Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

IT Security.pdf

M
ManassahIjudigal

This document provides an overview of IT security and internet safety. It discusses key concepts in IT security like the CIA triad of confidentiality, integrity and availability. It also covers common security threats like intrusion, blocking/denial of service attacks, and malware. The document recommends security measures to mitigate these threats, such as strong authentication, firewalls, antivirus software and user training. It concludes with guidelines for staying safe online, including creating strong passwords, avoiding scams, and knowing when to get help from a parent or guardian.

Technology
1 of 39
Download to read offline
We are here.
IT SECURITY & INTERNET SAFETY
Objectives • IT Security • The CIA Triad • IT Security Terminologies • Types of attack • Security Measures/being safe online • Internet safety
Security Security generally refers to the state of being protected from harm, danger, or threats
IT Security Also known as cybersecurity, is a specialized field focused on protecting computer systems, networks, data, and information from unauthorized access, attacks, damage, and disruptions
The CIA Triad Is a foundational model used in information security to guide the design and implementation of security measures. The triad consists of three core principles that represent the goals and objectives of information security:
The Core CIA Triad 1. Confidentiality: Ensures that information is accessible only to authorized individuals or entities. Confidentiality aims to prevent unauthorized access, disclosure, or exposure of sensitive information. 2. Integrity: Integrity refers to the accuracy, consistency, and reliability of data and information. It involves protecting data from unauthorized modification, alteration, or tampering. Maintaining data integrity ensures that information remains accurate and trustworthy. 3. Availability: Availability concerns the accessibility and usability of data and services when needed. It involves preventing disruptions, downtime, or denial of access to authorized users.
CIA Triad Extended… Authenticity 4.Ensuring that information comes from a reliable and trustworthy source, and that its origin can be verified. Digital signatures and public key infrastructure (PKI) help establish authenticity. Non-Repudiation 5. This principle prevents individuals from denying their involvement in a transaction or action. It ensures that both sender and receiver cannot deny their participation in a communication or transaction. Accountability 6. Holding individuals or entities responsible for their actions within an information system. Logging, auditing, and access controls contribute to establishing accountability. Privacy 7.Safeguarding individuals' personal information and ensuring compliance with privacy laws and regulations.
IT Security Terminologies • Exploit • Risk • Vulnerability • Firewall • Threat • Attack
Risk: refers to the potential for harm, damage, loss, or negative impact that could result from the exploitation of vulnerabilities by threats. In simpler terms, it's the possibility of something going wrong in the digital realm that could lead to adverse consequences. Exploit: refers to a piece of code, software, or technique that takes advantage of a vulnerability or weakness in a computer system, software application, or network to compromise its security. Vulnerability: refers to a weakness, flaw, or gap in the security measures of a system, software application, network, or process that could potentially be exploited by threats to compromise the system's confidentiality, integrity, or availability. Vulnerabilities can arise from various factors, including software bugs, design flaws, misconfigurations, or even human errors during development or maintenance.
Firewall A firewall is a network security device or software application that acts as a barrier between a trusted internal network and untrusted external networks, such as the internet. Its primary function is to monitor and control incoming and outgoing network traffic based on predetermined security rules.
Attack: refers to a deliberate, unauthorized, and malicious attempt to exploit vulnerabilities in a system, network, application, or process with the intention of compromising security, stealing data, causing damage, or disrupting normal operations. Attacks are carried out by individuals or groups known as threat actors, attackers, or hackers. Types of Attack: • Intrusion • Blocking • Malware Threat: refers to any potential danger, risk, or negative event that could exploit vulnerabilities in a system, network, application, or process to cause harm or compromise the security of digital assets. Threats encompass a wide range of malicious activities and events that pose risks to the confidentiality, integrity, and availability of data and systems.
Intrusion Also known as hacking, is gaining unauthorize access to or penetrating into a computer system, network, or application by an individual, group, or software with malicious intent. An intrusion involves bypassing security. Social Engineering Intrusion: Attackers manipulate human behavior to deceive individuals into revealing sensitive information or performing actions that compromise security.
Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data.
Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data. Password Guessing and Cracking: Attackers attempt to guess or crack passwords to gain unauthorized access to systems or accounts.
Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data. Password Guessing and Cracking: Attackers attempt to guess or crack passwords to gain unauthorized access to systems or accounts. shoulder surfing: is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder.
Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data. Password Guessing and Cracking: Attackers attempt to guess or crack passwords to gain unauthorized access to systems or accounts. shoulder surfing: is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder. Phishing Intrusion: Attackers trick individuals into revealing sensitive information or clicking on malicious links through fraudulent emails or messages.
Zero-Day Exploit Intrusion Man-in-the- Middle (MitM) Attacks Brute Force Attacks Attackers exploit vulnerabilities that are unknown to the vendor and unpatched. Attackers intercept and potentially alter communication between two parties, often without either party realizing their communication is compromised. Attackers attempt to gain unauthorized access by systematically trying all possible combinations of passwords until they find the correct one..
Blocking Attacks that are meant to prevent authorized access to information or resources are generally referred to as "Denial of Service" (DoS) attacks. These attacks are designed to disrupt the availability of systems, networks, or services, making them inaccessible to legitimate users.
Traditional DoS Attack: In a traditional DoS attack, the attacker overwhelms a target system or network with an excessive amount of traffic. This flood of traffic consumes the target's resources, such as bandwidth, processing power, or memory, causing the system to become slow or unresponsive. Distributed DoS (DDoS) Attack: In a DDoS attack, the attacker uses a network of compromised computers (botnet) to flood the target with traffic. This distributed approach makes DDoS attacks even more powerful and difficult to mitigate. Flood Attacks: Attackers send a large number of requests or packets to a target, saturating its capacity and causing it to become unresponsive. Forms of Blocking attacks
short for "malicious software," refers to any type of software or code specifically designed to harm, exploit, or compromise computer systems, networks, or devices. Malware is typically created with malicious intent and can take various forms, including viruses, worms, Trojans, spyware, adware, ransomware, and more. Its primary goal is to gain unauthorized access to or control over a system, steal sensitive information, disrupt normal operations, or extort users for financial gain. Malware
Viruses: These are programs that infect legitimate files and spread when those files are executed. They can attach themselves to other software and replicate when that software is run. Worms: Worms are self-replicating malware that can spread independently without attaching themselves to other files. They often exploit security vulnerabilities in networks to propagate quickly. Trojans: Trojans disguise themselves as legitimate software but contain malicious code. They often trick users into running them by appearing as useful or harmless applications. Spyware: This type of malware is designed to secretly collect information about a user's online activities, such as browsing habits, passwords, and personal information. Adware: Adware displays unwanted advertisements to users. While not always inherently harmful, it can be considered malware when it disrupts the user experience or collects data without consent.
Ransomware: Ransomware encrypts a victim's files or locks them out of their own system until a ransom is paid to the attacker. It has become a significant threat in recent years. Keyloggers: Keyloggers record the keystrokes of a user, allowing attackers to capture sensitive information like passwords and credit card details. Botnets: A botnet is a network of infected computers, known as "bots," that are controlled by a central command server. Botnets are often used for distributed denial-of-service (DDoS) attacks or spam distribution. Rootkits: Rootkits are designed to hide their presence and activities on a system, often granting unauthorized access to attackers while remaining undetected by regular security measures. Malvertising: This involves spreading malware through online advertisements. Attackers might inject malicious code into legitimate ads, causing them to deliver malware to users' devices.
Preventive Measures
Against Intrusion 1. Strong Authentication: Implement multi-factor authentication (MFA) to add an extra layer of security to user accounts, making it harder for unauthorized users to gain access. 2. Firewalls: Set up firewalls to monitor and control incoming and outgoing network traffic. Network firewalls can block unauthorized access attempts. 3. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): Use IDS and IPS to monitor network traffic for suspicious patterns or behavior and take action to prevent unauthorized access. 4. Regular Security Audits: Conduct regular security audits to identify vulnerabilities and weaknesses in systems and applications. 5. Patching and Updates: Keep all software, operating systems, and applications up to date with the latest security patches to minimize known vulnerabilities. 6. Employee Training: Train employees on cybersecurity best practices, such as identifying phishing emails and avoiding clicking on suspicious links.
1. Strong passwords are based on a descriptive phrase or sentence that's easy for you to remember and hard for someone else to guess—like the first letters in words that make up a favorite title or song, the first letters of words in a sentence about something you did—and include a combination of letters, numbers, and symbols. For example, “I went to Western Elementary School for grade 3” could be used to build a password like: Iw2We$t4g3. 1. Moderate passwords are passwords that are strong and not easy for malicious software to guess, but could be guessed by someone who knows you (for example, IwenttoWestern). 2. Weak passwords commonly use personal information like a pet’s name, are easy to crack, and can be guessed by someone who knows you (for example, “IloveBuddy” or “Ilikechocolate”). Guidelines for creating strong passwords
Dos • Use a different password for each of your important accounts. • Use at least eight characters. The longer the better (as long as you can remember it!). • Use combinations of letters (uppercase and lowercase), numbers, and symbols. • Make your passwords memorable so you don’t need to write them down, which would be risky. • Immediately change your password if you think someone else knows it (besides a parent or guardian). • Change your passwords every now and then. • Always use strong screenlocks on your devices. Set your devices to automatically lock in case they end up in the wrong hands. • Consider using a password manager, such as one built into your browser, to remember your passwords. This way you can use a unique password for each of your accounts and not have to remember them all Don’ts • Donʼt use personal information (name, address, email, phone number, Social Security number, motherʼs maiden name, birth dates or even a pet’s name, etc.) in your password. • Donʼt use a password thatʼs easy to guess, like your nickname, chocolate, just the name of your school, favorite sports team, a string of numbers (like 123456), etc. And definitely don’t use the word ‘password”! • Donʼt share your password with anyone other than your parent or guardian. • Never write passwords down where someone can find them. Guidelines for creating strong passwords
Against Blocking 1. Traffic Filtering: Use traffic filtering mechanisms to identify and block malicious traffic that could be part of a denial of service attack. 2. Rate Limiting: Implement rate limiting to restrict the number of requests coming from a single IP address, preventing a single source from overwhelming the system. 3. Content Delivery Networks (CDNs): Employ CDNs to distribute web traffic across multiple servers, reducing the impact of a single point of failure in a denial of service attack. 4. DDoS Mitigation Services: Subscribe to DDoS mitigation services that can detect and absorb or redirect malicious traffic during an attack. 5. Load Balancing: Use load balancers to evenly distribute incoming traffic across multiple servers, preventing overload on any one server.
Against Malware 1. Antivirus and Antimalware Software: Install reputable antivirus and antimalware software to detect and remove malicious software from your systems. 2. Regular Scans: Schedule regular scans of systems and devices to identify and remove any malware that might be present. 3. Email Filtering: Use email filtering to block or quarantine emails containing known malware attachments or links. 4. Software Whitelisting: Implement software whitelisting to only allow approved applications to run on systems, preventing the execution of unauthorized or malicious software. 5. User Permissions: Assign appropriate user permissions to restrict the execution of files and applications to authorized users only. 6. Backup and Recovery: Regularly back up critical data and systems, so in case of a malware infection, you can restore your systems to a clean state.
INTERNET SAFETY
Google’s Be Internet Awesome
Share with Care Protecting yourself, your information and your privacy online • When not to share • Keeping it private • That’s not what I meant! • Frame it • Who is this person anyway? • How do others see us online?
Don’t Fall for Fake • Popups, catfishing and other scams • Who’s this ‘talking’ to me? • Is that really true? • Spotting untrustworthy information • If we were a search engine • Practicing Internet search
Secure Your Secrets • But that wasn’t me! • How to build a great password • Keep it to yourself Lesson
It’s Cool to Be Kind • Noticing feelings Lesson • Practicing empathy Lesson • Your kindness gram Lesson • Ways to show kindness Lesson • From negative to nice Lesson • About your tone Lesson • How words can change the whole picture
When in Doubt, Talk It Out • What does it mean to be brave? • From bystanders to helpers • Helpers have options! • Seeing upsetting stuff: What do I do? • Upsetting stuff online: What do I do? • What to do about mean stuff on screens • Handling mean behavior online • When to get help • Report it online, too
Thank you for your attention! For more information, visit www.zoa-international.com
IT Security.pdf
We are here for our neighbours in need, who are suffering in this broken world. We are here for victims of conflict and disasters, who are seeking comfort, shelter and food. We are here for those who have lost everything, and are in danger of losing heart. We help people meet their immediate needs, providing food, clothing and access to clean water. We give communities a voice, restoring dignity and promoting choice. We remain faithful communities as they recover, helping them to get back on their feet. We are here. We are ZOA. www.zoa-international.com

Recommended

Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
TanushreeChakraborty27
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
Nitesh Dubey
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
nazar60
 
Computer security
Computer securityComputer security
Computer security
sruthiKrishnaG
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdf
srtwgwfwwgw
 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security Concepts
Sitamarhi Institute of Technology
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdf
Sitamarhi Institute of Technology
 

Recommended

Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
TanushreeChakraborty27
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
Nitesh Dubey
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
nazar60
 
Computer security
Computer securityComputer security
Computer security
sruthiKrishnaG
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdf
srtwgwfwwgw
 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security Concepts
Sitamarhi Institute of Technology
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdf
Sitamarhi Institute of Technology
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
RAVIKUMAR Digital Signal Processing
 
COMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptxCOMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptx
Arti Parab Academics
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management Technology
Mohammad Febri
 
cyber security
cyber security cyber security
cyber security
NiharikaVoleti
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
12 Game-Changing Hacking Types in 2024 | CyberPro Magazine
12 Game-Changing Hacking Types in 2024 | CyberPro Magazine12 Game-Changing Hacking Types in 2024 | CyberPro Magazine
12 Game-Changing Hacking Types in 2024 | CyberPro Magazine
cyberprosocial
 
Cybersecurity from A to Z
Cybersecurity from A to ZCybersecurity from A to Z
Cybersecurity from A to Z
Telefónica Business Solutions
 
Cyber security
Cyber security Cyber security
Cyber security
ankit yadav
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
Kudzai Rerayi
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
chakrekevin
 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptx
himanshuratnama
 
ABP 23.pptx
ABP 23.pptxABP 23.pptx
ABP 23.pptx
SidakSingh43
 
Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdf
AnupmaMunshi
 
Website security
Website securityWebsite security
Website security
RIPPER95
 
Computer security and
Computer security andComputer security and
Computer security and
Rana Usman Sattar
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and risk
Dr. Lasantha Ranwala
 
Cyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .pptCyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .ppt
waleejhaider1
 
Network srcurity
Network srcurityNetwork srcurity
Network srcurity
sheikhparvez4
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
AliyuMuhammadButu
 
The Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive ComputingThe Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive Computing
Larry Smarr
 
Running a Go App in Kubernetes: CPU Impacts
Running a Go App in Kubernetes: CPU ImpactsRunning a Go App in Kubernetes: CPU Impacts
Running a Go App in Kubernetes: CPU Impacts
ScyllaDB
 

More Related Content

Similar to IT Security.pdf

Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
RAVIKUMAR Digital Signal Processing
 
COMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptxCOMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptx
Arti Parab Academics
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management Technology
Mohammad Febri
 
cyber security
cyber security cyber security
cyber security
NiharikaVoleti
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
FellowBuddy.com
 
12 Game-Changing Hacking Types in 2024 | CyberPro Magazine
12 Game-Changing Hacking Types in 2024 | CyberPro Magazine12 Game-Changing Hacking Types in 2024 | CyberPro Magazine
12 Game-Changing Hacking Types in 2024 | CyberPro Magazine
cyberprosocial
 
Cybersecurity from A to Z
Cybersecurity from A to ZCybersecurity from A to Z
Cybersecurity from A to Z
Telefónica Business Solutions
 
Cyber security
Cyber security Cyber security
Cyber security
ankit yadav
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
Kudzai Rerayi
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
chakrekevin
 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptx
himanshuratnama
 
ABP 23.pptx
ABP 23.pptxABP 23.pptx
ABP 23.pptx
SidakSingh43
 
Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdf
AnupmaMunshi
 
Website security
Website securityWebsite security
Website security
RIPPER95
 
Computer security and
Computer security andComputer security and
Computer security and
Rana Usman Sattar
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
newbie2019
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and risk
Dr. Lasantha Ranwala
 
Cyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .pptCyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .ppt
waleejhaider1
 
Network srcurity
Network srcurityNetwork srcurity
Network srcurity
sheikhparvez4
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
AliyuMuhammadButu
 

Similar to IT Security.pdf (20)

Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
 
COMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptxCOMPUTER APPLICATIONS Module 4.pptx
COMPUTER APPLICATIONS Module 4.pptx
 
Cybersecurity and Risk Management Technology
Cybersecurity and Risk Management TechnologyCybersecurity and Risk Management Technology
Cybersecurity and Risk Management Technology
 
cyber security
cyber security cyber security
cyber security
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
12 Game-Changing Hacking Types in 2024 | CyberPro Magazine
12 Game-Changing Hacking Types in 2024 | CyberPro Magazine12 Game-Changing Hacking Types in 2024 | CyberPro Magazine
12 Game-Changing Hacking Types in 2024 | CyberPro Magazine
 
Cybersecurity from A to Z
Cybersecurity from A to ZCybersecurity from A to Z
Cybersecurity from A to Z
 
Cyber security
Cyber security Cyber security
Cyber security
 
Network security presentation
Network security presentationNetwork security presentation
Network security presentation
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptx
 
ABP 23.pptx
ABP 23.pptxABP 23.pptx
ABP 23.pptx
 
Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdf
 
Website security
Website securityWebsite security
Website security
 
Computer security and
Computer security andComputer security and
Computer security and
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Health information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and riskHealth information security 3 vulnerability threat and risk
Health information security 3 vulnerability threat and risk
 
Cyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .pptCyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .ppt
 
Network srcurity
Network srcurityNetwork srcurity
Network srcurity
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 

Recently uploaded

The Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive ComputingThe Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive Computing
Larry Smarr
 
Running a Go App in Kubernetes: CPU Impacts
Running a Go App in Kubernetes: CPU ImpactsRunning a Go App in Kubernetes: CPU Impacts
Running a Go App in Kubernetes: CPU Impacts
ScyllaDB
 
K2G - Insurtech Innovation EMEA Award 2024
K2G - Insurtech Innovation EMEA Award 2024K2G - Insurtech Innovation EMEA Award 2024
K2G - Insurtech Innovation EMEA Award 2024
The Digital Insurer
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
ArgaBisma
 
Data Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber SecurityData Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber Security
anupriti
 
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
Edge AI and Vision Alliance
 
What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)
Margaret Fero
 
What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024
Stephanie Beckett
 
Blockchain and Cyber Defense Strategies in new genre times
Blockchain and Cyber Defense Strategies in new genre timesBlockchain and Cyber Defense Strategies in new genre times
Blockchain and Cyber Defense Strategies in new genre times
anupriti
 
Interaction Latency: Square's User-Centric Mobile Performance Metric
Interaction Latency: Square's User-Centric Mobile Performance MetricInteraction Latency: Square's User-Centric Mobile Performance Metric
Interaction Latency: Square's User-Centric Mobile Performance Metric
ScyllaDB
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
BookNet Canada
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
Eric D. Schabell
 
The Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU CampusesThe Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU Campuses
Larry Smarr
 
Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024
BookNet Canada
 
HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)
Alpen-Adria-Universität
 
How to Avoid Learning the Linux-Kernel Memory Model
How to Avoid Learning the Linux-Kernel Memory ModelHow to Avoid Learning the Linux-Kernel Memory Model
How to Avoid Learning the Linux-Kernel Memory Model
ScyllaDB
 
Hire a private investigator to get cell phone records
Hire a private investigator to get cell phone recordsHire a private investigator to get cell phone records
Hire a private investigator to get cell phone records
HackersList
 
this resume for sadika shaikh bca student
this resume for sadika shaikh bca studentthis resume for sadika shaikh bca student
this resume for sadika shaikh bca student
SadikaShaikh7
 
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Chris Swan
 
Lessons Of Binary Analysis - Christien Rioux
Lessons Of Binary Analysis - Christien RiouxLessons Of Binary Analysis - Christien Rioux
Lessons Of Binary Analysis - Christien Rioux
crioux1
 

Recently uploaded (20)

The Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive ComputingThe Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive Computing
 
Running a Go App in Kubernetes: CPU Impacts
Running a Go App in Kubernetes: CPU ImpactsRunning a Go App in Kubernetes: CPU Impacts
Running a Go App in Kubernetes: CPU Impacts
 
K2G - Insurtech Innovation EMEA Award 2024
K2G - Insurtech Innovation EMEA Award 2024K2G - Insurtech Innovation EMEA Award 2024
K2G - Insurtech Innovation EMEA Award 2024
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
 
Data Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber SecurityData Protection in a Connected World: Sovereignty and Cyber Security
Data Protection in a Connected World: Sovereignty and Cyber Security
 
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
“Intel’s Approach to Operationalizing AI in the Manufacturing Sector,” a Pres...
 
What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)What Not to Document and Why_ (North Bay Python 2024)
What Not to Document and Why_ (North Bay Python 2024)
 
What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024What’s New in Teams Calling, Meetings and Devices May 2024
What’s New in Teams Calling, Meetings and Devices May 2024
 
Blockchain and Cyber Defense Strategies in new genre times
Blockchain and Cyber Defense Strategies in new genre timesBlockchain and Cyber Defense Strategies in new genre times
Blockchain and Cyber Defense Strategies in new genre times
 
Interaction Latency: Square's User-Centric Mobile Performance Metric
Interaction Latency: Square's User-Centric Mobile Performance MetricInteraction Latency: Square's User-Centric Mobile Performance Metric
Interaction Latency: Square's User-Centric Mobile Performance Metric
 
Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...Transcript: Details of description part II: Describing images in practice - T...
Transcript: Details of description part II: Describing images in practice - T...
 
Observability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetryObservability For You and Me with OpenTelemetry
Observability For You and Me with OpenTelemetry
 
The Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU CampusesThe Increasing Use of the National Research Platform by the CSU Campuses
The Increasing Use of the National Research Platform by the CSU Campuses
 
Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024Details of description part II: Describing images in practice - Tech Forum 2024
Details of description part II: Describing images in practice - Tech Forum 2024
 
HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)HTTP Adaptive Streaming – Quo Vadis (2024)
HTTP Adaptive Streaming – Quo Vadis (2024)
 
How to Avoid Learning the Linux-Kernel Memory Model
How to Avoid Learning the Linux-Kernel Memory ModelHow to Avoid Learning the Linux-Kernel Memory Model
How to Avoid Learning the Linux-Kernel Memory Model
 
Hire a private investigator to get cell phone records
Hire a private investigator to get cell phone recordsHire a private investigator to get cell phone records
Hire a private investigator to get cell phone records
 
this resume for sadika shaikh bca student
this resume for sadika shaikh bca studentthis resume for sadika shaikh bca student
this resume for sadika shaikh bca student
 
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
 
Lessons Of Binary Analysis - Christien Rioux
Lessons Of Binary Analysis - Christien RiouxLessons Of Binary Analysis - Christien Rioux
Lessons Of Binary Analysis - Christien Rioux
 

IT Security.pdf

  • 3. Objectives • IT Security • The CIA Triad • IT Security Terminologies • Types of attack • Security Measures/being safe online • Internet safety
  • 4. Security Security generally refers to the state of being protected from harm, danger, or threats
  • 5. IT Security Also known as cybersecurity, is a specialized field focused on protecting computer systems, networks, data, and information from unauthorized access, attacks, damage, and disruptions
  • 6. The CIA Triad Is a foundational model used in information security to guide the design and implementation of security measures. The triad consists of three core principles that represent the goals and objectives of information security:
  • 7. The Core CIA Triad 1. Confidentiality: Ensures that information is accessible only to authorized individuals or entities. Confidentiality aims to prevent unauthorized access, disclosure, or exposure of sensitive information. 2. Integrity: Integrity refers to the accuracy, consistency, and reliability of data and information. It involves protecting data from unauthorized modification, alteration, or tampering. Maintaining data integrity ensures that information remains accurate and trustworthy. 3. Availability: Availability concerns the accessibility and usability of data and services when needed. It involves preventing disruptions, downtime, or denial of access to authorized users.
  • 8. CIA Triad Extended… Authenticity 4.Ensuring that information comes from a reliable and trustworthy source, and that its origin can be verified. Digital signatures and public key infrastructure (PKI) help establish authenticity. Non-Repudiation 5. This principle prevents individuals from denying their involvement in a transaction or action. It ensures that both sender and receiver cannot deny their participation in a communication or transaction. Accountability 6. Holding individuals or entities responsible for their actions within an information system. Logging, auditing, and access controls contribute to establishing accountability. Privacy 7.Safeguarding individuals' personal information and ensuring compliance with privacy laws and regulations.
  • 9. IT Security Terminologies • Exploit • Risk • Vulnerability • Firewall • Threat • Attack
  • 10. Risk: refers to the potential for harm, damage, loss, or negative impact that could result from the exploitation of vulnerabilities by threats. In simpler terms, it's the possibility of something going wrong in the digital realm that could lead to adverse consequences. Exploit: refers to a piece of code, software, or technique that takes advantage of a vulnerability or weakness in a computer system, software application, or network to compromise its security. Vulnerability: refers to a weakness, flaw, or gap in the security measures of a system, software application, network, or process that could potentially be exploited by threats to compromise the system's confidentiality, integrity, or availability. Vulnerabilities can arise from various factors, including software bugs, design flaws, misconfigurations, or even human errors during development or maintenance.
  • 11. Firewall A firewall is a network security device or software application that acts as a barrier between a trusted internal network and untrusted external networks, such as the internet. Its primary function is to monitor and control incoming and outgoing network traffic based on predetermined security rules.
  • 12. Attack: refers to a deliberate, unauthorized, and malicious attempt to exploit vulnerabilities in a system, network, application, or process with the intention of compromising security, stealing data, causing damage, or disrupting normal operations. Attacks are carried out by individuals or groups known as threat actors, attackers, or hackers. Types of Attack: • Intrusion • Blocking • Malware Threat: refers to any potential danger, risk, or negative event that could exploit vulnerabilities in a system, network, application, or process to cause harm or compromise the security of digital assets. Threats encompass a wide range of malicious activities and events that pose risks to the confidentiality, integrity, and availability of data and systems.
  • 13. Intrusion Also known as hacking, is gaining unauthorize access to or penetrating into a computer system, network, or application by an individual, group, or software with malicious intent. An intrusion involves bypassing security. Social Engineering Intrusion: Attackers manipulate human behavior to deceive individuals into revealing sensitive information or performing actions that compromise security.
  • 14. Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data.
  • 15. Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data. Password Guessing and Cracking: Attackers attempt to guess or crack passwords to gain unauthorized access to systems or accounts.
  • 16. Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data. Password Guessing and Cracking: Attackers attempt to guess or crack passwords to gain unauthorized access to systems or accounts. shoulder surfing: is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder.
  • 17. Insider Intrusion: Authorized individuals within an organization misuse their privileges to gain unauthorized access or compromise data. Password Guessing and Cracking: Attackers attempt to guess or crack passwords to gain unauthorized access to systems or accounts. shoulder surfing: is a type of social engineering technique used to obtain information such as personal identification numbers (PINs), passwords and other confidential data by looking over the victim's shoulder. Phishing Intrusion: Attackers trick individuals into revealing sensitive information or clicking on malicious links through fraudulent emails or messages.
  • 18. Zero-Day Exploit Intrusion Man-in-the- Middle (MitM) Attacks Brute Force Attacks Attackers exploit vulnerabilities that are unknown to the vendor and unpatched. Attackers intercept and potentially alter communication between two parties, often without either party realizing their communication is compromised. Attackers attempt to gain unauthorized access by systematically trying all possible combinations of passwords until they find the correct one..
  • 19. Blocking Attacks that are meant to prevent authorized access to information or resources are generally referred to as "Denial of Service" (DoS) attacks. These attacks are designed to disrupt the availability of systems, networks, or services, making them inaccessible to legitimate users.
  • 20. Traditional DoS Attack: In a traditional DoS attack, the attacker overwhelms a target system or network with an excessive amount of traffic. This flood of traffic consumes the target's resources, such as bandwidth, processing power, or memory, causing the system to become slow or unresponsive. Distributed DoS (DDoS) Attack: In a DDoS attack, the attacker uses a network of compromised computers (botnet) to flood the target with traffic. This distributed approach makes DDoS attacks even more powerful and difficult to mitigate. Flood Attacks: Attackers send a large number of requests or packets to a target, saturating its capacity and causing it to become unresponsive. Forms of Blocking attacks
  • 21. short for "malicious software," refers to any type of software or code specifically designed to harm, exploit, or compromise computer systems, networks, or devices. Malware is typically created with malicious intent and can take various forms, including viruses, worms, Trojans, spyware, adware, ransomware, and more. Its primary goal is to gain unauthorized access to or control over a system, steal sensitive information, disrupt normal operations, or extort users for financial gain. Malware
  • 22. Viruses: These are programs that infect legitimate files and spread when those files are executed. They can attach themselves to other software and replicate when that software is run. Worms: Worms are self-replicating malware that can spread independently without attaching themselves to other files. They often exploit security vulnerabilities in networks to propagate quickly. Trojans: Trojans disguise themselves as legitimate software but contain malicious code. They often trick users into running them by appearing as useful or harmless applications. Spyware: This type of malware is designed to secretly collect information about a user's online activities, such as browsing habits, passwords, and personal information. Adware: Adware displays unwanted advertisements to users. While not always inherently harmful, it can be considered malware when it disrupts the user experience or collects data without consent.
  • 23. Ransomware: Ransomware encrypts a victim's files or locks them out of their own system until a ransom is paid to the attacker. It has become a significant threat in recent years. Keyloggers: Keyloggers record the keystrokes of a user, allowing attackers to capture sensitive information like passwords and credit card details. Botnets: A botnet is a network of infected computers, known as "bots," that are controlled by a central command server. Botnets are often used for distributed denial-of-service (DDoS) attacks or spam distribution. Rootkits: Rootkits are designed to hide their presence and activities on a system, often granting unauthorized access to attackers while remaining undetected by regular security measures. Malvertising: This involves spreading malware through online advertisements. Attackers might inject malicious code into legitimate ads, causing them to deliver malware to users' devices.
  • 25. Against Intrusion 1. Strong Authentication: Implement multi-factor authentication (MFA) to add an extra layer of security to user accounts, making it harder for unauthorized users to gain access. 2. Firewalls: Set up firewalls to monitor and control incoming and outgoing network traffic. Network firewalls can block unauthorized access attempts. 3. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS): Use IDS and IPS to monitor network traffic for suspicious patterns or behavior and take action to prevent unauthorized access. 4. Regular Security Audits: Conduct regular security audits to identify vulnerabilities and weaknesses in systems and applications. 5. Patching and Updates: Keep all software, operating systems, and applications up to date with the latest security patches to minimize known vulnerabilities. 6. Employee Training: Train employees on cybersecurity best practices, such as identifying phishing emails and avoiding clicking on suspicious links.
  • 26. 1. Strong passwords are based on a descriptive phrase or sentence that's easy for you to remember and hard for someone else to guess—like the first letters in words that make up a favorite title or song, the first letters of words in a sentence about something you did—and include a combination of letters, numbers, and symbols. For example, “I went to Western Elementary School for grade 3” could be used to build a password like: Iw2We$t4g3. 1. Moderate passwords are passwords that are strong and not easy for malicious software to guess, but could be guessed by someone who knows you (for example, IwenttoWestern). 2. Weak passwords commonly use personal information like a pet’s name, are easy to crack, and can be guessed by someone who knows you (for example, “IloveBuddy” or “Ilikechocolate”). Guidelines for creating strong passwords
  • 27. Dos • Use a different password for each of your important accounts. • Use at least eight characters. The longer the better (as long as you can remember it!). • Use combinations of letters (uppercase and lowercase), numbers, and symbols. • Make your passwords memorable so you don’t need to write them down, which would be risky. • Immediately change your password if you think someone else knows it (besides a parent or guardian). • Change your passwords every now and then. • Always use strong screenlocks on your devices. Set your devices to automatically lock in case they end up in the wrong hands. • Consider using a password manager, such as one built into your browser, to remember your passwords. This way you can use a unique password for each of your accounts and not have to remember them all Don’ts • Donʼt use personal information (name, address, email, phone number, Social Security number, motherʼs maiden name, birth dates or even a pet’s name, etc.) in your password. • Donʼt use a password thatʼs easy to guess, like your nickname, chocolate, just the name of your school, favorite sports team, a string of numbers (like 123456), etc. And definitely don’t use the word ‘password”! • Donʼt share your password with anyone other than your parent or guardian. • Never write passwords down where someone can find them. Guidelines for creating strong passwords
  • 28. Against Blocking 1. Traffic Filtering: Use traffic filtering mechanisms to identify and block malicious traffic that could be part of a denial of service attack. 2. Rate Limiting: Implement rate limiting to restrict the number of requests coming from a single IP address, preventing a single source from overwhelming the system. 3. Content Delivery Networks (CDNs): Employ CDNs to distribute web traffic across multiple servers, reducing the impact of a single point of failure in a denial of service attack. 4. DDoS Mitigation Services: Subscribe to DDoS mitigation services that can detect and absorb or redirect malicious traffic during an attack. 5. Load Balancing: Use load balancers to evenly distribute incoming traffic across multiple servers, preventing overload on any one server.
  • 29. Against Malware 1. Antivirus and Antimalware Software: Install reputable antivirus and antimalware software to detect and remove malicious software from your systems. 2. Regular Scans: Schedule regular scans of systems and devices to identify and remove any malware that might be present. 3. Email Filtering: Use email filtering to block or quarantine emails containing known malware attachments or links. 4. Software Whitelisting: Implement software whitelisting to only allow approved applications to run on systems, preventing the execution of unauthorized or malicious software. 5. User Permissions: Assign appropriate user permissions to restrict the execution of files and applications to authorized users only. 6. Backup and Recovery: Regularly back up critical data and systems, so in case of a malware infection, you can restore your systems to a clean state.
  • 32. Share with Care Protecting yourself, your information and your privacy online • When not to share • Keeping it private • That’s not what I meant! • Frame it • Who is this person anyway? • How do others see us online?
  • 33. Don’t Fall for Fake • Popups, catfishing and other scams • Who’s this ‘talking’ to me? • Is that really true? • Spotting untrustworthy information • If we were a search engine • Practicing Internet search
  • 34. Secure Your Secrets • But that wasn’t me! • How to build a great password • Keep it to yourself Lesson
  • 35. It’s Cool to Be Kind • Noticing feelings Lesson • Practicing empathy Lesson • Your kindness gram Lesson • Ways to show kindness Lesson • From negative to nice Lesson • About your tone Lesson • How words can change the whole picture
  • 36. When in Doubt, Talk It Out • What does it mean to be brave? • From bystanders to helpers • Helpers have options! • Seeing upsetting stuff: What do I do? • Upsetting stuff online: What do I do? • What to do about mean stuff on screens • Handling mean behavior online • When to get help • Report it online, too
  • 37. Thank you for your attention! For more information, visit www.zoa-international.com
  • 39. We are here for our neighbours in need, who are suffering in this broken world. We are here for victims of conflict and disasters, who are seeking comfort, shelter and food. We are here for those who have lost everything, and are in danger of losing heart. We help people meet their immediate needs, providing food, clothing and access to clean water. We give communities a voice, restoring dignity and promoting choice. We remain faithful communities as they recover, helping them to get back on their feet. We are here. We are ZOA. www.zoa-international.com