Security and Safety Flashcards
Hazards to our physical bodies include
Eye strain from viewing the computer screen in poor light, poor posture when using devices, or muscle fatigue that comes from typing on a keyboard.
A common term used to describe individuals who launch attacks against other users and their computers is
Attackers or threat actor
Attackers in organized gangs meet in
hidden online “dark web” forums
When organized gangs of young attackers meet online they
Trade information, buy and sell stolen data and attacker tools, and even coordinate their attacks.
Are individuals who want to attack computers, but lack the knowledge of computers and networks needed to do so.
Script kiddies
Work by downloading freely available automated attack software (scripts) from websites and using it to perform malicious acts
Script kiddies
Are attackers who are strongly motivated by principles or beliefs.
Hactivists
Can involve breaking into a website and changing the contents on the site as a means of making a political statement.
Attacks by hactivists
Attack a nation’s computer networks, like the electrical power grid, to cause disruption and panic among citizens.
Cyberterrorists
Instead of using an army to strike at an adversary, governments are now employing state-sponsored attackers to launch computer attacks against their enemies through
Nation state actors
Another serious security threat to companies can come from its own employees, contractors, and business partners, called
Insiders
A healthcare worker upset about being passed over for a promotion might illegally gather health records on celebrities and sell them to the media. This is an example for a/n
Insiders
The greatest risk comes from attackers who want to steal information for
their own financial gain
Once, the reason for launching computer attacks was for the attackers to
show off their technology skills (fame)
Where do you face risks when using the internet or email
Online banking
E-commerce shopping
Fake websites
Social media sites
Attackers try to steal your password to access your online bank account and transfer your money overseas.
Online banking
Rrisks you face online when using the internet or email
Online banking
E-commerce shopping
Fake websites
Social media sites
When you enter your credit card number to make an online purchase an attacker can try to intercept your card number as it is transmitted over the network
E-commerce shopping
Attackers can set up an “imposter” website that looks just like the site where you pay your monthly credit card bill.
Fake websites
Attackers can ask to be a “friend” on your social media site by pretending to be someone you met or went to school with. Once you accept this new friend the attacker may be able to see personal information about you, such as your pet’s name or your favorite vacation spot. This information could be used to reset your password on another website that requires the answer to the security questions
Social media sites
Gathering your personal information is not something that is done only by attackers it can be done and used by
Organizations such as schools and hospitals
Sell your information to a drug company who sends you information about their drugs
Invalid use by hospitals
Refers your past procedures when you are admitted as a patient
Valid use by hospitals
The process of sorting through extremely large sets of data to uncover patterns and establish relationships
Data mining which many organizations use
Most data mining tools allow organizations to
predict future trends
- Give only necessary information when completing an online form or a warranty.
- Review the information that online sites such as Google have stored about you.
- Request to be removed from mailing lists.
- Create another email account to use when a merchant or website requires an address.
- Do not use your social media account login information to log in to another site.
Tips for protecting personal information that is gathered by legitimate organizations include
Eelectronic waste
e-waste
Americans generate over 9.4 million tons of e-waste each year
Contaminate the ground and water supply, causing harm to the environment
Toxic metals, such as lead and mercury
Promotes the reduction of e-waste
Sustainable Electronics Management (SEM)
SEM Action Steps
- Buy green
- Donate
- Recycle
When purchasing new electronic equipment buy only products that have been
designed with environmentally preferable attributes
Many users of technology devices report aches and pains associated with repeated and long-term usage of the devices, known as
repetitive strain injury (RSI)
impacts your muscles, nerves, tendons, and ligaments and affects the upper parts of the body
repetitive strain injury (RSI)
Repeating the same activity over a lengthy time period
Repetitive activity
Using the wrong procedure or posture
Improper technique
Performing the same high-level activity without frequent periods of rest
Uninterrupted intensity
Being too close to a screen or looking at screens without regular breaks can cause
eyestrain
Is an applied science that specifies the design and arrangement of items that you use so that you and the items interact efficiently and safely
Ergonomics
In addition to technology addiction, there are other behavioral risks associated with using technology, including:
- Sedentary lifestyle. less time for physical activity
- Psychological development. Such as poor self-confidence and anxiety
- Social interaction.
Includes sending, posting, or sharing negative, harmful, mean-spirited, and usually false content about another person. Sharing personal or private information to cause embarrassment or humiliation to that person before others
Cyberbullying
- Seems to never end
- Everyone knows about it
- May follow for a lifetime
Cyberbullying
involves the use of technology to stalk another person through email, text messages, phone calls, and other forms of communication
Cyberstalking
Who should you talk to if you suspect that someone you know may be a victim or if you are yourself?
local law enforcement agencies
programs that are created by attackers to infiltrate the victims’ computers without their knowledge
malicious softwares
What tools attackers use to attack computers and networks?
- Malicious softwares
- Tricking users (to preform a compromising action or providing sensitive information)
software can intercept data, steal information, launch other attacks, or even damage the computer so that it no longer properly functions
malicious software
A low-cost but highly effective approach for the attackers
defeating security through a person instead of technology
Is malicious software that can delete or corrupt files and gather personal information
Malware
Refers to a wide variety of software programs that attackers use to enter a computer system without the user’s knowledge or consent and then perform an unwanted and harmful action
Malware
Is malicious computer code that, like its biological counterpart, reproduces itself on the same computer. Almost all of them “infect” by inserting themselves into a computer file.
A computer virus (when the file is opened, the virus is activated)
Is a malicious program that uses a computer network to replicate
Worms (sometimes called network viruses)
Enters a computer through the network and then takes advantage of a vulnerability on the host computer. Once it has exploited that vulnerability on one system, it immediately searches for another computer on the network that has the same vulnerability.
Worms (sometimes called network viruses)
Is malware that hides inside another program, often one downloaded from the web. It “masquerades” as performing a safe activity but also does something malicious
A computer Trojan
A user might download what is advertised as a calendar program, yet when it is installed, it also installs malware that scans the system for credit card numbers and passwords, connects through the network to a remote system, and then transmits that information to the attacker. This example is for
A computer Trojan
One of the fastest-growing types of malware is
ransomware
Prevents a user’s device from properly and fully functioning until a fee is paid. It embeds itself onto the computer in such a way that it cannot be bypassed, even by rebooting.
Ransomware
Early ransomware, called
blocker ransomware
prevented the user from accessing the computer’s resources and displayed a special screen pretending to be from a reputable third-party, such as law enforcement.
blocker ransomware
Instead of just blocking the user from accessing the computer, it encrypts all the files on the device so that none of them can be opened
Today’s ransomware
An attack that changes the device’s address is called
address spoofing
is a category of attacks that attempts to trick the victim into giving valuable information to the attacker. At its core, it relies on an attacker’s clever manipulation of human nature in order to persuade the victim to provide information or take actions. Several basic principles of psychology make it highly effective.
Social engineering
Social Engineering Principles
- Authority
- Intimidation
- Consensus / Influenced by what others do
- Scarcity
- Urgency
- Familiarity
- Trust
Is sending an email or displaying a web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into giving private information.
Phishing
Is a false warning, often contained in an email message that pretends to come from a valid source like the company’s IT department. Attackers can use it as a first step in an attack
A hoax
says that there is a “deadly virus” circulating through the Internet and that you should erase specific files or change security configurations, and then forward the message to other users.
A hoax
Is unwanted email messages sent from an unknown sender to many email accounts, usually advertising a product or service such as low-cost medication, low-interest loans, or free credit reports.
Spam
Can be used to distribute malware. It is sent with attachments that contain malware.
Spam
over ….. percent of data breaches start by a phishing attack, and …. percent of employees have clicked at least one phishing link in the last year.
93% - 22%
Total loss of power
Blackout
Drop in voltage lasting minutes or hours
Brownout
Very short duration of voltage increase
Spike
Short duration of voltage increase
Surge
Unwanted high frequency energy
Noise
can defend computer equipment from spikes, surges, and noise
A surge protector
they cannot provide power in the event of a blackout or brownout
A surge protector
Like a surge protector, but is positioned between the computer and electrical outlet; however, it contains a battery that maintains power to the equipment for a short time in case of an interruption in the primary electrical power source.
an uninterruptible power supply (UPS)
To prevent laptops from being stolen you can use
a cable lock
One of the tips to reduce the risk of theft or loss:
If a theft does occur, do not resist or chase the thief. Instead, take note of the suspect’s description, including any identifying characteristics and clothing, and then call the authorities. Also contact the wireless carrier and change all passwords for accounts accessed on the device.
may indicate that it is connected to an expensive device
White or red headphone cords
consider changing the cord to a less conspicuous color.
Security Features for Recovery of a Stolen Device
- Alarm
- Last known location
- Locate
- Remot lockout
- Theift picture
If a lost or stolen device cannot be recovered, it might be necessary to perform
remote wiping
erases sensitive data stored on the mobile device
remote wiping
copying files from a computer’s hard drive that are then stored in a remote location
Creating a data backup
can protect against hardware malfunctions, user error, software corruption, and natural disasters. They can also protect against cyberattacks because they can restore infected computers to their properly functioning state.
data backup
What online service can you use for beckup if only a slow Internet connection is available?
You perform your own backup from the hard drive to another medium and then store that medium in a remote location ( or use modern operating such as Aoemi Backupper, Acronis True Image, and EaseUS)
is a wireless data network technology that provides high-speed data connections for mobile devices.
Wi-Fi
is the process of “scrambling” information in such a way that it cannot be read unless the user possesses the “key” to unlock it back to a readable format
Encryption
unlocking encryption is called
Decryption
Provides an extra level of protection: if an attacker were somehow able to get to the information he/she could not read the information because she would not have the key to unlock it.
Encryption
can be applied to data on your hard drive (data-at-rest) just as it can be used to protect data being transmitted across the Internet (data-in-transit).
encryption
is a technology used to verify a user’s identity and key that has been “signed” by a trusted third party.
A digital certificate
make it possible to verify the identity of a user and the user’s key to prevent an attack from someone impersonating the user
A digital certificate
involves using someone’s personal information, such as their name, Social Security number, or credit card number, to commit financial fraud.
Identity theft
- Establish phone or wireless service in the victim’s name.
- File for bankruptcy under the person’s name to avoid eviction.
- Go on spending sprees using fraudulently obtained credit and debit card account numbers.
some of the actions that can be undertaken by identity thieves
Discarded credit card statements, charge receipts, and bank statements can be retrieved after being discarded in the trash for personal information.
Dumpster diving technique
Attackers convince victims to enter their personal information at an imposter website after receiving a fictitious email from a bank.
Phishing technique
Using a standard change-of-address form the attackers divert all mail to their post office box so that the victim never sees any charges made.
Change of address form technique
An attacker who pretends to be from a legitimate research firm asks for personal information.
Pretexting technique
Stolen wallets and purses contain personal information that can be used in identity theft.
Stealing technique
First step to avoid theft is to
deter thieves by safeguarding information (shred financial doc, etc.)
To avoid thefts, **do not **carry a Social Security number in
a wallet or write it on a check
Second step to avoid theft is to
monitor financial statements and accounts (be alert, review statments)
U.S. users monitor and protect their financial information that is stored by a credit reporting agency
by requesting one free credit report annually and to have a credit “freeze” (as well as a “thaw”)
might allow your computer to download a “script” or series of instructions that commands the browser to perform specific actions.
an add-on
An attacker use the add-on to download and execute malware on the user’s
is a file created by a website that stores information on your computer, such as your website preferences or the contents of an electronic shopping cart.
Cookie
Some can be stolen and used to impersonate you, while others can be used to track your browsing or buying habits.
Cookie
Some of the important security settings include
- Cookie
- Scripting
- Plug-ins
- Pop-ups
- Clear browsing data
- Plug-in validation
General defenses that you can use for any social-networking site
Be cautious about:
1. What information you post
2. Who can view your information
3. New or updated security settings
Dynamic content such as animated images or customized information, can be done through web browser additions called
these web browser additions introduce a new means for attackers
extensions, plug-ins, and add-ons
