The document discusses various topics relating to internet privacy, security, and netiquette. It covers computer security and the importance of protecting systems from harm. Examples are given of different systems that are at risk of attacks, including financial systems, utilities, aviation, consumer devices, large corporations, and automobiles. Specific security issues and past attacks are described for each one.
IRJET- Android Device Attacks and ThreatsIRJET Journal
This document discusses security threats to Android devices. It begins by providing background on the growth of mobile technology and its integration into daily life and the workplace. This has increased security risks as mobile devices now store and access large amounts of personal and corporate data. The document then discusses some specific threats to Android devices, including data breaches, social engineering, Wi-Fi interference, out-of-date devices, cryptojacking attacks, and poor password hygiene. It emphasizes that Android devices, like other mobile technologies, are vulnerable to these online and physical attacks that can result in compromised data and device access. Strong mobile security practices are needed to protect against the threats.
This document discusses security challenges related to mobile and wireless devices. It covers the proliferation of these devices and trends in mobility. Some key security issues addressed include malware attacks on mobile networks, credit card fraud, and technical challenges like managing registry settings, authentication, cryptography, and securing APIs. The document emphasizes that properly configuring baseline security is important to address many mobile security issues.
Top 10 Cybersecurity Trends to Watch Out For in 2022ManviShukla4
With the Digital revolution around all businesses, small or large, corporates, organizations and even governments are relying on computerized systems to manage their day-to-day activities and thus making cybersecurity a primary goal to safeguard data from various online attacks or any unauthorized access. Continuous change in technologies also implies a parallel shift in cybersecurity trends as news of data breach, ransomware and hacks become the norms. Here are the top cybersecurity trends for 2022.
This document discusses security challenges posed by mobile devices. It begins by outlining three main types of threats: application-based threats like malware and spyware; web-based threats like phishing and drive-by downloads; and network-based threats when using public WiFi.
Application-based threats occur when malicious apps steal data or request unnecessary permissions. Web-based threats happen through compromised websites that download malware. Network-based threats risk intercepting unencrypted data on public WiFi networks.
The document provides examples for each threat type and recommends mitigation strategies like mobile application management, secure web browsing practices, and VPNs for public networks. Managing a variety of personal and company-owned devices poses additional challenges to
IRJET- Cybersecurity: The Agenda for the DecadeIRJET Journal
This document summarizes cybersecurity threats and challenges for the coming decade. It discusses how India is particularly vulnerable due to its large population and rapid growth in internet and mobile device usage. Key points made include:
- Cybersecurity plays a key role in protecting information technology systems and internet services from malicious attacks and unauthorized access.
- India faces major cybersecurity risks due to its large population and major growth in internet and mobile device usage in both urban and rural areas.
- Cyberattacks can damage systems, steal data and information, and disrupt critical infrastructure. Improving cybersecurity defenses is important for India's security, economic development, and provision of internet services.
- A multi-stakeholder effort is needed
This document discusses Internet of Things (IoT) security technologies. It describes how IoT security involves protecting devices, communication pipes, platforms and applications. It outlines Huawei's "3T+1M" IoT security framework which leverages technologies, scenarios and management to provide comprehensive protection. Examples of typical IoT security cases and how Huawei addresses threats at each layer of the IoT architecture are also presented.
12 IoT Cyber Security Threats to Avoid - CyberHive.pdfonline Marketing
As IoT (Internet of Things) devices weave into the fabric of our daily lives, from smart thermostats to connected cars, the need for robust IoT cyber security measures has never been more pressing. Let’s dive into 12 IoT cyber security threats that pose significant risks and offer guidance on navigating these digital waters safely. please visit: https://www.cyberhive.com/insights/12-iot-cyber-security-threats-to-avoid/
IoT security presented in Ada's List ConferenceCigdem Sengul
This document summarizes guidelines for improving Internet of Things (IoT) security. It outlines 12 guidelines including securing credentials and sensitive data, keeping software updated, minimizing exposed attack surfaces, ensuring personal data is protected, monitoring system telemetry for anomalies, making it easy for users to delete personal data, and prioritizing usability in installation and maintenance. The guidelines are aimed at establishing basic security hygiene practices to help address issues like default passwords, lack of software updates, and exposed vulnerabilities that have allowed IoT botnets and data breaches in the past. Following the guidelines would help improve the overall security and privacy of IoT systems.
IRJET- Android Device Attacks and ThreatsIRJET Journal
This document discusses security threats to Android devices. It begins by providing background on the growth of mobile technology and its integration into daily life and the workplace. This has increased security risks as mobile devices now store and access large amounts of personal and corporate data. The document then discusses some specific threats to Android devices, including data breaches, social engineering, Wi-Fi interference, out-of-date devices, cryptojacking attacks, and poor password hygiene. It emphasizes that Android devices, like other mobile technologies, are vulnerable to these online and physical attacks that can result in compromised data and device access. Strong mobile security practices are needed to protect against the threats.
This document discusses security challenges related to mobile and wireless devices. It covers the proliferation of these devices and trends in mobility. Some key security issues addressed include malware attacks on mobile networks, credit card fraud, and technical challenges like managing registry settings, authentication, cryptography, and securing APIs. The document emphasizes that properly configuring baseline security is important to address many mobile security issues.
Top 10 Cybersecurity Trends to Watch Out For in 2022ManviShukla4
With the Digital revolution around all businesses, small or large, corporates, organizations and even governments are relying on computerized systems to manage their day-to-day activities and thus making cybersecurity a primary goal to safeguard data from various online attacks or any unauthorized access. Continuous change in technologies also implies a parallel shift in cybersecurity trends as news of data breach, ransomware and hacks become the norms. Here are the top cybersecurity trends for 2022.
This document discusses security challenges posed by mobile devices. It begins by outlining three main types of threats: application-based threats like malware and spyware; web-based threats like phishing and drive-by downloads; and network-based threats when using public WiFi.
Application-based threats occur when malicious apps steal data or request unnecessary permissions. Web-based threats happen through compromised websites that download malware. Network-based threats risk intercepting unencrypted data on public WiFi networks.
The document provides examples for each threat type and recommends mitigation strategies like mobile application management, secure web browsing practices, and VPNs for public networks. Managing a variety of personal and company-owned devices poses additional challenges to
IRJET- Cybersecurity: The Agenda for the DecadeIRJET Journal
This document summarizes cybersecurity threats and challenges for the coming decade. It discusses how India is particularly vulnerable due to its large population and rapid growth in internet and mobile device usage. Key points made include:
- Cybersecurity plays a key role in protecting information technology systems and internet services from malicious attacks and unauthorized access.
- India faces major cybersecurity risks due to its large population and major growth in internet and mobile device usage in both urban and rural areas.
- Cyberattacks can damage systems, steal data and information, and disrupt critical infrastructure. Improving cybersecurity defenses is important for India's security, economic development, and provision of internet services.
- A multi-stakeholder effort is needed
This document discusses Internet of Things (IoT) security technologies. It describes how IoT security involves protecting devices, communication pipes, platforms and applications. It outlines Huawei's "3T+1M" IoT security framework which leverages technologies, scenarios and management to provide comprehensive protection. Examples of typical IoT security cases and how Huawei addresses threats at each layer of the IoT architecture are also presented.
12 IoT Cyber Security Threats to Avoid - CyberHive.pdfonline Marketing
As IoT (Internet of Things) devices weave into the fabric of our daily lives, from smart thermostats to connected cars, the need for robust IoT cyber security measures has never been more pressing. Let’s dive into 12 IoT cyber security threats that pose significant risks and offer guidance on navigating these digital waters safely. please visit: https://www.cyberhive.com/insights/12-iot-cyber-security-threats-to-avoid/
IoT security presented in Ada's List ConferenceCigdem Sengul
This document summarizes guidelines for improving Internet of Things (IoT) security. It outlines 12 guidelines including securing credentials and sensitive data, keeping software updated, minimizing exposed attack surfaces, ensuring personal data is protected, monitoring system telemetry for anomalies, making it easy for users to delete personal data, and prioritizing usability in installation and maintenance. The guidelines are aimed at establishing basic security hygiene practices to help address issues like default passwords, lack of software updates, and exposed vulnerabilities that have allowed IoT botnets and data breaches in the past. Following the guidelines would help improve the overall security and privacy of IoT systems.
The Internet of Things (IoT) is thriving network of smart objects where one physical object can exchange information with another physical object. In today’s Internet of Things (IoT) the interest is the concealment and security of data in a network. The obtrusion into Internet of Things (IoT) exposes the extent with which the internet of things is vulnerable to attacks and how such attack can be detected to prevent extreme damage. It emphasises on threats, vulnerability, attacks and possible methods of detecting intruders to stop the system from further destruction, this paper proposes a way out of the impending security situation of Internet of things using IPV6 Low -power wireless personal Area Network.
This document discusses system vulnerabilities and securing information systems. It begins by defining security and controls, and explains why systems are vulnerable, including issues with large networks like the Internet. It then describes various types of malicious software like viruses, worms, and Trojan horses that can exploit system vulnerabilities. The document also discusses hackers and computer crimes such as denial of service attacks and identity theft. It emphasizes the business value of security and control and legal requirements around protecting information. Finally, it outlines how organizations can establish a framework for security, including information system controls.
A Survey Report on : Security & Challenges in Internet of Thingsijsrd.com
In the era of computing technology, Internet of Things (IoT) devices are now popular in each and every domains like e-governance, e-Health, e-Home, e-Commerce, and e-Trafficking etc. Iot is spreading from small to large applications in all fields like Smart Cities, Smart Grids, Smart Transportation. As on one side IoT provide facilities and services for the society. On the other hand, IoT security is also a crucial issues.IoT security is an area which totally concerned for giving security to connected devices and networks in the IoT .As, IoT is vast area with usability, performance, security, and reliability as a major challenges in it. The growth of the IoT is exponentially increases as driven by market pressures, which proportionally increases the security threats involved in IoT The relationship between the security and billions of devices connecting to the Internet cannot be described with existing mathematical methods. In this paper, we explore the opportunities possible in the IoT with security threats and challenges associated with it.
Cybersecurity stands as the bedrock of our digital world, safeguarding systems, networks, and data from a rising tide of cyber threats. In the era of the Internet of Things (IoT), wherean ever-expanding array of devices and objects are seamlessly interconnected, the importance of cybersecurity has escalated to unprecedented levels.
Rasefiberry: Secure and efficient Raspberry-Pi based gateway for smarthome Io...journalBEEI
Internet-of-Things or IoT technology becomes essential in everyday lives. The risk of security and privacy towards IoT devices, especially smarthomes IoT gateway device, becoming apparent as IoT technology progressed. The need for affordable, secure smarthome gateway device or router that smarthome user prefer. The problem of low-performance smarthome gateways was running security programs on top of smarthome gateway programs. This problem motivates the researcher designing a secure and efficient smarthome gateway using Raspberry Pi hardware as an affordable smarthome gateway device and able to run both smarthome gateways and security programs. In this research, researchers implemented snort as intrusion detection system (IDS), openHab as IoT gateway applications, and well-known encryption algorithms for file encryption in Raspberry PI 3B+ model. The researcher evaluated Snort capability on network attacks and compared each of the well-known encryption algorithm efficiency. From the result, we found Rasefiberry customized snort configuration for Raspberry pi 60 percent of the simulated network attacks. Twofish encryption algorithms were found to have best encryption time, throughput, and power consumption compared to other encryption algorithms in the research. Rasefiberry architecture successfully processes both lightweight security programs and Openhab smarthome gateway programs with a lowperformance computing device such as Raspberry Pi.
IBM X-Force Threat Intelligence Quarterly,
4Q 2014
Get a closer look at today’s security risks—from new threats arising from within the
Internet of Things, to the sources of malware and botnet infections.
Internet of things are exploding. This whitepaper would help product developers to understand the Security and Privacy issues, their impact and a recommendation for embedding the best practices during PDLC.
IoT References:
https://www.techrepublic.com/article/how-to-secure-your-iot-devices-from-botnets-and-other-threats/
https://www.peerbits.com/blog/biggest-iot-security-challenges.html
https://www.bankinfosecurity.asia/securing-iot-devices-challenges-a-11138
https://www.sumologic.com/blog/iot-security/
https://news.ihsmarkit.com/press-release/number-connected-iot-devices-will-surge-125-billion-2030-ihs-markit-says
https://cdn.ihs.com/www/pdf/IoT_ebook.pdf
https://go.armis.com/hubfs/Buyers%E2%80%99%20Guide%20to%20IoT%20Security%20-Final.pdf
https://www.techrepublic.com/article/smart-farming-how-iot-robotics-and-ai-are-tackling-one-of-the-biggest-problems-of-the-century/
Video Resources:What is the Internet of Things (IoT) and how can we secure it?
https://www.youtube.com/watch?v=H_X6IP1-NDc
What is the problem with IoT security? - Gary explains
https://www.youtube.com/watch?v=D3yrk4TaIQQ
Final Research Project - Securing IoT Devices: What are the Challenges?
Internet security, in general, is a challenge that we have been dealing with for decades. It is a regular topic of discussion and concern, but a relatively new segment of internet security is getting most attention—internet of things (IoT). So why is internet of things security so important?
The high growth rate of IoT should get the attention of cybersecurity professionals. The rate at which new technology goes to market is inversely proportional to the amount of security that gets designed into the product. According to IHS Markit, “The number of connected IoT devices worldwide will jump 12 percent on average annually, from nearly 27 billion in 2017 to 125 billion in 2030.”
IoT devices are quite a bit different from other internet-connected devices such as laptops and servers. They are designed with a single purpose in mind, usually running minimal software with minimal resources to serve that purpose. Adding the capability to run and update security software is often not taken into consideration.
Due to the lack of security integrated into IoT devices, they present significant risks that must be addressed. IoT security is the practice of understanding and mitigating these risks. Let’s consider the challenges of IoT security and how we can address them.
Some security practitioners suggest that key IoT security steps include:
1. Make people aware that there is a threat to security;
2. Design a technical solution to reduce security vulnerabilities;
3. Align the legal and regulatory frameworks; and
4. Develop a workforce with the skills to handle IoT security.
Final Assignment - Project Plan (Deliverables):
1) Address each of the FOURIoT security steps listed above in terms of IoT devices.
2) Explain in detail, in a step-by-step guide, how to make people more aware of the problems associated with the use of IoT devices.
Bottom of Form
Top of Form
Bottom of Form
Personal data breaches and securing IoT devices
· By Damon Culbert (2019)
The Internet of Things (IoT) is taking the world b.
This document discusses securing mobile devices in the business environment. It explores how companies can safely introduce employee-owned mobile devices while managing security risks. Key points include:
- Mobile devices increase productivity but also security risks if not properly secured. A range of platforms need support, and personal and work data coexist on devices.
- Common security threats include loss/theft, malware, spam, phishing via Bluetooth/Wi-Fi. The document outlines techniques to mitigate these risks, such as encryption, remote wiping, and antimalware software.
- The document recommends companies establish mobile security strategies and policies to identify allowed resources/platforms and assign management responsibilities according to a security framework covering identity, data protection, applications,
Since the official commercial launch of 5G in 2019, from a global perspective, 5G network coverage is increasing. The deployment of 5G will also accelerate significantly in 2020. According to the latest research report of "The Status of 5G Deployment" released by VIAVI, as of January 2020, commercial 378G networks have been deployed in 378 cities in 34 countries.
Since the official commercial launch of 5G in 2019, from a global perspective, 5G network coverage is increasing. The deployment of 5G will also accelerate significantly in 2020. According to the latest research report of "The Status of 5G Deployment" released by VIAVI, as of January 2020, commercial 378G networks have been deployed in 378 cities in 34 countries.
The wireless industry has baked security into our networks since the beginning, and works diligently to continually update and build on our security capabilities with every generation of wireless. Today’s 4G LTE networks have the most advanced security features to date, and 5G will further improve upon them.
1) The document outlines Huawei's definition and approach to cyber security, emphasizing protecting customer networks and data as well as complying with laws and regulations.
2) It discusses establishing a cyber security management structure within Huawei's Global Technical Service department to implement cyber security policies and identify risks.
3) The management structure involves multiple levels working together to improve security through standards, training, reviews and addressing issues in order to meet customer demands and gain their trust in Huawei's cyber security.
The document discusses cybersecurity issues related to critical infrastructure sectors. It notes that there are 16 critical infrastructure sectors designated by the US Department of Homeland Security that are vital to national security and safety. These sectors include chemical, communications, dams, emergency services, financial services, government facilities, information technology, transportation, and others. The document expresses concern about the lack of security for industrial control systems and SCADA systems that monitor and control critical infrastructure. It provides examples of past cyber attacks on these systems and notes that the majority of attacks in 2014 targeted advanced persistent threats. The document concludes that as industrial systems increasingly connect to the internet and migrate to web-based interfaces, they represent an growing security risk due to vulnerabilities.
This document discusses cyber security issues, challenges, and risks. It begins by introducing the topic of cyber security and the importance of securely transferring information online. It then discusses some key challenges facing cyber security like advanced persistent threats, the evolution of ransomware, threats to IoT devices, and risks associated with cloud computing. The document also covers cyber security techniques to help address issues like access control, authentication, malware scanning, and using firewalls and antivirus software. It concludes by discussing systemic cyber risks related to scale, interdependency, and shared resources, as well as the importance of cyber ethics.
This document discusses the risks of botnet attacks on smartphones. It begins by providing background on botnets and how they have evolved from PC-based to targeting smartphones. Common propagation methods for smartphone botnets include SMS, Bluetooth, NFC, and WiFi. The document then proposes a hybrid peer-to-peer system using WiFi as the communication medium to create a botnet that is difficult to detect. It argues that securing smartphones from botnet attacks is challenging given the variety of mobile architectures and increasing use of smartphones for sensitive tasks.
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
The document discusses two common IoT devices used in hospitals - security cameras and smart doorbells. For security cameras, it provides background information, examples of known vulnerabilities (CVE IDs and descriptions), and possible solutions to resolve the vulnerabilities, such as updating firmware, using strong unique passwords, firewalls, and network segmentation. For smart doorbells, it similarly discusses background, vulnerabilities (CVE IDs and descriptions related to accessing WiFi credentials), and solutions like keeping firmware updated, securing the router, and using a separate wireless network. The document recommends both devices for hospitals if proper security measures are implemented.
The document discusses security and privacy challenges in the Internet of Things (IoT). It notes that while IoT provides opportunities in areas like smart cities and healthcare, the large number of interconnected devices also creates security and privacy risks if systems are hacked. Specifically, attacks could allow unauthorized access to personal health information or manipulation of devices like insulin pumps. The document outlines various technical challenges to IoT security like device diversity, limited bandwidth, physical access to devices, and lack of global standards. It stresses that security needs to be a priority throughout the entire IoT product lifecycle from design to maintenance.
This document discusses current and emerging cyber threats. It notes that the physical and digital worlds are converging through devices like CCTVs and medical devices. In 2010, common threats included botnets, exploits, and identity theft. For 2011, the document predicts tighter budgets, more sophisticated technology, and more innocent users coming online leading to more targets and accessibility for criminals. It emphasizes the need for security awareness programs and cautions that internal threats may be as significant as external ones.
The document discusses different managerial roles in information systems. A Chief Information Officer (CIO) heads the information systems function and aligns technology with organizational goals. Functional managers oversee specific functions that report to the CIO, such as systems analysis. An ERP manager maintains and implements changes to enterprise resource planning systems. Project managers are responsible for keeping IT projects on schedule and on budget. An Information Security Officer sets and enforces information security policies to protect organizational data from internal and external threats.
The Internet of Things (IoT) is thriving network of smart objects where one physical object can exchange information with another physical object. In today’s Internet of Things (IoT) the interest is the concealment and security of data in a network. The obtrusion into Internet of Things (IoT) exposes the extent with which the internet of things is vulnerable to attacks and how such attack can be detected to prevent extreme damage. It emphasises on threats, vulnerability, attacks and possible methods of detecting intruders to stop the system from further destruction, this paper proposes a way out of the impending security situation of Internet of things using IPV6 Low -power wireless personal Area Network.
This document discusses system vulnerabilities and securing information systems. It begins by defining security and controls, and explains why systems are vulnerable, including issues with large networks like the Internet. It then describes various types of malicious software like viruses, worms, and Trojan horses that can exploit system vulnerabilities. The document also discusses hackers and computer crimes such as denial of service attacks and identity theft. It emphasizes the business value of security and control and legal requirements around protecting information. Finally, it outlines how organizations can establish a framework for security, including information system controls.
A Survey Report on : Security & Challenges in Internet of Thingsijsrd.com
In the era of computing technology, Internet of Things (IoT) devices are now popular in each and every domains like e-governance, e-Health, e-Home, e-Commerce, and e-Trafficking etc. Iot is spreading from small to large applications in all fields like Smart Cities, Smart Grids, Smart Transportation. As on one side IoT provide facilities and services for the society. On the other hand, IoT security is also a crucial issues.IoT security is an area which totally concerned for giving security to connected devices and networks in the IoT .As, IoT is vast area with usability, performance, security, and reliability as a major challenges in it. The growth of the IoT is exponentially increases as driven by market pressures, which proportionally increases the security threats involved in IoT The relationship between the security and billions of devices connecting to the Internet cannot be described with existing mathematical methods. In this paper, we explore the opportunities possible in the IoT with security threats and challenges associated with it.
Cybersecurity stands as the bedrock of our digital world, safeguarding systems, networks, and data from a rising tide of cyber threats. In the era of the Internet of Things (IoT), wherean ever-expanding array of devices and objects are seamlessly interconnected, the importance of cybersecurity has escalated to unprecedented levels.
Rasefiberry: Secure and efficient Raspberry-Pi based gateway for smarthome Io...journalBEEI
Internet-of-Things or IoT technology becomes essential in everyday lives. The risk of security and privacy towards IoT devices, especially smarthomes IoT gateway device, becoming apparent as IoT technology progressed. The need for affordable, secure smarthome gateway device or router that smarthome user prefer. The problem of low-performance smarthome gateways was running security programs on top of smarthome gateway programs. This problem motivates the researcher designing a secure and efficient smarthome gateway using Raspberry Pi hardware as an affordable smarthome gateway device and able to run both smarthome gateways and security programs. In this research, researchers implemented snort as intrusion detection system (IDS), openHab as IoT gateway applications, and well-known encryption algorithms for file encryption in Raspberry PI 3B+ model. The researcher evaluated Snort capability on network attacks and compared each of the well-known encryption algorithm efficiency. From the result, we found Rasefiberry customized snort configuration for Raspberry pi 60 percent of the simulated network attacks. Twofish encryption algorithms were found to have best encryption time, throughput, and power consumption compared to other encryption algorithms in the research. Rasefiberry architecture successfully processes both lightweight security programs and Openhab smarthome gateway programs with a lowperformance computing device such as Raspberry Pi.
IBM X-Force Threat Intelligence Quarterly,
4Q 2014
Get a closer look at today’s security risks—from new threats arising from within the
Internet of Things, to the sources of malware and botnet infections.
Internet of things are exploding. This whitepaper would help product developers to understand the Security and Privacy issues, their impact and a recommendation for embedding the best practices during PDLC.
IoT References:
https://www.techrepublic.com/article/how-to-secure-your-iot-devices-from-botnets-and-other-threats/
https://www.peerbits.com/blog/biggest-iot-security-challenges.html
https://www.bankinfosecurity.asia/securing-iot-devices-challenges-a-11138
https://www.sumologic.com/blog/iot-security/
https://news.ihsmarkit.com/press-release/number-connected-iot-devices-will-surge-125-billion-2030-ihs-markit-says
https://cdn.ihs.com/www/pdf/IoT_ebook.pdf
https://go.armis.com/hubfs/Buyers%E2%80%99%20Guide%20to%20IoT%20Security%20-Final.pdf
https://www.techrepublic.com/article/smart-farming-how-iot-robotics-and-ai-are-tackling-one-of-the-biggest-problems-of-the-century/
Video Resources:What is the Internet of Things (IoT) and how can we secure it?
https://www.youtube.com/watch?v=H_X6IP1-NDc
What is the problem with IoT security? - Gary explains
https://www.youtube.com/watch?v=D3yrk4TaIQQ
Final Research Project - Securing IoT Devices: What are the Challenges?
Internet security, in general, is a challenge that we have been dealing with for decades. It is a regular topic of discussion and concern, but a relatively new segment of internet security is getting most attention—internet of things (IoT). So why is internet of things security so important?
The high growth rate of IoT should get the attention of cybersecurity professionals. The rate at which new technology goes to market is inversely proportional to the amount of security that gets designed into the product. According to IHS Markit, “The number of connected IoT devices worldwide will jump 12 percent on average annually, from nearly 27 billion in 2017 to 125 billion in 2030.”
IoT devices are quite a bit different from other internet-connected devices such as laptops and servers. They are designed with a single purpose in mind, usually running minimal software with minimal resources to serve that purpose. Adding the capability to run and update security software is often not taken into consideration.
Due to the lack of security integrated into IoT devices, they present significant risks that must be addressed. IoT security is the practice of understanding and mitigating these risks. Let’s consider the challenges of IoT security and how we can address them.
Some security practitioners suggest that key IoT security steps include:
1. Make people aware that there is a threat to security;
2. Design a technical solution to reduce security vulnerabilities;
3. Align the legal and regulatory frameworks; and
4. Develop a workforce with the skills to handle IoT security.
Final Assignment - Project Plan (Deliverables):
1) Address each of the FOURIoT security steps listed above in terms of IoT devices.
2) Explain in detail, in a step-by-step guide, how to make people more aware of the problems associated with the use of IoT devices.
Bottom of Form
Top of Form
Bottom of Form
Personal data breaches and securing IoT devices
· By Damon Culbert (2019)
The Internet of Things (IoT) is taking the world b.
This document discusses securing mobile devices in the business environment. It explores how companies can safely introduce employee-owned mobile devices while managing security risks. Key points include:
- Mobile devices increase productivity but also security risks if not properly secured. A range of platforms need support, and personal and work data coexist on devices.
- Common security threats include loss/theft, malware, spam, phishing via Bluetooth/Wi-Fi. The document outlines techniques to mitigate these risks, such as encryption, remote wiping, and antimalware software.
- The document recommends companies establish mobile security strategies and policies to identify allowed resources/platforms and assign management responsibilities according to a security framework covering identity, data protection, applications,
Since the official commercial launch of 5G in 2019, from a global perspective, 5G network coverage is increasing. The deployment of 5G will also accelerate significantly in 2020. According to the latest research report of "The Status of 5G Deployment" released by VIAVI, as of January 2020, commercial 378G networks have been deployed in 378 cities in 34 countries.
Since the official commercial launch of 5G in 2019, from a global perspective, 5G network coverage is increasing. The deployment of 5G will also accelerate significantly in 2020. According to the latest research report of "The Status of 5G Deployment" released by VIAVI, as of January 2020, commercial 378G networks have been deployed in 378 cities in 34 countries.
The wireless industry has baked security into our networks since the beginning, and works diligently to continually update and build on our security capabilities with every generation of wireless. Today’s 4G LTE networks have the most advanced security features to date, and 5G will further improve upon them.
1) The document outlines Huawei's definition and approach to cyber security, emphasizing protecting customer networks and data as well as complying with laws and regulations.
2) It discusses establishing a cyber security management structure within Huawei's Global Technical Service department to implement cyber security policies and identify risks.
3) The management structure involves multiple levels working together to improve security through standards, training, reviews and addressing issues in order to meet customer demands and gain their trust in Huawei's cyber security.
The document discusses cybersecurity issues related to critical infrastructure sectors. It notes that there are 16 critical infrastructure sectors designated by the US Department of Homeland Security that are vital to national security and safety. These sectors include chemical, communications, dams, emergency services, financial services, government facilities, information technology, transportation, and others. The document expresses concern about the lack of security for industrial control systems and SCADA systems that monitor and control critical infrastructure. It provides examples of past cyber attacks on these systems and notes that the majority of attacks in 2014 targeted advanced persistent threats. The document concludes that as industrial systems increasingly connect to the internet and migrate to web-based interfaces, they represent an growing security risk due to vulnerabilities.
This document discusses cyber security issues, challenges, and risks. It begins by introducing the topic of cyber security and the importance of securely transferring information online. It then discusses some key challenges facing cyber security like advanced persistent threats, the evolution of ransomware, threats to IoT devices, and risks associated with cloud computing. The document also covers cyber security techniques to help address issues like access control, authentication, malware scanning, and using firewalls and antivirus software. It concludes by discussing systemic cyber risks related to scale, interdependency, and shared resources, as well as the importance of cyber ethics.
This document discusses the risks of botnet attacks on smartphones. It begins by providing background on botnets and how they have evolved from PC-based to targeting smartphones. Common propagation methods for smartphone botnets include SMS, Bluetooth, NFC, and WiFi. The document then proposes a hybrid peer-to-peer system using WiFi as the communication medium to create a botnet that is difficult to detect. It argues that securing smartphones from botnet attacks is challenging given the variety of mobile architectures and increasing use of smartphones for sensitive tasks.
Face expressions, facial features, kinect sensor, face tracking SDK, neural n...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
The document discusses two common IoT devices used in hospitals - security cameras and smart doorbells. For security cameras, it provides background information, examples of known vulnerabilities (CVE IDs and descriptions), and possible solutions to resolve the vulnerabilities, such as updating firmware, using strong unique passwords, firewalls, and network segmentation. For smart doorbells, it similarly discusses background, vulnerabilities (CVE IDs and descriptions related to accessing WiFi credentials), and solutions like keeping firmware updated, securing the router, and using a separate wireless network. The document recommends both devices for hospitals if proper security measures are implemented.
The document discusses security and privacy challenges in the Internet of Things (IoT). It notes that while IoT provides opportunities in areas like smart cities and healthcare, the large number of interconnected devices also creates security and privacy risks if systems are hacked. Specifically, attacks could allow unauthorized access to personal health information or manipulation of devices like insulin pumps. The document outlines various technical challenges to IoT security like device diversity, limited bandwidth, physical access to devices, and lack of global standards. It stresses that security needs to be a priority throughout the entire IoT product lifecycle from design to maintenance.
This document discusses current and emerging cyber threats. It notes that the physical and digital worlds are converging through devices like CCTVs and medical devices. In 2010, common threats included botnets, exploits, and identity theft. For 2011, the document predicts tighter budgets, more sophisticated technology, and more innocent users coming online leading to more targets and accessibility for criminals. It emphasizes the need for security awareness programs and cautions that internal threats may be as significant as external ones.
The document discusses different managerial roles in information systems. A Chief Information Officer (CIO) heads the information systems function and aligns technology with organizational goals. Functional managers oversee specific functions that report to the CIO, such as systems analysis. An ERP manager maintains and implements changes to enterprise resource planning systems. Project managers are responsible for keeping IT projects on schedule and on budget. An Information Security Officer sets and enforces information security policies to protect organizational data from internal and external threats.
This document discusses different roles that people play in creating information systems. It describes systems analysts as identifying business needs and designing systems to address them. Programmers then write the code to build the systems based on designs. Computer engineers design the underlying hardware and software technologies, with roles in hardware, software, systems integration, and networking. Creators generally have technical backgrounds in fields like computer science and mathematics.
The document discusses operating systems and their functions. It describes how operating systems manage computer hardware and software resources, provide common services to programs, and how the most common operating systems are Windows and MacOS. It provides several methods to identify the specific Windows or MacOS version running on a computer. The document also discusses the history and versions of Windows, MacOS, and Android operating systems.
This document discusses file systems and how they provide an abstraction of data storage on hardware. It defines a file system as a mapping from file names to file contents, with files being sequences of bytes. It also notes that different operating systems commonly use different file systems like FAT, NTFS, ext2/3/4, and HFS+. Hard drives and solid state drives actually store data in more complex ways at the physical level.
This document discusses computer software, including system software and application software. It describes how operating systems are a key type of system software that provides essential functions like managing hardware resources and providing a platform for applications. Popular desktop operating systems today include Windows, MacOS, Chrome OS, and Linux, while mobile operating systems include Android and iOS. The document also discusses how operating systems have evolved over time to take advantage of improvements in processing power and memory.
This document discusses downloading files from the internet. It explains that links can point to files that can be downloaded to a computer. To download a file, you can right-click the link and select "Save link as" or "Save target as." Files are often downloaded to the downloads folder by default. The document also notes that downloading files carries security risks and that one should only download files from trusted sources. It defines downloading as copying data from the internet or external storage to one's computer, while uploading is the reverse of copying to the internet or external storage.
The document discusses file management in Windows operating systems. It describes how to use the Windows File Explorer to organize and manage files and folders on a computer. Key functions covered include copying, moving, and deleting files using tools on the ribbon toolbar like Home, Share, and View tabs. It also explains how to cut, copy, and paste files between locations, and use keyboard shortcuts to perform common file management tasks.
This document discusses different types of computer hardware. It describes personal computers, laptops, mobile phones, tablets, and wearable devices. It explains how these systems have evolved over time as technology has advanced, with smartphones and mobile devices now dominating the market. The document also discusses integrated computing and how technology is being built into everyday products like homes, vehicles and appliances.
This document provides an overview of information systems and their evolution. It begins by defining key terms like data, information, and information systems. It then describes how information systems have evolved over time, starting from the mainframe era where only large organizations could afford room-sized computers, to the PC revolution bringing computers to businesses and individuals with the launch of the IBM PC. The document traces this evolution through additional stages like client-server systems and the modern Internet-connected world. It provides examples and context throughout to illustrate how information systems have transformed and taken on new roles within organizations over decades of technological advancement.
This document provides an introduction to an introductory information technology course. It outlines the course topics which include different types of computing devices, computer applications and software, data analysis, programming, ethics in technology, and information security. It describes the student learning outcomes and evaluations methods which include discussions, quizzes, assignments, exams and a presentation. Guidelines and expectations are provided around assignments, grading, attendance and communication policies.
This document discusses internet privacy, security, and netiquette. It begins by defining internet privacy and noting that privacy concerns have existed since the beginnings of computer sharing. It describes personally identifying information and how privacy relates to information collection. The document outlines risks to internet privacy like cookies and photos online. It emphasizes being careful about what personal information is submitted or posted online so as to avoid issues like identity theft, spam, or information being used by companies for targeted advertising.
The document discusses internet privacy, security, and netiquette. It provides 10 tips for staying safe online, including keeping software updated, being wary of emails from unknown sources, avoiding clicking suspicious links, realizing that free software can still pose risks, not revealing private information on social media, using unique passwords for all accounts, and enabling two-factor authentication. Following basic netiquette rules and safety tips can help users avoid threats like phishing and malware infections.
This document provides an introduction to web development. It discusses the brief history of the internet and how it started in the 1960s between government researchers and universities. It also covers website design, including considerations like the fold and landing pages. Finally, it discusses HTML, CSS, fonts, and site maps as important aspects of web development.
The document provides an introduction to HTML and web development. It discusses what HTML is, the different versions of HTML, HTML elements and tags, how to structure an HTML document with the doctype, head, body and other tags. It also covers creating HTML files, adding images, links, and navigation to pages. The goal is to teach the basics of HTML to create simple websites and web pages.
This document discusses several roles involved in the day-to-day operations and administration of information systems, including computer operators who oversee mainframe computers and data centers, database administrators who manage organizational databases, help desk analysts who are the first line of support for computer users, and trainers who conduct classes to teach users specific computer skills. These roles work to ensure technology systems run effectively and that users can make the most of available resources.
The document discusses database security and common threats. It notes that database breaches exposing personally identifiable information increased significantly in 2013, with over 822 million records exposed. Common causes of database breaches included hacking, which accounted for over 59% of reported incidents and 72% of exposed records. Specific large breaches discussed included those affecting Adobe, Target, and the US National Security Agency. The document stresses that database security presents ongoing challenges given the emergence of new threats and no database is completely secure.
The document discusses the relational data model and databases. It introduces the relational data model, which describes data as interrelated tables. It describes key concepts in relational databases including tables, rows, columns, fields/attributes, records, domains, and degrees. It also discusses database design principles, data warehouses for analysis, and approaches to data warehouse design.
This document discusses databases and their importance in information systems. It begins by defining data, information, and knowledge, explaining how data is transformed into useful information and knowledge through organization and context. It then describes different types of databases, focusing on flat file databases and relational databases. Flat file databases store all data in one file but have limitations around data duplication, searchability, and concurrent access. Relational databases break data into normalized tables with relationships between them, addressing those limitations through their structure and use of queries. The document provides examples to illustrate key differences between the two database types.
The document discusses the design of a database for a university to track student club participation. A design team determined that tables were needed to track clubs, students, club memberships, and club events. The team defined the fields for each table, including primary keys. Examples of normalized database tables are also provided, along with explanations of 1st, 2nd, and 3rd normal forms. Additional database topics like data types, file-based systems, and database security are also briefly covered.
How to Setup Warehouse & Location in Odoo 17 InventoryCeline George
In this slide, we'll explore how to set up warehouses and locations in Odoo 17 Inventory. This will help us manage our stock effectively, track inventory levels, and streamline warehouse operations.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Strategies for Effective Upskilling is a presentation by Chinwendu Peace in a Your Skill Boost Masterclass organisation by the Excellence Foundation for South Sudan on 08th and 09th June 2024 from 1 PM to 3 PM on each day.
This presentation was provided by Steph Pollock of The American Psychological Association’s Journals Program, and Damita Snow, of The American Society of Civil Engineers (ASCE), for the initial session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session One: 'Setting Expectations: a DEIA Primer,' was held June 6, 2024.
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxEduSkills OECD
Iván Bornacelly, Policy Analyst at the OECD Centre for Skills, OECD, presents at the webinar 'Tackling job market gaps with a skills-first approach' on 12 June 2024
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
1. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
Introduction to Information Technology
INT-1010
Prof C
Luis R Castellanos
1
10
Internet Privacy, Internet Security, and
Netiquette
2. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
2
Internet Privacy Internet Security Netiquette
3. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
Introduction to Information Technology
INT-1010
Prof C
Luis R Castellanos
2022
3
10.2
Internet Privacy, Internet Security,
and Netiquette:
Internet Security
5. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
5
Computer Security
Computer security, also known as
cyber security or IT security, is the
protection of information systems from
theft or damage to the hardware, the
software, and to the information on
them, as well as from disruption or
misdirection of the services they
provide.
6. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
6
It includes controlling physical
access to the hardware, as well as
protecting against harm that
may come via network access,
data and code injection, and due
to malpractice by operators,
whether intentional, accidental,
or due to them being tricked into
deviating from secure
procedures.
7. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
7
The field is of growing importance
due to the increasing reliance on
computer systems and the Internet
in most societies, wireless networks
such as Bluetooth and Wi-Fi – and
the growth of “smart” devices,
including smartphones, televisions
and tiny devices as part of the
Internet of Things.
8. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
8
Systems at Risk
Computer security is critical in almost any industry which
uses computers.
Currently, most electronic devices such as computers,
laptops and cellphones come with built in firewall security
software, but despite this, computers are not 100 percent
accurate and dependable to protect our data.
There are many different ways of hacking into computers.
It can be done through a network system, clicking into
unknown links, connecting to unfamiliar Wi-Fi,
downloading software and files from unsafe sites, power
consumption, electromagnetic radiation waves, and many
more.
9. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
9
However, computers can be
protected through well built
software and hardware.
By having strong internal
interactions of properties,
software complexity can prevent
software crash and security failure.
10. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
10
Financial Systems
Web sites and apps that accept or store
credit card numbers, brokerage
accounts, and bank account information
are prominent hacking targets, because
of the potential for immediate financial
gain from transferring money, making
purchases, or selling the information on
the black market.
In-store payment systems and ATMs
have also been tampered with in order
to gather customer account data and
PINs.
11. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
11
Utilities and Industrial
Equipment
Computers control functions at many
utilities, including coordination of
telecommunications, the power grid,
nuclear power plants, and valve
opening and closing in water and gas
networks.
12. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
12
The Internet is a potential attack vector
for such machines if connected, but the
Stuxnet worm demonstrated that even
equipment controlled by computers
not connected to the Internet can be
vulnerable to physical damage caused
by malicious commands sent to
industrial equipment (in that case
uranium enrichment centrifuges)
which are infected via removable
media.
13. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
13
Stuxnet is a malicious computer worm first uncovered in 2010 and thought to
have been in development since at least 2005. Stuxnet targets supervisory
control and data acquisition (SCADA) systems and is believed to be responsible
for causing substantial damage to the nuclear program of Iran.
https://en.wikipedia.org/wiki/Stuxnet
14. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
14
In 2014, the Computer Emergency
Readiness Team, a division of the
Department of Homeland Security,
investigated 79 hacking incidents at
energy companies.
Vulnerabilities in smart meters (many
of which used local radio or cellular
communications) caused some
problems with billing fraud.
15. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
15
Aviation
The aviation industry is very reliant on a
series of complex system which could be
attacked.
A simple power outage at one airport can
cause repercussions worldwide, much of
the system relies on radio transmissions
which could be disrupted, and controlling
aircraft over oceans is especially
dangerous because radar surveillance
only extends 175 to 225 miles offshore.
There is also potential for attack from
within an aircraft.
16. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
16
The consequences of a successful attack
range from loss of confidentiality to loss
of system integrity, which may lead to
more serious concerns such as
exfiltration of data, network and air
traffic control outages, which in turn can
lead to airport closures, loss of aircraft,
loss of passenger life, damages on the
ground and to transportation
infrastructure.
A successful attack on a military aviation
system that controls munitions could
have even more serious consequences.
18. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
18
Europe has started to move towards
centralized aviation network PENS
(Pan-European Network Service)
which do provide a common IP-based
network service across the European
region covering voice and data
communication and later on even more
with NewPENS, similar USA has in
NextGen program.
19. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
19
Consumer Devices
Desktop computers and laptops are commonly
infected with malware either to gather
passwords or financial account information, or
to construct a botnet to attack another target.
Smart phones, tablet computers, smart watches,
and other mobile devices such as Quantified Self
devices like activity trackers have also become
targets and many of these have sensors such as
cameras, microphones, GPS receivers,
compasses, and accelerometers which could be
exploited, and may collect personal information,
including sensitive health information.
20. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
20
Wifi, Bluetooth, and cell phone
networks on any of these devices could
be used as attack vectors, and sensors
might be remotely activated after a
successful breach.
Home automation devices such as the
Nest thermostat are also potential
targets.
21. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
21
Large Corporations
Large corporations are common targets.
In many cases this is aimed at financial
gain through identity theft and involves
data breaches such as the loss of
millions of clients’ credit card details by
Home Depot, Staples, and Target
Corporation.
Medical records have been targeted for
use in general identify theft, health
insurance fraud, and impersonating
patients to obtain prescription drugs for
recreational purposes or resale.
22. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
22
Not all attacks are financially
motivated however; for example
security firm HB Gary Federal suffered
a serious series of attacks in 2011 from
hacktivist group Anonymous in
retaliation for the firm’s CEO claiming
to have infiltrated their group, and
Sony Pictures was attacked in 2014
where the motive appears to have been
to embarrass with data leaks, and
cripple the company by wiping
workstations and servers.
23. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
23
Automobiles
If access is gained to a car’s internal
controller area network, it is possible
to disable the brakes and turn the
steering wheel.
Computerized engine timing, cruise
control, anti-lock brakes, seat belt
tensioners, door locks, airbags and
advanced driver assistance systems
make these disruptions possible, and
self-driving cars go even further.
24. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
24
Connected cars may use Wifi and Bluetooth to
communicate with onboard consumer devices,
and the cell phone network to contact
concierge and emergency assistance services
or get navigational or entertainment
information; each of these networks is a
potential entry point for malware or an
attacker.
Researchers were even able to use a malicious
compact disc in a car’s stereo system as a
successful attack vector, and cars with built-in
voice recognition or remote assistance
features have onboard microphones which
could be used for eavesdropping.
25. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
25
A 2015 report by U.S. Senator
Edward Markey criticized
manufacturers’ security measures as
inadequate, and also highlighted
privacy concerns about driving,
location, and diagnostic data being
collected, which is vulnerable to
abuse by both manufacturers and
hackers.
26. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
26
Government
Government and military computer
systems are commonly attacked by
activists and foreign powers.
Local and regional government
infrastructure such as traffic light
controls, police and intelligence agency
communications, personnel records,
student records, and financial systems
are also potential targets as they are
now all largely computerized.
Passports and government ID cards
that control access to facilities which
use RFID can be vulnerable to cloning.
27. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
27
Radio-frequency identification (RFID) uses electromagnetic fields to
automatically identify and track tags attached to objects.
https://en.wikipedia.org/wiki/Radio-frequency_identification
28. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
28
Internet of Things and physical
vulnerabilities
The Internet of Things (IoT) is the
network of physical objects such as
devices, vehicles, and buildings that are
embedded with electronics, software,
sensors, and network connectivity that
enables them to collect and exchange
data – and concerns have been raised
that this is being developed without
appropriate consideration of the
security challenges involved.
29. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
29
While the IoT creates opportunities for
more direct integration of the physical
world into computer-based systems, it
also provides opportunities for misuse.
In particular, as the Internet of Things
spreads widely, cyber attacks are likely
to become an increasingly physical
(rather than simply virtual) threat.
If a front door’s lock is connected to the
Internet, and can be locked/unlocked
from a phone, then a criminal could
enter the home at the press of a button
from a stolen or hacked phone.
30. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
30
People could stand to lose much more
than their credit card numbers in a
world controlled by IoT-enabled
devices.
Thieves have also used electronic
means to circumvent non-Internet-
connected hotel door locks.
Medical devices have either been
successfully attacked or had potentially
deadly vulnerabilities demonstrated,
including both in-hospital diagnostic
equipment and implanted devices
including pacemakers and insulin
pumps.
32. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
32
Impact of security breaches
Serious financial damage has been
caused by security breaches, but
because there is no standard model for
estimating the cost of an incident, the
only data available is that which is
made public by the organizations
involved.
“Several computer security consulting
firms produce estimates of total
worldwide losses attributable to virus
and worm attacks and to hostile digital
acts in general”.
33. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
33
“The 2003 loss estimates by these
firms range from $13 billion (worms
and viruses only) to $226 billion (for
all forms of covert attacks).
The reliability of these estimates is
often challenged; the underlying
methodology is basically anecdotal.”
However, reasonable estimates of the
financial cost of security breaches can
actually help organizations make
rational investment decisions.
34. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
34
According to the classic Gordon-
Loeb Model analyzing the optimal
investment level in information
security, one can conclude that the
amount a firm spends to protect
information should generally be only a
small fraction of the expected loss (i.e.,
the expected value of the loss resulting
from a cyber/information security
breach).
35. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
35
The Gordon–Loeb model is a
mathematical economic model
analyzing the optimal investment
level in information security.
To draft this model, the company
must possess knowledge of three
parameters:
✓ how much the data is worth;
✓ how much the data is at risk;
✓ the probability an attack on the data is
going to be successful, or
vulnerability.
https://en.wikipedia.org/wiki/Gordon%
E2%80%93Loeb_model
36. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
36
Attacker motivation
As with physical security, the
motivations for breaches of computer
security vary between attackers.
Some are thrill-seekers or vandals,
others are activists or criminals looking
for financial gain.
State-sponsored attackers are now
common and well resourced, but
started with amateurs such as Markus
Hess who hacked for the KGB, as
recounted by Clifford Stoll, in The
Cuckoo’s Egg.
37. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
37
A standard part of threat modelling for
any particular system is to identify
what might motivate an attack on that
system, and who might be motivated to
breach it.
The level and detail of precautions will
vary depending on the system to be
secured.
A home personal computer, bank, and
classified military network face very
different threats, even when the
underlying technologies in use are
similar.
38. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
38
Which motives are behind any cyber-attacks your organization
experienced?
https://www.helpnetsecurity.com/2017/01/11/ransom-motivation-behind-cyber-attacks/
40. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
40
Computer Security, also
known as cyber security or IT
security, is the protection of
information systems from theft
or damage to the hardware, the
software, and to the information
on them, as well as from
disruption or misdirection of the
services they provide.
41. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
41
Web sites and apps that accept or
store credit card numbers,
brokerage accounts, and bank
account information are
prominent hacking targets,
because of the potential for
immediate financial gain from
transferring money, making
purchases, or selling the
information on the black market.
42. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
42
Desktop computers and laptops are
commonly infected with malware either
to gather passwords or financial account
information, or to construct a botnet to
attack another target.
Smart phones, tablet computers, smart
watches, and other mobile devices have
sensors such as cameras, microphones,
GPS receivers, compasses, and
accelerometers which could be exploited,
and may collect personal information.
43. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
43
If access is gained to a car’s
internal controller area network,
it is possible to disable the brakes
and turn the steering wheel.
44. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
44
While the IoT creates
opportunities for more direct
integration of the physical world
into computer-based systems, it
also provides opportunities for
misuse.
In particular, as the Internet of
Things spreads widely, cyber
attacks are likely to become an
increasingly physical (rather than
simply virtual) threat.
45. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
45
Serious financial damage has
been caused by security breaches,
but because there is no standard
model for estimating the cost of
an incident, the only data
available is that which is made
public by the organizations
involved.
46. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
46
A standard part of threat
modelling for any particular
system is to identify what might
motivate an attack on that
system, and who might be
motivated to breach it.
The level and detail of
precautions will vary depending
on the system to be secured.
49. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
Textbook
49
https://eng.libretexts.org/Courses/Prince_
Georges_Community_College/INT_1010%
3A_Concepts_in_Computing
Purchase of a book is not
required.
50. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
Professor C
50
castellr@pgcc.edu
eLearning Expert
BS & MS in Systems Engineering
BS & MS in Military Science and Arts
HC Dr in Education
IT Professor | Spanish Instructor
LCINT1010.wordpress.com
Presentation created in 01/2022.
Slides last updated on 06/2023
51. Introduction to Information Technology
10.2. Internet Privacy, Internet Security, and Netiquette
Introduction to Information Technology
INT-1010
Prof C
Luis R Castellanos
51
10.2
Internet Privacy, Internet Security,
and Netiquette:
Internet Security