We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAlyson O'Grady
Modified over 2 years ago
Chapter 6 Computer Fraud and Abuse Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-1
Learning Objectives Compare and contrast computer attack and abuse tactics. Explain how social engineering techniques are used to gain physical or logical access to computer resources. Describe the different types of malware used to harm computers. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-2
Computer Attacks and Abuse Hacking Unauthorized access, modification, or use of a computer system or other electronic device Social Engineering Techniques, usually psychological tricks, to gain access to sensitive data or information Used to gain access to secure systems or locations Malware Any software which can be used to do harm Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-3
Types of Computer Attacks BotnetRobot Network Network of hijacked computers Hijacked computers carry out processes without users knowledge Zombiehijacked computer Denial-of-Service (DoS) Attack Constant stream of requests made to a Web-server (usually via a Botnet) that overwhelms and shuts down service Spoofing Making an electronic communication look as if it comes from a trusted official source to lure the recipient into providing information Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-4
Types of Spoofing sender appears as if it comes from a different source Caller-ID Incorrect number is displayed IP address Forged IP address to conceal identity of sender of data over the Internet or to impersonate another computer system Address Resolution Protocol (ARP) Allows a computer on a LAN to intercept traffic meant for any other computer on the LAN SMS Incorrect number or name appears, similar to caller-ID but for text messaging Web page Phishing (see below) DNS Intercepting a request for a Web service and sending the request to a false service Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-5
Hacking Attacks Cross-Site Scripting (XSS) Unwanted code is sent via dynamic Web pages disguised as user input. Buffer Overflow Data is sent that exceeds computer capacity causing program instructions to be lost and replaced with attacker instructions. SQL Injection (Insertion) Malicious code is inserted in the place of query to a database system. Man-in-the-Middle Hacker places themselves between client and host. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-6
Additional Hacking Attacks Password Cracking Penetrating system security to steal passwords War Dialing Computer automatically dials phone numbers looking for modems. Phreaking Attacks on phone systems to obtain free phone service. Data Diddling Making changes to data before, during, or after it is entered into a system. Data Leakage Unauthorized copying of company data. Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-7
Hacking Embezzlement Schemes Salami Technique Taking small amounts from many different accounts. Economic Espionage Theft of information, trade secrets, and intellectual property. Cyber-Bullying Internet, cell phones, or other communication technologies to support deliberate, repeated, and hostile behavior that torments, threatens, harasses, humiliates, embarrasses, or otherwise harms another person. Internet Terrorism Act of disrupting electronic commerce and harming computers and communications. Internet Misinformation Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-8
Hacking for Fraud Internet Misinformation Using the Internet to spread false or misleading information Internet Auction Using an Internet auction site to defraud another person Unfairly drive up bidding Seller delivers inferior merchandise or fails to deliver at all Buyer fails to make payment Internet Pump-and-Dump Using the Internet to pump up the price of a stock and then selling it Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-9
Social Engineering Techniques Identity Theft Assuming someone elses identity Pretexting Inventing a scenario that will lull someone into divulging sensitive information Posing Using a fake business to acquire sensitive information Phishing Posing as a legitimate company asking for verification type information: passwords, accounts, usernames Pharming Redirecting Web site traffic to a spoofed Web site. Typesquatting Typographical errors when entering a Web site name cause an invalid site to be accessed Tabnapping Changing an already open browser tab Scavenging Looking for sensitive information in items thrown away Shoulder Surfing Snooping over someones shoulder for sensitive information Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-10
More Social Engineering Lebanese Loping Capturing ATM pin and card numbers Skimming Double-swiping a credit card Chipping Planting a device to read credit card information in a credit card reader Eavesdropping Listening to private communications Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-11
Type of Malware Spyware Secretly monitors and collects personal information about users and sends it to someone else Adware Pops banner ads on a monitor, collects information about the users Web-surfing, and spending habits, and forward it to the adware creator Key logging Records computer activity, such as a users keystrokes, s sent and received, Web sites visited, and chat session participation Trojan Horse Malicious computer instructions in an authorized and otherwise properly functioning program Time bombs/logic bombs Idle until triggered by a specified date or time, by a change in the system, by a message sent to the system, or by an event that does not occur Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-12
More Malware Trap Door/Back Door A way into a system that bypasses normal authorization and authentication controls Packet Sniffers Capture data from information packets as they travel over networks Rootkit Used to hide the presence of trap doors, sniffers, and key loggers; conceal software that originates a denial-of-service or an spam attack; and access user names and log-in information Superzapping Unauthorized use of special system programs to bypass regular system controls and perform illegal acts, all without leaving an audit trail Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 6-13
Computers Are Your Future Chapter 9: Privacy, Crime, and Security 1.
Information Technology INT1001 Lecture 12 Privacy, Crime & Security 1.
Securing Information Systems The Challenge of the Digital Edge Management Information Systems Daniel Haryanto
Common types of online attacks Dr.Talal Alkharobi.
SECURITY AWARENESS. The Importance of Security Awareness Training Security Awareness Training provides the knowledge to protect information systems and.
Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
ING Fraud Collection GPCE Credit Union has arranged a collection of scams, outlining the most prevalent financial scams. We want our members to be aware,
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
McGraw-Hill/Irwin Copyright © 2008, The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin Copyright © 2008 The McGraw-Hill Companies, Inc.
Computer Vulnerabilities 1. 1.Overview 2. 2.Threats to Computer Systems 3. 3.How Hackers Work 4. 4.Using the Internet Securely 5. 5.How We Make It Easy.
Wichita Public Library Rex Cornelius Electronic Resources Webliography online at:
Security Threats and Protection Mechanisms. Learning Objectives Internet security issues (intellectual property rights, client, communication channels,
CWSP Guide to Wireless Security Active Wireless Attacks.
12/01/ Protection of Information Assets (25%) 3. Protection of Information Assets 3. Protection of Information Assets (25%) Protecting Personal &
Ethical Hacking Module V System Hacking. EC-Council Module Objective Understand the following Remote password guessing Eavesdropping Denial of Service.
Computer Security What to Know and What to Do Presented to CUGG 10/2005 2/2012 Jamie Leben IT-Works Computer Services
Chapter 11 E-COMMERCE SECURITY. Chapter 10 Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall1 Learning Objectives Explain EC-related.
Security Presented by: Mark Davis & Shahein Moussavi.
Parenting the Online Child. Your Child Is on the Internet The Internet is a wonderful research tool. Reliance on the Internet in schools has grown rapidly.
Logical IT Security By Prashant Mali.
Copyright © 2011 Pearson Education, Inc. publishing as Prentice Hall 14-1 MANAGING INFORMATION TECHNOLOGY 7 th EDITION CHAPTER 14 INFORMATION SECURITY.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Computers Are Your Future Twelfth Edition Chapter 6: The Internet and the World Wide Web Copyright © 2012 Pearson Education, Inc. Publishing as Prentice.
CSCI-235 Micro-Computer in Science Privacy & Security.
Computer Concepts 2014 Chapter 7 The Web and .
Computer Security What to Know and What to Do Presented to CUGG Jamie Leben IT-Works Computer Services
Mount Auburn Hospital Information Security Awareness Training How to protect electronic information at work and at home.
HOW TO PROTECT YOURSELF, YOUR COMPUTER, AND OTHERS ON THE INTERNET
Learning Objectives 13.1 Explain how businesses benefit from the use of information technology (IT) Describe the components that enable IT– networks,
© 2016 SlidePlayer.com Inc. All rights reserved.