- Define the term, computer security risks, and briefly describe the types of cybercrime perpetrators
- Describe various types of Internet and network attacks, and identify ways to safeguard against these attacks
- Discuss techniques to prevent unauthorized computer access and use
- Identify safeguards against hardware theft and vandalism
- Explain the ways software manufacturers protect against software piracy
- Discuss how encryption works, and explain why it is necessary
- Discuss the types of devices available that protect computers from system failure
- Explain the options available for backing up computer resources
- Identify risks and safeguards associated with wireless communications
- Recognize issues related to information accuracy, intellectual property rights, codes of conduct, and green computing
- Discuss issues surrounding information privacy
- A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability
- A cybercrime is an online or Internet-based illegal act
- Hackers
- Crackers
- Script Kiddies
- Corporate Spies
- nethical Employees
- Cyberextortionists
- Cyberterrorists
Internet and Network Attacks
- Information transmitted over networks has a higher degree of security risk than information kept on an organization’s premises
- An online security service is a Web site that evaluates your computer to check for Internet and e-mail vulnerabilities
- Computer Virus-Affects a computer negatively by altering the way the computer works
- Worm-Copies itself repeatedly, using up resources and possibly shutting down the computer or network
- Trojan Horse-A malicious program that hides within or looks like a legitimate program
- Rootkit-Program that hides in a computer and allows someone from a remote location to take full control
- Users can take several precautions to protect their home and work computers and mobile devices from these malicious infections
- A botnet is a group of compromised computers connected to a network
- A denial of service attack (DoS attack) disrupts computer access to Internet services
- A back door is a program or set of instructions in a program that allow users to bypass security controls
- Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate
- A firewall is hardware and/or software that protects a network’s resources from intrusion
- Intrusion detection software-Analyzes all network traffic, Assesses system vulnerabilities, Identifies any unauthorized intrusions, Notifies network administrators of suspicious behavior patterns or system breaches
- Honeypot-Vulnerable computer that is set up to entice an intruder to break into it
Unauthorized Access and Use
- Organizations take several measures to help prevent unauthorized access and use-Acceptable use policy, Disable file and printer sharing, Firewalls, Intrusion detection software
- Access controls define who can access a computer, when they can access it, and what actions they can take-Two-phase processes called identification and authentication, User name, Password, Passphrase, CAPTCHA
- A possessed object is any item that you must carry to gain access to a computer or computer facility-Often are used in combination with a personal identification number (PIN)
- A biometric device authenticates a person’s identity by translating a personal characteristic into a digital code that is compared with a digital code in a computer
- Digital forensics is the discovery, collection, and analysis of evidence found on computers and networks
- Many areas use digital forensics-Law enforcement, Criminal prosecutors, Military intelligence, Insurance agencies, Information security departments
Hardware Theft and Vandalism
- Hardware theft is the act of stealing computer equipment
- Hardware vandalism is the act of defacing or destroying computer equipment
- To help reduce the of chances of theft, companies and schools use a variety of security measures-Physical access controls, Alarm systems, Cables to lock equipment, Real time location system, Passwords, possessed objects, and biometrics
Software Theft
- Software theft occurs when someone:-Steals software media, Intentionally erases programs, Illegally copies a program, Illegally registers and/or activates a program
- Permitted to Install the software on one computer, Make one copy of the software or Remove the software from your computer before giving it away or selling it
- Not permitted to Install the software on a network, Give copies to friends or colleagues while continuing to use the software, Export the software, Rent or lease the software
- Copying, loaning, borrowing, renting, or distributing software can be a violation of copyright law
- Some software requires product activation to function fully
Information Theft
- Information theft occurs when someone steals personal or confidential information
- Encryption is a process of converting readable data into unreadable characters to prevent unauthorized access
- A digital signature is an encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the sender Often used to ensure that an impostor is not participating in an Internet transaction
- Web browsers and Web sites use encryption techniques
- Popular security techniques include Digital Certificates, Transport Layer Security (TLS), Secure HTTP, VPN
- A system failure is the prolonged malfunction of a computer
- A variety of factors can lead to system failure, including Aging hardware, Natural disasters, Electrical power problems, Errors in computer programs
- Two ways to protect from system failures caused by electrical power variations include surge protectors and uninterruptable power supplies (UPS)
- A backup is a duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed To back up a file means to make a copy of it
- Offsite backups are stored in a location separate from the computer site
- Two categories of backups: Full backup, Selective backup
No comments:
Post a Comment