Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
•Download as PPTX, PDF•
0 likes•916 views
Information Security- Threats and Attacks, Types of Threats,Trespassing, Espionage, Software Attacks, Trojan Horse, Worms,Worm Propagation Model, Virus
Report
Share
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
- 1. INFORMATION SECURITY THREATS AND ATTACKS PRESENTED TO: PRESENTED BY: MISS. AKANKSHA DHEERAJ KATARIA
- 2. THREATS Threat: an object, person, or other entity that represents a constant danger to an asset Management must be informed of the different threats facing the organization By examining each threat category, management effectively protects information through policy, education, training, and technology controls
- 3. THREATS The 2004 Computer Security Institute (CSI)/Federal Bureau of Investigation (FBI) survey found: 79 percent of organizations reported cyber security breaches within the last 12 months 54 percent of those organizations reported financial losses totaling over $141 million
- 4. TYPES
- 5. Includes acts performed without malicious intent Causes include: Inexperience Improper training Incorrect assumptions Employees are among the greatest threats to an organization’s data ACTS OF HUMAN ERROR OR FAILURE
- 6. Employee mistakes can easily lead to: Revelation of classified data Entry of erroneous data Accidental data deletion or modification Data storage in unprotected areas Failure to protect information Many of these threats can be prevented with controls
- 8. Access of protected information by unauthorized individuals Competitive intelligence (legal) vs. industrial espionage (illegal) Shoulder surfing occurs anywhere a person accesses confidential information Controls let trespassers know they are encroaching on organization’s cyberspace Hackers uses skill, guile, or fraud to bypass controls protecting others’ information DELIBERATE ACTS OF ESPIONAGE OR TRESPASS
- 10. Illegal taking of another’s physical, electronic, or intellectual property Physical theft is controlled relatively easily Electronic theft is more complex problem; evidence of crime not readily apparent DELIBERATE ACTS OF THEFT
- 11. Malicious software (malware) designed to damage, destroy, or deny service to target systems Includes viruses, worms, Trojan horses, logic bombs, back doors, and denial-of-services attacks DELIBERATE SOFTWARE ATTACKS
- 12. TROJAN HORSE Useful program that contains hidden code that when invoked performs some unwanted or harmful function Can be used to accomplish functions indirectly that an unauthorized user could not accomplish directly User may set file permission so everyone has access
- 14. Use network connections to spread from system to system Electronic mail facility A worm mails a copy of itself to other systems Remote execution capability A worm executes a copy of itself on another system Remote log-in capability A worm logs on to a remote system as a user and then uses commands to copy itself from one system to the other WORMS
- 16. It is a computer program designed to copy itself and attach itself to other files stored on a computer. It moves from computer to computer through by attaching itself to files or boot records of disks. It can be sent through a network or a removable storage device. Example:- Nimda virus (Garbage in subject in e-mail) Sircam Virus & Klez Virus (Some Long Note in e-mail along with executable virus file) VIRUS (VITAL INFORMATION RESOURCE UNDER SIEGE )
- 17. Password crack: attempting to reverse calculate a password Brute force: trying every possible combination of options of a password Dictionary: selects specific accounts to attack and uses commonly used passwords (i.e., the dictionary) to guide guesses ATTACKS
- 18. Man-in-the-middle: attacker monitors network packets, modifies them, and inserts them back into network