-A computer security risk is any event or action that could cause a loss or damage to computer hardware, software, data, or even important information.
-A cyber crime is an online or internet-based illegal act such as Hackers, crackers, script kiddies, corporate spies and more.
Explanation for the cyber crime :-
-Hackers are person who uses computer to gain unauthorized access to data and personal information.
-Crackers also known as a black hat hacker is an individual with extensive computer knowledge whose purpose is to breach or bypass internet security or gain access to software without paying royalties. The general view is that, while hackers build things, crackers break things.
-Script Kiddies are person who uses existing computer scripts or codes to hack into computers, lacking the expertise to write their own.
-An online security service is a web site that evaluates your computer to check for internet and e-mail vulnerabilities.
Type of internet and network attacks:-
- Computer virus- Affects a computer negatively by altering the way the computer works.
- Worm- Copies itself repeatedly using up resource and completely shut down the computer and network.
- Trojan Horse- A malicious program that hides within or looks like a legitimate program.
- Rootkit- A set of software tools that enable an unauthorized user to gain control of a computer system without being detected.
-An infected computer has one or more of the following symptoms; -
- Operating system runs much slower than usual.
- Available memory is less than expected.
- Files become corrupted.
- system properties change.
- Music or unusual sound plays randomly.
- Operating system shuts down unexpectedly.
- Programs or files do not work properly.
- Operating system does not start up.
-A botnet is a group of compromised computers connected to a network. A compromised computer is know as a zombie.
-A denial of service attacks (Dos attack) disrupts computer access to internet services.
-A back door is a program or set of instructions in a program that allow users to bypass security controls.
-Spoofing is a technique intruders use to make their network or internet transmission appear legitimate.
-A firewall is hardware and/or software that protects a network's resources from intrusion.
-Intrusion detect
ion software:-
- Analyzes all network traffic
- Assesses system vulnerabilities
- Identifies any unauthorized intrusions
- Notifies network administrators of suspicious behavior patterns or system breaches.
-Honeypot;-
- Vulnerable computer that is set up to entice an intruder to break into it.
Unauthorized Access and Use:-
-Unauthorized access is the use of a computer or network without permission
-Unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities.
-Organizations take several measure to help prevent unauthorized access and use
- Acceptable use policy
- Disable file and printer sharing
- Firewalls
- Intrusion detection software
- Two-phase processes called identification and authentication
- User name
- Password
- Passphrase
- CAPTCHA
-A bio-metric device authenticates a person’s identity by translating a personal characteristic into a digital code that is compared with a digital code in a computer
-Digital forensics is the discovery , collection, and analysis of evidence found on computer and network. many areas use digital forensics such as
- Law enforcement
- Criminal prosecutors
- Military intelligence
- Insurance agencies
- Information security departments
Hardware Theft and Vandalism: -
-Hardware theft is the act of stealing computer equipment
-Hardware vandalism is the act of defacing or destroying computer equipment.
To help reduce the of change of theft, companies and schools use a variety of security measures
- Physical access controls
- Alarm system
- Cables to lock equipment
- Real time location system
- Password, possessed objects, and bio-metrics
-Software theft occurs when someone; -
- Steals software media.
- Intentionally erases programs.
- illegally copies a program.
- illegally registers and/or activates a program.
Software Theft: -
-A single-user license agreement typically contains the following conditions
permitted to
- install the software on one computer
- Make one copy of the software
- Remove the software from your computer before giving it away or selling it
Not permitted to
- install the software on a network
- Give copies to friends or colleagues while continuing to use the software
- Export the software
- Rent or lease the software
Copying, loaning, borrowing, renting, or distributing software can be a violation of copyright law where some software requires product activation to function fully.
-Information theft occurs when someone steals personal or confidential information .
-Encryption is a process of converting readable data into unreadable characters to prevent unauthorized access.
-A digital signature is an encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the sender.
popular security techniques include:-
- Digital certificates
- Transport layer security (TLS)
- Secure HTTP
- VPN
-A system failure is the prolonged malfunction of a computer. A variety of factors can lead to system failure including:-
- Aging hardware
- Natural disasters
- Electrical power problems such as noise, under-voltages and over-voltages
- Errors in computer programs.
Two ways to protect from system failures caused by electrical power variations include surge protectors and uninterruptable power supplies (UPS).
-A backup is a duplicate of a file, program, or disk that can be used if the original is lost, damaged. or destroyed. To back up a file means to make a copy of it. Offsite backups are stored in a location separate form the computer site such as cloud storage.
Ethics and Society:-
The bets way to prevent security risk is to have ethics and society.
-Computer ethics are the moral guidelines that govern the use of computer and information systems.
-Intellectual property rights are the rights to which creators are entitled for their work. A copyright protects any tangible form of expression.
-IT code of conduct is a written guideline that helps determine whether a specific computer action is ethical or unethical. The IT code of conduct:-
- Computers may not be used to harm other people.
- Employees may not interfere with others computer work.
- Employees may not meddle in others computer files.
- Computers may not be used to steal.
- Computers may not be used to bear false witness.
- Employees may not copy or use software illegally.
- Employees may not use others computer resource without authorization.
- Employees may not use others intellectual property as their own.
- Employees shall consider the social impact of programs and system they design.
- Employees always should use computers in a way that demonstrates consideration and respect for fellow humans.
Green computing - involves reducing the electricity and environmental waste while using a computer.
-Information privacy refers to the right of individuals and companies to deny or restrict the collection and use of information about them where huge database store data online and it is important to safeguard your information.
Examples on how to safeguard personal information;-1) Fill only necessary information on any form.
2) Avoid shopping club and buyer cards.
3) Ask before giving personal information to any merchants.
4) Install a cookie manager to filter cookies.
5) Turn off file and printer sharing on internet connection.
6) Install a personal firewall.
7) Inform merchant not to distribute your personal information.
8) Clear history file frequently on browser.
9) Do not reply to spam for any reason.
10) Surf the web anonymously.
-A cookie is a small text file that a web server stores on your computer such as:-
- Allow for personalization
- Store users password
- Assist with online shopping
- Track how often users visit a site
- Target advertisements
-Spam is an unsolicited e-mail message or newsgroup posting.
-E-mail filtering blocks e-mail messages from designated sources.
-Anti-spam programs attempt to remove spam before it reaches to your inbox.
-Phishing is a scam in which a perpetrator sends an official looking e-mail message that attempts to obtain your personal and financial information.
-Pharming is a scam where a perpetrator attempts to obtain your personal and financial information via spoofing.
-Content filtering is the process of restricting access to certain material on the web.
-Web filtering software restricts access to specified websites.
-Social engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of trust and naivety.
-Employee monitoring involves the use of computers to observe, record and review an employee's use of a computer.
No comments:
Post a Comment