
23
Protective Measures
24
Guard your papers
Shred unneeded papers
Pick up you mail quickly
Check statements immediately
Keep records for 3 years
Avoiding Identity Theft
25
Guard your personal information
Be wary giving out information
Avoid giving account numbers
Never give personal information in e-mail
Ensure online shopping is secure
Avoiding Identity Theft
26
Look at the big picture
Review your credit report yearly
Develop an efficient filing system
Know your liability limits
Avoiding Identity Theft
27
Be wary filling out forms
Guard your primary email address
Have a ‘spam account’ for forms
Know your legal rights
Protecting the Privacy
28
Dealing with cookies
Browsers provide settings to block cookies
No cookies to all cookies allowed
Without cookies some sites crash
Cookies can be deleted
Browsers
Spyware programs
Managing Cookies and Spyware
29
Cookie types
Session cookies
Cookies for the current site
Persistent cookies
Stored on hard drive until deleted
First-party cookies
Installed by the current site
Third-party cookies
Installed by an ad
Managing Cookies and Spyware
30
Deleting cookies
Managing Cookies and Spyware
31
Removing web bugs and spyware
Install a spyware removal program
None are 100% effective, use two
Install a pop-up blocker
Are extremely effective
Managing Cookies and Spyware
32
Evading spam
Contact your ISP
Use mail program’s filters
Use an anti-spam program
Use an online account for purchasing
Managing Cookies and Spyware
33
Viruses and worms
Purchase a good anti-virus product
Keep the product updated
Keep your OS up to date
Protection From Malware
34
Limit physical access
Easiest way to harm or steal data
Build an account for each user
Require a password for access
Software and hardware password
Protecting Your System
35
Use a firewall
Protects from unauthorized remote use
Makes your computer invisible
Protecting Your System
36
Backup often
Backup is a copy of a file
Restore replaces a file on disk
Organizations backup at least daily
Home users should backup weekly
Protecting Your System
37
OS generates messages for events
Provides clues about computer health
Can alert to potential problems
Windows includes the Event Viewer
System Events
38
Event Viewer
39
Store media in the proper container
Floppy disks in a hard case
CD should be in a sleeve
Thumb disks should be closed
Handling Storage Media
40
Avoid magnetism
Magnets erase the contents of disks
Magnets found in
Speakers
Televisions and CRT monitors
Radios
Handling Storage Media
41
Heat and cold
Avoid extreme temperatures
Heat expands media
Cold contracts media
Floppies and CD-ROMs are susceptible
Handling Storage Media
42
Moisture
Do not use wet media
CDs can be wiped off
Floppy disks must dry
Handling Storage Media
43
Dust, dirt, and fingerprints
Dirty or scratched media will fail
Handle media by the edge
Clean CDs with gentle strokes
Handling Storage Media
44
Never store near large electronics
Store in dry, climate controlled rooms
Plan for natural disasters
Stack equipment safely
Storing Computer Equipment
45
Computers should be spotless
Avoid eating or smoking at computer
Clean the dust from inside the system
Change the filters if present
Keeping Your Computer Clean