0% found this document useful (0 votes)
27 views21 pages

NIS Microproject

Download as docx, pdf, or txt
Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1/ 21

A

Micro Project
On

“Computer Security”

Submitted in partial fulfillment of the requirement for the award of


Diploma of Engineering
in
Computer Engineering
By

Suraj Phirke
Aman Mansuri
Soham more
Dhiraj Mahajan
Deep lad

under the guidance of

Pratik Gurav

Department of Computer Engineering


2023 - 2024
CERTIFICATE

VIVA COLLEGE OF DIPLOMA ENGINEERING & TECHNOLOGY


VIRAR (W)
2023-24

This is to certify that the micro project entitled “Computer Security” has been
submitted under the guidance of Pratik Gurav in partial fulfillment of the requirement for
the award of Diploma of Engineering in Computer Engineering from Maharashtra State
Board of Technical Education.

“Computer Security ”
GROUP MEMBERS

36.Suraj Phirke
37.Aman Mansuri
38.Soham More
39.Dhiraj Mahajan
40.Deep Lad

Project Guide H.O. D


Prof. Pratik Gurav Prof. Poonam Jadhav
INDEX

Sr. Name of the Page


No. topic no.
PART –A PLAN
1 Brief Introduction 1
2 Aim of the Micro-Project 2
3 Action Plan 3
4 Resources Required 4

PART –B OUTCOMES
1 Brief Description 5-14
2 Course Outcomes Integrated 15
3 Actual Procedure Followed 16
4 Outputs of the Micro-Projects 17
5 Skill Developed 18
Computer Security NIS 22620 , Sem VI

PART-A PLAN
1.0 Brief Introduction

Computer security is the linchpin of our modern digital society, standing as the
sentinel against a myriad of threats that lurk in the vast expanse of cyberspace. In an age
where technology pervades nearly every aspect of our lives, from personal communication
to critical infrastructure, the importance of robust computer security measures cannot be
overstated. This introduction serves as a gateway into the complex and ever-evolving
realm of computer security, delving into its significance, foundational principles, prevalent
threats, and essential mitigation strategies.

At its essence, computer security is the amalgamation of practices, technologies, and


protocols aimed at safeguarding digital systems, networks, and data from unauthorized
access, manipulation, or destruction. Its significance extends far beyond mere protection
of personal information; it encompasses the resilience of financial transactions, the
integrity of intellectual property, and the stability of national security. In essence, it serves
as the bedrock upon which our digital infrastructure rests, ensuring the confidentiality,
integrity, and availability of information assets.

Fundamentally, computer security is underpinned by a set of core principles.


Confidentiality dictates that sensitive information should only be accessible to authorized
entities, ensuring privacy and preventing unauthorized disclosure. Integrity mandates that
data and systems remain accurate, reliable, and unaltered by unauthorized parties,
maintaining trust and reliability in digital transactions and communications. Availability
ensures that resources and services are accessible to authorized users whenever needed,
despite potential disruptions or attacks. Authentication verifies the identities of users or
systems seeking access to resources, while authorization determines the permissions and
privileges granted to authenticated entities. Non-repudiation holds individuals accountable
for their actions in the digital realm, preventing them from denying their involvement in
transactions or communications.

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 1


Computer Security NIS 22620 , Sem VI

2.0 AIM of Micro-Project

• We have to ensure that Gain a foundational comprehension of key computer security concepts,
including encryption, access control, and network security.

• Learn to identify potential security vulnerabilities in a small-scale computing environment,


emphasizing hands-on practice in recognizing and assessing risks.

• Apply learned concepts to implement practical security measures, such as configuring firewalls,
updating software, and establishing user authentication protocols, to address identified
vulnerabilities.

• Evaluate the effectiveness of implemented security measures and document the process,
outcomes, and lessons learned.

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 2


Computer Security NIS 22620 , Sem VI

3.0 Action Plan

Sr. Details of Activity Planned Planned Name of Responsible


No Start Finish Team Members
Date Date

1 Project selection 8/1/24 15/1/24 Suraj Phirke ,Aman


Mansuri ,Soham More , Dhiraj
Mahajan ,Deep Lad .
2 Identifying project 15/1/24 29/1/24 Suraj Phirke ,Aman
outcomes Mansuri ,Soham More ,
Dhiraj Mahajan ,Deep Lad
3 Identifying resources 29/1/24 5/2/24 Suraj Phirke ,Aman
required Mansuri ,Soham More ,
Dhiraj Mahajan ,Deep Lad
4 Implementation of project 19/2/24 26/2/24 Suraj Phirke ,Aman
Mansuri ,Soham
More , Dhiraj
Mahajan ,Deep Lad
5 Final outcome 26/3/24 4/3/24 Suraj Phirke ,Aman
Mansuri ,Soham More ,
Dhiraj Mahajan ,Deep Lad
6 Documentation 11/3/24 18/3/24 Suraj Phirke ,Aman
Mansuri ,Soham More ,
Dhiraj Mahajan ,Deep Lad

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 3


Computer Security NIS 22620 , Sem VI

4.0 Resources Required

Sr. Name of Specification Remarks


No Resource
1 Computer HP processor-Intel
System (R)Core (TM) is
9400T
CPU@1.80GHZ
Ram 8 GB
2 Software Microsoft word 2021
Package

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 4


Computer Security NIS 22620 , Sem VI

PART-B OUTCOME

1.0 Brief Description

Computer security is the linchpin of our modern digital society, standing as the sentinel
against a myriad of threats that lurk in the vast expanse of cyberspace. In an age where
technology pervades nearly every aspect of our lives, from personal communication to
critical infrastructure, the importance of robust computer security measures cannot be
overstated. This introduction serves as a gateway into the complex and ever-evolving
realm of computer security, delving into its significance, foundational principles, prevalent
threats, and essential mitigation strategies.

At its essence, computer security is the amalgamation of practices, technologies, and


protocols aimed at safeguarding digital systems, networks, and data from unauthorized
access, manipulation, or destruction. Its significance extends far beyond mere protection
of personal information; it encompasses the resilience of financial transactions, the
integrity of intellectual property, and the stability of national security. In essence, it serves
as the bedrock upon which our digital infrastructure rests, ensuring the confidentiality,
integrity, and availability of information assets.

Fundamentally, computer security is underpinned by a set of core principles.


Confidentiality dictates that sensitive information should only be accessible to authorized
entities, ensuring privacy and preventing unauthorized disclosure. Integrity mandates that
data and systems remain accurate, reliable, and unaltered by unauthorized parties,
maintaining trust and reliability in digital transactions and communications. Availability
ensures that resources and services are accessible to authorized users whenever needed,
despite potential disruptions or attacks. Authentication verifies the identities of users or
systems seeking access to resources, while authorization determines the permissions and
privileges granted to authenticated entities. Non-repudiation holds individuals accountable
for their actions in the digital realm, preventing them from denying their involvement in
transactions or communications.
Despite the robustness of these principles, the digital landscape is rife with an array of
threats, ranging from simple malware to sophisticated nation-state cyber-attacks.
Malicious software, or malware, represents a pervasive threat, encompassing viruses,
worms, Trojans, and ransomware, each designed to infiltrate, disrupt, or compromise
digital systems and data. Phishing attacks prey on human vulnerabilities, employing
deceptive tactics to trick users into divulging sensitive information such as passwords or

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 5


Computer Security NIS 22620 , Sem VI

finance
ial details. Denial of Service (DoS) attacks aim to disrupt legitimate access to services or
resources by overwhelming target systems with an excessive volume of traffic or requests.
Data breaches entail unauthorized access to and disclosure of confidential or sensitive
information, compromising the privacy and security of individuals and organizations.
Insider threats, stemming from malicious actions or negligence by individuals within
organizations, pose significant risks to data security and integrity. Advanced Persistent
Threats (APTs) represent a sophisticated and persistent form of cyber-attack orchestrated
by well-funded adversaries with the intent to infiltrate and exploit specific targets over an
extended period.

Mitigating these threats requires a multifaceted approach, combining technical,


procedural, and educational measures. Strong access controls, such as robust
authentication mechanisms and role-based access policies, restrict unauthorized access to
sensitive resources, reducing the attack surface for potential adversaries. Regular software
updates and patch management practices ensure that known vulnerabilities are promptly
addressed, minimizing the risk of exploitation by attackers. Data encryption techniques
protect sensitive information at rest and in transit, safeguarding it from unauthorized
access or interception. Network segmentation divides networks into distinct zones or
segments, containing security incidents and limiting lateral movement by attackers.
Security awareness training educates users about common threats, social engineering
tactics, and best practices for maintaining good cyber hygiene, reducing the likelihood of
falling victim to attacks. Incident response planning involves developing and regularly
testing protocols for detecting, containing, and recovering from security breaches or cyber-
attacks in a timely manner, minimizing their impact on operations and data assets.

In conclusion, computer security stands as the bulwark defending our digital frontier
against a myriad of threats and vulnerabilities. By embracing the fundamental principles of
confidentiality, integrity, availability, authentication, authorization, and non-repudiation,
individuals and organizations can fortify their defenses and navigate the complex
landscape of cybersecurity with confidence. However, the ever-evolving nature of cyber
threats necessitates a proactive and adaptive approach to security, one that is rooted in
continuous education, innovation, and collaboration across the digital ecosystem. As we
traverse the digital landscape, let us remain vigilant in our efforts to safeguard the
integrity, confidentiality, and availability of our digital assets and infrastructure, ensuring
a secure and resilient future for generations to come.

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 6


Computer Security NIS 22620 , Sem VI

What are the Threats of computer Security?

1. Malware:
 Viruses: These are programs that
can infect other programs or files by
attaching themselves to them. Once
activated, they can replicate and
spread to other parts of the system.
 Trojans: Unlike viruses, Trojans do
not replicate themselves. Instead,
they masquerade as legitimate
software to deceive users into
installing them. Once installed, they
may create a backdoor for attackers
or carry out other malicious
activities.
 Worms: Worms are self-replicating
malware that can spread across
networks without user interaction. They exploit vulnerabilities to
automatically propagate and infect connected devices.

2. Phishing:
 Phishing attacks involve
fraudulent attempts to
obtain sensitive
information, such as
usernames, passwords, and
credit card details.
Attackers often use
deceptive emails, messages,
or websites that appear
trustworthy to trick users into revealing their confidential
information.

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 7


Computer Security NIS 22620 , Sem VI

3. Cyber Espionage:
 Cyber espionage involves
unauthorized access to
computer systems or networks
with the aim of extracting
sensitive information. State-
sponsored actors,
organizations, or individuals
may engage in these activities
for political, economic, or
strategic reasons.

4. Ransomware:
 Ransomware is a type of malicious software that encrypts a user's
files, rendering them inaccessible. Attackers then demand a ransom
payment, usually in cryptocurrency, for the decryption key.

5. Denial of Service (DoS) and


Distributed Denial of Service
(DDoS) Attacks:
 DoS attacks flood a
system, network, or
website with excessive
traffic, overwhelming its
capacity and making it
unavailable for legitimate users. DDoS attacks involve multiple
sources, making them more challenging to mitigate.

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 8


Computer Security NIS 22620 , Sem VI

6. Insider Threats:
 Insider threats come from individuals
within an organization who misuse their
access to systems or data. This could be
intentional or unintentional, and it may
involve employees, contractors, or other
trusted entities.

7. Social Engineering:
 Social engineering
involves manipulating
individuals to disclose
sensitive information or
perform actions that may
compromise security.
Tactics include
impersonation,
pretexting, and baiting to exploit human psychology.

8. Unpatched Software and


Vulnerabilities:
 Exploiting unpatched software or
vulnerabilities involves taking
advantage of weaknesses in
programs, operating systems, or
applications that have not been
updated with the latest security
patches. Attackers can use these
vulnerabilities to gain unauthorized access.

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 9


Computer Security NIS 22620 , Sem VI

9. Password Attacks:
 Password attacks attempt to
gain unauthorized access by
exploiting weak or stolen
passwords. Techniques
include brute force attacks,
where attackers
systematically try all possible
combinations, or password cracking using various methods.

10. Physical Attacks:


 Physical attacks involve
direct harm to computer
systems, servers, or
networking infrastructure.
This can include theft,
destruction, or tampering
with hardware to compromise the security of information.

11. Man-in-the-Middle (MitM) Attacks:


 In MitM attacks, an
unauthorized party intercepts
and potentially alters
communication between two
parties without their
knowledge. This allows the
attacker to eavesdrop on

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 10


Computer Security NIS 22620 , Sem VI

sensitive information or manipulate data.



 why is computer security important:

1. To Protect Personal Information


To prevent from cyber security risk you have to protect your personal information. IT
security is the first prime issue to protect your personal and others information. By the
way you can keep your information secure using the following
tips:
● Use antivirus Software
● Update operating system
● Use strong password
● Backup your data
● Lock your computer
● Avoid Phishing Emails
● protect your personal information

2. To Protect Organization Properties


It is very important to ensure the organization’s computer data because every
organization has many sensitive assets and information. So, without computer or IT
security you can’t guarantee the security of organization properties.

3. To Prevention From Data Theft


Data theft is act of stealing sensitive information such as bank account details, credit
card information, passwords, and documents which stored on computers, servers, or
other devices. The most common reasons of data breaches are as follows:
● Weak and stolen credentials
● Malicious insiders
● Application vulnerabilities
● Human Error
So, prevent from data theft you have to ensure your
device security by using endpoint security, lock down your
computer, Identify critical data and use authentication.

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 11


Computer Security NIS 22620 , Sem VI

4. To Prevent From Viruses Andmalware


Computer security is also important to protect from computer viruses and
malware’s.
A computer virus or malware can corrupt or delete your sensitive data, damage your
hard disk and it spreads from one computer to another using email program and
others. So, you have to protect your computer from viruses and malware using
following these
tips:● Keep your software up to date
● Use free antivirus software
● Use a strong password
● Don’t click on links within emails
● Back up your computer
● Use a pop-up blocker

 Types of Computer Security:

1. Application Security:

Application security is a comprehensive approach that aims to protect software


applications throughout their entire development lifecycle, from design and coding to
deployment and maintenance.

Objectives:
 Secure Development: Encompasses the integration of security measures into the
software development process to prevent vulnerabilities from arising.
 Code Review: Involves regular examinations of application code to identify,
assess, and rectify potential security flaws.
 Authentication and Authorization: Ensures robust identity verification and
restricts access based on predefined permissions.
 Data Encryption: Utilizes cryptographic techniques to safeguard data, both in
transit and at rest, against unauthorized access.

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 12


Computer Security NIS 22620 , Sem VI

 Input Validation: Verifies and sanitizes user inputs to mitigate common


vulnerabilities like SQL injection and cross-site scripting (XSS).

2. Information Security:
Information security, or infosec, is a multifaceted discipline aimed at safeguarding
sensitive information from unauthorized access, disclosure, alteration, or destruction.

Objectives
• Confidentiality: Protects information from being accessed by unauthorized
individuals or systems.
• Integrity: Ensures the accuracy and trustworthiness of information by preventing
unauthorized alterations.
• Availability: Guarantees that information is accessible and usable when needed,
preventing disruptions or denial of service.
• Data Classification: Involves categorizing information based on its sensitivity and
applying appropriate security controls.
• Access Controls: Manages and restricts access to information based on user roles
and permissions.
:
3. Network Security:
Network security is a comprehensive set of measures designed to protect the
integrity, confidentiality, and availability of data and resources within a network
infrastructure.

Objectives:
• Firewalls: Deployed to monitor, filter, and control incoming and outgoing network
traffic.
• IDPS (Intrusion Detection and Prevention Systems): Identifies and responds to
suspicious activities or potential security breaches.
• VPNs (Virtual Private Networks): Creates secure, encrypted connections over
public networks, ensuring private data transmission.
• Network Segmentation: Divides a network into segments to contain potential
security incidents and limit lateral movement.
• Security Protocols: Enforces secure communication, such as the use of SSL/TLS, to
protect data during transmission.

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 13


Computer Security NIS 22620 , Sem VI

4. Endpoint Security:

Endpoint security concentrates on securing individual devices, including


computers, smartphones, and servers, from various cyber threats.
Objectives:
 Antivirus/Anti-Malware: Detects, blocks, and removes malicious software to protect
endpoints.
 Device Encryption: Safeguards data on endpoints by encrypting it, preventing
unauthorized access.
 Patch Management: Ensures that software and operating systems are updated with
the latest security patches to address vulnerabilities.
 Device Control: Manages and controls the use of external devices (e.g., USB drives)
to prevent data breaches.
 EDR (Endpoint Detection and Response): Monitors and responds to security
incidents at the endpoint level, enhancing threat visibility and remediation
capabilities.
5. Internet Security:
Definition: Internet security is a set of practices and measures designed to protect
systems, data, and users while connected to the internet.
Objectives:
 Secure Browsing: Ensures safe internet navigation by utilizing secure protocols like
HTTPS.
 Email Security: Implements measures to detect and prevent email-based threats,
including phishing and malware.
 Web Application Security: Safeguards web applications from common
vulnerabilities, such as SQL injection and cross-site scripting (XSS).
 Online Identity Protection: Utilizes measures like multi-factor authentication to
enhance the security of user identities.
 Secure Wi-Fi: Secures wireless networks to prevent unauthorized access and
eavesdropping on data transmissions.

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 14


Computer Security NIS 22620 , Sem VI

2.0 Course Outcomes (CO)

a) Identify risks related to Computer Security .

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 15


Computer Security NIS 22620 , Sem VI

3.0 Actual Procedure Followed

1. Determined the specific purpose or goal of gathering information about the


Computer
Security
2. Clearly define the scope of research.
3. Identified reputable sources of information.
4. Started with textbooks and educational resources related to Computer Security.
5. Utilized online resources such as websites, blogs, forums, and educational platforms.
6. Looked for online tutorials, video lectures, and courses on platforms.
7. Assessed the credibility and reliability of the information you find.

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 16


Computer Security NIS 22620 , Sem VI

4.0 Outputs of Micro-Projects

 How to keep your computer safe :

Prevention of computer security:

5.0
Skill

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 17


Computer Security NIS 22620 , Sem VI

Developed

Therefor we learned that we have completed this web quest on Computer


Security we are now aware of the possible security treats to computer systems. Not only
that, but we are now better able to protect your computers as well as recommend security
measures to others.

VIVA COLLEGE OF DIPLOMA ENGG & TECH, COMPUTER ENGG 18

You might also like