Cybersecurity Chapter 9: Protecting Your Data

Questions and Answers

Match the following types of cybercrime with their descriptions:

Identity Theft = Stealing personal information to pose as someone else Hacking = Unlawfully breaking into a computer system Advance Fee Fraud = Requesting money upfront for promised goods or services Blackmail = Using threats to obtain money or information

Match the hacker types with their main characteristics:

White-hat Hacker = Breaks into systems for nonmalicious reasons Black-hat Hacker = Breaks into systems for illegal gain Grey-hat Hacker = Flaunts expertise by breaking into systems Script Kiddie = Uses pre-written scripts to hack without deep knowledge

Match the following security programs with their functions:

Packet Analyzer = Monitors data packets on a network Keylogger = Captures all keystrokes made on a computer Backdoor Program = Allows unauthorized access to a computer system Rootkit = Gains administrative control over a computer secretly

Match the following cybercrime complaints with their categories:

FBI-related scams = Fraudulent actions impersonating the FBI Nonauction/non-delivery of merchandise = Fraud involved in e-commerce transactions Child pornography = Illegal exploitation of minors online Computer intrusions = Unauthorized access to computer networks

Match the different types of fraud to their explanations:

Counterfeiting Cards = Creating fake credit or debit cards to steal funds Address Change Requests = Falsely requesting a change to another address Opening Credit Cards = Fraudulently obtaining credit cards in someone else's name Medical Services Fraud = Using someone else's identity to receive medical treatments

Match the terms related to cybercrime with their definitions:

Zombie = A computer controlled by a hacker for malicious purposes Denial-of-service Attack = Overloading a system to deny access to legitimate users Trojan Horse = Malicious program disguised as a legitimate application Data Breach = Unauthorized access to confidential data

Match the descriptions to the types of malware:

Trojan Horse = Appears useful but contains malicious activities Virus = Self-replicating program that attaches to files Worm = A standalone malware that spreads without user action Adware = Displays unwanted advertisements on the user's computer

Match the following types of viruses with their descriptions:

Boot-sector virus = Replicates onto a hard drive's master boot record Logic bomb = Triggered by specific logical conditions Time bomb = Triggered by the passage of time Worm = Spreads independently of host files

Match the following malware types with their characteristics:

Polymorphic virus = Changes its code to avoid detection Multipartite virus = Infects multiple file types Stealth virus = Hides in active memory of the computer Adware = Displays unsponsored advertisements

Match the following DDoS-related terms with their definitions:

DDoS attack = Denial-of-service attack from multiple sources Botnet = Group of software on zombie computers Exploit kit = Searches for vulnerabilities on servers Logical ports = Virtual communications paths

Match the following types of virus distribution with their methods:

E-mail virus = Uses address book to spread Script virus = Executes commands without knowledge Macro virus = Utilizes macro commands in software Ransomware = Compresses files and demands payment for decryption

Match the following malware definitions with their purposes:

Virus = Replicates and attaches to programs Adware = Displays advertisements Ransomware = Seeks payment to decrypt files Worm = Autonomously spreads without host execution

Match the following viruses with their avoidance techniques:

Polymorphic virus = Alters its code frequently Multipartite virus = Infects various file types Stealth virus = Erases its own code temporarily Logic bomb = Depends on conditions for activation

Match the following virus types with their specific behaviors:

Time bomb = Activated on a specific date Boot-sector virus = Targets boot records E-mail virus = Distributes through email contacts Worm = Vigorous self-replication across networks

Match the following terms related to computer security threats:

DDoS = Floods services with requests Botnet = Network of infected machines Exploit kit = Hunts system vulnerabilities Adware = Malware focused on advertising

Match the malware types with their primary features:

Polymorphic virus = Majorly targets specific files Worm = Self-propagates widely Adware = Generates revenue through ads Stealth virus = Disguises its presence from detection

Match the following terms with their definitions:

Spyware = An unwanted program that runs in the background and transmits user information Cookies = Small text files stored on your computer by websites Phishing = A technique to lure users into revealing personal information Firewall = A program designed to protect computers from unauthorized access

Match the following malware types with their descriptions:

Scareware = Malware that convinces users their computer is infected Keystroke logger = Monitors and records keystrokes made by the user Spam = Unwanted or junk email Pharming = Redirects users to fraudulent websites via malicious code

Match the following strategies with their uses:

Using phishing filters = Helps identify and block fraudulent emails Checking with the company = Verifies requests for personal information Installing Internet security software = Protects against various online threats Using a spam filter = Organizes junk emails into a separate folder

Match the following social engineering techniques with their purposes:

Pretexting = Creating a legitimate-sounding scenario to obtain information Phishing = Luring users to provide sensitive information Scareware = Exploiting fear to sell fake antivirus tools Social engineering = Using social skills to manipulate individuals

Match the following security measures with their functions:

Antivirus protection = Defends against malware and viruses Firewall = Blocks unauthorized access to a network Spam filter = Reduces unwanted email in inbox Phishing filter = Alerts users to potential scams in emails

Match the following terms with their primary concerns:

Cookies = Potential invasion of privacy by advertisers Spyware = Tracks and transmits personal information Spam = Overloading email accounts with junk messages Phishing = Risk of identity theft or fraud

Match the following guidelines with their respective actions:

Never reply to emails asking for personal info = Avoids direct interaction with potential phishing scams Use updated Internet security software = Ensures protection against new threats Don’t click on links in suspicious emails = Prevents access to malicious websites Verify the security of a site before sharing info = Protects against data breaches

Match the following computer security concepts with their descriptions:

Tracking cookies = Used by advertisers to monitor user behavior Spam filter = Detects and separates unwanted emails Antivirus software = Scans and removes malware from computers Firewall = Maintains the integrity of a network from attacks

Study Notes

Chapter 9: Securing Your System: Protecting Your Digital Data and Devices

• Cybercrime is any criminal action primarily done through computers.
• Cybercriminals use computers, networks, and the internet to commit crimes.
• Common cybercrime complaints include FBI-related scams, identity theft, non-delivery of merchandise, and advance fee fraud
• Other serious complaints involve computer intrusions, hacking, child pornography, and blackmail.

Identity Theft and Hackers

• Identity theft is when a thief steals personal information to impersonate someone. It's the most financially damaging cybercrime for individuals.
• Types of scams include: counterfeiting credit and debit cards, requesting address changes, opening new credit cards, obtaining medical services, and buying a home.
• Identity theft occurs when a criminal steals personal information, impersonates someone, and uses their information for malicious activities.

Hacking (1 of 4)

• A hacker is someone who unlawfully accesses a computer system.
• Types of hackers include:
  • White-hat hackers (ethical hackers) who legally break into systems to find vulnerabilities and to test security.
  • Black-hat hackers who break into systems for malicious purposes, such as destroying information or engaging in illegal activities.
  • Grey-hat hackers who illegally penetrate systems to display their skills or to offer their services for fixing security breaches.
• Key tools used by hackers include:
  • Packet analyzers (sniffers)
  • Keyloggers
  • A packet analyzer (sniffer) is a program that monitors network traffic.
  • A keylogger records keystrokes made on a computer.

Hacking (2 of 4)

• Trojan horses appear useful but contain malicious code.
• Backdoor programs and rootkits allow hackers to access a computer.
• A Trojan horse is a program that appears benign but secretly performs malicious actions.
• Backdoor programs and rootkits provide unauthorized access to a computer system.

Hacking (3 of 4)

• Zombies are computers controlled by hackers for malicious activities
• Denial-of-service (DoS) attacks use zombies to flood systems with requests, making them unavailable to legitimate users
• Distributed DoS (DDoS) attacks flood a system from multiple zombie computers at the same time causing a bigger attack.
• A botnet is a network of zombie computers.

Hacking (4 of 4)

• Exploit kits are programs that run on servers scanning for vulnerabilities in other systems.
• Logical ports are virtual pathways for computer communication, not physical connections.

Computer Viruses (Basics)

• A virus attaches to a program and replicates by copying its code to other files or programs.
• Secondary objectives of viruses include displaying annoying messages or completely destroying data.
• Smartphones and tablets can be infected with computer viruses.

Types of Viruses (1 of 2)

• Common virus types include boot sector viruses (affects operating system boot-up), logic bombs (executed under certain circumstances), time bombs (executed at particular times), worms (spread independently), script and macro viruses (executed as code), and email viruses (spread through email attachments), and encryption viruses.
• Boot sector viruses infect the master boot record of a hard drive.
• Logic bombs/time bombs are executed based on predetermined conditions or dates.
• Worms spread independently without user interaction.
• Script and macro viruses run as commands to affect files.
• Email viruses utilize email address books to send to more people.
• Encryption viruses hold files hostage by encrypting them and demanding payments.
• Viruses are capable of replicating themselves, damaging the computer, and spreading to other computers.

Types of Viruses (2 of 2)

• Viruses are classified by methods used to evade detection, including:
  • Polymorphic viruses
  • Multi-partite viruses
  • Stealth viruses
• Polymorphic viruses change their code.
• Multipartite viruses infect multiple file types.
• Stealth viruses hide in active memory, making detection difficult.

Online Annoyances (1 of 3)

• Malware is software with malicious intent, including:
  • Adware (displays ads).
  • Spyware (records information).
  • Keystroke loggers (record keystrokes).
• Malware, spyware, and keystroke loggers pose security risks to users.

Online Annoyances (2 of 3)

• Spam is unwanted or junk email.
• Spam filters block unwanted emails.

Online Annoyances (3 of 3)

• Cookies are small text files that websites use to store information about user visits and to help companies manage marketing effectiveness.
• Cookies are not used to steal personal information and they do not harm your computer.

Social Engineering (1 of 3)

• Social engineering is a technique that uses social skills to elicit information from people.
• Pretexting involves creating a scenario or facade to sound legitimate and deceive individuals to reveal sensitive information.

Social Engineering (2 of 3)

• Phishing tries to trick people into revealing personal information using fraudulent means like emails, scams, or messages.
• Pharming utilizes malicious code planted on a computer that collects information.
• Guidelines to avoid schemes include never replying directly to emails requesting personal information, not clicking on links in suspicious emails, never giving personal information over the internet unless absolutely sure of the website, using phishing filters, and utilizing regularly updated security software.

Social Engineering (3 of 3)

• Scareware threatens users by giving the impression that their computer is in danger.
• Users are directed into buying antivirus-removal products or similar services to get rid of the perceived problems.

Restricting Access (1 of 3): Firewalls

• Firewalls are software or hardware that prevent unauthorized access to computer systems by hackers.
• Windows and macOS come with firewalls.
• A firewall is a program that prevents hacker intrusions.

Restricting Access (2 of 3): Firewalls

• Security suites often include firewall software.
• Antivirus software packages frequently incorporate firewalls.

Restricting Access (3 of 3): Firewalls

• Packet filtering filters data packets based on their destinations.
• Logical port blocking blocks connections to specific ports.
• Network address translation assigns internal IP addresses to computers on a network.

Preventing Virus Infections (1 of 3): Antivirus Software

• Antivirus software identifies and prevents viruses.
• Popular programs include Symantec, Trend Micro, and Avast.

Preventing Virus Infections (2 of 3)

• Virus signatures are unique parts of a virus that antivirus software identifies
• Quarantine is a secure location for malicious files to prevent further spread
• Inoculation records attributes of computer files to recognize potential threats.

Preventing Virus Infections (3 of 3): Drive-by Downloads

• Drive-by downloads exploit system weaknesses to install malware onto a computer without user action.
• Keeping operating systems updated is important to prevent drive-by downloads.

Authentication (1 of 2): Passwords and Biometrics

• Strong passwords should include at least eight characters with uppercase, lowercase, numeric, and symbol combinations.
• Creating a strong password is imperative to protect against hacker intrusion.

Authentication (2 of 2): Passwords and Biometrics

• Biometric authentication devices utilize unique biological characteristics (fingerprints, iris patterns, voice, or facial features) for security.
• Biometric devices enhance security by reducing the chances of unauthorized access.

Description

Chapter 9 focuses on the critical aspects of cybersecurity, including the various forms of cybercrime such as identity theft and hacking. Understanding these threats is essential for safeguarding your digital data and devices. Equip yourself with knowledge to protect against cybercriminals and ensure a secure online experience.