CS 202 MODULE 3 NOTES
CS 202 MODULE 3 NOTES CS 202
Popular in Intro to the Internet
Popular in ComputerScienence
This 5 page Study Guide was uploaded by Kayla Peel on Wednesday March 30, 2016. The Study Guide belongs to CS 202 at University of Alabama - Tuscaloosa taught by Ralph E. Hooper in Winter 2016. Since its upload, it has received 20 views. For similar materials see Intro to the Internet in ComputerScienence at University of Alabama - Tuscaloosa.
Reviews for CS 202 MODULE 3 NOTES
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 03/30/16
MODULE 3 NOTES Security Basics o Security: broadly defined as the protection of assets from unauthorized access, use, alteration, or destruction. o Threat: any act or object that endangers an asset Usually classified in 3 categories Security Threat: occurs when data is disclosed to an unauthorized party Integrity Threat: results in unauthorized data modification Necessity Threat: causes data delays or denials o Countermeasure: a physical or logical procedure that recognizes, reduces, or eliminates a threat. The best way to safeguard against a threat is to prevent it from occurring in the first place In some cases, one needs to plan for losses in service or theft by purchasing insurance or installing backup systems Machinelevel Security: refers to actions taken to protect information on a computer that may or may not be connected to a computer network or the internet o Authentication: A security process in which the identity of a person is verified o Twostep Verification: requires a combo of a password with a verification code sent to the user’s phone. Typically, only required if the account is accessed from an unrecognizable computer o Encryption: A security technique that uses highlevel mathematical functions and computer algorithms to encode data so that it is unintelligible to all but the sender and recipient o Data Backup: a process in which copies of important computer files are stored in a safe place to guard against data loss Data may be lost due to hardware failure, human error, software corruption, hackers, malware, or natural disasters. Network Security: concerned with addressing vulnerabilities and threats in computer networks that may or may not be connected to the internet. o Permissions (file system permission): the specific access privileges afforded to each network user and each system resource in terms of which files, folders, and drives each use can read, write, and execute. o Interior Threats: network security threats that originate from within a network, typically from registered users. Users Mistakes That Threaten Computer Security o Data: entry errors o Errors in computer programming o Improper installation and setup of computer system o Mishandling dangerous computer activity o Uninformed dangerous computer activity o Inadequate planning for and control of equipment malfunctions o Inadequate planning for and control of electrical problems, humidity problems, and other environmental difficulties Network usage Policy: a document, agreement, or contract that defines acceptable and unacceptable uses of computer and network resources for a business or organization. o Network and computer use: Users are responsible for maintaining the security of their password Users are responsible for using the network facilities in a manner that is ethical, legal, and not to the detriment of others It is against federal law and corporate policy to violate the license on computer software Users must request permission of system administration for the installation of software and provide proof of ownership of the software license o Email use: Employees shall use corporate email system only for corporate business purposes Email systems shall not be used for transmission or storage of information that promotes discrimination Employees must use judgment on the type of information sent through email The office may access an employees email media The use of network systems to send and forward chain letters and other inappropriate messages is prohibited o Internet use: The use of internet access and the web should be restricted to corporate business purposes Users shall request the permission of system administration before installing web plugin applications The use of peertopeer networks and firesharing software is strictly forbidden Wireless Security: the unique threats and defenses associated with wireless computer networks o One of the most serious mistakes that home users make when installing a wireless network is the failure to change the default login for a device Makes it possible for anyone who already knows the manufacturers generic default login information to access the wireless network Methods for Securing Wireless Networks: Default login 1. Change the default login and password for the wireless router or access point 2. Change the default SSID. Be sure to type the name in the desired case, as the SSID is case sensitive, 3. Obtain the MAC addresses of the wireless devices that will connect to the wirless network, and then enter their MAC addresses using the configuration for the wireless router or device 4. Enable MAC address filtering on the wireless router or access point 5. Enable the highest level of security that your wireless devices and wireless router or access point can manage. Be sure to use the most secure key to the wireless router or access point offers. If you must use WEP, change the passphrase occasionally. 6. Make sure that all of your wireless devices can connect to the wireless network with the settings you’ve implemented. 7. Disable the SSID for your wireless router or access point 8. When not using the wireless network for an extended period of time, such as when leaving on vacation, power it off. Understanding Security Threats to Wireless Devices o OvertheShoulder Attacks: an unauthorized person uses his or her physical proximity to your device to attempt to get your login information, passwords, or other sensitive data while you’re working o Evil Twin Attack (Café latte attack): when a hacker gathers information about an access point and then uses that information to set up his own computer to impersonate the access point When you use a free public hotspot, the data you send is not usually encrypted or secure and so it is subject to hackers using sniffer programs o Maninthemiddle Attack (MITM attack): when transmissions that are being sent between two devices are intercepted by a third party. o Wardriving: a malicious activity that involves driving through a neighborhood with a wirelessenabled notebook computer with the goals of locating homes and business that have wireless networks in order to gain access to them To protect a Bluetooth device from an attack, you can disable the device’s Bluetooth feature so that its signal is invisible or in undiscoverable mode Internet Security: the unique threats and defenses associated with computers connected to the internet o Hacker: an individual who subverts computer security with out authorization o Bluehat hacker: a hacker who takes advantage of security vulnerabilities to gain unlawful access to private networks for unethical purposes o Whitehat hacker: an individual who considers himself/herself to be working for the common good by hacking into networks in order to call attention to flaws in security so that they can be fixed o Grayhat hacker: a hacker of questionable ethics o Script kid or kiddie: a person with little tech knowledge who follows the instructions of others to hack networks o Hacktivist: a hacker who hacks networks for a social cause or perceived greater good o Firewall: network hardware or software that examines data packets flowing in and sometimes out of a network or computer in order to filter out packets that are potentially dangerous o Software patch (security patch): fixes software bugs and flaws and is typically distributed to software users through online software updates o Malware (malicious software): includes any software designed to damage, corrupt, or illegally manipulate computer resources. Common forms include viruses, worms, and spyware. o Antivirus software (virus scan software): uses several teen to find viruses, worms, and spyware on a computer system; remove them if possible; and keep additional viruses, worms, and spyware from infecting the system o Botnet (botnet army): refers to a collection of computers autonomously or automatically working together toward some goal; these are often zombie computers that are synchronized to perform illegal activities on the internet. o Cyber warfare: extends traditional forms of warfare to the internet and the web, including espionage, psychological warfare, and attacks o Identity Theft: the criminal act of stealing information about a person to assumer that person’s identity in order to commit fraud or other crimes o Internet Fraud: the crime of deliberately deceiving a person over the internet in order to damage them or to obtain property or services unlawfully. o Digital Certificate (SSL Certificate): a type of electronic business card that is attached to internet transaction data to verify the sender of the data o Phishing Scam: combines fraudulent email with faked websites in order to trick a person into providing private information that can be used for identity theft o Information Security Laws: seek to protect the civil rights of populations from abuses of information systems and the internet. U.S. Information Security Laws o Consumer internet privacy protection act of 1997 Requires data collectors to alert people that their personal information is being shared with other organizations o Children’s online privacy protection act of 2000 Gives parents control over what information is collected from their children online and how such information may be used o Information protection and security act of 2005 Gives the FTC the ability to regulate the sale of personal information o Notification of risk to personal data act of 2003 Requires business to notify individuals when their personal information is stolen o Identity theft protection act of 2005 Requires businesses to secure sensitive data data physical and technologically and to notify consumers nation wide when data is compromised o Health insurance portability and accountability act (HIPAA) of 1996 Requires those in the health industry to protect the privacy of health information and provides policies and procedures for doing so. o SarbanesOxley Act (“Sarbox”) of 2002 Fights corporate corruption by imposing stringent reporting requirements and internal controls on electronic financial records and transactions o GrammLeachBlilley Act (GLBA) of 1999 Requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information.
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'