l1. Define the term, computer security risks, and briefly describe the types
of cybercrime perpetrators: hacker, cracker, script kiddie, corporate spy,
unethical employee, cyberextortionist, and cyberterrorist.
of cybercrime perpetrators: hacker, cracker, script kiddie, corporate spy,
unethical employee, cyberextortionist, and cyberterrorist.
Computer security is a branch of computer technology known as Information Security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users.
Types of Cybercrime Perpetrators
- Hacker refers to a computer programmer who is able to create usable computer programs where none previously existed.
- Cracker is a variation of hacker, with the analogy equal to a safe cracker. Some individuals use the term cracker in an attempt to differentiate from the honorable computer programmer definition of hacker.
- Script kiddy is an individual who executes computer scripts and programs written by others. Their motive is to hack a computer by using someone else’s software.
- Corporate Spy - have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information.
- Unethical employee - break into their employers' computer for a variety of reasons. Some simply want to exploit security weakness.
- Cyberextortionist - is someone who uses e-mail as a vehicle for extortion. These perpetrator s send an organization a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack that will compromise the organization s network - if they are not paid of a sum of money.
- Cyber-terrorist - a programmer who breaks into computer systems in order to steal or change or destroy information as a form of cyber-terrorism
2. Describe various types of Internet and network attacks (computer viruses,
worms, Trojan horses, rootkits, botnets, denial of service attacks, back
doors, and spoofing), and identify ways to safeguard against these attacks,
including firewalls, intrusion detection software, and honeypots.
Types of attack
Most attacks are actually performed by automated tools that such people release on the Internet.
- Virus
A virus attempts to install itself on a user's system and to spread directly to other files on that system with the aim that these infected files will be transferred to another machine. A virus relies on users to spread by sharing infected files either directly or via email. Once launched, a virus is completely independent of its creator.
- Worm
A worm is very similar to a virus. The key difference is that a worm attempts to propagate itself without any user involvement. It typically scans other computers for vulnerabilities which it is designed to exploit. When such a machine is identified, the worm will attack that machine, copying over its files and installing itself, so that the process can continue.
- Trojan
Trojans take their name from the trojan horse of Greek mythology.
Computer trojans work in the same way. A game, screen saver or cracked piece of commercial software is given to a victim. The software may appear to work as normal, but its real purpose is to deliver a payload, such as a virus or a root kit.
Computer trojans work in the same way. A game, screen saver or cracked piece of commercial software is given to a victim. The software may appear to work as normal, but its real purpose is to deliver a payload, such as a virus or a root kit.
- Root Kit
A root kit is a piece of software that once installed on a victim's machine opens up a port to allow a hacker to communicate with it and take full control of the system. Root kits are also known as back doors. Some root kits give a hacker even more control of a machine than a victim may have themselves.
The Sub Seven root kit allows an attacker to turn off a victim's monitor, move the mouse and even turn on an installed web cam and watch the victim without their knowledge.
· Botnets are exploited for various purposes and are controlled via protocols.
- A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.
Safeguards:
1. Do not start a computer with removable media in the drives or ports.
2. Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source.
3. Disable macros in documents that are not from a trusted source.
4. Install an antivirus program and a personal firewall.
5. Stay informed about any new virus alert or virus hoax.
6. To defend against a botnet, a denial of service attack, improper use of a back door, and spoofing, users can install a firewall, install intrusion detection software, and set up a honeypot.
1. Do not start a computer with removable media in the drives or ports.
2. Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source.
3. Disable macros in documents that are not from a trusted source.
4. Install an antivirus program and a personal firewall.
5. Stay informed about any new virus alert or virus hoax.
6. To defend against a botnet, a denial of service attack, improper use of a back door, and spoofing, users can install a firewall, install intrusion detection software, and set up a honeypot.
3. Discuss techniques to prevent unauthorized computer access and use.
Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or illegal activities.
4. Identify safeguards against hardware theft and vandalism.
Hardware theft is the act of stealing computer equipment. Hardware vandalism is the act of defacing or destroying computer equipment. The best preventive measures against hardware theft and vandalism are common sense and a constant awareness of the risk.
5. Explain the ways software manufacturers protect against software piracy.
Software piracy is the unauthorized and illegal duplication of copyrighted software. To protect themselves from software piracy, manufacturers issue a license agreement and require product activation.
6. Discuss how encryption works, and explain why it is necessary.
Encryption is the process of converting readable data into unreadable characters to prevent unauthorized access. You treat encrypted data just like any other data. That is, you can store it or send it in an e - mail message. Encryption prevents information theft and unauthorized access by converting readable data into unreadable characters.
7. Discuss the types of devices available that protect computers from
system failure.
Safeguards Against System Failure
To protect against electrical power variations, use a surge protector. A surge protector uses special electrical components to provide a stable current flow to the computer and other electric equipment. For additional electrical protection, some users connect an uninterruptible power supply to the computer. An uninterruptible power supply (UPS)is a device that contains surge protection circuits and one or more batteries that can provide power during a loss of power.
8. Explain the options available for backing up computer resources.
Data loss caused by a system failure or hardware/software/information theft, computer users should back up files regularly. A backup is a duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed. Thus, to backup a file means to a make a copy of it.
9. Identify risks and safeguards associated with wireless communications.
- A wireless access point (WAP) should be configured so that it does not broadest a network name. The WAP also can be programmed so that only certain devices can access it
- Wi-Fi Protected Access (WPA) is a security standard that improves on older security standards by authenticating network users and providing more advanced encryption techniques.
- An 802.11i network, sometimes called WPA2, the most recent network security standard, conforms to the government's security standards and uses more sophisticated encryption techniques than WPA.
computer use.
- A repetitive strain injury (RSI) is an injury or disorder of the muscles, nerves, tendons, ligaments, and joints. Computer-related RSI's include tendonitis and carpal tunnel syndrome.
- Tendonitis is inflammation of a tendon due to some repeated motion or stress on that tendon.
- Carpal Tunnel Syndrome (CTS) is inflammation of the nerve that connects the forearm to the palm of the wrist.
- Computer vision syndrome (CVS), you have CVS if you have sore, tired, burning, itching, or dry eyes; blurred or double vision; distance blurred vision after prolonged staring at a display device; headache or sore neck; difficulty shifting focus between a display device and documents; difficulty focusing on the screen image; color fringes or after-image when you look away from the display device; and increased sensitivity to light.
- Take frequent breaks during the computer session to exercise your hands and arms.
- To prevent injury due to typing, place a wrist rest between the keyboard and the edge of your desk.
- To prevent injury while using a mouse, place the mouse at least six inches from the edge of the desk. In this position, your wrist is flat on the desk.
- Finally, minimize the number of times you switch between the mouse and the keyboard, and avoid using the heel of your hand as a pivot point while typing or using the mouse.
rights, codes of conduct, and green computing.
Computer ethics govern the use of computers and information systems. Issues in computer ethics include the responsibility for information accuracy and the intellectual property rights to which creators are entitled for their works.
12. Discuss issues surrounding information privacy, including electronic
profiles, cookies, spyware and adware, spam, phishing, privacy laws, social
engineering, employee monitoring, and content filtering.
Information privacy is the right of individuals and companies to deny or restrict the collection and use of information about them. Issues surrounding information privacy include the following.
- An electronic profile combines data about an individual's Web use with data from public sources, which then is sold.
- A cookie is a file that a Web server stores on a computer to collect data about the user.
- Spyware is a program placed on a computer that secretly collects information about the user.
- Adware is a program that displays an online advertisement in a banner or pop-up window.
- Spam is an unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at once.
- Phishing is a scam in which a perpetrator attempts to obtain personal or financial information.
- Information privacy laws cover the protection of information on private individuals from intentional or unintentional disclosure or misuse.
- Social engineering is the art of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.
- Employee monitoring refers to any method of tracking what an employee does while at work.
- Content filtering is the most commonly used group of methods to filter spam.