Computer Security Threats

Questions and Answers

What is the primary function of a firewall in network security?

To backup and recover data

What is the main goal of a phishing attack?

To obtain sensitive information through fraudulent emails or texts

What is the purpose of encryption in data security?

To protect data in transit and at rest

What is a ransomware attack?

A type of malware that encrypts files and demands payment

What is the main goal of an incident response plan?

To respond quickly and effectively to security breaches

What is the purpose of a VPN in network security?

To encrypt internet connections

What is social engineering in the context of computer security?

A type of attack that manipulates individuals into revealing sensitive information

What is the primary goal of a password management strategy?

To use strong, unique passwords for all accounts

Study Notes

Threats to Computer Security

• Malware:
  • Viruses: replicate themselves by attaching to programs or files
  • Worms: self-replicating, do not need to attach to programs or files
  • Trojans: disguise themselves as legitimate software
  • Ransomware: encrypt files and demand payment
• Internal Threats:
  • Insider threats: authorized personnel with malicious intent
  • Social engineering: manipulating individuals to reveal sensitive information
• External Threats:
  • Hacking: unauthorized access to computer systems
  • Phishing: fraudulent emails, texts, or calls to obtain sensitive information
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks

Security Measures

• Network Security:
  • Firewalls: control incoming and outgoing network traffic
  • Virtual Private Networks (VPNs): encrypt internet connections
• Access Control:
  • Authentication: verifying user identity (e.g., passwords, biometrics)
  • Authorization: controlling access to resources based on user identity
• Data Security:
  • Encryption: protecting data in transit and at rest
  • Backup and recovery: ensuring data availability in case of loss

Best Practices

• Password Management:
  • Use strong, unique passwords for all accounts
  • Avoid password reuse and sharing
• Software Updates:
  • Regularly update operating systems, software, and firmware
  • Enable automatic updates when possible
• Safe Browsing:
  • Avoid suspicious emails, links, and attachments
  • Keep antivirus software up to date

Incident Response

• Identification:
  • Monitor systems for signs of security breaches
  • Implement incident response plans
• Containment:
  • Isolate affected systems or networks
  • Prevent further damage
• Eradication:
  • Remove malware or other threats
  • Fix vulnerabilities
• Recovery:
  • Restore systems and data to a known good state
  • Implement additional security measures to prevent future incidents

Threats to Computer Security

• Malware: can replicate themselves and spread to other devices
  • Viruses: attach to programs or files to replicate
  • Worms: self-replicating and do not need to attach to programs or files
  • Trojans: disguise themselves as legitimate software
  • Ransomware: encrypt files and demand payment in exchange for the decryption key
• Internal Threats:
  • Insider threats: authorized personnel with malicious intent, e.g., stealing sensitive data
  • Social engineering: manipulating individuals to reveal sensitive information, e.g., phishing attacks
• External Threats:
  • Hacking: unauthorized access to computer systems, e.g., using stolen passwords
  • Phishing: fraudulent emails, texts, or calls to obtain sensitive information, e.g., login credentials
  • Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks: overwhelming systems with traffic to make them unavailable

Security Measures

• Network Security:
  • Firewalls: control incoming and outgoing network traffic, blocking unauthorized access
  • Virtual Private Networks (VPNs): encrypt internet connections to protect data in transit
• Access Control:
  • Authentication: verifying user identity using passwords, biometrics, or smart cards
  • Authorization: controlling access to resources based on user identity and role
• Data Security:
  • Encryption: protecting data in transit and at rest using algorithms like AES and RSA
  • Backup and recovery: ensuring data availability in case of loss or corruption, using techniques like RAID and backups

Best Practices

• Password Management:
  • Use strong, unique passwords for all accounts, avoiding common words and birthdates
  • Avoid password reuse and sharing, using password managers to generate and store unique passwords
• Software Updates:
  • Regularly update operating systems, software, and firmware to fix vulnerabilities and improve security
  • Enable automatic updates when possible, to ensure timely patching
• Safe Browsing:
  • Avoid suspicious emails, links, and attachments, being cautious of phishing attempts
  • Keep antivirus software up to date, using features like real-time scanning and automatic updates

Incident Response

• Identification:
  • Monitor systems for signs of security breaches, using tools like intrusion detection systems
  • Implement incident response plans, establishing procedures for containment and eradication
• Containment:
  • Isolate affected systems or networks, to prevent further damage
  • Prevent lateral movement, using techniques like network segmentation
• Eradication:
  • Remove malware or other threats, using tools like antivirus software and incident response playbooks
  • Fix vulnerabilities, patching systems and software to prevent re-infection
• Recovery:
  • Restore systems and data to a known good state, using backups and snapshots
  • Implement additional security measures to prevent future incidents, like improving access controls and network segmentation