UNIT 3 latest 11.9.2024.pdf

Full Transcript

INFORMATION SYSTEM
SECURITY
UNIT 3
 Content
01 Malicious Software

02 Computer Crimes

03 Information System Control

04 Information Resource Control
 OUTCOMES

OUTCOME 4
OUTCOME 1
Identify information
Identify malicious resources control
software
OUTCOME 2 OUTCOME 3
Categorize computer Identify
crimes information system
control
 THREAT TO
INFORMATION SECURITY
A threat to information security is any potential
danger that could exploit vulnerabilities in a
system, network, or data, leading to unauthorized
access, disruption, damage, or loss of information.

These threats can come from various sources
and manifest in numerous ways, posing risks to
the confidentiality, integrity, and availability of
information.
 OUTCOME 1

Malicious Software
Identify malicious software
1.MALICIOUS
SOFTWARE
MALICIOUS SOFTWARE
(MALWARE)

Malicious software, commonly referred
to as malware, is any software
intentionally designed to cause harm to
a computer system, network, or data.
Malware can disrupt normal operations,
steal sensitive information, or exploit
system vulnerabilities.
It encompasses a variety of types and
forms, each with its own specific goals
and methods of attack.
MALICIOUS SOFTWARE
(MALWARE)

01 VIRUSES 02 WORMS

03 TROJAN HORSE 04 SPYWARE
VIRUSES
Definition:
A virus is a type of malware that
attaches itself to legitimate files or
programs and spreads to other files and
systems when the infected file or
program is executed.
Characteristics:
Propagation: Spreads by replicating
itself through infected files or emails.
Activation: Requires user interaction to
activate, such as opening an infected
file or running an infected program.
Effects: Can corrupt or delete files,
steal information, or disrupt system
operations.
Examples:
Melissa virus, ILOVEYOU virus.
 Definition:

WORMS
A worm is a type of malware that
replicates itself to spread to other
computers, often through network
connections, without needing to attach
itself to a host file.
Characteristics:
Propagation: Spreads automatically over
networks, often exploiting vulnerabilities
in operating systems or software.
Activation: Does not require user
interaction to spread; can propagate
independently.
Effects: Can consume network bandwidth,
overload systems, and deliver payloads
that cause damage or steal information.
Examples:
WannaCry, Blaster Worm.
 Definition:

TROJAN HORSE
A Trojan horse (or Trojan) is a type of
malware that disguises itself as a
legitimate or benign program to trick
users into installing it. Once installed, it
can perform malicious actions.
Characteristics:
Deception: Appears as a legitimate or
desirable software but contains hidden
malicious functions.
Activation: Requires user action to install
or execute, such as downloading and
running a seemingly useful application.
Effects: Can create backdoors for
unauthorized access, steal information, or
install additional malware.
Examples:
Zeus Trojan, Emotet.
SPYWARE
Definition:
Spyware is a type of malware
designed to secretly monitor and
collect information about a user's
activities without their consent.
Characteristics:
Surveillance: Monitors user activity,
such as keystrokes, browsing habits,
and personal information.
Activation: Often bundled with other
software or disguised as legitimate
applications.
Effects: Can lead to privacy
invasion, identity theft, and
unauthorized data collection.
Examples:
CoolWebSearch, Gator.
 OUTCOME 2

COMPUTER CRIMES
Categorize computer crimes
2. COMPUTER
CRIME
COMPUTER CRIME

Computer crime, also known as
cybercrime, refers to illegal activities
that involve the use of computers and
digital technology.
These crimes can target individuals,
organizations, or governments, and they
typically involve unauthorized access,
data theft, damage, or disruption.
 HACKERS

SPOOFING AND SNIFFING

DENIAL OF SERVICE ATTACK
COMPUTER
CRIME IDENTITY THEFT

CLICK FRAUD

CYBERTERRORISM AND CYBER WARFARE
 HACKERS
In the context of computer crimes, a "hacker" is someone who uses
technical skills to gain unauthorized access to computer systems,
networks, or data. Hackers can have various motives and methods, and
their activities can range from benign or constructive to highly malicious.
 TYPES OF HACKERS

BLACK HAT HACKERS WHITE HAT HACKERS GREY HAT HACKERS
Definition: These hackers fall between
Definition: These are individuals Definition: Also known as ethical
black hats and white hats. They may
who use their hacking skills for hackers, these individuals use their
exploit vulnerabilities without
malicious purposes, such as stealing skills to improve security by finding
permission but typically do not have
data, causing harm, or disrupting and fixing vulnerabilities.
malicious intentions.
services. Motives: To protect systems and data
Motives: Often driven by curiosity or
Motives: Financial gain, sabotage, or by identifying weaknesses before
the desire to demonstrate a
personal satisfaction. malicious hackers can exploit them.
vulnerability without causing harm.
Activities: Engaging in cybercrimes Activities: Conducting penetration
Activities: Hacking into systems to
like data theft, ransomware attacks, testing, security assessments, and
find vulnerabilities and then notifying
and system breaches. vulnerability research.
the organization, sometimes without
Examples: Hackers involved in high- Examples: Security consultants
authorization.
profile data breaches or working with organizations to
Examples: Hackers who discover and
ransomware campaigns. enhance cybersecurity.
disclose security flaws but do not
exploit them for personal gain.
 SPOOFING & SNIFFING
SPOOFING
Focuses on identity deception to gain unauthorized access or
information.

SNIFFING
Focuses on monitoring and analyzing network data to collect
sensitive information.
 COMPARISON

SPOOFING SNIFFING
Primary Purpose: To deceive systems or users by pretending Primary Purpose: To monitor and analyze data traffic
to be a legitimate or trusted entity to gain unauthorized passing through a network to collect sensitive
access or information. information.
Example: Tricking users into clicking on malicious links or Example: Capturing and analyzing unencrypted data
providing personal information by pretending to be a packets to obtain login credentials or personal data.
legitimate bank or organization. Methods: Using software or hardware to capture and
Methods: Involves altering or falsifying seemingly legitimate analyze data traffic on a network.
information such as IP addresses, email addresses, or DNS Primary Impact: Can reveal sensitive information
data. transmitted over a network, especially if the data is
Primary Impact: Can lead to fraud, identity theft, or unencrypted. This can lead to data theft or exposure
unauthorized access to systems or data. Often used to exploit of personal information.
vulnerabilities in security systems or applications.
 DENIAL OF SERVICE
ATTACK
Denial of Service (DoS) is a type of cyber attack aimed at making a computer,
network, or service unavailable to its intended users by overwhelming it with a
flood of illegitimate requests or data.
This can lead to the target system being unable to handle legitimate requests,
effectively causing it to crash or become inaccessible.
 TYPES OF DOS

HTTP FLOOD PING FLOOD SLOWLORIS
An attacker targets a website by Imagine an attacker sending a This attack involves opening multiple
sending a large volume of HTTP massive number of ICMP Echo connections to a web server and
requests to overwhelm the web Request packets (ping requests) to a keeping them open by sending
server’s resources. target server. partial HTTP requests.
For example, they might send The server gets overwhelmed trying The server keeps these connections
numerous requests for complex to respond to all these requests, and open, consuming resources and
web pages that require significant legitimate users experience delays or preventing it from handling
processing power, causing the are unable to connect to the server. legitimate requests from other users.
server to slow down or crash.
 IDENTITY THEFT

Identity theft is a crime where someone illegally obtains and uses another person's
personal information, such as Social Security numbers, credit card details, or bank
account information, without their permission.
The purpose is often to commit fraud or other criminal activities, such as making
unauthorized purchases, opening accounts, or applying for loans in the victim's name.
 METHOD IMPACT PREVENTIVE

Skimming: Devices called skimmers Financial Loss: Victims may experience Monitor Your Accounts: Regularly
are placed on ATMs or gas station direct financial losses due to check bank and credit card
pumps to capture card information unauthorized transactions or accounts statements for unauthorized
when you swipe your credit or debit opened in their name. Recovering transactions.
card. these funds can be time-consuming Use Strong Passwords: Create
Data Breaches: Hackers gain access and challenging. complex passwords and change
to large databases of personal Credit Damage: Identity theft can them regularly.
information from companies or severely damage a person's credit Enable Two-Factor
institutions, which they then use to score if the thief accumulates debt Authentication: Add an extra layer
steal identities. under the victim’s name, leading to of security to your online
Mail Theft: Stealing credit card problems securing loans, mortgages, or accounts.
statements, tax returns, or other even renting an apartment.
personal documents from a person’s
mailbox.
 CLICK FRAUD

Click fraud is a type of online fraud where individuals or automated systems artificially
inflate the number of clicks on online ads.
This is done to generate revenue for the fraudster or to deplete the advertising budget of
a competitor.
Click fraud is a significant issue in online advertising, particularly in pay-per-click (PPC)
advertising models, where advertisers pay each time their ad is clicked.
 TYPES IMPACT DETECT &
PREVENT
Manual Click Fraud: In this scenario,
individuals or groups manually click on Reduced Advertising Effectiveness: Monitor Click Patterns: Look for
ads repeatedly to drain the advertiser’s Click fraud can skew performance unusual patterns in click data, such as
budget. This is often done by metrics, making it difficult for high click-through rates from specific
competitors or malicious parties advertisers to accurately assess the IP addresses or geographic locations
seeking to cause financial harm. effectiveness of their campaigns and that don’t align with your target
Automated Click Fraud: Here, bots or make informed decisions. audience.
automated scripts are used to click on Increased Advertising Costs: As fraud Use Click Fraud Detection Tools:
ads. These automated systems can drives up costs, advertisers may have to Many ad platforms and third-party
generate a high volume of fraudulent pay more per click to maintain their ad services offer tools to help detect and
clicks in a short period, making it placements, leading to increased prevent click fraud by analyzing
harder to detect. expenses. traffic patterns and identifying
Competitor Click Fraud: Competitors Distrust in Ad Platforms: Persistent suspicious activity.
may engage in click fraud to exhaust click fraud issues can lead to a lack of Set Click Limits: Some ad networks
the advertising budget of a rival trust in online advertising platforms, allow you to set limits on the number
company, reducing their visibility and potentially driving advertisers to seek of clicks from a single IP address or
effectiveness. alternative methods or platforms. over a specific period to mitigate
potential fraud.
CYBER TERRORISM
&
CYBER WARFARE
 COMPARISON
CYBER TERRORISM CYBER WARFARE
Definition: Cyber warfare is conducted by nation-states or state-
Definition: Cyber terrorism involves the use of digital attacks by
sponsored actors to achieve strategic objectives. It involves the
individuals or groups to cause fear, disrupt society, or coerce
use of digital attacks to disrupt or damage another country’s
governments or organizations. The goal is often to create
infrastructure, intelligence, or military capabilities.
psychological or physical harm, rather than just economic
Characteristics:
damage.
Intent: The aim is usually political or strategic. It’s about
Characteristics:
gaining a tactical or strategic advantage in conflicts or
Intent: The primary aim is to cause terror or panic. The
rivalries between nations.
attackers often seek to influence public perception or political
Targets: Often aimed at critical national infrastructure,
outcomes.
military systems, or economic systems that are vital to a
Targets: Can include critical infrastructure, public services, or
nation's security and stability.
any system that impacts public safety and security.
Examples: Attacks on a country’s power grid or financial
Examples: Attacks on hospital systems, power grids, or
systems to weaken its economic stability or military
transportation networks that create chaos or endanger lives.
readiness.
Methods:
Methods:
Malware and ransomware attacks designed to paralyze
Cyber espionage to steal sensitive information or intellectual
essential services.
property.
Denial-of-service attacks that overwhelm and disrupt
Attacks on military networks or communication systems to
operations.
disrupt operations.
Data breaches that expose sensitive information to incite fear
Infrastructure attacks that cause widespread disruptions and
or disrupt trust.
have long-term consequences.
 OUTCOME 3

Information Systems
Control
Identify information system control
 3. INFORMATION
SYSTEM CONTROL
 INFORMATION SYSTEM
CONTROL
GENERAL CONTROLS APPLICATION CONTROLS
General controls are the Application controls are specific to
foundational policies, individual software applications
procedures, and practices that and are designed to ensure the
ensure the overall security, accuracy, completeness, and
integrity, and reliability of validity of the data processed by
information systems and data. those applications.
Unlike application controls, Unlike general controls, which
which are specific to particular cover the overall system
software applications, general environment, application controls
controls apply across the entire
focus on the particular
information system
functionality of software
environment.
applications to prevent, detect, and
correct errors and irregularities.
 OUTCOME 4

Information Resources
Control
Identify information resources control
 4. INFORMATION
RESOURCE CONTROL
 Authentication

Firewall
INFORMATION
Intrusion Detection System
RESOURCE
CONTROL
Antivirus and Anti Spyware Software

Unified Threat Management Systems
1.AUTHENTICATION
 AUTHENTICATION
DEFINITION :
Authentication in information security is the process of verifying the identity of a user, system, or
entity attempting to access a resource or system.
The goal of authentication is to ensure that only authorized individuals or systems can access
protected resources, and it forms a critical component of the broader concept of access control.

METHODS:
Password-Based Authentication: The user provides a password or passphrase to prove their
identity. This is the most common method but can be vulnerable to attacks such as brute force or
phishing.
Two-Factor Authentication (2FA): Combines two different factors, typically a password (something
you know) and a one-time code sent to a mobile device (something you have). This adds an extra
layer of security.
Multi-Factor Authentication (MFA): Extends 2FA by using more than two authentication factors.
For example, a combination of password, a one-time code, and a fingerprint.
Biometric Authentication: Uses biometric identifiers, such as fingerprints, face recognition, or
retina scans, to verify identity. It is highly secure but can be expensive and raises privacy
concerns.
Token-Based Authentication: Uses physical or digital tokens, such as smart cards or authentication
apps, to generate and provide time-sensitive codes for authentication.
 AUTHENTICATION
ADVANTAGES :
Access Control: Ensures that only authorized individuals can access sensitive data and
resources, helping to prevent unauthorized access and breaches.
Security: Protects against unauthorized access and potential misuse of systems and data.
Compliance: Helps organizations meet regulatory and industry standards that require strong
authentication mechanisms.
User Accountability: Provides a way to track and log user activities, which is important for
auditing and accountability.

DISADVANTAGES :
Password Management: Users often struggle with creating and managing strong, unique
passwords, leading to security vulnerabilities.
Phishing Attacks: Attackers can trick users into providing their authentication credentials
through deceptive methods.
Biometric Privacy: While biometric authentication can be secure, it raises concerns about the
privacy and storage of biometric data.
Token Security: Physical tokens can be lost or stolen, and digital tokens can be intercepted if
not transmitted securely.
2. FIREWALL
 FIREWALL
A firewall is a security device or software that acts as a barrier between a
trusted internal network and untrusted external networks, such as the
internet. It monitors, filters, and controls network traffic based on a set
of predetermined security rules to prevent unauthorized access, data
breaches, and other security threats.

Firewalls can be implemented in various forms:
Hardware Firewall: A physical device placed between a network and
its connection to the internet or another external network.
Software Firewall: A program installed on a computer or server that
filters network traffic based on software rules.
Combined Firewall: A device or solution that includes both hardware
and software components.

The primary purpose of a firewall is to enforce network security policies
by allowing or blocking data packets based on criteria such as IP
addresses, port numbers, protocols, and application types.
3. INTRUSION DETECTION
SYSTEM
INTRUSION DETECTION SYSTEM
An Intrusion Detection System (IDS) is a security technology designed
to monitor network traffic or system activities for signs of suspicious
or malicious behavior.

It aims to detect unauthorized access, policy violations, or other
potentially harmful activities within a network or on a system.
4. ANTIVIRUS & ANTI SPYWARE
SOFTWARE
 ANTIVIRUS & ANTI SPYWARE
SOFTWARE
Antivirus Software
Purpose:
Antivirus software is designed to detect, prevent, and remove
malicious software (malware) such as viruses, worms, trojans, and
more.
It focuses on protecting the system from various forms of malware
that can harm computers and networks.

Antispyware Software
Purpose:
Antispyware software focuses specifically on detecting and removing
spyware and other types of potentially unwanted programs (PUPs).
Spyware is a type of malware designed to secretly gather information
about a user or system, often without their consent.
 ANTIVIRUS & ANTI SPYWARE
SOFTWARE
Key Differences:

1. Scope:
Antivirus software covers a broad range of malware types, while
antispyware software is specialized in dealing with spyware and
related threats.
2. Detection Methods:
While both may use signature-based and heuristic detection,
antispyware software often includes more advanced techniques for
identifying and mitigating privacy threats.
3. Integration:
Many modern security suites combine antivirus and antispyware
functionalities into a single product, offering comprehensive
protection against both types of threats.
 5. UNIFIED THREAT
MANAGEMENT SYSTEMS
 UNIFIED THREAT
MANAGEMENT SYSTEMS
Unified Threat Management (UTM) systems are comprehensive
security solutions designed to provide an integrated approach to
network security.
By combining multiple security functions into a single platform, UTMs
aim to simplify the management of network protection and enhance
overall security effectiveness.
END OF TOPIC 3
Thank You