* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Security Risks - Bannerman High School
Survey
Document related concepts
Deep packet inspection wikipedia , lookup
Trusted Computing wikipedia , lookup
Information privacy law wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Unix security wikipedia , lookup
Operation AntiSec wikipedia , lookup
Security-focused operating system wikipedia , lookup
Distributed firewall wikipedia , lookup
Wireless security wikipedia , lookup
Cyberattack wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Mobile security wikipedia , lookup
Computer security wikipedia , lookup
Social engineering (security) wikipedia , lookup
Transcript
Security Risks • • • • • • • Viruses, worms, Trojans Hacking Spyware, phishing Keylogging Online fraud Identity theft DOS (Denial of Service attacks Virus • A computer virus is a program that will damage your computer • Once into your computer system it will attach itself to another program and reproduce itself • Examples of the destructive effects of a virus: – data corrupted or deleted, the screen display malfunction, hard drive spinning, computer freezes, unexpected messages or sounds Worm • A computer worm is a malicious program that multiplies once it is in your computer. • It can multiply so many times that it can fill up your computer’s memory and backing storage and slow the system ,or even a whole network, right down! Trojan • Trojans are programs that pretend to be something like a game, a small application, a tool for maintaining your computer. • Once you run the Trojan program it will damage your computer system. • They are often found in e-mail attachments and are .exe files. Hacking • A hacker is someone who gains unauthorised access to a computer system. • Hackers usually use networks to get into computer systems. • They ‘break’ or steal passwords to gain access then copy, steal, delete, corrupt data. Anti-virus software • Anti-virus software can detect and destroy lots of viruses worms and trojans. • Anti-virus software has a database of all viruses. worms and trojans which they must keep up to date or a regular basis. • They will then scan your computer, locate and destroy the viruses worms and trojans Anti-Virus Spyware • Spyware is a program that steals information from your computer e.g. -mail messages, usernames, passwords, bank details. • It then sends this information across the internet to the person who sent the spyware. • How does it get into your computer? – E-mail attachments, – Hidden inside another program that you install. • If you don’t stop the spyware all your personal details and passwords can be stolen! Phishing • Phishing is a technique used by criminals tour personal information such as ID & password, bank details, phone number, address etc.. • Phishers use e-mails pretending to be from e.g. your bank, from Ebay from Pay-Pal to get you to give them your details. • They can even pretend to be someone who wants to give you money, but first you have to give them your bank details.. Then they steal from you! Keylogging • A keylogger is a program designed to track and monitor user keystrokes, often used to steal passwords, credit card numbers. • Keyloggers work unseen by the user, often by acting as software driving thekeyboard • The information gathered is often then uploaded to a website, a server or an e-mail address. Keylogger Using a keylogger you can: online fraud • Criminals use websites, online messages, or “spam” e-mails can reach large numbers of people easily. • Their fake messages and websites look real and credible and can convince people to part with their money. • Examples: bogus investment schemes, spreading false information to boost share prices, fake prize giving schemes, news that you have inherited money, bargain selling websites Online fraud • All on line fraud schemes want to get money from you • They will try – to get your bank details – to get enough personal information to open accounts in your name – get you to send cash directly Identity theft • Stealing your personal details such as bank account details, national insurance number, date of birth, address etc • This enables the thief to pretend to be you and e.g. open bank accounts, get a credit card, buy on-line, withdraw cash Denial of Service Attacks • There are two main types of DOS • Attacks which consume so many network resources such as processors, disk space, memory, network connections, routers, that there is none left for users • Attacks on a specific network resource e.g. disabling a file server. Methods used in Denial of Service Attacks • Resource starvation. This means using up a network resource so that legitimate users can’t access it. A good example is when the DOS attack sends corrupt packets of data to a network filling up the storage area so it can’t handle any more network traffic • Bandwidth consumption. This means flooding the network with senseless data. : e.g. An example of this is flooding an e-mail server with messages until it crashes. Methods used in Denial of Service Attacks • Using weaknesses in networking software, making a server crash by targeting a design flaw in the operating system • Attacking the routers. Sending streams of corrupted packets aimed at routers to divert them from routing data through a network. Security precaution: Passwords • A Password need to be secure! Tips: • Make it at least 8 letters long • Use a combination of UPPER and lower case letters, numbers and punctuation e.g Baw% Heid34& • Don’t write it down and leave it lying about • Change it frequently Security precaution: Encryption Security precaution: Encryption • Ecryption: protecting sensitive data by using codes. • In order to read an encrypted data you need the Key to the code • You can encrypt data held on a storage device such as a hard drive: this would mean that any data that a hacker stole would be meaningless to them Security precaution: Encryption • Data being sent across networks is vulnerable to hacking so: – Encrypting data being sent across networks is a sensible precaution e.g. when paying for something bought on-line you have to send your card details. – Websites that collect your card details should have https in their address: that means they are using encryption to send your information. Security precaution: Biometrics • Biometrics: security using technology to recognise physical characteristics such as: – Fingerprints, the eye retina, a face, a voice. • Firstly the data on a person is input and stored into the computer e.g: – A copy of their fingerprints, images of their face, an image of the retina in their eye, a recording of their voice Security precaution: Biometrics • Before it allows a person access, the computer system – Scans their fingerprints – Takes a picture of their face – Takes a picture of their eye retina – Takes a recording of their voice • The compares it to the data held in its memory • If there is a match then access is granted Security protocols • A security protocol is a method of protecting data being sent across networks • Commonly used protocols are – Secure File Transfer Protocol (SFTP) – Secure Hypertext Transfer Protocol (HTTPS) – Secure Socket Layer (SSL). These protocols carry out functions such as: – Authenticating the sender and receiver of the data – Managing the encryption of the data ( including the keys) – Making sure that the data arrives intact and has not been tampered with. Security precaution: Firewall • A firewall is a system designed to check the data coming into or going out of a network. • It : – only allows access to authorised users and applications – prevents unauthorised access to a network. • On a small network e.g. a home network it will be implemented using software. • On a larger network it may involve using a dedicated computer as well as software. • The firewall software will often be provided by a security suite or, it might be provided by the operating system Firewall Security Suite • A Security Suite is a set of programs are designed to protect your computer from a wide range of threats such as: viruses, trojans, spyware, identity theft, fake websites • They can even provide firewalls and software to ‘tune up’ your system performance. Security Suite Security Suite Checking websites Security Suite • Not all security suites provide the same features and when you are choosing between them you should ask the following questions – Does the suite protect from every type of threat? – How effective is the suite at protecting your computer? – How easy is it to use? – Does it offer additional support and helpful resources? – How often is it updated? Security Suite Check out these websites to compare security suites http://internet-security-suite-review.toptenreviews.com/ http://www.pcmag.com/article2/0,2817,2369749,00.asp