Network and Internet Security Lecture

Introduction to Information and Communication Technology Lecture 5: Network and Internet Security Discussion: Information security/ cyber attacks  What protection measures you follow while you are dealing with internet. Computer security  Computer security basically is the protection of computer systems and information from harm, theft, and unauthorized use. It is the process of preventing and detecting unauthorized use of computer system.  Computer security can be defined as  controls that are put in place to provide confidentiality, integrity, and availability for all components of computer systems. The CIA Triad Computer security is mainly concerned with three main areas: Confidentiality  is ensuring that information is available only to the intended audience Integrity  is protecting information from being modified by unauthorized parties Availability  is protecting information from being unavailable by unauthorized parties.  Use able to access resources and data in reliable and timely manner  Network Security: Security concerns related Why Be to computer networks and the Internet abound Concerned  Computer crime (cybercrime): Any illegal act involving a computer, including: about  Theft of financial assets Network   Manipulating data for personal advantage Act of sabotage (releasing a computer virus, and Internet  shutting down a Web server) All computer users should be aware of Security? security concerns and the precautions that can be taken 5 Unauthorized Access and Unauthorized Use  Unauthorized access: Gaining access to a computer, network, file, or other resource without permission  Unauthorized use: Using a computer resource for unapproved activities  Both can be committed by insiders and outsiders Codes of conduct: Used to specify rules for behavior, typically by a business or school https://www.rit.edu/academicaffairs/ policiesmanual/c082-code-conduct-computer-use 6 Unauthorized Access and Unauthorized 7 Use  Hacking: Using a computer to break into another computer system  A serious threat for individuals, businesses, and the country (national security)  Often performed via wireless networks today  Many wireless networks are left unsecured  Access control systems: Used to control access to:  Facilities Protecting   Computer networks Databases Against  Web site accounts Unauthorized  Can be:  Authentication: Determine if the person is who Access and he or she claims to be Use  verifies the identity of a user or service  Authorization systems: Verify that the person trying to access the facility or system is an authorized user  determines their access rights. 8 Access Control Systems Possessed Possessed Biometric knowledge object (something (something (something you are) you know) you have) Access Control Systems 10  Possessed knowledge access systems: Use information that only an individual should know  Usernames  Passwords  Should be strong passwords and changed frequently  Tokens can generate passwords * 59% of end-users use the same password for every account Possessed object access systems: Use a physical object an individual has in his/her possession to identify that individual Smart cards RFID-encoded badges Magnetic cards USB security keys or e-tokens Access Control Systems 11  Biometric access systems: Identifies users by a particular unique biological characteristic  Fingerprint, hand, face, iris, voice, etc.  Data read by biometric reader must match what is stored in a database Two-factor authentication: Use two different factors for increased security Possessed knowledge (something you know) Possessed object (something you have) Biometric (something you are) OTP tokens are one example 12 Access Control Systems  Controlling access to wireless networks  In general, Wi-Fi is less secure than wired networks  Security is usually off by default; wireless networks should be secured  Wireless network owners should:  Enable encryption  Not broadcast the network name (SSID)  Enable other security features as needed (passwords) 13  Firewall: A collection of hardware and/or software Protecting intended to protect a computer or computer network from unauthorized access Against  Intrusion prevention system (IPS) software: Monitors traffic to try and detect possible attacks Unauthorized  Encryption: Method of scrambling contents of e-mail or files to make them unreadable if intercepted  Secure Web pages: Use encryption to protect Access and information transmitted via their Web pages  Look for a locked padlock on the status bar and Use  https:// in the URL Only transmit credit card numbers and other sensitive data via a secure Web server  Virtual private networks (VPNs): A private secure path over the Internet Protecting Against Unauthorized Access and Use  Individuals should take additional precautions when using public hotspots in addition to using security software, secure Web pages, VPNs, and file encryption  Turn off file sharing  Disable Wi-Fi and Bluetooth if not needed  Use firewall to block incoming connections  Turn off automatic and ad hoc connections 14 15 Quick Quiz  1. Which of the following is an example of possessed knowledge?  a. Password  b. Smart card  c. Fingerprint  3. A(n) ______________________ controls access to a computer from the Internet and protects programs installed on a computer from accessing the Internet without authorization from the user.  Computer sabotage: Acts of malicious destruction to a computer or computer resource  Botnet: A group of bots (computers controlled by a criminal) that are controlled by one individual Computer  Malware: Any type of malicious software  Written to perform destructive acts (damaging Sabotage  programs, deleting files, erasing drives, etc.) Writing malware is considered unethical, distributing is illegal  Can infect mobile phones and mobile devices (some preinstalled on mobile devices) 16 Purpose of Computer Sabotage  Data or program alteration  Students changing grades etc.  Changing posts  Web site alteration  Web sites defaced to make political statements  Hacking into and changing social networking account contents (Facebook pages, Twitter tweets, etc.)  Financial benefit Computer Sabotage  Computer virus: A software program installed without the user’s knowledge and designed to alter the way a computer operates or to cause harm to the computer system  First computer virus: The Brain Boot Sector Virus  Video: Brain: Searching for the first PC virus in Pa kistan  Computer worm: Malicious program designed to spread rapidly by sending copies of itself to other computers  Dangerous computer worms: Mydoom, iloveyou, wannacry  Video illustration: Computer Worm and How Do es it Work? 18 Computer Sabotage  Trojan horse:  is a type of malicious software that looks legitimate but can take control of your computer.  Usually appear to be a game or other program  Cannot replicate themselves; must be downloaded and installed  Security Awareness Video: Trojan Horse  Ransomware Attack: Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.  Famous ransomware attacks: locky, wannacry, bad rabbit etc  Video: Rensome attack (wana Cry) 19 Computer Sabotage  Spoofing  Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source.  Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address  Video Illustration: spoofing  Man in the middle attack  type of eavesdropping attack, where attackers interrupt an existing conversation or data transfer.  After inserting themselves in the "middle" of the transfer, the attackers pretend to be both legitimate participants.  This enables an attacker to intercept information and data from either party while also sending malicious links or other information to both legitimate participants in a way that might not be detected until it is too late.  Video illustration: Man in the Middle attack 21 Computer Sabotage  Denial of service (DoS) attack: Act of sabotage that attempts to flood a network server or Web server with so much activity that it is unable to function  Distributed DoS attack: Uses multiple computers as bots  They are also called Zombies computers or slaves  Video: NEW RECORD! Largest kn own DDoS attack spotted by Clo udflare Computer Sabotage  Phishing: Use of spoofed e-mail messages to gain credit card numbers and other personal data  Typically contains a link to a spoofed Web site  After victim clicks a link in the message and supplies sensitive data, that data is sent to the thief  E-mails and Web sites often look legitimate  Spear phishing: A personalized phishing scheme targeted to specific individuals  Often include personalized information to seem more legitimate  May impersonate someone in your organization, such as from human resources or the IT dept. 22  Cyberbullying/Cyber Stalking:  Threats or harassing behavior between adults carried out via e-mail or another Internet communication method  Common today, estimate 50% of all US Personal teenagers  Sending harassing e-mail messages to the Safety victim  Sending unwanted files to the victim Issues  Posting inappropriate messages about the victim  Signing the victim up for offensive material  Publicizing the victim’s contact information  Hacking into victim’s social networking pages 23 Discussion: Information security/ cyber attacks  What protection measures you take while you are dealing with internet.  Phishing attacks  Removable media  Passwords and Authentication  Physical security  Mobile Device Security  Working Remotely  Public Wi-Fi  Cloud Security  Social Media Use  Internet and Email Use  Some examples of big cyber attack  Video: COCO COLA company at cyber attack  Video: Hackers breached the UBER Any Question?

Network and Internet Security Lecture

Document Details

Tags

Related

Summary

Full Transcript