Transcript Security Risks - Bannerman High School

Security Risks
•
•
•
•
•
•
•
Viruses, worms, Trojans
Hacking
Spyware, phishing
Keylogging
Online fraud
Identity theft
DOS (Denial of Service attacks
Virus
• A computer virus is a program that will
damage your computer
• Once into your computer system it will attach
itself to another program and reproduce itself
• Examples of the destructive effects of a virus:
– data corrupted or deleted, the screen display
malfunction, hard drive spinning, computer
freezes, unexpected messages or sounds
Worm
• A computer worm is a malicious program that
multiplies once it is in your computer.
• It can multiply so many times that it can fill up
your computer’s memory and backing storage
and slow the system ,or even a whole
network, right down!
Trojan
• Trojans are programs that pretend to be
something like a game, a small application, a
tool for maintaining your computer.
• Once you run the Trojan program it will
damage your computer system.
• They are often found in e-mail attachments
and are .exe files.
Hacking
• A hacker is someone who gains unauthorised
access to a computer system.
• Hackers usually use networks to get into
computer systems.
• They ‘break’ or steal passwords to gain access
then copy, steal, delete, corrupt data.
Anti-virus software
• Anti-virus software can detect and destroy
lots of viruses worms and trojans.
• Anti-virus software has a database of all
viruses. worms and trojans which they must
keep up to date or a regular basis.
• They will then scan your computer, locate
and destroy the viruses worms and trojans
Anti-Virus
Spyware
• Spyware is a program that steals information
from your computer e.g.
-mail messages, usernames, passwords, bank details.
• It then sends this information across the internet
to the person who sent the spyware.
• How does it get into your computer?
– E-mail attachments,
– Hidden inside another program that you install.
• If you don’t stop the spyware all your personal
details and passwords can be stolen!
Phishing
• Phishing is a technique used by criminals tour
personal information such as ID & password,
bank details, phone number, address etc..
• Phishers use e-mails pretending to be from e.g.
your bank, from Ebay from Pay-Pal to get you to
give them your details.
• They can even pretend to be someone who wants
to give you money, but first you have to give
them your bank details.. Then they steal from
you!
Keylogging
• A keylogger is a program designed to track and
monitor user keystrokes, often used to steal
passwords, credit card numbers.
• Keyloggers work unseen by the user, often by
acting as software driving thekeyboard
• The information gathered is often then
uploaded to a website, a server or an e-mail
address.
Keylogger
Using a keylogger you can:
online fraud
• Criminals use websites, online messages, or
“spam” e-mails can reach large numbers of
people easily.
• Their fake messages and websites look real and
credible and can convince people to part with
their money.
• Examples: bogus investment schemes, spreading
false information to boost share prices, fake prize
giving schemes, news that you have inherited
money, bargain selling websites
Online fraud
• All on line fraud schemes want to get money
from you
• They will try
– to get your bank details
– to get enough personal information to open
accounts in your name
– get you to send cash directly
Identity theft
• Stealing your personal details such as bank
account details, national insurance number,
date of birth, address etc
• This enables the thief to pretend to be you
and e.g. open bank accounts, get a credit card,
buy on-line, withdraw cash
Denial of Service Attacks
• There are two main types of DOS
• Attacks which consume so many network
resources such as processors, disk space,
memory, network connections, routers, that
there is none left for users
• Attacks on a specific network resource e.g.
disabling a file server.
Methods used in Denial of Service
Attacks
• Resource starvation. This means using up a
network resource so that legitimate users can’t
access it. A good example is when the DOS attack
sends corrupt packets of data to a network filling
up the storage area so it can’t handle any more
network traffic
• Bandwidth consumption. This means flooding
the network with senseless data. : e.g. An
example of this is flooding an e-mail server with
messages until it crashes.
Methods used in Denial of Service
Attacks
• Using weaknesses in networking software,
making a server crash by targeting a design
flaw in the operating system
• Attacking the routers. Sending streams of
corrupted packets aimed at routers to divert
them from routing data through a network.
Security precaution: Passwords
• A Password need to be secure! Tips:
• Make it at least 8 letters long
• Use a combination of UPPER and lower case
letters, numbers and punctuation e.g
Baw% Heid34&
• Don’t write it down and leave it lying about
• Change it frequently
Security precaution: Encryption
Security precaution: Encryption
• Ecryption: protecting sensitive data by using
codes.
• In order to read an encrypted data you need
the Key to the code
• You can encrypt data held on a storage device
such as a hard drive: this would mean that any
data that a hacker stole would be meaningless
to them
Security precaution: Encryption
• Data being sent across networks is vulnerable to
hacking so:
– Encrypting data being sent across networks is a sensible
precaution e.g. when paying for something bought on-line
you have to send your card details.
– Websites that collect your card details should have https in
their address: that means they are using encryption to send
your information.
Security precaution: Biometrics
• Biometrics: security using technology to
recognise physical characteristics such as:
– Fingerprints, the eye retina, a face, a voice.
• Firstly the data on a person is input and stored
into the computer e.g:
– A copy of their fingerprints, images of their face,
an image of the retina in their eye, a recording of
their voice
Security precaution: Biometrics
• Before it allows a person access, the
computer system
– Scans their fingerprints
– Takes a picture of their face
– Takes a picture of their eye retina
– Takes a recording of their voice
• The compares it to the data held in its
memory
• If there is a match then access is granted
Security protocols
• A security protocol is a method of protecting data
being sent across networks
• Commonly used protocols are
– Secure File Transfer Protocol (SFTP)
– Secure Hypertext Transfer Protocol (HTTPS)
– Secure Socket Layer (SSL).
These protocols carry out functions such as:
– Authenticating the sender and receiver of the data
– Managing the encryption of the data ( including the keys)
– Making sure that the data arrives intact and has not been
tampered with.
Security precaution: Firewall
• A firewall is a system designed to check the data
coming into or going out of a network.
• It :
– only allows access to authorised users and applications
– prevents unauthorised access to a network.
• On a small network e.g. a home network it will be
implemented using software.
• On a larger network it may involve using a dedicated
computer as well as software.
• The firewall software will often be provided by a
security suite or, it might be provided by the operating
system
Firewall
Security Suite
• A Security Suite is a set of programs are
designed to protect your computer from a
wide range of threats such as: viruses, trojans,
spyware, identity theft, fake websites
• They can even provide firewalls and software
to ‘tune up’ your system performance.
Security Suite
Security Suite
Checking websites
Security Suite
• Not all security suites provide the same
features and when you are choosing between
them you should ask the following questions
– Does the suite protect from every type of threat?
– How effective is the suite at protecting your
computer?
– How easy is it to use?
– Does it offer additional support and helpful
resources?
– How often is it updated?
Security Suite
Check out these websites to compare security suites
http://internet-security-suite-review.toptenreviews.com/
http://www.pcmag.com/article2/0,2817,2369749,00.asp