Computer Security Risk

 A computer security risk is any event or action that

could cause a loss of or damage to computer
hardware, software, data, information, or processing
capability
 Any illegal act involving a computer generally is
referred to as a computer crime
 A cybercrime is an online or Internet-based illegal act

Hackers Crackers Script Kiddies Corporate Spies

Unethical
Cyberextortionists Cyberterrorists
Employees
1
 Categories of Cybercrime
 Hacker refers to someone who accesses a
computer or network illegally
 Some hackers claim the intent of their security breaches
is to improve security
 Cracker also is someone who accesses a computer
or network illegally but has the intent of destroying
data, stealing information, or other malicious action
 Both hackers and crackers have advanced computer and
network skills
 Script kiddie has the same intent as a cracker but
does not have the technical skills and knowledge
 often use prewritten hacking and cracking programs to
break into computers
2
 Categories of Cybercrime
 Corporate spies have excellent computer and
networking skills and are hired to break into a
specific computer and steal its proprietary data
and information, or to help identify security risks in
their own organization
 Some companies hire corporate spies, a practice
known as corporate espionage, to gain a competitive
advantage
 Unethical employees may break into their
employers’ computers for a variety of reasons
 Some simply want to exploit a security weakness
 Others seek financial gains from selling confidential
information 3
 Categories of Cybercrime
 Cyber extortionist is someone who uses e-mail as a vehicle
for extortion
 send an organization a threatening e-mail message indicating they
will
 expose confidential information, exploit a security flaw, or launch an attack
that will compromise the organization’s network — if they are not paid a
sum of money
 Cyber terrorist is someone who uses the Internet or network
to destroy or damage computers for political reasons
 might target the nation’s air traffic control system, electricity-
generating companies, or a telecommunications infrastructure
 Cyber warfare, describes an attack whose goal ranges from
disabling a government’s computer network to crippling a country
 Both Cyber terrorism and cyber warfare usually require a
team of highly skilled individuals, millions of dollars, and
several years of planning 4
 Computer Security Risk
 Computers and computer users are exposed to
several types of security risks

5
 Threats
 Entire point of computer security is to eliminate
or protect against threats
 Anything that can cause harm
 In the context of computer security, a threat can
be
 a burglar, a virus, an earthquake, or a simple user
error
 Vulnerabilities are weaknesses in security
 Vulnerability is a weakness—anything that has
not been protected against threats, making it
open to harm
 Security attempts to neutralize threats 6
 Degrees of Harm
 Level of potential damage
 Include all parts of system
 Potential data loss
 Loss of privacy
 Inability to use hardware
 Inability to use software
 Actual physical harm
 A nasty virus or hacker can wipe out your programs as
well as your data.
 If your PC is connected to a network, other systems on the
network could suffer similar problems.
 Damages to your home or office—such as a fire or flood—
can easily extend to your computer and everything stored
on it 7
 Threats To Users
 Identity Theft
 Loss of Privacy
 Cookie

8
 Identity Theft
 Impersonation by private information to obtain
documents and credit in your name
 Thief can ‘become’ the victim
 Reported incidents rising
 Methods of stealing information
 Shoulder surfing
 Snagging
 Dumpster diving
 Social engineering
 High-tech methods

9
 Methods of Identity Theft
 Shoulder Surfing
 Watching someone enter personal identification
information for a private transaction such as at ATM
machine
 Observing users typing their login credentials,
credit/calling card numbers etc. into IT equipment
located in public places
 Snagging
 Snagging information by listening in on a telephone
extension, through a wiretap or over a wall while the
victim gives credit card or personal information to a
legitimate agent
10
 Methods of Identity Theft
 Dumpster Diving
 Thieves can go through garbage cans, dumpsters or
trash bins to obtain cancelled checks, credit card
number, or bank account number of someone
 Rummaging through rubbish for personal information
 Social engineering
 ID thief tricks victim into providing critical information
under the pretext of something legitimate
 art of manipulating people into performing actions or
divulging confidential information
 typically trickery or deception for the purpose of
information gathering, fraud, or computer system access;
 In most cases the attacker never comes face-to-face with
the victims 11
 Methods of Identity Theft
 High-tech methods
 Sophisticated ID thief can get information using a
computer and Internet connection
 Trojan Horse can be planted on a system
 Skimming information from bank or credit cards
using compromised or hand-held card readers, and
creating clone cards
 Using 'contactless' credit card readers to acquire
data wirelessly from RFID-enabled passports
 Advertising bogus job offers in order to accumulate
resumes and applications typically disclosing
applicants' names, home and email addresses,
telephone numbers and sometimes their banking 12
 Methods of Identity Theft
 Infiltrating organizations that store and process
large amounts or particularly valuable personal
information
 Brute-force attacking weak passwords and
using inspired guesswork to compromise weak
password reset questions
 Befriending strangers on social networks and
taking advantage of their trust until private
information are given
 Low security/privacy protection on photos that
are easily clickable and downloaded on social
networking sites 13
 Loss of privacy
 Personal information is stored electronically
 Purchases are stored in a database
 Data is sold to other companies
 Public records on the Internet
 Internet use is monitored and logged
 monitoring activity can be carried out on your
computer or a connected server
 Data about when you visited, what you looked at,
and how long you stayed is used by most
commercial Web sites “online profiling”
 None of these techniques are illegal
14
 Cookies
 Cookies are named after the ‘magic cookie’
 a small text file that a Web server asks your
browser to place on your computer
 Cookie contains information that identifies your
computer (its IP address), you (your user name
or e-mail address), and information about your
visit to the Web site..
 Files delivered from a web site
 Originally improved a site’s function
 Cookies now track history and passwords
 Browsers include cookie blocking tools 15
 Spyware
 Software downloaded to a computer
 Designed to record personal information
 can track a computer user's activities and
report them to someone else
 Typically undesired software
 Hides from users
 Several programs exist to eliminate
 Another common term for spyware is adware,
 Internet advertising is a common source of spyware

16
 Web bugs
 Small GIF format image file embedded in web page or HTML
format e-mail
 Behind the tiny image lies code that functions in much the
same way as a cookie, allowing the bug’s creator to track
many of your online activities.
 A bug can record
 what Web pages you view
 keywords you type into a search engine
 personal information you enter in a form on a Web page, and other
data.
 Because Web bugs are hidden, they are considered by many
to be eavesdropping devices
 Gets around cookie blocking tools
 Companies use to track usage
 Blocked with spyware killers 17
 Spam
 is Internet “ junk mail.”
 Unsolicited commercial email (UCE)
 Almost all spam is commercial advertising
 Networks and PCs need a spam blocker
 Stop spam before reaching the inbox
 Spammers acquire addresses using many
methods
 Purchasing lists of e-mail addresses through brokers.
 "Harvesting" e-mail addresses from the Internet.
 Generating random strings of characters in an attempt to
match legitimate addresses
18
 Threats to Hardware
 Affect the operation or reliability
 Power-related threats
 Power fluctuations
 Power spikes or browns out
 Power loss
 Can result in loss of data
 Countermeasures
 Surge suppressors
 Line conditioners
 Uninterruptible power supplies
 Generators

19
 Threats to Hardware
 Theft and vandalism
 Thieves steal the entire computer
 Accidental or intentional damage
 Countermeasures
 Keep the PC in a secure area
 Lock the computer to a desk
 Do not eat near the computer
 Watch equipment
 Chase away loiterers
 Handle equipment with care

20
 Threats to Hardware
 Natural disasters
 Disasters differ by location
 Typically result in total loss
 Disaster planning
 Be aware that a disaster could strike
 Anticipate it when conditions are right
 Plan for recovery
 List potential disasters
 Plan for all eventualities
 Practice all plans

21
Examples of Natural Disaster

22
 Threats to Data
 The most serious threat
 Data is the reason for computers
 Data is very difficult to replace
 Protection is difficult
 Data and information is intangible
 Malware, Virus and malicious programs
 Trojan horses
 Cybercrime
 Hacking
 Cyberterrorism
23
 Internet and Network Attacks
 Information transmitted over networks has a higher
degree of security risk than information kept on an
organization’s premises
 An online security service is a Web site that
evaluates your computer to check for Internet and
e-mail vulnerabilities

24
 Internet and Network Attacks
Computer
Worm Trojan Horse Rootkit
Virus
• Affects a • Copies itself • A malicious • Program that
computer repeatedly, program that hides in a
negatively by using up hides within computer
altering the resources or looks like and allows
way the and possibly a legitimate someone
computer shutting program from a
works down the until remote
• Can spread computer or triggered location to
and damage network • Does not take full
files and replicate control
system itself on
software other
including OS computers

25
 Internet and Network Attacks
 An infected computer has one or more of the
following symptoms:
Operating system Available memory Screen displays
Files become
runs much slower is less than unusual message
corrupted
than usual expected or image

Unknown
Music or unusual Programs or files
Existing programs programs or files
sound plays do not work
and files disappear mysteriously
randomly properly
appear

Operating system
System properties Operating system
shuts down
change does not start up
unexpectedly

26
 How Malware Infects?
 delivers its payload on a computer in a variety of
ways: when a user
 (1) opens an infected file
 (2) runs an infected program
 (3) boots the computer with infected removable
media inserted in a drive or plugged in a port
 (4) connects an unprotected computer to a network
 (5) when a certain condition or event occurs, such
as the computer’s clock changing to a specific date
 (6) when users opening infected e-mail
attachments.
27
Internet and Network Attacks

28
 Malware, Virus and Malicious
 Programs
Malware describes viruses, worms, Trojan horse
attack applets, and attack scripts.
 These virulent programs represent the most common
threat to your information
 Viruses
 Pieces of a computer program (code) that attach
themselves to host programs.
 Software that distributes and installs itself
 Ranges from annoying to catastrophic
 Countermeasures
 Anti-virus software
 Popup blockers
 Do not open unknown email 29
 Harm done by Virus
 Copy themselves to other programs or areas of a disk.
 Replicate as rapidly and frequently as possible, filling
up
 the infected system's disks and memory, rendering the
system useless.
 Display information on the screen.
 Modify, corrupt or destroy selected files.
 Erase the contents of entire disks.
 Lie dormant for a specified time or until a given
condition is met and then become active.
 Open a 'back door" to the infected system that allows
someone else to access and even take control of the
system through a network or Internet connection. 30
 Categories of Viruses
 Bimodal, Bipartite, or Multipartite Viruses
 can infect both files and the boot sector of a disk
 Time bomb
 hides on the victim's disk and waits until a specific date
(or date and time) before running
 Logic bomb
 may be activated by a date, a change to a file, or a
particular action taken by a user or a program
 Stealth Viruses
 take up residence in the computer's memory, making
them hard to detect
 can conceal changes they make to other files, hiding the
damage from the user and the operating system
31
 Categories of Viruses
 Boot Sector Viruses
 regarded as one of the most hostile types of virus
 infects the boot sector of a hard or floppy disk
 This area of the disk stores essential files the
computer accesses during startup.
 moves the boot sector's data to a different part of
the disk.
 When the computer is started, the virus copies itself
into memory where it can hide and infect other disks
 allows the actual boot sector data to be read as
though a normal start-up were occurring

32
 Categories of Viruses
 Cluster Viruses
 makes changes to a disk's file system
 If any program is run from the infected disk, the
program causes the virus to run as well
 creates the illusion that the virus has infected every
program on the disk
 E-mail Viruses
 transmitted via email messages sent across private
networks or the Internet
 Some e-mail viruses are transmitted as an infected
attachment—a document file or program that is
attached to the message
33
 Categories of Viruses
 File-Infecting Viruses
 infects program files on a disk (such as .exe or .com
files)
 When an infected program is launched, the virus's code
is also executed
 Macro virus
 designed to infect a specific type of document file, such
as Microsoft Word or Excel files
 can do various levels of damage to data from
corrupting documents to deleting data
 Polymorphic, Self-Garbling, Self-Encrypting, or
Self-Changing Viruses
 can change itself each time it is copied, making it 34
Threats to Data
 Trojan horses
 Program that poses as beneficial software
 User willingly installs the software
 Countermeasures
 Anti-virus software
 Spyware blocker
 Worms
 are particular to networks, spreading to other machines
on any network you are connected to and carrying out
preprogrammed attacks on the computers
 Attack Script
 specifically written, usually by expert programmers, to
exploit the Internet 35
Threats to Data
 Cybercrime
 Using a computer in an illegal act
 Fraud and theft are common acts
 Internet fraud
 Most common cybercrime
 Fraudulent website
 Have names similar to legitimate sites

36
 Threats to Data
 Hacking
 Most common form of cybercrime
 Using a computer to enter another network to
perform an illegal act
 may amount to simple trespassing or acts that
corrupt, destroy, or change data.
 Hackers motivation
 Recreational hacking
 Financial hackers
 Grudge hacking
 Hacking methods
 Sniffing
 Social engineering 37
 Threats to Data
 Distributed denial of service (DOS) attack
 Attempt to stop a public server
 Hackers plant the code on computers
 Code is simultaneously launched
 Too many requests stops the server
 Cyber terrorism
 Attacks made at a nations information
 Targets include power plants
 Threat first realized in 1996
 Organizations combat cyber terrorism
 Computer Emergency Response Team (CERT)
 Department of Homeland Security
38
 Countermeasures
 Steps taken to block a threat
 Protect the data from theft
 regularly backing up your data is a countermeasure against the
threat of data loss.
 Protect the system from theft
 A firewall is a countermeasure against hackers
 Two classes of countermeasures
 first shields the user from personal harm, such as threats to
personal property, confidential information, financial records,
medical records, and so forth
 second safeguard protects the computer system from physical
hazards such as theft, vandalism, power problems, and natural
disasters or attacks on the data stored and processed in computers
 No countermeasure is 100% effective all of the time
 A truly dedicated attacker will eventually break through any security
39
 Safeguard against Malware
 Do not start a computer with removable media
inserted in the drives or plugged in the ports
 Never open an e-mail attachment unless you
are expecting the attachment and it is from a
trusted source
 Set the macro security level so that the
application software warns users that a
document they are attempting to open contains
a macro
 install an antivirus program and update it
frequently
40
 Computer Viruses, Worms, and Trojan Horses
 How can you protect your system from a macro virus?
 Set macro security level in applications that allow you to

write macros
 At medium security level,
warning displays that
document contains
macro
 Macros are instructions
saved in an application,
such as word
processing or
spreadsheet program

41
 Internet and Network Attacks
 Antivirus
 Identifies
and removes
computer
viruses
 Most also
protect
against
worms and
Trojan
Horses

42
 Virus Signature
 Specific pattern of virus code
 Also called virus definition
 Antivirus programs look for virus signatures
 Should update antivirus program’s signature files regularly

43
 Antivirus
 How does an antivirus program inoculate a program
file?
 Records information about program such as file size and
creation date
 Uses information to detect if virus tampers with file
 Attempts to remove any detected virus
 Quarantines infected files that it cannot remove
 Keeps file in separate area of hard disk until the infection can be
removed
 ensures other files will not become infected
 Users also can quarantine suspicious files themselves
 Quarantined files remain on your computer until you delete them
or restore them
 Restore a quarantined file only if you are certain the antivirus
program has removed the infection from the quarantined file. 44
Popular Antivirus Programs

45
 How to protect
 In extreme cases, you may need to reformat the
hard disk to remove malware from an infected
computer.
 Having uninfected, or clean, backups of all files is
important
 Stay informed about new virus alerts and virus
hoaxes
 A virus hoax is an e-mail message that warns users of a
nonexistent virus or other malware
 Often, these hoaxes are in the form of a chain letter that
requests the user to send a copy of the e-mail message to
as many people as possible
 Instead of forwarding the message, visit a Web site that
publishes a list of virus alerts and virus hoaxes 46
 Preventing Viruses and Malware
 Users can take
several
precautions to
protect their home
and work
computers and
mobile devices
from these
malicious
infections
47
 Internet and Network Attacks
 A botnet is a group of compromised computers connected to a
network
 A compromised computer is known as a zombie, is one whose owner is
unaware the computer is being controlled remotely by an outsider
 A bot is a program that performs a repetitive task on a network
 Cybercriminals install malicious bots on unprotected computers to
create a botnet, also called a zombie army.
 The perpetrator then uses the botnet to send spam via e-mail, spread
viruses and other malware, or commit a distributed denial of service
attack
 A denial of service attack (DoS attack) disrupts computer
access to Internet services such as web or e-mail
 Distributed DoS (DDoS) attack, in which a zombie army is
used to attack computers or computer networks
 Damage caused by a DoS or DDoS attack usually is extensive
48
 Internet and Network Attacks
 A back door is a program or set of instructions in a program
that allow users to bypass security controls when
accessing a program, computer, or network
 Once perpetrators gain access to unsecure computers, they often
install a back door or modify an existing program to include a back
door, which allows them to continue to access the computer
remotely without the user’s knowledge.
 A rootkit can be a back door. Some worms leave back doors, which
have been used to spread other worms or to distribute junk e-mail
from the unsuspecting victim computers
 Spoofing is a technique intruders use to make their
network or Internet transmission appear legitimate
 IP spoofing occurs when an intruder computer fools a network into
believing its IP address is from a trusted source
 Perpetrators of IP spoofing trick their victims into interacting with a
phony Web site
49
 Internet and Network Attacks
 A firewall is hardware and/or software that
protects a network’s resources from intrusion

50
 Firewall
 Organizations use firewalls to protect network resources
from outsiders and to restrict employees’ access to
sensitive data such as payroll or personnel records
 They can implement a firewall solution themselves or
outsource their needs to a company specializing in
providing firewall protection
 Large organizations often route all their communications
through a proxy server, which typically is a component of
the firewall
 A proxy server is a server outside the organization’s network that
controls which communications pass into the organization’s
network
 Proxy servers use a variety of screening techniques
 Some check the domain name or IP address of the message for legitimacy.
 Others require that the messages have digital signatures
51
 Personal Firewall Utility
 Program that protects personal computer and
its data from unauthorized intrusions
 Monitors transmissions to and from computer
 Informs you of attempted intrusion

52
 Internet and Network Attacks
Intrusion detection software

• Analyzes all network traffic

• Assesses system vulnerabilities
• Identifies any unauthorized intrusions
• Notifies network administrators of suspicious behavior patterns or system breaches

Honeypot

• Vulnerable computer that is set up to entice an intruder to break into it

Audit Trail records successful and unsuccessful access attempts

53