Computer Security & Risks PDF

Computer Security & Risks Chapter 11 Part 1 2 Outline Computer Forensics Computer Theft Identity theft Malwares DDoS Hacking 3 Overview Computer Security ▫ The protection of computing systems and data from unauthorized access, change or destruction. Computers could be used for either: ▫ Upholding laws  e.g Computer forensics, etc … ▫ Breaking the laws  e.g Viruses, Identity theft, etc … 4 Computer Crime Cybercrime ▫ Any crime using computers or networks  Billion of dollars are lost  Majority are conducted by company insiders  Insider crimes are covered up to avoid embarrassment 5 Computer Crime Cyberstalking ▫ To repeatedly harm or harass people in a deliberate manner on the internet ▫ To help yourself - limit how much personal info you share Cyber bullying ▫ Targeting children and young adults online, involves humiliation, rumors, lies, taunts or threats. ▫ Stop cyberbullying! 6 Cybercrime Intellectual Property Theft ▫ Software Piracy ▫ File sharing of copy righted songs ▫ Illegal duplication and distribution of movies ▫ Plagiarism of copy righted text 7 Cybercrime What is stolen? ▫ Money ▫ Goods ▫ Information ▫ Software Resources Getting sensitive data through: ▫ Spoofing ▫ Identity Theft ▫ Phishing 8 Computer Theft Theft of computer itself ▫ Laptops and Smartphones are often stolen ▫ The software and information on the computer are more valuable than the hardware 9 Social Engineering Spoofing ▫ Trick that target to extract secret information  E.g. Making a phone call and posing as an internet technician, to extract sensitive data especially passwords. Shoulder surfing ▫ Is a type of social engineering technique used to obtain information by looking over the victim's shoulder.  E.g. Passwords and other confidential data 10 Social Engineering Phishing (fishing for sensitive info.) ▫ Is the act of attempting to acquire sensitive information by masquerading as a trustworthy entity in an electronic communication  Sending an email posing as a bank representative and asking to fill a fake bank web form.  Adult sites asking users to reveal credit card numbers to prove age 11 Facebook Phishing Example ▫ URL: fuizuebooks/update/index4.php 12 Email/Whatsapp Phishing Example 13 Identity Theft ▫ Extract personal information to commit a crime in another person identity  National ID  Driving License  Credit card number 14 Identity theft protection ▫ Use separate credit card for online use ▫ Use secure websites (https://) ▫ Don’t disclose personal info on phone ▫ Handle email with care ▫ Copy your cards to get replacement in case stolen ▫ Report Identity theft promptly 15 Software Sabotage Malicious Software ▫ Malware used to disrupt computer operation, gather sensitive information, or gain access to private computer systems  Viruses  Worms  Trojan horses  Spyware  Ransomware 16 Viruses ▫ Are attached to a file/program and spread when files are exchanged via email attachments or flash drives ▫ When the virus program is opened/executed it:  Damages the Operating system  Destroys or steals data  Display annoying pop-up messages ▫ Viruses maybe OS specific but newer types are cross-platform. ▫ Macro viruses: attach themselves to documents containing macros (a set of commands to automate repetitive tasks)  e.g. MS Office files, Melissa virus (1999) 17 18 Worms ▫ They are independent programs ▫ Capable of reproducing themselves ▫ Causes memory freezes ▫ Spreads through the internet slowing it down Famous worm: Code Red (2001)  Didn’t attack PCs, it attacked internet servers running Microsoft Servers 19 Trojan Horse ▫ Disguise themselves as useful programs or apps, but has hidden destructive program (viruses)  Often posted in shareware  Names sound like games or utilities  Act as a backdoor allowing the attacker to control your PC to delete/change/share data  E.g. time bomb – triggered by a date or time-related event 20 Spyware ▫ Gets installed and collects information without user’s knowledge  Called Spybot or Tracking software  Slows down PC performance ▫ Tracks  Keystrokes  Web sites visited  Screen displays 21 Ransomware ▫ Malware that locks your computer and encrypts data in your hard drive. ▫ Demands that you pay a ransom to unblock the files again. How do you get infected? ▫ Open an infected email attachment or malicious link Attackers usually ask you to pay the ransom using digital currencies, such as Bitcoin because it is untraceable 22 Hacking and Electronic Trespassing Hackers ▫ People who break into computer systems or networks unlawfully ▫ Hackers can control computers or steal personal information to commit identity theft 23 Types of Hackers Black-Hat Hacker ▫ Criminals develop new techniques to penetrate systems to gain illegal access or destroy information White Hat Hacker (Ethical Hacker) ▫ Security experts developing new techniques to protect us. ▫ For non-malicious reasons such as to expose/test the system weaknesses. 24 Hacking and Electronic Trespassing Zombie Computers ▫ Internet connected computers that have been hijacked using viruses to perform malicious acts without the knowledge of the owners 25 Hacking and Electronic Trespassing Botnets ▫ Group of software programs called bots  Run automatically on zombie computers  To perform malicious acts without knowledge of the owners 26 Hacking and Electronic Trespassing DDoS: Distributed Denial of Service  bombards servers and web sites with traffic that shuts them down  using thousands of zombie computers (botnets)  Authorized users cannot use their computer

Computer Security & Risks PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue