Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Presenatation_Abhishek_Sharma

advertisement 
Security, Privacy and Crime
Presented by
Abhishek Sharma
Overview:
•
•
•
•
HCI – Human Computer Interaction
Security
• Importance of Security
• Hacking
• Human players in Computer Security
Privacy
• Privacy and HCI
Crime
• Cyber Crime
HCI
• It is large field in its own right. It
roots were in human factors and the
design and evaluation of “manmachine” interfaces for airplanes and
other complex and potentially
dangerous mechanical systems.
Importance of Security:
Computers and internet are becoming
pervasive.
Consequence of being online.
It has become a part of product
design, developing and deployment.
Importance of Security:
There are even organizations which
provide “Security as a service”
We need to know how computer
attacks are performed.
Hacking
Clever programmer.
Modification of a program/device to
give user access to features that were
otherwise unavailable to them.
Hacking
Its usually a technical activity.
SCRIPT KIDDIES
Attacking Methods:
Intrusion
Physical Intrusion
usually internal employees eg., booting with floppy or
taking the system part physically
System Intrusion
low level privilages
Exploit un-patched security vulnerabilities.
Attacking Methods:
Remote Intrusion:
Valid account names/Cracking weak passwords
Exploiting common security vulnerabilities (buffer overflow).
What it takes for an attack?
1. Need to carry out some information
gathering on the target.
2. Plan their way into the system.
3. Reduce chance of getting caught.
During all these procedures, Network
traffice would look normal.
Pattern they follow:
1. Foot printing.
Getting complete profile and security arrangements
Information of interest including the technology the use (like
internet, intranet, remote access)
Security policies and procedures.
2. Network Enumeration.
Attacker tries to find out domain names and associated
Networks related.
Pattern they follow….
3. DNS Interrogation.
After NE is done , query the DNS.
Revealing info about the organizations.
Zone Transfer Mechanism.
Leak of private DNS information.
4.Network Reconnaissance.
Identifying the potential target.
Try to map network topologies and identify paths.
Eg: trace route program
Pattern they follow….
5. Scanning
Knocking the walls.
Which systems are alive and reachable?
Ping sweeps, port scans, automatic discovery tools.
At this point IDS warns, but not yet attacked.
Unauthorized Access:
1. Acquiring passwords.
2. Clear Text Sniffing.
There is no encryption of passwords with protocols
like telnet, FTP, HTTP.
Easy for attackers to eavesdrop using network
protocol analyzers to obtain password.
.
3. Encryption sniffing.
How about encrypted passwords?
Decryption using dictionary, brute force attack
Unauthorized Access:
4. Replay attack.
No need to decrypt.
Reprogram the client software.
5. Password file stealing.
/etc/passwd in Unix
SAM in WinNT
Steal these files and run cracking programs.
6. Observation.
Usage of long and difficult to guess passwords.
Attackers with physical access.
Shoulder surfing.
Unauthorized Access:
7. Social Engineering.
Cracking techniques that rely on weakness in users
ie., admin, operators.
Calling up systems operator posing as a field service technician
with urgent access problem.
8. Software Bugs.
Vulnerabilities brought by bugs in S/W
Buffer overflow are found by
buffer vulnerabilities on certain programs.
Searching for these bugs directly.
Examining every place the program prompts for input and trying to
overflow it with random data.
What’s the need to learn?
Does it help? Yes…
Developing more efficient ways to
protect the system.
Motives:
49% -- discovery learning, challenge,
knowledge and pleasure
24% -- recognition, excitement
(of doing something illegal)
27% -- self-gratification, addiction,
espionage, theft and profit.
Addiction and curiosity.
How have they grown over the
Years??
1st Generation:
Talented techies, programmers and Scientists
(mostly from MIT
)
2nd Generation:
Forward thinking to recognize the potential of computer niche.
3rd Generation:
Young people who used PC and entertainment value of PC and
began developing games(illegal copying,cracking the copy right
protection)
…contd
4th Generation:
Criminal Activity
Claim that motivation was curiosity/hunger for knowledge.
Types of Hackers:
White Hack:
Focusing on securing IT systems.
Have clearly defined code of ethics.
Improve discovered security breaches.
….Tim-Berners Lee…..
Grey Hat:
no personnel gain, no malicious intentions.
testing and monitoring.
Black Hat :
crackers/they are criminals.
maintain knowledge of vulnerabilities.
Doesn’t reveal to general public/manufacturing for corrections.
What needs to be done?
Intrinsically and Globally imperfect.
There are many holes(not just technical ones)
They also stem from bad-security
practices and procedures.
Educating the users, Security
Administrators
Securing the Environment
Human Players in Computer
Security
• Protectors
• Attackers
• Users
• Double Agents
Discussion….
Whom to blame?
Who should be liable?
Should government step in and regulate?
Is it upto the individual computer users and
companies to stay on top of technology?
Should we blame the software industry for selling
insecure products?
Whom to blame?
Lack of liability?
Building a security product with no liability is of no
use.
Eg.,
There are different rules and regulations in the
situation of drug release.
But Are there any regulations and rules in a
Software Release??
Privacy : Introduction
• It is the ability of an ability of an
individual or group to seclude
themselves or information about
themselves and thereby reveal
themselves selectively.
• It can be a key aspect of the user
experience with computers, online
systems, and new technologies
Privacy and HCI
• HCI has already been introduced,
along with its core concerns of
improving ease of use and overall
user experience.
• Privacy, though it is a broad term in
compare to HCI, but in simple it is
“the ability of an individual to control
the terms under which their personal
information is acquired and used”
Important points in Privacy
• It is based on information and the
effectiveness of individuals in
controlling its flow.
• Like security, concern risk, its
perception, and its management.
• It is about control, trust and power in
social situation and so rapidly implies
Relevant HCI Research Streams
• Basic Design Consideration
• People interact with & through systems
• Individuals differ in capabilities
• Role of HCI in next-generation
architectures
Usability Engineering
1. While valued, privacy is not the users’
primary task.
2. Designs must encompass many different
types of users.
3. Privacy raises the stakes.
4. Systems must respond to the legal and
regulatory environment.
Computer-Supported
Cooperative Work
• An important stream of HCI
research.
• Starting in late 1980s, CSCW began
as a counter-effort to consider
collaborative computer use.
CRIME
• In field of computer , crime is
referred as Cyber Crime.
• It involves a computer and a network.
• Computers may and may not play as
an instrumental.
Categories
• Crime that target computer networks
and devices directly.
• Crime facilitated by computer
networks and devices, the primary
target of which is independent of
computer or device.
Cyber-Crime
• It is more or less related to hacking.
• Computer-Skilled people initiate
attack.
• No-boundaries limitation
• It is really hard to catch such
criminals.
• Governments form different countries
joining hand to fight against it.
Cyber Crime
• Hacking (as mentioned earlier)
• Copyright infringement
• Chile grooming and porn
Action against Cyber Crime
• Cyber Warfare
• International Criminal Court
Related documents
Sample essay questions for Chapters 4 & 8
Sample essay questions for Chapters 4 & 8
blc-sutherland
blc-sutherland
Trace Evidence – Individual vs. Class Evidence
Trace Evidence – Individual vs. Class Evidence
HCI Lifecycle
HCI Lifecycle
Download
advertisement