Cyber Security

Done By: Syed Mohammed Osman, Abdurahman Rizvi,

Zaid Majdi
 Contents of this template
This is a slide structure based on a presentation for a thesis defense
You can delete this slide when you’re done editing the presentation

Fonts To view this template correctly in PowerPoint, download and install the fonts we
used

Used and alternative An assortment of graphic resources that are suitable for use in this
resources presentation

Thanks slide You must keep it so that proper credits for our design are given

Colors All the colors used in this presentation

Infographic resources These can be used in the template, and their size and color can be edited

Customizable icons They are sorted by theme so you can use them in all kinds of presentations

For more info: You can visit our sister projects:

SLIDESGO | SLIDESGO SCHOOL | FREEPIK | FLATICON | STORYSET | WEPIK
FAQS | VIDFY
 Table of contents

01 02

Cyber Attacks Security Devices

You can describe the topic of the section You can describe the topic of the
here section here
 Cyber
01 Attacks
 Cyber Attacks
Brute force Attacks
Brute force attacks involve systematically trying all
combinations of characters until finding a password,
lacking sophistication. To expedite this process, hackers
typically begin by checking against common passwords
like "123456" or "password." If unsuccessful, they resort
to using extensive word lists, which can still take hours
to crack a password. Longer, more complex passwords
with diverse character variations are inherently harder
to crack, underscoring the importance of password
strength in authentication systems.
Hackers List of Tries all Successful
passwords combinatio credentials
n until one validation0
is
successful
 Cyber Attacks
Data interception involves stealing data by
Data interception accessing wired or wireless communication
links to compromise privacy or obtain
confidential information. Packet sniffers are
commonly used to intercept data packets
in wired networks, while wardriving is
employed for Wifi interception, utilizing a
laptop or smartphone, antenna, GPS
device, and software outside a target
location. Encryption mitigates interception
risks, rendering data incomprehensible to
hackers without decryption keys.
.
User User

Packet
sniffer
interceptin
g data
 Cyber Attacks

Distributed Denial of Service (DDoS) attacks aim

to disrupt network access, targeting both
individual users and internet servers. Attackers
flood networks with spam traffic, overwhelming
DDos
servers and preventing legitimate access to
Distributed Denial of Service
websites, emails, and online services like
banking. In DDoS attacks, spam traffic originates
from numerous computers, making it challenging
to block.
 Cyber Attacks
Hacking
Hacking involves illegally accessing computer systems without
permission, potentially leading to identity theft or data
manipulation. Encryption may render data meaningless to
hackers, but it doesn't prevent data deletion or corruption.
While malicious hacking is illegal, ethical hacking, authorized by
companies to test security measures, is becoming more
common through specialized courses offered by universities
and companies.
 Cyber Attacks
Malware encompasses a variety of harmful
Malware software types. Viruses replicate to damage files
or disrupt computer functioning, requiring an
infected host program or operating system to
execute. Worms independently spread across
networks, targeting vulnerable systems. Trojan
horses masquerade as legitimate software to
harm user systems. Spyware covertly monitors
user activity, transmitting gathered information
to the perpetrator. Adware inundated users with
unwanted advertisements, while ransomware
encrypts data, demanding payment for
decryption keys, often distributed through Trojan
horses or social engineering tactics.
 Cyber Attacks

Phishing involves cybercriminals sending

convincing emails to users, enticing them to click
on links or provide personal information under
the guise of legitimate sources like banks. Users
must initiate action for phishing to succeed; thus, Phishing
caution in handling suspicious emails mitigates
risks. Preventive measures include staying
updated on phishing scams,avoiding clicking on
unknown email links, utilizing anti-phishing
toolbars, checking for HTTPS and green padlock
symbols. Spear phishing targets specific
individuals or companies for financial gain or
espionage, while regular phishing casts a wider
net.
 Cyber Attacks
Pharming
Pharming involves malicious code that redirects users' browsers
to fake websites, typically without their knowledge. Unlike
phishing, no user action is required for pharming to initiate,
making it a significant threat to data security. Attackers can
steal personal data, such as bank details, by tricking users into
interacting with these fraudulent sites. Pharming exploits
vulnerabilities in DNS servers, often through cache poisoning,
to redirect users to fake websites. Mitigation strategies include
using antivirus software to detect unauthorized alterations,
checking website URLs for accuracy, and relying on browser
alerts for potential pharming attacks. Additionally, the presence
of HTTPS and the green padlock symbol in the address bar
enhances defense against pharming.
 Cyber Attacks
Social engineering involves cybercriminals
Social engineering manipulating people into compromising their
security practices through various tactics
exploiting human emotions. These include
instant messaging, scareware, phishing scams,
baiting with malware-infected devices, and
phone calls impersonating IT professionals. By
preying on emotions like fear, curiosity, and
trust, cybercriminals deceive users into taking
actions that grant access to personal information
or install malware. Social engineering doesn't
involve hacking; instead, users willingly allow
access to their systems or divulge sensitive
information due to rushed decisions prompted by
emotional manipulation.
 Security
02 Devices
 Security Devices
Access Levels

Access levels are integral in computer systems, dictating users'

permissions based on their roles. For instance, in a hospital
setting, cleaners wouldn't have access to patient medical data,
whereas consultants would. These levels are typically managed
through usernames and passwords. In databases, access
control extends to reading, writing, and deleting data, often
implemented through various data table views. Social networks
like Facebook commonly employ four access levels: public,
friends, custom (allowing users to personalize access), and data
owner-exclusive data. Privacy settings are often used in these
 Security Devices
The two primary types of anti-malware are anti-virus and anti-
spyware. While anti-virus software focuses on identifying and
removing viruses, anti-spyware targets spyware programs
illicitly installed on a user's system. Anti-spyware operates
Anti-virus &
through rule-based or file structure-based methods to detect Anti-spyware
spyware. Nowadays, it's often bundled with anti-virus and
personal firewall software. Key features of anti-spyware include
detecting and removing existing spyware, preventing new
installations, file encryption for enhanced security, encrypting
keyboard strokes to counter keylogging, blocking unauthorized
access to webcam and microphone, and scanning for stolen
personal information to alert users of potential breaches.
 Security Devices

Authentication involves verifying a user's identity through

Authentication three common factors: something they know (like a
password), something they have (such as a mobile device),
and something unique to them (like biometrics). Passwords
are widely used for data and system access, often alongside
usernames, and should be strong to resist cracking, typically
containing capital letters, numbers, and special characters.
It's crucial to safeguard passwords against spyware and
choose robust, difficult-to-guess combinations. Systems
often limit login attempts and may require password resets
via email for added security. Combining usernames with
passwords enhances security, ensuring matching credentials
 Security Devices
Biometrics
Biometrics, such as fingerprint, retina, face, and voice recognition,
offer unique human characteristics for user identification, used in
various security applications like mobile phone access or
pharmaceutical entry. Fingerprint scans match ridge and valley
patterns against stored images, boasting high accuracy and
irreplaceable uniqueness, though setup costs and potential damage
to fingers pose drawbacks. Retina scans use infrared light to capture
blood vessel patterns, ensuring high security with minimal replication
possibility, despite discomfort during scanning. Face and voice
recognition provide non-intrusive methods but face recognition may
be affected by lighting and facial changes, while voice recognition
 Security Devices
Two-step verification enhances security by requiring two
authentication methods to confirm a user's identity.
Typically used in online purchases with credit/debit cards,
Two Step
it involves initial login with a username and password
(step 1), followed by the receipt of an eight-digit PIN via Verification
email or text message (step 2). This PIN serves as a one-
time passcode, confirming authorization for the
transaction. In this process, the mobile phone acts as
something the user possesses, while the password/PIN
code represents something they know, aligning with
authentication principles.
 Security Devices

Automatic software updates ensure that software on

computers and mobile devices remains current, often
Automatic Software occurring overnight or upon device logout. These
updates are crucial as they may include security
Update
patches to guard against malware and enhance
software performance by fixing bugs and introducing
new features. However, there's a risk of disruption to
the device post-installation. In such cases, users may
need to wait for further patches or utilize techniques
like system restore to revert to a previous state before
the updates were applied.
 Security Devices
Authenticity
Before opening emails or clicking on links, it's crucial to perform three checks to ensure
security and authenticity. Firstly, scrutinize the spelling and grammar in the email and
links, as reputable organizations typically maintain professionalism without major errors
(e.g., "Amazzon.com"). Secondly, assess the tone of the message; if it feels rushed or
inappropriate, it may indicate a phishing attempt. Thirdly, examine the email address for
legitimacy, ensuring it matches the company's name after the '@' symbol and doesn't
use generic domains like "@gmail.com." Additionally, beware of suspicious links that
deviate from the email's content and watch out for common typosquatting tactics, such
as misspelled URLs (e.g., "www.gougle.com"). Finally, check for any blatant spelling
mistakes in URLs, as they could indicate fraudulent activity. For instance, a purported link
from TKMaxx with errors in the company name and domain ("http://www.tkmax.co.ie")
should raise concerns.
 Security Devices
Firewalls act as a protective barrier between a user's computer
or internal network and external networks like the internet,
filtering incoming and outgoing data to prevent hacking,
malware, phishing, and pharming attacks. They can be either
hardware or software-based and perform tasks such as Firewalls
examining network traffic, blocking unauthorized access, and
logging activity for later analysis. Firewalls can also restrict
access to undesirable sites and prevent viruses or hackers from
entering the system. However, they have limitations, including
inability to control individual hardware devices bypassing the
firewall, address employee misconduct or negligence, and
prevent users from disabling the firewall on standalone
 Security Devices

Proxy servers function as intermediaries between users

and web servers, filtering internet traffic and enhancing
security by keeping users' IP addresses confidential.
They enable access to web servers for valid traffic while
Proxy Server
denying access to invalid requests and can block
requests from specific IP addresses. By intercepting
attacks, such as hacking or Denial of Service (DDoS),
proxy servers provide additional protection to web
servers. Additionally, they utilize caching to accelerate
access to website data, storing web pages on the proxy
server for faster retrieval upon subsequent visits. Proxy
 Security Devices
Privacy Settings
Privacy settings encompass controls available on web browsers, social network
profiles, and other websites to regulate access rights, discussed earlier. They
include features like 'do not track' settings to prevent data collection, checking for
saved payment methods to enhance security, and safer browsing alerts for
potentially dangerous websites. Additionally, privacy options in web browsers
cover aspects like storing browsing history and cookies, while website advertising
opt-outs allow users to avoid tracking by third parties for advertising purposes.
Moreover, privacy settings extend to apps, enabling users to control the sharing of
location data, such as in map apps.
 Security Devices
Secure Sockets Layer (SSL) is a protocol facilitating secure
communication between computers over a network, ensuring
data transmission over the internet is encrypted. When SSL is
active, users see "https" or a padlock icon in the browser's Secure Socket
status bar. During website login, SSL encrypts data exchanged
between the user's computer and the web server, ensuring
Layers
only these entities can decipher the information. When (SSL)
accessing a secure website, the browser and server exchange
SSL certificates to authenticate each other, enabling secure
two-way data transfer. SSL certificates verify the authenticity of
websites, ensuring secure communication, and are vital for
online banking, shopping, email exchange, cloud storage, VoIP,
QUIZ
TIME!
1) Fill in the blanks(Ethical, Proxy server, SSL, Malicious, Trojan horse, Adware,
Spyware, Host, Biometrics, Phishing, Pharming).You may use each word once.

…………………….. hacking is when companies authorise paid hackers to test how

robust their computer systems are to hacking attacks. While ……………………..
hacking is illegally accessing a user computer without their permission,
…………………….. covertly monitors user activity, transmitting gathered
information to the perpetrator.

Viruses need a …………………….. program before it can actually start harming

the device.

…………………….. which is often disguised as legitimate software but with

malicious code embedded within it.

…………………….. redirects a user’s browser to a website that contains

promotional advertising by search requests, and could appear in the form of
pop-ups/ browser’s toolbar.
2)Fill in the blanks.

a) Wireless data interception can be carried out using ……………………..

b) A technique that hackers systematically try all the different combinations of

letters, numbers and other symbols until eventually they find your password.
……………………..

c) A malware that gathers information by monitoring a user’s activities carried

out on their computer and send the information back to the cybercriminal.
……………………..

d) This occurs when a malicious code redirects a user’s browser to fake websites
without the knowledge of the user. ……………………..

e) Wired data interception can be carried out using ……………………..

f) A malware that shows users unwanted advertisements. ……………………..

g) A malware that encrypts data, demanding payment for decryption keys

……………………..
3) A user wants to check if he is on a secure website.

a) What two things should he check to see if a website is secure?

……………………..

……………………..
4) Multiple Choice

a) Acts as a protective barrier between a user's computer or internal network

and external networks like the internet.

A. Secure Socket Layers (SSL) B. Automatic Software Update C. Firewalls

b) Fingerprint, retina, face, and voice recognition are use for user
identification.
A. Proxy Server B. Biometrics C.
Authenticity
c) enhances security by requiring two authentication methods to confirm a
user's identity.

A. Authenticity B. Two-Step Verification C. Access

Levels
THANK
YOU!