Chapter 9 protecting your digital data and devices

Distributed denial of service attack (DDoS)

An automated attack that launched from more than one zombie computer at the same time

Spam filter

An option you can select in your email account that places known or suspected spam messages into a folder other than your inbox

Spyware

An unwanted piggybank program that downloads with the software you want to install from the internet and then runs in the background of your system

Cybercrime

Any criminal action perpetrated primarily through the use of a computer

Hacker

Anyone who unlawfully breaks into a computer system

Grey hat hackers

Are a bit of a cross between black and white. They often illegally break into systems merely to flaunt their expertise to the administrator of the system or to attempt to sell their services in repairing security breaches

Black hat hackers

Break into systems to destroy info or for illegal gain.

Polymorphic virus

Changes its virus signature every time it infects a new file. This makes it more difficult for antivirus programs to detect the virus

Full backup

Create a copy of all your application and data files

Script

List of commands that can be executed on a computer without user interaction

Multipartite virus

Literally meaning "multipart" virus a type of computer virus that attempts to infect computers using more than one method

Pharming

Malicious code planted on your computer to gather information

Exploit kits

-A software toolkit used to take advantage of security weaknesses found in apple or operating system usually to deploy malware -software that runs on servers searching or vulnerablities -logical ports are virtual, not physical, communications paths

Online annoyances

-Spam (juk email) -tactics to minimize spam (spam filter) -cookies are small text files received the you visit a website -help companies determine the effectiveness of their marketing -do not search your hard drive for personal information -may invade your privacy -pose no security threat

Backing up your data

-backups are copies of files used to replace the originals if they're lost or damaged

Types of viruses

-boot sector viruses -logic bombs and time bombs -worms -script and macro viruses -email viruses -encryption viruses

Logical port blocking

-completely refuses requests from the internet asking for access to specific ports -A condition in which a firewall is configured to ignore all incoming packets that request access to a certain port so that no unwanted requests will get through to the computer

Types of scams

-counterfeiting credit and debit cards -requesting changes of address -open new credit cards -obtaining medical services -buying a home

Identity theft and hackers

-cybercrime -cybercriminals -common types of cybercrime

Files to backup

-data files -program files

Hacking

-defined as anyone who unlawfully breaks into a computer system -packet analyzer (sniffer) -keylogger -DDoS -Botnet (large group of software running on zombie computers)

Antivirus software

-detects viruses and protects your computer

Social engineering

-entices individuals to reveal sensitive information is any technique using social skills to generate human interaction

Types of backups

-full -incremental -image

Malware

-has malicious intent -adware displays sponsored advertisements -spyware in an unwanted piggy bank program -transmits information -tracking cookies -keystroke logger -many anti spyware packages are available ex: spyware, viruses, worms, trojan horses

Four main security concerns with mobile devices

-keeping them from being stolen -keeping data secure in case they are stolen -finding a device if it is stolen

Occurs when a thief steals personal information and poses as you

-most financially damaging cybercrime for individuals

Passwords and biometrics

-need strong passwords -password strengths tests -operating systems have built in password protection -managing passwords -fingerprinters -iris pattern in eye -voice authentication -face pattern recognition -provide a high level of security

Denial of service attack (DoS)

-occurs when legitimate users are denied access to a computer system because a hacker is repeatedly making requests of that computer system that tie up its resources and deny legitimate users access

Power surges

-old or faulty wiring -downed power lines -lightning strikes -malfunctions at electric company substations

Quarantining

-placing virus in a secure area so it wont spread to other files

Classified by methods used to avoid detection

-polymorphic viruses changes their code or periodically rewrites themselves to avoid detection -multipartite viruses are designed to infect multiple file types -stealth viruses temporarily erase their code from the files where they reside and hide in active memory

Privacy tools

-private browsing -inprivate -incognito

Virus basics

-program that attaches to a computer program to spread to other computers -main purpose-replicate itself and copy its code into as any other host files as possible -secondary objectives can e destructive -smartphones, tablets, and other devices can reinfected with viruses

Inoculation

-records key attributes about your computer files and keeps stats in secure place -A process used by antivirus software; compares old and current qualities of files to detect viral activity

Surge protector

-replace every 2-3 years -use with all devices that have solid state components -A device that protects computers and other electronic devices from power surges

Protecting your personal information

-reveal as little information as possible -in facebook change your privacy settings

Virtual private networks (VPNs)

-secure networks that are established using the public internet infrastructure

Popular programs

-symantec -kaspersky -AVG -mcafee

Scareware

-type of malware thats downloaded onto your computer -attempts to convince you something is wrong...and to pay money to fix it

Types of hackers

-white hate (ethical hackers) -black hat hackers -grey hat hackers

Packet analyzer (sniffer)

A computer hardware device or software program designed to detect and record digital info being trasmittied over a network

Virus

A computer program that attaches itself to another computer program and attempts to spread itself to other computers when files are exchanged

Logic bomb

A computer virus that runs when a certain set of conditions is met such as when a program is launched a specific number of times

Backups

A copy of a computer file that can be used to replace the original if its lost or damaged

Image backup (system backup)

A copy of an entire computer system created for restoration purposes

Biometric authentication device

A device that uses some unique characteristics of human biology to identify authorized users

Personal firewall

A firewall specifically designed for home networks

Botnet

A large group of software applications that run without user intervention on a large number of computers

Encryption viruses

A malicious program that searches for common data files and compresses them into a file using a complex encryption key, thereby rendering the files unusable

Virus signature

A portion of the virus code thats unique to a particular computer virus and that makes it identifiable by antivirus software

Packet filtering

A process in which firewalls are configured so that they filter out packets sent to specific logical ports

Network address translation (NAT)

A process that firewalls use to assign internal internet protocol addresses on a network

Multifactor authentication

A process that requires two of the three assigned factors be demonstrated before authentication is granted

Worm

A program that attempts to travel between systems through network connections to spread infections. They can run independently of host file execution and are active in spreading themselves

Master boot record

A small program that runs whenever a computer boots up

Cookies

A small text file that some websites automatically store on a client computers hard drive when a user visits the site

Firewall

A software program or hardware device designed to prevent unauthorized access to computers or networks

Whole house surge protector

A surge protector thats installed on the breaker panel of a home and that protects all electronic devices in the home from power surges

Spear phishing

A targeted phishing attack that sends emails to people known to be customers of the company. Such attacks have a much greater chance of successfully getting individuals to reveal sensitive data

Incremental backups

A type of backup that only backs up files that have changed since the last time files were backed up

Logical ports

A virtual communications gateway or path that enable a computer to organize requests for info from other networks or computers

Boot sector virus

A virus that replicates itself into the master boot record of a flash drive or hard drive

Macro virus

A virus thats distributed by hiding it inside a macro

Time bomb

A virus thats triggered by the passage of time or on a certain date

Email virus

A virus transmitted by email that often uses address book in the victims email system to distribute itself

Phishing

Process of sending emails to lure people into reveling information

Adware

Program that downloads on your computer when a user installs a freeware program, game, or utility. Generally, enables sponsored advertisements to appear in a section of a browser window or as a pop up ad

Antivirus Software

Software specifically designed to detect viruses and protect a computer and files from harm

Stealth virus

Temporarily erases its code from the files where it resides and hides in the active memory of the computer

Identity theft

The process by which someone uses personal information about someone else to assume the victims identity for the purpose of defrauding another

Drive by download

The use of malicious software to attack a computer by downloading harmful programs onto a computer, without the users knowledge, while they are surfing a website

Keystroke logger (keylogger)

Type of spyware program that monitors keystrokes with the intent of stealing passwords , login ids, or credit card info

Data breach

When sensitive or confidential info is copied transmitted, or viewed by an individual who is not authorized to handle the data

White hat hackers (ethical hackers)

break in to systems for non malicious reasons such as to test system security or to expose weaknesses. They believe in making security vulnerabilities known either to the company that owns the system..often to embarrass a company into fixing a problem

Zombies

computers that a hacker controls who uses it to launch attacks on other computer systems

Pretexting

involves creating a scenario that sounds legitimate to convince someone to divulge info

Cyberloafing (cyberslacking)

Doing anything with a computer thats unrelated to a job while ones supposed to be working

Program files

Include files used to install software. Most manufacturers allow you to redownload the installation files if you need to reinstall the program, but some don't or charge you an extra fee for that service. Make sure you have your own backup of your system protects you in either case

Data files

Includes files you've created or purchased such as research papers, spreadsheets, music and photo files, and contact list etc

Portable privacy devices

IronKey personal flash drives

Example of free software

alarm.com

Backdoor programs and rootkits

allow hackers to gain access to your computer without the legitimate users knowledge or permission

Trojan horses

appear to be useful but run malicious code in the background without the users knowledge

Spam

unwanted or junk email