Cyber Security

Presented by:

Raymunda Recto Moreno

(Negros Occidental)

Presented to:

DR. AMMON DENIS R. TIROL

 Cyber Security
- the practice of defending computers,
servers, mobile devices, electronic
systems, networks, and data from
malicious attacks.

- the protection of internet-connected

systems, including hardware, software
and data, from cyber attacks.

- measures taken to protect a computer or

computer system (as on the Internet)
against unauthorized access or attack.
 AIMS OF CYBER ATTACKS

These cyber attacks are usually aimed at accessing,

changing, or destroying sensitive information;
extorting money from users; or interrupting normal
business processes.

That is why Cyber security is being practiced now a days

by business entities as a means of their preventative methods
used to protect information from being stolen, compromised
or attacked.
 What is Cyberspace?
Cyberspace is a worldwide network of computers and
the equipment that connects them, which by its very
design is free and open to the public (the Internet)

We've become increasingly

reliant on the net, and it's
being used right now to
transfer everything from
friendly emails to
hypersensitive data.
 What is Cyberspace?
as long as your computer is connected to the internet,
that connection can go both ways.
The attackers are mostly malicious pranksters, looking
to access personal and business machines or disrupt
net service with virus programs proliferated via email.
However, there are also more serious attackers out
there whose goals could range from mining valuable
data (your credit card or bank information, design
secrets, research secrets, etc) to even disrupting
critical systems like the stock market, power grids, air-
traffic controllers programs, and the most dangerous-
our nuclear weapons
Trojan Horse Attack
Trojan Horse is
activated when
the software or
attachment is
executed.

Trojan Horse releases

Trojan Horse virus, monitors
arrives via email computer activity,
or software like installs backdoor, or
free games. transmits information
to hacker.
 Spamming Attacks
•Sending out e-mail messages in bulk. It’s
electronic “junk mail.”
•Spamming can leave the information system
vulnerable to overload.
•Less destructive, used extensively for e-marketing
purposes.
 What Does it Mean- “Security”?
• “Security” is the quality or state of being secure--to be free
from danger. But what are the types of security we have to be
concern with?
• Physical security - addresses the issues necessary to
protect the physical items, objects or areas of an organization
from unauthorized access and misuse.
• Personal security - addresses the protection of the
individual or group of individuals who are authorized to
access the organization and its operations.
• Operations security- protection of the details of a
particular operation or series of activities.
 What Does it Mean- “Security”?
• Communications security - concerned with the protection
of an organization’s communications media, technology, and
content.
• Network security is the protection of networking
components, connections, and contents.
• Information Security – protection of information and its
critical elements, including the systems and hardware that
use, store, or transmit that information.
 The Need for Security
 Industry Need for Information Security
An organization needs information security for
four important reasons:
 1. To protect the organization’s ability to
function,
 2. To enable the safe operation of applications
implemented on the organization’s IT systems,
 3. To protect the data the organization collects
and uses, and
 4. To safeguard the technology assets in use
at the organization.
 Information Security Threats
• Act of Human Error or Failure (accidents, mistakes)
•Compromises to Intellectual Property (piracy,
copyright infringement)
• Acts of Espionage or Trespass (unauthorized access
and/or data collection)
• Acts of Information Extortion (blackmail of
information disclosure)
• Acts of Sabotage or Vandalism (destruction of
systems or information)
• Software Attacks (viruses, worms, macros, denial of
service)
 Information Security Threats
• Forces of Nature (fire, flood, earthquake, lightning)
• Quality of Service Deviations from Service
Providers (power & WAN service issues)
• Technical Hardware Failures or Errors (equipment
failure)
• Technical Software Failures or Errors (bugs, code
problems, unknown loopholes)
• Technological Obsolescence (antiquated or outdated
technologies)
Acts of Human
Error or Failure
Shoulder surfing
takes many forms.
Some may not be
obvious.
 Information Security
• Tools, such as policy, awareness, training, education,
and technology are necessary for the successful application
of information security.
•
 C.I.A. TRIANGLE
Figure 3
Confidentiality

INFORMATION

Integrity Availability
 The Dilemma of Security
• The problem that we cannot get away from in computer
security is that we can only have good security if everyone
understands what security means, and agrees with the need
for security.
• Security is a social problem, because it has no meaning
until a person defines what it means to them.
• The harsh reality is the following: In practice, most users
have little or no understanding of security. This is our
biggest security hole.
Meaning of Security Lies in Trust
• Every security problem has this question it needs to answer
first: Whom or what do we trust?
• On our daily lives, we placed some sort of technology
between us and the “things” we don’t trust. For example lock
the car, set the house alarm, give Credit Card number only to
the cashier, etc.
• So we decided to trust somebody/something to have some
sort of security (trust the lock, trust the police, trust the
cashier).
• We have to have the same scenario for computer & network
systems we use today.
 Components of an
Information System
• People are the biggest threat to information security!!!
(WHY? – Because WE are the weakest link)
•Social Engineering . It is a system that manipulates the
actions of people in order to obtain information about a
system in order to obtain access.
• Procedures are written blueprints for accomplishing a
specific task; step-by-step descriptions.
The obtainment of the procedures by an unauthorized user
would constitute a threat to the integrity of the information.
 Figure 5
Hardware
Software
People

Procedures
Data
Components of an Information System
 Figure 6 Internet

Computer as Subject of Crime

Computer as Object of Crime

Remote System
Hacker
 Access vs. Security

• When considering security it is important to realize that it is

impossible to obtain perfect security. Security is not an
absolute. Instead security should be considered a balance
between protection and availability.
• It is possible to have unrestricted access to a system, so that
the system is available to anyone, anywhere, anytime, through
any means. However, this kind of random access poses a
danger to the integrity of information.
• On the other hand complete security of an information
system would not allow anyone access at any given time.
Figure 7

Security Access

Balancing Security and Access- Too much security might

make access hard to get and people will stop using the
system. On the other hand, a too easy access protocol,
might be a security hole for the network. A balance must be
achieved between those two major “players”
What is Encryption ?
Encryption is the process of converting
messages, information, or data into a form
unreadable by anyone except the intended
recipient. As shown in the figure below,
Encrypted data must be deciphered, or
decrypted, before it can be read by the
recipient.

The root of the word encryption—crypt—

comes from the Greek word kryptos,
meaning hidden or secret.
Modern Encryption Methods and
Authentication Devices

Cryptographic Accelerators

Authentication Tokens

Biometric/Recognition Methods
Examples
Type Cryptographic Authentication Biometric/
Accelerator Token Recognition
Definition Coprocessor External device External
that calculates that interfaces device that
and handles the with device to measures
Random grant access. 2 human body
Number types: contact factors to
Generation and allow access
NonContact
Examples PCI coprocessor Credit Card, Fingerprint,
RSA SecurID Optical,
Voice and
Signature
recognition
 Biometrics Devices

The iris of your eye is the colored

part that surrounds your black pupil,
the black part. Every iris is different.
If a scan of a user’s iris matches the
one in the security system’s memory,
access is allowed.
 Biometrics Devices

Another trait unique to every individual is his or her

voice. The user speaks a specified word or
sentence to gain access to a secured computer.
Distinct patterns, tones, and other qualities in the
voice must match the authorized user’s voice in the
computer’s security system.
Biometrics Devices

Another biometric option is

the fingerprint and its unique
identifying characteristics.
Placed on a special reading
pad, a designated finger’s
print is recognized by a
computer. A similar
biometric device scans a
person’s whole hand
 Biometrics Devices

The blood vessels in a person’s face radiate heat.

The patterns of those vessels, and the heat scan,
are completely individual and could be recognized
and required for computer access.
Everything will be in Cyberspace
covered by a hierarchy of computers!

Cell
Body

Continent Home

Region Car
Building
Campus

World
Fractal Cyberspace: a network
of … networks of … platforms
Robert Statica – Cybersecurity Original by Gordon Bell
 Survival…..

“It is not the strongest of the

species that survive, nor the most
intelligent, but the one most
responsive to change”
Charles Darwin
Thank You!