NIS Microproject
NIS Microproject
NIS Microproject
Micro Project
On
“Computer Security”
Suraj Phirke
Aman Mansuri
Soham more
Dhiraj Mahajan
Deep lad
Pratik Gurav
This is to certify that the micro project entitled “Computer Security” has been
submitted under the guidance of Pratik Gurav in partial fulfillment of the requirement for
the award of Diploma of Engineering in Computer Engineering from Maharashtra State
Board of Technical Education.
“Computer Security ”
GROUP MEMBERS
36.Suraj Phirke
37.Aman Mansuri
38.Soham More
39.Dhiraj Mahajan
40.Deep Lad
PART –B OUTCOMES
1 Brief Description 5-14
2 Course Outcomes Integrated 15
3 Actual Procedure Followed 16
4 Outputs of the Micro-Projects 17
5 Skill Developed 18
Computer Security NIS 22620 , Sem VI
PART-A PLAN
1.0 Brief Introduction
Computer security is the linchpin of our modern digital society, standing as the
sentinel against a myriad of threats that lurk in the vast expanse of cyberspace. In an age
where technology pervades nearly every aspect of our lives, from personal communication
to critical infrastructure, the importance of robust computer security measures cannot be
overstated. This introduction serves as a gateway into the complex and ever-evolving
realm of computer security, delving into its significance, foundational principles, prevalent
threats, and essential mitigation strategies.
• We have to ensure that Gain a foundational comprehension of key computer security concepts,
including encryption, access control, and network security.
• Apply learned concepts to implement practical security measures, such as configuring firewalls,
updating software, and establishing user authentication protocols, to address identified
vulnerabilities.
• Evaluate the effectiveness of implemented security measures and document the process,
outcomes, and lessons learned.
PART-B OUTCOME
Computer security is the linchpin of our modern digital society, standing as the sentinel
against a myriad of threats that lurk in the vast expanse of cyberspace. In an age where
technology pervades nearly every aspect of our lives, from personal communication to
critical infrastructure, the importance of robust computer security measures cannot be
overstated. This introduction serves as a gateway into the complex and ever-evolving
realm of computer security, delving into its significance, foundational principles, prevalent
threats, and essential mitigation strategies.
finance
ial details. Denial of Service (DoS) attacks aim to disrupt legitimate access to services or
resources by overwhelming target systems with an excessive volume of traffic or requests.
Data breaches entail unauthorized access to and disclosure of confidential or sensitive
information, compromising the privacy and security of individuals and organizations.
Insider threats, stemming from malicious actions or negligence by individuals within
organizations, pose significant risks to data security and integrity. Advanced Persistent
Threats (APTs) represent a sophisticated and persistent form of cyber-attack orchestrated
by well-funded adversaries with the intent to infiltrate and exploit specific targets over an
extended period.
In conclusion, computer security stands as the bulwark defending our digital frontier
against a myriad of threats and vulnerabilities. By embracing the fundamental principles of
confidentiality, integrity, availability, authentication, authorization, and non-repudiation,
individuals and organizations can fortify their defenses and navigate the complex
landscape of cybersecurity with confidence. However, the ever-evolving nature of cyber
threats necessitates a proactive and adaptive approach to security, one that is rooted in
continuous education, innovation, and collaboration across the digital ecosystem. As we
traverse the digital landscape, let us remain vigilant in our efforts to safeguard the
integrity, confidentiality, and availability of our digital assets and infrastructure, ensuring
a secure and resilient future for generations to come.
1. Malware:
Viruses: These are programs that
can infect other programs or files by
attaching themselves to them. Once
activated, they can replicate and
spread to other parts of the system.
Trojans: Unlike viruses, Trojans do
not replicate themselves. Instead,
they masquerade as legitimate
software to deceive users into
installing them. Once installed, they
may create a backdoor for attackers
or carry out other malicious
activities.
Worms: Worms are self-replicating
malware that can spread across
networks without user interaction. They exploit vulnerabilities to
automatically propagate and infect connected devices.
2. Phishing:
Phishing attacks involve
fraudulent attempts to
obtain sensitive
information, such as
usernames, passwords, and
credit card details.
Attackers often use
deceptive emails, messages,
or websites that appear
trustworthy to trick users into revealing their confidential
information.
3. Cyber Espionage:
Cyber espionage involves
unauthorized access to
computer systems or networks
with the aim of extracting
sensitive information. State-
sponsored actors,
organizations, or individuals
may engage in these activities
for political, economic, or
strategic reasons.
4. Ransomware:
Ransomware is a type of malicious software that encrypts a user's
files, rendering them inaccessible. Attackers then demand a ransom
payment, usually in cryptocurrency, for the decryption key.
6. Insider Threats:
Insider threats come from individuals
within an organization who misuse their
access to systems or data. This could be
intentional or unintentional, and it may
involve employees, contractors, or other
trusted entities.
7. Social Engineering:
Social engineering
involves manipulating
individuals to disclose
sensitive information or
perform actions that may
compromise security.
Tactics include
impersonation,
pretexting, and baiting to exploit human psychology.
9. Password Attacks:
Password attacks attempt to
gain unauthorized access by
exploiting weak or stolen
passwords. Techniques
include brute force attacks,
where attackers
systematically try all possible
combinations, or password cracking using various methods.
1. Application Security:
Objectives:
Secure Development: Encompasses the integration of security measures into the
software development process to prevent vulnerabilities from arising.
Code Review: Involves regular examinations of application code to identify,
assess, and rectify potential security flaws.
Authentication and Authorization: Ensures robust identity verification and
restricts access based on predefined permissions.
Data Encryption: Utilizes cryptographic techniques to safeguard data, both in
transit and at rest, against unauthorized access.
2. Information Security:
Information security, or infosec, is a multifaceted discipline aimed at safeguarding
sensitive information from unauthorized access, disclosure, alteration, or destruction.
Objectives
• Confidentiality: Protects information from being accessed by unauthorized
individuals or systems.
• Integrity: Ensures the accuracy and trustworthiness of information by preventing
unauthorized alterations.
• Availability: Guarantees that information is accessible and usable when needed,
preventing disruptions or denial of service.
• Data Classification: Involves categorizing information based on its sensitivity and
applying appropriate security controls.
• Access Controls: Manages and restricts access to information based on user roles
and permissions.
:
3. Network Security:
Network security is a comprehensive set of measures designed to protect the
integrity, confidentiality, and availability of data and resources within a network
infrastructure.
Objectives:
• Firewalls: Deployed to monitor, filter, and control incoming and outgoing network
traffic.
• IDPS (Intrusion Detection and Prevention Systems): Identifies and responds to
suspicious activities or potential security breaches.
• VPNs (Virtual Private Networks): Creates secure, encrypted connections over
public networks, ensuring private data transmission.
• Network Segmentation: Divides a network into segments to contain potential
security incidents and limit lateral movement.
• Security Protocols: Enforces secure communication, such as the use of SSL/TLS, to
protect data during transmission.
4. Endpoint Security:
5.0
Skill
Developed