Please enable JavaScript.
Coggle requires JavaScript to display documents.
Introduction (Security Threats and Computer Crimes (Malicious Software,…
Introduction
Security Threats
and Computer Crimes
Identity Theft
is a form of stealing someones identity.
Sniffing
Passive Security Attack
Listen to a conversation or capturing in which a machine Separate from the intended destination reads data on network
Looking for User names and passwords
Network Traffic
Spoofing
Active Security attack
Pretend to be someone else
Sending fake packets, IP addresses & emails over the network
Phishing
Act of attempt to acquire information by masquerading as a trustworthy entity
Hacking & Cyber Vandalism
Hacking
Refers to illeagle access and abuse of computer resources
Security Vulnerability
An OS or software allows hackers to gain illegal access
Cyber Vandalism
A form of Vandalism cause using a computer, and against electronic information
Internal Employees
Dissatisfied organizations employees who may steal confidential information and damage them
Malicious Software
Computer Viruses
A program that can spread across the computers and networks by making copies of itself without the user knowledge
Script viruses
Macro viruses
Program viruses
Boot sector viruses
Multiparty viruses
Trojan Horse
Program that pretend to be legitimate software but actually carry out hidden, harmful functions
Worms
similar to viruses but do not need a carrier program or document
create exact copies of themselves and use a network to spread
Spyware
includes methods to collect information about the use of the computer on which the software is installed
Malicious Software Definition
Disrupt computer operations
Gather Sensitive information
Gain Access to private computer systems
Adware
Intro
Cost Associated
with Computer Crimes
Damage to Your Corporate reputation and brand
Privacy Violation
Lost sales and reduced competitive advantage
Business Disruption
Direct Financial Loss
Measures to Address Security Concerns
Other Security Measures
Firewalls
Intrusion Detection System (IDS)
Virus Scanners
Other Technique
Security Policy
Clear direction and the commitment from the top level management
The allocation of adequate resources
User awareness of security policies
Establishment of secure environment
Technologies and tools Used for Security and Control
Non-repudiation
Ensure non-repudiation, so parties can't deny their actions
Data Privacy & Integrity
Protect the privacy and integrity of information assets
Authorization
Control access to data and functions (Privileges)
Authentication
Verify that users are who they say they are
Security Audit
Define the scope and documented
Perform by qualified individuals
Conducted sufficiently frequently and thoroughly
Focus on ensuring that controls are effective
Checked by competent staff
Complemented by reviews
Attacks
anything that can compromise the security of data
Passive Attack
Eavesdropping
Hard to detect
Emphasis on prevention
Active Attack
Denial of service
Buffer overflow
Password attacks
Denial of Service Attack
An attempt to make machine or network resources unavailable to its intended users
Temporarily or indefinitely interrupt or suspend services of a host connected to internet
Buffer Overflow attacks
-overwriting a buffer of memory
-need to perform bounds checking