by farhan ahmad [email protected] · system security by farhan ahmad [email protected]...
TRANSCRIPT
![Page 1: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/1.jpg)
System Security
By
Farhan Ahmad
Department of Chemical Engineering,
University of Engineering & Technology Lahore
![Page 2: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/2.jpg)
Threat
Degree of harm
Countermeasures
2
Basic Security Concepts
![Page 3: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/3.jpg)
3
Threat - anything that can cause harm
Not harmful unless it exploits an existing vulnerability
Vulnerability – anything that has not been protected against
threat making it open to harm
Is a weakness
Security - to neutralize threats
Threat
![Page 4: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/4.jpg)
4
Level / Intensity of potential damage
Security Risk – potential that a given threat will exploit
vulnerabilities
Likelihood that something will happen that cause harm
Probability × severity
Include all parts of system
Potential data loss
Loss of privacy
Inability to use hardware
Inability to use software
Degrees of harm
![Page 5: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/5.jpg)
5
Any step that is taken for protection to keep the threat away
The deployment of a set of security measures/services/control
to protect against a security threat
Backup of data
Firewall
Two classes of countermeasures:
Shield from personal harm
Shield from physical harm
Countermeasures
![Page 6: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/6.jpg)
6
Theft of information
Loss of privacy
Cookies
Spyware
Web bugs
Spam
Threats to User
![Page 7: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/7.jpg)
7
Theft of Information
Identity Theft
Impersonation by private information
Thief can ‘become’ the victim
Reported incidents rising
Methods of stealing information
Shoulder surfing
Snagging
Dumpster diving
Social engineering
High-tech methods
![Page 8: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/8.jpg)
8
Loss of Privacy
Personal information is stored electronically
Purchases are stored in a database
Data is sold to other companies
Public records on the Internet
Internet use is monitored and logged
None of these techniques are illegal
![Page 9: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/9.jpg)
9
Cookies
Files delivered from a web site
Originally improved a site’s function
Cookies now track history and passwords
Browsers include cookie blocking tools
![Page 10: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/10.jpg)
10
Web Bugs
Small programs embedded in gif images
Gets around cookie blocking tools
Companies use to track usage
Blocked with spyware killers
![Page 11: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/11.jpg)
11
Spyware
Software downloaded to a computer
Designed to record personal information
Typically undesired software
Hides from users
Several programs exist to eliminate
![Page 12: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/12.jpg)
12
Spam
Unsolicited commercial email
Networks and PCs need a spam blocker
Stop spam before reaching the inbox
Spammers acquire addresses using many methods
CAN-SPAM Act passed in 2003
![Page 13: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/13.jpg)
13
Power-related threat
Theft and Vandalism
Natural disaster
Threats to Hardware
![Page 14: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/14.jpg)
14
Power-related threats
Affect the operation or reliability
Power-related threats
Power fluctuations
Power spikes or browns out
Power loss
Countermeasures
Surge suppressors
Line conditioners
Uninterruptible power supplies
Generators
![Page 15: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/15.jpg)
15
Theft and Vandalism
Thieves steal the entire computer
Accidental or intentional damage
Countermeasures
Keep the PC in a secure area
Lock the computer to a desk
Do not eat near the computer
Watch equipment
Chase away loiterers
Handle equipment with care
![Page 16: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/16.jpg)
16
Natural disasters
Disasters differ by location
Typically result in total loss
Disaster planning
Plan for recovery
List potential disasters
Plan for all eventualities
Practice all plans
![Page 17: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/17.jpg)
17
The most serious threat
Data is the reason for computers
Data is very difficult to replace
Protection is difficult
Data is intangible
Malwares or viruses
Cyber crimes
Cyber terrorism
Threats to Data
![Page 18: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/18.jpg)
18
Malwares
Common threat to information
Viruses, worms, trojan horses, rootkits etc.
Ranges from annoying to catastrophic
Countermeasures
Anti-malware software
Popup blockers
Spyware blocker
Do not open unknown email
![Page 19: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/19.jpg)
19
Stealing the computer, damage or stealing the information
Using a computer in an illegal act
Fraud and theft are common acts
Internet fraud
Hacking
Cybercrime
![Page 20: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/20.jpg)
20
Most common cybercrime
Fraudulent website
Have names similar to legitimate sites
Internet fraud
![Page 21: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/21.jpg)
21
Using a computer to enter another network
Cost users $1.6 trillion in 2003
Hackers motivation
Recreational hacking
Financial hackers
Grudge hacking
Hacking methods
Sniffing
Social engineering
Spoofing
Hacking
![Page 22: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/22.jpg)
22
Cyber warfare
Attacks made at a nations information
Targets include power plants or telecommunication
Threat first realized in 1996
Organizations combat cyber terrorism
Cyber terrorism
![Page 23: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/23.jpg)
23
Protective Measures
![Page 24: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/24.jpg)
24
Guard your papers
Shred unneeded papers
Pick up you mail quickly
Check statements immediately
Keep records for 3 years
Avoiding Identity Theft
![Page 25: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/25.jpg)
25
Guard your personal information
Be wary giving out information
Avoid giving account numbers
Never give personal information in e-mail
Ensure online shopping is secure
Avoiding Identity Theft
![Page 26: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/26.jpg)
26
Look at the big picture
Review your credit report yearly
Develop an efficient filing system
Know your liability limits
Avoiding Identity Theft
![Page 27: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/27.jpg)
27
Be wary filling out forms
Guard your primary email address
Have a ‘spam account’ for forms
Know your legal rights
Protecting the Privacy
![Page 28: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/28.jpg)
28
Dealing with cookies
Browsers provide settings to block cookies
No cookies to all cookies allowed
Without cookies some sites crash
Cookies can be deleted
Browsers
Spyware programs
Managing Cookies and Spyware
![Page 29: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/29.jpg)
29
Cookie types
Session cookies
Cookies for the current site
Persistent cookies
Stored on hard drive until deleted
First-party cookies
Installed by the current site
Third-party cookies
Installed by an ad
Managing Cookies and Spyware
![Page 30: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/30.jpg)
30
Deleting cookies
Managing Cookies and Spyware
![Page 31: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/31.jpg)
31
Removing web bugs and spyware
Install a spyware removal program
None are 100% effective, use two
Install a pop-up blocker
Are extremely effective
Managing Cookies and Spyware
![Page 32: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/32.jpg)
32
Evading spam
Contact your ISP
Use mail program’s filters
Use an anti-spam program
Use an online account for purchasing
Managing Cookies and Spyware
![Page 33: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/33.jpg)
33
Viruses and worms
Purchase a good anti-virus product
Keep the product updated
Keep your OS up to date
Protection From Malware
![Page 34: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/34.jpg)
34
Limit physical access
Easiest way to harm or steal data
Build an account for each user
Require a password for access
Software and hardware password
Protecting Your System
![Page 35: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/35.jpg)
35
Use a firewall
Protects from unauthorized remote use
Makes your computer invisible
Protecting Your System
![Page 36: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/36.jpg)
36
Backup often
Backup is a copy of a file
Restore replaces a file on disk
Organizations backup at least daily
Home users should backup weekly
Protecting Your System
![Page 37: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/37.jpg)
37
OS generates messages for events
Provides clues about computer health
Can alert to potential problems
Windows includes the Event Viewer
System Events
![Page 38: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/38.jpg)
38
Event Viewer
![Page 39: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/39.jpg)
39
Store media in the proper container
Floppy disks in a hard case
CD should be in a sleeve
Thumb disks should be closed
Handling Storage Media
![Page 40: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/40.jpg)
40
Avoid magnetism
Magnets erase the contents of disks
Magnets found in
Speakers
Televisions and CRT monitors
Radios
Handling Storage Media
![Page 41: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/41.jpg)
41
Heat and cold
Avoid extreme temperatures
Heat expands media
Cold contracts media
Floppies and CD-ROMs are susceptible
Handling Storage Media
![Page 42: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/42.jpg)
42
Moisture
Do not use wet media
CDs can be wiped off
Floppy disks must dry
Handling Storage Media
![Page 43: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/43.jpg)
43
Dust, dirt, and fingerprints
Dirty or scratched media will fail
Handle media by the edge
Clean CDs with gentle strokes
Handling Storage Media
![Page 44: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/44.jpg)
44
Never store near large electronics
Store in dry, climate controlled rooms
Plan for natural disasters
Stack equipment safely
Storing Computer Equipment
![Page 45: By Farhan Ahmad farhanahmad@uet.edu · System Security By Farhan Ahmad farhanahmad@uet.edu.pk Department of Chemical Engineering, University of Engineering & Technology Lahore Threat](https://reader033.vdocuments.us/reader033/viewer/2022042322/5f0cd4ff7e708231d43759e8/html5/thumbnails/45.jpg)
45
Computers should be spotless
Avoid eating or smoking at computer
Clean the dust from inside the system
Change the filters if present
Keeping Your Computer Clean