Sixth Day- Information Security

CDAC

Its name of Institute, Center for Development of Advanced Computing(CDAC). CDAC offers different PG Diploma courses in field of Computer Science, Electronics, Security, Mobile Computing… Diploma in Advanced Computing (DAC) is a well known course offered by CDAC.

In order to make our IT infrastructure resilient(recoverable from adverse affect) against these threats, there is a need for cutting-edge Research and Development efforts in Cyber Security. C-DAC has been actively pursuing R & D in a number of sub-areas in Cyber Security domain.

Information Security Assurance

  1. Confidentiality of data- It means data is not read and manipulated by intruders.
  2. Data Integrity – The data send by sender is the data received by receiver.
  3. Authentication- The sender and receiver can’t deny of sending and receiving respectively. One of technique used is Digital Signatures.
  4. Non-Repudiation- It’s the term used in legal contracts where sender or receiver later on can’t refuse to the authentication of the signatures.
  5. Non-Fabrication- The unauthorized person is sending the data to the receiver. It seems to receiver that data is sent by authorized sender which is untrue.
  6. Availability- The data is readily available when it is required.

Information security process is a three wheeler process.

CIA- Confidentiality  Integration Availability

Attack on 7 layer OSI Model

678d21456a59ea41bbe2f227429bc5b1

Common Online Attack

Denial of Service

It is cyber attack where the intruder make the machine resources unavailable to the intended users by temporarily or indefinitely disrupting(break) the services of host connected to internet.

DDoS Implementation

It is implemented through Botnet. Bot means an automated computer program to perform a particular task.

Here, Botmaster(intruder) cunningly insist people to install bot in their computer over a network. It can be through various ways like “Click here to win iphone7”;). When they click bot in their local machine is installed. Likewise over a network it is installed in millions of machines. Then botmaster orders the bot to go to particular site at a time(like Amazon). There is increase in the overhead on the amazon for that time. Hence intended users not able to use Amazon i.e. Denial of shopping:D

That is why it is Distributed denial of Service as it is done with the help of millions o computers cunningly.

Social Engineering

Social engineering principally involves manipulation of the people rather than technology to breech the security. Here human as a weapon for intruder to attack human.

Types of Social Engineering

Dumpster Diving- The intruder search the credentials and gather information from the dump or dustbin. Here, dustbin means the data which we throw in the trash.

Persuasion- It’s a telephone calling. Intruders persuade humans by calling them supposedly from banks. They play tactics to intake the credential information.

Shoulder Surfing- In this attack the intruder see confidential data by looking over the victim’s shoulder. Either by standing close to him or using binoculars.

Baiting- Baiting is when an attacker intentionally leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware.

Phishing- Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware.

Identity Theft- In identity theft the attacker use someone’s identity to do a crime or wrongful thing. It can be implemented through sim cards, BPO(Business Process Outsourcing).

A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files at a pre-defined time or when some other condition is met.

Some viruses attack their host systems on specific dates, such as Friday the 13th or April Fools’ Day. Trojans that activate on certain dates are often called “time bombs”.

That is why we say that update your Antivirus Software regularly.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s