Introduction to Network Security - Computer Security - Lecture Slides, Slides of Computer Security

A lecture from computer security with key points: Introduction to Network Security, Security Threats, Security Measures, Computer Security, Trojan Horse Programs, Unprotected Windows Share, Email Borne Viruses, Technical Aspect, Web References

Typology: Slides

2013/2014

Uploaded on 01/29/2014

jamil
jamil 🇮🇳

4

(12)

139 documents

1 / 33

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Introduction to Network
Security
docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21

Partial preview of the text

Download Introduction to Network Security - Computer Security - Lecture Slides and more Slides Computer Security in PDF only on Docsity!

Introduction to Network

Security

Acknowledgements

Understanding the Threats

Vulnerability

  • Intentional attacks on computing resources and networks persist for a number of reasons
  • Complexity of computer software and newly emerging hardware and software combinations make computer and the network susceptible to intrusion - It is difficult to thoroughly test an application for all possible intrusions

Trojan Horse Programs

  • Trojan horses are programs that are installed without the knowledge of the user
  • Trojan horse programs can perform a wide variety of covert talks such as modifying and deleting files, transmitting files to the intruder, installing programs, installing viruses and other Trojan horse programs etc.

Backdoor and Remote Administration Programs

  • Covert installation of remote administration programs such as BackOrifice, Netbus and SubSeven
  • Such programs give remote access to the computer from anywhere on the Internet

Unprotected Windows Share

  • Malicious code can be stored in protected Windows share for propagation

Mobile code (Java/JavaScript/ActiveX)

  • Mobile codes in Java, JavaScript, and ActiveX can be executed by a web browser is generally useful, but it can also be used to run malicious code on the client computer.
  • Disabling Java, JavaScript, and ActiveX from running in the Web browser must be considered when accessing websites that cannot be trusted
  • Email received in HTML format is also susceptible to mobile code attack because it could also carry the mobile code

Email Spoofing

  • Email “spoofing” tricks the user in believing that the email originated from a certain user such as an administrator although it actually originated from a hacker
  • Such emails may solicit personal information such as credit card details and passwords
  • Examining the email header may provide some additional information about the origin of the email

Email Borne Viruses

  • Malicious code is often distributed through email as attachments
  • Attachments must thus be opened with caution

Chat Clients

  • Internet chat applications such as instant messaging applications and
  • Internet Relay Chat (IRC) involve the exchange of information including files that may contain malicious executable codes
  • The same caution that applies to email attachments apply here as well

Packet Sniffing

  • Packet sniffer programs capture the contents of packets that may include passwords and other sensitive information that could later be used for compromising the client computer
  • For example, a sniffer installed on a cable modem in one cable trunk may be able to sniff the password from other users on the same trunk
  • Encryption of network traffic provides one of the defenses against sniffing

Reasons to Secure Computing and Network Resources

  • Many businesses rely heavily on computers to operate critical business processes
  • Individuals are using computers for tasks that required confidentiality
  • Advent of Internet has provided a physical path of entry for every computer connected to the Internet - An always connected broadband connection is always vulnerable in this case

Providing Security

  • Providing security requires action on two fronts, namely the management and the technical fronts respectively
  • The management aspect relates to organizational policies and behavior that would address security threats and issues
  • The technical aspect relates to the implementation of hardware and software to secure access to computing resources and the network