Scribd Logo
Upload

Welcome to Scribd!

  • What Is Internet Security - Web Services - Security Threats - Security Attacks

    Uploaded by

    Uday Verma
    32 views17 pages

    Original Title

    Lecture 2

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    32 views17 pages

    What Is Internet Security - Web Services - Security Threats - Security Attacks

    Uploaded by

    Uday Verma

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    • WHAT IS INTERNET SECURITY

    INTERNET SECURIT • WEB SERVICES


    Y AND
    WEB SERVICES • SECURITY THREATS
    • SECURITY ATTACKS
    • Internet security :
    It is a branch of computer security specifically
    related to not only Internet, often
    involving browser security and the World Wide
    Web, but also network security as it applies to
    What is other applications or operating systems as a whole

    Internet • Objective:
    Security Its objective is to establish rules and measures to
    use against attacks over the Internet. The Internet
    represents an insecure channel for exchanging
    information, which leads to a high risk
    of intrusion or fraud, such
    as phishing, online viruses, Trojans, worms and
    more.
    Role of Security in Internet and Web Services

    Activities on the Internet includes:


    1. Online shopping
    2. Bank Transactions
    and many more.

    Security for websites includes mainly 2 things:


    1. Authentication: – It refers to the process of recognizing the identity of the user
    2. Authorization: – It refers to the process of providing access to various resources –
    database, printers, etc)
    Web Services

    Allows a website to communicate with other Web-Services can be accessed by any


    websites – irrespective of the programming applications because the web-services complies
    languages used. with the common industry standards such as: –

    1. Simple Object Access Protocols (SOAP)


    2. Web Services Description Language (WSDL)
    3.  Web-Services do not have  UI – it only Advantages of Web-Services: –
    contains logic for providing specific services. 1. Web-Services are simple to use
    4.provides an abstraction between the customer 2. Web-Services are loosely coupled
    (client) & the Web Service provider 
    5. Shared among multiple websites
    • Threat is a possible danger that might exploit a
    vulnerability to breach security and therefore cause
    possible harm. So basically threat is a possible
    danger or vulnerability
    • A threat can be either "intentional"
    Threat and or "accidental"

    Attack (The • Attack is any attempt to expose, alter, disable,


    Difference) destroy, steal or gain unauthorized access to or
    make unauthorized use of an Asset
    • An attack should led to a security incident i.e.
    a security event that involves a security violation.
    In other words, a security-relevant system event
    in which the system's security policy is
    disobeyed or otherwise breached.
    • Passive Attack
    • Computer and network surveillance
    • Network
    • Wiretapping
    • Fiber tapping

    Types of •

    Port scan
    Idle scan
    Attacks • Host
    • Keystroke logging
    • Data scraping
    • Backdoor
    • Denial-of-service attack
    • Spoofing
    • Mixed threat attack
    • Network
    • Man-in-the-middle
    • Man-in-the-browser
    • ARP poisoning
    • Ping flood
    Active Attack • Ping of death
    • Smurf attack
    • Host
    • Buffer overflow
    • Heap overflow
    • Stack overflow
    • Format string attack
    • A virus is a software program that
    can spread from one computer to
    another computer or one network
    to another network without the
    user’s knowledge and performs Computer
    malicious attacks.
    Virus
    • It has capability to corrupt or
    damage organization’s sensitive
    data, destroy files,  and format 
    hard drives.
    How Does a Virus
    Attack

    CLICKING ON AN INSTALLING FREE VISITING AN CLICKING ON


    EXECUTABLE FILE SOFTWARE AND INFECTED AND ADVERTISEMENT
    APPS UNSECURED
    WEBSITE

    USING OF INFECTED OPENING SPAM DOWNLOADING


    REMOVABLE EMAIL OR CLICKING FREE GAMES,
    STORAGE DEVICES, ON URL LINK TOOLBARS, MEDIA
    SUCH USB DRIVES PLAYERS AND
    OTHER SOFTWARE.
    Man in the Middle Attack
    Man-in-the-Middle Attack
    ARP Spoofing
    DoS Attack
    IP Spoofing
    Trojan Horse
    Attack
    • Malicious software     
    • ADWARE                               
    • SPYWARE                             
    • WORM

    Various Other •

    PHISHING
    SQL INJECTION

    Security Threat • ROOTKIT

    s
    • MALWARE
    • RANSOMWARE
    • DATA BREACH  
    •  ZERO DAY ATTACK
    • CARELESS EMPLOYEES OF ORGANIZATION
    • What are the differences between a
    vulnerability, a risk, and a threat?
    • Why are internal threats oftentimes
    more successful than external
    threats?
    Review • State the difference between virus
    Questions and worm.
    • What is the full form of OWASP ?
    • Name common types of non-
    physical threats.

    You might also like