Download Chapter 6 - UTA - College of Business

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
Document related concepts
no text concepts found
Transcript 
Chapter 6
Computer Fraud and Abuse
Techniques
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
6-1
Learning Objectives
Compare and contrast computer
attack and abuse tactics.
Explain how social engineering
techniques are used to gain physical or
logical access to computer resources.
Describe the different types of malware
used to harm computers.
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
6-2
Computer Attacks and Abuse
 Hacking
 Unauthorized access, modification, or use of a
computer system or other electronic device
 Social Engineering
 Techniques, usually psychological tricks, to gain
access to sensitive data or information
 Used to gain access to secure systems or locations
 Malware
 Any software which can be used to do harm
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
6-3
Types of Computer Attacks
 Botnet—Robot Network
 Network of hijacked computers
 Hijacked computers carry out processes without users
knowledge
 Zombie—hijacked computer
 Denial-of-Service (DoS) Attack
 Constant stream of requests made to a Web-server
(usually via a Botnet) that overwhelms and shuts down
service
 Spoofing
 Making an electronic communication look as if it
comes from a trusted official source to lure the
recipient into providing information
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
6-4
Types of Spoofing
 E-mail
 E-mail sender appears
as if it comes from a
different source
 Caller-ID
 Incorrect number is
displayed
 IP address
 Forged IP address to
conceal identity of
sender of data over the
Internet or to
impersonate another
computer system
 Address Resolution
Protocol (ARP)
 Allows a computer on a
LAN to intercept traffic
meant for any other
computer on the LAN
 Web page
 Phishing (see below)
 DNS
 Intercepting a request
for a Web service and
sending the request to
a false service
 SMS
 Incorrect number or
name appears, similar
to caller-ID but for text
messaging
6-5
Hacking Attacks
 Cross-Site Scripting (XSS)
 Unwanted code is sent via dynamic Web pages
disguised as user input.
 Buffer Overflow
 Data is sent that exceeds computer capacity causing
program instructions to be lost and replaced with
attacker instructions.
 SQL Injection (Insertion)
 Malicious code is inserted in the place of query to a
database system.
 Man-in-the-Middle
 Hacker places themselves between client and host.
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
6-6
Additional Hacking Attacks
 Password Cracking
 Penetrating system security to steal passwords
 War Dialing
 Computer automatically dials phone numbers looking
for modems.
 Phreaking
 Attacks on phone systems to obtain free phone
service.
 Data Diddling
 Making changes to data before, during, or after it is
entered into a system.
 Data Leakage
 Unauthorized copying of company data.
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
6-7
Hacking Embezzlement Schemes
 Salami Technique
 Taking small amounts from many different accounts.
 Economic Espionage
 Theft of information, trade secrets, and intellectual
property.
 Cyber-Bullying
 Internet, cell phones, or other communication
technologies to support deliberate, repeated, and
hostile behavior that torments, threatens, harasses,
humiliates, embarrasses, or otherwise harms another
person.
 Internet Terrorism
 Act of disrupting electronic commerce and harming
computers and communications.
6-8
Hacking for Fraud
 Internet Misinformation
 Using the Internet to spread false or misleading
information
 Internet Auction
 Using an Internet auction site to defraud another
person
 Unfairly drive up bidding
 Seller delivers inferior merchandise or fails to deliver at all
 Buyer fails to make payment
 Internet Pump-and-Dump
 Using the Internet to pump up the price of a stock and
then selling it
6-9
Social Engineering Techniques
 Identity Theft
 Assuming someone else’s identity
 Pretexting
 Inventing a scenario that will lull
someone into divulging sensitive
information
 Posing
 Using a fake business to acquire
sensitive information
 Phishing
 Posing as a legitimate company
asking for verification type
information: passwords, accounts,
usernames
 Typesquatting
 Typographical errors when
entering a Web site name cause
an invalid site to be accessed
 Tabnapping
 Changing an already open
browser tab
 Scavenging
 Looking for sensitive information in
items thrown away
 Shoulder Surfing
 Snooping over someone’s
shoulder for sensitive information
 Pharming
 Redirecting Web site traffic to a
spoofed Web site.
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
6-10
More Social Engineering
 Lebanese Loping
 Capturing ATM pin and card numbers
 Skimming
 Double-swiping a credit card
 Chipping
 Planting a device to read credit card information in a
credit card reader
 Eavesdropping
 Listening to private communications
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
6-11
Type of Malware
 Virus
 Executable code that attaches itself to software,
replicates itself, and spreads to other systems or files
 Worm
 Similar to a virus; a program rather than o code
segment hidden in a host program. Actively transmits
itself to other systems
 Spyware
 Secretly monitors and collects
personal information about users
and sends it to someone else
 Adware
 Pops banner ads on a monitor, collects information
about the user’s Web-surfing, and spending habits,
and forward it to the adware creator
6-12
More Malware
 Key logging
 Records computer activity, such as a user’s keystrokes,
e-mails sent and received, Web sites visited, and chat
session participation
 Trojan Horse
 Malicious computer instructions in an authorized and
otherwise properly functioning program
 Time bombs/logic bombs
 Idle until triggered by a specified date or time, by a
change in the system, by a message sent to the
system, or by an event that does not occur
 Trap Door/Back Door
 A way into a system that bypasses normal
authorization and authentication controls
Copyright 2012 © Pearson Education, Inc. publishing as Prentice Hall
5-13
More Malware
 Packet Sniffers
 Capture data from information packets as they travel
over networks
 Rootkit
 Used to hide the presence of trap doors, sniffers, and key
loggers; conceal software that originates a denial-ofservice or an e-mail spam attack; and access user names
and log-in information
 Superzapping
 Unauthorized use of special system programs to
bypass regular system controls and perform illegal
acts, all without leaving an audit trail
Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall
6-14
Related documents
Practice 5
Practice 5
Roosevelt`s Square Deal
Roosevelt`s Square Deal
Kotler Keller 21 - website
Kotler Keller 21 - website
International Business
International Business
Section 22-1 Introduction to Plants (pages 551-555)
Section 22-1 Introduction to Plants (pages 551-555)
activity sheet
activity sheet
Chapter 11
Chapter 11
Preview Sample 1
Preview Sample 1
4.1 The Plant Kingdom GR
4.1 The Plant Kingdom GR
Final Exam – Form A
Final Exam – Form A