5. Computer Security - Lec 4-23-40.pdf
Document Details
Uploaded by EfficientAndradite
Tags
Full Transcript
System security Controls and safeguards taken to minimize ○ Downtime ○ Interference ○ Malicious intrusion Physical security OS and application security. 23 Deshan Kalupahana Physical threats to a system Treats...
System security Controls and safeguards taken to minimize ○ Downtime ○ Interference ○ Malicious intrusion Physical security OS and application security. 23 Deshan Kalupahana Physical threats to a system Treats ○ Physical access to devices ○ Attaching components to devices ○ Tamper with devices ○ Jamming the wires. Similar to Physical network security ○ Access control ○ Surveillance ○ Backup 24 Deshan Kalupahana Attacks on OS and applications Password attacks Malware attacks Pharming Spams Phishing attacks 25 Deshan Kalupahana Password attacks Common technique to authenticate systems Can extract by ○ Sniffing ○ Bruteforce ○ Dictionary attack Prevention ○ Set a good password that cannot guess easily. ○ Account lock features ○ Multi-factor authentication ○ Encryption 26 Deshan Kalupahana Issues related to passwords Design problems ○ Eg:- Use personal data Operation issues ○ Common password ○ Easy to guess Application issues ○ Password checking issues 27 Deshan Kalupahana Good practices for creating passwords Dos Don’ts Lengthy password Don’t use personal data ○ Name, home town, birthday Case sensitive password Short passwords Numbers and special characters Repetitive characters included Same password for multiple Random characters applications Memorable password 28 Deshan Kalupahana Good practices for creating passwords Eg:- Use a sentence to create a password ‘I am an Engineering Student’ Probable passwords ○ iaaes ○ IaAEs ○ I’aAEs ○ 1’mAengStd ○ 1’mAen6Std@ 29 Deshan Kalupahana Evaluation of password strength Password Cracking time iaaes 200us IaAEs 9ms I’aAEs 400ms 1’mAengStd 7 months 1’mAen6Std@ 400 years https://www.security.org/how-secure-is-my-password/ 30 Deshan Kalupahana Alternatives to the passwords : Biometric data Signature Face recognition Voice recognition Finger print Iris pattern 31 Deshan Kalupahana Self Study Advantages and disadvantages of biometrics 32 Deshan Kalupahana Alternatives to the passwords : Additional Questions Provide multiple questions in addition to the passwords. Eg:- ○ What is your pet’s name? ○ What is your hometown? ○ Where did you completed to your secondary school? User has to remember the questions. Vulnerable to the attacks 33 Deshan Kalupahana Additional Check: CAPTCHA 34 Deshan Kalupahana Additional Check : Selecting Images 35 Deshan Kalupahana Multi-Factor authentication Additional login steps after given username and password. https://www.imperva.com/learn/application-security/2fa-two-factor-authentication/ 36 Deshan Kalupahana Malware attacks Unwanted software that is installed in your system without your consent Risks ○ Steal, encrypt or delete sensitive information ○ Hijack or alter core system functions ○ Monitor user activity without permission ○ Extort money ○ Introduce spam or forced advertising 37 Deshan Kalupahana Malware attacks Ransomware ○ disables victim's access to data until ransom is paid Spyware ○ collects user activity data without their knowledge Adware ○ serves unwanted advertisements Trojan ○ disguises itself as desirable code or software ○ Distributes viruses, worms, spyware etc. 38 Deshan Kalupahana Malware attacks ctd. Worms ○ spreads through a network by replicating itself Virus ○ piece of code that inserts itself into an application and executes when the app is run. Rootkits ○ gives hackers remote control of a victim's device Keyloggers ○ spyware that monitors user activity Bots/ Botnet ○ software application that performs automated tasks on command 39 Deshan Kalupahana Virus vs Worms vs Trojan Virus Worms Trojan What does it do? Insert malicious code into Exploits a vulnerability in Do something malicious a program or data file an application or or spy for the attacker operating system How does it spread? User transfers infected Uses network to travel User transfers Trojan file files to other devices from one computer to to other computers another Does it infect a file? Yes No It can Does there need to be Yes No Yes user action for it to spread? 40 Deshan Kalupahana