Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Security Control

No description
by

palash mallik

on 16 February 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Security Control

IT Security IT Fraud 419 Fraud Human factor is security’s weakest link A secure computer is one that’s turned off Only two things are infinite, the universe and human stupidity Nigerian Money Offer
Spanish Prisoner Scam computer virus Computer worm Trojan horse a program which appears to be legitimate, but is really malware
disguised as program the computer user find desirable
malicious program which causes harm to computers Spyware Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent. 5-10% Absolute Honest PHYSICAL SECURITY LOGICAL SECURITY Encryption: Encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. Firewall a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts Firewall Denial-of-service attack A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. At the Zombie machine: set and enforce security policies
At the ISP: Monitor and block traffic spikes.
At the victim's website: create backup server, Install IDS e-mail Monitoring:
virus defenses: Security codes: Backup files: Security Monitor: Biometric Security : Fault Tolerant Systems: Computer Failure Control: VISA: 1 billion users
$2 trillion transaction per year
23 million ATM *power faliure
*electronic circuitry malfunction
*network problem
*hidden programming error
*virus "There is no such thing as 99.9 percent relaibility; it has to be 100 percent."- Richard l. knight. computere device that measure physical traits that make each individual unique Unauthorized use
fraud
destruction duplicate files of data or programs smart cards Terminology Lagos, Nigeria.
Attention: The President/CEO

Dear Sir,

Confidential Business Proposal

Having consulted with my colleagues and based on the information gathered from the Nigerian Chambers Of Commerce And Industry, I have the privilege to request your assistance to transfer the sum of $47,500,000.00 (forty seven million, five hundred thousand United States dollars) into your accounts. The above sum resulted from an over-invoiced contract, executed, commissioned and paid for about five years (5) ago by a foreign contractor. This action was however intentional and since then the fund has been in a suspense account at The Central Bank Of Nigeria Apex Bank.

We are now ready to transfer the fund overseas and that is where you come in. It is important to inform you that as civil servants, we are forbidden to operate a foreign account; that is why we require your assistance. The total sum will be shared as follows: 70% for us, 25% for you and 5% for local and international expenses incidental to the transfer.

The transfer is risk free on both sides. I am an accountant with the Nigerian National Petroleum Corporation (NNPC). If you find this proposal acceptable, we shall require the following documents:

(a) your banker's name, telephone, account and fax numbers.

(b) your private telephone and fax numbers —for confidentiality and easy communication.

(c) your letter-headed paper stamped and signed.

Alternatively we will furnish you with the text of what to type into your letter-headed paper, along with a breakdown explaining, comprehensively what we require of you. The business will take us thirty (30) working days to accomplish.

Please reply urgently.

Best regards

Howgul Abul Arhu Absolute Dishonest 5-10% 80-90% Conditional Caesar cipher Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC Fake Check Frank William Abagnale Albert Gonzalez Zombie a zombie is a "child" program that was started by a "parent" program
but then abandoned by the parent A computer that has been implanted with a daemon that puts it under the control of a malicious hacker without the knowledge of the computer owner 170 million card $2.5 million across 26 countries A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the user. (www.wikipedia.com).

The term comes from the term virus in biology. Similar to the way a biological virus works, a computer virus reproduces by making (possible modified) copies of itself in the computers memory, storage, or over a network. Often hidden in programs
or documents, a virus
is activated when opened/executed What? How? How Do I Know I have A Computer Virus? Programs take longer to load than normal
Hard drive runs out of hard disk space
Files have strange names you don’t recognize
Conventional memory is less than it used to be
Programs run erratically Viruses often seek to disable or destroy computers
or data, but can act like almost any sort of Malware a self-replicating program
which sends copies of itself
to any other computers
on the same network Unlike a computer virus,
a worm can copy
itself automatically. •the first self-replicating code was created by Ken Thompson in 1984.
•due to widespread use of the Internet these infections spread quickly
with no boundaries all over the world. Worms can duplicate in large numbers.
a worm can send out copies of itself to every contact in your e-mail address book, and then it can send itself to all of the contacts your contact's e-mail address books
Some worms spread very quickly and block networks and can cause long waits for you to view Web pages on the Internet. What do computer worms do History accessing what looks like legitimate documents or files
downloading programs for free games, movies and songs
instant messaging
accessing WWW or FTP archives
carelessly opening email attachments How do I get infected? it infects computers by infecting various files and destroying information on a computer To avoid allowing Trojans in:
Never click on pop-up ads
Only open email attachments if you were expecting them
Be suspicious of any software you don't recognize
Be suspicious of any virus/malware warnings Backdoor Two types of firewalls, hardware and software.

Hardware are called network firewalls. These are put between your computer and the Internet, they are good for protecting a number of computers or networks.

Software can be used to place with another firewall which your computer may have came with. Software can help prevent viruses coming from downloaded files off the Internet. Secret entry point to a program allows those who know access bypassing
usual security procedures usedy by developes for testing and debugging Logic Bomb A logic bomb is a piece of code intentionally
inserted into a software system that will set off a
malicious function when specified conditions are
met (i.e. a trigger) Trial Software
-acceptable, non-malicious Roger Duronio’s Logic Bomb Duronio was a systems administrator on a $160,000 salary.
Had a logic bomb in the works, but it wasn’t activated until his
idea for a $175,000 salary was shot down.

Resigned on 2-22-02, his logic bomb triggered on 3-4-02

Logic bomb caused more than $3,000,000 in damages, taking
roughly 2,000 servers offline Spoofing Wire Transfer •E-Mail hijacking/friend scams
•FollowupScamming
•Bona vacantia
•Fake job offer
•Physical harm or death
•Victim becoming a criminal
sniffer •Web-based e-mail Anti Virus: $10.2 million largest bank robbery in U.S. history Irving Trust Company in New York 43,200 carats (8.6 kg) in diamonds from a Russian agency 1978 At age 12, Mitnick used social engineering to bypass the punchcard system used in the Los Angeles bus system Evading the FBI Gaining full administrator privileges to an IBM minicomputer at the Computer Learning Center in Los Angeles in order to win a be Hacking Motorola, NEC, Nokia, Sun Microsystems and Fujitsu Siemens systems stealing credit card numbers and breaking into the Israeli army radio station's telephone system to set up an illicit phone company Badirs' scams pulled in more than $2 million $20,000 Braille-display computer from Germany •Allow – traffic that flows automatically because it has been deemed as “safe” (Ex. Meeting Maker, Eudora, etc.)
•Block – traffic that is blocked because it has been deemed dangerous to your computer
•Ask – asks the user whether or not the traffic is allowed to pass through
• Intrusion : Attempting to break into or misuse your system.
• Intruders may be from outside the network or legitimate users of the network.
• Intrusion can be a physical, system or remote intrusion. Intrusion why • Buffer overflows
• Unexpected combinations
• Unhandled input Intrusion detection system An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station attacks that originate from within a system Sadmind worm (2001) Beast Trojan (2002) IDS An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station Information theft is up over 250% in the last 5 years.
99% of all major companies report at least one major incident.
Telecom and computer fraud totaled $10 billion in the US alone.
Full transcript