SlideShare una empresa de Scribd logo

Chapter 5 Selected Topics in computer.pptx

Descargar como PPTX, PDF
A
AschalewAyele2

thanks

Educación
1 de 48
Chapter five Cyber security prepared by Mesele M. 1
What is Cyber Security?  The technique of protecting internet-connected systems such as computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks is known as cyber security.  Its combination of two word:- 1. Cyber refers to the technology that includes systems, networks, programs, and data. 2. Security is concerned with the protection of systems, networks, applications, and information.  In some cases, it is also called electronic information security or information technology security. prepared by Mesele M. 2
Some other definitions of cyber security are:  Cyber Security is the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, theft, damage, modification or unauthorized access.  Cyber Security is the set of principles and practices designed to protect our computing resources and online information against threats. prepared by Mesele M. 3
Types of Cyber Security 1.Network Security: implementing the HW and SW to secure a computer network from unauthorized access, intruders, attacks, disruption, and misuse. 2.Application Security: It involves protecting the software and devices from unwanted threats.  This protection can be done by constantly updating the apps to ensure they are secure from attacks. 3. Information or Data Security: It involves implementing a strong data storage mechanism to maintain the integrity and privacy of data, both in storage and in transit. 4. Identity management: It deals with procedure for determining the level of access that each individual has within an organization. prepared by Mesele M. 4
Cont… 5. Mobile Security: It involves securing the data stored on mobile devices such as cell phones, computers, tablets, and other similar devices against various malicious threats. These threats are unauthorized access, device loss or theft, malware, etc. 6. Cloud Security: It involves in protecting the information stored in the digital environment or cloud for the organization. prepared by Mesele M. 5
Types of Cyber Security Threats  A threat in cyber security is a malicious activity by an individual or organization to corrupt or steal data, gain access to a network, or disturbs digital life in general.  The cyber community defines the following threats available today: Malware  Means malicious software, which is the most common cyber attacking tool.  It is used by the cybercriminal or hacker to interrupt or damage a legitimate user's system.  The following are the important types of malware created by the hacker: prepared by Mesele M. 6
Types of malwares i. Virus: piece of code that spreads from one device to another. It can clean files and spreads throughout a computer system, infecting files, stoles information, or damage system. ii. Spyware: It is a software that secretly records information about user activities on their system. For example, it could capture credit card details that can be used by the cybercriminals for unauthorized shopping, money withdrawing, etc iii. Trojans: It is a type of malware or code that appears as legitimate software or file to fool us into downloading and running. Its primary purpose is to corrupt or steal data from our device or do other harmful activities on our network. prepared by Mesele M. 7
Cont.… iv. Ransom ware: It's a piece of software that encrypts a user's files and data on a device, rendering them unusable or erasing. Then, a monetary ransom is demanded by malicious actors for decryption. v. Worms: It is a piece of software that spreads copies of itself from device to device without human interaction. It does not require them to attach themselves to any program. vi. Adware: It is an advertising software used to spread malware and displays advertisements on our device. It is an unwanted program that is installed without the user's permission. The main objective of this program is to generate returns for its developer by showing the ads on their browser. prepared by Mesele M. 8
Cont… vi. Brute Force  Is a cryptographic hack that uses a trial-and-error method to guess all possible combinations until the correct information is discovered. vii. Phishing:-sender seems to come from a genuine organization like PayPal, CBE, financial institutions, or friends and co-workers. They contact a target or targets via email, phone, or text message with a link to encourage them to click on that links. This link will redirect them to fake websites to provide sensitive data such as personal information, banking and credit card information, social security numbers, usernames, and passwords. Clicking on the link will also install malware on the target devices that allow hackers to control devices remotely. prepared by Mesele M. 9
prepared by Mesele M. 10 Romance Scams:-Romance scams occur when a criminal adopts a fake online identity to gain a victim's affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim. Latest Cyber Threats
System affected by security breaches and attacks:  Communication: attackers can use phone calls, emails, text messages, and messaging apps for cyber attacks.  Finance: This information is naturally a primary target for cyber attackers.  Governments: criminal generally targets the government institutions to get confidential public data or private citizen information.  Transportation: cybercriminals generally target connected cars, traffic control systems, and smart road infrastructure.  Education: A cybercriminals target educational institutions to get their confidential research data and information of students and employees. prepared by Mesele M. 11
Goals of cyber security  The final goals to protect data.  To insure three related principles to protect the data from cyber-attacks. This principle is called the CIA.  CIA model is designed to guide policies for an organization's information security infrastructure.  When any security breaches are found, one or more of these principles has been violated.  It is actually a security model that helps people to think about various parts of IT security.  This principles are 1. Confidentiality 2. Integrity 3. Availability prepared by Mesele M. 12
1.Confidentiality  Equivalent to privacy that avoids unauthorized access of information.  Ensuring the data is accessible by those who are allowed to use it and blocking access to others.  It prevents essential information from reaching the wrong people.  Data encryption is an excellent example of ensuring confidentiality. prepared by Mesele M. 13
2. Integrity  Ensures that the data is authentic, accurate, and protected from unauthorized modification by threat actors or accidental user modification.  If any modifications occur, certain measures should be taken to protect the sensitive data from corruption or loss and speedily recover from such an event.  In addition, it indicates to make the source of information genuine. prepared by Mesele M. 14
3. Availability  This principle makes the information to be available and useful for its authorized people always.  It ensures that these accesses are not delayed by system malfunction or cyber-attacks. prepared by Mesele M. 15
Tools for cyber security Goals Cyber security measured by at least one of three goals- 1. Protect the confidentiality of data. 2. Preserve the integrity of data. 3. Promote availability of data for authorized users. 1. Tools for Confidentiality prepared by Mesele M. 16
1. Encryption  Is transforming information to make it unreadable for unauthorized users by using an algorithm.  Transformation of data uses a secret key (an encryption key) so that the transformed data can only be read by using another secret key (decryption key).  It protects sensitive data such as credit card numbers by encoding and transforming data into unreadable cipher text.  This encrypted data can only be read by decrypting it. prepared by Mesele M. 17
2. Access control  Defines rules and policies for limiting access to a system or to physical or virtual resources.  It is a process by which users are granted access and certain privileges to systems, resources or information.  Users need to present identifications before they can be granted access such as a person's name or a computer's serial number. prepared by Mesele M. 18
3. Authentication  Is a process that ensures a user's identity or role that someone has.  It can be done in a number of different ways, but it is usually based on a combination of-  something the person has (smart card or a radio key for storing secret keys),  something the person knows (like password),  something the person is (human with a fingerprint).  Necessity of every organizations because it enables organizations to keep their networks secure by permitting only authenticated users to access its protected resources. prepared by Mesele M. 19
4. Authorization  Security mechanism which gives permission to do or have something.  It is used to determine a person or system is allowed access to resources, based on an access control policy, including computer programs, files, services, data and application features.  It is normally preceded by authentication for user identity verification.  System administrators are typically assigned permission levels covering all system and user resources. Note:-Authentication is the process of verifying who some one is where as authorization is the process of verifying what specific application, file, and data a user has access to. prepared by Mesele M. 20
5. Physical Security  Physical security describes measures designed to deny the unauthorized access of IT assets like facilities, equipment, personnel, resources and other properties from damage.  It protects these assets from physical threats including theft, fire and natural disasters. prepared by Mesele M. 21
2. Integrity  Methods for ensuring that data is, accurate and protected from unauthorized user modification.  information has not be altered in an unauthorized way, and that source of the information is genuine.  Tools for Integrity prepared by Mesele M. 22
Tools for Integrity 1. Backups:-It is a process of making copies of data or data files to use in the event when the original data or data files are lost or destroyed. 2. Checksums:-A checksum is a numerical value used to verify the integrity of a file or a data transfer.  They are typically used to compare two sets of data to make sure that they are the same.  checksum function depends on entire contents.  It is designed in a way that even a small change to the input file (such as reversing a single bit) likely to results in different output value 3. Data Correcting Codes:- It is a method for storing data in such a way that small changes can be easily detected and automatically corrected. prepared by Mesele M. 23
3. Availability Tools for Availability 1. Physical Protections  Physical safeguard means to keep information available even in the event of physical challenges.  It ensure sensitive information and critical information technology are housed in secure areas 2. Computational redundancies  Fault tolerant against accidental faults.  The same data is kept in different locations with the organization making a aware effort to protect it and ensure its consistency.  This data is often used for backups or disaster recovery. prepared by Mesele M. 24
Types of Cyber Attackers  Attacker is the individual or organization who performs the malicious activities to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.  Attackers use every tools and techniques they would try and attack us to get unauthorized access.  Are listed below prepared by Mesele M. 25
1. Cyber Criminals  Are individual or group of people who use technology to commit cybercrime with the intention of stealing sensitive information or personal data and generating profits. 2. Hacktivists  Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a political agenda, religious belief, or social ideology.  Hacktivists are not like cybercriminals who hack computer networks to steal data for the cash.  But Hacktivists are individuals or groups of hackers who work together and see themselves as fighting injustice. Example WikiLeaks prepared by Mesele M. 26
3. State-sponsored Attacker  Attackers have particular objectives aligned with either the political, commercial or military interests of their country of origin.  These type of attackers are not in a panic.  The government organizations have highly skilled hackers and specialize in detecting vulnerabilities and exploiting these before the holes are repaired.  It is very challenging to defeat these attackers due to the vast resources at their disposal. prepared by Mesele M. 27
4. Insider Threats  The insider threat is a threat to an organization's security or data that comes from within organization.  Usually occurred from former employees, but may also arise from third parties, including contractors, temporary workers, employees or customers.  Insider threats can be categorized below- prepared by Mesele M. 28
Insider Threats are 1. Malicious-Attempts by an insider to access and potentially harm an organization's data, systems or IT infrastructure.  Are often attributed to dissatisfied employees or ex-employees who believe that the organization was doing something wrong with them in some way, and they feel justified in seeking revenge. 2. Accidental- threats which are accidently done by insider employees.  Employee might accidentally delete an important file or carelessly share confidential data with a business partner going beyond company's policy or legal requirements. prepared by Mesele M. 29
Cont… iii. Negligent-threats in which employees try to avoid the policies of an organization put in place to protect endpoints and valuable data.  For example, if the organization have strict policies for external file sharing, employees might try to share work on public cloud applications so that they can work at home. prepared by Mesele M. 30
Security Technologies  Every organization who uses internet needed security technologies to cover the three primary control types – 1. Preventive 2. Detective 3. Corrective Most security is based on one of these types of things: 1. something we have (like a key or an ID card), 2. something we know (like a PIN or a password), 3. something we are (like a fingerprint). prepared by Mesele M. 31
Continued…. 1. Firewall  Firewalls are used to prevent unauthorized Internet users from accessing private networks connected to the Internet.  All messages are entering or leaving the intranet pass through the firewall.  The firewall examines each message and blocks those that do not meet the specified security criteria. prepared by Mesele M. 32
Cont… 2. Intrusion Detection System (IDS)  Is a monitoring system that detects suspicious activities and generates alerts when they are detected  Intrusion detection system alerts the system administrator in the case when someone tries to break in the firewall security and tries to have access on any network in the trusted side. prepared by Mesele M. 33
Cont… 3. Access Control  Selecting restrictive access to a system.  Minimize the risk of unauthorized access to the business or organization.  Users are granted access permission and certain privileges to a system and resources.  Here, users must provide the credential to be granted access to a system.  These credentials come in many forms such as password, keycard, biometric reading, etc.  Access control ensures security technology and access control policies to protect confidential information like customer data. prepared by Mesele M. 34
Access ontrol can be categories into two types- I. Physical Access Control- This type of access control limits access to buildings, rooms, campuses, and physical IT assets. II.Logical access control- This type of access control limits connection to computer networks, system files, and data. prepared by Mesele M. 35
3. Digital Signature  A digital signature is a cryptographic output used to verify the authenticity of data.  Us to verify the author name, date and time of signatures, and authenticate the message contents.  Is an electronic, encrypted stamp of authentication on digital information such as messages.  It confirms the integrity of the message.  Signature confirms that the information originated from the signer and has not been altered.  The most common example is a signature scanned by an electronic device and then inserted into a document. prepared by Mesele M. 36
Benefits of Cyber Security  Cyberattacks and data breach protection for businesses.  Data and network security are both protected.  Unauthorized user access is avoided.  After a breach, there is a faster recovery time.  End-user and endpoint device protection.  Continuity of operations.  Developers, partners, consumers, stakeholders, and workers have more faith in the company's standing and trust. prepared by Mesele M. 37
Cyber Safety Advices  Conduct cybersecurity training and awareness:  Update software and operating system:  Use anti-virus software:  perform periodic security reviews:  Use strong passwords:  Do not open email attachments from unknown senders:  Avoid using unsecured Wi-Fi networks in public places(like free Wi-Fi (wireless network, like at a coffeehouse or retail store.):  Backup data: prepared by Mesele M. 38
Man-in-the-middle (MITM) Attacks  Where a user is introduced with some kind of meeting between the two parties by a malicious individual, manipulates both parties and achieves access to the data that the two people were trying to deliver to each other.  In certain aspects, like MITM, MitM, MiM or MIM, MITM attacks can be referred.  If an attacker puts himself between a client and a webpage, a Man-in-the-Middle (MITM) attack occurs. prepared by Mesele M. 39
How does MITM work  Usually, like credit card numbers or user login details, they try to access anything.  They also spy on private meetings, which may include corporate secrets or other useful information.  In general, is that the attacker imagines to be somebody you trust (or a webpage). prepared by Mesele M. 40
Types of MITM Attack DNS Spoofing  The “spoofing” term in the attack means that the threat actor is using a malicious site that be similar to the official website a user knows.  Since DNS is a critical part of Internet communication, poisoning entries give an attacker the perfect phishing scenario to collect sensitive data.  The threat actor can collect passwords, banking information, credit card numbers, contact information, and geographic data. prepared by Mesele M. 41
Cont… ii. HTTPS Spoofing  The attacker creates an definite address.  It uses letters of international alphabets rather than standard scripts.  This acts as phishing emails with unusual characters that you might have used. for example. Rolex may be written Rólex, prepared by Mesele M. 42
Cont… iii. E-mail Hacking  An attacker exploits the email system of a user in a such a kind of cybersecurity intrusion.  The intruder also watches quietly, collecting data and hearing on the discussion via email.  The Attackers may have a scan pattern that searches for targeted keywords, such as "financial" or "hidden Democratic policies."  Through Social Engineering, email hacking operates perfectly.  To imitate an online friend, attackers might use relevant data from some kind of hijacked email address. prepared by Mesele M. 43
Cont… iv. Session Hacking  Sessions are server-side files that store user information.  In a session hacking, hacker takes control of a user’s browsing session to gain access to their personal information and passwords.  Webpage contains cookies on victim's machine for most social media platforms.  The session ends when the user closes the browser or logs out of the program prepared by Mesele M. 44
Preventions of Man-in-the-middle attack 1. Wireless access point (WAP) Encryption  Having a strong encryption mechanism on wireless access points prevents unwanted users from joining your network just by being nearby.  A weak encryption mechanism can allow an attacker to brute force his way into a network and begin man-in-the-middle attacking. 2. Use a VPN:- is a type of network security tool that protects users’ internet connection and privacy online.  It creates an encrypted connection over the internet from a device to the network.  For example it hides Devices, IP, location, Browsing History etc. prepared by Mesele M. 45
Cont… 3. Network Security  Secure network with an intrusion detection system to analyze traffic patterns to identify unusual behavior. 4. Avoid using public wi-fi  Configure phone to require a manual link if you're using public wi-fi.  The easiest way to remain secure is to regularly incorporate all of the above prevention for security.  Be conscious that such attacks are a part of social engineering.  Take a couple of minutes to dig deeper if anything doesn't seem normal about social media and email. prepared by Mesele M. 46
End of chapter five prepared by Mesele M. 47
Quiz 6% prepared by Mesele M. 48 1. List and discuss any security mechanism you are using for your personal computer to protect your system from attackers? So from security goal which is achieved in this mechanism like confidentiality, integrity and availability? 2. What is hactivism? Briefly describe how hactivism is conducted by attackers.

Recomendados

Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdfAnupmaMunshi
 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxhimanshuratnama
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security iEmmanuel Gbenga Dada (BSc, MSc, PhD)
 
computer security and its relationship to computer forensic
computer security and its relationship to computer forensic computer security and its relationship to computer forensic
computer security and its relationship to computer forensicShabnamkhan113
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docxTanushreeChakraborty27
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxGogoOmolloFrancis
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxSkippedltd
 

Recomendados

Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdfAnupmaMunshi
 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxhimanshuratnama
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security iEmmanuel Gbenga Dada (BSc, MSc, PhD)
 
computer security and its relationship to computer forensic
computer security and its relationship to computer forensic computer security and its relationship to computer forensic
computer security and its relationship to computer forensicShabnamkhan113
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docxTanushreeChakraborty27
 
Ethical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxEthical and security issues on MIS inte 322 assignment.docx
Ethical and security issues on MIS inte 322 assignment.docxGogoOmolloFrancis
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxSkippedltd
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxSharmilaMore5
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.Ni
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfsrtwgwfwwgw
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptxJoselitoJMebolos
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptxmuskaangoel15
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack EssayHaley Johnson
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”tunzida045
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”tunzida045
 
I0516064
I0516064I0516064
I0516064IOSR Journals
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityAliyuMuhammadButu
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.angelaag98
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1Temesgen Berhanu
 
Type of Security Threats and its Prevention
Type of Security Threats and its PreventionType of Security Threats and its Prevention
Type of Security Threats and its Preventionijsrd.com
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxAbhishekDas794104
 
Information security
Information securityInformation security
Information securityIshaRana14
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...Ahmad Sharifi
 
Computer security
Computer securityComputer security
Computer securityEktaVaswani2
 
Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfAschalewAyele2
 
Chapter_three - Computer Security.pdf
Chapter_three - Computer Security.pdfChapter_three - Computer Security.pdf
Chapter_three - Computer Security.pdfAschalewAyele2
 

Más contenido relacionado

Similar a Chapter 5 Selected Topics in computer.pptx

Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxSharmilaMore5
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.Ni
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfsrtwgwfwwgw
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptxmuskaangoel15
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”tunzida045
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”tunzida045
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securityAliyuMuhammadButu
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.angelaag98
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1Temesgen Berhanu
 
Type of Security Threats and its Prevention
Type of Security Threats and its PreventionType of Security Threats and its Prevention
Type of Security Threats and its Preventionijsrd.com
 
Information security
Information securityInformation security
Information securityIshaRana14
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...IOSR Journals
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...Ahmad Sharifi
 

Similar a Chapter 5 Selected Topics in computer.pptx (20)

Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdf
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Computer-Security.pptx
Computer-Security.pptxComputer-Security.pptx
Computer-Security.pptx
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptx
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”
 
“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”“In 2024 Guide to Cyber Security: Protect Your Data Today”
“In 2024 Guide to Cyber Security: Protect Your Data Today”
 
I0516064
I0516064I0516064
I0516064
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Computer Secutity.
Computer Secutity.Computer Secutity.
Computer Secutity.
 
Computer Security Chapter 1
Computer Security Chapter 1Computer Security Chapter 1
Computer Security Chapter 1
 
Type of Security Threats and its Prevention
Type of Security Threats and its PreventionType of Security Threats and its Prevention
Type of Security Threats and its Prevention
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Information security
Information securityInformation security
Information security
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and Security...
 
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
An Overview of Intrusion Detection and Prevention Systems (IDPS) and security...
 
Computer security
Computer securityComputer security
Computer security
 

Más de AschalewAyele2

Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfAschalewAyele2
 
Chapter_three - Computer Security.pdf
Chapter_three - Computer Security.pdfChapter_three - Computer Security.pdf
Chapter_three - Computer Security.pdfAschalewAyele2
 
chapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptxchapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptxAschalewAyele2
 
chapter 3 Selected Topics in computer.pptx
chapter 3 Selected Topics in computer.pptxchapter 3 Selected Topics in computer.pptx
chapter 3 Selected Topics in computer.pptxAschalewAyele2
 
chapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptxchapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptxAschalewAyele2
 
Chapter 4 Classification in data sience .pdf
Chapter 4 Classification in data sience .pdfChapter 4 Classification in data sience .pdf
Chapter 4 Classification in data sience .pdfAschalewAyele2
 
Chapter 5-Naming in distributed system.pptx
Chapter 5-Naming in distributed system.pptxChapter 5-Naming in distributed system.pptx
Chapter 5-Naming in distributed system.pptxAschalewAyele2
 
Chapter 4- Communication in distributed system.ppt
Chapter 4- Communication in distributed system.pptChapter 4- Communication in distributed system.ppt
Chapter 4- Communication in distributed system.pptAschalewAyele2
 
Chapter 3-Process in distributed system.ppt
Chapter 3-Process in distributed system.pptChapter 3-Process in distributed system.ppt
Chapter 3-Process in distributed system.pptAschalewAyele2
 
Chapter 2- Architecture os distributed system.ppt
Chapter 2- Architecture os distributed system.pptChapter 2- Architecture os distributed system.ppt
Chapter 2- Architecture os distributed system.pptAschalewAyele2
 
chapter 1- introduction to distributed system.ppt
chapter 1- introduction to distributed system.pptchapter 1- introduction to distributed system.ppt
chapter 1- introduction to distributed system.pptAschalewAyele2
 

Más de AschalewAyele2 (11)

Chapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdfChapter_Five Compueter secuityryhf S.pdf
Chapter_Five Compueter secuityryhf S.pdf
 
Chapter_three - Computer Security.pdf
Chapter_three - Computer Security.pdfChapter_three - Computer Security.pdf
Chapter_three - Computer Security.pdf
 
chapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptxchapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptx
 
chapter 3 Selected Topics in computer.pptx
chapter 3 Selected Topics in computer.pptxchapter 3 Selected Topics in computer.pptx
chapter 3 Selected Topics in computer.pptx
 
chapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptxchapter 4 Selected Topics in computer.pptx
chapter 4 Selected Topics in computer.pptx
 
Chapter 4 Classification in data sience .pdf
Chapter 4 Classification in data sience .pdfChapter 4 Classification in data sience .pdf
Chapter 4 Classification in data sience .pdf
 
Chapter 5-Naming in distributed system.pptx
Chapter 5-Naming in distributed system.pptxChapter 5-Naming in distributed system.pptx
Chapter 5-Naming in distributed system.pptx
 
Chapter 4- Communication in distributed system.ppt
Chapter 4- Communication in distributed system.pptChapter 4- Communication in distributed system.ppt
Chapter 4- Communication in distributed system.ppt
 
Chapter 3-Process in distributed system.ppt
Chapter 3-Process in distributed system.pptChapter 3-Process in distributed system.ppt
Chapter 3-Process in distributed system.ppt
 
Chapter 2- Architecture os distributed system.ppt
Chapter 2- Architecture os distributed system.pptChapter 2- Architecture os distributed system.ppt
Chapter 2- Architecture os distributed system.ppt
 
chapter 1- introduction to distributed system.ppt
chapter 1- introduction to distributed system.pptchapter 1- introduction to distributed system.ppt
chapter 1- introduction to distributed system.ppt
 

Último

ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfSanaAli374401
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.MateoGardella
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 

Último (20)

ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 

Chapter 5 Selected Topics in computer.pptx

  • 2. What is Cyber Security?  The technique of protecting internet-connected systems such as computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks is known as cyber security.  Its combination of two word:- 1. Cyber refers to the technology that includes systems, networks, programs, and data. 2. Security is concerned with the protection of systems, networks, applications, and information.  In some cases, it is also called electronic information security or information technology security. prepared by Mesele M. 2
  • 3. Some other definitions of cyber security are:  Cyber Security is the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, theft, damage, modification or unauthorized access.  Cyber Security is the set of principles and practices designed to protect our computing resources and online information against threats. prepared by Mesele M. 3
  • 4. Types of Cyber Security 1.Network Security: implementing the HW and SW to secure a computer network from unauthorized access, intruders, attacks, disruption, and misuse. 2.Application Security: It involves protecting the software and devices from unwanted threats.  This protection can be done by constantly updating the apps to ensure they are secure from attacks. 3. Information or Data Security: It involves implementing a strong data storage mechanism to maintain the integrity and privacy of data, both in storage and in transit. 4. Identity management: It deals with procedure for determining the level of access that each individual has within an organization. prepared by Mesele M. 4
  • 5. Cont… 5. Mobile Security: It involves securing the data stored on mobile devices such as cell phones, computers, tablets, and other similar devices against various malicious threats. These threats are unauthorized access, device loss or theft, malware, etc. 6. Cloud Security: It involves in protecting the information stored in the digital environment or cloud for the organization. prepared by Mesele M. 5
  • 6. Types of Cyber Security Threats  A threat in cyber security is a malicious activity by an individual or organization to corrupt or steal data, gain access to a network, or disturbs digital life in general.  The cyber community defines the following threats available today: Malware  Means malicious software, which is the most common cyber attacking tool.  It is used by the cybercriminal or hacker to interrupt or damage a legitimate user's system.  The following are the important types of malware created by the hacker: prepared by Mesele M. 6
  • 7. Types of malwares i. Virus: piece of code that spreads from one device to another. It can clean files and spreads throughout a computer system, infecting files, stoles information, or damage system. ii. Spyware: It is a software that secretly records information about user activities on their system. For example, it could capture credit card details that can be used by the cybercriminals for unauthorized shopping, money withdrawing, etc iii. Trojans: It is a type of malware or code that appears as legitimate software or file to fool us into downloading and running. Its primary purpose is to corrupt or steal data from our device or do other harmful activities on our network. prepared by Mesele M. 7
  • 8. Cont.… iv. Ransom ware: It's a piece of software that encrypts a user's files and data on a device, rendering them unusable or erasing. Then, a monetary ransom is demanded by malicious actors for decryption. v. Worms: It is a piece of software that spreads copies of itself from device to device without human interaction. It does not require them to attach themselves to any program. vi. Adware: It is an advertising software used to spread malware and displays advertisements on our device. It is an unwanted program that is installed without the user's permission. The main objective of this program is to generate returns for its developer by showing the ads on their browser. prepared by Mesele M. 8
  • 9. Cont… vi. Brute Force  Is a cryptographic hack that uses a trial-and-error method to guess all possible combinations until the correct information is discovered. vii. Phishing:-sender seems to come from a genuine organization like PayPal, CBE, financial institutions, or friends and co-workers. They contact a target or targets via email, phone, or text message with a link to encourage them to click on that links. This link will redirect them to fake websites to provide sensitive data such as personal information, banking and credit card information, social security numbers, usernames, and passwords. Clicking on the link will also install malware on the target devices that allow hackers to control devices remotely. prepared by Mesele M. 9
  • 10. prepared by Mesele M. 10 Romance Scams:-Romance scams occur when a criminal adopts a fake online identity to gain a victim's affection and trust. The scammer then uses the illusion of a romantic or close relationship to manipulate and/or steal from the victim. Latest Cyber Threats
  • 11. System affected by security breaches and attacks:  Communication: attackers can use phone calls, emails, text messages, and messaging apps for cyber attacks.  Finance: This information is naturally a primary target for cyber attackers.  Governments: criminal generally targets the government institutions to get confidential public data or private citizen information.  Transportation: cybercriminals generally target connected cars, traffic control systems, and smart road infrastructure.  Education: A cybercriminals target educational institutions to get their confidential research data and information of students and employees. prepared by Mesele M. 11
  • 12. Goals of cyber security  The final goals to protect data.  To insure three related principles to protect the data from cyber-attacks. This principle is called the CIA.  CIA model is designed to guide policies for an organization's information security infrastructure.  When any security breaches are found, one or more of these principles has been violated.  It is actually a security model that helps people to think about various parts of IT security.  This principles are 1. Confidentiality 2. Integrity 3. Availability prepared by Mesele M. 12
  • 13. 1.Confidentiality  Equivalent to privacy that avoids unauthorized access of information.  Ensuring the data is accessible by those who are allowed to use it and blocking access to others.  It prevents essential information from reaching the wrong people.  Data encryption is an excellent example of ensuring confidentiality. prepared by Mesele M. 13
  • 14. 2. Integrity  Ensures that the data is authentic, accurate, and protected from unauthorized modification by threat actors or accidental user modification.  If any modifications occur, certain measures should be taken to protect the sensitive data from corruption or loss and speedily recover from such an event.  In addition, it indicates to make the source of information genuine. prepared by Mesele M. 14
  • 15. 3. Availability  This principle makes the information to be available and useful for its authorized people always.  It ensures that these accesses are not delayed by system malfunction or cyber-attacks. prepared by Mesele M. 15
  • 16. Tools for cyber security Goals Cyber security measured by at least one of three goals- 1. Protect the confidentiality of data. 2. Preserve the integrity of data. 3. Promote availability of data for authorized users. 1. Tools for Confidentiality prepared by Mesele M. 16
  • 17. 1. Encryption  Is transforming information to make it unreadable for unauthorized users by using an algorithm.  Transformation of data uses a secret key (an encryption key) so that the transformed data can only be read by using another secret key (decryption key).  It protects sensitive data such as credit card numbers by encoding and transforming data into unreadable cipher text.  This encrypted data can only be read by decrypting it. prepared by Mesele M. 17
  • 18. 2. Access control  Defines rules and policies for limiting access to a system or to physical or virtual resources.  It is a process by which users are granted access and certain privileges to systems, resources or information.  Users need to present identifications before they can be granted access such as a person's name or a computer's serial number. prepared by Mesele M. 18
  • 19. 3. Authentication  Is a process that ensures a user's identity or role that someone has.  It can be done in a number of different ways, but it is usually based on a combination of-  something the person has (smart card or a radio key for storing secret keys),  something the person knows (like password),  something the person is (human with a fingerprint).  Necessity of every organizations because it enables organizations to keep their networks secure by permitting only authenticated users to access its protected resources. prepared by Mesele M. 19
  • 20. 4. Authorization  Security mechanism which gives permission to do or have something.  It is used to determine a person or system is allowed access to resources, based on an access control policy, including computer programs, files, services, data and application features.  It is normally preceded by authentication for user identity verification.  System administrators are typically assigned permission levels covering all system and user resources. Note:-Authentication is the process of verifying who some one is where as authorization is the process of verifying what specific application, file, and data a user has access to. prepared by Mesele M. 20
  • 21. 5. Physical Security  Physical security describes measures designed to deny the unauthorized access of IT assets like facilities, equipment, personnel, resources and other properties from damage.  It protects these assets from physical threats including theft, fire and natural disasters. prepared by Mesele M. 21
  • 22. 2. Integrity  Methods for ensuring that data is, accurate and protected from unauthorized user modification.  information has not be altered in an unauthorized way, and that source of the information is genuine.  Tools for Integrity prepared by Mesele M. 22
  • 23. Tools for Integrity 1. Backups:-It is a process of making copies of data or data files to use in the event when the original data or data files are lost or destroyed. 2. Checksums:-A checksum is a numerical value used to verify the integrity of a file or a data transfer.  They are typically used to compare two sets of data to make sure that they are the same.  checksum function depends on entire contents.  It is designed in a way that even a small change to the input file (such as reversing a single bit) likely to results in different output value 3. Data Correcting Codes:- It is a method for storing data in such a way that small changes can be easily detected and automatically corrected. prepared by Mesele M. 23
  • 24. 3. Availability Tools for Availability 1. Physical Protections  Physical safeguard means to keep information available even in the event of physical challenges.  It ensure sensitive information and critical information technology are housed in secure areas 2. Computational redundancies  Fault tolerant against accidental faults.  The same data is kept in different locations with the organization making a aware effort to protect it and ensure its consistency.  This data is often used for backups or disaster recovery. prepared by Mesele M. 24
  • 25. Types of Cyber Attackers  Attacker is the individual or organization who performs the malicious activities to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.  Attackers use every tools and techniques they would try and attack us to get unauthorized access.  Are listed below prepared by Mesele M. 25
  • 26. 1. Cyber Criminals  Are individual or group of people who use technology to commit cybercrime with the intention of stealing sensitive information or personal data and generating profits. 2. Hacktivists  Hacktivists are individuals or groups of hackers who carry out malicious activity to promote a political agenda, religious belief, or social ideology.  Hacktivists are not like cybercriminals who hack computer networks to steal data for the cash.  But Hacktivists are individuals or groups of hackers who work together and see themselves as fighting injustice. Example WikiLeaks prepared by Mesele M. 26
  • 27. 3. State-sponsored Attacker  Attackers have particular objectives aligned with either the political, commercial or military interests of their country of origin.  These type of attackers are not in a panic.  The government organizations have highly skilled hackers and specialize in detecting vulnerabilities and exploiting these before the holes are repaired.  It is very challenging to defeat these attackers due to the vast resources at their disposal. prepared by Mesele M. 27
  • 28. 4. Insider Threats  The insider threat is a threat to an organization's security or data that comes from within organization.  Usually occurred from former employees, but may also arise from third parties, including contractors, temporary workers, employees or customers.  Insider threats can be categorized below- prepared by Mesele M. 28
  • 29. Insider Threats are 1. Malicious-Attempts by an insider to access and potentially harm an organization's data, systems or IT infrastructure.  Are often attributed to dissatisfied employees or ex-employees who believe that the organization was doing something wrong with them in some way, and they feel justified in seeking revenge. 2. Accidental- threats which are accidently done by insider employees.  Employee might accidentally delete an important file or carelessly share confidential data with a business partner going beyond company's policy or legal requirements. prepared by Mesele M. 29
  • 30. Cont… iii. Negligent-threats in which employees try to avoid the policies of an organization put in place to protect endpoints and valuable data.  For example, if the organization have strict policies for external file sharing, employees might try to share work on public cloud applications so that they can work at home. prepared by Mesele M. 30
  • 31. Security Technologies  Every organization who uses internet needed security technologies to cover the three primary control types – 1. Preventive 2. Detective 3. Corrective Most security is based on one of these types of things: 1. something we have (like a key or an ID card), 2. something we know (like a PIN or a password), 3. something we are (like a fingerprint). prepared by Mesele M. 31
  • 32. Continued…. 1. Firewall  Firewalls are used to prevent unauthorized Internet users from accessing private networks connected to the Internet.  All messages are entering or leaving the intranet pass through the firewall.  The firewall examines each message and blocks those that do not meet the specified security criteria. prepared by Mesele M. 32
  • 33. Cont… 2. Intrusion Detection System (IDS)  Is a monitoring system that detects suspicious activities and generates alerts when they are detected  Intrusion detection system alerts the system administrator in the case when someone tries to break in the firewall security and tries to have access on any network in the trusted side. prepared by Mesele M. 33
  • 34. Cont… 3. Access Control  Selecting restrictive access to a system.  Minimize the risk of unauthorized access to the business or organization.  Users are granted access permission and certain privileges to a system and resources.  Here, users must provide the credential to be granted access to a system.  These credentials come in many forms such as password, keycard, biometric reading, etc.  Access control ensures security technology and access control policies to protect confidential information like customer data. prepared by Mesele M. 34
  • 35. Access ontrol can be categories into two types- I. Physical Access Control- This type of access control limits access to buildings, rooms, campuses, and physical IT assets. II.Logical access control- This type of access control limits connection to computer networks, system files, and data. prepared by Mesele M. 35
  • 36. 3. Digital Signature  A digital signature is a cryptographic output used to verify the authenticity of data.  Us to verify the author name, date and time of signatures, and authenticate the message contents.  Is an electronic, encrypted stamp of authentication on digital information such as messages.  It confirms the integrity of the message.  Signature confirms that the information originated from the signer and has not been altered.  The most common example is a signature scanned by an electronic device and then inserted into a document. prepared by Mesele M. 36
  • 37. Benefits of Cyber Security  Cyberattacks and data breach protection for businesses.  Data and network security are both protected.  Unauthorized user access is avoided.  After a breach, there is a faster recovery time.  End-user and endpoint device protection.  Continuity of operations.  Developers, partners, consumers, stakeholders, and workers have more faith in the company's standing and trust. prepared by Mesele M. 37
  • 38. Cyber Safety Advices  Conduct cybersecurity training and awareness:  Update software and operating system:  Use anti-virus software:  perform periodic security reviews:  Use strong passwords:  Do not open email attachments from unknown senders:  Avoid using unsecured Wi-Fi networks in public places(like free Wi-Fi (wireless network, like at a coffeehouse or retail store.):  Backup data: prepared by Mesele M. 38
  • 39. Man-in-the-middle (MITM) Attacks  Where a user is introduced with some kind of meeting between the two parties by a malicious individual, manipulates both parties and achieves access to the data that the two people were trying to deliver to each other.  In certain aspects, like MITM, MitM, MiM or MIM, MITM attacks can be referred.  If an attacker puts himself between a client and a webpage, a Man-in-the-Middle (MITM) attack occurs. prepared by Mesele M. 39
  • 40. How does MITM work  Usually, like credit card numbers or user login details, they try to access anything.  They also spy on private meetings, which may include corporate secrets or other useful information.  In general, is that the attacker imagines to be somebody you trust (or a webpage). prepared by Mesele M. 40
  • 41. Types of MITM Attack DNS Spoofing  The “spoofing” term in the attack means that the threat actor is using a malicious site that be similar to the official website a user knows.  Since DNS is a critical part of Internet communication, poisoning entries give an attacker the perfect phishing scenario to collect sensitive data.  The threat actor can collect passwords, banking information, credit card numbers, contact information, and geographic data. prepared by Mesele M. 41
  • 42. Cont… ii. HTTPS Spoofing  The attacker creates an definite address.  It uses letters of international alphabets rather than standard scripts.  This acts as phishing emails with unusual characters that you might have used. for example. Rolex may be written Rólex, prepared by Mesele M. 42
  • 43. Cont… iii. E-mail Hacking  An attacker exploits the email system of a user in a such a kind of cybersecurity intrusion.  The intruder also watches quietly, collecting data and hearing on the discussion via email.  The Attackers may have a scan pattern that searches for targeted keywords, such as "financial" or "hidden Democratic policies."  Through Social Engineering, email hacking operates perfectly.  To imitate an online friend, attackers might use relevant data from some kind of hijacked email address. prepared by Mesele M. 43
  • 44. Cont… iv. Session Hacking  Sessions are server-side files that store user information.  In a session hacking, hacker takes control of a user’s browsing session to gain access to their personal information and passwords.  Webpage contains cookies on victim's machine for most social media platforms.  The session ends when the user closes the browser or logs out of the program prepared by Mesele M. 44
  • 45. Preventions of Man-in-the-middle attack 1. Wireless access point (WAP) Encryption  Having a strong encryption mechanism on wireless access points prevents unwanted users from joining your network just by being nearby.  A weak encryption mechanism can allow an attacker to brute force his way into a network and begin man-in-the-middle attacking. 2. Use a VPN:- is a type of network security tool that protects users’ internet connection and privacy online.  It creates an encrypted connection over the internet from a device to the network.  For example it hides Devices, IP, location, Browsing History etc. prepared by Mesele M. 45
  • 46. Cont… 3. Network Security  Secure network with an intrusion detection system to analyze traffic patterns to identify unusual behavior. 4. Avoid using public wi-fi  Configure phone to require a manual link if you're using public wi-fi.  The easiest way to remain secure is to regularly incorporate all of the above prevention for security.  Be conscious that such attacks are a part of social engineering.  Take a couple of minutes to dig deeper if anything doesn't seem normal about social media and email. prepared by Mesele M. 46
  • 47. End of chapter five prepared by Mesele M. 47
  • 48. Quiz 6% prepared by Mesele M. 48 1. List and discuss any security mechanism you are using for your personal computer to protect your system from attackers? So from security goal which is achieved in this mechanism like confidentiality, integrity and availability? 2. What is hactivism? Briefly describe how hactivism is conducted by attackers.