* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download OnLinePrivacy - Cal State LA
Survey
Document related concepts
Cross-site scripting wikipedia , lookup
Trusted Computing wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Computer security wikipedia , lookup
Antivirus software wikipedia , lookup
Microsoft Security Essentials wikipedia , lookup
Computer virus wikipedia , lookup
Mobile security wikipedia , lookup
Unix security wikipedia , lookup
Cyberattack wikipedia , lookup
Social engineering (security) wikipedia , lookup
Transcript
Protecting your On-Line Privacy and PC 1 Viruses, Worms, Trojan Horses, Spam, and Hoaxes Of the billions of e-mail messages per year, an increasing proportion of which is unpleasant. An e-mail security firm scanned 413 million e-mails in August 2003. Three percent contained a virus, 52 percent were spam, and in many cases contained some kind of pornographic image. 2 Viruses Designed to replicate themselves and potentially cause harmful actions. Often hidden inside innocuous programs. Viruses in e-mails often masquerade as games or pictures and use beguiling subject lines (e.g., "My girlfriend nude") to encourage users to open and run them. Try to replicate themselves by infecting other programs on your computer. 3 Worms Like viruses, worms attempt to replicate themselves, but they are programmed to use one’s mail list and send out e-mails rather than simply infecting programs on a single computer. 4 Trojan Horses Malicious programs that pose as benign applications (do not replicate like viruses and worms). Trojan horses are used to smuggle viruses and worms inside your computer. 5 Spam Spam, or unsolicited commercial email, wastes bandwidth and time. The sheer volume of it can be overwhelming, and it can be a vehicle for viruses. Much of it is of an explicit sexual nature, which can create an oppressive working environment and, potentially, legal liabilities if companies do not take steps to stop it. 6 Hoax e-mails Hoax e-mails, such as fake virus warnings, chain letters, or implausible free offers, waste readers' time. Hoax e-mails often contain viruses or Trojan horses. 7 Common Security Threats Against Networks Attackers have different motivations— profit, mischievousness, glory—but they all work in similar ways. The Basic Threats (infinite variation): Spoofing Tampering Repudiation Information disclosure Denial of Service Elevation of privilege 8 Spoofing IP spoofing means creating packets that look as though they have come from a different IP address. E-mail spoofing means forging an email so that the From address does not indicate the true address of the sender. 9 Tampering Altering the contents of packets as they travel over the Internet or altering data on computer disks after a network has been penetrated. 10 Repudiation The ability of a user to falsely deny having performed an action that other parties cannot prove otherwise. For example, a user that deleted a file can successfully deny doing so if no mechanism (such as audit records) can prove otherwise. 11 Information Disclosure Information disclosure consists of the exposure of information to individuals who normally would not have access to it. 12 Denial of Service (DoS) DoS attacks are computerized assaults launched by an attacker in an attempt to overload or halt a network service, such as a Web server or a file server. For example, clogging a server with superfluous requests and thus making it impossible for legitimate inquiries to get through. 13 Elevation of Privilege A process by which a user misleads a system to grant unauthorized rights, usually for the purpose of compromising or destroying the system. For example, attacker exploits a weakness in the software that lets her/him change the guest privileges to administrative privileges. 14 Spyware Spyware is the latest threat to computers and its users. It joins a host of parasites, such as, viruses, worms, spam, plus e-mail, and network attacks. 15 Spyware Spyware is a self installing software that presents varying degrees of maliciousness that range from a program running on your computer in the background (without your knowledge) to a simple tracking cookie. 16 Spyware Activities Monitors Web-browsing patterns Triggers related pop-up ads Resets Home Page or Search Engines Adds links to Bookmarks Attempts to capture personal information 17 Adware Adware is another form of spyware that monitors users’ Web-browsing patterns and displays related popup and pop-under ad windows based on this information. Adware may also send the gathered information back to its creator. 18 Spyware Scanning Tools Computer Associates’ eTrust PestPatrol FBM Software ZeroSpyware and ZeroAds LavaSoft Ad-Aware McAfee Anti-Spyware Trend Micro’s InterScan Web Security Suite 19 Eliminating Adware & Spyware Find Remove and, Keep out 20 Finding Spyware Step 1: Scanning for spyware Requires antispyware tools Consider several categories of spyware scanning tools (do not run the tools concurrently) 21 Step 2: Eliminating Spyware Since Spyware programs are constantly modified (DLL and registry settings) use a variety of tools and in hard cases manual removal may also be necessary. Reformatting the HD and reinstalling the OS may be less work than manually looking for Spyware. 22 Step 3: Install Spywareblocking Software Install at least two Spywareblocking applications and run them one at a time. Enlist users in the fight against Spyware 23 References CDW-G Higher Education March 2005 An Introduction to Criminal Hacking, Viruses, and Malicious Activities. Retrieved March 28th, 2005. http://www.microsoft.com/smallbusiness/gtm/securitygui dance/articles/an_introduction_to_criminal_hacking_viru ses_and_malicious_activities.mspx 24