Download presentation
Presentation is loading. Please wait.
Published byBrittany Hancock Modified over 9 years ago
1
Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy
Our Digital World Chapter 8 Digital Defense: Securing Your Data and Privacy Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
2
This chapter will help you to:
Recognize risks of a networked computer. Explain types of malware and anti-malware tools. Identify a trusted online site. Understand security risks of mobile devices. Identify risks to hardware and software in the workplace. By the time you finish this chapter, you’ll know how to: Bullet 1: Recognize and protect against risks that are associated with operating a computer connected to a network, including the Internet. These risks might include threats that modify your computer settings or access your saved data. Bullet 2: You’ll be able to explain the different types of malware, including computer viruses and spyware. You’ll discover the role of antivirus software and antispyware in protecting your computer from different kinds of attacks. Bullet 3: It’s important that you know how to identify a trusted website so that you only visit and do business with reputable companies. This can go a long way towards helping you avoid downloading dangerous malware to your computer. Bullet 4: You’ll learn about the unique security risks when you use a mobile phone. Bullet 5: Finally, companies can defend against threats to their valuable data and physical damage to their computers if a natural disaster occurs. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
3
© Paradigm Publishing, Inc.
Chapter 8 Main Topics 8.1 The Role of Security and Privacy in Your Digital World 8.2 When Security Gets Personal 8.3 Mobile Security 8.4 Security at Work 8.5 Security Defenses Everybody Can Use The main topics covered in Chapter 8 are: Bullet 1: The Role of Security and Privacy in Your Digital World Bullet 2: When Security Gets Personal Bullet 3: Mobile Security Bullet 4: Security at Work Bullet 5: Security Defenses Everybody Can Use Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
4
© Paradigm Publishing, Inc.
Chapter 8 Why Should You Care? Digital information is valuable and at risk. Antivirus software alone isn’t enough. Save time and become less vulnerable. Bullet 1: You live in the information age. Because information has great value, it has become the target of criminals and can be used both for and against you. Bullet 2: Some people believe using antivirus software protects them from all risks. However, there are many reasons why your computer and your data are at risk. Antivirus software is only one part of a more complete protection solution. Bullet 3: Understanding the risks and taking appropriate precautions will help prevent a problem. Knowing what actions to take in the event of a problem will help you when fixing damage to your computer or files. In addition, you will feel more confident about your online activities. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
5
8.1 The Role of Security and Privacy in Your Digital World
Chapter 8 8.1 The Role of Security and Privacy in Your Digital World Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
6
Understand Security Threats
Chapter 8 Understand Security Threats Computer security protects your network and computers. Data loss prevention plan reduces risk. Various threats from malware. Several sources for threats. Bullet 1: Computer security involves protecting your home or business network or your individual computer from attack. These attacks can come as data theft, damage to your valuable data, or theft of your hardware. Bullet 2: Companies typically use a data loss prevention plan to help minimize the risk of losing data or having data stolen by malicious hackers, competitors, or disgruntled employees. Bullet 3: One source of damage to your data is malware, a category of software that includes various kinds of viruses, spyware, and adware. These malicious programs can wipe data from your computer, corrupt data, track your activities, or change security settings on your computer. Bullet 4: Who are these threats coming from? Sources include professional criminals, malicious hackers, and unethical companies that are interested in your activities and information. In addition, any Internet user could use your information to cyberbully you. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
7
© Paradigm Publishing, Inc.
Chapter 8 The Secure PC Security breaches can be very costly. A 2009 study by Purdue University on the cost of corporate security abuses found that the cost to companies worldwide totaled one trillion dollars in just that year. The good news is that companies and individuals can take steps to keep data safe, as shown in this illustration. You can use firewall technology to keep intruders out of a network, give users strong passwords, and use junk filters. In addition, it’s important for everyone to use common sense to avoid social engineering and phishing attacks which try to get you to reveal private information. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
8
Spotlight on the Future
Chapter 8 Preparing for Cyber Attacks of the Future What is a self-healing system? How can individuals defend against cyber attacks? What is an electromagnetic pulse? Dr. S. Massoud Amin, director of the Technological Leadership Institute at the University of Minnesota, warns about future cyber attacks, including “multi-prong” events that combine chemical, biological, and computer communications attacks. He encourages interested students to go into the computer security field. Next slide Spotlight on the Future © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
9
Basic Tools of Computer Security
Chapter 8 Basic Tools of Computer Security Authentication. Technology. User procedures. Bullet 1: Authentication involves the use of passwords or other unique identifiers, such as fingerprints or retinal scans (called biometrics) to identify individuals who are allowed access to a network or specific data. Bullet 2: Technology helps protect computer users with tools such as firewalls to keep intruders out of a network, antivirus software to detect computer viruses and remove them before they can do damage, or data encryption which makes data impossible to read by anybody without the right key. Bullet 3: Employees can put companies and data at risk, so it is vital to train users in the procedures that will keep valuable corporate data safe. Security measures include creating strong passwords, not downloading files from suspicious sites, and avoiding scams that give valuable access information to strangers. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
10
© Paradigm Publishing, Inc.
Chapter 8 computer security data loss prevention (DLP) hacker authentication The section 8.1 terms to know are: computer security: Activities that protect the boundaries of your home or business network and individual computing devices from intruders. Also called information security. information security: See computer security. data loss prevention (DLP): Activities that minimize the risk of loss or theft of data from within a network. hacker: A person who gains unauthorized access to a computer or network and uses knowledge of computer technology and security settings for benign or malicious purposes. authentication: The use of passwords or other identifiers such as fingerprints to make sure that the people accessing information are who they claim to be. Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
11
© Paradigm Publishing, Inc.
Chapter 8 Ask Yourself… What aspect of computer security minimizes risk of loss or theft of data? damage loss plan data loss prevention requiring that all users log in with the same password None of the above Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
12
8.2 When Security Gets Personal
Chapter 8 8.2 When Security Gets Personal Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
13
Protecting Home Networks
Chapter 8 Protecting Home Networks Unprotected networks are vulnerable. Access point or router password protection. Encryption codes data. Bullet 1: Data is vulnerable as it is transmitted on a network. People can piggyback on your Internet connection, track your online activities, or hack into individual computers on the network. Bullet 2: You can protect your network by taking advantage of password protection built into network equipment such as routers and access points. Make sure to change the default password set by the manufacturer, because these passwords are often predictable. For example, a favorite password is the word password. Bullet 3: Use encryption to code data that you transmit so it is unreadable by anyone to whom you haven’t provided a key. Encryption scrambles a message, and you use a key to unscramble it. Two popular forms of encryption for home networks are Wi-Fi Protected Access (WPA) and Wired Equivalent Privacy (WEP). Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
14
© Paradigm Publishing, Inc.
Chapter 8 Public Key Encryption Here’s how one form of encryption, called public key encryption, works: Your computer generates a public key, which you send to your friend. Your friend applies the key to encrypt a message and sends the message to you. Your computer applies a corresponding private key to decrypt the message. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
15
Understanding Malware
Chapter 8 Understanding Malware Malicious software installs itself on your computer. Results include pop-ups, viruses, or tracking. Malware includes: Viruses Trojans Macro viruses and logic bombs Rootkits Spyware Adware Bullet 1: The term malware stands for malicious software. This type of program installs itself on your computer without your knowledge or consent. Malware may be created by unethical businesses, organized criminals, or malicious individuals. Bullet 2: Malware can be used to co-opt your computer to send spam, steal data, or make your computer more vulnerable to attack. Some malware can display annoying pop-up windows or track your every keystroke to steal your money or identity. Bullet 3: Several kinds of malware, including self-replicating viruses and Trojans, corrupt data. They might open a back door in your system allowing unauthorized users to enter, such as spyware and adware, that helps businesses sell to you or track your online activities. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
16
© Paradigm Publishing, Inc.
Chapter 8 Virus Attacks A computer virus is a type of computer program that can reproduce itself. Viruses duplicate when a user runs an infected program. As shown in this figure, if an attachment with an infected virus is opened, it will infect the computer. If the attachment is not opened, it will not infect the computer. © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
17
© Paradigm Publishing, Inc.
Chapter 8 Worm Attacks One type of malware is a worm. A worm is self-replicating. Unlike viruses, worms don’t need to be attached to another file to spread. If you have a worm on your system and power up your computer, the worm infects a network by sending copies of itself to every computer on the network, as shown in this illustration. Worms are often designed to clog up traffic on a network. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
18
© Paradigm Publishing, Inc.
Chapter 8 Trojan Horse The Trojan horse is malware that masquerades as a useful program. When it is run, the program opens a “back door” to your system, which allows hackers to gain access. © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
19
© Paradigm Publishing, Inc.
Chapter 8 Spyware and Adware Spyware spies on the activity of a computer users. Adware delivers ads. Bullet 1: Although spyware is intended to track the activity of a computer user, some spyware can have legitimate uses. For example, websites may use spyware to track your browsing habits in order to better target advertisements to you. It can also be used by businesses to track employee activities online. Bullet 2: Adware delivers ads, often in pop-up form. Revenue from adware can help pay for development expenses. © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
20
How Malware Uses Botnets
Chapter 8 How Malware Uses Botnets Botnets are collections of co-opted computers called zombies. Malware has taken over these machines to cause denial-of-service attacks by overloading a network with messages or generating spam. Once installed on your computer, a botnet malware application allows a malicious hacker to control your computer. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
21
© Paradigm Publishing, Inc.
Chapter 8 How Malware Is Spread Opening an attachment that contains an executable file. Downloading a picture with a virus in it. Visiting an infected website. Sharing infected storage devices. Connecting to an infected network. Security threats are a reality, and it is important protect yourself from malware. Bullet 1: Malware can hide in attachments. Bullet 2: In a single pixel of a photo image. Bullet 3: And on a website. Bullet 4: A virus can be shared through passing along storage devices. Bullet 5: If a network is infected, pick up a worm by connecting to that network. © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
22
© Paradigm Publishing, Inc.
Chapter 8 chain letters are used to deliver malware. Collect addresses for spamming. Bullet 1: Be cautious if you receive a chain letter in your inbox. Some may be just for fun, but many are used as vehicles to deliver malware. You may be sending an infection to your friends’ computers by forwarding a chain . Bullet 2: Another use of chain letters is to compile addresses for sending spam. The large addressee lists on some chain s are harvested as the travels. If you send a chain , be safe. Copy the contents into a new message and put all the recipients’ addresses in the BCC field so they aren’t visible to spammers or each other. Next slide Playing It Safe © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
23
Recognizing Secure Sites
Chapter 8 Recognizing Secure Sites Familiarity and accreditations. Transport Layer Security (TSL). Site advisors. Use of cookies. Occasionally, reputable sites may be used to pass along malware. By doing business with secure sites, you greatly increase your safety. Here are four items to look for when identifying a trusted site: Bullet 1: Retailers we know from the brick-and-mortar world can usually be trusted. Also, look for accreditations from organizations such as the online Better Business Bureau that certify the secure practices of the site. Bullet 2: When buying an item on a site, during the checkout process, the http: in the address line should change to This indicates that the site uses the TSL (or Transport Layer Security) protocol to protect your purchase information. Bullet 3: Services such as McAfee Site Advisor rate sites based on their safety, using criteria such as privacy policies and reported incidences of downloading of malware. When you use a site advisor and perform a search, sites listed in the results have small icons next to them indicating their level of security. Bullet 4: A cookie is a file stored on your computer by a web server to track information about you and your online activities. Not all cookies are bad. Some companies use them to personalize or customize your shopping experience, for example. However, cookies can be misused, so check your browser settings to be sure you’re comfortable with the level of security for handling cookies. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
24
© Paradigm Publishing, Inc.
Chapter 8 Free offers really aren’t free. Risks of clicking on links in advertisements. Risks of clicking on attachments. Bullet 1: It’s important to use common sense when browsing online. You know from your own experience that free offers often carry a hidden cost. The cost online could be dangerous downloads. Bullet 2: Avoid clicking on links in advertisements and s. Instead, enter a URL to go to a site. Links sometimes take you to phony or untrustworthy sites that download malware to your computer. Bullet 3: attachments, especially those identified as executable files by an .exe extension, can download malware. Don’t click on or download an attachment if you’re not expecting it or the sender is unknown. Next slide Defensive Browsing © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
25
© Paradigm Publishing, Inc.
Chapter 8 encryption public key private key public key encryption Wi-Fi Protected Access (WPA) Wired Equivalent Privacy (WEP) The section 8.3 terms to know are: encryption: The process of using a key to convert readable information into unreadable information which prevents unauthorized access or usage. public key: A code key used in encryption. Creates an encrypted message that is decrypted by a private key. private key: A code key used in encryption for decrypting data that has been encrypted by a public key. public key encryption: A system of encrypting and decrypting data using a public key and private key combination. Wi-Fi Protected Access (WPA): An encryption standard used to protect data sent across a wireless network. Designed by the Wi-Fi Alliance to overcome the security limitations of Wired Equivalent Privacy (WEP). Wired Equivalent Privacy (WEP): An encryption standard used to protect data sent across a wireless network. An older and less secure technology than Wi-Fi Protected Access (WPA). Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
26
© Paradigm Publishing, Inc.
Chapter 8 malware spam virus worm Trojan horse macro virus logic bomb virus (Continued) malware: Collectively, damaging computer programs such as viruses and spyware, which can display pop-up window advertisements, track your online activities, or destroy your data. spam: Mass s sent to people who haven’t requested them, usually for the purpose of advertising or fraud. virus: A type of computer program placed on your computer without your knowledge. A virus can reproduce itself and spread from computer to computer by attaching to another, seemingly innocent, file. worm: A self-replicating computer program that sends out copies of itself to every computer on a network. Worms are usually designed to damage the network, often by clogging up the network’s bandwidth and slowing its performance. Trojan horse: Malware that masquerades as a useful program. When you run the program, you let this malware into your system. It opens a “back door” to your system for malicious hackers. macro virus: A virus that infects the data files of applications used frequently such as word processors and spreadsheets. logic bomb virus: A piece of code placed in a software system to set off a series of potentially damaging events if certain conditions are met. Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
27
© Paradigm Publishing, Inc.
Chapter 8 rootkit botnet zombie spyware adware Transport Layer Security (TLS) cookie (Continued) rootkit: A set of programs or utilities for hackers to control a user’s hardware and software and monitor the user’s actions. botnet: A group of computers that have been compromised (zombies or bots) so they forward communications to a controlling computer. zombie: A computer compromised by malware that becomes part of a botnet and is used to damage or compromise other computers. Also called a bot. bot: See zombie. spyware: Software that tracks activities of a computer user without the user’s knowledge. adware: Software that is supported by advertising and is capable of downloading and installing spyware. Transport Layer Security (TLS): A protocol that protects data such as credit card numbers as they are being transmitted between a customer and online vendor or payment company. cookie: A small file stored on your computer by a web server to track information about you and your activities. Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
28
© Paradigm Publishing, Inc.
Chapter 8 Ask Yourself… When looking for a trustworthy retailer, it is best to follow an link from a retailer that has a free offer. follow links in an advertisement to locate retailers that provide the item at a good price. enter the URL for a brick-and-mortar retail store. All of the above Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
29
© Paradigm Publishing, Inc.
Chapter 8 8.3 Mobile Security Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
30
© Paradigm Publishing, Inc.
Chapter 8 Protecting a Laptop Use a lock. Use a fingerprint reader. Activate password protection. Company mobile computing policies. When you take your computer with you, you’re exposing it to several dangers. For example, someone could walk off with your valuable property and gain access to all the data stored on it. Bullet 1: To deter anyone from helping themselves to your laptop, consider physically securing it with a cable and a lock. For additional protection, you can use a service like LoJack to track your computer and allow you to remotely delete data in the event your computer is stolen. Bullet 2: Also, you might want to buy an external fingerprint reader for your laptop. Many newer laptops include fingerprint readers. Then only a person with your fingerprint (that is, you) can access information on the computer. Bullet 3: Another way to keep someone from your data is to activate a password feature in your operating system. Without your password, a thief would have a hard time getting into your user account. Bullet 4: Companies must establish a mobile computing policy so that their employees don’t put sensitive information at risk. Policies might require keeping backups of data on physical storage media or backing up data to an offsite location, for example. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
31
Using Public Wi-Fi Access
Chapter 8 Using Public Wi-Fi Access Public computers aren’t protected. Avoid accessing financial accounts or making purchases. Bullet 1: Important protections are turned off so that the general public can access the Internet using a Wi-Fi hotspot. Malicious people can monitor your transactions and communications when you use a public network at an Internet café, hotel, or airport. Bullet 2: When using a public computer or a hotspot, avoid certain activities to protect yourself. Limit your use of online accounts, such as a credit card company or bank site. Also, if possible, refrain from buying things while using a hotspot. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
32
© Paradigm Publishing, Inc.
Chapter 8 Cell Phone Safety Cell phone theft. Exposure when using Bluetooth. Bullet 1: Cell phone theft is increasing. People who steal cell phones can make expensive international calls on your dime. They can access your contacts and other personal information stored on your phone, and then steal your identity. Some services provide protection, by clearing data on your phone’s SIM card or locking your phone so a password must be entered to unlock the keypad. Bullet 2: When you activate Bluetooth on your phone, you can connect with nearby devices such as Bluetooth in your car for hands-free calling. However, your conversations can be intercepted. Turn Bluetooth off when you’re not using it. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
33
© Paradigm Publishing, Inc.
Chapter 8 Ask Yourself… What can you do to protect your laptop? enable password protection. purchase a fingerprint reader use a cable and lock. All of the above Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
34
© Paradigm Publishing, Inc.
Chapter 8 8.4 Security at Work Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
35
Corporate Security Tools
Chapter 8 Corporate Security Tools Intrusion Prevision System (IPS) Honeypot Symmetric encryption Bullet 1: Many companies use an Intrusion Prevention System (abbreviated IPS), a sophisticated form of anti-malware software. An IPS provides network administrators with a set of tools to customize and manage their security settings. It detects malware and can block it from entering the network. One type of IPS, called an anomaly based intrusion system, can detect unusual or unexpected traffic on a network. Bullet 2: To ensure the network is safe, companies use tools to audit events. A company may even set up an easy-to-hack-into computer to help find weak spots on the network. Bullet 3: A recent United States government survey reported that 71% of corporations use some form of encryption regularly. One form of encryption that protects data sent across a network from people outside the network is called symmetric encryption. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
36
© Paradigm Publishing, Inc.
Chapter 8 Symmetric Encryption Symmetric encryption, as shown in this illustration, requires that the sending and receiving computers use the same key to encrypt and decrypt data. This keeps transmissions secure as only computers that are provided with the key can understand the message. In contrast, public key encryption involves the use of a unique public key and a unique private key. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
37
© Paradigm Publishing, Inc.
Chapter 8 Controlling Access Physical security. Authentication. Employee training. Bullet 1: Companies use several measures to control who has physical access to sensitive company information. One method is to keep people from walking through their doors and taking information. That requires physical security, such as locks on doors and security guards, for example. Bullet 2: Another security measure is an authentication system which might require employees to swipe a card through a reader to open a door. Other systems use a biometric device to scan retinas to identify employees. In an effort to get past an authentication system, hackers sometimes appear to be someone else and convince users to give up valuable information, which then helps them gain access to the secured network. Bullet 3: Some criminals talk their way to information by tricking employees into revealing it. This is called social engineering. Training employees to spot these cons and protect the company’s information helps companies keep damage from social engineering attacks to a minimum. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
38
Denial of Service Attacks
Chapter 8 Denial of Service Attacks A denial-of-service (abbreviated DoS) attack involves sending a continuous stream of requests to a network until it becomes slow and inefficient, or crashes. Targets of denial-of-service attacks often include very high profile companies such as banks or Internet service providers, or government networks. DoS attacks might come from malicious groups or individuals. Companies work to prevent attacks, detect intrusions from outside the network, and block malicious actions with technologies such as firewalls. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
39
Disaster Planning and Training
Chapter 8 Disaster Planning and Training Disaster recovery plan (DRP). Backing up. Uninterruptable power supply (UPS). Employee training. Bullet 1: Because natural disasters such as hurricanes or fires can destroy data, companies develop disaster recovery plans (abbreviated DRP). These plans include measures to protect data, as well as steps to take after a disaster has struck. Bullet 2: One important preventative measure is to back up vital company data and store the backup in a different location. Companies typically set up their networks to back up regularly. In addition to backing up data regularly, the server functions must be backed up. This will ensure the ability of the company to function in the event of a server problem. There are three backup options: A cold server is a spare server that can take over server functions. A warm server is activated periodically to get backup files from the main server. A hot server gets frequent updates and can take over if the main server fails. If a hot server takes over, users are redirected to that server in a process called failover. Bullet 3: It’s wise to use an uninterruptable power supply (abbreviated UPS) for individual computers. UPS systems provide backup if power goes down. A company can prevent data loss due to a power surge by using surge protectors. Bullet 4: Finally, training employees in smart backup procedures and how to act if disaster occurs can help minimize data loss. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
40
Computers in Your Career
Chapter 8 Extracting evidence from computers. Decrypting data. Mobile forensics. Bullet 1: Cyberforensics, also called digital forensic science, is an up-and-coming field. If you work in cyberforensics, you might get data out of computers in criminal investigations. The data may be encrypted or erased from the hard disk, but is still recoverable. Bullet 2: Cyberforensics experts use various technologies and cryptography principles to decrypt data. Bullet 3: Mobile forensics involves the same procedures with mobile phones. If you like to solve mysteries, consider cyberforensics as a career. Next slide Computers in Your Career © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
41
© Paradigm Publishing, Inc.
Chapter 8 symmetric encryption Intrusion Prevention System (IPS) honeypot social engineer biometrics spoofing The section 8.4 terms to know are: symmetric encryption: A system of encrypting and decrypting data in which the sending and receiving computers each have a matching private key. Intrusion Prevention System (IPS): A robust form of anti-malware program that gives network administrators a set of tools for controlling access to the system and stopping attacks in progress. honeypot: As part of a corporate security strategy, a computer set up to be easily hacked into to help identify weaknesses in the system and lure away potential hackers from the main systems. social engineer: A con artist who employs tactics to trick people into giving up valuable information. biometrics: Technology that uses devices such as fingerprint readers or retinal scanners to identify a person by a unique physical characteristic. spoofing: Attempting to gain valuable information via electronic communications by misleading a user as to your identity. Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
42
© Paradigm Publishing, Inc.
Chapter 8 denial-of-service (DoS) attack disaster recovery plan (DRP) cold server warm server hot server failover (Continued) denial-of-service (DoS) attack: An attack against a corporate system that slows performance or brings a website down. disaster recovery plan (DRP): A formal set of policies and procedures related to preparing for recovery or continuation of computer resources and information after a disaster. cold server: A spare server used to take over server functions. warm server: A server activated periodically to get backup files from the main server. hot server: A spare server that receives frequent updates and is available to take over if the server it mirrors fails. failover: The process of redirecting users to a hot server. Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
43
© Paradigm Publishing, Inc.
Chapter 8 surge protector uninterruptible power supply (UPS) cyberforensics mobile forensics decryption digital rights management (DRM) (Continued) surge protector: A device that protects a computer from loss of data caused by a spike in power, such as might occur during a thunderstorm. uninterruptible power supply (UPS): A battery backup that provides a temporary power supply if power failure occurs. cyberforensics: A field of study or a career that involves extracting information from computer storage that can be used to provide evidence in criminal investigations. This might involve decrypting data or finding residual data on a hard drive that someone has tried to erase. mobile forensics: Field of study or career that involves finding data saved or sent via a mobile device to use as evidence in criminal investigations. decryption: The process of decoding an apparently random sequence of characters into meaningful text. It reverses the process of encryption and is the final step in sending and receiving a secure communication. digital rights management (DRM): A set of technologies used by owners of digital content to control access to, and reproduction of, their material. It is used primarily to enforce copyright protection for digital content. Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
44
© Paradigm Publishing, Inc.
Chapter 8 Ask Yourself… What is the process of redirecting users to a hot server called? disaster recovery failsafe failover cold server fallback Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
45
8.5 Security Defenses Everybody Can Use
Chapter 8 8.5 Security Defenses Everybody Can Use Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
46
© Paradigm Publishing, Inc.
Chapter 8 Security Defenses Firewalls. Antivirus/antispyware. Using passwords effectively. Bullet 1: Both individuals and corporations can and should use three security measures. First is a firewall which is a part of your computer system that blocks unauthorized access to your computer via a network. Firewalls can be created using software, hardware, or a combination of the two. Your computer operating system probably provides a firewall setting that’s simple to set up. The Windows firewall settings are shown here. Bullet 2: Antivirus software and antispyware are tools everybody should install and run often. There are free products and software for which you pay an annual subscription fee. Remember to run an update to get current virus definitions frequently as new threats come out constantly. You might also want to set up your computer to update your operating system regularly, as these updates often fix security problems. Bullet 3: Finally, use passwords and password hints effectively. Good passwords are longer and use a combination of upper and lowercase letters, numbers, and punctuation. Don’t use common words, because criminals can run a dictionary attack to check your password for all commonly used words in just a few minutes. Never give your password to others and change your passwords often, especially for sensitive accounts such as your bank account. If you’re asked to create a password hint which includes publically-available information such as your mother’s maiden name, enter a different name. The password hint feature doesn’t care whether your answer is correct, just that your answer matches what you originally entered. Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
47
© Paradigm Publishing, Inc.
Chapter 8 antivirus software antispyware software virus definitions strong password digital certificate digital signature The section 8.5 terms to know are: antivirus software: Software used to prevent the downloading of viruses to a computer or network, or to detect and delete viruses on the system. antispyware software: Software used to prevent the downloading of spyware to a computer or network, or to detect and delete spyware on the system. virus definitions: Information about viruses used to update antivirus software to recognize the latest threats. strong password: A password that is difficult to break. Strong passwords should contain uppercase and lowercase letters, numbers, and punctuation symbols. digital certificate: An electronic document used to encrypt data sent over a network or the Internet. digital signature: A mathematical way to demonstrate the authenticity of a digital certificate. Next slide Terms to Know © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
48
© Paradigm Publishing, Inc.
Chapter 8 Ask Yourself… What do some forms of authentication rely on to a great extent? strong user passwords frequent software updates antivirus definitions firewalls Next slide © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
49
© Paradigm Publishing, Inc.
Chapter 8 Our Digital World End of Show © Paradigm Publishing, Inc. © Paradigm Publishing, Inc.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.