ad

Introduction to Computing

Introduction to Computing

Identity Theft

Impersonation by private information to obtain documents and credit in your name

  • Thief can ‘become’ the victim

Reported incidents rising

Methods of stealing information

  • Shoulder surfing
  • Snagging
  • Dumpster diving
  • Social engineering
  • High-tech methods

Loss of privacy

Personal information is stored electronically

Purchases are stored in a database

  • Data is sold to other companies

Public records on the Internet

Internet use is monitored and logged

  • monitoring activity can be carried out on your computer or a connected server
  • Data about when you visited, what you looked at, and how long you stayed is used by most commercial Web sites “online profiling”

None of these techniques are illegal

Online Spying

Software downloaded to a computer

Designed to record personal information

can track a computer user’s activities and report them to someone else

Typically undesired software

Hides from users

Several programs exist to eliminate

Another common term for spyware is adware,

  • Internet advertising is a common source of spyware

Cookies

Cookies are named after the ‘magic cookie’ a small text file that a Web server asks your browser to place on your computer

Cookie contains information that identifies your computer (its IP address), you (your user name or e-mail address), and information about your visit to the Web site..

Files delivered from a web site

Originally improved a site’s function

Cookies now track history and passwords

Browsers include cookie blocking tools

Web bugs

Small GIF format image file embedded in web page or HTML format e-mail

Behind the tiny image lies code that functions in much the same way as a cookie, allowing the bug’s creator to track many of your online activities.

A bug can record

  • what Web pages you view
  • keywords you type into a search engine
  • personal information you enter in a form on a Web page, and other data.

Because Web bugs are hidden, they are considered by many to be eavesdropping devices

Gets around cookie blocking tools

Companies use to track usage

Blocked with spyware killers

Spam

is Internet “ junk mail.”

Unsolicited commercial email (UCE)

Almost all spam is commercial advertising

Networks and PCs need a spam blocker

  • Stop spam before reaching the inbox

Spammers acquire addresses using many methods

  • Purchasing lists of e-mail addresses through brokers.
  • “Harvesting” e-mail addresses from the Internet.
  • Generating random strings of characters in an attempt to match legitimate addresses

Online Theft, Online Fraud, and Other  Dot Cons

  • Dot Con

–A fraud or scam carried out through the Internet

–The Internet Crime Complaint Center received and  processed more than 24,000 complaints per month in  2012

  • Data or Information Theft

–Theft of data or information located on or being sent from  a computer

–Can occur in several ways

  • Stealing an actual computer or mobile device
  • A hacker gaining unauthorized access
  • Identity Theft

–Using someone else’s identity to purchase goods or  services, obtain new credit cards or bank loans, or illegally  masquerade as that individual

–Information obtained via documents, stolen information,  spyware, etc.

–Expensive and time consuming to recover from

–Millions of Americans have their identity stolen each year

  • Phishing

–Use of spoofed e-mail messages to gain credit card  numbers and other personal data

  • Spear Phishing

–A personalized phishing scheme targeted to specific  individuals

  • Social Media Hacks

–The act of accessing someone else’s social media account  to make changes to the content or to perform an activity  as that individual

  • Pharming

–The use of spoofed domain names to obtain personal  information

–DNS servers are hacked to route requests for legitimate  Web pages to spoofed Web pages (DNS poisoning)

  • Drive-by Pharming

–Hacker changes the victims designated DNS server to the  pharmer’s DNS server

  • Online Auction Fraud

–Occurs when an item purchased through an online auction  is never delivered or the item is not as specified

–Illegal, but as with other types of online fraud, prosecution  is difficult

  • Other Internet Scams

–Loan and pyramid scams

–Work-at-home cons

–Nigerian letter fraud scheme

–Pornographic sites

–Fake job site postings

Threats to Hardware

Affect the operation or reliability

Power-related threats

  • Power fluctuations

▪Power spikes or browns out

  • Power loss
  • Can result in loss of data

Countermeasures

▪Surge suppressors

▪Line conditioners

▪Uninterruptible power supplies

▪Generators

Theft and vandalism

  • Thieves steal the entire computer
  • Accidental or intentional damage
  • Countermeasures

▪Keep the PC in a secure area

▪Lock the computer to a desk

▪Do not eat near the computer

▪Watch equipment

▪Chase away loiterers

▪Handle equipment with care

Unauthorized  Access and Unauthorized Use

  • Unauthorized Access

–Gaining access to a computer, network, file, or other  resource without permission

  • Unauthorized Use

–Using a computer resource for unapproved activities

  • Both can be committed by insiders and outsiders
  • Codes of Conduct

–Used to specify rules for behavior, typically by a  business or school

  • Hacking

–Using a computer to break into another computer

system

  • A serious threat for individuals, businesses, and the country (national security), i.e., cyberterrorism
  • Often performed via wireless networks today

– Many wireless networks are left unsecured

  • War Driving

–Driving around an area to find a Wi-Fi network to access and use without authorization

–Wi-Fi Piggybacking

  • Accessing an unsecured Wi-Fi network from the hacker’s current location without authorization
  • Interception of Communications

–Unsecured messages, files, logon information, etc., can be  intercepted using software designed for that  purpose

–New trend: intercept credit and debit card information  during the card verification process

  • Packetsniffing software
  • Access Control Systems

–Used to control access to facilities, computer networks,  company databases, and Web site accounts

–Identification Systems

  • Verify that the person trying to access the facility or system is an authorized user

–Authentication Systems

  • Determine if the person is who he or she claims to be
  • Possessed Knowledge Access Systems

–Use information that only the authorized user should know

  • Typically passwords
  • Passwords should be strong and changed frequently
  • Typically used in conjunction with usernames

–Disadvantages

  • Passwords can be forgotten
  • If known, password can be used by someone who is not an authorized user

–Cognitive Authentication Systems

  • Use information the individual knows or can easily remember (birthplace, pet names, etc.)
  • Used in many password recovery systems
  • Two-Factor Authentication

–Using two different methods to authenticate users

  • Typically possessed knowledge (password) with either

–Biometric Feature – something you are

–Possessed Object – something you have

  • Hard token – physical object used
  • Soft token – supplies a one-time password (OTP)
  • Controlling Access to Wireless Networks

–In general, Wi-Fi is less secure than wired networks

–Security is usually off by default; wireless networks should be secured

–Wireless network owners should:

  • Change the router’s default password
  • Enable encryption (WPA2 is more secure than WPA)
  • Enable other security features as needed

– Can hide network name (SSID)

Securing a Wireless Home  Router

–Use router’s configuration

screen

–Be sure to change the  access password

–Enter the SSID name, select  the security mode, and  type a secure passphrase

–Can use MAC filtering

  • Firewalls

–A collection of hardware and/or software intended to  protect a computer or computer network from  unauthorized access

–Typically two-way, so they check all incoming (from the  Internet) and outgoing (to the Internet) traffic

–Important for home computers that have a direct Internet  connection, as well as for businesses

–Work by closing down external communications ports

  • Intrusion Prevention System (IPS) Software

–Monitors traffic to try and detect possible attacks

–If an attack is discovered, IPS software can immediately block it

  • Encryption

–Method of scrambling contents of e-mail or files to make

them unreadable if intercepted

–Secure Web pages use encryption

  • SSL and EV SSL

Threats to Hardware

¡Natural disasters

  • Disasters differ by location
  • Typically result in total loss
  • Disaster planning

▪Be aware that a disaster could strike

▪Anticipate it when conditions are right

▪Plan for recovery

▪List potential disasters

▪Plan for all eventualities

▪Practice all plans

Example of natural disaster

floods, lightning storms, snow storms, earthquake, forest fires, failure in building structure, war and terrorism

Threats to Data

  • Data, Program, or Web Site Alteration

–Sabotage occurs when a hacker breaches a computer  system in order to delete/change data or modify programs

–Student changing grades

–Employee performing vengeful acts, such as  deleting or changing corporate data

–Data on Web sites can also be altered

  • Hacking into and changing social networking account contents (Facebook pages, Twitter tweets, etc.)
  • Altering legitimate site to perform malware attacks
  • Mobile Malware

–Can infect smartphones, media tablets, printers, etc.

–Smartphones with Bluetooth are particularly vulnerable to attack

–Mobile threats are expected to continue to increase

  • Denial of Service (DoS) Attacks

–Act of sabotage that attempts to flood a network server or  Web server with so much activity that it is unable to  function

–Distributed DoS Attacks target popular Web sites and use  multiple computers

  • Computer Viruses

–A software program installed without the user’s  knowledge and designed to alter the way a computer  operates or to cause harm to the computer system

–Often embedded in downloaded programs and e-mail  messages (games, videos, music files)

  • Computer Worm

–Malicious program designed to spread rapidly by sending  copies of itself to other computers via a network

–Typically sent as an e-mail attachment

Malware describes viruses, worms, Trojan horse attack applets, and attack scripts.

  • These virulent programs represent the most common threat to your information

Viruses

  • Pieces of a computer program (code) that attach themselves to host programs.
  • Software that distributes and installs itself
  • Ranges from annoying to catastrophic
  • Countermeasures

▪Anti-virus software

▪Popup blockers

▪Do not open unknown email

Categories of Viruses

Bimodal, Bipartite, or Multipartite Viruses

  • Can infect both files and the boot sector of a disk

Time bomb

  • Hides on the victim’s disk and waits until a specific date (or date and time) before running

Logic bomb

  • May be activated by a date, a change to a file, or a particular action taken by a user or a program

Stealth Viruses

  • Take up residence in the computer’s memory, making them hard to detect
  • Can conceal changes they make to other files, hiding the damage from the user and the operating system

Boot Sector Viruses

  • regarded as one of the most hostile types of virus
  • infects the boot sector of a hard or floppy disk
  • This area of the disk stores essential files the computer accesses during startup.
  • moves the boot sector’s data to a different part of the disk.
  • When the computer is started, the virus copies itself into memory where it can hide and infect other disks
  • allows the actual boot sector data to be read as though a normal start-up were occurring

¡Cluster Viruses

  • makes changes to a disk’s file system
  • If any program is run from the infected disk, the program causes the virus to run as well
  • creates the illusion that the virus has infected every program on the disk

E-mail viruses

  • transmitted via email messages sent across private networks or the Internet
  • Some e-mail viruses are transmitted as an infected attachment—a document file or program that is attached to the message

File-Infecting Viruses

  • infects program files on a disk (such as .exe or .com files)
  • When an infected program is launched, the virus’s code is also executed

Macro virus

  • designed to infect a specific type of document file, such as Microsoft Word or Excel files
  • can do various levels of damage to data from corrupting documents to deleting data

Polymorphic, Self-Garbling, Self-Encrypting, or Self-Changing Viruses

  • can change itself each time it is copied, making it difficult to isolate

Threats to Data: Malicious Program

  • Trojan Horse

–Malicious program that masquerades  as something else

–Usually appears to be a game or  utility program

–Cannot replicate themselves; must be

downloaded and  installed

–Rogue antivirus programs (scareware)  are common today

–Ransomware

  • Computer Crime (cybercrime)

–Any illegal act involving a computer, including:

  • Theft of financial assets
  • Manipulating data for personal advantage
  • Act of sabotage (releasing a computer virus, shutting down a Web server)
  • Phishing and Internet scams
  • All computer users should be aware of security concerns and the precautions that can be taken

Categories of Cybercrime

Cyberextortionist is someone who uses e-mail as a vehicle for extortion

  • send an organization a threatening e-mail message indicating they will

▪expose confidential information, exploit a security flaw, or  launch an attack that will compromise the organization’s network — if they are not paid a sum of money

Cyber terrorist is someone who uses the Internet or network to destroy or damage computers for political reasons

  • might target the nation’s air traffic control system, electricity-generating companies, or a telecommunications infrastructure
  • Cyber warfare, describes an attack whose goal ranges from disabling a government’s computer network to crippling a country

Cyber Bullying

  • Children or teenagers bullying other children or teenagers via the Internet

Cyber Stalking

  • Repeated threats or harassing behavior between adults carried out via e-mail or another Internet communication method
  • Protecting Against Data and Information Theft

–Businesses should use good security measures

–Individuals should not give out personal information  (Social Security number, mother’s maiden name, etc.)  unless absolutely necessary

  • Protecting Against Identity Theft, Phishing, and Pharming

–Shred documents containing sensitive data, credit card  offers, etc.

–Order a full credit history on yourself a few times a year to check for accounts listed in your name

–Don’t place sensitive outgoing mail in your mailbox

–Watch bills and credit report to detect identity theft early

–Never click a link in an e-mail message to go to a secure  Web site—always type the URL in the browser instead

–Antiphishing Tools

  • Antiphishing tools built into Web browsers can help warn you of potential phishing sites
  • Some secure sites use additional layers of security to protect against identity thieves
  • Some banks and other financial institutions add an

¡additional step in their logon process

  • Digital Certificate

–Group of electronic data that can be used to verify the  identity of a person or organization

–Obtained from Certificate Authorities

–Typically contains identity information about the person or  organization, an expiration date, and a pair of keys to be  used with encryption and digital signatures

–Are also used with secure Web sites to guarantee that the  site is secure and actually belongs to the stated individual  or organization

  • Can be SSL or EV SSL
  • Digital signatures

–Unique digital codes that can be attached to an e-mail  message or document

–Can be used to verify the identity of the sender

–Can be used to guarantee the message or file has not been  changed since it was signed

–Uses public key encryption

  • Document is signed with the sender’s private key
  • The key and the document create a unique digital signature
  • Signature is verified using the sender’s public key
  • Protecting Against Online Auction Fraud and Other Internet Scams

–Use common sense

–Check online auction seller’s feedback before bidding

–Pay for online purchases via a credit card so transactions  can be disputed if needed

–Use an online payment system

–Take advantage of buyer protection

–Use an escrow service for high-priced items

 

 

 

 

Search within CuiTutorial

Scroll to Top