1 / 33

Internet and Network Security

Internet and Network Security. Knowledge Management and Sharing ICRISAT. The next one hour…. Threats on the network VIRUS, Trojan Horses & Worms Spyware & Adware Spamming, Phishing, Pharming and Spoofing Identify Theft & Social Engineering Other Online Threats

parry
Télécharger la présentation

Internet and Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internet and Network Security Knowledge Management and Sharing ICRISAT

  2. The next one hour… • Threats on the network • VIRUS, Trojan Horses & Worms • Spyware & Adware • Spamming, Phishing, Pharming and Spoofing • Identify Theft & Social Engineering • Other Online Threats • How to protect your network & PC • Demo by Padma, ISU

  3. Threats on the network • Data theft, Data Leakage, Compromised security • Online Frauds and misleading applications. • Hackers & Crackers • Privacy • Data integrity • Availability • Consistency

  4. Virus, Trojan Horses & Worms • Virus - malicious code (Vital Information Resource Under Siege) • Types of VIRUS • Boot Sector, Stealth, Polymorphic, Trojan Horse, Time bomb, Logic bomb, Trapdoor etc • Worms

  5. Why Virus?!? • Steals data & confidential information • Affects bandwidth & resources • Turns infected machines into zombie PCs • Used to launch a DOS & D-DOS attacks Some notorious VIRUS • NATAS • ILOVEYOU • CIH • Melissa Worm

  6. Spyware & Adware • Piggybacks on Freeware/Shareware software • Intercept or take partial control over the user's interaction with the computer • Carriers of malicious code • Compromises the security of the infected PC

  7. Spamming • Spamming • Accounts for 9 out of 10 emails (MessageLabs Inc.,) • You pay for the Spam! • Never Click on opt-out of a spam mail • SPIM, SPAT • Hoax mail forwarding How to control SPAM?!?!

  8. Phishing, Pharming & Spoofing • Phishing is a form of online identity theft • SPAM mail leads users to ‘spoofed’ websites • ‘Spoofed’ website closely resembles a bank/financial institutions’ website • Targets consumers’ personal identify data and financial account credentials Examples

  9. Identity Theft When Bad Things Happen to Your Good Name • Take over the complete identity of another person • Taking Lives, The Net • Chat rooms, Dumpster diving, Skimming, Phishing, Change of Address, etc., • Never never divulge personal information in online public forums • Careful with your Internet passports • IPIN, TPIN, Credit Card, CVV, Passwords

  10. Social Engineering • Art of Manipulation (think Bunty aur Babli) • Techniques used to manipulate people into performing actions or divulging confidential information • Thrives on flaws based in human logic • Road Apple! (Curiosity killed the cat!)

  11. Wireless threats • Most networks broadcast their presence outside the necessary limits • War Driving • Easy to simulate a man-in-the-middle attack • Wireless Fidelity (Wi-Fi) hacking is the ‘in-thing’

  12. A few more threats! • Advance Fee Fraud, 419 Scam • Mail bombing • IP/URL Spoofing, Masquerading • Credit card frauds • Sniffing – Passive & Active www.scambusters.org www.hoaxbusters.org

  13. How to protect yourself • Update your antivirus signature database atleast once a week. • Install anti spyware • Windows spyware removal kit, Spybot • Install a personal software FIREWALL • Windows Firewall, ZoneAlarm • Try not to open attachments from unknown senders • Passwords, Shared Folders

  14. Vulnerability Scanners • Microsoft Baseline Security Analyzer (MBSA) • www.pcpitstop.com • Nessus – Open Source • US-CERT & Bugtraq Of course, Call ISU colleagues for any IT related queries/help

  15. Questions? • The art of war teaches us to rely not on the likelihood of the enemy’s not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable. • The Art of War, Sun Tzu (Chapter 8, ‘Variation of Tactics’) Security is sec-U-R-IT-y Padma Remember

  16. Denial of Service Request Target Server Compromised PC Compromised PC Compromised PC Compromised PC Genuine Request

  17. DDoS – Zombie PCs C&C server Master Slave Attacker Slave Master Slave Target Server Slave

  18. Points to a spoofed website

  19. Browser Phishing filter

  20. Spoofed Website 1 2

  21. Checking for websites authenticity 1 https://web. Digital Certificate 3 2

  22. IT SECURITY • Why to Protect • What to Protect • What happens without security • How to Protect

  23. Types of Security • Physical Security • Password Security • Environment • Antivirus • Patches and Service-Packs • Unnecessary Services • Firewalls

  24. Physical Security • Exposure to extreme climatic conditions like heat, rain etc., • Leaving your room unguarded • Theft of data and accessories • Data loss from hard disk crashes or lack of backup (ex. Databases, .PST) • Careless handling leading to breakage • Keeping liquids, food items in the vicinity

  25. Password Security • Use long passwords with not less than 8 characters • Use passwords with a combination of alphabets, numbers and special characters • Change passwords frequently

  26. Environment • Sharing resources across network without proper passwords • Sharing files/folders with full permission • Exchange of emails • Browsing through insecure sites • Downloading unauthorized/un-licensed/infected data from the internet

  27. Antivirus • Install latest standard antivirus software • Check for latest updates and scan engines • Be cautious on receiving virus alerts • Run virus scan from time to time • Clear quarantine folder on hard disk

  28. Patches and Service Packs • Install latest security patches for the relevant Operating System • Check for correct service packs installed on system

  29. Unnecessary services • Disable unwanted services that are running on the system

  30. Firewalls • Enable firewall protection on server and client machine

  31. Thank You!

More Related