590 likes | 601 Views
Learn about common computer security risks, debunk myths, and understand how to protect your computer from hackers and malware.
E N D
Computer Security Risks • What is a computer security risk? • Any event or action that could cause a loss of or damage to a computer system (hardware, software, data, information, or processing capability)
Computer Security Myths • Myth 4: I can protect my PC if I disconnect from the Internet or turn it off when not using it. • Myth 5: Mac & Linux computers are safe from viruses/attacks. • Myth 6: Security threats only come from outside your network or company. • Myth 1: I have anti-virus software so my PC wont get infected. • Myth 2: Anti-virus software protects against spyware. • Myth 3: My network is behind a firewall, I am safe from hackers. • Myth 7: Cellphones and other mobile devices aren’t susceptible to viruses and other security risks.
Computer Security Risks • A cybercrime is an online or Internet-based illegal act. • An example of cybercriminals include:
Computer Security Risks: Hackers • The term hacker was originally used for people that write code (programmers) and other computer enthusiasts. • Later adapted to people that crack the security of computer systems. • Methods of Attack: • Malware • Key-logging • Packet-sniffing • Port-scanning • DoS (denial of service) • Social engineering • Dumpster diving
Computer Security Risks: Malware • What is a Malware? • Short for malicious software. • Software designed for a malicious purpose. • Used to intrude or damage a computer system. • Examples of Malware: • Viruses, Worms, Trojans • Rootkit • Spyware
Attacks: Viruses • Virus • A program that attaches itself to a file. • Spreads to other files, and delivers a destructive action called a payload. • Trojan Horse • Appears to be a harmless program. • When they run, install programs on the computer that can be harmful. • Used to open a backdoor for hackers to gain control of your computer. • Worms • Acts as a free agent, replicating itself numerous times in an effort to overwhelm systems.
Attacks: Spyware • Spyware • A program that is installed on your computer without your knowledge or consent. • Their purpose is to collect information about you. • They can be a pain! • Keep you from visiting certain sites • Very difficult to remove. • Anti-spyware programs indentify and remove spyware programs from your computer. • Adware • A program that displays online advertisements.
Attacks: Viruses • How can a virus spread? • Using infected removable media. • USB flash-drives, CDs/DVDs, floppy disks. • From the Internet. • Downloading an infected file or program. • File sharing networks. • Websites that contain harmful script. • Through email attachments.
Attacks: Viruses • An infected computer has one or more of the following symptoms:
Video: Attack of the Mobile Viruses CLICK TO START
Preventing Virus Attacks • An anti-virus program is software that identifies and removes viruses. • This software looks for a virus signature, which is a specific pattern of virus code. • Also called a virus definition.
Internet and Network Attacks • A denial of service attack (DoS attack) disrupts computer and network communications. • A computer system or network is bombarded with so many requests, such that it cannot handle legitimate requests and eventually renders it useless. • Usually disrupts the computer or network’s access to the Internet. • Distributed DoS (DDoS). • A botnet is a group of compromised computers connected to a network. • A compromised computer is known as a zombie. • A back dooris a program or set of instructions in a program that allow users to bypass security controls. • It is simply a security hole or exploit that allows access to a computer system.
Attacks: Phishing Scam in which a perpetratorsends an official looking e-mail and/or uses a fake website in an attemptto obtain your personal and financial information. What is phishing?
Internet and Network Attacks • Spoofingis a technique used by intruders to make their network or Internet transmission appear legitimated.
Preventing Internet and Network Attacks • A firewall is a security system consisting of hardware and/or software that protects a network and computer from intrusion.
Preventing Internet and Network Attacks • What is a honeypot? • A trap set to detect and counteract network intrusions. • Typically a vulnerable computer that is set up to entice an intruder to break into it. • A honeynet is two or more honeypots setup on a network.
Unauthorized Access and Use • Organizations take several measures to help prevent unauthorized access and use. • Acceptable use policy • User policies and privileges • Firewalls • Intrusion detection software
Unauthorized Access and Use • Makestronger passwords. • Longer passwords provide greater security. • Mix letters (uppercase and lowercase), numbers, and symbols.
Unauthorized Access and Use • A possessed object is any item that you must carry to gain access to a computer or computer facility. • Often are used in combination with a personal identification number(PIN). • Smartcards contain embedded circuitry that allow it to process data. • Provide greater security.
Unauthorized Access • Tips for protecting your computer: • Disable file and printer sharing on Internet connection File and printer sharing turned off
Unauthorized Access and Use • A biometric deviceauthenticates a person’s identity by translating a personal characteristic into a digital code that is compared with a digital code in a computer. • Facial Recognition • Uses mathematical technique to measure the distances between 128 points on the face. • Retinal Scanner • Analyzes the pattern of blood vessels at the back of the eye.
Unauthorized Access and Use • Digital forensicsis the discovery, collection, and analysis of evidence found on computers and networks. • Many areas use digital forensics
Hardware Theft and Vandalism • To help reduce the of chances of theft, companies and schools use a variety of security measures
Software Theft • Software theft occurs when someone:
Software Theft • A single-user license agreementtypically contains the following conditions:
Software Theft • There are some safeguards against software theft:
Information Theft • Information theft occurs when someone steals personal or confidential information. • Financial Information • Banking information, credit cards, e-cash, etc.. • Personal Information • SSN, medical info, occupational info, etc… • Business & Government Information • Top-secret military information • Industrial secrets • Identity Theft is the criminal act of using stolen information about a person to assume that person’s identity. • In 2008, over 10 million people were affected (22% increase over 2007).
Information Theft • What is encryption? • The process of converting readable data (plaintext) into unreadable characters (ciphered text). • A safeguard against information theft. • An encryption key is a mathematical formula used to convert data into ciphered text. • To read the data, the recipient must decipher or decrypt the data.
Information Theft • Example of an encrypted file:
Information Theft • How to encrypt files & folders in Windows Vista & Windows 7: • Right-click the folder or file you want to encrypt, and then click Properties. • Click the Advanced button. • Select the Encrypt contents to secure datacheck box, and then click OK. *** To decrypt the folder, just remove the check from the checkbox.
Information Theft • What is BitLocker Drive Encryption in Windows? • Software used to encrypt an entire hard drive. • Helps keep data safe in the event your computer is lost, stolen, or intruded by a hacker.
Information Theft • How to encrypt files & folders in MAC OS X: • http://docs.info.apple.com/article.html?path=Mac/10.4/en/mh1906.html
Information Theft • A digital signatureis an encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the sender. • Often used to ensure that an impostor is not participating in an Internet transaction. • Used to authenticate the source of messages. • A certificate authority (CA)is a company or organization thatissues and authorizes digital certificates. • These certificates contain a digital signature and the issuing CA.
Information Theft • What is Secure Sockets Layer (SSL)? • Provides encryption for all data that passes between client and Internet server. • Web addresses begin with “https” to indicate secure connections.
Information Privacy What is a cookie? Small file on your computer that contains data about you Some Web sites sell or trade information stored in your cookies Set browser to accept cookies, prompt you to accept cookies, or disable cookies User preferences How regularly you visit Web sites Interests and browsing habits
Information Theft • Are cookies a security risk? • First party cookies • Usually don’t contain information that present a risk to your privacy. • They contain data like your username, preferences, shopping cart products, info about your visit to their website. • The information is only for their website and contains no data about previous websites. • Disabling these may keep you from viewing many websites. • Third part cookies • These contain information that present a risk to your privacy. • They collect information about the websites you visit, web searches, and other private information, which can be sold to companies. • You should disable these!
Surfing Anonymously • Surfing the Web anonymously means your browsing habits and identity is hidden from “snoopers”. • You need to use a Web proxy. • A Web proxy is a Web server or service that acts like a middle-man for all communications between your browser and the websites you visit. • Also called an anonymizer. • Besides hiding your IP address, a good proxy will remove traffic such as cookies, pop-ups, and scripts. • Make sure the proxy you chose uses SSL or TLS security measures for transmitting your information. • Best Commercial Anonymizers: • Anonymizer • Ghostsurf • Free Anonymizer: • The Cloak
Surfing Anonymously • Beware of false protection! • There are several risks involved with using a proxy: • They do not protect you from Internet threats • The proxy may be harvesting your information to provide to companies. • Personal information (usernames, passwords, PINs, etc…) may be leaked or used by the proxy’s administrator for their own malicious purposes.
Information Privacy & Security • Preventing information theft and violations to privacy requires a few security measures. • Use of encryption for important information. • Keep operating system and all programs up-to-date. • Surf the Web anonymously.
System Failure • A system failure is the prolonged malfunction of a computer. • A variety of factors can lead to system failure, including: • Aging hardware. • Natural disasters. • Errors in computer programs. • Electrical power problems • noise – unwanted electrical signals. • undervoltages– a drop is electrical supply. • overvoltages– a significant increase in electrical power.