Chapter 9 protecting your digital data and devices
Distributed denial of service attack (DDoS)
An automated attack that launched from more than one zombie computer at the same time
Spam filter
An option you can select in your email account that places known or suspected spam messages into a folder other than your inbox
Spyware
An unwanted piggybank program that downloads with the software you want to install from the internet and then runs in the background of your system
Cybercrime
Any criminal action perpetrated primarily through the use of a computer
Hacker
Anyone who unlawfully breaks into a computer system
Grey hat hackers
Are a bit of a cross between black and white. They often illegally break into systems merely to flaunt their expertise to the administrator of the system or to attempt to sell their services in repairing security breaches
Black hat hackers
Break into systems to destroy info or for illegal gain.
Polymorphic virus
Changes its virus signature every time it infects a new file. This makes it more difficult for antivirus programs to detect the virus
Full backup
Create a copy of all your application and data files
Script
List of commands that can be executed on a computer without user interaction
Multipartite virus
Literally meaning "multipart" virus a type of computer virus that attempts to infect computers using more than one method
Pharming
Malicious code planted on your computer to gather information
Exploit kits
-A software toolkit used to take advantage of security weaknesses found in apple or operating system usually to deploy malware -software that runs on servers searching or vulnerablities -logical ports are virtual, not physical, communications paths
Online annoyances
-Spam (juk email) -tactics to minimize spam (spam filter) -cookies are small text files received the you visit a website -help companies determine the effectiveness of their marketing -do not search your hard drive for personal information -may invade your privacy -pose no security threat
Backing up your data
-backups are copies of files used to replace the originals if they're lost or damaged
Types of viruses
-boot sector viruses -logic bombs and time bombs -worms -script and macro viruses -email viruses -encryption viruses
Logical port blocking
-completely refuses requests from the internet asking for access to specific ports -A condition in which a firewall is configured to ignore all incoming packets that request access to a certain port so that no unwanted requests will get through to the computer
Types of scams
-counterfeiting credit and debit cards -requesting changes of address -open new credit cards -obtaining medical services -buying a home
Identity theft and hackers
-cybercrime -cybercriminals -common types of cybercrime
Files to backup
-data files -program files
Hacking
-defined as anyone who unlawfully breaks into a computer system -packet analyzer (sniffer) -keylogger -DDoS -Botnet (large group of software running on zombie computers)
Antivirus software
-detects viruses and protects your computer
Social engineering
-entices individuals to reveal sensitive information is any technique using social skills to generate human interaction
Types of backups
-full -incremental -image
Malware
-has malicious intent -adware displays sponsored advertisements -spyware in an unwanted piggy bank program -transmits information -tracking cookies -keystroke logger -many anti spyware packages are available ex: spyware, viruses, worms, trojan horses
Four main security concerns with mobile devices
-keeping them from being stolen -keeping data secure in case they are stolen -finding a device if it is stolen
Occurs when a thief steals personal information and poses as you
-most financially damaging cybercrime for individuals
Passwords and biometrics
-need strong passwords -password strengths tests -operating systems have built in password protection -managing passwords -fingerprinters -iris pattern in eye -voice authentication -face pattern recognition -provide a high level of security
Denial of service attack (DoS)
-occurs when legitimate users are denied access to a computer system because a hacker is repeatedly making requests of that computer system that tie up its resources and deny legitimate users access
Power surges
-old or faulty wiring -downed power lines -lightning strikes -malfunctions at electric company substations
Quarantining
-placing virus in a secure area so it wont spread to other files
Classified by methods used to avoid detection
-polymorphic viruses changes their code or periodically rewrites themselves to avoid detection -multipartite viruses are designed to infect multiple file types -stealth viruses temporarily erase their code from the files where they reside and hide in active memory
Privacy tools
-private browsing -inprivate -incognito
Virus basics
-program that attaches to a computer program to spread to other computers -main purpose-replicate itself and copy its code into as any other host files as possible -secondary objectives can e destructive -smartphones, tablets, and other devices can reinfected with viruses
Inoculation
-records key attributes about your computer files and keeps stats in secure place -A process used by antivirus software; compares old and current qualities of files to detect viral activity
Surge protector
-replace every 2-3 years -use with all devices that have solid state components -A device that protects computers and other electronic devices from power surges
Protecting your personal information
-reveal as little information as possible -in facebook change your privacy settings
Virtual private networks (VPNs)
-secure networks that are established using the public internet infrastructure
Popular programs
-symantec -kaspersky -AVG -mcafee
Scareware
-type of malware thats downloaded onto your computer -attempts to convince you something is wrong...and to pay money to fix it
Types of hackers
-white hate (ethical hackers) -black hat hackers -grey hat hackers
Packet analyzer (sniffer)
A computer hardware device or software program designed to detect and record digital info being trasmittied over a network
Virus
A computer program that attaches itself to another computer program and attempts to spread itself to other computers when files are exchanged
Logic bomb
A computer virus that runs when a certain set of conditions is met such as when a program is launched a specific number of times
Backups
A copy of a computer file that can be used to replace the original if its lost or damaged
Image backup (system backup)
A copy of an entire computer system created for restoration purposes
Biometric authentication device
A device that uses some unique characteristics of human biology to identify authorized users
Personal firewall
A firewall specifically designed for home networks
Botnet
A large group of software applications that run without user intervention on a large number of computers
Encryption viruses
A malicious program that searches for common data files and compresses them into a file using a complex encryption key, thereby rendering the files unusable
Virus signature
A portion of the virus code thats unique to a particular computer virus and that makes it identifiable by antivirus software
Packet filtering
A process in which firewalls are configured so that they filter out packets sent to specific logical ports
Network address translation (NAT)
A process that firewalls use to assign internal internet protocol addresses on a network
Multifactor authentication
A process that requires two of the three assigned factors be demonstrated before authentication is granted
Worm
A program that attempts to travel between systems through network connections to spread infections. They can run independently of host file execution and are active in spreading themselves
Master boot record
A small program that runs whenever a computer boots up
Cookies
A small text file that some websites automatically store on a client computers hard drive when a user visits the site
Firewall
A software program or hardware device designed to prevent unauthorized access to computers or networks
Whole house surge protector
A surge protector thats installed on the breaker panel of a home and that protects all electronic devices in the home from power surges
Spear phishing
A targeted phishing attack that sends emails to people known to be customers of the company. Such attacks have a much greater chance of successfully getting individuals to reveal sensitive data
Incremental backups
A type of backup that only backs up files that have changed since the last time files were backed up
Logical ports
A virtual communications gateway or path that enable a computer to organize requests for info from other networks or computers
Boot sector virus
A virus that replicates itself into the master boot record of a flash drive or hard drive
Macro virus
A virus thats distributed by hiding it inside a macro
Time bomb
A virus thats triggered by the passage of time or on a certain date
Email virus
A virus transmitted by email that often uses address book in the victims email system to distribute itself
Phishing
Process of sending emails to lure people into reveling information
Adware
Program that downloads on your computer when a user installs a freeware program, game, or utility. Generally, enables sponsored advertisements to appear in a section of a browser window or as a pop up ad
Antivirus Software
Software specifically designed to detect viruses and protect a computer and files from harm
Stealth virus
Temporarily erases its code from the files where it resides and hides in the active memory of the computer
Identity theft
The process by which someone uses personal information about someone else to assume the victims identity for the purpose of defrauding another
Drive by download
The use of malicious software to attack a computer by downloading harmful programs onto a computer, without the users knowledge, while they are surfing a website
Keystroke logger (keylogger)
Type of spyware program that monitors keystrokes with the intent of stealing passwords , login ids, or credit card info
Data breach
When sensitive or confidential info is copied transmitted, or viewed by an individual who is not authorized to handle the data
White hat hackers (ethical hackers)
break in to systems for non malicious reasons such as to test system security or to expose weaknesses. They believe in making security vulnerabilities known either to the company that owns the system..often to embarrass a company into fixing a problem
Zombies
computers that a hacker controls who uses it to launch attacks on other computer systems
Pretexting
involves creating a scenario that sounds legitimate to convince someone to divulge info
Cyberloafing (cyberslacking)
Doing anything with a computer thats unrelated to a job while ones supposed to be working
Program files
Include files used to install software. Most manufacturers allow you to redownload the installation files if you need to reinstall the program, but some don't or charge you an extra fee for that service. Make sure you have your own backup of your system protects you in either case
Data files
Includes files you've created or purchased such as research papers, spreadsheets, music and photo files, and contact list etc
Portable privacy devices
IronKey personal flash drives
Example of free software
alarm.com
Backdoor programs and rootkits
allow hackers to gain access to your computer without the legitimate users knowledge or permission
Trojan horses
appear to be useful but run malicious code in the background without the users knowledge
Spam
unwanted or junk email