Network and Information Security

 Security
 Information security
 Threat
 Types of Threats
 measures
Introduction to Security

What is Security?

1
Network and Information Security
 Dictionary.com says:
1. Freedom from risk or danger; safety.
2. Freedom from doubt, anxiety, or fear;
confidence.
3. Something that gives or assures safety, as:
1. A group or department of private
guards: Call building security if a visitor
acts suspicious.
2. Measures adopted, as by a business or
homeowner, to prevent a crime such as
burglary or assault: Security was lax at
the firm's smaller plant etc.

10
 What is Information Security?
What is Information Security?

 The protection of information systems that are

used and the data that they process against
unauthorized access.

 Information security is the practice of

defending information from unauthorized
access, use, disclosure, disruption, modification,
perusal, inspection, recording or destruction
.
 Concepts of information security
Three Concepts of information security
1. Confidentiality of data
Confidentiality is the principle that information and information systems
are only available to authorized users, that that they are only used for
authorized purposes, and they are only accessed in an authorized manner
2. Integrity of data
Integrity safeguards ensure modifications are not made by unauthorized
users and that unauthorized modifications are not made by authorized
users. Integrity controls also ensure information is current and has not
been altered or damaged
3. Authentication of users
Authentication is the testing or reconciliation of evidence of users’
identities. It establishes the user’s identity and ensures that the user proves
he, she, or it is who they claim they are. The most common example of an
authentication entity is a password
.
 Why do we need security?
Why do we need security?
 Protect vital information while still allowing
access to those who need it
 Provide authentication and access control for
resources.
 Guarantee availability of resources Knowing that
no one has been able to change your information,
so you can depend on its accuracy (information
integrity)
 Ensuring that your information remains
confidential and only those who should access
that information
.
10
 Subject and Object of Attack

A computer can be either or both the subject of

an attack and/or the object of an attack

When a computer is
 the subject of an attack, it is used as
an active tool to conduct the attack
 the object of an attack, it is the entity
being attacked
.
Subject and Object of Attack
.
 Threats to information security

 A threat is an object, person, or other

entity that represents a constant danger to
an asset
 By examining each threat category in turn,
management effectively protects its
information through policy, education and
training, and technology controls
.

10
 Threats to information security

1. Acts of Human Error or Failure.

Includes acts done with no malicious intent
Caused by:
Inexperience
Improper training
Incorrect assumptions
Employees are greatest threats to information
security – they are closest to the organizational
data
 Threats to information security
2. Hacking (Hackers / Crackers)
Hacking is a term used to describe actions taken by someone
to gain unauthorized access to a computer
What it is:
The process by which cyber criminals gain access to your
computer.
What it can do:
Find weaknesses (or pre-existing bugs) in your security settings
and exploit them in order to access your information.

10
 Threats to information security
3. Distributed denial-of-service (DDoS) attack
 A distributed denial-of-service (DDoS) is when a malicious user gets a
network of computers to sabotage a specific website or server. The attack
happens when the malicious user tells the computers to contact a specific
website or server over and over again.

 That increase in the volume of traffic overloads the website or server

causing it to be slow for legitimate users, sometimes to the point that the
website or server shuts down completely.

 By taking advantage of security vulnerabilities or weaknesses, an attacker

could take control of your computer. He or she could then force your
computer to send huge amounts of data to a website or send spam to
particular email addresses. The attacks are "distributed" because the
attacker is using multiple computers, including yours, to launch the denial-
of-service attacks.
 Threats to information security
What it can do:
The most common and obvious type of DDoS attack occurs when an attacker
“floods” a network with useless information. When you type a URL into your
browser, you are sending a request to that site's computer server to view
the page. The server can only process a certain number of requests at once.
If an attacker overloads the server with requests, it can't process yours. The
flood of incoming messages to the target system essentially forces it to shut
down, thereby denying access to legitimate users.
What you can do:
 There are steps you can take to reduce the likelihood that an attacker will use your
computer to attack other computers:
 Install and maintain anti-virus software.
 Install a firewall, and configure it to restrict traffic coming into and leaving your
computer.
 Follow good security practices when it comes to maintaining your contact or email lists.
 Be cautious if you notice that your Internet connection is unusually slow or you can't
access certain sites (and that your Internet connection is not down).
 Avoid opening email attachments, especially if they are from people you don't know.
 " because the attacker is using multiple computers, including yours, to launch the denial-
of-service attack
 Threats to information security
5. Pharming
Pharming is a common type of online fraud.
What it is:
A means to point you to a malicious and illegitimate website by redirecting the legitimate URL.
Even if the URL is entered correctly, it can still be redirected to a fake website.
What it can do:
Convince you that the site is real and legitimate by spoofing or looking almost identical to the
actual site down to the smallest details. You may enter your personal information and
unknowingly give it to someone with malicious intent.
6. Phishing
Phishing is used most often by cyber criminals because it's easy to execute and can produce the
results they're looking for with very little effort.
What it is:
Fake emails, text messages and websites created to look like they're from authentic companies.
They're sent by criminals to steal personal and financial information from you. This is also
known as “spoofing”.
What it does:
• Trick you into giving them information by asking you to update, validate or confirm your
account. It is often presented in a manner than seems official and intimidating, to
encourage you to take action.
• Provides cyber criminals with your username and passwords so that they can access your
accounts (your online bank account, shopping accounts, etc.) and steal your credit card
numbers.

Security Ali Najib Akoya 10

 Threats to information security
7. Ransomware
What it is:
Ransomware is a type of malware that restricts access to your computer or your files and displays a message
that demands payment in order for the restriction to be removed. The two most common means of infection
appear to be phishing emails that contain malicious attachments and website pop-up advertisements.
What it can do:
There are two common types of ransomware:
Lockscreen ransomware: displays an image that prevents you from accessing your computer
Encryption ransomware: encrypts files on your system's hard drive and sometimes on shared network drives,
USB drives, external hard drives, and even some cloud storage drives, preventing you from opening them
Ransomware will display a notification stating that your computer or data have been locked and demanding a
payment be made for you to regain access. Sometimes the notification states that authorities have detected
illegal activity on your computer, and that the payment is a fine to avoid prosecution.
What you can do:
 Do not pay the ransom. These threats are meant to scare and intimidate you, and they do not come from
a law enforcement agency. Even if you submit payment, there is no guarantee that you will regain access
to your system.
 If your computer has been infected (i.e. you are unable to access your computer or your files have been
encrypted), contact a reputable computer technician or specialist to find out whether your computer can
be repaired and your data retrieved.
 In order to lessen the impact of a ransomware infection, be sure to regularly back-up your data with a
removable external storage drive. It's possible that your files might be irretrievable; having an up-to-date
backup could be invaluable

Phone: 0704950176 watsup /0786118076 Security Ali Najib Akoya 10

 Threats to information security
9. Viruses
Most people have heard of computer viruses, but not many know exactly what they are or what
they do.
What they are:
Malicious computer programs that are often sent as an email attachment or a download with
the intent of infecting your computer, as well as the computers of everyone in your contact list.
Just visiting a site can start an automatic download of a virus.
What they can do:
Send spam.
Provide criminals with access to your computer and contact lists.
Scan and find personal information like passwords on your computer.
Hijack your web browser.
Disable your security settings.
Display unwanted ads.
When a program is running, the virus attached to it could infiltrate your hard drive and also
spread to USB keys and external hard drives. Any attachment you create using this program and
send to someone else could also infect them with the virus.
 Threats to information security
9. Wi-Fi Eavesdropping
WiFi eavesdropping is another method used by cyber criminals to
capture personal information.
What it is:
Virtual “listening in” on information that's shared over an unsecure (not
encrypted) WiFi network.
What it can do:
Potentially access your computer with the right equipment.
Steal your personal information including logins and passwords.
10. Deliberate Acts of Theft
Illegal taking of another’s property - physical, electronic, or intellectual
The value of information suffers when it is copied and taken away
without the owner’s knowledge
Physical theft can be controlled - a wide variety of measures used from
locked doors to guards or alarm systems
Electronic theft is a more complex problem to manage and control -
organizations may not even know it has occurred
 Threats to information security
11. Forces of Nature
• Forces of nature are dangerous because they are
unexpected and can occur with very little warning
• Can disrupt not only the lives of individuals, but
also the storage, transmission, and use of
information
• Include fire, flood, earthquake, and lightning as
well as volcanic eruption and insect infestation
• Since it is not possible to avoid many of these
threats, management must implement controls to
limit damage and also prepare contingency plans
for continued operations
 Threats to information security
How will you know if your computer is infected?
Here are a few things to check for:
• It takes longer than usual for your computer to start up, it restarts on
its own or doesn't start up at all.
• It takes a long time to launch a program.
• Files and data have disappeared.
• Your system and programs crash constantly.
• The homepage you set on your web browser is Web pages are slow to
load.
• Your computer screen looks distorted.
• Programs are running without your control.
• If you suspect a problem, make sure your security software is up to
date and run it to check for infection. If nothing is found, or if you are
unsure of what to do, seek technical help.

Phone: 0704950176 watsup /0786118076 Security Ali Najib Akoya 10

How to secure from the threats

1. Installation of cameras
2. Anti-virus
3. Fire walls
4. Passwords
5. Physical detection equipment’s (biometrics)
6. Fire extinguishers
 How to secure from the threats
1. Anti-virus software
 Personal Anti-virus SW on your machine
 Make sure it is set to scan all executable,
compressed files, e-mail, e-mail attachments,
web pages
 Keep your virus information files up to date!!!

Phone: 0704950176 watsup /0786118076 Security Ali Najib Akoya 10

 How to secure from the threats
2. System firewall
• In computing, a firewall is a network
security system that monitors and controls the
incoming and outgoing network traffic based
on predetermined security rules.
• firewall is a software program or piece of
hardware that helps screen out hackers,
viruses, and worms that try to reach your
computer over the Internet..
• The firewall ensures that all communication
between an organization's network and the
Internet connection conforms to the
organization's security policy. Firewalls track
and control communications, deciding whether
to pass, reject, encrypt, or log
communications.”

10
 Computer maintenance
is the practice of keeping computers in a good state of repair.
1. File backups
In computing the phrase backup means to copy files to a second medium
(a disk or tape) as a precaution in case the first medium fails. One of the
cardinal rules in using computers is back up your files regularly.
Even the most reliable computer is apt to break down eventually.
Practice of protecting important data by storing duplicate files on a
different location on the same drive, on different drives, diskettes, media,
computer, and/or site. Some application programs allow automatic
duplication of files.
2. System Restore
is a feature first introduced in Windows XP. It allows users to restore
their computers to a previous state without losing personal data
files. System Restore automatically creates restore points, which you
can use to revert your system to the way it was at a previous time

Ali Najib Akoya 10

 END

Phone: 0704950176 watsup /0786118076 Security Ali Najib Akoya 10