1 / 33

Introduction to Computer Science

Introduction to Computer Science. Security and Privacy. Lecture b.

audreyc
Download Presentation

Introduction to Computer Science

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Computer Science Security and Privacy Lecture b This material (Comp 4 Unit 7) was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number 90WT0001. This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-sa/4.0

  2. Security and PrivacyLearning Objectives - 1 • Define cybercrime and cybersecurity (Lecture a) • List common information technology (IT) security and privacy concerns (Lecture a) • List hardware components that are usually attacked by the hackers (Lecture a) • Explain some of the common methods of attack (Lecture b)

  3. Security and PrivacyLearning Objectives - 2 • Describe common types of malware (Lecture b) • Explain social engineering methods used by cybercriminals (Lecture b) • Describe methods and tools available for protection against cyberattacks (Lecture c) • Describe practices designed to minimize the risk of successful cyberattack (Lecture d)

  4. Security and PrivacyLearning Objectives - 3 • Address specifics of wireless device security (Lecture d) • Explain security and privacy concerns associated with EHRs (Lecture e) • Describe security safeguards used for health care applications (Lecture e) • Provide the basics of ethical behavior online (Lecture e)

  5. Some of the Hackers’ Methods • Packet sniffers can intercept Internet traffic • Internet traffic consists of data “packets”, which can be “sniffed” • Usernames, passwords, sensitive information • Software attacks • e.g. Trojans, Viruses, Worms, Rootkits • Guess at usernames and passwords • Social Engineering • Phishing, hoaxes

  6. Malware - 1 • “Malware, short for malicious software, is any software used to disrupt computer operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising” (Wikipedia, 2016)

  7. Malware - 2 • Types of malware include: Trojan Horses Viruses • Macro Viruses Worms Rootkits Adware Spyware Ransomware Scareware

  8. Trojan Horse - 1 • Name comes from the analogy with the Trojan Horse from Greek mythology • Malware program that is usually disguised as useful and harmless software • User tricked into installing it • Misleading description or ad • Trojan is injected into otherwise legitimate software

  9. Trojan Horse - 2 • Trojan Horse can • Have an immediate or delayed effect • Destroy and/or steal sensitive data • Install other unwanted software • Display unsolicited advertisements • Transmit passwords, key strokes, etc. back to the attacker.

  10. Viruses - 1 • A program that, when executed, replicates itself into • Other computer programs • Operating system files • Data files • Boot sector of the hard drive • Attached drive (external HDD, flash drive, etc.)

  11. Viruses - 2 • Computer can get infected with a virus from: • Another computer in the same network • Infected external drive • Email attachment

  12. Viruses- 3 • A virus can • Reformat your hard drive • Corrupt data • Access private information • Spam your contacts • Log your keystrokes • Consume infected computer’s resources: CPU time or hard disk space

  13. Viruses- 4 • A virus can • Display advertisement and redirect web browsers • In extreme cases, render the computer useless • Majority of viruses target computers running Microsoft Windows • Removal may involve formatting the hard disk and reinstalling the operating system or restoring from a virus-free backup

  14. Macro Viruses - 1 “Macro language is a special-purpose command language used to automate sequences within an application such as a spreadsheet or word processor” www.yourdictionary.com • Microsoft Office applications commonly use macros written in the Visual Basic for Applications (VBA) macro language

  15. Macro Viruses - 2 • Macro viruses target Microsoft Office applications • Written in a macro language such as VBA (Visual Basic for Applications) • Take advantage of MS Office applications allowing for macro programs to be embedded in documents, spreadsheets, or even email • Activated when user opens a file in which the macro virus resides • Don’t even click on email from unknown sender

  16. Worms • Standalone malware program • Uses a computer network to propagate • Install a backdoor on the computer making it a bot – computer under full control of a hacker • Networks of bots referred to as botnets • Commonly used for sending junk email or attacking other computers or websites • May cause significant harm to a network by consuming bandwidth

  17. Backdoor Example (Turkcebilgi, n.d., GNU FDL)

  18. Rootkits - 1 • Malware that actively conceals its actions and presence • Concealment occurs through: • Removing evidence of original attack and activity that led to rootkit installation • Gaining control of the system • Installing additional malicious tools to widen scope of the attack • Hiding files, processes, network connections

  19. Rootkits - 2 • Removal • Can be complicated • May require • Reformatting the hard drive • Reinstalling the operating system • Reinstalling all application software

  20. Adware - 1 • Downloads and displays unsolicited ads • Redirects searches to certain advertising websites • Collects information used for targeted marketing without the user's knowledge • Types and frequency of websites user visits • User’s web searches • Usually downloaded and installed without user’s knowledge

  21. Adware - 2 • Computer can get infected by: • Visiting an infected website • Adware embedded in legitimate applications • Hacker technologies • Adware that operates without user’s consent is considered malicious

  22. Spyware - 1 • Covertly collects information and transmits. • Common targets: • User logins (usernames, passwords) • Bank or credit account information • Email contacts and addresses • Keystrokes (also called keylogger) • User’s surfing habits

  23. Spyware - 2 • Can assert control over a computer • Change computer and software settings • Install additional software • Can result in • Slow Internet connection speed • Unusual web browser behavior

  24. Ransomware - 1 • Restricts access to files by: • Locking the system • Encryption • Attacker demands payment to remove the restriction • User may have to reformat the hard drive and reinstall the operating system and application software

  25. Ransomware - 2 • Some ransomware displays fake warnings from law enforcement claiming: • Computer has been used for illegal activity • Stores inappropriate material, such as pornography • Runs a non-genuine version of Microsoft Windows

  26. Scareware • Pop-up messages claiming computer is infected • The pop-ups cannot be closed • In some cases scareware makes computer files inaccessible • Manipulates users to purchase fake security software – frequently malware (FBI, 2011, PD-US)

  27. Personal Information Attacks - 1 • Phishing – fishing for sensitive information • Attempt to trick user into revealing personal information • Typical phishing email appears asking to login for verification purposes – do NOT respond • Email link brings user to site that looks like real web site of impersonated institution • Remember: no reputable organization will ever ask you to verify your log in credentials

  28. Personal Information Attacks - 2 • Immediately report the phishing attempt to the organization being impersonated • Some email programs move suspicious email to a quarantined Junk folder • Removing email from the Junk folder also takes it out of quarantine

  29. False Information - 1 • Hoax • Attempt to convince user of something false • Usually come in form of an email • IRS “official” notice • Request to send money to facilitate inheritance processing • Request contributions • Exercise common sense • Search for email’s text, include the word hoax

  30. False Information- 2 • Uncloak a hoax • Use trusted Internet sites to detect hoaxes • Snopes.com - http://www.snopes.com/ • Urban Legends Online - http://urbanlegendsonline.com/ • Never forward email chains without verifying their source

  31. Security and PrivacySummary – Lecture b • Explored some of the common methods of attack used by computer hackers • Described common types of malware • Explained some of the social engineering methods used by cybercriminals

  32. Security and PrivacyReferences – Lecture b References Macro language - computer definition. (n.d.). Retrieved July 10, 2016, from http://www.yourdictionary.com/macro-language Malware. (n.d.). In Wikipedia. Retrieved July 10, 2016, from https://en.wikipedia.org/wiki/Malware Images Slide 17: Screenshot of Beast 2.07 malware. (n.d.). Turkcebilgi. Retrieved from https://www.turkcebilgi.com/kötücül_yazılım_(malware) [Turkish]. This file is licensed through the GNU Free Documentation License. Slide 26: Scareware image. (2011, June 22). In ‘Scareware’ Distributors Targeted. Federal Bureau of Investigation.Retrieved April 18, 2016, from https://www.fbi.gov/news/stories/scareware-distributors-targeted.

  33. Introduction to Computer Science Security and PrivacyLecture b This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number 90WT0001.

More Related