Viruses, Worms, Trojan Horses, Spoofing, Identity Theft, and Unauthorized Computer Access

Symmetric key encryption

The sender and receiver share a single encryption key. A typical key is 128 bits long. The sharing may expose the key to outsiders.

Firewall

is a combination of hardware and software that controls the flow of incoming and outgoing network traffic. Is between internal networks and external networks. Acts like a gatekeeper who examines each data packet and determine whether it should be allowed through or not.

Identity Theft

is a crime in which an imposter obtains key pieces of personal information, such as SSN, driver's license number, or credit card numbers, to impersonate someone else. ~Phishing ~Evil twins ~Pharming

Security

refers to the policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft,or physical damage to information systems.

worms

self-replication programs that run independently and travel across network connections. -Do not need to attach themselves to other software programs or data files. -Execute without user action. -Spread from computer to computer through networks. -Consume too much system memory and network bandwidth, causing servers and computers to stop responding, or even modify or destroy files.

Why systems are vulnerable

-unauthorized access, abuse, or fraud is not limited to a single location. -Threats can stem for technical, organizational, and environmental factors. -Domestic or offshore partnering adds to system vulnerability.

Pharming

A hacker's attack intended to redirect users to a bogus website, even when the individual types the correct website address into his or her browser. Can be conducted either by changing the hosts file on a victim's computer or by modifying domain name system (DNS) table in a server.

Digital certificates

Are data files used to establish the identity of users and electronic assets for protection of online transactions. Use a trusted third party - certificate authority (CA). CA verifies a digital certificate user's identity offline. The recipient uses the CA's public key to decode the digital certificate and uses the sender's public key to create an encrypted reply.

Hackers

Are individuals who intend to gain unauthorized access to a computer system. Are often used to denote persons with criminal intent. Hacker activities include theft of goods and information, as well as system damage. Hide their true identities often spoof themselves by using fake email address or masquerading as someone else.

Evil twins

Are wireless networks that pretend to offer trustworthy Wi-Fi connections to the Internet. Look identical to a legitimate public networks as those in airport lounges, hotels, or coffee shops. Are used to capture personal information from users who log on to the network.

Computer Attacks

Computer attacks are actions directed against computer systems to disrupt equipment operations, change processing control, or corrupt stored data. Different attacks target different vulnerabilities and involve different methods and techniques: ~Denial of Service Attack ~Spoofing ~Sniffing ~Identity theft

Anti-malware software

Detects and removes or quarantines malicious codes. Must be updated regularly and kept running all the time. Protects users against virus, worms, spyware, adware, cookies, pop-up ads, etc. Examples: Norton 360 and McAfee Antivirus.

Phishing

Is a technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails. These emails look as they come from legitimate businesses like Microsoft, PayPal, Bank of America, with official-looking formats and logos. These emails typically ask for verification of important information like passwords and account numbers.

Encryption

Is the process of transforming plain text or data into cipher text that can not be read by anyone other than the sender and the intended receiver. Scramble the contents of a file. Symmetric key encryption and public key encryption.

Public key encryption

Two keys: one public and one private. Encrypt with public key and decrypt with private key. The sharing may expose the key to outsiders.

Trojan Horse

a security-breaking program that is disguised as a legitimate program with the purpose of granting a hacker unauthorized access to a computer. ~Do not replicate. ~Do not need to attach themselves to other software programs or data files. ~Create a backdoor on a computer that gives malicious users access to the system. ~Is often a way for viruses or other malicious code to be introduced into a computer system. ~Steal confidential information, delete files, or destroy documents

Virus

a small unit of code embedded in a file or program that when executed will replicate itself and may cause damage to infected computers. -Attach itself to other software programs or data files. -Execute when its host file opens. -Spread from computer to computer via the host file. -Maybe highly destructive-destroying programs, clogging computer memory, or reformatting hard drive.

Acceptable use policy (AUP)

defines acceptable uses of a firm's information resources and computing equipment.

Spyware

is a type of malware that performs unwanted behaviors without user knowledge or permission, such as: -Advertising -Collecting personal information -Changing the configuration of your computer -Offers outsiders the possibility of invading privacy and stealing personal identity. -One of the most common forms of spyware is Trojan Horse.

MALicious softWARE (malware)

is any unwanted software that disrupt computer operation, gather sensitive information, or gain access to private computer systems. -Malware includes computer virus, worms, spyware, trojan horse and other malicious programs.