SlideShare a Scribd company logo

CS_UNIT 2(P3).pptx

Download as PPTX, PDF
G
GaytriDhingra1

This document discusses security challenges posed by mobile devices. It begins by outlining three main types of threats: application-based threats like malware and spyware; web-based threats like phishing and drive-by downloads; and network-based threats when using public WiFi. Application-based threats occur when malicious apps steal data or request unnecessary permissions. Web-based threats happen through compromised websites that download malware. Network-based threats risk intercepting unencrypted data on public WiFi networks. The document provides examples for each threat type and recommends mitigation strategies like mobile application management, secure web browsing practices, and VPNs for public networks. Managing a variety of personal and company-owned devices poses additional challenges to

Related slideshows

IP Security
IP SecurityIP Security
IP Security
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
1 of 27
UNIT 2  Credit Card Frauds in Mobile & Wireless Computing Era  Security Challenges  Registry Settings for Mobile Devices  Authentication Service Security  Attacks on Mobile/Cell Phones
 Trends in Mobility  In the past two decades, we’ve not only cut the cord between our phones and the wall, but we have gained the ability to stream video, play games, and access the web from what has essentially become a powerful handheld computer. 5G will push those capabilities to the next level.  Since the late 1970s, the ability to communicate with others using a device that is untethered to a wire has changed the way people interact, whether they are located across the street or in another country. Prior to the introduction of cellular technology, ham shortwave and FM radios provided two-way communication to those willing to learn Morse code and obtain a license. Citizens band (CB) radios offered up to 20-mile links and became wildly popular with the mass market in the early to mid-1960s. However, weather conditions and time of day had a major influence on reliability of ham radio links, while transmission power limits and chatty enthusiasts reduced the usefulness of CB.
CS_UNIT 2(P3).pptx
 The industry needed a system that consumed little energy to enable small portable devices to operate on battery power. Cellular phones evolved to meet this need. Rather than adopt a point-to-point long-distance strategy, cellular phones link to a grid of local relay base stations.  A progression of enhanced technical standards enabled compatibility among devices and opened the door to development of a rapidly expanding market. Efficient network management was the other key to development of advanced cellular communication systems in terms of speed, reliability, latency, capacity, and additional features.

Recommended for you

Lightweight cryptography
Lightweight cryptographyLightweight cryptography
Lightweight cryptography

This document discusses lightweight cryptography. It begins by defining lightweight cryptography as cryptographic primitives designed for devices with limited resources like memory, speed and power consumption. It then outlines various lightweight cryptographic mechanisms like block ciphers, hash functions, stream ciphers and authenticated ciphers. For each mechanism, it discusses their desirable properties and design principles. It also discusses implementation issues like decryption costs and resistance to related key attacks. Finally, it mentions the Fair Evaluation of Lightweight Cryptographic Systems (FELICS) benchmarking tool for evaluating and comparing the performance of lightweight cryptographic algorithms on different platforms.

 
by Shivam Singh
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview

This presentation gives you an overview of stages of digital forensics and where should you look for evidence.

 
by Yansi Keim
cyber securitydigital forensics
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx

The document discusses security challenges posed by increased use of mobile and wireless devices, including risks of malware, hacking, and data theft. It covers types of mobile devices and attacks like viruses, smishing, and vishing. It also provides recommendations for securing mobile devices like using passwords, encryption, and anti-theft tracking software.

 
by Ramya Nellutla
 The first generation of mobile networks, dubbed 1G, was introduced in Japan in 1979. It offered analog 2.4Kb/s with limited coverage and no roaming support. In 1991, 2G employed digital signaling to bump the speed to 64Kb/s and used the Global System for Mobile Communications (GSM) standard for improved voice fidelity and reliability. It also ushered in the ability to send text messages and photos. 3G was introduced in 2001 and harmonized global standards, along with 256Kb/s speed. Additional functions included video conferencing, streaming, and Voice over Internet Protocol (VoIP). The fourth and most common generation in use today, 4G Long-Term Evolution (LTE), can deliver speeds to 1Gb/s for high-definition video, web access, and gaming applications.  We are now on the cusp of 5G, which is designed to support the escalating demands of a universe of Internet of Things (IoT), explosion of consumer video, telemedicine, telework, and future autonomous transportation. In addition to a 10 times to as much as 100 times increase in speed, latency will be dramatically reduced. The ability to support many more connected devices with greater network efficiency and reduced latency is driving the transition to 5G.
CS_UNIT 2(P3).pptx
CS_UNIT 2(P3).pptx
Credit Card Frauds & Wireless Computing Era Types of Credit Card Frauds  Traditional Techniques:  paper based fraud – criminal uses stolen or fake documents, to open an account in someone else’s name.  can be divided into ID theft  Financial fraud  illegal use of lost or stolen card  Modern Techniques:  enable criminals to produce fake or doctored cards.  Skimming process 1. Triangulation 2. Credit Card Generators (From Book)

Recommended for you

Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation

This slide explains the design part as well as implementation part of the firewall. And also tells about the need of firewall and firewall capabilities.

 
by ajeet singh
Active and Passive Network Attacks
Active and Passive Network AttacksActive and Passive Network Attacks
Active and Passive Network Attacks

The document discusses active and passive network attacks. An active attack intercepts network connections to alter message content, potentially changing system resources, while a passive attack observes and copies messages without altering them, so the victim is not notified. Common active and passive attacks are man-in-the-middle attacks and packet sniffing, respectively. The document also provides tips for preventing security attacks like keeping software updated and using firewalls and strong passwords.

 
by Pradipta Poudel
networknetworkinginternet
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms

Vulnerabilities are weaknesses that attackers can exploit to gain unauthorized access to a network or its resources. Attacks are attempts to damage, access, or misuse assets without permission. Network security mechanisms detect, prevent, and recover from attacks using methods like routing control, traffic padding, encryption, access control, digital signatures, and ensuring data integrity.

 
by priya_trehan
Triangulation Method - aim to create great deal of confusion for the authorities.
Main challenges involved in credit card fraud detection are:  Enormous Data is processed every day and the model build must be fast enough to respond to the scam in time.  Imbalanced Data i.e most of the transactions (99.8%) are not fraudulent which makes it really hard for detecting the fraudulent ones  Data availability as the data is mostly private.  Misclassified Data can be another major issue, as not every fraudulent transaction is caught and reported.  Adaptive techniques used against the model by the scammers.
Security challenges posed by mobile devices (FROM PPT) Mobility brings two main challenges to cyber security: first, on the hand-held devices, information is being taken outside the physically controlled environment. and Second, remote access back to the protected environment is being granted. The importance of providing employees with remote access and the ability to work from anywhere means that organizations need to implement tools that increase the security of mobile devices. Mobile phone security threats generally include application based, web-based, network-based, physical threats (or challenges) and technical challenges.
Security challenges posed by mobile devices 1. Application based threat: Application-based threats happen when people download apps that look legitimate but actually skim data from their device. Even legitimate apps often request more permission than needed to perform their function, which can expose more data than necessary. Examples are spyware and malware that steal personal and business information without people realizing it’s happening. These threats also includes Data Leakage via Malicious Apps (as hackers can easily find an unprotected mobile app and use that unprotected app to design larger attacks or steal data, digital wallets, backend details, and other juicy bits directly from the app) and Zero Day Vulnerabilities (zero-day vulnerabilities that left its devices open for spyware attacks and released a patch to protect users against these vulnerabilities. A software vulnerability discovered by attackers before the vendor has become aware of it. Because the vendors are unaware, no patch exists for zero-day vulnerabilities, making attacks likely to succeed)

Recommended for you

Module 2_ Cyber offenses & Cybercrime.pptx
Module 2_ Cyber offenses & Cybercrime.pptxModule 2_ Cyber offenses & Cybercrime.pptx
Module 2_ Cyber offenses & Cybercrime.pptx

This document discusses various cybercrimes and security issues related to mobile and wireless devices. It describes how criminals plan cyber attacks using techniques like social engineering, malware distribution, and exploiting vulnerabilities. Specific cybercrimes addressed include phishing, cyber stalking, crimes at cyber cafes, and the use of botnets. The document also covers attack vectors, the proliferation of mobile devices, and security challenges they pose like data leakage and malware. Recommendations are provided for protecting devices and networks from these threats.

 
by nikshaikh786
be-iloc
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data mining

This document describes a project to develop an intrusion detection system using data mining techniques. It discusses approaches to intrusion detection including signature-based and anomaly-based methods. For the project, a hybrid network-based and host-based intrusion detection system is proposed. Data preprocessing and mining techniques including clustering, outlier detection, and classification are applied to network packet data and system call logs to detect attacks.

 
by balbeerrawat
ppt
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function

This document discusses firewalls and their types and functions. It defines a firewall as a system used to control access between trusted and untrusted networks using pre-configured rules. There are two main types of firewalls - hardware firewalls which are physical devices that protect entire networks, and software firewalls which are applications installed on individual computers. The document also outlines several firewall techniques including packet filtering, application gateways, circuit-level gateways, and bastion hosts. It provides examples of what personal firewalls can and cannot do to protect individual computers.

 
by Nisarg Amin
Security challenges posed by mobile devices 1. Application based threat: Contd…. The best way to protect your organization against data leakage (or App based threats) through malicious or unsecured applications is by using mobile application management (MAM) tools. These tools allow IT admins to manage corporate apps (wipe or control access permissions) on their employees’ devices without disrupting employees’ personal apps or data.
Security challenges posed by mobile devices 2. Web based threat: Web-based threats are subtle and tend to go unnoticed. They happen when people visit affected sites that seem fine on the front-end but, in reality, automatically download malicious content onto devices. Examples: Phishing Scams Social Engineering Drive By Downloads Operating System Flaws
Security challenges posed by mobile devices 2. Web based threat: Contd… Social Engineering Social engineering attacks are when bad actors send fake emails (phishing attacks) or text messages (smishing attacks) to your employees in an effort to trick them into handing over private information like their passwords or downloading malware onto their devices. Drive By Downloads Drive by download attacks specifically refer to malicious programs that install to your devices — without your consent. This also includes unintentional downloads of any files or bundled software onto a computer device. Operating System Flaws Operating system (OS) vulnerabilities are exposures within an OS that allow cyber attackers to cause damage on any device where the OS is installed. Large numbers of mobile devices are not kept up to date with operating system releases. Out of date operating systems mean devices are vulnerable to security threats that are patched in the later versions. Mobile security requires continuous work to find and patch vulnerabilities that bad actors use to gain unauthorized access to your systems and data.
Security challenges posed by mobile devices 2. Web based threat: Contd… Tips to Combat Web based threats  The best defense for phishing and other social engineering attacks is to teach employees how to spot phishing emails and SMS messages that look suspicious and avoid falling prey to them altogether.  Reducing the number of people who have access to sensitive data or systems can also help protect your organization against social engineering attacks because it reduces the number of access points attackers have to gain access to critical systems or information.  Only use your computer’s admin account for program installations. Keep your web browser and operating system up to date. Be wary of keeping too many unnecessary programs and apps. Always avoid websites that may contain malicious code. Carefully read and examine security popups on the web before clicking. Use Ad-Blocker

Recommended for you

Cryptography
CryptographyCryptography
Cryptography

This PPT explains about the term "Cryptography - Encryption & Decryption". This PPT is for beginners and for intermediate developers who want to learn about Cryptography. I have also explained about the various classes which .Net provides for encryption and decryption and some other terms like "AES" and "DES".

 
by Shivanand Arur
.net frameworkasp.netaes
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptx

Cybercrime involves illegal activities carried out using digital technology, often with criminal intent. Information security focuses on protecting systems and data from cyber threats. The Indian IT Act defines cybercrimes like hacking, data theft, and cyberbullying and prescribes penalties. It has undergone amendments to address new technologies. Other countries also have their own laws regulating electronic transactions, data protection, and cybersecurity.

 
by nikshaikh786
be-iloc
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptography

This document summarizes classical encryption techniques such as secret key cryptography, stream ciphers, block ciphers, substitution techniques like the Caesar cipher and Playfair cipher, polyalphabetic ciphers like the Vigenère cipher, and the theoretically unbreakable one-time pad cipher. It explains the basic components and workings of these classical encryption schemes.

 
by Prabhat Goel
Security challenges posed by mobile devices 3. Network-based threat: Network-based threats are especially common and risky because cybercriminals can steal unencrypted data while people use public WiFi networks. Users often rely on public Wi-Fi to stay connected when they work outside the office. These unsecured Wi-Fi networks can allow malware to be installed on devices or eavesdroppers to intercept data. Public WiFi networks are generally less secure than private networks because there’s no way to know who set the network up, how (or if) it’s secured with encryption, or who is currently accessing it or monitoring it. And as more companies offer remote work options, the public WiFi networks your employees use to access your servers (e.g., from coffee shops or cafes) could present a risk to your organization. For example, cybercriminals often set up WiFi networks that look authentic but are actually a front to capture data that passes through their system (a “man in the middle” attack). Examples: •Network Exploits •WiFi Sniffing •Packet Sniffing •BYOD (Bring Your Own Device)
Security challenges posed by mobile devices 3. Network-based threat: Contd…. There’s no single standard for mobile devices, especially when you allow BYOD rather than supplying the devices. Because of the variety of devices and operating systems, it’s difficult to apply controls consistently to ensure the safety of all of them.
Security challenges posed by mobile devices 3. Network-based threat: Contd…. Tips to Combat The best way for you to protect your organization against threats over public WiFi networks is by requiring employees to use a VPN to access company systems or files. This will ensure that their session stays private and secure, even if they use a public network to access your systems.
Security challenges posed by mobile devices 4. Physical Threats: Physical threats to mobile devices most commonly refer to the loss or theft of a device. Because hackers have direct access to the hardware where private data is stored, this threat is especially dangerous to enterprises. Example - Loss/Theft: Loss or theft is the most unwanted physical threat to the security of your mobile device. Any devices itself has value and can be sold on the secondary market after all your information is stolen and sold. Tips to Combat First and foremost, you’ll want to ensure employees know what steps to take if they lose their device. Since most devices come with remote access to delete or transfer information, that should include asking employees to make sure those services are activated

Recommended for you

PPT steganography
PPT steganographyPPT steganography
PPT steganography

This document discusses steganography, which is hiding messages within seemingly harmless carriers or covers so that no one apart from the intended recipient knows a message has been sent. It provides examples of steganography in text, images, and audio, as well as methods used for each. These include techniques like least significant bit insertion and temporal sampling rates. The document also covers steganalysis, which aims to detect hidden communications by analyzing changes in the statistical properties of covers.

 
by parvez Sharaf
Digital forensics
Digital forensicsDigital forensics
Digital forensics

Digital forensics is the preservation, identification, extraction and documentation of computer evidence for use in courts. There are various branches including network, firewall, database and mobile device forensics. Digital forensics helps solve cases of theft, fraud, hacking and viruses. Challenges include increased data storage, rapid technology changes and lack of physical evidence. Three case studies showed how digital forensics uncovered evidence through encrypted communications, text messages and diverted drug operations. The future of digital forensics includes more sophisticated tools and techniques to analyze large amounts of data.

 
by Roberto Ellis
lawhackingcyber crime
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities

Social engineering and phishing attacks are the largest threats to companies, as attackers are increasingly relying on tricking users to gain access to systems. Mobile malware and internet-connected devices are also growing vulnerabilities, as more business is conducted and data is stored on mobile and cloud systems. Companies need to invest in protections against these emerging threats like social engineering, mobile malware, cloud vulnerabilities, and weaknesses in the growing Internet of Things. Staying ahead of changing attack types can help reduce vulnerabilities, but protecting against current and future risks is a ongoing challenge.

 
by Siemplify
cyber security automationcyber security orchestrationcyber incident response
Security challenges posed by mobile devices 5. Technical challenges in mobile security are:  Managing the registry settings and configurations,  Authentication service security,  Cryptography security,  Remote access server (RAS) security, Media player control security, Networking application program interface (API), security etc.
Registry Settings for Mobile Devices: Let us understand the issue of registry settings on mobile devices through an example: Microsoft Activesync is meant for synchronization with Windows-powered personal computers (PCs) and Microsoft Outlook. ActiveSync acts as the "gateway between Windows-powered PC and Windows mobile-powered device, enabling the transfer of applications such as Outlook information, Microsoft Office documents, pictures, music, videos and applications from a user's desktop to his/her device. In addition to synchronizing with a PC, ActiveSync can synchronize directly with the Microsoft exchange server so that the users can keep their E-Mails, calendar, notes and contacts updated wirelessly when they are away from their PCs. In this context, registry setting becomes an important issue given the ease with which various applications allow a free flow of information.
Authentication Service Security: There are two components of security in mobile computing: 1. security of devices and 2. security in networks. A secure network access involves authentication between the device and the base stations or Web servers. This is to ensure that only authenticated devices can be connected to the network for obtaining the requested services. No Malicious Code can impersonate the service provider to trick the device into doing something it does not mean to. Thus, the networks also play a crucial role in security of mobile devices. Some eminent kinds of attacks to which mobile devices are subjected to are: push attacks, pull attacks and crash attacks. Authentication services security is important given the typical attacks on mobile devices through wireless networks: Dos attacks, traffic analysis, eavesdropping, man-in-the-middle attacks and session hijacking. Security measures in this scenario come from Wireless Application Protocols (WAPs), use of VPNs, media access control (MAC) address filtering and development in 802.xx standards.
Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Mobile phones have become an integral part of everbody's life and the mobile phone has transformed from being a luxury to a bare necessity. Increase in the purchasing power and availability of numerous low cost handsets have also lead to an increase in mobile phone users. Theft of mobile phones has risen dramatically over the past few years. Since huge section of working population in India use public transport, major locations where theft occurs are bus stops, railway stations and traffic signals. Attacks on Cell phones increases because of  increasing usage of cell phones and availability of internet using cell phones.  Increasing demand of WiFi zones in Metropolitans & extensive usage of cell phones with the lack of awareness/knowledge about the vulnerabilities of the technology.

Recommended for you

Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1

This document discusses cyber forensics and investigating large scale data breaches. It begins by defining cyber forensics as an electronic discovery technique used to determine and reveal technical criminal evidence, often involving extracting electronic data for legal purposes. It then discusses challenges in investigating corporate networks due to different operating systems, file systems, and administrative access used. When investigating large data breaches, security exploits and employee devices are common entry points, while pace of growth and lack of evidence erasure complicate progress. The Yahoo breach example turned tides by providing data to investigators that aided geopolitical understanding. Immediate actions include response and isolation, while tools like COFEE, SIFT, and ProDiscover aid forensic analysis at different levels.

 
by Manu Mathew Cherian
cyber forensicsdata breach
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it

Hi friends, Here is the ppt on what is cryptography and types of attacks with an in-depth explanation of every topic in it.

 
by lavakumar Thatisetti
cryptographyattacks in cryptographyattacks
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx

This document discusses security challenges related to mobile and wireless devices. It covers the proliferation of these devices and trends in mobility. Some key security issues addressed include malware attacks on mobile networks, credit card fraud, and technical challenges like managing registry settings, authentication, cryptography, and securing APIs. The document emphasizes that properly configuring baseline security is important to address many mobile security issues.

 
by 1SI19IS064TEJASS
Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Contd….. The following factors contribute for outbreaks on mobile devices: 1. Enough target terminals: The first Palm OS virus was seen after the number of Palm OS devices reached 15 million. The first instance of a mobile virus was observed during June 2004 when it was discovered that an organization "Ojam" had engineered an antipiracy Trojan virus in older versions of their mobile phone game known as Mosquito. This virus sent SMS text messages to the organization without the users' knowledge.
Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Contd….. 2. Enough functionality: Mobile devices are increasingly being equipped with office functionality and already carry critical data and applications, which are often protected insufficiently or not at all. The expanded functionality also increases the probability of malware. 3. Enough connectivity: Smartphones offer multiple communication options, such as SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections. Therefore, unfortunately, the increased amount of freedom also offers more choices for virus writers.
Attacks on Mobile/Cell Phones (Same as Book) 2. Mobile Viruses: Mobile Viruses 3. Mishing: Mishing 4. Vishing: Vishing 5. Smishing: Smishing 6. Hacking Bluetooth: Hacking Bluetooth

More Related Content

What's hot

IP Security
IP SecurityIP Security
IP Security
Keshab Nath
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
Zaheer720515
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
OECLIB Odisha Electronics Control Library
 
Lightweight cryptography
Lightweight cryptographyLightweight cryptography
Lightweight cryptography
Shivam Singh
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
Yansi Keim
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
Ramya Nellutla
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
ajeet singh
 
Active and Passive Network Attacks
Active and Passive Network AttacksActive and Passive Network Attacks
Active and Passive Network Attacks
Pradipta Poudel
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
priya_trehan
 
Module 2_ Cyber offenses & Cybercrime.pptx
Module 2_ Cyber offenses & Cybercrime.pptxModule 2_ Cyber offenses & Cybercrime.pptx
Module 2_ Cyber offenses & Cybercrime.pptx
nikshaikh786
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data mining
balbeerrawat
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
Nisarg Amin
 
Cryptography
CryptographyCryptography
Cryptography
Shivanand Arur
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptx
nikshaikh786
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptography
Prabhat Goel
 
PPT steganography
PPT steganographyPPT steganography
PPT steganography
parvez Sharaf
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Roberto Ellis
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
Siemplify
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
Manu Mathew Cherian
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
lavakumar Thatisetti
 

What's hot (20)

IP Security
IP SecurityIP Security
IP Security
 
Security Attacks.ppt
Security Attacks.pptSecurity Attacks.ppt
Security Attacks.ppt
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Lightweight cryptography
Lightweight cryptographyLightweight cryptography
Lightweight cryptography
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Active and Passive Network Attacks
Active and Passive Network AttacksActive and Passive Network Attacks
Active and Passive Network Attacks
 
Security Mechanisms
Security MechanismsSecurity Mechanisms
Security Mechanisms
 
Module 2_ Cyber offenses & Cybercrime.pptx
Module 2_ Cyber offenses & Cybercrime.pptxModule 2_ Cyber offenses & Cybercrime.pptx
Module 2_ Cyber offenses & Cybercrime.pptx
 
Intrusion detection using data mining
Intrusion detection using data miningIntrusion detection using data mining
Intrusion detection using data mining
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and function
 
Cryptography
CryptographyCryptography
Cryptography
 
Module 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptxModule 1- Introduction to Cybercrime.pptx
Module 1- Introduction to Cybercrime.pptx
 
Secret key cryptography
Secret key cryptographySecret key cryptography
Secret key cryptography
 
PPT steganography
PPT steganographyPPT steganography
PPT steganography
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Cyber Security Vulnerabilities
Cyber Security VulnerabilitiesCyber Security Vulnerabilities
Cyber Security Vulnerabilities
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
What is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in itWhat is Cryptography and Types of attacks in it
What is Cryptography and Types of attacks in it
 

Similar to CS_UNIT 2(P3).pptx

Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
1SI19IS064TEJASS
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
IJERA Editor
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
kostikjaylonshaewe47
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environment
IBM Software India
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to Solve
Icomm Technologies
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
acijjournal
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and Threats
IRJET Journal
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
Peter Wood
 
Protecting Americas Next Generation Networks
Protecting Americas Next Generation NetworksProtecting Americas Next Generation Networks
Protecting Americas Next Generation Networks
Digital Policy and Law Consulting
 
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
ijccsa
 
International Journal on Cloud Computing: Services and Architecture (IJCCSA)
International Journal on Cloud Computing: Services and Architecture (IJCCSA)International Journal on Cloud Computing: Services and Architecture (IJCCSA)
International Journal on Cloud Computing: Services and Architecture (IJCCSA)
ijccsa
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paper
Imaging Network Technology, LLC
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
Elanthendral Mariappan
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
Kavita Rastogi
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
BryCunal
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
UthsoNandy
 
Information security
Information securityInformation security
Information security
Appin Faridabad
 
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
iosrjce
 
L017326972
L017326972L017326972
L017326972
IOSR Journals
 
C018131821
C018131821C018131821
C018131821
IOSR Journals
 

Similar to CS_UNIT 2(P3).pptx (20)

Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
 
Cn35499502
Cn35499502Cn35499502
Cn35499502
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environment
 
Mobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to SolveMobility, Security and the Enterprise: The Equation to Solve
Mobility, Security and the Enterprise: The Equation to Solve
 
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
Do New Mobile Devices in Enterprises Pose A Serious Security Threat?
 
IRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and ThreatsIRJET- Android Device Attacks and Threats
IRJET- Android Device Attacks and Threats
 
The Consumerisation of Corporate IT
The Consumerisation of Corporate ITThe Consumerisation of Corporate IT
The Consumerisation of Corporate IT
 
Protecting Americas Next Generation Networks
Protecting Americas Next Generation NetworksProtecting Americas Next Generation Networks
Protecting Americas Next Generation Networks
 
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
A Multi-Layer Real Time Remote Monitoring & Corporate Network System For Viru...
 
International Journal on Cloud Computing: Services and Architecture (IJCCSA)
International Journal on Cloud Computing: Services and Architecture (IJCCSA)International Journal on Cloud Computing: Services and Architecture (IJCCSA)
International Journal on Cloud Computing: Services and Architecture (IJCCSA)
 
Network monitoring white paper
Network monitoring white paperNetwork monitoring white paper
Network monitoring white paper
 
Cybercrimes
CybercrimesCybercrimes
Cybercrimes
 
Report on Mobile security
Report on Mobile securityReport on Mobile security
Report on Mobile security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Network Security of Data Protection
Network Security of Data ProtectionNetwork Security of Data Protection
Network Security of Data Protection
 
Information security
Information securityInformation security
Information security
 
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...
 
L017326972
L017326972L017326972
L017326972
 
C018131821
C018131821C018131821
C018131821
 

Recently uploaded

L1 L2- NLC PPT for Grade 10 intervention
L1 L2- NLC PPT for Grade 10 interventionL1 L2- NLC PPT for Grade 10 intervention
L1 L2- NLC PPT for Grade 10 intervention
RHODAJANEAURESTILA
 
Final_SD_Session3_Ferriols, Ador Dionisio, Fajardo.pptx
Final_SD_Session3_Ferriols, Ador Dionisio, Fajardo.pptxFinal_SD_Session3_Ferriols, Ador Dionisio, Fajardo.pptx
Final_SD_Session3_Ferriols, Ador Dionisio, Fajardo.pptx
shimeathdelrosario1
 
Principles of Roods Approach!!!!!!!.pptx
Principles of Roods Approach!!!!!!!.pptxPrinciples of Roods Approach!!!!!!!.pptx
Principles of Roods Approach!!!!!!!.pptx
ibtesaam huma
 
(T.L.E.) Agriculture: Essentials of Gardening
(T.L.E.) Agriculture: Essentials of Gardening(T.L.E.) Agriculture: Essentials of Gardening
(T.L.E.) Agriculture: Essentials of Gardening
MJDuyan
 
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptxBRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
kambal1234567890
 
AI_in_HR_Presentation Part 1 2024 0703.pdf
AI_in_HR_Presentation Part 1 2024 0703.pdfAI_in_HR_Presentation Part 1 2024 0703.pdf
AI_in_HR_Presentation Part 1 2024 0703.pdf
SrimanigandanMadurai
 
Book Allied Health Sciences kmu MCQs.docx
Book Allied Health Sciences kmu MCQs.docxBook Allied Health Sciences kmu MCQs.docx
Book Allied Health Sciences kmu MCQs.docx
drtech3715
 
NLC Grade 3.................................... ppt.pptx
NLC Grade 3.................................... ppt.pptxNLC Grade 3.................................... ppt.pptx
NLC Grade 3.................................... ppt.pptx
MichelleDeLaCruz93
 
How to Handle the Separate Discount Account on Invoice in Odoo 17
How to Handle the Separate Discount Account on Invoice in Odoo 17How to Handle the Separate Discount Account on Invoice in Odoo 17
How to Handle the Separate Discount Account on Invoice in Odoo 17
Celine George
 
NAEYC Code of Ethical Conduct Resource Book
NAEYC Code of Ethical Conduct Resource BookNAEYC Code of Ethical Conduct Resource Book
NAEYC Code of Ethical Conduct Resource Book
lakitawilson
 
How to Configure Time Off Types in Odoo 17
How to Configure Time Off Types in Odoo 17How to Configure Time Off Types in Odoo 17
How to Configure Time Off Types in Odoo 17
Celine George
 
Is Email Marketing Really Effective In 2024?
Is Email Marketing Really Effective In 2024?Is Email Marketing Really Effective In 2024?
Is Email Marketing Really Effective In 2024?
Rakesh Jalan
 
Split Shifts From Gantt View in the Odoo 17
Split Shifts From Gantt View in the Odoo 17Split Shifts From Gantt View in the Odoo 17
Split Shifts From Gantt View in the Odoo 17
Celine George
 
AI Risk Management: ISO/IEC 42001, the EU AI Act, and ISO/IEC 23894
AI Risk Management: ISO/IEC 42001, the EU AI Act, and ISO/IEC 23894AI Risk Management: ISO/IEC 42001, the EU AI Act, and ISO/IEC 23894
AI Risk Management: ISO/IEC 42001, the EU AI Act, and ISO/IEC 23894
PECB
 
National Learning Camp( Reading Intervention for grade1)
National Learning Camp( Reading Intervention for grade1)National Learning Camp( Reading Intervention for grade1)
National Learning Camp( Reading Intervention for grade1)
SaadaGrijaldo1
 
Howe Writing Center - Orientation Summer 2024
Howe Writing Center - Orientation Summer 2024Howe Writing Center - Orientation Summer 2024
Howe Writing Center - Orientation Summer 2024
Elizabeth Walsh
 
How to Add Colour Kanban Records in Odoo 17 Notebook
How to Add Colour Kanban Records in Odoo 17 NotebookHow to Add Colour Kanban Records in Odoo 17 Notebook
How to Add Colour Kanban Records in Odoo 17 Notebook
Celine George
 
Delegation Inheritance in Odoo 17 and Its Use Cases
Delegation Inheritance in Odoo 17 and Its Use CasesDelegation Inheritance in Odoo 17 and Its Use Cases
Delegation Inheritance in Odoo 17 and Its Use Cases
Celine George
 
Chapter-2-Era-of-One-party-Dominance-Class-12-Political-Science-Notes-2 (1).pptx
Chapter-2-Era-of-One-party-Dominance-Class-12-Political-Science-Notes-2 (1).pptxChapter-2-Era-of-One-party-Dominance-Class-12-Political-Science-Notes-2 (1).pptx
Chapter-2-Era-of-One-party-Dominance-Class-12-Political-Science-Notes-2 (1).pptx
Brajeswar Paul
 
Front Desk Management in the Odoo 17 ERP
Front Desk Management in the Odoo 17 ERPFront Desk Management in the Odoo 17 ERP
Front Desk Management in the Odoo 17 ERP
Celine George
 

Recently uploaded (20)

L1 L2- NLC PPT for Grade 10 intervention
L1 L2- NLC PPT for Grade 10 interventionL1 L2- NLC PPT for Grade 10 intervention
L1 L2- NLC PPT for Grade 10 intervention
 
Final_SD_Session3_Ferriols, Ador Dionisio, Fajardo.pptx
Final_SD_Session3_Ferriols, Ador Dionisio, Fajardo.pptxFinal_SD_Session3_Ferriols, Ador Dionisio, Fajardo.pptx
Final_SD_Session3_Ferriols, Ador Dionisio, Fajardo.pptx
 
Principles of Roods Approach!!!!!!!.pptx
Principles of Roods Approach!!!!!!!.pptxPrinciples of Roods Approach!!!!!!!.pptx
Principles of Roods Approach!!!!!!!.pptx
 
(T.L.E.) Agriculture: Essentials of Gardening
(T.L.E.) Agriculture: Essentials of Gardening(T.L.E.) Agriculture: Essentials of Gardening
(T.L.E.) Agriculture: Essentials of Gardening
 
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptxBRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
BRIGADA ESKWELA OPENING PROGRAM KICK OFF.pptx
 
AI_in_HR_Presentation Part 1 2024 0703.pdf
AI_in_HR_Presentation Part 1 2024 0703.pdfAI_in_HR_Presentation Part 1 2024 0703.pdf
AI_in_HR_Presentation Part 1 2024 0703.pdf
 
Book Allied Health Sciences kmu MCQs.docx
Book Allied Health Sciences kmu MCQs.docxBook Allied Health Sciences kmu MCQs.docx
Book Allied Health Sciences kmu MCQs.docx
 
NLC Grade 3.................................... ppt.pptx
NLC Grade 3.................................... ppt.pptxNLC Grade 3.................................... ppt.pptx
NLC Grade 3.................................... ppt.pptx
 
How to Handle the Separate Discount Account on Invoice in Odoo 17
How to Handle the Separate Discount Account on Invoice in Odoo 17How to Handle the Separate Discount Account on Invoice in Odoo 17
How to Handle the Separate Discount Account on Invoice in Odoo 17
 
NAEYC Code of Ethical Conduct Resource Book
NAEYC Code of Ethical Conduct Resource BookNAEYC Code of Ethical Conduct Resource Book
NAEYC Code of Ethical Conduct Resource Book
 
How to Configure Time Off Types in Odoo 17
How to Configure Time Off Types in Odoo 17How to Configure Time Off Types in Odoo 17
How to Configure Time Off Types in Odoo 17
 
Is Email Marketing Really Effective In 2024?
Is Email Marketing Really Effective In 2024?Is Email Marketing Really Effective In 2024?
Is Email Marketing Really Effective In 2024?
 
Split Shifts From Gantt View in the Odoo 17
Split Shifts From Gantt View in the Odoo 17Split Shifts From Gantt View in the Odoo 17
Split Shifts From Gantt View in the Odoo 17
 
AI Risk Management: ISO/IEC 42001, the EU AI Act, and ISO/IEC 23894
AI Risk Management: ISO/IEC 42001, the EU AI Act, and ISO/IEC 23894AI Risk Management: ISO/IEC 42001, the EU AI Act, and ISO/IEC 23894
AI Risk Management: ISO/IEC 42001, the EU AI Act, and ISO/IEC 23894
 
National Learning Camp( Reading Intervention for grade1)
National Learning Camp( Reading Intervention for grade1)National Learning Camp( Reading Intervention for grade1)
National Learning Camp( Reading Intervention for grade1)
 
Howe Writing Center - Orientation Summer 2024
Howe Writing Center - Orientation Summer 2024Howe Writing Center - Orientation Summer 2024
Howe Writing Center - Orientation Summer 2024
 
How to Add Colour Kanban Records in Odoo 17 Notebook
How to Add Colour Kanban Records in Odoo 17 NotebookHow to Add Colour Kanban Records in Odoo 17 Notebook
How to Add Colour Kanban Records in Odoo 17 Notebook
 
Delegation Inheritance in Odoo 17 and Its Use Cases
Delegation Inheritance in Odoo 17 and Its Use CasesDelegation Inheritance in Odoo 17 and Its Use Cases
Delegation Inheritance in Odoo 17 and Its Use Cases
 
Chapter-2-Era-of-One-party-Dominance-Class-12-Political-Science-Notes-2 (1).pptx
Chapter-2-Era-of-One-party-Dominance-Class-12-Political-Science-Notes-2 (1).pptxChapter-2-Era-of-One-party-Dominance-Class-12-Political-Science-Notes-2 (1).pptx
Chapter-2-Era-of-One-party-Dominance-Class-12-Political-Science-Notes-2 (1).pptx
 
Front Desk Management in the Odoo 17 ERP
Front Desk Management in the Odoo 17 ERPFront Desk Management in the Odoo 17 ERP
Front Desk Management in the Odoo 17 ERP
 

CS_UNIT 2(P3).pptx

  • 1. UNIT 2  Credit Card Frauds in Mobile & Wireless Computing Era  Security Challenges  Registry Settings for Mobile Devices  Authentication Service Security  Attacks on Mobile/Cell Phones
  • 2.  Trends in Mobility  In the past two decades, we’ve not only cut the cord between our phones and the wall, but we have gained the ability to stream video, play games, and access the web from what has essentially become a powerful handheld computer. 5G will push those capabilities to the next level.  Since the late 1970s, the ability to communicate with others using a device that is untethered to a wire has changed the way people interact, whether they are located across the street or in another country. Prior to the introduction of cellular technology, ham shortwave and FM radios provided two-way communication to those willing to learn Morse code and obtain a license. Citizens band (CB) radios offered up to 20-mile links and became wildly popular with the mass market in the early to mid-1960s. However, weather conditions and time of day had a major influence on reliability of ham radio links, while transmission power limits and chatty enthusiasts reduced the usefulness of CB.
  • 4.  The industry needed a system that consumed little energy to enable small portable devices to operate on battery power. Cellular phones evolved to meet this need. Rather than adopt a point-to-point long-distance strategy, cellular phones link to a grid of local relay base stations.  A progression of enhanced technical standards enabled compatibility among devices and opened the door to development of a rapidly expanding market. Efficient network management was the other key to development of advanced cellular communication systems in terms of speed, reliability, latency, capacity, and additional features.
  • 5.  The first generation of mobile networks, dubbed 1G, was introduced in Japan in 1979. It offered analog 2.4Kb/s with limited coverage and no roaming support. In 1991, 2G employed digital signaling to bump the speed to 64Kb/s and used the Global System for Mobile Communications (GSM) standard for improved voice fidelity and reliability. It also ushered in the ability to send text messages and photos. 3G was introduced in 2001 and harmonized global standards, along with 256Kb/s speed. Additional functions included video conferencing, streaming, and Voice over Internet Protocol (VoIP). The fourth and most common generation in use today, 4G Long-Term Evolution (LTE), can deliver speeds to 1Gb/s for high-definition video, web access, and gaming applications.  We are now on the cusp of 5G, which is designed to support the escalating demands of a universe of Internet of Things (IoT), explosion of consumer video, telemedicine, telework, and future autonomous transportation. In addition to a 10 times to as much as 100 times increase in speed, latency will be dramatically reduced. The ability to support many more connected devices with greater network efficiency and reduced latency is driving the transition to 5G.
  • 8. Credit Card Frauds & Wireless Computing Era Types of Credit Card Frauds  Traditional Techniques:  paper based fraud – criminal uses stolen or fake documents, to open an account in someone else’s name.  can be divided into ID theft  Financial fraud  illegal use of lost or stolen card  Modern Techniques:  enable criminals to produce fake or doctored cards.  Skimming process 1. Triangulation 2. Credit Card Generators (From Book)
  • 9. Triangulation Method - aim to create great deal of confusion for the authorities.
  • 10. Main challenges involved in credit card fraud detection are:  Enormous Data is processed every day and the model build must be fast enough to respond to the scam in time.  Imbalanced Data i.e most of the transactions (99.8%) are not fraudulent which makes it really hard for detecting the fraudulent ones  Data availability as the data is mostly private.  Misclassified Data can be another major issue, as not every fraudulent transaction is caught and reported.  Adaptive techniques used against the model by the scammers.
  • 11. Security challenges posed by mobile devices (FROM PPT) Mobility brings two main challenges to cyber security: first, on the hand-held devices, information is being taken outside the physically controlled environment. and Second, remote access back to the protected environment is being granted. The importance of providing employees with remote access and the ability to work from anywhere means that organizations need to implement tools that increase the security of mobile devices. Mobile phone security threats generally include application based, web-based, network-based, physical threats (or challenges) and technical challenges.
  • 12. Security challenges posed by mobile devices 1. Application based threat: Application-based threats happen when people download apps that look legitimate but actually skim data from their device. Even legitimate apps often request more permission than needed to perform their function, which can expose more data than necessary. Examples are spyware and malware that steal personal and business information without people realizing it’s happening. These threats also includes Data Leakage via Malicious Apps (as hackers can easily find an unprotected mobile app and use that unprotected app to design larger attacks or steal data, digital wallets, backend details, and other juicy bits directly from the app) and Zero Day Vulnerabilities (zero-day vulnerabilities that left its devices open for spyware attacks and released a patch to protect users against these vulnerabilities. A software vulnerability discovered by attackers before the vendor has become aware of it. Because the vendors are unaware, no patch exists for zero-day vulnerabilities, making attacks likely to succeed)
  • 13. Security challenges posed by mobile devices 1. Application based threat: Contd…. The best way to protect your organization against data leakage (or App based threats) through malicious or unsecured applications is by using mobile application management (MAM) tools. These tools allow IT admins to manage corporate apps (wipe or control access permissions) on their employees’ devices without disrupting employees’ personal apps or data.
  • 14. Security challenges posed by mobile devices 2. Web based threat: Web-based threats are subtle and tend to go unnoticed. They happen when people visit affected sites that seem fine on the front-end but, in reality, automatically download malicious content onto devices. Examples: Phishing Scams Social Engineering Drive By Downloads Operating System Flaws
  • 15. Security challenges posed by mobile devices 2. Web based threat: Contd… Social Engineering Social engineering attacks are when bad actors send fake emails (phishing attacks) or text messages (smishing attacks) to your employees in an effort to trick them into handing over private information like their passwords or downloading malware onto their devices. Drive By Downloads Drive by download attacks specifically refer to malicious programs that install to your devices — without your consent. This also includes unintentional downloads of any files or bundled software onto a computer device. Operating System Flaws Operating system (OS) vulnerabilities are exposures within an OS that allow cyber attackers to cause damage on any device where the OS is installed. Large numbers of mobile devices are not kept up to date with operating system releases. Out of date operating systems mean devices are vulnerable to security threats that are patched in the later versions. Mobile security requires continuous work to find and patch vulnerabilities that bad actors use to gain unauthorized access to your systems and data.
  • 16. Security challenges posed by mobile devices 2. Web based threat: Contd… Tips to Combat Web based threats  The best defense for phishing and other social engineering attacks is to teach employees how to spot phishing emails and SMS messages that look suspicious and avoid falling prey to them altogether.  Reducing the number of people who have access to sensitive data or systems can also help protect your organization against social engineering attacks because it reduces the number of access points attackers have to gain access to critical systems or information.  Only use your computer’s admin account for program installations. Keep your web browser and operating system up to date. Be wary of keeping too many unnecessary programs and apps. Always avoid websites that may contain malicious code. Carefully read and examine security popups on the web before clicking. Use Ad-Blocker
  • 17. Security challenges posed by mobile devices 3. Network-based threat: Network-based threats are especially common and risky because cybercriminals can steal unencrypted data while people use public WiFi networks. Users often rely on public Wi-Fi to stay connected when they work outside the office. These unsecured Wi-Fi networks can allow malware to be installed on devices or eavesdroppers to intercept data. Public WiFi networks are generally less secure than private networks because there’s no way to know who set the network up, how (or if) it’s secured with encryption, or who is currently accessing it or monitoring it. And as more companies offer remote work options, the public WiFi networks your employees use to access your servers (e.g., from coffee shops or cafes) could present a risk to your organization. For example, cybercriminals often set up WiFi networks that look authentic but are actually a front to capture data that passes through their system (a “man in the middle” attack). Examples: •Network Exploits •WiFi Sniffing •Packet Sniffing •BYOD (Bring Your Own Device)
  • 18. Security challenges posed by mobile devices 3. Network-based threat: Contd…. There’s no single standard for mobile devices, especially when you allow BYOD rather than supplying the devices. Because of the variety of devices and operating systems, it’s difficult to apply controls consistently to ensure the safety of all of them.
  • 19. Security challenges posed by mobile devices 3. Network-based threat: Contd…. Tips to Combat The best way for you to protect your organization against threats over public WiFi networks is by requiring employees to use a VPN to access company systems or files. This will ensure that their session stays private and secure, even if they use a public network to access your systems.
  • 20. Security challenges posed by mobile devices 4. Physical Threats: Physical threats to mobile devices most commonly refer to the loss or theft of a device. Because hackers have direct access to the hardware where private data is stored, this threat is especially dangerous to enterprises. Example - Loss/Theft: Loss or theft is the most unwanted physical threat to the security of your mobile device. Any devices itself has value and can be sold on the secondary market after all your information is stolen and sold. Tips to Combat First and foremost, you’ll want to ensure employees know what steps to take if they lose their device. Since most devices come with remote access to delete or transfer information, that should include asking employees to make sure those services are activated
  • 21. Security challenges posed by mobile devices 5. Technical challenges in mobile security are:  Managing the registry settings and configurations,  Authentication service security,  Cryptography security,  Remote access server (RAS) security, Media player control security, Networking application program interface (API), security etc.
  • 22. Registry Settings for Mobile Devices: Let us understand the issue of registry settings on mobile devices through an example: Microsoft Activesync is meant for synchronization with Windows-powered personal computers (PCs) and Microsoft Outlook. ActiveSync acts as the "gateway between Windows-powered PC and Windows mobile-powered device, enabling the transfer of applications such as Outlook information, Microsoft Office documents, pictures, music, videos and applications from a user's desktop to his/her device. In addition to synchronizing with a PC, ActiveSync can synchronize directly with the Microsoft exchange server so that the users can keep their E-Mails, calendar, notes and contacts updated wirelessly when they are away from their PCs. In this context, registry setting becomes an important issue given the ease with which various applications allow a free flow of information.
  • 23. Authentication Service Security: There are two components of security in mobile computing: 1. security of devices and 2. security in networks. A secure network access involves authentication between the device and the base stations or Web servers. This is to ensure that only authenticated devices can be connected to the network for obtaining the requested services. No Malicious Code can impersonate the service provider to trick the device into doing something it does not mean to. Thus, the networks also play a crucial role in security of mobile devices. Some eminent kinds of attacks to which mobile devices are subjected to are: push attacks, pull attacks and crash attacks. Authentication services security is important given the typical attacks on mobile devices through wireless networks: Dos attacks, traffic analysis, eavesdropping, man-in-the-middle attacks and session hijacking. Security measures in this scenario come from Wireless Application Protocols (WAPs), use of VPNs, media access control (MAC) address filtering and development in 802.xx standards.
  • 24. Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Mobile phones have become an integral part of everbody's life and the mobile phone has transformed from being a luxury to a bare necessity. Increase in the purchasing power and availability of numerous low cost handsets have also lead to an increase in mobile phone users. Theft of mobile phones has risen dramatically over the past few years. Since huge section of working population in India use public transport, major locations where theft occurs are bus stops, railway stations and traffic signals. Attacks on Cell phones increases because of  increasing usage of cell phones and availability of internet using cell phones.  Increasing demand of WiFi zones in Metropolitans & extensive usage of cell phones with the lack of awareness/knowledge about the vulnerabilities of the technology.
  • 25. Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Contd….. The following factors contribute for outbreaks on mobile devices: 1. Enough target terminals: The first Palm OS virus was seen after the number of Palm OS devices reached 15 million. The first instance of a mobile virus was observed during June 2004 when it was discovered that an organization "Ojam" had engineered an antipiracy Trojan virus in older versions of their mobile phone game known as Mosquito. This virus sent SMS text messages to the organization without the users' knowledge.
  • 26. Attacks on Mobile/Cell Phones (Same as Book) 1. Mobile Phone Theft: Contd….. 2. Enough functionality: Mobile devices are increasingly being equipped with office functionality and already carry critical data and applications, which are often protected insufficiently or not at all. The expanded functionality also increases the probability of malware. 3. Enough connectivity: Smartphones offer multiple communication options, such as SMS, MMS, synchronization, Bluetooth, infrared (IR) and WLAN connections. Therefore, unfortunately, the increased amount of freedom also offers more choices for virus writers.
  • 27. Attacks on Mobile/Cell Phones (Same as Book) 2. Mobile Viruses: Mobile Viruses 3. Mishing: Mishing 4. Vishing: Vishing 5. Smishing: Smishing 6. Hacking Bluetooth: Hacking Bluetooth