CYBER SECURITY

UNIT-6 UNIT 6

IN THE NEWS.
1 out of 5 children received a sexual solicitation or approach over the Internet in a one-year period of time (www.missingchildren.com) ( i i hild ) California warns of massive ID theft personal data stolen from computers at University of California, Berkeley (Oct 21, 2004 IDG news service) Microsoft and Cisco announced a new initiative to work together to increase internet security (Oct 18, 2004 www.cnetnews.com)

WHY LEARN ABOUT CYBER CRIME ?

Because E e bod is using COMPUTERS.. Everybody i i g COMPUTERS From white collar criminals to terrorist organizations And from Teenagers to Adults Conventional crimes like Forgery, extortion, g y, , kidnapping etc.. are being committed with the help off computers t New generation is growing up with computers MOST IMPORTANT - Monetary transactions are moving on to the IINTERNET

WHAT IS COMPUTER CRIME?

All crimes performed or resorted to by abuse of electronic media or otherwise, with the purpose of influencing the functioning of computer or computer system. IN SHORT COMPUTER CRIME is any crime where Computer is a target target. Computer is a tool of crime Computer is incidental to crime

TYPES OF CYBER CRIME

HACKING DENIAL OF SERVICE ATTACK VIRUS DISSEMINATION SOFTWARE PIRACY PORNOGRAPHY IRC Crime CREDIT CARD FRAUD NET EXTORTION PHISHING SPOOFING CYBER STALKING CYBER DEFAMATION THREATENING SALAMI ATTACK

HACKING
Hacking in simple terms means illegal intrusion into a computer system without the permission of the computer owner/user owner/user.

ETHICAL HACKERS
Most people think that hackers are computer criminals. They fail to recognise the fact that criminals and hackers are two totally different things. Media is responsible for this. Hackers in y y g y reality are actually good and extremely intelligent people who by using their knowledge in a constructive manner help organisations, companies, government, etc. to secure d i documents and secret information on the internet.

ETHICAL HACKING
Ethical hackers
Employed by companies to perform penetration tests

Penetration test
Legal attempt to break into a companys network to g p p y find its weakest link Tester only reports findings, does not solve p y p g , problems

Security test
More than an attempt to break in; also includes analyzing companys security policy and procedures Tester offers solutions to secure or protect the network

THE ROLE OF SECURITY AND PENETRATION TESTERS

Hackers
Access computer system or network without p y authorization Breaks the law; can go to prison

Crackers
Break into systems to steal or destroy data U.S. Department of Justice calls both hackers p

Ethical hacker
Performs most of the same activities but with owners permission

DENIAL OF SERVICE ATTACK

This is an act by the criminal,, who floods the bandwidth of the victims network or fills his email box with spam mail depriving him of the services he is entitled to access or provide

VIRUS DISSEMINATION
Malicious software that attaches itself to other software.. virus, worms, Trojan Horse, Time bomb, Logic Bomb, Rabbit and Bacterium are the malicious softwares) li i ft )

SOFTWARE PIRACY
Theft of software through the illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original. g Retail revenue losses world wide are ever increasing due to this crime Can be done in various waysEnd user copying, Hard disk loading, Counterfeiting(Original Copy), Illegal downloads from the internet etc..

IRC CRIME
Internet Relay Chat (IRC) servers have chat rooms in which people from anywhere the world can come together and chat with each other Criminals use it for meeting coconspirators. Hackers use it for discussing their exploits / sharing the techniques Paedophiles use chat rooms to allure small children Cyber Stalking - In order to harass a woman her telephone number is given to others as if she wants to befriend males

SOME RECENT RULES

PROTECT YOUR COMPUTERS!

Use anti virus software and anti-virus firewalls - keep them up to date Keep your operating system up to date with critical security updates and patches Don't open emails or attachments from unknown sources Use hard-to-guess passwords. Dont use words found in a dictionary. Remember that p password cracking tools exist g Back-up your computer data on disks or CDs often Don't share access to your computers with strangers

If you have a wi fi network wi-fi network,

password protect it Disconnect from the Internet when not in use Reevaluate your security on a y y regular basis Make sure your employees and family f il members k b know this i f hi info too!

CRYPTOGRAPHY
Hidden writing Increasingly used to protect i f t t information ti Can ensure confidentiality
Integrity and Authenticity too y

Secrecy Ciphers Secret Key Cryptography Key Exchange K E h Public Key Cryptography C t h

Digital Signatures
Internet applications

SECRACY

Alice p encrypt c Trudy c

Bob decrypt p

TRADITIONAL CRYPTOGRAPHY
Ciphers were already studied in ancient times Ci h l d t di d i i t ti Caesars cipher:
replace a with d l i h replace b with e ... replace z with c

A more general monoalphabetic substitution cipher maps each letter to some other letter. i h hl h l

NETWORK SECURITY
Link Encryption
Encrypt traffic headers + data E t t ffi h d d t Transparent to users

End-to-End End to End Encryption

Encrypts application layer data only Network devices need not be aware

SSL/TLS
Supports mutual authentication Secures a number of popular network services

IPSec
Security extensions for TCP/IP protocols Supports encryption and authentication Used for VPNs

QUESTIONS?

ANY

Thank Th k you f for listening!!!