ISDD - Security Risks
-
Upload
forrester-high-school -
Category
Education
-
view
1.066 -
download
0
Transcript of ISDD - Security Risks
Online FraudThe use of the Internet to illegally obtain money from someone by deception
Examples:Goods not delivered after payment has been madePurchases made with stolen credit cardsLoan scamsMoney transfer fraudDating fraudHoliday fraudDomain name scamsInternet auction fraud
Identity TheftUsing key pieces of personal information in order to impersonate someone else's identity
True NameOpening a new credit card, bank account, mobile phone account using someone else’s identity
Account TakeoverThe imposter uses personal information to gain access to the person's existing accounts
Phishing emails are one common way of getting holdof personal details
ProtectionIn order to protect against online fraud and identity theft, people can:
Avoid giving out personal informationNever respond to emails from banks or other financial organisations asking for login detailsShred any receipts, statements or letters with financial information and name/addressInstall anti-virus software and keep it up-to-dateInstall a firewallSet browser security to the highest setting
Spyware A type of malware Can be hidden in freeware / shareware downloads or passed via
peer-to-peer file sharing Installed on a computer without the knowledge of the owner (like
a Trojan horse)
Spyware Collect’s the owner's private information
email addresses Passwords Websites visited Credit card details
Signs may be a different home page, different browser bar or pop up ads
Anti spyware software can remove spyware
Keylogging A keylogger is a type of surveillance software Records every keystroke you make to a log file Records instant messages, e-mail, passwords, credit cards,
websites visited, emails Could be used in industrial or political espionage User is unaware of keylogging Can be a type of spyware Can be a legitimate program used to monitor employee
productivity Malicious keyloggers can be removed by anti virus software
Phishing Fraudulent email or website Claim to be legitimate companies but are fake Intention is to get the individual to reveal personal information,
such as passwords and credit card numbers, online
PhishingPhishing emails and websites can be identified by:Poor grammar and spelling
PhishingPhishing emails and websites can be identified by:Poor quality graphicsPoorly designed / poorly laid out email or web siteRequesting account login or sensitive data
PhishingPhishing emails and websites can be identified by:Generic email, addressing the recipient as customer or member
PhishingPhishing emails and websites can be identified by:Actual link does not match the link text
PhishingPhishing emails and websites can be identified by:Unrelated links (e.g. other product advertisements)Incorrect informationIncorrect sender email domain
Denial of Service AttacksAn attack on a network that is designed to bring the network to its knees or to a stop by flooding it with useless traffic
Known as DoS attack
Flood services - occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop
Crash services - takes advantage of bugs in the target that subsequently crash or severely destabilize the system, so that it can’t be accessed or used.
Distributed DoS Attacks
Distributed DoS AttacksAttacker – one or more people instigating the DDoS attack
Zombie – A computer running the attack, hides the identity of the attacker. Many zombies recruited from all over world each taking a small part in attack
Victim – The recipient of the attack
Distributed DoS AttacksAttacker uses software to instigate the attack:
Client – client software installed on the attacker computer used to launch attack
Daemon – program running on the zombie computer responding to commands from the client software. Typically installed by virus, trojan horse or worm.
Purposes of DDOSFinancial – victim required to pay a ransom, or loses business through downtime
Malicious – hackers take down websites as a badge of honour
Political – attack on party or government websites
Hacktivism – hackers taking down a website to make a statement
Personal – someone who has a grudge against an organisation
Impact of DDOS