2. What is Cyber Security?
Cyber security is the body of technologies, processes and practices
designed to protect networks, computers, programs and data from
attack, damage or unauthorized access.
Computer security, also known as cyber security or IT security, is the
protection of information systems from theft or damage to the
hardware, the software, and to the information on them, as well as
from disruption or misdirection of the services they provide
It includes controlling physical access to the hardware, as well as
protecting against harm that may come via network access, data and
code injection, and due to malpractice by operators, whether
intentional, accidental, or due to them being tricked into deviating from
secure procedures
4. What is Security ?
1. Security is a state of wellbeing of information and infrastructure
2. Computer security refers to the protection of computer systems
and the Information a user stores or processes
3. Users should focus on various security threats and countermeasures
in order to protect their information assists
5. Potential Loses Due to Cyber Attack
Misuse of computer resources
Data loss/theft
Loss of trust
Financial loss
Unavailability of resources
Identity theft
6. Fundamental Concepts of Security
Adhering to the preventative measures while using computer system
and applications
Acting timely when security incidents occur
Managing all the changes in the computer applications and keeping
them up to date
7. Vulnerabilities and attacks
A vulnerability is a system susceptibility or flaw. Many
vulnerabilities are documented in the Common Vulnerabilities
and Exposures (CVE) database. An exploitable vulnerability
is one for which at least one working attack or "exploit"
exists.
To secure a computer system, it is important to understand
the attacks that can be made against it, and these threats
can typically be classified into one of the categories below:
1. Direct Access Attack (Physical Theft)
2. Eavesdropping
3. Phising
4. Social Engineering
8. Direct Access Attack (Physical Theft)
An unauthorized user gaining physical access to a computer
is most likely able to directly copy data from it. They may
also compromise security by making operating system
modifications, installing software worms, keyloggers, covert
listening devices or using wireless mice
Even when the system is protected by standard security
measures, these may be able to be by-passed by booting
another operating system or tool from a CD-ROM or other
bootable media. Disk encryption and Trusted Platform
Module are designed to prevent these attacks.
9. Eavesdropping
Eavesdropping is the act of surreptitiously listening to a private
conversation, typically between hosts on a network
Even machines that operate as a closed system (i.e., with no contact
to the outside world) can be eavesdropped upon via monitoring the
faint electro-magnetic transmissions generated by the hardware
10. Phising
Phishing is the attempt to acquire sensitive information such as
usernames, passwords, and credit card details directly from users.
Phishing is typically carried out by email spoofing or instant
messaging, and it often directs users to enter details at a fake
website whose look and feel are almost identical to the legitimate
one. Preying on a victim's trusting, phishing can be classified as a
form of social engineering.
11. Social Engineering
Social engineering aims to convince a user to disclose secrets such as
passwords, card numbers, etc. by, for example, impersonating a bank, a
contractor, or a customer.
A popular and profitable cyber scam involves fake CEO emails sent to
accounting and finance departments. In early 2016, the FBI reported that
the scam has cost US businesses more than $2bn in about two years.
In May 2016, the Milwaukee Bucks NBA team was the victim of this type of
cyber scam with a perpetrator impersonating the team's president Peter
Feign resulting in the handover of all the team's employees' 2015 W-2 tax
forms.
12. Securing From Cyber Attacks
Any PC or laptop running Windows software can be open to
cyber attack if they access the Internet.
From spyware, to viruses, worms and malware, there are
bewildering arrays of cyber attacks that can be used against the
unwary surfer. The only way to protect your hardware from these
attacks is by using antivirus and firewall software.
Often these are shipped with new operating systems but, once the
gratis period has expired, it can become expensive to keep renewing
the license. It doesn’t have to be this way however. With a little
research it is easy to get yourself protected for free.
13. Layers of Security
Physical
Network
System
User
User
Safeguards the personnel, hardware, programs, networks, and data from physic
al threats
Protects the networks and their services from unauthorized modification, destru
ction, or disclosure
Protects the system and its information from theft, corruption, unauthorized
access, or misuse
Ensures that a valid user is logged in and that the logged‐in user is allowed to use
an application/ program
14. Physical Security
Physical security describes security measures that are designed
to deny unauthorized access to facilities, equipment and resources,
and to protect personnel and property from damage or harm (such
as theft or terrorist attacks).
Physical security involves the use of multiple layers of
interdependent systems which include CCTV surveillance, security
guards, protective barriers, locks, access control protocols, and
many other techniques.
15. Network Security
Network Security is the process of taking physical and software
preventative measures to protect the underlying networking infrastructure
from unauthorized access, misuse, malfunction, modification, destruction, or
improper disclosure, thereby creating a secure platform for computers,
users and programs
Network security covers a variety of computer networks, both public and
private, that are used in everyday jobs; conducting transactions and
communications among businesses, government agencies and individuals.
Networks can be private, such as within a company, and others which might
be open to public access. Network security is involved in organizations,
enterprises, and other types of institutions.
16. System Security
System can be secured by Antivirus or anti-
virus software (often abbreviated as AV), sometimes
known as anti-malware software, is computer software
used to prevent, detect and remove malicious software.
Antivirus software was originally developed to detect and
remove computer viruses hence the name. However, with
the proliferation of other kinds of malware, antivirus
software started to provide protection from other
computer threats
17. User Security
All registered users have to log in using a password before
they can edit using their usernames. Passwords help
ensure that someone does not masquerade as another
editor. Editors should use a strong password to avoid being
blocked for bad edits by someone who guesses or "cracks"
other editors' passwords. Users may access their
account'spreferences to change their password.