ISDS 1102
possible question
Also remember that reputable organizations, such as major banks and universities, will never send you unsolicited requests for data and they will never ask you to share your password.
Ex D-o-s-a
An 2016 a group of hackers conducted a DoS against one of the major website domain manager and internet traffic router in the US3. As a consequence, major websites such as Twitter, Spotify, and Airbnb were out of reach for several hours.
Ex of smart phone
Android users downloaded app of webstore that was infected with malware wiith unwanted ads
Backdoors and Security Weaknesses
Another way to gain unauthorized access is to exploit weaknesses in the software infrastructure of the organization under attack
Intrusion Threat
Consists of any situation where an unauthorized attacker gains access to organizational IT resources.
Computer Viruses (Payload Phase)
Harmful set of actions that the virus performs. They may range from simply annoying the user to wreaking havoc and producing significant damage. Some Deliver right after infection.
Backups extended
The decrease in the storage cost and the increase in available network bandwidth have made cloud backup services such as Dropbox, Google Drive, and OneDrive a welcomed reality. You should take advantage of them.
White-Hat HACKERS
do so for non-malicious reasons in an effort to expose security flaws and help the providers to fix them.
Intrusion threat DOWNSIDES
1. may go undetected for a long period of time, enabling the intruder to perpetrate the crime(s) over time. 2. the intruder may be able to gain access to private information and even steal records.
Denial-of-service attack
A digital assault carried out over a computer network with the objective to overwhelm an online service so as to force it offline.
EXAMPLE OF WHY YOU SHOULD PATCH
A failure to patch appropriate systems was also at the root of a data breach involving one of the three major US credit agencies: Equifax. Hackers were able to take credit card and driving licenses numbers of hundreds of thousands of people by accessing Equifax databases through an unpatched software vulnerability.
Ransomware
A malware that limits the access to a computer system or users' data and that requires the user to pay a ransom to regain control.
Virus authors
An e-mail virus is malicious code that travels attached to e-mail messages and has the ability to self-replicate, typically by automatically e-mailing itself to multiple recipients.
THINGS TO DO WHEN PURCHASING HARDWARE
Be aware that the default "erase content" feature on many phones do not permanently delete all its data. To completely overwrite the content of your device you should use software specifically developed to permanently achieve this objective. Whenever you purchase used hardware make sure to account for the cost, mostly in terms of your time, to "thoroughly sanitize" the device.
Car Jacking using technology
Chris Valesek and Charlie Miler caught the automotive industry by surprise when they wirelessly carjacked a 2014 Jeep Cherokee on the highway from 10 miles away. Serious vulnerabilities in the Uconnect info-entertainment system
Negative Direct Effects
Computer Outages; Best buy shutting down; Disruptions to the companys operations
Ex Of Careless Behavior
David Delos broadcasted the network's Twitter, Instagram, and YouTube accounts credentials to the world. (HAD PASSWORDS TO ALL ACCOUNT DISPLAYED IN THE BACK OF CAMERA) FU3333KING DUMB A22 BEEETCH
Time bombs (Payload Phase)
Deliver it at a specific point in time or when the user performs a certain action. For instance, the Michelangelo virus discovered in 1991 was designed to deliver its payload on March 6, the birthday of the famous Italian master.
Hand-made strong passwords
Experts suggest that the most secure passwords are a concatenation of a few random words. Multiple words combined guarantee an adequate length and character set that make password almost impossible to guess (e.g. "universityoceancoffeesmartphone").
Passwords
Following these directives people developed a false sense of security when creating easily guessed passwords like "P@ssword1$", or "Passw0rd!"
also know
For example, you can have the most impenetrable firewall on your personal computer, but if your mobile is unsecured and you have access to email on both devices you are still vulnerable.
Password manager
Furthermore, most password managers enable automatic password generation. They create random sequences of characters (e.g. "HInD0zTbbHyujSY") and those are the strongest possible passwords.
PRACTICE SAFE COMPUTING
Get in the habit of checking the URL and other identifying information of the websites you visit
Backups
In the case of ransomware, malware designed to keep your data hostage until you pay a ransom, having accurate and timely backups frees you completely from the threats.
information security management and IT risk management processes.
In the game of chess, the objective of the players is to circumvent the defenses of the opponent in order to checkmate him. Security is a constantly evolving game of chess—one where current defenses, and their limitations, are the basis for future attacks
QUestion in review
Increasing the number of digits to four will result in 10,000 possible positions, and increasing it to eight results in 100,000,000 possible position. Which of the following passwords is the easiest to guess? A. money10300dollars B. 19901113 C. M0n3y10300$ D. there's always money in the banana stand
Multifactor Authentication
Knowledge factors: Things that the legitimate user knows (e.g., password, PIN, security question) Ownership factors: Things that the legitimate user owns (e.g., a phone, a security token) Inherence factors: Things that the legitimate user is (e.g., fingerprint, retina)
Negative Indirect Effects
Legal Recourse; Example is people sueing company because it failed to protect persons personal info on website. Dating website info gets leaked people kill themselves some sue
Common mistakes:
Repetitive or sequential characters. Passwords made of predictable sequences of characters on a keyboard (e.g. abcd, qwerty, 123abc) are easily guessed. Dictionary words. Even though many dictionary terms are quite long (e.g. accoutrements), they are easy to guess. English dictionaries contain around 170,000 entries. Although this is a large number if you try to memorize them, it is negligible for a modern computer. A password made of dictionary words can be cracked by brute force in mere seconds. Context specific words. Avoid using personal information (e.g. birth date, your name), your username or its derivatives, or words related to the service (e.g. "thenextflixpassword"). Lack of variation between passwords. Using the same password across multiple accounts poses a huge risk. If a hacker cracks one of your accounts, they gain rapid access to your other accounts. Consider for instance a scenario where one of your email accounts is compromised. If you used the same password also for the email account that serves as a password recovery for the account being hacked, you could easily end up in a situation where you won't be able to access any of your accounts. In fact, hackers will quickly change your password in all your accounts before you even realize that your account was hacked. This should serve as your warning that for most people, email is a huge repository of sensitive information. Thus, your email password should be your strongest password, even more than your bank's!
Antivirus and Spyware
Safeguarding against malware requires that you install the appropriate detection software (e.g., antivirus, spyware sweepers). With the large number of new viruses being released, antivirus and other detection software is only as good as its most recent update. For this reason, organizations that manage their own networks are increasingly attempting to centralize these applications and push updates to individual users so as to ensure that safeguards against malware are up to date.
UNSECURED CONNECTION
Secured connections are encrypted and they use the HTTPS protocol (Hyper Text Transfer Protocol Secure) instead of basic HTTP (Hyper Text Transfer Protocol). Always verify the security of your connection by looking at the URL in the address bar of your browser - look for the HTTPS and the 'lock' icon or 'secure' label.
Malware
Software programs intently designed to cause damage to individuals' and/or organizations' IT assets.
Spyware
Software runs without the awareness of the user and collects information. is software that, unbeknownst to the owner of the computer, monitors behavior, collects information, and either transfers this information to a third party via the Internet or performs unwanted operations.
QUESTION POSSBILE KNOW THIS
Sometimes you may be asked to provide your password and answer a "security question." Would this be two-factor authentication? Nope, you are indeed providing two pieces of information but they both belong to the knowledge factors class. So this is still one-factor authentication.
Length
The ______of a password is the most important determinant of its security. Longer passwords are always better! In fact, as the length of the password increases it becomes exponentially harder for brute forced attacks to break it.
Character set
The character set is defined as the number of possible elements in the password.
Ex Of bACKDOOR
The password has been lost, or a disgruntled employee is blackmailing the firm and will not unlock the software. So we use the backdoor to bypass pasword to access our info (good example)
SMARTPHONE HACKS
The review process should guarantee that the available software on the store does not contain malware or any violation of the terms and conditions. However, hackers proved several times that malicious code can be hidden from reviewers.
Crapware
These are applications that software vendors or companies pay device makers to install. Such software programs are rarely intentionally malicious, however, they often launch in the background and slow down the operation of your brand new computer. We recommend deleting any application you find on your computer or phone, for which you don't have an explicit use.
Malicious Behavior
This is a particularly troublesome threat because it is almost impossible to prepare for. Imagine, for example, that a member of the sales and direct marketing team is selling customer e-mail addresses to spammers. This type of threat is typically associated with disgruntled or ill-willed employees.
Careless Behavior
This type of threat is typically associated with ignorance of, or disinterest in, security policies where a laptop containing personal information on as many as 26.5 million veterans had been stolen from the home of an employee. The data, including names, social security numbers, and dates of birth (were not supposed to be transferred to a personal laptop)
Computer Security Hacking
Thus, a hacker in this context is a skilled computer user who attempts to break cybersecurity defenses to gain access to computing assets she does not have legitimate access to.
The External Threat
Today there is an incredible array of ways in which your firm's infrastructure can be attacked and compromised. Viruses, Trojan horses, worms, time bombs, spyware, keystroke tracking tools, spoofing, snooping, sniffers—
Problem w Backdoor
While backdoors must be changed during the installation process, sometimes this step is forgotten and the default backdoor is allowed to exist while the program is operational. Hackers can then easily gain access to the application and take control of it, giving themselves high-level access rights.
ADDED TO THAT
Yet it is an intrusion nonetheless, as individuals without proper authority gained access to one of the organization's resources and used it for unintended purposes.
EX SOCIAL ENGINEERING
You see a banner ad stating: 'your computer is at risk of data loss!! Call 888 322 4433' You call the number and a person tells you to provide your credit card number and download software that will clean your computer. What kind of attack are you under?
REMEDIES FOR PREVENTION OF HACKING ISSUES
You should always check the blacklist before buying one. Several sites maintain the blacklist, for example check IMEI blacklist.
Backdoors
code built into a software program to allow access to the application by circumventing password protection. they are built into software in the event that high-level accounts, such as administrative accounts, are for some reason inaccessible
Phishing
consists of collecting sensitive information by tricking people with access to provide it. Phishing is done by sending official-sounding e-mails from known institutions (e.g., MasterCard). The message indicates that the institution needs the recipient to confirm or provide some data and contains a link to a web page, which is a copy of the original, with fields for providing the "missing" information. LOOK AT URL
ex OF PHONE HACKING
econd, and more insidiously, used phones are sometimes used by hackers to engage in identity theft.ackers perform a "rooting" of the phone to install the malware in the system partion, which makes the malware impossible to remove even with a full factory reset.
MORE EXAMPLE OF CARELESS BEHAVIOR
failing to modify default passwords, breaking the organization's policy on Internet and web usage, not following guidelines about saving data on personal or portable devices, or failing to destroy sensitive data according to planned schedules.
DOWNSIDE TO USERS
imposing the use of different character types (e.g. letters and special characters) can create vulnerabilities rather than enhancing password security. In fact, when users are forced to use special characters they end up creating passwords such as "th3 b3st p@assword", which tend to use special characters in predictable manner. Special characters are quite valuable, but only if they are not used according to easy to guess rules.
Sniffing
individuals who access private information by stealing or guessing legitimate passwords. This can be done by "sniffing" a network connection with specialized software and intercepting passwords that are not encrypted.
Trojan Horses
is a computer program that claims to, and sometimes does, deliver some useful functionality. In reality it has a dark side, like a virus, doesnt replicate but is passed on by people who send it to each other
Worms
is a piece of malicious code that exploits security holes in network software to replicate itself. does not deliver a payload, like a virus. simply replicates itself and continues to scan the network for machines to infect. The problem is that, as the worm infects more and more machines on the network, the traffic it generates quickly brings the network down—with substantial damage. The original Internet worm, originating at Cornell University in 1988, was estimated to cost infected sites from $200 to $53,000 for repairs.
Firewall
is a software program designed to screen and manage traffic in and out of a computer network. Thus, a firewall is used to secure the perimeter of the organization's computing resources, or the perimeter of your computer.
Social Engineering
is roughly defined as the practice of obtaining restricted or private information by somehow convincing legitimate users, or other people who have the information, to share it.
Patching
keeping your software up to date and always installing the new releases of the operating system and applications you use is the most important thing you can do to limit your exposure to security risks. This activity is called patching. The software patch is the piece of software designed to fix or improve a designated program or operating system.
Security is a Negative Deliverable
ll the money spent on managing IT risk and securing the firm's IT infrastructure and the data repositories produces no revenue and creates no efficiencies. It has no return on investment (ROI).
Black Hat Hackers
malicious kind (these are the people you probably instinctively think about when you hear the term: hacker.)
Hacker
refers to highly skilled computer users who apply their knowledge to solving a problem
Ex SPYWARE Include ADWARE
software that collects information in an effort to use it for advertisement purposes by opening pop-ups or changing a user's homepage; keyboard tracking, software that logs keyboard strokes in an effort to steal passwords and other sensitive information; and stealware, software that redirects payments legitimately belonging to an affiliate and sends them to the stealware operator
Ex of Intrusion Threat
teenage hackers was found guilty of gaining unauthorized access to surveillance satellites and using them for unauthorized purposes. (USED THE SATELLITES TO ZOOM IN ON NAKED BITCHES ON THE BEACH FU3KING LEGENDS)
Software Bugs
these are annoying because they prevent the application from functioning normally. For example, a program will shut-off unexpectedly or freeze. At times, though, they can be extremely dangerous, as they create security holes that an ill-intention intruder can exploit.
The Internal Threat
threats are those posed by individuals who have direct, on-premises access to the firm's technology infrastructure, or those who have legitimate reasons to be using the firm's assets.
Computer viruses (INFECTION PHASE)
type of malicious code that spreads by attaching itself to other, legitimate, executable software programs. Once the legitimate software program runs, the virus runs with it, replicating itself and spreading to other programs on the same machine. By doing so, the computer virus, much like a biological virus, is able to prosper. If the infected files are shared and executed by others, their machines will be infected as well.