INT 1010 05-3.pdf

1. Introduction to Information Technology 5.3. Issues in Computing: Windows Security Introduction to Information Technology INT-1010 Prof C Luis R Castellanos 1 05.3 Issues in Computing: Windows Security

2. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 2 Information Systems Security Ethical and Legal Implications of Information Systems Windows Security

3. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 3 Computer Malware Computer viruses Windows Security Internet of Things Vulnerabilities and attacks

4. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 4 Computer Viruses Windows Security

5. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 5 A computer virus, much like a flu virus, is designed to spread from host to host and can replicate itself. In more technical terms, a computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another. A virus operates by inserting or attaching itself to a legitimate program or document that supports macros in order to execute its code. In the process, a virus has the potential to cause unexpected or damaging effects, such as harming the system software by corrupting or destroying data

6. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 6 The Iliad is an epic poem in 24 books traditionally attributed to the ancient Greek poet Homer, about the Trojan War. Some of the characters are: Paris, Helen of Troy, Hector. Agamemnon, Menelaus, Achilles.

7. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 7 How does a computer virus attack? Once a virus has successfully attached to a program, file, or document, the virus will lie dormant until circumstances cause the computer or device to execute its code. For a virus to infect your computer, you must run the infected program, which in turn causes the virus code to be executed. This means that a virus can remain dormant on your computer, without showing major signs or symptoms. However, once the virus infects your computer, the virus can infect other computers on the same network.

8. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 8 Stealing passwords or data, logging keystrokes, corrupting files, spamming your email contacts, and even taking over your machine are just some of the devastating and irritating things a virus can do. While some viruses can be playful in intent and effect, others can have profound and damaging effects. This includes erasing data or causing permanent damage to your hard disk. Worse yet, some viruses are designed with financial gains in mind.

9. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 9 What is a keylogger? Keyloggers are a particularly insidious type of spyware that can record and steal consecutive keystrokes (and much more) that the user enters on a device. The term keylogger, or "keystroke logger," is self-explanatory: Software that logs what you type on your keyboard. However, keyloggers can also enable cybercriminals to eavesdrop on you, watch you on your system camera, or listen over your smartphone's microphone https://www.malwarebytes.com/keylogger

10. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 10 How do computer viruses spread? In a constantly connected world, you can contract a computer virus in many ways, some more obvious than others. Viruses can be spread through email and text message attachments, Internet file downloads, and social media scam links. Your mobile devices and smartphones can become infected with mobile viruses through shady App downloads. Viruses can hide disguised as attachments of socially shareable content such as funny images, greeting cards, or audio and video files.

11. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 11 To avoid contact with a virus, it’s important to exercise caution when surfing the web, downloading files, and opening links or attachments. To help stay safe, never download text or email attachments that you’re not expecting, or files from websites you don’t trust.

12. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 12 What are the signs of a computer virus? A computer virus attack can produce a variety of symptoms. Here are some of them: • Frequent pop-up windows. Pop-ups might encourage you to visit unusual sites. Or they might prod you to download antivirus or other software programs. • Changes to your homepage. Your usual homepage may change to another website, for instance. Plus, you may be unable to reset it. • Mass emails being sent from your email account. A criminal may take control of your account or send emails in your name from another infected computer.

13. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 13 • Frequent crashes. A virus can inflict major damage on your hard drive. This may cause your device to freeze or crash. It may also prevent your device from coming back on. • Unusually slow computer performance. A sudden change in processing speed could signal that your computer has a virus. • Unknown programs that startup when you turn on your computer. You may become aware of the unfamiliar program when you start your computer. Or you might notice it by checking your computer’s list of active applications. • Unusual activities like password changes. This could prevent you from logging into your computer.

14. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 14 https://www.matellio.com/blog/which-are-the-best-antivirus-software-for-2022/

15. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 15 https://www.pcmag.com/picks/the-best-antivirus-protection

17. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 17 Computer Malware Windows Security

18. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 18 Malware is an abbreviated form of “MALicious softWARE.” This is software that is specifically designed to gain access to or damage a computer, usually without the knowledge of the owner. There are various types of malware, including spyware, ransomware, viruses, worms, Trojan horses, adware, or any type of malicious code that infiltrates a computer. Generally, the software is considered malware based on the intent of the creator rather than its actual features.

19. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 19 Malware creation is on the rise due to money that can be made through organized Internet crime. Originally malware was created for experiments and pranks, but eventually, it was used for vandalism and destruction of targeted machines. Today, much of malware is created to make a profit from forced advertising (adware), stealing sensitive information (spyware), spreading email spam or child pornography (zombie computers), or extorting money (ransomware).

20. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 20 Various factors can make computers more vulnerable to malware attacks, including defects in the operating system (OS) design, all the computers on a network running the same OS, giving users too many permissions, or just because a computer runs on a particular operating system, such as Windows, for example. The best protection from malware — whether ransomware, bots, browser hijackers, or other malicious software — continues to be the usual, preventive advice: be careful about what email attachments you open, be cautious when surfing by staying away from suspicious websites, and install and maintain an updated, quality antivirus program.

22. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 22 Vulnerabilities and attacks Windows Security

23. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 23 A vulnerability is a system susceptibility or flaw. Many vulnerabilities are documented in the Common Vulnerabilities and Exposures (CVE) database. An exploitable vulnerability is one for which at least one working attack or “exploit” exists. To secure a computer system, it is important to understand the attacks that can be made against it, and these threats can typically be classified into one of the following categories.

24. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 24 Backdoors A backdoor in a computer system, a cryptosystem, or an algorithm, is any secret method of bypassing normal authentication or security controls. They may exist for a number of reasons, including by original design or poor configuration. They may have been added by an authorized party to allow some legitimate access, or by an attacker for malicious reasons; but regardless of the motives for their existence, they create a vulnerability.

25. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 25 Denial-of-service attack Denial of service attacks are designed to make a machine or network resource unavailable to its intended users. Attackers can deny service to individual victims, such as by deliberately entering a wrong password enough consecutive times to cause the victim account to be locked, or they may overload the capabilities of a machine or network and block all users at once.

26. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 26 While a network attack from a single IP address can be blocked by adding a new firewall rule, many forms of Distributed denial of service (DDoS) attacks are possible, where the attack comes from a large number of points – and defending is much more difficult. Such attacks can originate from the zombie computers of a botnet, but a range of other techniques are possible including reflection and amplification attacks, where innocent systems are fooled into sending traffic to the victim.

27. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 27 Direct-access attacks An unauthorized user gaining physical access to a computer is most likely able to directly copy data from it. They may also compromise security by making operating system modifications, installing software worms, keyloggers, covert listening devices, or using wireless mice. Even when the system is protected by standard security measures, these may be able to be bypassed by booting another operating system or tool from a CD-ROM or other bootable media. Disk encryption and Trusted Platform Module are designed to prevent these attacks.

28. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 28 Eavesdropping It is the act of surreptitiously listening to a private conversation, typically between hosts on a network. For instance, programs such as Carnivore and Narus Insight have been used by the FBI and NSA to eavesdrop on the systems of internet service providers. Even machines that operate as a closed system can be eavesdropped upon via monitoring the faint electro-magnetic transmissions generated by the hardware.

29. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 29 Tampering Tampering describes a malicious modification of products. So-called “Evil Maid” attacks and security services planting surveillance capability into routers are examples. An evil maid attack is an attack on an unattended device, in which an attacker with physical access alters it in some undetectable way so that they can later access the device, or the data on it. The name refers to the scenario where a maid could subvert a device left unattended in a hotel room – but the concept itself also applies to situations such as a device being intercepted while in transit, or taken away temporarily by airport or law enforcement personnel.

30. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 30 Spoofing Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Spoofing is most prevalent in communication mechanisms that lack a high level of security. Spam One of the most annoying emails to receive is junk email. This is also referred to as spam, unsolicited bulk email from cyber criminals or unethical companies. It comes in the form of images and videos.

31. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 31 Spam • Brand of canned cooked pork made by Hormel Foods Corporation, introduced in 1937 https://en.wikipedia.org/wiki/Spam_(food) • Unsolicited messages sent in bulk by email (Also referred to as junk email) • The name comes from a Monty Python sketch in which the name of the Spam product is ubiquitous, unavoidable, and repetitive. https://en.wikipedia.org/wiki/Email_spam

32. Introduction to Information Technology 5.3. Issues in Computing: Windows Security The attacker is basically “hijacking” the clicks meant for the top-level page and routing them to some other irrelevant page, most likely owned by someone else. A similar technique can be used to hijack keystrokes. Carefully drafting a combination of stylesheets, iframes, buttons, and text boxes, a user can be led into believing that they are typing the password or other information on some authentic webpage while it is being channeled into an invisible frame controlled by the attacker. 32 Clickjacking Also known as “UI redress attack” or “User Interface redress attack”, is a malicious technique in which an attacker tricks a user into clicking on a button or link on another webpage while the user intended to click on the top-level page. This is done using multiple transparent or opaque layers.

33. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 33 Phishing Phishing is a cyber-attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.

34. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 34 What really distinguishes phishing is the form the message takes: the attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with. It's one of the oldest types of cyberattacks, dating back to the 1990s, and it's still one of the most widespread and pernicious, with phishing messages and techniques becoming increasingly sophisticated. While there are several paid-for and free applications that protect against viruses and malware, Windows has built-in applications to monitor the health of your PC and protect it against hostile threats.

35. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 35 eMail phishing:

36. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 36 Other types of Phishing Spear phishing: Spear phishing targets a specific group or type of individual such as a company’s system administrator. https://www.trendmicro.com/en_us/wha t-is/phishing/types-of-phishing.html

37. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 37

38. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 38 Other types of Phishing Whaling: is an even more targeted type of phishing that goes after the whales. Typically target a CEO, CFO, or any CXX within a specific business. https://www.trendmicro.com/en_us/wha t-is/phishing/types-of-phishing.html

39. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 39 Other types of Phishing Smishing: is an attack that uses text messaging or short message service (SMS) to execute the attack. https://www.trendmicro.com/en_us/wha t-is/phishing/types-of-phishing.html

40. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 40 Other types of Phishing Vishing: This attack is accomplished through a voice call. Hence the “v” rather than the “ph” in the name. https://www.trendmicro.com/en_us/wha t-is/phishing/types-of-phishing.html

43. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 43 IoT and physical vulnerabilities Windows Security

45. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 45 The Internet of Things (IoT) is the network of physical objects such as devices, vehicles, and buildings that are embedded with electronics, software, sensors, and network connectivity that enables them to collect and exchange data – and concerns have been raised that this is being developed without appropriate consideration of the security challenges involved.

46. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 46 While the IoT creates opportunities for more direct integration of the physical world into computer-based systems, it also provides opportunities for misuse. In particular, as the IoT spreads widely, cyber-attacks are likely to become an increasingly physical (rather than simply virtual) threat. If a front door’s lock is connected to the Internet and can be locked/unlocked from a phone, then a criminal could enter the home at the press of a button from a stolen or hacked phone.

47. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 47 People could stand to lose much more than their credit card numbers in a world controlled by IoT-enabled devices. Thieves have also used electronic means to circumvent non-Internet- connected hotel door locks. Medical devices have either been successfully attacked or had potentially deadly vulnerabilities demonstrated, including both in- hospital diagnostic equipment and implanted devices including pacemakers and insulin pumps.

49. Introduction to Information Technology 5.3. Issues in Computing: Windows Security The expression computer virus was coined by Fred Cohen (1986), because… 49 … he said that a program that could infect other programs acted as a “virus”.

50. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 50 What are the signs of a computer virus? • Frequent pop-up windows. • Changes to your homepage. • Mass emails being sent from your email account. • Frequent crashes in computer system. • Unusually slow computer performance • Unknown programs that startup when you turn on your computer • Unusual activities like password changes

51. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 51 Malware is an abbreviated form of “MALicious softWARE.” This is software that is specifically designed to gain access to or damage a computer, usually without the knowledge of the owner.

52. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 52 A backdoor in a computer system, a cryptosystem, or an algorithm, is any secret method of bypassing normal authentication or security controls.

53. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 53 Denial of service attacks are designed to make a machine or network resource unavailable to its intended users. Attackers can deny service to individual victims, or may overload the capabilities of a machine or network and block all users at once.

54. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 54 Phishing Phishing is a cyber-attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need and to click a link or download an attachment.

55. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 55 Other types of Phishing Spear phishing: Spear phishing targets a specific group or type of individual such as a company’s system administrator. Whaling: is an even more targeted type of phishing that goes after the whales. Typically target a CEO, CFO, or any CXX within a specific business.

56. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 56 Other types of Phishing Smishing: is an attack that uses text messaging or short message service (SMS) to execute the attack. Vishing: This attack is accomplished through a voice call. Hence the “v” rather than the “ph” in the name.

58. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 58 • Ch5 Topic summary. (Word document). 50 pts. • Chapter Quiz. 20 points. 70 pts 360 pts 5

59. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 59 • Midterm exam. 100 pts. (23 questions, in 1 hour) 100 pts 460 pts 5

61. Introduction to Information Technology 5.3. Issues in Computing: Windows Security 6. Networks and Communication 61 Next Chapter:

62. Introduction to Information Technology 5.3. Issues in Computing: Windows Security

63. Introduction to Information Technology 5.3. Issues in Computing: Windows Security Textbook 63 https://eng.libretexts.org/Courses/Prince_ Georges_Community_College/INT_1010% 3A_Concepts_in_Computing Purchase of a book is not required.

64. Introduction to Information Technology 5.3. Issues in Computing: Windows Security Professor C 64 castellr@pgcc.edu eLearning Expert BS in Systems Engineering MS in Systems Engineering HC Dr in Education IT Professor | Spanish & GED Instructor LCINT1010.wordpress.com Presentation created in 01/2022. Slides last updated on 05/2023

65. Introduction to Information Technology 5.3. Issues in Computing: Windows Security Introduction to Information Technology INT-1010 Prof C Luis R Castellanos 65 05.3 Issues in Computing: Windows Security

INT 1010 05-3.pdf

INT 1010 05-3.pdf

Recomendados

Más contenido relacionado

Similar a INT 1010 05-3.pdf

Similar a INT 1010 05-3.pdf(20)

Más de Luis R Castellanos

Más de Luis R Castellanos(20)

Último

Último(20)

INT 1010 05-3.pdf