Presentation is loading. Please wait.

Presentation is loading. Please wait.

8 – Disaster and Malicious Attack Planning and Recovery

Published byLaura Whitehead Modified over 6 years ago

Similar presentations

Presentation on theme: "8 – Disaster and Malicious Attack Planning and Recovery"— Presentation transcript:

1 8 – Disaster and Malicious Attack Planning and Recovery
Component 2

2 Assessment Outcomes 8C - Describe contemporary processes that protect the security and integrity of data including standard clerical procedures, levels of permitted access, passwords for access and write-protect mechanisms. 8K Describe the various potential threats to computer systems 8L Describe contingency planning to recover from disasters 8M Describe malicious and accidental damage to data and identify situations where either could occur 8N Describe types and mechanisms of malicious software and their vectors 8O Describe black hat hacking, white hat hacking and penetration testing

3 Threats to computer systems
There are many threats to computer systems, these are the most common: Viruses, Worms, and Trojan Horses Spyware and Adware Phishing attacks Hacking You should make a definition of each and explain at least one method of reducing the threat.

4 Viruses, Worms, and Trojan Horses
A computer virus is a type of malicious software program ("malware") that, when executed, replicates by reproducing itself (copying its own source code) or infecting other computer programs by modifying them. Worms In a computer, a worm is a self-replicating virus that does not alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks. Trojan Horse One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer. The term comes from the a Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. FMI - center/threats/trojans To safeguard against viruses, worms, and Trojan horses a user should: Install Anti-Virus Software Regularly Run Scans and remove threats Keep the virus library up to date Limit access to the system so that only authorised people can use it Take regular back ups of data and store these away from the main computer (external HDD etc.)

5 Spyware and Adware These are both types of malicious software (called 'malware' for short). Spyware Spyware is the name given to software that gets access to your computer without you knowing, often because you have downloaded and installed free software from the Internet. Spyware can change the settings on your computer and interfere with or slow down your internet experience. Spyware can also gather information silently about your computer habits and personal information and transmit them to unauthorised people. Adware Adware is software that gets access to your computer, again usually because you have downloaded free software from the Internet or you have downloaded legitimate software but it came bundled with adware Adware can cause adverts to pop up on your screen or in your browser and can add adverts to whatever browser you are using and can be very annoying To reduce the risk of spyware a user should: Install anti-spyware software Keep anti-spyware libraries up to date Regularly scan the network for spyware Use trusted and private connections to the Internet when entering personal or confidential information To reduce the risk of adware a user should: Install anti-malware (adware) software Keep anti-malware libraries up to date Regularly scan the network for adware Check bundled applications when installing software – opt out of installing bundled software

6 Phishing Attacks Phishing
Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent messages that appear to come from legitimate businesses. These authentic- looking messages are designed to fool recipients into divulging personal data such as account numbers and passwords, credit card numbers and Social Security numbers. Phishing is popular with cybercriminals, as it is far easier to trick someone into clicking a malicious link in a seemingly legitimate than trying to break through a computer’s defenses. Although some phishing s are poorly written and clearly fake, sophisticated cybercriminals employ the techniques of professional marketers to identify the most effective types of messages --  the phishing "hooks" that get the highest "open" or click through rate and the Facebook posts that generate the most likes.  To reduce the risk of phishing attacks a user should: 1. Guard against spam. Be especially cautious of s that: Come from unrecognized senders. Ask you to confirm personal or financial information over the Internet and/or make urgent requests for this information. Aren’t personalized. Try to upset you into acting quickly by threatening you with frightening information. 2. Communicate personal information only via phone or secure web sites 3. Do not click on links, download files or open attachments in s from unknown senders. It is best to open attachments only when you are expecting them and know what they contain, even if you know the sender. 4. Never personal or financial information, even if you are close with the recipient. You never know who may gain access to your account, or to the person’s account to whom you are ing. 5. Beware of links in s that ask for personal information, even if the appears to come from an enterprise you do business with. Phishing web sites often copy the entire look of a legitimate web site, making it appear authentic. To be safe, call the legitimate enterprise first to see if they really sent that to you. After all, businesses should not request personal information to be sent via . 7. Protect your computer with a firewall, spam filters, anti-virus and anti-spyware software. Do some research to ensure you are getting the most up-to-date software, and update them all regularly to ensure that you are blocking from new viruses and spyware. 8. Check your online accounts and bank statements regularly to ensure that no unauthorized transactions have been made. 

7 Hacking Hackers try to get unauthorised access to your computer by 'hacking' into it (breaking in to it). A Hacker is a person who breaks codes and passwords (or changes code) to gain access to a computer systems that they do not have permission to. Hackers may break into networks to steal confidential files, to commit fraud, or to damage the reputation of the company (PSN, Yahoo, etc.)

8 Black and White Hat Hacking
Black Hat White Hat People who try to gain unauthorised access to computer systems are known as black hat hackers. They are essentially criminals, trying to bypass security measures so that they can access files of data for malicious or criminal reasons. They might want to view data, change it, delete it, steal it to resell it, steal it to make it public or steal it to use themselves to make money. When a black hat hacker finds a vulnerability in a network, they keep this information to themselves as it is very valuable; it will let them into the system any time they want until the flaw is found, reported and blocked by others. White hat hackers are often called ethical hackers. They are not trying to break into a system for malicious or criminal reasons. They are attempting to break into a system perhaps because they own it and want to test how secure it is, or perhaps because they are employed by a security company to test a system's levels of security by running penetration tests. They are open about their activities with others in their team, document their findings and help the process of making data and the systems they live in more secure.

9 Difference between black and white hat hacking
A White hat hacker never use his skill for any illegal purpose. In fact, he always use his skill for protecting people from the black hat hackers and usually become computer or cyber security experts. On the contrary the black hat or malicious hacker are bad guys and usually use their skill maliciously for personal gains like stealing credentials, credit cards and deface websites, etc. Black Hat hackers are often criminals or people not employed by a company. White hat hackers are often employed by a company to try and find weaknesses in their computer systems.

10 Penetration Testing A penetration test is a deliberate attack by a white hat hacker on a computer system, with the aim of finding security weaknesses in it. Penetration tests are either white box or black box: White box penetration tests are where the hacker has lots of information about the target system, such as the type of computers that are being used, the software that runs on them, perhaps some information about how security is organised and who is responsible for it. Black box penetration tests are where the company is considered to be inside a black box and all the hacker knows is what the company's name is. They don't know any other details except those that they can find out for themselves. Penetration tests should help identify the strengths and weaknesses of a target computer system and the potential threats that could result from an attack. This information can be used to inform a company about further measures they need to take to improve their data and system security.

11 Contingency (Disaster) planning
All networks might have a disaster. This could range from the entire building holding a network burning down to flood damage to malicious damage by a hacker or disgruntled employee. When a disaster happens, an organisation needs to get the network back up and running as quickly as possible or it might go out of business. A Disaster Recovery policy is a written document, which attempts to get the managers in an organisation to think in advance about what they need to do should a disaster happen. By thinking ahead and planning for the worst, companies will know what to do quickly and calmly in the event of a serious problem. They should be able to identify suitable back-up strategies in advance by thinking about what data needs to be recovered. They will be able to design tests to test the robustness of the Disaster Recovery plan to check it is viable. They will limit the possibility of legal action against them for doing the wrong thing in a panic!

12 Recovering from a disaster: Strategies
If an organisation's network or key pieces of hardware fail for whatever reason, it might have serious implications for the organisation. Losing data could be so serious that they might even go out of business. The data that an organisation needs to operate must be kept secure. A way to achieve this is called disk mirroring, or 'failover'.

13 Failover So that a business can continue as normal in the event of a serious hardware failure, organisations often use 'failover'. Failover is the term used when you have a second, identical piece of equipment that can start working automatically if the first main piece of equipment fails. For example, one key piece of equipment on a client-server network is the server. This manages the entire network of personal computers, printers and other hardware on the network. If the server fails, the whole network will not be available for anyone to use.

Download ppt "8 – Disaster and Malicious Attack Planning and Recovery"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.
Let’s Talk About Cyber Security

Let’s Talk About Cyber Security
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Computer Viruses.

Computer Viruses.
What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.

What are Trojan horses?  A Trojan horse is full of as much trickery as the mythological Trojan horse it was named after. The Trojan horse, at first glance.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.

The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Wonga example Register Question- What risks do you think businesses face due to IT developments?

Wonga example Register Question- What risks do you think businesses face due to IT developments?
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Issues Raised by ICT.

Issues Raised by ICT.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.

Internet safety Viruses A computer virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your.
Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.

Viruses & Security Threats Unit 1 – Understanding Computer Systems JMW 2012.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
IT security Sherana Kousar 11a/ib1  A virus is a file written with the intention of doing harm, or for criminal activity  Example of viruses are: 

IT security Sherana Kousar 11a/ib1  A virus is a file written with the intention of doing harm, or for criminal activity  Example of viruses are: 
IT Security for Users By Matthew Moody.

IT Security for Users By Matthew Moody.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Liam Bradford.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Liam Bradford.

Similar presentations

Ads by Google