SlideShare uma empresa Scribd logo

cybersecurity

Transferir como PPTX, PDF
M
maha797959

The document provides an overview of cyber security concepts including definitions of cyber security, hackers, and types of cyber attacks such as web-based attacks, system-based attacks, and common attack methods like phishing, brute force attacks, and denial of service attacks. It also discusses cyber security defenses, tools, and strategies such as firewalls, antivirus software, intrusion detection systems, access controls, encryption, employee training, and security audits. Key terms like ports, IP addresses, port scanning, security operations centers (SOCs), zero-trust models, and ethical hacking are also defined.

Educação
1 de 53
Dr.S.Mahalakshmi Department of Computer Science GURU SHREE SHANTIVIJAI JAIN COLLEGE FOR WOMEN Chennai
CYBER SECURITY  DEFINITION  Cyber security is the practice of protecting computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.  It's also known as information technology security or electronic information security.
CYBER SECURITY  It is made up of two words one is cyber and other is security.  Cyber is related to the technology which contains systems, network and programs or data.  Whereas security related to the protection which includes systems security, network security and application and information security.
HACKERS  People who carry out cyber attacks are generally regarded as cybercriminals.  Often referred to as bad actors, threat actors and hackers, they include individuals who act alone, drawing on their computer skills to design and execute malicious attacks.
Types of Cyber Attacks  A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter computer code, logic or data and lead to cybercrimes, such as information and identity theft.  Cyber-attacks can be classified into the following categories:  1) Web-based attacks  2) System-based attacks
 Web-based attacks  These are the attacks which occur on a website or web applications. Some of the important  web-based attacks are as follows-  1. Injection attacks  It is the attack in which some data will be injected into a web application to manipulate the and fetch the required information.  Example- SQL Injection, code Injection, log Injection, XML Injection etc.
Packet Sniffing ? When any data has to be transmitted over the computer network, it is broken down into smaller units at the sender’s node called data packets and reassembled at receiver’s node in original format. It is the smallest unit of communication over a computer network. It is also called a block, a segment, a datagram or a cell. The act of capturing data packet across the computer network is called packet sniffing. It is similar to as wire tapping to a telephone network. It is mostly used by crackers and hackers to collect information illegally about network.
Message modification:  In this attack, an intruder alters packet header addresses to direct a message to a different destination or modify the data on a target machine.
Phishing  Phishing is a type of attack which attempts to steal sensitive information like user login credentials and credit card number.  It occurs when an attacker is masked as a trustworthy entity in electronic communication.
Brute force  It is a type of attack which uses a trial and error method. This attack generates a large number of guesses and validates them to obtain actual data like user password and personal identification number.  This attack may be used by criminals to crack encrypted data, or by security analysts to test an organization's network security.
Denial of Service  It is an attack which meant to make a server or network resource unavailable to the users.  It accomplishes this by flooding the target with traffic or sending it information that triggers a crash.  It uses the single system and single internet connection to attack a server.
DDOS  In a distributed denial-of-service (DDoS) exploit, large numbers of compromised systems (sometimes called a botnet or zombie army) attack a single target.
Dictionary attacks  This type of attack stored the list of a commonly used password and validated them to get original password.
 Man in the middle attacks  It is a type of attack that allows an attacker to intercepts the connection between client and server and acts as a bridge between them. Due to this, an attacker will be able to read, insert and modify the data in the intercepted connection.
System-based attacks  1. Virus  It is a type of malicious software program that spread throughout the computer files without the knowledge of a user.  It is a self-replicating malicious computer program that replicates by inserting copies of itself into other computer programs when executed.  It can also execute instructions that cause harm to the system.
 2. Worm  It is a type of malware whose primary function is to replicate itself to spread to uninfected computers.  It works same as the computer virus. Worms often originate from email attachments that appear to be from trusted senders.
 Bots  A bot (short for "robot") is an automated process that interacts with other network services.  Some bots program run automatically, while others only execute commands when they receive specific input. Common examples of bots program are the crawler, chatroom bots, and malicious bots.
CIA Triad  The CIA Triad is actually a security model that has been developed to help people think about various parts of IT security.
Confidentiality  It's crucial in today's world for people to protect their sensitive, private information from unauthorized access.  Protecting confidentiality is dependent on being able to define and enforce certain access levels for information.  In some cases, doing this involves separating information into various collections that are organized by who needs access to the information and how sensitive that information actually is - i.e. the amount of damage suffered if the confidentiality was breached
Integrity  Data integrity is what the "I" in CIA Triad stands for  This is an essential component of the CIA Triad and designed to protect data from deletion or modification from any unauthorized party, and it ensures that when an authorized person makes a change that should not have been made the damage can be reversed.
Availability  This is the final component of the CIA Triad and refers to the actual availability of your data.  Authentication mechanisms, access channels and systems all have to work properly for the information they protect and ensure it's available when it is needed.
PENETRATION TEST  A penetration test (pen test) is an authorized simulated attack performed on a computer system to evaluate its security.  Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system.
What are web vulnerabilities?  Web application vulnerabilities involve a system flaw or weakness in a web-based application
What is Ethical hacking?  Ethical hacking is also known as White hat Hacking or Penetration Testing.  Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system or data.
IP ADDRESS  An IP address is a unique address that identifies a device on the internet or a local network. IP stands for "Internet Protocol," which is the set of rules governing the format of data sent via the internet or local network the full IP addressing range goes from 0.0.0.0 to 255.255.255.255..
PORT What is a port? A port is a virtual point where network connections start and end. Ports are software-based and managed by a computer's operating system.  Each port is associated with a specific process or service. Ports allow computers to easily differentiate between different kinds of traffic: emails go to a different port than webpages, for instance, even though both reach a computer over the same Internet connection. There are 65535 ports
 Ports are used to facilitate the exchange of data between different computers over a network.  Each port is associated with a specific protocol, which defines the rules for how data is transmitted and received.
 Port 20/21: File Transfer Protocol (FTP)  Port 22: Secure Shell (SSH)  Port 23: Telnet  Port 25: Simple Mail Transfer Protocol (SMTP)  Port 53: Domain Name System (DNS)  Port 80: Hypertext Transfer Protocol (HTTP)  Port 110: Post Office Protocol (POP3)  Port 143: Internet Message Access Protocol (IMAP)  Port 443: Hypertext Transfer Protocol Secure (HTTPS)
 Port numbers are like extensions to your IP address. For example,  your computer’s IP address is 192.168.11.1,  while the file transfer protocol (FTP) port number is 20.  Thus, the IP for an open FTP port would be 192.168.11.1:20.  By seeing this address, the server will “understand” your request.
PORT SCANNING  Port scanning, for example, tries all ports at an address to see which ones are open and listening. Attackers can use this to find vulnerable services that they can then attack.
SOC A Security Operations Center (SOC)  An emerging phrase in the cybersecurity world currently is ‘SOC Analyst’  A Security Operations Center (SOC) is a 24-hour control center in charge of security and threat analysis for an organization. It is essentially a structure in place for large firms and organizations looking to strictly protect their cyber assets.  Individual IT security tools such as firewalls, malicious code scanners or intrusion detection systems are no longer sufficient to guarantee comprehensive protection.
Zero-Trust  A Zero-Trust approach moves businesses away from the traditional idea of trusting everyone or everything that is connected to a network or behind a firewall.
Cybersecurity Defences:  Cybersecurity defences are the various measures and controls put in place to protect digital devices, networks, and sensitive information from cyber threats.  Cybersecurity defences are an essential aspect of cybersecurity as they help to prevent, detect, and respond to cyber-attacks.
Firewalls(Watchman)  These are network security devices that monitor and control incoming and outgoing network traffic based on predetermined security rules.  Firewalls help to prevent unauthorized access to networks and devices.
Antivirus and anti-malware software:  These are software programs designed to detect and remove malicious software, such as viruses, worms, and Trojans, from digital devices.
Intrusion detection and prevention systems (IDPS): These are network security devices that monitor network traffic for signs of a potential cyber-attack and can automatically block or prevent the attack.
Access Controls  Access controls help to restrict access to sensitive information and systems to authorized individuals only.  Examples of access controls include  passwords,  two-factor authentication,  and  biometric authentication.
Encryption  Encryption is the process of converting sensitive data into a format that can only be read by authorized individuals with the correct decryption keys.  Encryption helps to protect data from unauthorized access and theft.
Employee training and awareness:  Employee training and awareness programs help to educate employees on the importance of cybersecurity and how to identify and avoid common cyber threats, such as phishing emails and social engineering attacks.
Patch management  Patch management involves regularly updating the device's operating system and software to address known vulnerabilities and improve security.
Strong passwords and multi-factor authentication:  Strong passwords are an important component of cybersecurity because they are the first line of defense against unauthorized access. Passwords should be complex and unique, and should be changed regularly. Multi-factor authentication is an additional layer of security that requires users to provide two or more forms of identification in order to access a system or application.
Regular backups:  Regular backups are essential for protecting against data loss in the event of a system failure, cyber attack, or other unexpected event.  Backups should be stored in a secure location and should be tested regularly to ensure that they can be restored in the event of a disaster.
Security audits and vulnerability assessments:  Security audits and vulnerability assessments are processes that are used to identify and address security weaknesses in a system or network.  Security audits involve a comprehensive review of an organization's security policies and procedures, while vulnerability assessments focus on identifying potential vulnerabilities in a system or network.
SSL  SSL, or Secure Sockets Layer, is a protocol for securing online communication between a web server and a user's web browser.  When you visit a website that uses SSL, your browser establishes a secure, encrypted connection with the website's server, ensuring that any data that is transmitted between the two is kept confidential and cannot be intercepted by third parties.
IAM: IAM, or Identity and Access Management  IAM can also involve managing authentication and authorization mechanisms, such as passwords, biometrics, and multi-factor authentication, to ensure that only authorized individuals can access sensitive systems and data.
Red Team Testing:  In this approach, a dedicated team of testers, often called a "red team," is tasked with simulating a real- world attack on the organization's systems or network. This approach is often used to test the effectiveness of an organization's overall security posture and to identify vulnerabilities that might  be missed by other testing approaches.
Honeypot  A honeypot is a type of cybersecurity tool or technique that is used to detect, deflect, or study attempted unauthorized access to a system or network.  It is essentially a decoy system or network that is designed to look and act like a legitimate system or network, but is actually set up to lure attackers in.
Blue Team  Blue Team:  A blue team is a group of security professionals who are responsible for defending an organization's system or network against cyber attacks.
Purple Team  Purple Team:  A purple team is a combination of red and blue teams that work together to  improve the organization's security posture.
 SIEM:  SIEM stands for Security Information and Event Management. It is a type of security solution that helps organizations to collect, correlate, analyze, and manage security event data from various sources in real-time. SIEM solutions provide organizations with a centralized platform for monitoring and managing security events, which helps to improve the organization's overall security  posture.
 Log Collection: SIEM solutions can collect log data from various sources, such as network devices, servers, and applications.  Event Correlation: SIEM solutions can correlate events from various sources to identify potential security incidents.  Threat Intelligence: SIEM solutions can leverage threat intelligence feeds to identify known threats and indicators of compromise.  Real-time Alerting: SIEM solutions can generate real-time alerts when potential security incidents are detected.  Reporting and Analysis: SIEM solutions provide reporting and analysis capabilities to help organizations understand their security posture, identify trends, and make informed decisions about their security strategy.
THANK YOU

Recomendados

Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
Nikunj Thakkar
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
Vikram Khanna
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
A. Shamel
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
HaniyaMaha
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 

Recomendados

Basics of Cyber Security
Basics of Cyber SecurityBasics of Cyber Security
Basics of Cyber Security
Nikunj Thakkar
 
Introduction to ethical hacking
Introduction to ethical hackingIntroduction to ethical hacking
Introduction to ethical hacking
Vikram Khanna
 
Cyber security
Cyber securityCyber security
Cyber security
Bhavin Shah
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
A. Shamel
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
Sharath Raj
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
HaniyaMaha
 
Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Edureka!
 
Cyber security
Cyber securityCyber security
Cyber security
Sabir Raja
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Vaishak Chandran
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
Anchit Rajawat
 
Cyber security
Cyber securityCyber security
Cyber security
Harsh verma
 
Cyber security
Cyber securityCyber security
Cyber security
Sapna Patil
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Vivek Agarwal
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
Cyber security 07
Cyber security 07Cyber security 07
Cyber security 07
Habib Siddiqui
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
kishore golla
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in Society
Rubal Sagwal
 
Cyber security
Cyber securityCyber security
Cyber security
Pihu Goel
 
Cyber security
Cyber securityCyber security
Cyber security
Samsil Arefin
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
Noushad Hasan
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ramiro Cid
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cyber security
Cyber securityCyber security
Cyber security
Krishanu Ghosh
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
Haider Ali Malik
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptx
babepa2317
 

Mais conteúdo relacionado

Mais procurados

Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
pooja_doshi
 

Mais procurados (20)

Cyber security
Cyber securityCyber security
Cyber security
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Cyber Crime & Security
Cyber Crime & SecurityCyber Crime & Security
Cyber Crime & Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Cyber security 07
Cyber security 07Cyber security 07
Cyber security 07
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in Society
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentation
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cyber security
Cyber securityCyber security
Cyber security
 

Semelhante a cybersecurity

Basic Home Computer Network And Computer Network Security...
Basic Home Computer Network And Computer Network Security...Basic Home Computer Network And Computer Network Security...
Basic Home Computer Network And Computer Network Security...
Jennifer Letterman
 
Top 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdfTop 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdf
AnanthReddy38
 

Semelhante a cybersecurity (20)

Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptx
 
Computer security and
Computer security andComputer security and
Computer security and
 
Network and web security
Network and web securityNetwork and web security
Network and web security
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Cyber.pptx
Cyber.pptxCyber.pptx
Cyber.pptx
 
CNS unit -1.docx
CNS unit -1.docxCNS unit -1.docx
CNS unit -1.docx
 
Network security
Network securityNetwork security
Network security
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
 
Ethical hacking ppt
Ethical hacking pptEthical hacking ppt
Ethical hacking ppt
 
Computer security 7.pptx
Computer security 7.pptxComputer security 7.pptx
Computer security 7.pptx
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
 
Computing safety ryr
Computing safety ryrComputing safety ryr
Computing safety ryr
 
Basic Home Computer Network And Computer Network Security...
Basic Home Computer Network And Computer Network Security...Basic Home Computer Network And Computer Network Security...
Basic Home Computer Network And Computer Network Security...
 
Top 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdfTop 20 cyber security interview questions and answers in 2023.pdf
Top 20 cyber security interview questions and answers in 2023.pdf
 
Computing safety
Computing safetyComputing safety
Computing safety
 
Cyber security
Cyber security Cyber security
Cyber security
 
Computer security
Computer securityComputer security
Computer security
 
Mim Attack Essay
Mim Attack EssayMim Attack Essay
Mim Attack Essay
 

Último

The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
MateoGardella
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 

Último (20)

Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 

cybersecurity

  • 1. Dr.S.Mahalakshmi Department of Computer Science GURU SHREE SHANTIVIJAI JAIN COLLEGE FOR WOMEN Chennai
  • 2. CYBER SECURITY  DEFINITION  Cyber security is the practice of protecting computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.  It's also known as information technology security or electronic information security.
  • 3. CYBER SECURITY  It is made up of two words one is cyber and other is security.  Cyber is related to the technology which contains systems, network and programs or data.  Whereas security related to the protection which includes systems security, network security and application and information security.
  • 4. HACKERS  People who carry out cyber attacks are generally regarded as cybercriminals.  Often referred to as bad actors, threat actors and hackers, they include individuals who act alone, drawing on their computer skills to design and execute malicious attacks.
  • 5.
  • 6. Types of Cyber Attacks  A cyber-attack is an exploitation of computer systems and networks. It uses malicious code to alter computer code, logic or data and lead to cybercrimes, such as information and identity theft.  Cyber-attacks can be classified into the following categories:  1) Web-based attacks  2) System-based attacks
  • 7.  Web-based attacks  These are the attacks which occur on a website or web applications. Some of the important  web-based attacks are as follows-  1. Injection attacks  It is the attack in which some data will be injected into a web application to manipulate the and fetch the required information.  Example- SQL Injection, code Injection, log Injection, XML Injection etc.
  • 8. Packet Sniffing ? When any data has to be transmitted over the computer network, it is broken down into smaller units at the sender’s node called data packets and reassembled at receiver’s node in original format. It is the smallest unit of communication over a computer network. It is also called a block, a segment, a datagram or a cell. The act of capturing data packet across the computer network is called packet sniffing. It is similar to as wire tapping to a telephone network. It is mostly used by crackers and hackers to collect information illegally about network.
  • 9. Message modification:  In this attack, an intruder alters packet header addresses to direct a message to a different destination or modify the data on a target machine.
  • 10. Phishing  Phishing is a type of attack which attempts to steal sensitive information like user login credentials and credit card number.  It occurs when an attacker is masked as a trustworthy entity in electronic communication.
  • 11. Brute force  It is a type of attack which uses a trial and error method. This attack generates a large number of guesses and validates them to obtain actual data like user password and personal identification number.  This attack may be used by criminals to crack encrypted data, or by security analysts to test an organization's network security.
  • 12. Denial of Service  It is an attack which meant to make a server or network resource unavailable to the users.  It accomplishes this by flooding the target with traffic or sending it information that triggers a crash.  It uses the single system and single internet connection to attack a server.
  • 13. DDOS  In a distributed denial-of-service (DDoS) exploit, large numbers of compromised systems (sometimes called a botnet or zombie army) attack a single target.
  • 14. Dictionary attacks  This type of attack stored the list of a commonly used password and validated them to get original password.
  • 15.  Man in the middle attacks  It is a type of attack that allows an attacker to intercepts the connection between client and server and acts as a bridge between them. Due to this, an attacker will be able to read, insert and modify the data in the intercepted connection.
  • 16. System-based attacks  1. Virus  It is a type of malicious software program that spread throughout the computer files without the knowledge of a user.  It is a self-replicating malicious computer program that replicates by inserting copies of itself into other computer programs when executed.  It can also execute instructions that cause harm to the system.
  • 17.  2. Worm  It is a type of malware whose primary function is to replicate itself to spread to uninfected computers.  It works same as the computer virus. Worms often originate from email attachments that appear to be from trusted senders.
  • 18.  Bots  A bot (short for "robot") is an automated process that interacts with other network services.  Some bots program run automatically, while others only execute commands when they receive specific input. Common examples of bots program are the crawler, chatroom bots, and malicious bots.
  • 19. CIA Triad  The CIA Triad is actually a security model that has been developed to help people think about various parts of IT security.
  • 20. Confidentiality  It's crucial in today's world for people to protect their sensitive, private information from unauthorized access.  Protecting confidentiality is dependent on being able to define and enforce certain access levels for information.  In some cases, doing this involves separating information into various collections that are organized by who needs access to the information and how sensitive that information actually is - i.e. the amount of damage suffered if the confidentiality was breached
  • 21. Integrity  Data integrity is what the "I" in CIA Triad stands for  This is an essential component of the CIA Triad and designed to protect data from deletion or modification from any unauthorized party, and it ensures that when an authorized person makes a change that should not have been made the damage can be reversed.
  • 22. Availability  This is the final component of the CIA Triad and refers to the actual availability of your data.  Authentication mechanisms, access channels and systems all have to work properly for the information they protect and ensure it's available when it is needed.
  • 23. PENETRATION TEST  A penetration test (pen test) is an authorized simulated attack performed on a computer system to evaluate its security.  Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system.
  • 24. What are web vulnerabilities?  Web application vulnerabilities involve a system flaw or weakness in a web-based application
  • 25. What is Ethical hacking?  Ethical hacking is also known as White hat Hacking or Penetration Testing.  Ethical hacking involves an authorized attempt to gain unauthorized access to a computer system or data.
  • 26. IP ADDRESS  An IP address is a unique address that identifies a device on the internet or a local network. IP stands for "Internet Protocol," which is the set of rules governing the format of data sent via the internet or local network the full IP addressing range goes from 0.0.0.0 to 255.255.255.255..
  • 27. PORT What is a port? A port is a virtual point where network connections start and end. Ports are software-based and managed by a computer's operating system.  Each port is associated with a specific process or service. Ports allow computers to easily differentiate between different kinds of traffic: emails go to a different port than webpages, for instance, even though both reach a computer over the same Internet connection. There are 65535 ports
  • 28.  Ports are used to facilitate the exchange of data between different computers over a network.  Each port is associated with a specific protocol, which defines the rules for how data is transmitted and received.
  • 29.  Port 20/21: File Transfer Protocol (FTP)  Port 22: Secure Shell (SSH)  Port 23: Telnet  Port 25: Simple Mail Transfer Protocol (SMTP)  Port 53: Domain Name System (DNS)  Port 80: Hypertext Transfer Protocol (HTTP)  Port 110: Post Office Protocol (POP3)  Port 143: Internet Message Access Protocol (IMAP)  Port 443: Hypertext Transfer Protocol Secure (HTTPS)
  • 30.  Port numbers are like extensions to your IP address. For example,  your computer’s IP address is 192.168.11.1,  while the file transfer protocol (FTP) port number is 20.  Thus, the IP for an open FTP port would be 192.168.11.1:20.  By seeing this address, the server will “understand” your request.
  • 31. PORT SCANNING  Port scanning, for example, tries all ports at an address to see which ones are open and listening. Attackers can use this to find vulnerable services that they can then attack.
  • 32. SOC A Security Operations Center (SOC)  An emerging phrase in the cybersecurity world currently is ‘SOC Analyst’  A Security Operations Center (SOC) is a 24-hour control center in charge of security and threat analysis for an organization. It is essentially a structure in place for large firms and organizations looking to strictly protect their cyber assets.  Individual IT security tools such as firewalls, malicious code scanners or intrusion detection systems are no longer sufficient to guarantee comprehensive protection.
  • 33. Zero-Trust  A Zero-Trust approach moves businesses away from the traditional idea of trusting everyone or everything that is connected to a network or behind a firewall.
  • 34. Cybersecurity Defences:  Cybersecurity defences are the various measures and controls put in place to protect digital devices, networks, and sensitive information from cyber threats.  Cybersecurity defences are an essential aspect of cybersecurity as they help to prevent, detect, and respond to cyber-attacks.
  • 35. Firewalls(Watchman)  These are network security devices that monitor and control incoming and outgoing network traffic based on predetermined security rules.  Firewalls help to prevent unauthorized access to networks and devices.
  • 36. Antivirus and anti-malware software:  These are software programs designed to detect and remove malicious software, such as viruses, worms, and Trojans, from digital devices.
  • 37. Intrusion detection and prevention systems (IDPS): These are network security devices that monitor network traffic for signs of a potential cyber-attack and can automatically block or prevent the attack.
  • 38. Access Controls  Access controls help to restrict access to sensitive information and systems to authorized individuals only.  Examples of access controls include  passwords,  two-factor authentication,  and  biometric authentication.
  • 39. Encryption  Encryption is the process of converting sensitive data into a format that can only be read by authorized individuals with the correct decryption keys.  Encryption helps to protect data from unauthorized access and theft.
  • 40. Employee training and awareness:  Employee training and awareness programs help to educate employees on the importance of cybersecurity and how to identify and avoid common cyber threats, such as phishing emails and social engineering attacks.
  • 41. Patch management  Patch management involves regularly updating the device's operating system and software to address known vulnerabilities and improve security.
  • 42. Strong passwords and multi-factor authentication:  Strong passwords are an important component of cybersecurity because they are the first line of defense against unauthorized access. Passwords should be complex and unique, and should be changed regularly. Multi-factor authentication is an additional layer of security that requires users to provide two or more forms of identification in order to access a system or application.
  • 43. Regular backups:  Regular backups are essential for protecting against data loss in the event of a system failure, cyber attack, or other unexpected event.  Backups should be stored in a secure location and should be tested regularly to ensure that they can be restored in the event of a disaster.
  • 44. Security audits and vulnerability assessments:  Security audits and vulnerability assessments are processes that are used to identify and address security weaknesses in a system or network.  Security audits involve a comprehensive review of an organization's security policies and procedures, while vulnerability assessments focus on identifying potential vulnerabilities in a system or network.
  • 45. SSL  SSL, or Secure Sockets Layer, is a protocol for securing online communication between a web server and a user's web browser.  When you visit a website that uses SSL, your browser establishes a secure, encrypted connection with the website's server, ensuring that any data that is transmitted between the two is kept confidential and cannot be intercepted by third parties.
  • 46. IAM: IAM, or Identity and Access Management  IAM can also involve managing authentication and authorization mechanisms, such as passwords, biometrics, and multi-factor authentication, to ensure that only authorized individuals can access sensitive systems and data.
  • 47. Red Team Testing:  In this approach, a dedicated team of testers, often called a "red team," is tasked with simulating a real- world attack on the organization's systems or network. This approach is often used to test the effectiveness of an organization's overall security posture and to identify vulnerabilities that might  be missed by other testing approaches.
  • 48. Honeypot  A honeypot is a type of cybersecurity tool or technique that is used to detect, deflect, or study attempted unauthorized access to a system or network.  It is essentially a decoy system or network that is designed to look and act like a legitimate system or network, but is actually set up to lure attackers in.
  • 49. Blue Team  Blue Team:  A blue team is a group of security professionals who are responsible for defending an organization's system or network against cyber attacks.
  • 50. Purple Team  Purple Team:  A purple team is a combination of red and blue teams that work together to  improve the organization's security posture.
  • 51.  SIEM:  SIEM stands for Security Information and Event Management. It is a type of security solution that helps organizations to collect, correlate, analyze, and manage security event data from various sources in real-time. SIEM solutions provide organizations with a centralized platform for monitoring and managing security events, which helps to improve the organization's overall security  posture.
  • 52.  Log Collection: SIEM solutions can collect log data from various sources, such as network devices, servers, and applications.  Event Correlation: SIEM solutions can correlate events from various sources to identify potential security incidents.  Threat Intelligence: SIEM solutions can leverage threat intelligence feeds to identify known threats and indicators of compromise.  Real-time Alerting: SIEM solutions can generate real-time alerts when potential security incidents are detected.  Reporting and Analysis: SIEM solutions provide reporting and analysis capabilities to help organizations understand their security posture, identify trends, and make informed decisions about their security strategy.