Chapter 9 Securing Your System PDF

Summary

This document discusses various aspects of computer security, including cybercrime, viruses, and hackers, along with methods for preventing and dealing with them. It covers different types of malware, common cyberattacks, and protective measures such as firewalls and strong passwords. The chapter offers an overview of computer security concepts.

Full Transcript

Chapter 9 Securing your system: Protecting your digital data and devices

Cybercrime and Identity Theft
Cybercrime: any criminal action committed primarily through the use of a computer
Cybercriminals: individuals who use computers, networks, and the internet to commit crime

Common types of cybercrimes:
FBI-Related (pretend to be FBI agent)
Non-Delivery (sells things that do not exist)
Identity theft (stealing bank’s data)
Advanced fee (ask for advanced fee for larger payment in return)
Hacking

Computer Viruses
Virus: a computer program that attaches itself to another computer programs
○ Not limited to computers: smartphones, tablets
Virus require human interaction to spread
Main purpose (theft & damage)
Secondary objectives (network jam)
Source of virus infection/Ways to infect your infect:
○ Downloading videos, audios from unreliable sites
○ Opening email attachments from unknown source

Major Categories of viruses:
Boot-Sector Virus
○ Replicates itself onto drive’s boot
○ Executes when a computers boots up
○ Virus is loaded to memory immediately, even before anti-virus can load
Logic Bomb Virus
○ Triggered when certain logic is met, such as opening a file or starting a program a certain number of
times
Time Bomb Virus
○ Triggered when certain day and time is reached
Worms
○ Don’t require human interaction like opening a attachment or a program (unlike a virus)
○ Use transport methods like e-mail, network connection transmit
○ Much more active in spreading itself
○ Spread on their own
○ Can even attack peripherals, such as router
○ Can generate a lot of a data traffic and slows internet
E-mail Virus
○ Uses address book (contact address) in the victim’s system to spread
○ Triggered by opening an infected attachment
Encryption Viruses
○ Also known as ransomware
○ Encrypts common file types such as word document and make it unusable
○ Sends a message asking to send payment to decrypt the document

Computer viruses: Additional Virus Classification
Viruses can be classified by methods used to avoid detection:
○ Polymorphic viruses: Periodically changes its code, and infect a particular type of file
○ Multipartite viruses: Infects multiple file type in an effort to fool the antivirus software that is looking for it
○ Stealth viruses: Hide in active memory when the hard drive is scanned for viruses
Preventing virus infections
Antivirus software: Detects viruses and protects your computer
○ Must keep your antivirus software up to date
○ To detect new virus, antivirus searches for suspicious virus-like activities
Background antivirus run
○ When CPU is not busy
○ When you are asleep

Understanding Hackers
Hacker: is anyone who unlawfully breaks into a computer
Types of hackers:
○ White-hat or ethical hackers: find vulnerabilities so they can fix them for money
○ Black-hat hackers: destroy in for for illegal gain
○ Grey-hat hackers: Illegally break into systems to flaunt their expertise or to attempt to sell their services
in repairing security breaches.
Trojan horses and rootkits:
○ Appears to be something useful or desirable
○ Installs backdoor programs/rootkits
○ Takes almost control of your computer without your knowledge:
Send email
Run programs
Delete files
○ A computer that a hacker controls is referred to as Zombies
○ Zombies are often used to launch denial-of-service attacks on other computers.
Denial-of-Service Attacks:
○ Use zombies
○ Overload system by generating maybe millions of requests
○ Legitimate users are denied access to a computer system
○ System shuts down
○ Distributed denial-of-service (DDos) attacks (multiple computers used as zombies)
Logical & Physical Ports:
○ Logical ports: Virtual communication gateways that allow a computer requests for information, such as
email, web page downloads, internet access
○ Physical Ports:
You can see and touch, such as USB
Part of computer internal organization

Restricting Access to Your digital assets: Firewalls
Firewall:
○ Hardware, or software
○ You can use to close open logical ports
○ Can make your computer invisible to others
Windows and OS X include reliable firewalls
Security suites include firewall software

Restricting Access to Your digital assets: Creating Passwords
Need strong passwords
Password strength tests
Operating systems have built-in password protection for file and entire desktop

Restricting Access to Your digital assets: Biometric Authentication Devices
Fingerprint
Iris pattern in eye
Voice authentication
Face pattern recognition
Provide high level of security (unique)

Biometric authentication device A device that reads a unique personal characteristic and converts it to a digital code
Managing Online Annoyance Malware: Adware and spyware
Not destructive, but annoying
Come with free games or utility programs
Spyware:
○ Runs in the background
○ Transmits your information (surfing habits for marketing)
○ Tracking cookies (small text file to collect your information)
○ Keystroke logger program monitors keystrokes
Windows defender: Scans for spyware
Recommended to installs one or two additional standalone anti-spyware programs
Many anti spyware packages are available

Spyware an unwanted program that downloads with other software from the internet and runs in the background

Adware:
○ Advertisements as a pop-up box
○ Means of generating revenue
○ Web browsers have built-in pop-up blockers
○ Some pop-ups can be useful

Managing Online Annoyance: Spam
Spam-junk e-mail
Spim-unwanted instant messages
Tactics to minimize spam
○ Spam filter
○ Create email only for on-line purchase

Spim Unsolicited instant messages are also a form of spam

A form of spam Spim

Ways to help avoid spam - Create a free email address
- Spam filters
- Buy third party programs
- Reclassify emails that have been misidentified as spam

Keeping your data safe: Backing up your data
How might I lose data? Three major threats:
○ Unauthorized access
○ Tampering (deleting by accident)
○ Destruction (dropping laptop, fire)

Types of Backups:
○ Incremental (partial): only backs up files that have changed
○ Image (system): Snapshot of your entire computer, including system software

Files to back Up:
○ Program files: installation files for productivity software
○ Data files: Files you create

Where to store backup files:
○ Online (in the cloud)
○ External Hard drives
○ Network-attached storage devices or home server

Backups Copies of files that you can use to replace the originals
Social Engineering: Phishing and Pharming
Social Engineering
○ Techniques that uses social skills to convince people to reveal sensitive info
○ Uses phone calls as a means
○ Uses pretexting to attract attention of their victims
Phishing (uses pretexting): Luring people into revealing sensitive information (credit card,SSN, bank account,
DoB)
Pharming: Malicious code planted on your computer that can redirect your search to illegal site to collect
sensitive info
Scareware
○ Type of malware
○ Attempts to convince you that your computer is infected then directs you to a website where you fake
removal or antivirus tools

Protecting your physical computing assets: Power Surges
Power surges (excess of voltage)
○ Old or faulty wiring
○ Lightning strikes
○ Malfunctions at electric company substantive
Surge protector
○ Replace every 2-3 years
○ Replace if light indicator illuminates
○ Use with all devices that have solid-state components (TV, stereos, printers, smartphones, etc.)

Protecting your physical computing assets: Deterring Theft
Keep devices safe
○ Free software such for laptops that detects movement
○ Software to track location if stolen
Keeping mobile data safe (if stolen)
○ Encryption software that requires a password to read your data