Presented by

Rubbia Khalid
(LCM-4073)
Presented to
Sir Umair
Aslam
 WHY SYSTEMS ARE VULNERABLE

• WHEN LARGE AMOUNTS OF DATA ARE STORED IN ELECTRONIC

FORM, THEY ARE MORE VULNERABLE TO THREATS THE
POTENTIAL FOR UNAUTHORIZED ACCESS, ABUSE OR FRAUD IS
NOT LIMITED TO A SINGLE LOCATION CONTEMPORARY
SECURITY CHALLENGES TECHNICAL, ORGANIZATIONAL AND
ENVIRONMENTAL FACTORS.
INTERNET VULNERABILITIES : COMPUTERS
THAT ARE CONSTANTLY CONNECTED TO INTERNET BY CABLE
MODEMS OR DSL’S ARE MORE OPEN TO PENETRATION BY
OUTSIDERS BECAUSE THEY USE FIXED INTERNET ADRESSES
WHERE THEY CAN BE EASILY IDENTIFIED.

WIRELESS SECURITY CHALLENGES: RADIO

FREQUENCY BANDS ARE EASY TO SCAN THE SERVICE SET
IDENTIFIERS (SSID) IDENTIFYING THE ACCESS POINTS
BROADCAST MULTIPLE TIMES
 MALICIOUS SOFTWARE
(MALWARE)
VIRUS :
• MALICIOUS SOFTWARE PROGRAM THAT ATTACHES ITSELF TO ANOTHER
PROGRAM OR FILE TO BE EXECUTED .
• MOSTLY THEY DELIVER A ‘PAYLOAD’, (JUST A MESSAGE OR DESTROYS DATA)
• SPREAD FROM COMPUTER TO COMPUTER, TRIGGERED BY HUMAN ACTIONS

WORM :
• COPY THEMSELVES FROM COMPUTER TO COMPUTER THROUGH NETWORK
• DESTROY DATA AND HALT OPERATIONS OF COMPUTER NETWORK
• USUALLY COME THROUGH DOWNLOADED PROGRAMS, E-MAIL ATTACHMENTS
• MALWARE TARGET MOBILE DEVICES TOO, THUS BEING A SERIOUS THREAT TO
ENTERPRISE COMPUTING
TROJAN HORSE
• LOOKS LIKE A LEGITIMATE PROGRAM
• DOES NOT REPLICATE ITSELF, BUT CREATES WAY FOR VIRUS AND OTHER MALICIOUS
CODE
• BASED ON THE GREEK TROJAN WAR

SQL INJECTION ATTACKS

• MALWARE THAT TAKES ADVANTAGE OF VULNERABILITIES IN POORLY COSE WEB
APPLICATION SOFTWARE
• ENTER DATA INTO ONLINE FORM TO CHECK FOR VULNERABILITY TO A SQL INJECTION

SPYWARE
• SMALL PROGRAMS THAT TEMPORARILY INSTALL THEMSELVES ON THE COMPUTER TO
MONITOR WEB SURFING FOR ADVERTISING, BUT THEY ALSO ACT AS MALWARE,
AFFECTING THE COMPUTER PEFORMANCE
HACKING AND COMPUTER CRIME

HACKING :
• ACCESSING A COMPUTER SYSTEM UNAUTHORIZED
• USUALLY “CRACKER” IS AN INDIVIDUAL WITH CRIMINAL INTENT
• FIND WEAKNESSES IN THE SECURITY FEATURES OF WEB SITES OR COMPUTER
SYSTEMS

CYBER VANDALISM :
• INTENTIONAL DISRUPTION, DEFACEMENT OF WEB SITE OR CORPORATE INFORMATION

SPOOFING :
• HACKERS HIDE THEMSELVES BEHIND FAKE IDS
• ALSO INVOLVES REDIRECTING A WEB LINK TO A FAKE ONES THAT LOOKS LIKE THE
ORIGINAL SITE
 SNIFFING :
• EAVESDROPPING PROGRAM THAT MONITORS
INFORMATION TRAVELING OVER A NETWORK
• THEY HAVE A LEGITIMATE USE AS WELL, BUT OTHERWISE
CAN BE VERY LETHAL

DOS ATTACK :
• HACKERS FLOOD A NETWORK SERVER OR WEB SERVER
WILL MANY REQUESTS FOR SERVICES TO CRASH THE
NETWORK
• FOR E-COMMERCE SITES, THESE ATTACKS CAN BE COSTLY
 HACKING AND COMPUTER CRIME

COMPUTER CRIME
“ANY VIOLATIONS OF CRIMINAL LAW THAT INVOLVE A KNOWLEDGE OF COMPUTER
TECHNOLOGY FOR THEIR PERPETRATION, INVESTIGATION OR PROSECUTION”

COMPUTERS AS TARGETS OF CRIME :

• BREACHING THE CONFIDENTIALITY OF PROTECTED COMPUTERIZED DATA
• ACCESSING A COMPUTER WITHOUT AUTHORITY
• ACCESSING A PROTECTED COMPUTER TO COMMIT FRAUD
• ACCESSING A PROTECTED COMPUTER TO CAUSE DAMAGE TRANSMITTING
A PROGRAM THAT INTENTIONALLY CAUSES DAMAGE
• THREATENING TO CAUSE DAMAGE TO PROTECTED COMPUTER 
COMPUTER AS INSTRUMENTS OF CRIME  :
• THEFT OF TRADE SECRETS UNAUTHORIZED
COPYING OF SOFTWARE OR COPYRIGHTED
INTELLECTUAL PROPERTY SCHEMES TO DEFRAUD
USING E-MAIL FOR THREATS AND HARASSMENT
INTENTIONALLY ATTEMPTING TO INTERCEPT
ELECTRONIC COMMUNICATION ILLEGALLY
ACCESSING STORED ELECTRONIC DOCUMENTS
 HACKING AND COMPUTER CRIME

IDENTITY THEFT
• CRIME IN WHICH AN IMPOSTER OBTAINS KEY PIECES OF KEY PERSONAL INFORMATION TO
IMPERSONATE SOMEONE ELSE, EG. CREDIT CARD THEFT

PHISHING
• SETTING UP FAKE WEB SITES OR SENDING FAKE E
• MAILS THAT LOOK LEGITIMATE TO ASK USERS FOR PERSONAL DATA

PHARMING
• REDIRECTS USERS TO FAKE WEB PAGE EVEN WHEN THEY HAVE ENTERED THE CORRECT WEB ADDRESS
• HAPPENS WHEN ISP COMPANIES HAVE FLAWED SOFTWARE

CYBERTERRORISM
• CYBER ATTACKS THAT TARGET SOFTWARE THAT RUN ELECTRIC POWER GRIDS, AIR TRAFFIC CONTROL,
OR BANK NETWORKS (ON LARGE SCALE)
 CLICK FRAUD

• IT OCCURS WHEN A INDIVIDUAL OR COMPUTER

PROGRAM FRAUDULENTLY CLICKS ON AN ONLINE
ADD WITHOUT ANY INTENTION OF LEARNING
MORE ABOUT THE ADVERTISER OR MAKING A
PURCHASE