Abstract image of a woman sitting on books and studying on a laptop

INFO.pptx this is reagarding to the information system security and types of attacks

Download as PPTX, PDF
S
sagar490070

This document analyzes information system security, focusing on various types of attacks and countermeasures necessary to protect sensitive data in today's digital landscape. It categorizes attacks into passive and active types, detailing methods such as eavesdropping, data modification, and denial of service, along with real-world examples of recent data breaches in India. The study emphasizes the importance of identification, authentication, and authorization as critical elements in safeguarding information systems against these evolving cyber threats.

Software
1 of 16
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Information System Security Types of Attacks and Countermeasures: A Comprehensive Analysis
The protection of sensitive data and the maintenance of vital infrastructure have become top priorities in a time when digital technology is pervasive and there is an unprecedented reliance on networked information systems. This study explores the complex field of information system security, concentrating on the taxonomy of assaults and the variety of responses intended to thwart them. • The growing importance of information systems in modern society. • The significance of robust security measures in protecting information systems. • Types of Attacks on Information System Security Information security, a vital part of network systems, works to protect data and information against unauthorized access, use, disclosure, disruption, alteration, and destruction. Information security covers a vast spectrum, encompassing diverse fields like cryptography, mobile computing, cyber forensics, and online social media. It's a comprehensive area as it pertains to various types of data, including biometrics, phone data, social network profiles, and personal details. Introduction:-
Attacks :- • Gaining access to data, modifying it, or destroying it without authorization constitutes an attack. • Basically, attacks have two categories. 1) Passive attack 2) Active attack
Passive Attacks:- passive attacks focus on clandestinely obtaining information without affecting system resources directly. These attacks aim to gather or monitor data being transmitted without altering or disrupting the system. Their primary objective is to intercept information during transmission without causing immediate disruption, allowing the adversary to collect data without the system's knowledge. A) Release the Content: - When sender sends data to the receiver the third-party person can access the data. e.g., An email, a sent file, or a phone call could contain sensitive or private information. Keeping an adversary from discovering what is being communicated is our goal. Eavesdropping (Sniffing): The act of discreetly seeing and monitoring another party's communication or the traffic of a network is known as eavesdropping (sniffing). Attackers are capable of obtaining sensitive data, like login credentials or personal information.
Sender will send the message to the receiver and third party that means unauthorized user just observes the traffic flow and based upon this observation third party or unauthorized person will access the data. Based upon the traffic between sender and receiver unauthorized person access the data. B) Traffic Analysis: -
Active Attacks:- An active network exploit, enabling attackers to alter content or impact system resources, is considered an active attack, potentially causing harm to victims. Prior to initiating an aggressive attack, assailants might conduct passive attacks to gather information. Their aim is to breach the system's security and induce disruption. • Masquerade • Replay • Data Modification • Repudiation • Denial of Service
1) Masquerade Attack: - In the masquerade attack sender will send the data to receiver but the receiver will receive the data from unauthorized user on the name of sender. Here receiver don’t know who will send the data just the receiver knows the data which was received was sent by the sender but actually the data was sent by the third party.
2) Replay Attack: - Here sender sends message to the receiver same message will be access by third party person after accessing message he will be changing or destructing the message then he can send to the receiver Mallikarjun is an unauthorized person when Shivappa sends message to Sagar. Mallikarjun can access this message without permission and sends again to Sagar
3) Data Modification Attack: - Here sender sends data to the receiver but it doesn’t go to the receiver that message directly accessed by third party person and data modification will be done on the particular message and again this message will be sent to the receiver. Here all these messages will be sent with the name of sender so receiver doesn’t know there is a modification data during the transmission that’s why we call it an attack. It refers to a communication being altered, delayed, or rearranged, causing an unauthorized impact. This modification undermines the accuracy of the original data source.
4) Repudiation Attack: - Repudiation attacks involve the denial of actions or transactions that have been carried out within a system. Users who engage in repudiation attacks may claim that they did not perform certain actions, such as making a financial transaction, sending a message, or modifying data, even though there is evidence to the contrary. 5) Denial of Service Attack: - Refusing the services is called the denial of service. Any type of service can be done like server/ machine, any type of resource or network etc. Here the third party is interrupts the services which are send by the server to the sender. It disrupts the services this is also done on the name of sender. It is a cybercrime or attack which makes server or machine down and inaccessible to its user. A denial-of-service (DoS) attack is an intentional attempt to interfere with a network, server, website, or service's regular operation by flooding it with excessive amounts of unauthorized traffic or resource demands. The intention is to render the targeted system inoperable for the intended users by inducing service interruptions, delays, or even a total stoppage.
Some Data breaches in India 2022-2023 • Cyberattack on AIIMS: A lesson in vulnerability In December 2022, responding to a query by Communist Party of India (Marxist) MP John Brittas, the Union government disclosed that the All India Institute of Medical Sciences (AIIMS) experienced a cyberattack, resulting in the encryption of approximately 1.3 terabytes of data across five servers. The Minister of Electronics and Information Technology, Rajeev Chandrasekhar, stated that the incident was categorized as a “cyber security incident” caused by unauthorized access to AIIMS’ network due to improper network segmentation. • MoChhatua Data Breach: Government apps on the line In May 2023, MoChhatua, a local governance app in India, fell victim to a data breach, as claimed by a hacker on a forum. The threat actor asserted that the breach exposed sensitive user information such as names, emails, passwords, etc. The app, developed by the regional department of Women and child development in Odisha, aimed to digitize and manage the distribution of ration supplies to beneficiaries
• Zivame Data Leak: Making personal information public Zivame, a well-known online store in India selling women's clothing, had a serious data breach that resulted in thousands of its female customers' personal details being put up for sale online. About 1.5 million Zivame clients' names, email addresses, phone numbers, and physical addresses were among the information compromised
Annual Report Ministry of Home and Affairs Cyber Crimes Crime Incidence Percentage Variation 2019 2020 2021 2019-2020 2020-2021 44735 50035 52974 11.8% 5.9%
Different types Countermeasures of Attacks • 1) Identification: A username is often used by users to identify themselves. Identification involves verifying the identity of a user, system, or entity attempting to access a computer system, network, or application within the realm of IT security and access control. Basically, this is first step into the Authentication process. 2) Authentication: Users typically verify their identity by entering a password (which only they are supposed to know), but many organizations also demand that users demonstrate their identity using a phone or other token device, or by scanning their face or fingerprints, in order to strengthen security. 3) Authorization: - A key element of information security is authorization, which makes sure that only authorized parties can access and use resources and data that are sensitive.
Conclusion: - Information system security is a vital component in today's technological environments, protecting sensitive data and maintaining the integrity of infrastructure. This research has offered a comprehensive understanding of the complex hazards that information systems must contend with, as well as the wide range of defenses that can be employed to mitigate these risks. The taxonomy of assaults examined in this study highlights the continuous growth of cyber threats and ranges from historical incursions to modern sophisticated breaches. The term "passive incursions" refers to illegal access to data that is not altered, as opposed to "active attacks," which entail direct modification or disruption of system resources. Comprehending these subtleties is essential for strengthening defenses against a variety of cyber threats. The development of information security throughout time, starting with offline site protection in its early phases
Thank You !!

More Related Content

DOCX
CCS354-NETWORK SECURITY-network-security notes
Kirubaburi R
 
PDF
Information Security Management
Bhadra Gowdra
 
PDF
CyberSecurity.pdf
Suleiman55
 
PDF
CyberSecurity: A computer-misuse-and-cybercrimes-act.pdf
newtonaseri
 
PPTX
Network security and cyber law (1).pptx
arpanjakhmola007
 
PPTX
Network Security
moviebro1
 
PPTX
BCA-601N_final_1-1.pptx uuggjjgghjjhhjjj
survhiagrawal
 
PPTX
BCA-601N_final_1-1Finalsem6metworks.pptx
PareshLimbad1
 
CCS354-NETWORK SECURITY-network-security notes
Kirubaburi R
 
Information Security Management
Bhadra Gowdra
 
CyberSecurity.pdf
Suleiman55
 
CyberSecurity: A computer-misuse-and-cybercrimes-act.pdf
newtonaseri
 
Network security and cyber law (1).pptx
arpanjakhmola007
 
Network Security
moviebro1
 
BCA-601N_final_1-1.pptx uuggjjgghjjhhjjj
survhiagrawal
 
BCA-601N_final_1-1Finalsem6metworks.pptx
PareshLimbad1
 

Similar to INFO.pptx this is reagarding to the information system security and types of attacks (20)

PDF
C018131821
IOSR Journals
 
PPTX
cryptography Threat - Attack presentation.pptx
sreepriyap9
 
PPTX
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
nickyy222333
 
PPTX
SEMINAR ON CYBER SECURITY.pptx
GauravWankar2
 
PPTX
Network Attacks - (Information Assurance and Security)BS in Information Techn...
SyvilMaeTapinit
 
PPTX
IT.pptx
RaaviKapoor
 
PDF
typesofattacks-180418113629.pdf
surajthakur474818
 
PPTX
Types of attacks
Vivek Gandhi
 
PDF
module 1 Cyber Security Concepts
Sitamarhi Institute of Technology
 
PDF
Module 1.pdf
Sitamarhi Institute of Technology
 
PPTX
CYBER LAW & ETHICS (PART OF THE JNTUH SYLLABUS
deepthikamidi
 
PPTX
INS_CH-1INS_CH-1INS_CH-1INS_CH-1INS_CH-1.pptx
rukminipamul123
 
PDF
A Review On Network Security And Privacy
Todd Turner
 
PPTX
cyber secuirty.pptx
Godwin585235
 
PDF
Data information and security unit 1.pdf
deepakbharathi16
 
PDF
1 ijaems sept-2015-3-different attacks in the network a review
INFOGAIN PUBLICATION
 
PPTX
Types of Cyber Security Attacks- Active & Passive Attak
Souma Maiti
 
PPTX
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
sangeeta borde
 
PPTX
Computer Security Chapter 1
Temesgen Berhanu
 
PPTX
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
C018131821
IOSR Journals
 
cryptography Threat - Attack presentation.pptx
sreepriyap9
 
unit 5 FCS efujhgdkkifevnurdviutfjiutdffgii
nickyy222333
 
SEMINAR ON CYBER SECURITY.pptx
GauravWankar2
 
Network Attacks - (Information Assurance and Security)BS in Information Techn...
SyvilMaeTapinit
 
IT.pptx
RaaviKapoor
 
typesofattacks-180418113629.pdf
surajthakur474818
 
Types of attacks
Vivek Gandhi
 
module 1 Cyber Security Concepts
Sitamarhi Institute of Technology
 
Module 1.pdf
Sitamarhi Institute of Technology
 
CYBER LAW & ETHICS (PART OF THE JNTUH SYLLABUS
deepthikamidi
 
INS_CH-1INS_CH-1INS_CH-1INS_CH-1INS_CH-1.pptx
rukminipamul123
 
A Review On Network Security And Privacy
Todd Turner
 
cyber secuirty.pptx
Godwin585235
 
Data information and security unit 1.pdf
deepakbharathi16
 
1 ijaems sept-2015-3-different attacks in the network a review
INFOGAIN PUBLICATION
 
Types of Cyber Security Attacks- Active & Passive Attak
Souma Maiti
 
CH2_CYBER_SECURITY_FYMSC(DS)-MSC(CS)-MSC(IMCA).pptx
sangeeta borde
 
Computer Security Chapter 1
Temesgen Berhanu
 
Unit 1 Network Fundamentals and Security .pptx
Guna Dhondwad
 
Ad

Recently uploaded (20)

PDF
PDF-XChange Editor Plus 10.7.0.398.0 Crack Free Download Latest 2025
imang66g
 
PPTX
DevOpsDays Halifax 2025 - Building 10x Organizations Using Modern Productivit...
Justin Reock
 
PDF
Streamlining Project Management in Microsoft Project, Planner, and Teams with...
OnePlan Solutions
 
PDF
IT Consulting Services to Secure Future Growth
Shiv Technolabs Pvt. Ltd.
 
PPTX
Viber For Windows 25.7.1 Crack + Serial Keygen
captanhook047
 
PPTX
4Seller: The All-in-One Multi-Channel E-Commerce Management Platform for Glob...
4Seller Multi-channel Ecommerce Tool
 
PPTX
ROI Analysis for Newspaper Industry with Odoo ERP
SatishKumar2651
 
PDF
Crypto Loss And Recovery Guide By Expert Recovery Agency.
Digital Redemption Agency
 
PDF
Understanding the Need for Systemic Change in Open Source Through Intersectio...
Imma Valls Bernaus
 
PDF
Introduction to Ragic - #1 No Code Tool For Digitalizing Your Business Proces...
Ragic
 
PPTX
Bandicam Screen Recorder 8.2.1 Build 2529 Crack
goldheera888
 
PPTX
MLforCyber_MLDataSetsandFeatures_Presentation.pptx
AaryaNaik8
 
PDF
Workplace Software and Skills - OpenStax
tranviettoan19672001
 
PDF
Sun and Bloombase Spitfire StoreSafe End-to-end Storage Security Solution
Bloombase
 
PPTX
Foundations of Marketo Engage: Nurturing
bbedford2
 
PPTX
Plex Media Server 1.28.2.6151 With Crac5 2022 Free .
cariaelif911
 
PPTX
Chapter_05_System Modeling for software engineering
anant5150ca6
 
PPTX
Cybersecurity-and-Fraud-Protecting-Your-Digital-Life.pptx
balaji9945191
 
PDF
SOFTWARE ENGINEERING Software Engineering (3rd Edition) by K.K. Aggarwal & Yo...
yaderyeka
 
PPTX
Human-Computer Interaction for Lecture 1
ssuserca7fe9
 
PDF-XChange Editor Plus 10.7.0.398.0 Crack Free Download Latest 2025
imang66g
 
DevOpsDays Halifax 2025 - Building 10x Organizations Using Modern Productivit...
Justin Reock
 
Streamlining Project Management in Microsoft Project, Planner, and Teams with...
OnePlan Solutions
 
IT Consulting Services to Secure Future Growth
Shiv Technolabs Pvt. Ltd.
 
Viber For Windows 25.7.1 Crack + Serial Keygen
captanhook047
 
4Seller: The All-in-One Multi-Channel E-Commerce Management Platform for Glob...
4Seller Multi-channel Ecommerce Tool
 
ROI Analysis for Newspaper Industry with Odoo ERP
SatishKumar2651
 
Crypto Loss And Recovery Guide By Expert Recovery Agency.
Digital Redemption Agency
 
Understanding the Need for Systemic Change in Open Source Through Intersectio...
Imma Valls Bernaus
 
Introduction to Ragic - #1 No Code Tool For Digitalizing Your Business Proces...
Ragic
 
Bandicam Screen Recorder 8.2.1 Build 2529 Crack
goldheera888
 
MLforCyber_MLDataSetsandFeatures_Presentation.pptx
AaryaNaik8
 
Workplace Software and Skills - OpenStax
tranviettoan19672001
 
Sun and Bloombase Spitfire StoreSafe End-to-end Storage Security Solution
Bloombase
 
Foundations of Marketo Engage: Nurturing
bbedford2
 
Plex Media Server 1.28.2.6151 With Crac5 2022 Free .
cariaelif911
 
Chapter_05_System Modeling for software engineering
anant5150ca6
 
Cybersecurity-and-Fraud-Protecting-Your-Digital-Life.pptx
balaji9945191
 
SOFTWARE ENGINEERING Software Engineering (3rd Edition) by K.K. Aggarwal & Yo...
yaderyeka
 
Human-Computer Interaction for Lecture 1
ssuserca7fe9
 
Ad

INFO.pptx this is reagarding to the information system security and types of attacks

  • 1. Information System Security Types of Attacks and Countermeasures: A Comprehensive Analysis
  • 2. The protection of sensitive data and the maintenance of vital infrastructure have become top priorities in a time when digital technology is pervasive and there is an unprecedented reliance on networked information systems. This study explores the complex field of information system security, concentrating on the taxonomy of assaults and the variety of responses intended to thwart them. • The growing importance of information systems in modern society. • The significance of robust security measures in protecting information systems. • Types of Attacks on Information System Security Information security, a vital part of network systems, works to protect data and information against unauthorized access, use, disclosure, disruption, alteration, and destruction. Information security covers a vast spectrum, encompassing diverse fields like cryptography, mobile computing, cyber forensics, and online social media. It's a comprehensive area as it pertains to various types of data, including biometrics, phone data, social network profiles, and personal details. Introduction:-
  • 3. Attacks :- • Gaining access to data, modifying it, or destroying it without authorization constitutes an attack. • Basically, attacks have two categories. 1) Passive attack 2) Active attack
  • 4. Passive Attacks:- passive attacks focus on clandestinely obtaining information without affecting system resources directly. These attacks aim to gather or monitor data being transmitted without altering or disrupting the system. Their primary objective is to intercept information during transmission without causing immediate disruption, allowing the adversary to collect data without the system's knowledge. A) Release the Content: - When sender sends data to the receiver the third-party person can access the data. e.g., An email, a sent file, or a phone call could contain sensitive or private information. Keeping an adversary from discovering what is being communicated is our goal. Eavesdropping (Sniffing): The act of discreetly seeing and monitoring another party's communication or the traffic of a network is known as eavesdropping (sniffing). Attackers are capable of obtaining sensitive data, like login credentials or personal information.
  • 5. Sender will send the message to the receiver and third party that means unauthorized user just observes the traffic flow and based upon this observation third party or unauthorized person will access the data. Based upon the traffic between sender and receiver unauthorized person access the data. B) Traffic Analysis: -
  • 6. Active Attacks:- An active network exploit, enabling attackers to alter content or impact system resources, is considered an active attack, potentially causing harm to victims. Prior to initiating an aggressive attack, assailants might conduct passive attacks to gather information. Their aim is to breach the system's security and induce disruption. • Masquerade • Replay • Data Modification • Repudiation • Denial of Service
  • 7. 1) Masquerade Attack: - In the masquerade attack sender will send the data to receiver but the receiver will receive the data from unauthorized user on the name of sender. Here receiver don’t know who will send the data just the receiver knows the data which was received was sent by the sender but actually the data was sent by the third party.
  • 8. 2) Replay Attack: - Here sender sends message to the receiver same message will be access by third party person after accessing message he will be changing or destructing the message then he can send to the receiver Mallikarjun is an unauthorized person when Shivappa sends message to Sagar. Mallikarjun can access this message without permission and sends again to Sagar
  • 9. 3) Data Modification Attack: - Here sender sends data to the receiver but it doesn’t go to the receiver that message directly accessed by third party person and data modification will be done on the particular message and again this message will be sent to the receiver. Here all these messages will be sent with the name of sender so receiver doesn’t know there is a modification data during the transmission that’s why we call it an attack. It refers to a communication being altered, delayed, or rearranged, causing an unauthorized impact. This modification undermines the accuracy of the original data source.
  • 10. 4) Repudiation Attack: - Repudiation attacks involve the denial of actions or transactions that have been carried out within a system. Users who engage in repudiation attacks may claim that they did not perform certain actions, such as making a financial transaction, sending a message, or modifying data, even though there is evidence to the contrary. 5) Denial of Service Attack: - Refusing the services is called the denial of service. Any type of service can be done like server/ machine, any type of resource or network etc. Here the third party is interrupts the services which are send by the server to the sender. It disrupts the services this is also done on the name of sender. It is a cybercrime or attack which makes server or machine down and inaccessible to its user. A denial-of-service (DoS) attack is an intentional attempt to interfere with a network, server, website, or service's regular operation by flooding it with excessive amounts of unauthorized traffic or resource demands. The intention is to render the targeted system inoperable for the intended users by inducing service interruptions, delays, or even a total stoppage.
  • 11. Some Data breaches in India 2022-2023 • Cyberattack on AIIMS: A lesson in vulnerability In December 2022, responding to a query by Communist Party of India (Marxist) MP John Brittas, the Union government disclosed that the All India Institute of Medical Sciences (AIIMS) experienced a cyberattack, resulting in the encryption of approximately 1.3 terabytes of data across five servers. The Minister of Electronics and Information Technology, Rajeev Chandrasekhar, stated that the incident was categorized as a “cyber security incident” caused by unauthorized access to AIIMS’ network due to improper network segmentation. • MoChhatua Data Breach: Government apps on the line In May 2023, MoChhatua, a local governance app in India, fell victim to a data breach, as claimed by a hacker on a forum. The threat actor asserted that the breach exposed sensitive user information such as names, emails, passwords, etc. The app, developed by the regional department of Women and child development in Odisha, aimed to digitize and manage the distribution of ration supplies to beneficiaries
  • 12. • Zivame Data Leak: Making personal information public Zivame, a well-known online store in India selling women's clothing, had a serious data breach that resulted in thousands of its female customers' personal details being put up for sale online. About 1.5 million Zivame clients' names, email addresses, phone numbers, and physical addresses were among the information compromised
  • 13. Annual Report Ministry of Home and Affairs Cyber Crimes Crime Incidence Percentage Variation 2019 2020 2021 2019-2020 2020-2021 44735 50035 52974 11.8% 5.9%
  • 14. Different types Countermeasures of Attacks • 1) Identification: A username is often used by users to identify themselves. Identification involves verifying the identity of a user, system, or entity attempting to access a computer system, network, or application within the realm of IT security and access control. Basically, this is first step into the Authentication process. 2) Authentication: Users typically verify their identity by entering a password (which only they are supposed to know), but many organizations also demand that users demonstrate their identity using a phone or other token device, or by scanning their face or fingerprints, in order to strengthen security. 3) Authorization: - A key element of information security is authorization, which makes sure that only authorized parties can access and use resources and data that are sensitive.
  • 15. Conclusion: - Information system security is a vital component in today's technological environments, protecting sensitive data and maintaining the integrity of infrastructure. This research has offered a comprehensive understanding of the complex hazards that information systems must contend with, as well as the wide range of defenses that can be employed to mitigate these risks. The taxonomy of assaults examined in this study highlights the continuous growth of cyber threats and ranges from historical incursions to modern sophisticated breaches. The term "passive incursions" refers to illegal access to data that is not altered, as opposed to "active attacks," which entail direct modification or disruption of system resources. Comprehending these subtleties is essential for strengthening defenses against a variety of cyber threats. The development of information security throughout time, starting with offline site protection in its early phases