System Security

1. Intruders
2. Password Management
3. Viruses and Related Threats
4. Firewalls.
Intruders:
• A significant security problem for networked
systems is hostile, or at least unwanted, trespass
by users or software.
• User trespass can take the form of unauthorized
logon to a machine or, in the case of an authorized
user, acquisition of privileges or performance of
actions beyond those that have been authorized.
• Software trespass can take the form of a virus,
worm, or Trojan horse
• One of the two most publicized threats to security
is the intruder (the other is viruses), often referred
to as a hacker or cracker
3 classes of intruders:
• Masquerader: An individual who is not authorized to
use the computer and who penetrates a system’s
access controls to exploit a legitimate user’s account
• Misfeasor: A legitimate user who accesses data,
programs, or resources for which such access is not
authorized, or who is authorized for such access but
misuses his or her privileges
•Clandestine user: An individual who seizes
supervisory control of the system and uses this
control to evade auditing and access controls or to
suppress audit collection
• Masquerader outsider
• Misfeasor: insider
• Clandestine user: either outsider or insider
PASSWORD MANAGEMENT:
• A password is a secret word or phrase or code
that you need to know in order to have access
to a place or system.
• In technical terms, it is a series of letters or
numbers that you must type into a computer
or computer system in order to be able to use
it. 
• A password is a real-life implementation of
challenge-response authentication (a set of
protocols to protect digital assets and data).
• A string of characters i.e letters, numbers,
special characters,  used to verify the identity
of a user during the authentication process is
known as password.
•  Password management refers to the practices
and set of rules or principles or standards that
out must follow or at least try to seek help
from in order to be a good/strong password
and along with its storage and management
for the future requirements.
Issues Related to Managing Passwords:
• The main problem with password management is
that it is not safe to use the same password for
multiple sites.
• Having different passwords for different sites and
on top of that remembering them is quite difficult.
• As per the statistics, more than 65% of people
reuse passwords across accounts and the majority
do not change them, even after a known breach.
• Meanwhile, 25% reset their passwords once a
month or more because they forgot them. 
 To escape from this situation people often tend to
use password managers:
• A password manager is a computer program that
allows users to store, generate, and manage their
passwords for local applications and online services.
• Password managers to a certain extent reduce the
problem by having to remember only one “master
password” instead of having to remember multiple
passwords. 
• The only problem with having a master password is
that once it is out or known to an attacker, the rest
of all the passwords become available.
The main issues related to managing passwords
are as follows:
• Login spoofing
• Sniffing attack
• Brute force attack
• Shoulder surfing attack
• Data breach
• Login spoofings are techniques used to steal a
user's password.
• The user is presented with an ordinary
looking login prompt for username and
password, which is actually a malicious
program (usually called a Trojan horse) under
the control of the attacker. 
• When the username and password are
entered, this information is logged or in some
way passed along to the attacker, breaching
security.
Sniffing Attack:
• A sniffing attack in system hacking is a form of
denial-of-service attack which is carried out by
sniffing or capturing packets on the network,
• And then either sending them repeatedly to a
victim machine or replaying them back to the
sender with modifications.
• Sniffers are often used in system hacking as a
tool for analyzing traffic patterns in a scenario
where performing more intrusive and
damaging attacks would not be desirable
• In order for an attacker to use this method as
a form of masquerading, they must be able to
send packets directly to the network (either
through access to Wi-Fi or by finding a
security flaw). Because of this, the attacker’s
 IP address is likely to become known very
quickly.
Shoulder Surfing Attack
• A shoulder surfing attack explains a situation when
the attacker can physically view the devices screens
and the password typing keypad to obtain personal
information
• one of the group of attack methods requires the
hacker (attacker) to be physically close to the victims
for the attack to succeed and thus a few shoulder
surfing attacks will occur with intruders virus
malicious intentions or virus malware accessing it.
• Some similar might result from nosy to people,
where it is more an invasion of our privacy.
 Example:
• If we are using an ATM Card, someone positioned themselves in
such a way that they are enabled to watch it when you enter
your PIN. In a rush, you leave the ATM with your card and
money without making sure it had exited entirely out of your
accounts. If the ATM doesn’t require the card to be inserted for
the all-over full transaction, other transactions are secured if
you don’t confirm that you have any other transaction to make
as long as the attacker knows your ATM PINs.

• When there is Crowded public in transmitting making the work

it easy for attackers to see the devices screens of others or hear
conversations of others. In this phase, they’re literally looking
for an attack over the victim’s shoulder.
Brute Force Attack:
• What's a Brute Force Attack? A brute force attack uses
trial-and-error to guess login info, encryption keys, or
find a hidden web page. Hackers work through all
possible combinations hoping to guess correctly.
Data Breach:
• A data breach is a security violation, in which sensitive,
protected or confidential data is copied, transmitted,
viewed, stolen or used by an individual unauthorized
to do so. Other terms are unintentional information
disclosure, data leak, information leakage and data
spill. 
Threats to Information Security:
• Information Security threats can be many like Software
attacks, theft of intellectual property, identity theft,
theft of equipment or information, sabotage, and
information extortion. 
• Threat can be anything that can take advantage of a
vulnerability to breach security and negatively alter,
erase, harm object or objects of interest. 
• Software attacks means attack by Viruses, Worms,
Trojan Horses etc. Many users believe that malware,
virus, worms, bots are all same things. But they are not
same, only similarity is that they all are malicious
software that behaves differently. 
• Malware is a combination of 2 terms-
Malicious and Software. So Malware basically
means malicious software that can be an
intrusive program code or anything that is
designed to perform malicious operations on
system.
Malware can be divided in 2 categories:
•  Infection Methods
• Malware Actions
Malware on the basis of Infection Method are following: 

• Virus:
Virus is a computer program or software that connect itself to another software
or computer program to harm computer system. When the computer program
runs attached with virus it perform some action such as deleting a file from the
computer system. Virus can’t be controlled by remote.

• Worms:
Worms is also a computer program like virus but it does not modify the program.
It replicate itself more and more to cause slow down the computer system.
Worms can be controlled by remote.

• Trojan Horse:
Trojan Horse does not replicate itself like virus and worms. It is a hidden piece of
code which steal the important information of user. For example, Trojan horse
software observe the e-mail ID and password while entering in web browser for
logging.
• Malware on the basis of Actions: 

•  Adware – Adware is not exactly malicious but they do breach privacy of

the users. They display ads on a computer’s desktop or inside individual
programs. They come attached with free-to-use software, thus main
source of revenue for such developers. They monitor your interests and
display relevant ads. An attacker can embed malicious code inside the
software and adware can monitor your system activities and can even
compromise your machine.

• Spyware – It is a program or we can say software that monitors your

activities on computer and reveal collected information to an interested
party. Spyware are generally dropped by Trojans, viruses or worms. Once
dropped they install themselves and sits silently to avoid detection. One
of the most common example of spyware is KEYLOGGER. The basic job of
keylogger is to record user keystrokes with timestamp. Thus capturing
interesting information like username, passwords, credit card details etc.
• Ransomware – It is type of malware that will either
encrypt your files or will lock your computer making it
inaccessible either partially or wholly. Then a screen will
be displayed asking for money i.e. ransom in exchange.
• Scareware – It masquerades as a tool to help fix your
system but when the software is executed it will infect
your system or completely destroy it. The software will
display a message to frighten you and force to take
some action like pay them to fix your system.
• Rootkits – are designed to gain root access or we can
say administrative privileges in the user system. Once
gained the root access, the exploiter can do anything
from stealing private files to private data.
• Zombies – They work similar to Spyware.
Infection mechanism is same but they don’t
spy and steal information rather they wait for
the command from hackers.
 
Social Engineering – is the art of manipulating people so
that they give up their confidential information like bank
account details, password etc. These criminals can trick
you into giving your private and confidential information
or they will gain your trust to get access to your
computer to install a malicious software- that will give
them control of your computer. For example email or
message from your friend, that was probably not sent by
your friend. Criminal can access your friends device and
then by accessing the contact list, he can send infected
email and message to all contacts. Since the message/
email is from a known person recipient will definitely
check the link or attachment in the message, thus
unintentionally infecting the computer.
What are the different types of phishing attacks?
• Phishing attacks are social engineering attacks, and they
can have a great range of targets depending on the
attacker. They could be generic scam emails looking for
anyone with a PayPal account.
• Phishing can also be a targeted attack focused on a specific
individual. The attacker often tailors an email to speak
directly to you, and includes information only an
acquaintance would know. An attacker usually gets this
information after gaining access to your personal data. If
the email is this type, it is very difficult for even the most
cautious of recipients not to become a victim. PhishMe
Research determined that ransomware accounts for over
97% of all phishing emails.
What is spear phishing?
• Fishing with a pole may land you a number of items
below the waterline – a flounder, bottom feeder, or
piece of trash. Fishing with a spear allows you to
target a specific fish. Hence the name.
• Spear phishing targets a specific group or type of
individual such as a company’s system
administrator. Below is an example of a spear
phishing email. Note the attention paid to the
industry in which the recipient works, the download
link the victim is asked to click, and the immediate
response the request requires.
What is whaling?
• Whaling is an even more targeted type of phishing
that goes after the whales – a marine animal even
bigger than a fish. These attacks typically target a
CEO, CFO, or any CXX within an industry or a
specific business. A whaling email might state that
the company is facing legal consequences and
that you need to click on the link to get more
information.
• The link takes you to a page where you are asked
to enter critical data about the company such as
tax ID and bank account numbers.
What is smishing?
• Smishing is an attack that uses text messaging or short
message service (SMS) to execute the attack. A common
smishing technique is to deliver a message to a cell phone
through SMS that contains a clickable link or a return
phone number.
• A common example of a smishing attack is an SMS
message that looks like it came from your banking
institution. It tells you your account has been
compromised and that you need to respond immediately.
The attacker asks you to verify your bank account number,
SSN, etc. Once the attacker receives the information, the
attacker has control of your bank account.
What is vishing?
• Vishing has the same purpose as other types of phishing
attacks. The attackers are still after your sensitive personal
or corporate information. This attack is accomplished
through a voice call. Hence the “v” rather than the “ph” in
the name.
• A common vishing attack includes a call from someone
claiming to be a representative from Microsoft. This
person informs you that they’ve detected a virus on your
computer. You’re then asked to provide credit card details
so the attacker can install an updated version of anti-virus
software on your computer. The attacker now has your
credit card information and you have likely installed
malware on your computer.
What is email phishing?
• Email phishing is the most common type of phishing, and it
has been in use since the 1990s. Hackers send these emails
to any email addresses they can obtain. The email usually
informs you that there has been a compromise to your
account and that you need to respond immediately by
clicking on a provided link. These attacks are usually easy to
spot as language in the email often contains spelling and/or
grammatical errors.
• Some emails are difficult to recognize as phishing attacks,
especially when the language and grammar are more
carefully crafted. Checking the email source and the link
you’re being directed to for suspicious language can give
you clues as to whether the source is legitimate.
Thank you