1. 2 Technology in Action Chapter 9 Securing Your System: Protecting Your Digital Data and Devices...
-
Upload
leroy-smart -
Category
Documents
-
view
214 -
download
0
Transcript of 1. 2 Technology in Action Chapter 9 Securing Your System: Protecting Your Digital Data and Devices...
1
2
Technology in Action
Chapter 9
Securing Your System: Protecting Your Digital Data and Devices
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
3
Chapter Topics
• Computer virus types• Protecting computers from viruses• Hackers• Firewalls• Passwords and password management
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
4
Chapter Topics (cont.)
• Biometrics• Spyware and spam• Backup methods• Protecting physical assets
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
5
Computer Threats
• Cybercrimes are criminal acts conducted by cybercriminals through the use of computers
• Computer users need to protect themselves from becoming victims of cybercriminals
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
6Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
7Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
8
Ways to lose your money
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
9
Types of Cybercrime• Fraud-related
– Nondelivery of ordered items– Credit and debit card fraud– Advanced fee scams
• Non-fraud-related – Computer intrusions– Unsolicited e-mail– Child pornography
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
10
Computer Threats: Viruses
• Virus: A program that attaches itself to another program and spreads itself to other computers
• Viruses are hidden within the code of a host program
• Any computing device can be infected with a virus
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
11
Got you sucker!!
Naked_britney.jpg is a virus!!!
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
12
What Viruses Do
• Replicate themselves– Slow down networks
• Secondary objectives– Display annoying messages– Delete files on the hard drive– Change computer settings
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
13
How Does a Computer Catch a Virus?
• Viruses copy themselves and infect a file on your computer
• Spread by – Sharing disks or
flash drives– Opening an e-mail
attachment– Downloading
infected audio or video files
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
14
Types of Viruses
• Boot-sector viruses– Replicate themselves in the boot sector of the
hard drive• Logic bombs
– Activate when certain conditions are met• Time bombs
– Triggered by the passage of time or on a certain date
• Worms– Travel between systems through networks
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
15
ZIP Bombs via email !!!• Many email systems try to protect us by
scanning attachments• If the attachment has a compressed file,
the system will decompress/expand the file onto the server for checking…
• What if the attachment is 1-billion “X” in a row?
• It compresses to about 30k but when expanded, can cause the system to crash to do lack of disk space
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
16
Types of Viruses (cont.)• Script viruses
– Hidden on Web pages as miniprograms • Macro viruses
– Attached to documents• E-mail viruses
– Use e-mail address books to distribute themselves
• Encryption viruses– Compress files using a complex encryption key
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
17
Virus Classifications
• Polymorphic viruses– Periodically rewrite themselves to avoid
detection• Multipartite viruses
– Infect multiple file types• Stealth viruses
– Erase their code from the hard drive and reside in the active memory
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
18
Antivirus Software• Programs designed to
detect viruses– Scan files looking for
virus signatures (unique code)
– Provide options for deleting or fixing infected files
– Inoculate files against further infection
• Needs to be updated frequently
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
19
Antivirus vendors
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
20Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
21
Dealing with an Infected Computer
1. Boot computer with antivirus installation disc.
2. Run directly from DVD/CD.
3. Allow software to delete or quarantine infected files.
4. Research viruses found to ensure further manual steps are not needed.
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
22
Prevent Instant Messaging Viruses
• Allow contact from Buddy or Friends List users only.
• Never automatically accept transfers of data.
• Avoid using instant messaging programs on public computers.
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
23
Other Ways to Protect Your System
• Keep your antivirus and operating system (OS) software up to date
• Load security patches as soon as they are available
• Enable automatic updates
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
24
Hackers
• Anyone who unlawfully accesses a computer system
• Types of hackers – White hat– Black hat– Script kiddies
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
25
Hackers WikiLeaks• Publish private & classified documents from
hacked government & business computers
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
26
Hackers WikiLeaks• Publish private & classified documents from
hacked government & business computers
Albert Gonzalez• Obtained and sold 170 million credit card & ATM
numbers (2005-2007) using packet sniffing.
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
27
Hackers WikiLeaks• Publish private & classified documents from
hacked government & business computers
Albert Gonzalez• Obtained and sold 170 million credit card & ATM
numbers (2005-2007) using packet sniffing.
George Hotz – “geohot” (born 1989)• Unlocking the iPhone – use on any carrier• Hacking “jailbreaking” Playstation 3• Sued by Sony
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
28
What Hackers Steal
• Hackers try to steal data stored on hard drives:– Credit card numbers– Bank account numbers
• Also can steal information through packet sniffing or a keylogger
• Use information to purchase items illegally or to commit identity theft
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
29
How Computers Are Attacked
• Trojan horse• Backdoor program
– Zombies• Denial of service
attacks (DoS)• Distributed denial
of service attacks (DDoS)
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
30
Anatomy of a Denial of Service Attack
• Ask the remote computer a simple question
• Ask it many Many MANY times !!!
• The remote computer is so pre-occupied in telling me to go away, nothing else gets done
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
31Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
32
How Hackers Gain Access
• Direct access– Hacking software
• Indirect access– Internet connection– Logical ports
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
33
Firewalls • Software programs or hardware designed to
close logical ports to invaders– Most current operating systems include reliable
firewalls– Security suite often include firewalls– Network routers can contain a hardware firewall
• Firewalls are critical if you have an always-on broadband connection
• Test your computer’s vulnerability
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
34Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
35
Nasty Tools - Cain and Able
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
36
Bluetooth Attacks
• Bluesnarfing – Exploits flaw in access software to steal
information contained on the device• Bluebugging
– Hacker takes control of the device• Make your device invisible
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
37
Bluetooth attacks
Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
38
Passwords• Create a strong password
– At least 14 characters, including numbers, symbols, and upper- and lowercase letters
– Not a single word or a word from a dictionary– Not easily associated with you (birthday,
name of pet, nickname)– Use different passwords for different sites– Do not tell anyone or write down password– Change password regularly (every month)
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
39Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall
40
Wireless Networks on the Road
• Beware – “Evil twins”– Free Internet access in paid locations
• Protect yourself– Check with authorized personnel for official
name of hotspot– Do not use free access from unknown
sources
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
41
Password Managers
• Remember all your different passwords• Built into
– Operating systems– Web browsers– Some security
packages
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
42
Anonymous Web Surfing
• Public computers – Shared computers risk subsequent user
viewing your data– Might already have viruses or hacking tools
installed• Portable privacy devices• Linux OS on a flash drive
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
43
Biometric Authentication Devices
• Read unique personal characteristics– Fingerprint– Iris patterns– Voice patterns– Face patterns
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
44
Malware
• Software that has a malicious intent– Grayware (nondestructive)
• Adware• Spyware
– Viruses (destructive)• Antispyware software
– Included in many Internet security suites– Stand-alone spyware removal available
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
45
Spam or Spim
• Spam: Unwanted or junk e-mail – To avoid SPAM
• Create free Web-based e-mail account for filling out online forms or making online purchases
• Use a spam filter• Do not try to “unsubscribe” from spam e-mails• Use an e-mail forwarding service
• Spim: Unsolicited instant messages
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
46
Cookies
• A Web site assigns an ID number to your computer, stored in a cookie file
• Each time you log in to the site, it notes the visit and keeps track of it in a database
• Provide info about browsing habits• Identify user preferences• Pose some privacy risks, but low security
threat
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
47
Protecting Your Personal Information
• Protect information from identity thieves– Social Security number– Phone number– Street address
• Check privacy settings on social networking sites: Keep your information as private as possible
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
48
Backing Up Your Data
• Backup– A copy of a file that can be used to
replace the original• Types of files to back up
– Program– Data
• Backup routine– Frequency– Changed files
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
49
Backing Up Your Data (cont.)
• Software programs for easy backup– Schedule automatic backups– Can back up files, folders, or entire drives– Back up to external hard drive, USB device,
or DVD• Entire system backup software
– Takes an image of the entire system – Stores on a separate hard drive– In case of failure, a new drive is inserted
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
50
Backing Up Your Data (cont.)
• Store backups offsite• Online backups
– Store backup files on Internet servers– Some services free
• Windows Live Sky Drive• ADrive
– Fees for some services• Network attached storage (NAS) devices
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
51
Social Engineering
• Uses social skills to generate human interaction to entice individuals to reveal sensitive information– Usually does not use a computer or face-to-
face interaction– Pretexting
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
52
Phishing and Pharming
• Phishing– Uses e-mail to lure user to fake Web sites– Tricks user into revealing private data
• Pharming– Malicious code changes Web browser’s ability
to find Web addresses
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
53
Hoaxes• An attempt to make
someone believe something that is untrue– Target large
audiences– Practical joke, agents
of social change, or time wasters
– Mostly e-mailCopyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
54
Protect Physical Assets
• Environmental factors– Avoid
• Sudden movement• Excessive heat or cold• Dust• Food and liquids
– Use padded case for notebooks
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
55
Power Surges
• Occur when electrical current is supplied in excess of normal voltage (120 volts in the United States)
• Caused by:– Old or faulty wiring– Downed power lines– Malfunctions at electric substations– Lightning strikes
• Use surge protectorsCopyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
56
Deterring Theft
• Alarms• Locks• Software alerts
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
57
E-waste
Computer technology advances rapidly.
Every 3-5 years we replace our systems.
What do we do with the old one?
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
58
E-waste
Computer technology advances rapidly.
Every 3-5 years we replace our systems.
What do we do with the old one?• Reduce, Re-use, Recycle• The world produces ~ 50 million tonnes of
E-waste each year.
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
59
E-waste
Computer technology advances rapidly.
Every 3-5 years we replace our systems.
What do we do with the old one?• Reduce, Re-use, Recycle• The world produces ~ 50 million tonnes of
E-waste each year.
Re-use• Give old computers to those that can’t
afford them
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
60
E-waste
Recycle• About 90% of your computer can be
recycled – plastics, metals, etc
Problems?
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
61
E-waste
Recycle• About 90% of your computer can be
recycled – plastics, metals, etc
Problems?• Recycling has become big business• Labour intensive• Some components are made of toxic
materials• Who disassembles the components?
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
62Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
63
What components did you recycle?• CPU, RAM, Harddrive, etc.
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
64
What components did you recycle?• CPU, RAM, Harddrive, etc.• Anything on your harddrive you might not
want someone else to have?
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
65
What components did you recycle?• CPU, RAM, Harddrive, etc.• Anything on your harddrive you might not
want someone else to have?• Personal information & documents• Web browser history• Stored passwords• Banking info
Even if you delete your files, they can sometimes be recovered!!!
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
66
Chapter 9 Summary Questions
• From which types of viruses do I need to protect my computer?
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
67
Chapter 9 Summary Questions
• What can I do to protect my computer from viruses?
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
68
Chapter 9 Summary Questions
• How can hackers attack my computing devices, and what harm can they cause?
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
69
Chapter 9 Summary Questions
• What is a firewall, and how does it keep my computer safe from hackers?
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
70
Chapter 9 Summary Questions
• How do I create secure passwords and manage all of my passwords?
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
71
Chapter 9 Summary Questions
• How can I surf the Internet anonymously and use biometric authentication devices to protect my data?
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
72
Chapter 9 Summary Questions
• How do I manage online annoyances such as spyware and spam?
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
73
Chapter 9 Summary Questions
• What data do I need to back up, and what are the best methods for doing so?
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
74
Chapter 9 Summary Questions
• What is social engineering, and how do I avoid falling prey to phishing and hoaxes?
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
75
Chapter 9 Summary Questions
• How do I protect my physical computing assets from environmental hazards, power surges, and theft?
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall
Chapter 1Chapter 9 76
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic,
mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America.
Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall