security, privacy and crime presented by abhishek sharma
Post on 29-Dec-2015
229 Views
Preview:
TRANSCRIPT
Security, Privacy and Crime
Presented byAbhishek Sharma
Overview:
• HCI – Human Computer Interaction• Security
• Importance of Security• Hacking• Human players in Computer Security
• Privacy• Privacy and HCI
• Crime• Cyber Crime
HCI
• It is large field in its own right. It roots were in human factors and the design and evaluation of “man-machine” interfaces for airplanes and other complex and potentially dangerous mechanical systems.
Importance of Security:
Computers and internet are becoming pervasive.
Consequence of being online.
It has become a part of product design, developing and deployment.
Importance of Security:
There are even organizations which
provide “Security as a service”
We need to know how computer attacks are performed.
Hacking
Clever programmer. Modification of a program/device to
give user access to features that were otherwise unavailable to them.
Hacking
Its usually a technical activity.SCRIPT KIDDIES
Attacking Methods:
Intrusion
Physical Intrusion usually internal employees eg., booting with floppy or
taking the system part physically
System Intrusion low level privilages Exploit un-patched security vulnerabilities.
Attacking Methods:
Remote Intrusion: Valid account names/Cracking weak passwords Exploiting common security vulnerabilities (buffer overflow).
What it takes for an attack?
1. Need to carry out some information gathering on the target.
2. Plan their way into the system.3. Reduce chance of getting caught.
During all these procedures, Network traffice would look normal.
Pattern they follow:
1. Foot printing. Getting complete profile and security arrangements
Information of interest including the technology the use (like internet, intranet, remote access)
Security policies and procedures.
2. Network Enumeration. Attacker tries to find out domain names and associated
Networks related.
Pattern they follow….
3. DNS Interrogation. After NE is done , query the DNS.
Revealing info about the organizations. Zone Transfer Mechanism. Leak of private DNS information.
4.Network Reconnaissance. Identifying the potential target.
Try to map network topologies and identify paths. Eg: trace route program
Pattern they follow….
5. Scanning Knocking the walls.
Which systems are alive and reachable? Ping sweeps, port scans, automatic discovery tools. At this point IDS warns, but not yet attacked.
Unauthorized Access:1. Acquiring passwords. 2. Clear Text Sniffing. There is no encryption of passwords with protocols
like telnet, FTP, HTTP. Easy for attackers to eavesdrop using network
protocol analyzers to obtain password..
3. Encryption sniffing. How about encrypted passwords? Decryption using dictionary, brute force attack
Unauthorized Access:
4. Replay attack. No need to decrypt. Reprogram the client software.
5. Password file stealing. /etc/passwd in Unix SAM in WinNT Steal these files and run cracking programs.
6. Observation. Usage of long and difficult to guess passwords. Attackers with physical access. Shoulder surfing.
Unauthorized Access:
7. Social Engineering. Cracking techniques that rely on weakness in users
ie., admin, operators. Calling up systems operator posing as a field service technician
with urgent access problem.
8. Software Bugs. Vulnerabilities brought by bugs in S/W
Buffer overflow are found by buffer vulnerabilities on certain programs. Searching for these bugs directly. Examining every place the program prompts for input and trying to
overflow it with random data.
What’s the need to learn?
Does it help? Yes… Developing more efficient ways to
protect the system.
Motives:
49% -- discovery learning, challenge, knowledge and pleasure
24% -- recognition, excitement (of doing something illegal) 27% -- self-gratification, addiction,
espionage, theft and profit.
Addiction and curiosity.
How have they grown over the Years??
1st Generation: Talented techies, programmers and Scientists
(mostly from MIT )
2nd Generation: Forward thinking to recognize the potential of computer niche.
3rd Generation: Young people who used PC and entertainment value of PC and
began developing games(illegal copying,cracking the copy right protection)
…contd
4th Generation:
Criminal Activity Claim that motivation was curiosity/hunger for knowledge.
Types of Hackers:White Hack: Focusing on securing IT systems. Have clearly defined code of ethics. Improve discovered security breaches. ….Tim-Berners Lee…..
Grey Hat: no personnel gain, no malicious intentions. testing and monitoring.Black Hat : crackers/they are criminals. maintain knowledge of vulnerabilities. Doesn’t reveal to general public/manufacturing for corrections.
What needs to be done?
Intrinsically and Globally imperfect.There are many holes(not just technical ones)
They also stem from bad-security practices and procedures.
Educating the users, Security Administrators
Securing the Environment
Human Players in Computer Security
• Protectors
• Attackers
• Users
• Double Agents
Discussion….
Whom to blame?
Who should be liable? Should government step in and regulate? Is it upto the individual computer users and
companies to stay on top of technology?
Should we blame the software industry for selling insecure products?
Whom to blame?
Lack of liability? Building a security product with no liability is of no
use.
Eg., There are different rules and regulations in the
situation of drug release. But Are there any regulations and rules in a
Software Release??
Privacy : Introduction
• It is the ability of an ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively.
• It can be a key aspect of the user experience with computers, online systems, and new technologies
Privacy and HCI
• HCI has already been introduced, along with its core concerns of improving ease of use and overall user experience.
• Privacy, though it is a broad term in compare to HCI, but in simple it is “the ability of an individual to control the terms under which their personal information is acquired and used”
Important points in Privacy
• It is based on information and the effectiveness of individuals in controlling its flow.
• Like security, concern risk, its perception, and its management.
• It is about control, trust and power in social situation and so rapidly implies
Relevant HCI Research Streams
• Basic Design Consideration
• People interact with & through systems
• Individuals differ in capabilities
• Role of HCI in next-generation architectures
Usability Engineering
1. While valued, privacy is not the users’ primary task.
2. Designs must encompass many different types of users.
3. Privacy raises the stakes.4. Systems must respond to the legal and
regulatory environment.
Computer-Supported Cooperative Work
• An important stream of HCI research.
• Starting in late 1980s, CSCW began as a counter-effort to consider collaborative computer use.
CRIME
• In field of computer , crime is referred as Cyber Crime.
• It involves a computer and a network.
• Computers may and may not play as an instrumental.
Categories
• Crime that target computer networks and devices directly.
• Crime facilitated by computer networks and devices, the primary target of which is independent of computer or device.
Cyber-Crime
• It is more or less related to hacking.• Computer-Skilled people initiate
attack.• No-boundaries limitation• It is really hard to catch such
criminals.• Governments form different countries
joining hand to fight against it.
top related