SlideShare uma empresa Scribd logo

COMP416-Risk-and-threats_127798.pptx

Transferir como PPTX, PDF
C
ChHammad22

software risks

Software
1 de 36
 In the present era, not only business but almost all the aspects of human life are driven by information. Hence, it has become vital to protect useful information from malicious activities such as attacks. Let us consider the types of attacks to which information is typically subjected to.
Attacks  Attacks are typically categorized based on the action performed by the attacker. An attack, thus, can be passive or active.
Passive Attacks  The main goal of a passive attack is to obtain unauthorized access to the information.  For example, actions such as intercepting and eavesdropping on the communication channel can be regarded as passive attack.
Passive Attacks  These actions are passive in nature, as they neither affect information nor disrupt the communication channel. A passive attack is often seen as stealing information. The only difference in stealing physical goods and stealing information is that theft of data still leaves the owner in possession of that data. Passive information attack is thus more dangerous than stealing of goods, as information theft may go unnoticed by the owner.
Active Attacks An active attack involves changing the information in some way by conducting some process on the information. For example,  Modifying the information in an unauthorized manner.  Initiating unintended or unauthorized transmission of information.  Alteration of authentication data such as originator name or timestamp associated with information  Unauthorized deletion of data.  Denial of access to information for legitimate users (denial of service).
1) Web Application 2) Vulnerabilities 3) Social Networks 4) Malware / Virus 5) DDOS attacks (Denial of Service) 6) Phishing 7) Social Engineering 8) Insider Threat 9) Software Vulnerabilities 10) Wireless 11) Botnet 12) Spam 13) Targeted mails 14 ) Murder 15) Reputation Loss 16) Scams 17) Identity Theft 18) Privacy Violation Threats and Attacks
WEB APPLICATION: Web application security is the process of securing confidential data stored online from unauthorized access and modification.
Vulnerabilities: Vulnerability comes from the Latin word for "wound," vulnus Vulnerability is a Weekness in an information process, system security procedures internal control
Social Networks:
Malware: A virus is the most common type of malware, and it's defined as a malicious program that can execute itself and spreads by infecting other programs or files. And spyware is a kind of malware and their types: adware, bots, bugs, rootkits, spyware, Trojan horses, viruses, and worms.
Phishing: Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages.
Social Engineering: It is the most effective way to steal confidential data from an unsuspecting victims Insider Threat: An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices
Botnet: first detected in 2007, is one of the best-known and widely used malware types in the history of information security and common types are: Conficker, Zeus, Waledac, Mariposa and Kelihos.
Spam : Spam is electronic junk mail or junk newsgroup postings Targeted mails: A targeted attack refers to a type of threat in which threat actors actively pursue and compromise a target entity's infrastructure while maintaining anonymity.
Scams: The term SCAM in the online world has been loosely translated. By definition, a scam is a quick-profit scheme where a person cheats another individual or group out of money by presenting them with false information during a deal or offer.
Identity theft: identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information, such as Social Security or driver's license numbers, in order to impersonate someone else. and some identity theft is Social Security Identity Theft. Financial Identity Theft. Driver's License Identity Theft. Criminal Identity Theft. Medical Identity Theft. Insurance Identity Theft. Synthetic Identity Theft.
Earlier Cryptographic Systems Before proceeding further, you need to know some facts about historical cryptosystems −  All of these systems are based on symmetric key encryption scheme.  The only security service these systems provide is confidentiality of information.  The earlier systems worked on alphabets as basic element.
Earlier Cryptographic Systems  These earlier cryptographic systems are also referred to as Ciphers.  In general, a cipher is simply just a set of steps (an algorithm) for performing both an encryption, and the corresponding decryption.
Caesar Cipher  It is a mono-alphabetic cipher wherein each letter of the plaintext is substituted by another letter to form the ciphertext. It is a simplest form of substitution cipher scheme.  This cryptosystem is generally referred to as the Shift Cipher. The concept is to replace each alphabet by another alphabet which is ‘shifted’ by some fixed number between 0 and 25.  For this type of scheme, both sender and receiver agree on a ‘secret shift number’ for shifting the alphabet. This number which is between 0 and 25 becomes the key of encryption.
Example of Shift Cipher  A shift cipher involves replacing each letter in the message by a letter that is some fixed number of positions further along in the alphabet. We’ll call this number the encryption key. It is just the length of the shift we are using. For example, upon encrypting the message “cookie” using a shift cipher with encryption key 3, we obtain the encoded message (or ciphertext): FRRNLH.
Example of Shift Cipher  To make all of this more mathematical, consider the following conversion table for the English alphabet:  i. Using the table, we can represent the letters in our message “cookie” with their corresponding numbers:  2 14 14 10 8 4.  ii. Now add 3 (the encryption key) to each number to get:  5 17 17 13 11 7.  iii. Now use the table to replace these numbers with their corresponding letters: FRRNLH
Monoalphabetic and Polyalphabetic Cipher  Monoalphabetic cipher is a substitution cipher in which for a given key, the cipher alphabet for each plain alphabet is fixed throughout the encryption process.  For example, if ‘A’ is encrypted as ‘D’, for any number of occurrence in that plaintext, ‘A’ will always get encrypted to ‘D’.
Monoalphabetic and Polyalphabetic Cipher  Polyalphabetic Cipher is a substitution cipher in which the cipher alphabet for the plain alphabet may be different at different places during the encryption process. The next two examples, playfair and Vigenere Cipher are polyalphabetic ciphers.
Playfair Cipher  in this scheme, pairs of letters are encrypted, instead of single letters as in the case of simple substitution cipher.  In playfair cipher, initially a key table is created. The key table is a 5×5 grid of alphabets that acts as the key for encrypting the plaintext. Each of the 25 alphabets must be unique and one letter of the alphabet (usually J) is omitted from the table as we need only 25 alphabets instead of 26. If the plaintext contains J, then it is replaced by I.
Playfair Cipher  The sender and the receiver deicide on a particular key, say ‘tutorials’. In a key table, the first characters (going left to right) in the table is the phrase, excluding the duplicate letters. The rest of the table will be filled with the remaining letters of the alphabet, in natural order. The key table works out to be −
Process of Playfair Cipher  First, a plaintext message is split into pairs of two letters (digraphs). If there is an odd number of letters, a Z is added to the last letter. Let us say we want to encrypt the message “hide money”. It will be written as −  HI DE MO NE YZ  The rules of encryption are −  If both the letters are in the same column, take the letter below each one (going back to the top if at the bottom)
Playfair Cipher  If neither of the preceding two rules are true, form a rectangle with the two letters and take the letters on the horizontal opposite corner of the rectangle.
Playfair Cipher  Using these rules, the result of the encryption of ‘hide money’ with the key of ‘tutorials’ would be −  QC EF NU MF ZV  Decrypting the Playfair cipher is as simple as doing the same process in reverse. Receiver has the same key and can create the same key table, and then decrypt any messages made using that key.
Playfair Cipher  Security Value It is also a substitution cipher and is difficult to break compared to the simple substitution cipher. As in case of substitution cipher, cryptanalysis is possible on the Playfair cipher as well, however it would be against 625 possible pairs of letters (25x25 alphabets) instead of 26 different possible alphabets. The Playfair cipher was used mainly to protect important, yet non-critical secrets, as it is quick to use and requires no special equipment.
Vigenere Cipher  Make a table  The key will be the same size as plain text  If the key is small then repeat the digit of key  E.x p=CAD k=ad then you make k=ada A B C D E F . . . A A B C D E F B B C D E F G C C D E F G H D D E F G H I E E F G H I J F F G H I J K . . . . . . . . . . . . . . . . . . . . .
Encryption in Vigenere Cipher  In this example k=CDE and p=CAD  We will get cipher text=EDH A B C D E F . . . A A B C D E F B B C D E F G C C D E F G H D D E F G H I E E F G H I J F F G H I J K . . . . . . . . . . . . . . . . . . . . .

Recomendados

Cns 1
Cns 1Cns 1
Cns 1BhumikaPal1
 
chapter 7.pptx
chapter 7.pptxchapter 7.pptx
chapter 7.pptxMelkamtseganewTigabi1
 
Cryptography - An Overview
Cryptography - An OverviewCryptography - An Overview
Cryptography - An Overviewppd1961
 
Cryptography
CryptographyCryptography
CryptographyIGZ Software house
 
Cryptography chap#6.pptx
Cryptography chap#6.pptxCryptography chap#6.pptx
Cryptography chap#6.pptxHamnaMalik31
 
Unit-2-IS (1).pdf
Unit-2-IS (1).pdfUnit-2-IS (1).pdf
Unit-2-IS (1).pdfShaikSameena24
 
Crpto unit1
Crpto unit1Crpto unit1
Crpto unit1Himanshu Awasthi
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Saif Kassim
 

Recomendados

Cns 1
Cns 1Cns 1
Cns 1BhumikaPal1
 
chapter 7.pptx
chapter 7.pptxchapter 7.pptx
chapter 7.pptxMelkamtseganewTigabi1
 
Cryptography - An Overview
Cryptography - An OverviewCryptography - An Overview
Cryptography - An Overviewppd1961
 
Cryptography
CryptographyCryptography
CryptographyIGZ Software house
 
Cryptography chap#6.pptx
Cryptography chap#6.pptxCryptography chap#6.pptx
Cryptography chap#6.pptxHamnaMalik31
 
Unit-2-IS (1).pdf
Unit-2-IS (1).pdfUnit-2-IS (1).pdf
Unit-2-IS (1).pdfShaikSameena24
 
Crpto unit1
Crpto unit1Crpto unit1
Crpto unit1Himanshu Awasthi
 
Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Computer Security (Cryptography) Ch01
Computer Security (Cryptography) Ch01Saif Kassim
 
Elementry Cryptography
Elementry CryptographyElementry Cryptography
Elementry CryptographyTata Consultancy Services
 
Computer Security (Cryptography) Ch03
Computer Security (Cryptography) Ch03Computer Security (Cryptography) Ch03
Computer Security (Cryptography) Ch03Saif Kassim
 
Introduction to Cryptography and the Public Key Infrastructure
Introduction to Cryptography and the Public Key InfrastructureIntroduction to Cryptography and the Public Key Infrastructure
Introduction to Cryptography and the Public Key InfrastructureMike Gates
 
Information Security
Information SecurityInformation Security
Information SecurityPresentaionslive.blogspot.com
 
Introduction to Cryptography Week4 Part1-ISrevisionSu.docx
Introduction to Cryptography Week4 Part1-ISrevisionSu.docxIntroduction to Cryptography Week4 Part1-ISrevisionSu.docx
Introduction to Cryptography Week4 Part1-ISrevisionSu.docxmariuse18nolet
 
Op Sy 03 Ch 61a
Op Sy 03 Ch 61aOp Sy 03 Ch 61a
Op Sy 03 Ch 61a Google
 
Security.pptx
Security.pptxSecurity.pptx
Security.pptxjohn6938
 
Cryptography
CryptographyCryptography
CryptographyS.M. Towhidul Islam
 
Unit - I cyber security fundamentals part -1.pptx
Unit - I cyber security fundamentals part -1.pptxUnit - I cyber security fundamentals part -1.pptx
Unit - I cyber security fundamentals part -1.pptxkarthikaparthasarath
 
Crypt
CryptCrypt
CryptMir Majid
 
security system by desu star chapter 2 (1).pptx
security system by desu star chapter 2 (1).pptxsecurity system by desu star chapter 2 (1).pptx
security system by desu star chapter 2 (1).pptxdesalewminale
 
Symmetric and asymmetric key cryptography
Symmetric and asymmetric key cryptographySymmetric and asymmetric key cryptography
Symmetric and asymmetric key cryptographyMONIRUL ISLAM
 
Security pre
Security preSecurity pre
Security premissstevenson01
 
Crypto
CryptoCrypto
Cryptouniversity of Gujrat, pakistan
 
Criptography
CriptographyCriptography
CriptographySajan Sahu
 
Bt0088 cryptography and network security1
Bt0088 cryptography and network security1Bt0088 cryptography and network security1
Bt0088 cryptography and network security1Techglyphs
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptographyPavithra renu
 
Cryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarCryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarDurlove Kumbhakar
 
Cryptography (Revised Edition)
Cryptography (Revised Edition)Cryptography (Revised Edition)
Cryptography (Revised Edition)Somaditya Basak
 
Cryptography- "A Black Art"
Cryptography- "A Black Art"Cryptography- "A Black Art"
Cryptography- "A Black Art"Aditya Raina
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 

Mais conteúdo relacionado

Semelhante a COMP416-Risk-and-threats_127798.pptx

Computer Security (Cryptography) Ch03
Computer Security (Cryptography) Ch03Computer Security (Cryptography) Ch03
Computer Security (Cryptography) Ch03Saif Kassim
 
Introduction to Cryptography and the Public Key Infrastructure
Introduction to Cryptography and the Public Key InfrastructureIntroduction to Cryptography and the Public Key Infrastructure
Introduction to Cryptography and the Public Key InfrastructureMike Gates
 
Introduction to Cryptography Week4 Part1-ISrevisionSu.docx
Introduction to Cryptography Week4 Part1-ISrevisionSu.docxIntroduction to Cryptography Week4 Part1-ISrevisionSu.docx
Introduction to Cryptography Week4 Part1-ISrevisionSu.docxmariuse18nolet
 
Op Sy 03 Ch 61a
Op Sy 03 Ch 61aOp Sy 03 Ch 61a
Op Sy 03 Ch 61a Google
 
Security.pptx
Security.pptxSecurity.pptx
Security.pptxjohn6938
 
Unit - I cyber security fundamentals part -1.pptx
Unit - I cyber security fundamentals part -1.pptxUnit - I cyber security fundamentals part -1.pptx
Unit - I cyber security fundamentals part -1.pptxkarthikaparthasarath
 
security system by desu star chapter 2 (1).pptx
security system by desu star chapter 2 (1).pptxsecurity system by desu star chapter 2 (1).pptx
security system by desu star chapter 2 (1).pptxdesalewminale
 
Symmetric and asymmetric key cryptography
Symmetric and asymmetric key cryptographySymmetric and asymmetric key cryptography
Symmetric and asymmetric key cryptographyMONIRUL ISLAM
 
Bt0088 cryptography and network security1
Bt0088 cryptography and network security1Bt0088 cryptography and network security1
Bt0088 cryptography and network security1Techglyphs
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptographyPavithra renu
 
Cryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarCryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarDurlove Kumbhakar
 
Cryptography (Revised Edition)
Cryptography (Revised Edition)Cryptography (Revised Edition)
Cryptography (Revised Edition)Somaditya Basak
 
Cryptography- "A Black Art"
Cryptography- "A Black Art"Cryptography- "A Black Art"
Cryptography- "A Black Art"Aditya Raina
 

Semelhante a COMP416-Risk-and-threats_127798.pptx (20)

Elementry Cryptography
Elementry CryptographyElementry Cryptography
Elementry Cryptography
 
Computer Security (Cryptography) Ch03
Computer Security (Cryptography) Ch03Computer Security (Cryptography) Ch03
Computer Security (Cryptography) Ch03
 
Introduction to Cryptography and the Public Key Infrastructure
Introduction to Cryptography and the Public Key InfrastructureIntroduction to Cryptography and the Public Key Infrastructure
Introduction to Cryptography and the Public Key Infrastructure
 
Information Security
Information SecurityInformation Security
Information Security
 
Introduction to Cryptography Week4 Part1-ISrevisionSu.docx
Introduction to Cryptography Week4 Part1-ISrevisionSu.docxIntroduction to Cryptography Week4 Part1-ISrevisionSu.docx
Introduction to Cryptography Week4 Part1-ISrevisionSu.docx
 
Op Sy 03 Ch 61a
Op Sy 03 Ch 61aOp Sy 03 Ch 61a
Op Sy 03 Ch 61a
 
Security.pptx
Security.pptxSecurity.pptx
Security.pptx
 
Cryptography
CryptographyCryptography
Cryptography
 
Unit - I cyber security fundamentals part -1.pptx
Unit - I cyber security fundamentals part -1.pptxUnit - I cyber security fundamentals part -1.pptx
Unit - I cyber security fundamentals part -1.pptx
 
Crypt
CryptCrypt
Crypt
 
security system by desu star chapter 2 (1).pptx
security system by desu star chapter 2 (1).pptxsecurity system by desu star chapter 2 (1).pptx
security system by desu star chapter 2 (1).pptx
 
Symmetric and asymmetric key cryptography
Symmetric and asymmetric key cryptographySymmetric and asymmetric key cryptography
Symmetric and asymmetric key cryptography
 
Security pre
Security preSecurity pre
Security pre
 
Crypto
CryptoCrypto
Crypto
 
Criptography
CriptographyCriptography
Criptography
 
Bt0088 cryptography and network security1
Bt0088 cryptography and network security1Bt0088 cryptography and network security1
Bt0088 cryptography and network security1
 
Network security and cryptography
Network security and cryptographyNetwork security and cryptography
Network security and cryptography
 
Cryptography by Durlab Kumbhakar
Cryptography by Durlab KumbhakarCryptography by Durlab Kumbhakar
Cryptography by Durlab Kumbhakar
 
Cryptography (Revised Edition)
Cryptography (Revised Edition)Cryptography (Revised Edition)
Cryptography (Revised Edition)
 
Cryptography- "A Black Art"
Cryptography- "A Black Art"Cryptography- "A Black Art"
Cryptography- "A Black Art"
 

Último

Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 

Último (20)

Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 

COMP416-Risk-and-threats_127798.pptx

  • 1.
  • 2.  In the present era, not only business but almost all the aspects of human life are driven by information. Hence, it has become vital to protect useful information from malicious activities such as attacks. Let us consider the types of attacks to which information is typically subjected to.
  • 3. Attacks  Attacks are typically categorized based on the action performed by the attacker. An attack, thus, can be passive or active.
  • 4. Passive Attacks  The main goal of a passive attack is to obtain unauthorized access to the information.  For example, actions such as intercepting and eavesdropping on the communication channel can be regarded as passive attack.
  • 5. Passive Attacks  These actions are passive in nature, as they neither affect information nor disrupt the communication channel. A passive attack is often seen as stealing information. The only difference in stealing physical goods and stealing information is that theft of data still leaves the owner in possession of that data. Passive information attack is thus more dangerous than stealing of goods, as information theft may go unnoticed by the owner.
  • 6.
  • 7. Active Attacks An active attack involves changing the information in some way by conducting some process on the information. For example,  Modifying the information in an unauthorized manner.  Initiating unintended or unauthorized transmission of information.  Alteration of authentication data such as originator name or timestamp associated with information  Unauthorized deletion of data.  Denial of access to information for legitimate users (denial of service).
  • 8.
  • 9. 1) Web Application 2) Vulnerabilities 3) Social Networks 4) Malware / Virus 5) DDOS attacks (Denial of Service) 6) Phishing 7) Social Engineering 8) Insider Threat 9) Software Vulnerabilities 10) Wireless 11) Botnet 12) Spam 13) Targeted mails 14 ) Murder 15) Reputation Loss 16) Scams 17) Identity Theft 18) Privacy Violation Threats and Attacks
  • 10. WEB APPLICATION: Web application security is the process of securing confidential data stored online from unauthorized access and modification.
  • 11. Vulnerabilities: Vulnerability comes from the Latin word for "wound," vulnus Vulnerability is a Weekness in an information process, system security procedures internal control
  • 13. Malware: A virus is the most common type of malware, and it's defined as a malicious program that can execute itself and spreads by infecting other programs or files. And spyware is a kind of malware and their types: adware, bots, bugs, rootkits, spyware, Trojan horses, viruses, and worms.
  • 14. Phishing: Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages.
  • 15. Social Engineering: It is the most effective way to steal confidential data from an unsuspecting victims Insider Threat: An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices
  • 16. Botnet: first detected in 2007, is one of the best-known and widely used malware types in the history of information security and common types are: Conficker, Zeus, Waledac, Mariposa and Kelihos.
  • 17. Spam : Spam is electronic junk mail or junk newsgroup postings Targeted mails: A targeted attack refers to a type of threat in which threat actors actively pursue and compromise a target entity's infrastructure while maintaining anonymity.
  • 18. Scams: The term SCAM in the online world has been loosely translated. By definition, a scam is a quick-profit scheme where a person cheats another individual or group out of money by presenting them with false information during a deal or offer.
  • 19.
  • 20. Identity theft: identity theft, also known as identity fraud, is a crime in which an imposter obtains key pieces of personally identifiable information, such as Social Security or driver's license numbers, in order to impersonate someone else. and some identity theft is Social Security Identity Theft. Financial Identity Theft. Driver's License Identity Theft. Criminal Identity Theft. Medical Identity Theft. Insurance Identity Theft. Synthetic Identity Theft.
  • 21. Earlier Cryptographic Systems Before proceeding further, you need to know some facts about historical cryptosystems −  All of these systems are based on symmetric key encryption scheme.  The only security service these systems provide is confidentiality of information.  The earlier systems worked on alphabets as basic element.
  • 22. Earlier Cryptographic Systems  These earlier cryptographic systems are also referred to as Ciphers.  In general, a cipher is simply just a set of steps (an algorithm) for performing both an encryption, and the corresponding decryption.
  • 23. Caesar Cipher  It is a mono-alphabetic cipher wherein each letter of the plaintext is substituted by another letter to form the ciphertext. It is a simplest form of substitution cipher scheme.  This cryptosystem is generally referred to as the Shift Cipher. The concept is to replace each alphabet by another alphabet which is ‘shifted’ by some fixed number between 0 and 25.  For this type of scheme, both sender and receiver agree on a ‘secret shift number’ for shifting the alphabet. This number which is between 0 and 25 becomes the key of encryption.
  • 24. Example of Shift Cipher  A shift cipher involves replacing each letter in the message by a letter that is some fixed number of positions further along in the alphabet. We’ll call this number the encryption key. It is just the length of the shift we are using. For example, upon encrypting the message “cookie” using a shift cipher with encryption key 3, we obtain the encoded message (or ciphertext): FRRNLH.
  • 25. Example of Shift Cipher  To make all of this more mathematical, consider the following conversion table for the English alphabet:  i. Using the table, we can represent the letters in our message “cookie” with their corresponding numbers:  2 14 14 10 8 4.  ii. Now add 3 (the encryption key) to each number to get:  5 17 17 13 11 7.  iii. Now use the table to replace these numbers with their corresponding letters: FRRNLH
  • 26. Monoalphabetic and Polyalphabetic Cipher  Monoalphabetic cipher is a substitution cipher in which for a given key, the cipher alphabet for each plain alphabet is fixed throughout the encryption process.  For example, if ‘A’ is encrypted as ‘D’, for any number of occurrence in that plaintext, ‘A’ will always get encrypted to ‘D’.
  • 27. Monoalphabetic and Polyalphabetic Cipher  Polyalphabetic Cipher is a substitution cipher in which the cipher alphabet for the plain alphabet may be different at different places during the encryption process. The next two examples, playfair and Vigenere Cipher are polyalphabetic ciphers.
  • 28. Playfair Cipher  in this scheme, pairs of letters are encrypted, instead of single letters as in the case of simple substitution cipher.  In playfair cipher, initially a key table is created. The key table is a 5×5 grid of alphabets that acts as the key for encrypting the plaintext. Each of the 25 alphabets must be unique and one letter of the alphabet (usually J) is omitted from the table as we need only 25 alphabets instead of 26. If the plaintext contains J, then it is replaced by I.
  • 29. Playfair Cipher  The sender and the receiver deicide on a particular key, say ‘tutorials’. In a key table, the first characters (going left to right) in the table is the phrase, excluding the duplicate letters. The rest of the table will be filled with the remaining letters of the alphabet, in natural order. The key table works out to be −
  • 30. Process of Playfair Cipher  First, a plaintext message is split into pairs of two letters (digraphs). If there is an odd number of letters, a Z is added to the last letter. Let us say we want to encrypt the message “hide money”. It will be written as −  HI DE MO NE YZ  The rules of encryption are −  If both the letters are in the same column, take the letter below each one (going back to the top if at the bottom)
  • 31.
  • 32. Playfair Cipher  If neither of the preceding two rules are true, form a rectangle with the two letters and take the letters on the horizontal opposite corner of the rectangle.
  • 33. Playfair Cipher  Using these rules, the result of the encryption of ‘hide money’ with the key of ‘tutorials’ would be −  QC EF NU MF ZV  Decrypting the Playfair cipher is as simple as doing the same process in reverse. Receiver has the same key and can create the same key table, and then decrypt any messages made using that key.
  • 34. Playfair Cipher  Security Value It is also a substitution cipher and is difficult to break compared to the simple substitution cipher. As in case of substitution cipher, cryptanalysis is possible on the Playfair cipher as well, however it would be against 625 possible pairs of letters (25x25 alphabets) instead of 26 different possible alphabets. The Playfair cipher was used mainly to protect important, yet non-critical secrets, as it is quick to use and requires no special equipment.
  • 35. Vigenere Cipher  Make a table  The key will be the same size as plain text  If the key is small then repeat the digit of key  E.x p=CAD k=ad then you make k=ada A B C D E F . . . A A B C D E F B B C D E F G C C D E F G H D D E F G H I E E F G H I J F F G H I J K . . . . . . . . . . . . . . . . . . . . .
  • 36. Encryption in Vigenere Cipher  In this example k=CDE and p=CAD  We will get cipher text=EDH A B C D E F . . . A A B C D E F B B C D E F G C C D E F G H D D E F G H I E E F G H I J F F G H I J K . . . . . . . . . . . . . . . . . . . . .