Professional Documents
Culture Documents
Measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack
First Known Use of CYBER SECURITY 1994.
Why you need cyber security:- The protection of data, networks and computing power. The protection of data
(information security) is the most important. The protection of networks is important to prevent loss of server
resources as well as to protect the network from being used for illegal purposes. The protection of computing power
is relevant only to expensive machines such as large supercomputers
What is Cyberspace? :
Cyberspace is a worldwide network of computers and the equipment that connects them, which by its very design is
free and open to the public (the Internet) The problem has gotten more prevalent with always-on, high-speed internet
access. Attackers are always out there looking for that type of computer
As long as your computer is connected to the internet, that connection can go both ways. The attackers are mostly
malicious pranksters, looking to access personal and business machines or disrupt net service with virus programs
proliferated via email, usually just to prove they can. However, there are also more serious attackers out there whose
goals could range from mining valuable data (your credit card or bank information, design secrets, research secrets,
etc) to even disrupting critical systems like the stock market, power grids, air-traffic controllers programs, and the
most dangerous-our nuclear weapons
Cyberspace as a Battleground? :
5 Cyberspace as a Battleground? Each day, there is an increase in the number of threats against our nation's critical
infrastructures. These threats come in the form of computer intrusion (hacking), denial of service attacks, and virus
deployment.
Growing Concern : Growing Concern Computing Technology has turned against us Exponential growth in security
incidents Pentagon, US in 2007 Estonia in April 2007 Computer System of German Chancellory and three
Ministries Highly classified computer network in New Zealand & Australia Complex and target oriented software
Common computing technologies and systems Constant probing and mapping of network systems
Trends of Incidents :
Trends of Incidents Sophisticated attacks Attackers are refining their methods and consolidating assets to create
global networks that support coordinated criminal activity Rise of Cyber Spying and Targeted attacks Mapping of
network, probing for weakness/vulnerabilities Malware propagation through Spam on the rise Storm worm, which is
one of the most notorious malware programs seen during 2007-08, circulates through spam
Trends of Incidents Phishing Increase in cases of fast-flux phishing and rock-phish Domain name phishing and
Registrar impersonation Crimeware Targeting personal information for financial frauds Information Stealing
through social networking sites Rise in Attack toolkits Toolkits like Mpack and Neospolit can launch exploits for
browser and client-side vulnerabilities against users who visit a malicious or compromised sites
Global Attack Trend :
Global Attack Trend Source: Websense
Security of information & information assets is becoming a major area of concern With every new application,
newer vulnerabilities crop up, posing immense challenges to those who are mandated to protect the IT assets
Coupled with this host of legal requirements and international business compliance requirements on data protection
and privacy place a huge demand on IT/ITES/BPO service organizations We need to generate ‘Trust & Confidence’
Security of Information Assets
Virus ProfilesNimda (note the garbage in the subject) Sircam (note the “personal” text) Both emails have
executable attachments with the virus payload.
Trojan Horse arrives via email or software like free games. Trojan Horse is activated when the software or
attachment is executed. Trojan Horse releases virus, monitors computer activity, installs backdoor, or transmits
information to hacker. Trojan horse attack
Spamming Attacks :
Spamming Attacks Sending out e-mail messages in bulk. It’s electronic “junk mail.” Spamming can leave the
information system vulnerable to overload. Less destructive, used extensively for e-marketing purposes.
Slide 25:
25 Shoulder surfing takes many forms. Some may not be obvious.
Slide 26:
26 Traditional Hacker Profile*: “juvenile, male, delinquent, computer genius” Modern Hacker Profile: “age 12-60,
male or female, unknown background, with varying technological skill levels. May be internal or external to the
organization”
Q&A:
Q & A “It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to
change” Charles Darwin Survival…..
India to develop its own cyber security tools
It will reduce dependence on foreign vendors like McAfee and Symantec for anti-virus tools
Published on 10/21/2010 - 10:34:39 AM
New Delhi: The Government of India is preparing a cyber security policy framework focused on
indigenous research and development (R&D).
“It will reduce dependence on foreign vendors like McAfee and Symantec for anti-virus tools,” an official
said.
A decision to evolve a common research agenda outlining the current capabilities of different
organisations, existing gaps and R&D priorities for the future was recently taken at a high-level meeting.
The modalities of the cyber security framework will be discussed threadbare in the next meeting
scheduled in December, sources said.
“International firms are unlikely to share information beyond data concerning India-specific domains,” the
officials at the meeting opined.
The officials attending the meeting are learnt to have deliberated at length on putting in place a system
that mandates reporting of vulnerabilities.
“Dependence on foreign vendors for supply of anti-virus tools creates vulnerabilities because these
vendors need access to Indian cyber space for remote updates,” an internal government note said.
These issues need to be addressed through robust regulatory and R&D strategies, the note added.
—iGovernment Bureau