CONTENTS
• What is a Threat and a Vulnerability
• Types of Threats
• What is Social Engineering
• Types of Social Engineering
• Information & Computer safety practices
• Quick Tips
• Q&A
2
VULNERABILITY
• “A vulnerability is a flaw or weakness in the system”
• It is loophole in the system’s design, implementation, operation and management
that can be exploited or misused to violet system’s security policy.
3
THREATS
• Threat is a possible danger that might exploit a vulnerability to breach security and
thus cause possible harm.
• Threat can be intentional or accidental.
• An intentional threat can be caused by some criminal organization or community of
unethical hackers.
• An accidental threat can be caused by occurrence of natural disasters such as
earthquakes, fire, tornado.
4
• Virus is piece of software that can infect a computer without the permission or
knowledge of the user.
• A typical virus is sent as an attachment which may be hidden.
• It is transmitted over internet or network or through sharing of external portable
devices, removable media such as USB sticks and CDs.
• Worm a self replicating, malicious software program. It uses network to send
copies of itself to other computers on the network.
• Trojan/Trojan horse is nothing but an illegitimate program inside legitimate
program. It creates a secret way for hackers to enter in to your system by installing
backdoor programs.
6
• Spyware is software that is secretly installed on a computer without the user’s
consent. It monitors user activity or interferes with user control over a personal
computer.
• Adware is software which automatically plays, displays, or downloads
advertisements to a computer.
• The adware runs either after a software program has been installed on a computer
or while the application is being used.
• In some cases, adware is accepted by users in exchange for using software free-of-
charge.
• Not all adware types are dangerous. However, some types of adware are also
spyware and therefore a threat to privacy.
7
• SPAM is electronic junk email. The amount of spam has now reached 90 billion
messages a day. Email addresses are collected from chat rooms, websites,
newsgroups and by Trojans which harvest users’ address books.
• Don’t click on SPAM mails, directly delete them.
• SPIM is spam sent via instant messaging systems such as Yahoo! Messenger, MSN
Messenger and ICQ.
• SPIT is Spam over Internet Telephony. These are unwanted, automatically-
dialled, pre-recorded phone calls using Voice over Internet Protocol (VoIP).
• SYSTEM ATTACKS includes various types of attacks intended to destroy, steal or
misuse information over internet or networks.
• Various types includes BOTNET, DOS, DDos attacks, Flooding attacks, Buffer
attacks, TCP-IP attacks etc…
8
SOCIAL ENGINEERING
• “Social Engineering” is a psychological manipulation of people in order to gather
confidential information.
• This is a purposeful act carried out either to misuse someone’s personal information
to cause fraud or gain system access.
9
TYPES OF SOCIAL ENGINEERING
EAVESDROPPING
• “Eavesdropping is a secretly listening to a private conversation of others without
their consent.”
• This is commonly unethical practice.
10
TYPES OF SOCIAL ENGINEERING
SHOULDER SURFING
• “Shoulder surfing refers to using direct observation techniques such as looking over
someone’s shoulder to get information.”
• It is commonly used to obtain passwords, PINs, security codes and similar types of
data.
11
TYPES OF SOCIAL ENGINEERING
PHISHING
• Phishing (pronounced “fishing”) is a common form of bluffing in which a fake web
page is produced that looks just like a legitimate web page.
• The fake page is on a server under the control of the attacks.
• Below is the example of phishing.
12
TYPES OF SOCIAL ENGINEERING
SPOOFING
• “Spoofing is another type of bluffing where some person or program masquerades as
another.”
• Caller-Id spoofing, email id spoofing, IP address spoofing are commonly happening
spoofing incidences in real world.
13
TYPES OF SOCIAL ENGINEERING
PHARMING
• “Pharming is advance type of social engineering where without conscious of the
innocent user the data is stolen.”
• In this type, the authenticated website’s traffic is diverted to some compromised
website by hacker.
• pharming.gif
14
PASSWORD PROTECTION
• Always secure your desktop with passwords.
• Employ strong password policies.
• Password should be alphanumeric and it should be more than 8 characters.
• Password should not include your personal information.
• Avoid saving your passwords and sensitive information such as credit card numbers,
policy numbers, bank account information on your computer or mobile.
16
HIDE CONFIDENTIAL FILES ON DISK
• You can secure your confidential files on desktop by hiding files on your computer.
• To hide files on your windows desktop:
• Control Panel Folder Options View Don’t show hidden files.
• To unhide file on your windows desktop:
• Control Panel Folder Options View show hidden files.
17
TURN ON SYSTEM FIREWALL• A Firewall is software or hardware that checks information coming from the
Internet or a network.
• It either blocks or allows that information to pass through to your computer
depending upon your firewall settings.
• Active firewall helps to prevent hackers from gaining access to your computer
through network or internet.
• To turn on firewall:
• Control Panel Windows Firewall Click on Turn windows firewall on/off
18
INSTALL SAFETY SOFTWARE PROGRAMS
• Secure browsing tools:
Ccleaner, AntiVirus Programs, Nessus
• Data safety Tools:
Folder Locker, True Crypt, SafeHouse Explorer, BitLocker
19
DATA BACKUP
• ‘Backup’ refers to the copying and archiving of computer data so it may be used
to restore the original after a data loss event.
• Our data may include important and confidential files such as files from the
workplace, presentations, work materials etc…
• As there are innumerable possibilities of data getting lost, taking a regular backup
of your data is the safety practices for the computer users.
• Take a backup in external portable devices and protect it with passwords.
20
QUICK TIPS
• Avoid sharing personal details such as email-Id, passwords, Bank account
information on telephone.
• Use Recognized Instant Messengers (IM). Don’t use just any.
• Don’t click on SPAM mails, directly delete them.
• Regularly scan computer and external portable devices for viruses.
• Turn off the file sharing when your are working in the network.
• Always check a website name in the browser before entering your private
information.
• Always sign-out from your account when you are working in the internet café.
• Protect your computer and its hard-disk with password.
• Always seek guidance from expert incase of doubt.21
THANK YOU
For any queries please contact me on below id:
Prajkta G Nagapurkar
+91-8690130987
22