1. Define the term, computer security risks, and briefly describe the types
of cybercrime perpetrators: hacker, cracker, script kiddie, corporate spy,
unethical employee, cyberextortionist, and cyberterrorist.
A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
Cybercrime-refers to online or Internet-based illegal acts
Hacker-refers to someone whom accesses a computer or network illegally; the intent of their security breaches is to improve security
Cracker-someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious actions
Script kiddie-has the same intent as the cracker but does not have the technical skills and knowledge; often use prewritten hacking and cracking programs to break into computer
Corporate spies-have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information
Unethical employee-break into their employer's computer for a variety of reasons;some simply want to exploit a security weakness, others seek financial gains from selling confidential information
Cyberextortionist-someone who uses e-mail as a vehicle for extortion; these perpetrators send an organization a threatening e-mail message indicating they will expose confidential information, exploit a security flow, or launch an attack that will compromise the organization's network-if they are not paid a sum of money
Cyberterrorist-a programmer who breaks into computer systems in order to steal or change or destroy information;including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as computer viruses
A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
Cybercrime-refers to online or Internet-based illegal acts
Hacker-refers to someone whom accesses a computer or network illegally; the intent of their security breaches is to improve security
Cracker-someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious actions
Script kiddie-has the same intent as the cracker but does not have the technical skills and knowledge; often use prewritten hacking and cracking programs to break into computer
Corporate spies-have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information
Unethical employee-break into their employer's computer for a variety of reasons;some simply want to exploit a security weakness, others seek financial gains from selling confidential information
Cyberextortionist-someone who uses e-mail as a vehicle for extortion; these perpetrators send an organization a threatening e-mail message indicating they will expose confidential information, exploit a security flow, or launch an attack that will compromise the organization's network-if they are not paid a sum of money
Cyberterrorist-a programmer who breaks into computer systems in order to steal or change or destroy information;including acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet, by the means of tools such as computer viruses
2. Describe various types of Internet and network attacks (computer viruses,
worms, Trojan horses, rootkits, botnets, denial of service attacks, back
doors, and spoofing), and identify ways to safeguard against these attacks,
including firewalls, intrusion detection software, and honeypots.
viruses-is a computer program that can copy itself and infect a computer
worms-is a self-replicating malware computer program which uses a computer network to send copies of itself to other nodes and it may do so without any user intervention
Trojan horses-is a destructive program that masquerades an application; the software initially appears to perform a desirable function for the user prior to installation and/or execution, but steals information or harms the system
rootkit- a software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications
botnets-is a grouped of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks usually for nefarious purposes
denial of service attacks-is an assault whose purpose is to disrupt computer access to an Internet services such as the Web or e-mail
backdoors-a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected
spoofing-the process of deception by which an individual or system alters its identity or creates additional identities, thereby causing another person or system to act incorrectly
To take precautions against this malware:
1. Do not start a computer with removable media in the drives or ports.
2. Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source.
3. Disable macros in documents that are not from a trusted source.
4. Install an antivirus program and a personal firewall.
5. Stay informed about any new virus alert or virus hoax.
6. To defend against a botnet, a denial of service attack, improper use of a back door, and spoofing, users can install a firewall, install intrusion detection software, and set up a honeypot.
To take precautions against this malware:
1. Do not start a computer with removable media in the drives or ports.
2. Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source.
3. Disable macros in documents that are not from a trusted source.
4. Install an antivirus program and a personal firewall.
5. Stay informed about any new virus alert or virus hoax.
6. To defend against a botnet, a denial of service attack, improper use of a back door, and spoofing, users can install a firewall, install intrusion detection software, and set up a honeypot.
3. Discuss techniques to prevent unauthorized computer access and use
Some safeguards that improve the security of wireless networks include reconfiguring the wireless access point and ensuring equipment uses one or more wireless security standards such as Wi-Fi Protected Access and 802.11i.
-a wireless access point (WAP) should be configured so that it does not broadcast a network name. The WAP also can be programmed so that only certain devices can access it.
-Wi-Fi Protected Access (WPA) is a security standard that improves an older security standards by authenticating network users and providing more advanced encryption techniques.
-an 802.11i network, sometimes called WPA2, the most recent network security standard, conforms to the government's security standards and uses more sophisticated encryption techniques than WPA.
By implementing these security measures, you can help to prevent an unauthorized access to wireless networks.
Some safeguards that improve the security of wireless networks include reconfiguring the wireless access point and ensuring equipment uses one or more wireless security standards such as Wi-Fi Protected Access and 802.11i.
-a wireless access point (WAP) should be configured so that it does not broadcast a network name. The WAP also can be programmed so that only certain devices can access it.
-Wi-Fi Protected Access (WPA) is a security standard that improves an older security standards by authenticating network users and providing more advanced encryption techniques.
-an 802.11i network, sometimes called WPA2, the most recent network security standard, conforms to the government's security standards and uses more sophisticated encryption techniques than WPA.
By implementing these security measures, you can help to prevent an unauthorized access to wireless networks.
Walang komento:
Mag-post ng isang Komento