Introduction to Cyber Security by Cyber Security Infotech(CSI)
Cyber security mis
-
Upload
aditya-rana -
Category
Business
-
view
139 -
download
0
Transcript of Cyber security mis
Copy
right
201
3-20
14
Tuesday, April 18, 2023THAPAR UNIVERSITY, PATIALA 1
PRESENTATION ON
CYBER SECURITY AND CYBER CRIME
PRESENTED BY:VISHAL SINGLAABHINAV SAINIAKSHAT GOYALADITYA SINGH RANA
Copy
right
201
3-20
14
Tuesday, April 18, 2023THAPAR UNIVERSITY, PATIALA 2
What is a Cyber Security?
‘Cyber security is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized’
‘A major part of Cyber Security is to fix broken software’
Copy
right
201
3-20
14
Tuesday, April 18, 2023THAPAR UNIVERSITY, PATIALA 3
What is a Cyber Crime?
‘Cyber crime encompasses any criminal act dealing with computers and networks (called hacking). Additionally, cyber crime also includes traditional crimes conducted through the Internet.’
‘A major attack vector of Cyber Crime is to exploit broken software’
If we can defeat them sitting at home……who needs to fight with tanks and guns!!!!
Copy
right
201
3-20
14
Tuesday, April 18, 2023THAPAR UNIVERSITY, PATIALA 4
Cyber threat evolution
Copy
right
201
3-20
14
Decrease in broken software = Increase in good software
Cyber Crime Cyber Security
Cybe
r Sec
urity Cyber Crim
eTwo sides of the same coin
Copy
right
201
3-20
14
• The growing number of attacks on our cyber networks has become, in President Obama’s words, “one of the most serious economic and national security threats our nation faces.”
Serious Threat
Copy
right
201
3-20
14
Who & What is At Risk?
• Economy• Defense• Transportation• Medical• Government• Telecommunications• Energy Sector• Critical Infrastructure
.
Copy
right
201
3-20
14
Fundamental Concepts of Information Assurance
• Confidentiality (privacy)• Integrity (quality, accuracy, relevance)• Availability (accessibility)
Copy
right
201
3-20
14
How Does an Attack Happen?
• Identify the target• Gather information• Plan/Prepare the attack• Attack
Copy
right
201
3-20
14
Threats
• A threat is any potential danger to information and systems
• 3 levels of cyber threats • Unstructured• Structured• Highly structured
Copy
right
201
3-20
14
Unstructured Threats
• Individual/small group with little or no organization or funding
• Easily detectable information gathering • Exploitations based upon documented flaws• Targets of opportunity • Gain control of machines• Motivated by bragging rights, thrills, access
to resources
Copy
right
201
3-20
14
Structured Threats
• Well organized, planned and funded• Specific targets and extensive information
gathering to choose avenue and means of attack• Goal-data stored on machines or machines
themselves• Exploitation may rely on insider help of
unknown flaw• Target drives attack• Organized crime/black hat hackers
Copy
right
201
3-20
14
Highly Structured Threats
• Extensive organization, funding and planning over an extended time, with goal of having an effect beyond the data or machine being attacked
• Stealthy information gathering • Multiple attacks exploiting unknown flaws or
insider help• Coordinated efforts from multiple groups• “Cyber warfare”
Copy
right
201
3-20
14
Web as Weapon
• Infrastructure run by computers• Government SCADA system• Overflow dam, disrupt oil supply• Sewage plant in Australia overflowed due to black
hat hackers• Cyber terrorism (Bin Laden and Aum Shinrikyo)• Combined attack • Cause power outage and biological attack• EMS disruption and nuclear emergency • Next war fought with code & computers
Copy
right
201
3-20
14
• The computer as a target :- using a computer to attacks other computer, e.g. Hacking, virus/worms attacks, Dos attack etc.
• The computer as a weapon :- using a computer to commit real world crime e.g. cyber terrorism, credit card fraud etc.
Categories of Cyber Crime
Copy
right
201
3-20
14
• Hacking "Hacking" is a crime, which entails cracking systems
and gaining unauthorized access to the data stored in them. Hacking had witnessed a 37 per cent increase this year.
• Cyber Squatting Cyber Squatting is the act of registering a famous
Domain Name and then selling it for a fortune. This is an issue that has not been tackled in IT ACT 2000.
Cyber Crime Variants
Copy
right
201
3-20
14
• Phishing is just one of the many frauds on the Internet, trying to fool people into parting with their money. Phishing refers to the receipt of unsolicited emails by customers of Financial Institutions, requesting them to enter their Username, Password or other personal information to access their Account for some reason.
Phishing
Copy
right
201
3-20
14
Cyber Stalking is use of the Internet or other electronic means to stalk someone. This term is used interchangeably with online harassment and online abuse. Stalking generally involves harassing or threatening behaviour that an individual engages in repeatedly, such as following a person, appearing at a person's home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person's property.
Cyber Stalking
Copy
right
201
3-20
14
VISHING
Vishing is the criminal practice of using social engineering and Voice over IP (VoIP)
to gain access to private personal and financial information from the public for the
purpose of financial reward. The term is a combination of “Voice" and phishing.
Vishing exploits the public's trust in landline telephone services.
Vishing is typically used to steal credit card
numbers or other information used in identity theft schemes from individuals.
Copy
right
201
3-20
14
• Use antivirus Software• Insert Firewalls• Uninstall unnecessary software• Maintain backup• Check security settings
SAFETY TIPS TO CYBER CRIME
Copy
right
201
3-20
14
India stands 11th in the ranking for Cyber Crime in the World, constituting 3% of the Global
Cyber Crime.
Copy
right
201
3-20
14
• Under The Information Technology Act, 2000
1) Hacking with computer system. 2) Without the permission of owner of
computer.
Cyber Laws in India
Copy
right
201
3-20
14
• Section – 43,
Information Technology Amendment Act, 2008
Destroys, Deletes or Alters any Information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;
• Section – 66A, Punishment for sending offensive messages through communication services etc
• Section – 66C, Punishment for identity theft.
Copy
right
201
3-20
14
WHY CYBER SECURITY IS IMPORTANT ?
Copy
right
201
3-20
14
INTERNET UNDER SIEGE
• February 7 - 9, 2000Yahoo!, Amazon, Buy.com, CNN.com, eBay, E*Trade, ZDNet websites hit with massive DOS
• Attacks received the attention of president Clinton and Attorney General Janet Reno.
• “A 15-year-old kid could launch these attacks, it doesn’t
take a great deal of sophistication to do” – Ron Dick, Director NIPC, February 9
• U.S. Federal Bureau of Investigation (FBI) officials have estimated the attacks caused $1.7 billion in damage
Copy
right
201
3-20
14
SLAMMER WORM
• January 2003Infects 90% of vulnerable computers within 10 minutes
• Effect of the Worm- Interference with elections- Cancelled airline flights- 911 emergency systems affected in Seattle- 13,000 Bank of America ATMs failed
• Estimated ~$1 Billion in productivity loss
Copy
right
201
3-20
14
What’s really going on here ?
Copy
right
201
3-20
14
Increasing Dependence
We are increasingly dependent on the Internet:
– Communication (Email, IM, VoIP)– Commerce (business, banking, e-commerce, etc)– Control systems (public utilities, etc)– Information and entertainment– Sensitive data stored on the Internet
Copy
right
201
3-20
14
Security Not A Priority
Other design priorities often trump security:
CostSpeed
ConvenienceBackwards Compatibility
Copy
right
201
3-20
14
Cybersecurity Roadblocks
• No metrics to measure (in)security
• Internet is inherently international
• Private sector owns most of the infrastructure
Copy
right
201
3-20
14
This level of dependence makes the Internet a target for asymmetric attack
Cyber warfareCyber terrorism
Copy
right
201
3-20
14
Challenges
• People are the biggest threat to information security!!! (sharing passwords, entering passwords)
• As we know procedures are written blueprints for accomplishing a specific task; step-by-step descriptions.
• The obtainment of the procedures by an unauthorized user would constitute a threat to the integrity of the information.
Copy
right
201
3-20
14
Access vs. Security
Security Access
Balancing Security and Access
Copy
right
201
3-20
14
Access vs. Security
• Security is not an absolute. Security should be considered a balance between protection and availability.
• It is possible to have unrestricted access to a system, but this affects the integrity of the information.
• On the other hand complete security of an information system would not allow anyone access at any given time.
Copy
right
201
3-20
14
Tuesday, April 18, 2023THAPAR UNIVERSITY, PATIALA 35
Cyber Security Facts That Will Surprise You
• The federal government has suffered a nearly 680 percent increase in cyber security breaches in the past six years. (Face the Facts USA)
• Sean Henry, an assistant director of the FBI, says that so far this year, cyber criminals have stolen over $100 million from US banks. (The Congressional Cybersecurity Caucus)
• Nation-states, not hackers, are most likely to launch successful cyber terrorist attacks against classified networks and critical infrastructure. They have the necessary discipline, resources, and commitment. (CIO.com)
Copy
right
201
3-20
14
Tuesday, April 18, 2023THAPAR UNIVERSITY, PATIALA 36
• About 10% of all social media users have received a cyber-threat. More than 600,000 accounts are compromised every day on Facebook alone. (Floridatechonline.com)
• A whopping 59% of employees steal proprietary corporate data when they quit or are fired. (Ponemon Institute)
• The National Nuclear Security Administration, an arm of the Energy Department, records 10 million attempted hacks a day. (Defense News)
• 53% of U.S companies expressed little to no confidence to stopping security breaches in the next 12 months. (Rolandtech.com)
• The estimated annual cost of global cybercrime over $100 billion. (Go-gulf.com)
Copy
right
201
3-20
14
Conclusion
Technology is destructive only in the hands of people who do not realize that they are one and the same process as the universe.
Cybercrime is indeed getting the recognition it deserves. However, it is not going to restricted that easily . In fact , it is highly likely that cyber crime and its hackers will continue developing and upgrading to stay ahead of the law. So, to make us a safer we must need cyber security.
Copy
right
201
3-20
14
Tuesday, April 18, 2023THAPAR UNIVERSITY, PATIALA 38
THANK YOU