Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy

Slides:



Advertisements
Similar presentations
Protect your PC virus, worm, Trojan horse, phishing, spam, botnet and zombies, spoofing, social engineering, identity theft, spyware, rootkits Click.
Advertisements

Ethics, Privacy and Information Security
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
Cyber check Do you work safely and responsibly online? Do you know about the risks to your cyber security? What are your online responsibilities ? How.
Information Security Management
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Identity Theft and Safe Computing Keeping yourself You by good habits and good technology.
Computer Security 1 Keeping your computer safe. Computer Security 1 Computer Security 1 includes two lessons:  Lesson 1: An overview of computer security.
MOBILE MALWARE TOPIC #5 – INFORMATION ASSURANCE AND SECURITY Michael Fine 1.
Chapter Nine Maintaining a Computer Part III: Malware.
Securing Your Home Computer Presenter: Donnie Green Date: February 11, 2009 National Aeronautics and Space Administration
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Computer security virus, hacking and backups. Computer viruses are small software programs that are designed to spread from one computer to another.
Our Digital World Second Edition
Securing Information Systems
Protecting Yourself Online (Information Assurance)
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Safe computing and Malware Presentation done by Tylor Hardwick, Alex Gilsdorf, Code Forrester, Xander Winans.
CHAPTER 4 Information Security. CHAPTER OUTLINE 4.1 Introduction to Information Security 4.2 Unintentional Threats to Information Security 4.3 Deliberate.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
© Paradigm Publishing Inc. 8-1 Chapter 8 Security Issues and Strategies.
CHAPTER 4 Information Security. Key Information Security Terms Information Security refers to all of the processes and policies designed to protect an.
Unit 19 INTERNET SECURITY
Malware  Viruses  Virus  Worms  Trojan Horses  Spyware –Keystroke Loggers  Adware.
Security Chapter 8 Objectives Societal impact of information and information technology –Explain the meaning of terms related to computer security and.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
1.1 System Performance Security Module 1 Version 5.
Internet Security facilities for secure communication.
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.
Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.
IT security By Tilly Gerlack.
Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.
Technology in Action Alan Evans Kendall Martin Mary Anne Poatsy Twelfth Edition.
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
Computer Concepts – Illustrated 8th edition
Introduction to ITE Chapter 9 Computer Security. Why Study Security?  This is a huge area for computer technicians.  Security isn’t just anti-virus.
Caring for Technology Malware. Malware In this Topic we examine: v Viruses (or Malware) v Virus Detection Techniques v When a Virus is Detected v Updating.
Chapter 8 Computers and Society, Security, Privacy, and Ethics
Chapter 18 Technology in the Workplace Section 18.2 Internet Basics.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Basic Security Networking for Home and Small Businesses – Chapter 8.
IT Essentials 1 Chapter 9 JEOPADY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
By: Jasmin Smith  ability to control what information one reveals about one’s self over the Internet.
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
Commission on Information and Communications Technology Cyber Security iSchools Project Team HUMAN CAPITAL DEVELOPMENT GROUP.
Computer Security Keeping you and your computer safe in the digital world.
Network System Security - Task 2. Russell Johnston.
Securing Information Systems
Hotspot Shield Protect Your Online Identity
Instructor Materials Chapter 7 Network Security
Cyber Security By: Pratik Gandhi.
Securing Information Systems
Risk of the Internet At Home
Reconnaissance Report Trillium Technologies
Staying safe on the internet
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Networking for Home and Small Businesses – Chapter 8
Presentation transcript:

Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy Our Digital World Chapter 8 Digital Defense: Securing Your Data and Privacy Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

This chapter will help you to: Recognize risks of a networked computer. Explain types of malware and anti-malware tools. Identify a trusted online site. Understand security risks of mobile devices. Identify risks to hardware and software in the workplace. By the time you finish this chapter, you’ll know how to: Bullet 1: Recognize and protect against risks that are associated with operating a computer connected to a network, including the Internet. These risks might include threats that modify your computer settings or access your saved data. Bullet 2: You’ll be able to explain the different types of malware, including computer viruses and spyware. You’ll discover the role of antivirus software and antispyware in protecting your computer from different kinds of attacks. Bullet 3: It’s important that you know how to identify a trusted website so that you only visit and do business with reputable companies. This can go a long way towards helping you avoid downloading dangerous malware to your computer. Bullet 4: You’ll learn about the unique security risks when you use a mobile phone. Bullet 5: Finally, companies can defend against threats to their valuable data and physical damage to their computers if a natural disaster occurs. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Main Topics 8.1 The Role of Security and Privacy in Your Digital World 8.2 When Security Gets Personal 8.3 Mobile Security 8.4 Security at Work 8.5 Security Defenses Everybody Can Use The main topics covered in Chapter 8 are: Bullet 1: The Role of Security and Privacy in Your Digital World Bullet 2: When Security Gets Personal Bullet 3: Mobile Security Bullet 4: Security at Work Bullet 5: Security Defenses Everybody Can Use Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Why Should You Care? Digital information is valuable and at risk. Antivirus software alone isn’t enough. Save time and become less vulnerable. Bullet 1: You live in the information age. Because information has great value, it has become the target of criminals and can be used both for and against you. Bullet 2: Some people believe using antivirus software protects them from all risks. However, there are many reasons why your computer and your data are at risk. Antivirus software is only one part of a more complete protection solution. Bullet 3: Understanding the risks and taking appropriate precautions will help prevent a problem. Knowing what actions to take in the event of a problem will help you when fixing damage to your computer or files. In addition, you will feel more confident about your online activities. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

8.1 The Role of Security and Privacy in Your Digital World Chapter 8 8.1 The Role of Security and Privacy in Your Digital World Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

Understand Security Threats Chapter 8 Understand Security Threats Computer security protects your network and computers. Data loss prevention plan reduces risk. Various threats from malware. Several sources for threats. Bullet 1: Computer security involves protecting your home or business network or your individual computer from attack. These attacks can come as data theft, damage to your valuable data, or theft of your hardware. Bullet 2: Companies typically use a data loss prevention plan to help minimize the risk of losing data or having data stolen by malicious hackers, competitors, or disgruntled employees. Bullet 3: One source of damage to your data is malware, a category of software that includes various kinds of viruses, spyware, and adware. These malicious programs can wipe data from your computer, corrupt data, track your activities, or change security settings on your computer. Bullet 4: Who are these threats coming from? Sources include professional criminals, malicious hackers, and unethical companies that are interested in your activities and information. In addition, any Internet user could use your information to cyberbully you. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 The Secure PC Security breaches can be very costly. A 2009 study by Purdue University on the cost of corporate security abuses found that the cost to companies worldwide totaled one trillion dollars in just that year. The good news is that companies and individuals can take steps to keep data safe, as shown in this illustration. You can use firewall technology to keep intruders out of a network, give users strong passwords, and use junk email filters. In addition, it’s important for everyone to use common sense to avoid social engineering and phishing attacks which try to get you to reveal private information. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

Spotlight on the Future Chapter 8 Preparing for Cyber Attacks of the Future What is a self-healing system? How can individuals defend against cyber attacks? What is an electromagnetic pulse? Dr. S. Massoud Amin, director of the Technological Leadership Institute at the University of Minnesota, warns about future cyber attacks, including “multi-prong” events that combine chemical, biological, and computer communications attacks. He encourages interested students to go into the computer security field. Next slide Spotlight on the Future © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

Basic Tools of Computer Security Chapter 8 Basic Tools of Computer Security Authentication. Technology. User procedures. Bullet 1: Authentication involves the use of passwords or other unique identifiers, such as fingerprints or retinal scans (called biometrics) to identify individuals who are allowed access to a network or specific data. Bullet 2: Technology helps protect computer users with tools such as firewalls to keep intruders out of a network, antivirus software to detect computer viruses and remove them before they can do damage, or data encryption which makes data impossible to read by anybody without the right key. Bullet 3: Employees can put companies and data at risk, so it is vital to train users in the procedures that will keep valuable corporate data safe. Security measures include creating strong passwords, not downloading files from suspicious sites, and avoiding scams that give valuable access information to strangers. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 computer security data loss prevention (DLP) hacker authentication The section 8.1 terms to know are: computer security: Activities that protect the boundaries of your home or business network and individual computing devices from intruders. Also called information security. information security: See computer security. data loss prevention (DLP): Activities that minimize the risk of loss or theft of data from within a network. hacker: A person who gains unauthorized access to a computer or network and uses knowledge of computer technology and security settings for benign or malicious purposes. authentication: The use of passwords or other identifiers such as fingerprints to make sure that the people accessing information are who they claim to be. Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Ask Yourself… What aspect of computer security minimizes risk of loss or theft of data? damage loss plan data loss prevention requiring that all users log in with the same password None of the above Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

8.2 When Security Gets Personal Chapter 8 8.2 When Security Gets Personal Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

Protecting Home Networks Chapter 8 Protecting Home Networks Unprotected networks are vulnerable. Access point or router password protection. Encryption codes data. Bullet 1: Data is vulnerable as it is transmitted on a network. People can piggyback on your Internet connection, track your online activities, or hack into individual computers on the network. Bullet 2: You can protect your network by taking advantage of password protection built into network equipment such as routers and access points. Make sure to change the default password set by the manufacturer, because these passwords are often predictable. For example, a favorite password is the word password. Bullet 3: Use encryption to code data that you transmit so it is unreadable by anyone to whom you haven’t provided a key. Encryption scrambles a message, and you use a key to unscramble it. Two popular forms of encryption for home networks are Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Public Key Encryption Here’s how one form of encryption, called public key encryption, works: Your computer generates a public key, which you send to your friend. Your friend applies the key to encrypt a message and sends the message to you. Your computer applies a corresponding private key to decrypt the message. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

Understanding Malware Chapter 8 Understanding Malware Malicious software installs itself on your computer. Results include pop-ups, viruses, or tracking. Malware includes: Viruses Trojans Macro viruses and logic bombs Rootkits Spyware Adware Bullet 1: The term malware stands for malicious software. This type of program installs itself on your computer without your knowledge or consent. Malware may be created by unethical businesses, organized criminals, or malicious individuals. Bullet 2: Malware can be used to co-opt your computer to send spam, steal data, or make your computer more vulnerable to attack. Some malware can display annoying pop-up windows or track your every keystroke to steal your money or identity. Bullet 3: Several kinds of malware, including self-replicating viruses and Trojans, corrupt data. They might open a back door in your system allowing unauthorized users to enter, such as spyware and adware, that helps businesses sell to you or track your online activities. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Virus Attacks A computer virus is a type of computer program that can reproduce itself. Viruses duplicate when a user runs an infected program. As shown in this figure, if an email attachment with an infected virus is opened, it will infect the computer. If the email attachment is not opened, it will not infect the computer. © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Worm Attacks One type of malware is a worm. A worm is self-replicating. Unlike viruses, worms don’t need to be attached to another file to spread. If you have a worm on your system and power up your computer, the worm infects a network by sending copies of itself to every computer on the network, as shown in this illustration. Worms are often designed to clog up traffic on a network. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Trojan Horse The Trojan horse is malware that masquerades as a useful program. When it is run, the program opens a “back door” to your system, which allows hackers to gain access. © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Spyware and Adware Spyware spies on the activity of a computer users. Adware delivers ads. Bullet 1: Although spyware is intended to track the activity of a computer user, some spyware can have legitimate uses. For example, websites may use spyware to track your browsing habits in order to better target advertisements to you. It can also be used by businesses to track employee activities online. Bullet 2: Adware delivers ads, often in pop-up form. Revenue from adware can help pay for development expenses. © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

How Malware Uses Botnets Chapter 8 How Malware Uses Botnets Botnets are collections of co-opted computers called zombies. Malware has taken over these machines to cause denial-of-service attacks by overloading a network with messages or generating spam. Once installed on your computer, a botnet malware application allows a malicious hacker to control your computer. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 How Malware Is Spread Opening an email attachment that contains an executable file. Downloading a picture with a virus in it. Visiting an infected website. Sharing infected storage devices. Connecting to an infected network. Security threats are a reality, and it is important protect yourself from malware. Bullet 1: Malware can hide in email attachments. Bullet 2: In a single pixel of a photo image. Bullet 3: And on a website. Bullet 4: A virus can be shared through passing along storage devices. Bullet 5: If a network is infected, pick up a worm by connecting to that network. © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Email chain letters are used to deliver malware. Collect email addresses for spamming. Bullet 1: Be cautious if you receive a chain letter in your email inbox. Some may be just for fun, but many are used as vehicles to deliver malware. You may be sending an infection to your friends’ computers by forwarding a chain email. Bullet 2: Another use of email chain letters is to compile addresses for sending spam. The large addressee lists on some chain emails are harvested as the email travels. If you send a chain email, be safe. Copy the contents into a new message and put all the recipients’ addresses in the BCC field so they aren’t visible to spammers or each other. Next slide Playing It Safe © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

Recognizing Secure Sites Chapter 8 Recognizing Secure Sites Familiarity and accreditations. Transport Layer Security (TSL). Site advisors. Use of cookies. Occasionally, reputable sites may be used to pass along malware. By doing business with secure sites, you greatly increase your safety. Here are four items to look for when identifying a trusted site: Bullet 1: Retailers we know from the brick-and-mortar world can usually be trusted. Also, look for accreditations from organizations such as the online Better Business Bureau that certify the secure practices of the site. Bullet 2: When buying an item on a site, during the checkout process, the http: in the address line should change to https:. This indicates that the site uses the TSL (or Transport Layer Security) protocol to protect your purchase information. Bullet 3: Services such as McAfee Site Advisor rate sites based on their safety, using criteria such as privacy policies and reported incidences of downloading of malware. When you use a site advisor and perform a search, sites listed in the results have small icons next to them indicating their level of security. Bullet 4: A cookie is a file stored on your computer by a web server to track information about you and your online activities. Not all cookies are bad. Some companies use them to personalize or customize your shopping experience, for example. However, cookies can be misused, so check your browser settings to be sure you’re comfortable with the level of security for handling cookies. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Free offers really aren’t free. Risks of clicking on links in advertisements. Risks of clicking on email attachments. Bullet 1: It’s important to use common sense when browsing online. You know from your own experience that free offers often carry a hidden cost. The cost online could be dangerous downloads. Bullet 2: Avoid clicking on links in advertisements and emails. Instead, enter a URL to go to a site. Links sometimes take you to phony or untrustworthy sites that download malware to your computer. Bullet 3: Email attachments, especially those identified as executable files by an .exe extension, can download malware. Don’t click on or download an email attachment if you’re not expecting it or the sender is unknown. Next slide Defensive Browsing © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 encryption public key private key public key encryption Wi-Fi Protected Access (WPA) Wired Equivalent Privacy (WEP) The section 8.3 terms to know are: encryption: The process of using a key to convert readable information into unreadable information which prevents unauthorized access or usage. public key: A code key used in encryption. Creates an encrypted message that is decrypted by a private key. private key: A code key used in encryption for decrypting data that has been encrypted by a public key. public key encryption: A system of encrypting and decrypting data using a public key and private key combination. Wi-Fi Protected Access (WPA): An encryption standard used to protect data sent across a wireless network. Designed by the Wi-Fi Alliance to overcome the security limitations of Wired Equivalent Privacy (WEP). Wired Equivalent Privacy (WEP): An encryption standard used to protect data sent across a wireless network. An older and less secure technology than Wi-Fi Protected Access (WPA). Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 malware spam virus worm Trojan horse macro virus logic bomb virus (Continued) malware: Collectively, damaging computer programs such as viruses and spyware, which can display pop-up window advertisements, track your online activities, or destroy your data. spam: Mass emails sent to people who haven’t requested them, usually for the purpose of advertising or fraud. virus: A type of computer program placed on your computer without your knowledge. A virus can reproduce itself and spread from computer to computer by attaching to another, seemingly innocent, file. worm: A self-replicating computer program that sends out copies of itself to every computer on a network. Worms are usually designed to damage the network, often by clogging up the network’s bandwidth and slowing its performance. Trojan horse: Malware that masquerades as a useful program. When you run the program, you let this malware into your system. It opens a “back door” to your system for malicious hackers. macro virus: A virus that infects the data files of applications used frequently such as word processors and spreadsheets. logic bomb virus: A piece of code placed in a software system to set off a series of potentially damaging events if certain conditions are met. Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 rootkit botnet zombie spyware adware Transport Layer Security (TLS) cookie (Continued) rootkit: A set of programs or utilities for hackers to control a user’s hardware and software and monitor the user’s actions. botnet: A group of computers that have been compromised (zombies or bots) so they forward communications to a controlling computer. zombie: A computer compromised by malware that becomes part of a botnet and is used to damage or compromise other computers. Also called a bot. bot: See zombie. spyware: Software that tracks activities of a computer user without the user’s knowledge. adware: Software that is supported by advertising and is capable of downloading and installing spyware. Transport Layer Security (TLS): A protocol that protects data such as credit card numbers as they are being transmitted between a customer and online vendor or payment company. cookie: A small file stored on your computer by a web server to track information about you and your activities. Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Ask Yourself… When looking for a trustworthy retailer, it is best to follow an email link from a retailer that has a free offer. follow links in an advertisement to locate retailers that provide the item at a good price. enter the URL for a brick-and-mortar retail store. All of the above Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 8.3 Mobile Security Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Protecting a Laptop Use a lock. Use a fingerprint reader. Activate password protection. Company mobile computing policies. When you take your computer with you, you’re exposing it to several dangers. For example, someone could walk off with your valuable property and gain access to all the data stored on it. Bullet 1: To deter anyone from helping themselves to your laptop, consider physically securing it with a cable and a lock. For additional protection, you can use a service like LoJack to track your computer and allow you to remotely delete data in the event your computer is stolen. Bullet 2: Also, you might want to buy an external fingerprint reader for your laptop. Many newer laptops include fingerprint readers. Then only a person with your fingerprint (that is, you) can access information on the computer. Bullet 3: Another way to keep someone from your data is to activate a password feature in your operating system. Without your password, a thief would have a hard time getting into your user account. Bullet 4: Companies must establish a mobile computing policy so that their employees don’t put sensitive information at risk. Policies might require keeping backups of data on physical storage media or backing up data to an offsite location, for example. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

Using Public Wi-Fi Access Chapter 8 Using Public Wi-Fi Access Public computers aren’t protected. Avoid accessing financial accounts or making purchases. Bullet 1: Important protections are turned off so that the general public can access the Internet using a Wi-Fi hotspot. Malicious people can monitor your transactions and communications when you use a public network at an Internet café, hotel, or airport. Bullet 2: When using a public computer or a hotspot, avoid certain activities to protect yourself. Limit your use of online accounts, such as a credit card company or bank site. Also, if possible, refrain from buying things while using a hotspot. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Cell Phone Safety Cell phone theft. Exposure when using Bluetooth. Bullet 1: Cell phone theft is increasing. People who steal cell phones can make expensive international calls on your dime. They can access your contacts and other personal information stored on your phone, and then steal your identity. Some services provide protection, by clearing data on your phone’s SIM card or locking your phone so a password must be entered to unlock the keypad. Bullet 2: When you activate Bluetooth on your phone, you can connect with nearby devices such as Bluetooth in your car for hands-free calling. However, your conversations can be intercepted. Turn Bluetooth off when you’re not using it. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Ask Yourself… What can you do to protect your laptop? enable password protection. purchase a fingerprint reader use a cable and lock. All of the above Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 8.4 Security at Work Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

Corporate Security Tools Chapter 8 Corporate Security Tools Intrusion Prevision System (IPS) Honeypot Symmetric encryption Bullet 1: Many companies use an Intrusion Prevention System (abbreviated IPS), a sophisticated form of anti-malware software. An IPS provides network administrators with a set of tools to customize and manage their security settings. It detects malware and can block it from entering the network. One type of IPS, called an anomaly based intrusion system, can detect unusual or unexpected traffic on a network. Bullet 2: To ensure the network is safe, companies use tools to audit events. A company may even set up an easy-to-hack-into computer to help find weak spots on the network. Bullet 3: A recent United States government survey reported that 71% of corporations use some form of encryption regularly. One form of encryption that protects data sent across a network from people outside the network is called symmetric encryption. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Symmetric Encryption Symmetric encryption, as shown in this illustration, requires that the sending and receiving computers use the same key to encrypt and decrypt data. This keeps transmissions secure as only computers that are provided with the key can understand the message. In contrast, public key encryption involves the use of a unique public key and a unique private key. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Controlling Access Physical security. Authentication. Employee training. Bullet 1: Companies use several measures to control who has physical access to sensitive company information. One method is to keep people from walking through their doors and taking information. That requires physical security, such as locks on doors and security guards, for example. Bullet 2: Another security measure is an authentication system which might require employees to swipe a card through a reader to open a door. Other systems use a biometric device to scan retinas to identify employees. In an effort to get past an authentication system, hackers sometimes appear to be someone else and convince users to give up valuable information, which then helps them gain access to the secured network. Bullet 3: Some criminals talk their way to information by tricking employees into revealing it. This is called social engineering. Training employees to spot these cons and protect the company’s information helps companies keep damage from social engineering attacks to a minimum. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

Denial of Service Attacks Chapter 8 Denial of Service Attacks A denial-of-service (abbreviated DoS) attack involves sending a continuous stream of requests to a network until it becomes slow and inefficient, or crashes. Targets of denial-of-service attacks often include very high profile companies such as banks or Internet service providers, or government networks. DoS attacks might come from malicious groups or individuals. Companies work to prevent attacks, detect intrusions from outside the network, and block malicious actions with technologies such as firewalls. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

Disaster Planning and Training Chapter 8 Disaster Planning and Training Disaster recovery plan (DRP). Backing up. Uninterruptable power supply (UPS). Employee training. Bullet 1: Because natural disasters such as hurricanes or fires can destroy data, companies develop disaster recovery plans (abbreviated DRP). These plans include measures to protect data, as well as steps to take after a disaster has struck. Bullet 2: One important preventative measure is to back up vital company data and store the backup in a different location. Companies typically set up their networks to back up regularly. In addition to backing up data regularly, the server functions must be backed up. This will ensure the ability of the company to function in the event of a server problem. There are three backup options: A cold server is a spare server that can take over server functions. A warm server is activated periodically to get backup files from the main server. A hot server gets frequent updates and can take over if the main server fails. If a hot server takes over, users are redirected to that server in a process called failover. Bullet 3: It’s wise to use an uninterruptable power supply (abbreviated UPS) for individual computers. UPS systems provide backup if power goes down. A company can prevent data loss due to a power surge by using surge protectors. Bullet 4: Finally, training employees in smart backup procedures and how to act if disaster occurs can help minimize data loss. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

Computers in Your Career Chapter 8 Extracting evidence from computers. Decrypting data. Mobile forensics. Bullet 1: Cyberforensics, also called digital forensic science, is an up-and-coming field. If you work in cyberforensics, you might get data out of computers in criminal investigations. The data may be encrypted or erased from the hard disk, but is still recoverable. Bullet 2: Cyberforensics experts use various technologies and cryptography principles to decrypt data. Bullet 3: Mobile forensics involves the same procedures with mobile phones. If you like to solve mysteries, consider cyberforensics as a career. Next slide Computers in Your Career © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 symmetric encryption Intrusion Prevention System (IPS) honeypot social engineer biometrics spoofing The section 8.4 terms to know are: symmetric encryption: A system of encrypting and decrypting data in which the sending and receiving computers each have a matching private key. Intrusion Prevention System (IPS): A robust form of anti-malware program that gives network administrators a set of tools for controlling access to the system and stopping attacks in progress. honeypot: As part of a corporate security strategy, a computer set up to be easily hacked into to help identify weaknesses in the system and lure away potential hackers from the main systems. social engineer: A con artist who employs tactics to trick people into giving up valuable information. biometrics: Technology that uses devices such as fingerprint readers or retinal scanners to identify a person by a unique physical characteristic. spoofing: Attempting to gain valuable information via electronic communications by misleading a user as to your identity. Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 denial-of-service (DoS) attack disaster recovery plan (DRP) cold server warm server hot server failover (Continued) denial-of-service (DoS) attack: An attack against a corporate system that slows performance or brings a website down. disaster recovery plan (DRP): A formal set of policies and procedures related to preparing for recovery or continuation of computer resources and information after a disaster. cold server: A spare server used to take over server functions. warm server: A server activated periodically to get backup files from the main server. hot server: A spare server that receives frequent updates and is available to take over if the server it mirrors fails. failover: The process of redirecting users to a hot server. Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 surge protector uninterruptible power supply (UPS) cyberforensics mobile forensics decryption digital rights management (DRM) (Continued) surge protector: A device that protects a computer from loss of data caused by a spike in power, such as might occur during a thunderstorm. uninterruptible power supply (UPS): A battery backup that provides a temporary power supply if power failure occurs. cyberforensics: A field of study or a career that involves extracting information from computer storage that can be used to provide evidence in criminal investigations. This might involve decrypting data or finding residual data on a hard drive that someone has tried to erase. mobile forensics: Field of study or career that involves finding data saved or sent via a mobile device to use as evidence in criminal investigations. decryption: The process of decoding an apparently random sequence of characters into meaningful text. It reverses the process of encryption and is the final step in sending and receiving a secure communication. digital rights management (DRM): A set of technologies used by owners of digital content to control access to, and reproduction of, their material. It is used primarily to enforce copyright protection for digital content. Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Ask Yourself… What is the process of redirecting users to a hot server called? disaster recovery failsafe failover cold server fallback Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

8.5 Security Defenses Everybody Can Use Chapter 8 8.5 Security Defenses Everybody Can Use Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Security Defenses Firewalls. Antivirus/antispyware. Using passwords effectively. Bullet 1: Both individuals and corporations can and should use three security measures. First is a firewall which is a part of your computer system that blocks unauthorized access to your computer via a network. Firewalls can be created using software, hardware, or a combination of the two. Your computer operating system probably provides a firewall setting that’s simple to set up. The Windows firewall settings are shown here. Bullet 2: Antivirus software and antispyware are tools everybody should install and run often. There are free products and software for which you pay an annual subscription fee. Remember to run an update to get current virus definitions frequently as new threats come out constantly. You might also want to set up your computer to update your operating system regularly, as these updates often fix security problems. Bullet 3: Finally, use passwords and password hints effectively. Good passwords are longer and use a combination of upper and lowercase letters, numbers, and punctuation. Don’t use common words, because criminals can run a dictionary attack to check your password for all commonly used words in just a few minutes. Never give your password to others and change your passwords often, especially for sensitive accounts such as your bank account. If you’re asked to create a password hint which includes publically-available information such as your mother’s maiden name, enter a different name. The password hint feature doesn’t care whether your answer is correct, just that your answer matches what you originally entered. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 antivirus software antispyware software virus definitions strong password digital certificate digital signature The section 8.5 terms to know are: antivirus software: Software used to prevent the downloading of viruses to a computer or network, or to detect and delete viruses on the system. antispyware software: Software used to prevent the downloading of spyware to a computer or network, or to detect and delete spyware on the system. virus definitions: Information about viruses used to update antivirus software to recognize the latest threats. strong password: A password that is difficult to break. Strong passwords should contain uppercase and lowercase letters, numbers, and punctuation symbols. digital certificate: An electronic document used to encrypt data sent over a network or the Internet. digital signature: A mathematical way to demonstrate the authenticity of a digital certificate. Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Ask Yourself… What do some forms of authentication rely on to a great extent? strong user passwords frequent software updates antivirus definitions firewalls Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

© Paradigm Publishing, Inc. Chapter 8 Our Digital World End of Show © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.