staying safe on the internet
TRANSCRIPT
Security and Privacy
1. Discuss various types of cybercrime.2. Differentiate between different types of
malware.3. Explain how to secure a computer.4. Discuss safe computing practices.5. Discuss laws related to computer security
and privacy.6. Identify the certifications and careers
related to computer security and privacy.
RUNNING PROJECT
•In this project, you’ll explore security and privacy.•Look for instructions as you complete each article.•For most, there a series of questions for you to research.•At the conclusion of the chapter, you’re asked to submit your responses to the questions raised.
Article 1 – Cybercrime: They Are Out To Get You
Objective 1 –Discuss various types of cybercrime. The term cybercrime means criminal activity on the internet. Most of these crimes existed in some form long before computers came along, but technology has made them easier to commit and more widespread.
In this article, we discuss some of the most common forms of cybercrime that you should be on the lookout for.
Personal Cybercrime•Against individuals, not companies•Harassment – cyberbullying and cyberstalking•Phishing and Pharming – e-mail and IM•Fraud – voluntarily giving money (example below)
ClickjackingClickjacking is one of the newest threats social networking users face. Users are tricked into “liking” a page and suggesting that page to friends. The “liked” page may contain links to malicious externals sites. Go to facebook.com/security.
Click the Threats tab. What are some of the current threats, and how can you protect yourself from them?
Identity Theft•White-hat (sneakers) – prevent future hacking•Gray-hat – non-malicious, breaks into systems•Black-hat (crackers) – hacking for malicious purposes
Cybercrime Against Organizations•Cyberterrorism •2008 report by the Center for Strategic and International Studies – unknown attackers the previous year against NASA and Homeland Security•Unsuccessful and unreported•Pentagon attacks•Simulated cyber attack in 2010 by CNN
Key Terms•computer fraud•cyberbullying•cybercrime•cyberstalking•cyberterrorism•hacking•identify theft•pharming•phishing
4 Things You Need to Know•Cybercrime•Harassment, phishing, pharming, fraud, and identity theft•Hackers•Cyberterrorism
Running Project•What steps should you take to prevent identity theft? How have you implemented these in your activities? Are there other things you should be doing?
Article 2 – Malware: Pick Your PoisonObjective 2 – Differentiate between different types of malware.
The term malware includes many different programs that are designed to be harmful or malicious. Protecting your computer can be a difficult task.
This article will discuss various types of malware you should be on the look out for.
Spam •Mass unsolicited e-mails•Easy and inexpensive•Other forms – IM, fax, and texts•Costs businesses
Spam in gmail account(right)
AdwareMalware – adware•Banner ads•Reduce computer’s performance•AIM (left)
Spyware•Malware that gathers personal information•Sent to third party•Installed inadvertently•Cool Web Search
Viruses, Worms, Trojans, and Rootkits•Virus•Host file•Payload•Hoaxes•Hoax-slayer (left) – check to see if an e-mail message is a hoax
Logic Bomb and Worms•Virus•Doesn’t spread to other machines•Attacks when certain conditions are met•Aka time bomb•Dormant•Worm – self replicating, no host needed•Scans a network•Conflicker
•Botnet (left) – network of computer zombies•Trojan horse – malicious program that looks legitimate•Keylogger – captures information from a keyboard•Rootkit – programs that allow someone to gain control
Key Terms•adware•botnet•cookie•denial-of-service•keylogger•logic bomb•malware•payload
5 Things You Need to Know•Malware•Spam•Spyware•Viruses, worms, Trojans and rootkit•Botnet
Running Project•Visit the U.S. Computer Emergency Readiness Team website.•Click Alerts and Tips.•Then Cyber Security Alerts.•What are the current security issues that users should be aware of?•Have you taken the steps to protect yourself?
•rootkit•spam•spyware•time bomb•trojan horse•virus•worm
Article 3 – Shields Up!Objective 3 – Explain how to secure a computer.
Protecting your computer from intrusion or infection can be a daunting task. In this article, we discuss important steps to keep your system secure.
Software•Firewall – block access to network and individual machines•Windows 7 – protects from local and internet attacks•Windows Firewall Control Panel (right)
•Settings to block connections to programs no on the list•Learns what to allow and not allow
Antivirus Programs•New computers with trial version•Scans computer files – signature checking•Virus definition files track new threats•Outdated definition files leave machine vulnerable to attack•Heuristic methods•Very important
Antispyware•Prevents adware and spyware from installing•Not always caught by antivirus programs•Windows Defender•Real-time protection•Ad-Aware•Spybot Search & Destroy•Malwarebytes•Anti-Malware
The CNET download.com website (right) featurescategories of security softwareyou can download
Security Suites•Packages of security software•Offers complete protection•Expensive•Decrease system resources
Hardware – Router•Connects two or more networks together•Use between your personal computer and the internet•Acts like a firewall•Customize using the router utility (right)•Set restrictions•Network Address Transition
Wireless Router•Same features but also provides wireless access point to your network•Potential security risk if not properly secured•Router setup utility to change:
•SSID•Wireless network name•Wireless encryption (right)
Operating System•Critical to keep patched and up-to-date•Automatic updates•Can change settings (right)•In most instances, don’t change•W7 Action Center to check protection•Access through white flag in taskbar•Check when see red X on on white flag
Key Terms•antispyware software•antivirus program•firewall•NAT•router•security suite•wireless encryption
4 Things You Need to Know•Software firewall•Antivirus programs•Antispyware software•Network address shields
Running Project•Visit the U.S. Computer Emergency Readiness Team website.•Click Alerts and Tips.•Then Cyber Security Alerts.•What are the current security issues that users should be aware of?•Have you taken the steps to protect yourself?
How To – Configure Secure Internet Explorer Browser Settings1. Open Internet Explorer.2. Open the Tools menu, and click
Internet Options.3. On the General tab, verify that the
correct page is set.4. Some browser hijackers may change
this.5. Click the Delete button.6. What are the options available?7. Which options are checked by default?8. Click About deleting browsing history,
and read the Help page.9. Close the Help screen and the delete
Browsing History dialog box.
10. In the Internet Options dialog box, click the Security tab.
11. In the Select a zone to view or change security settings box, click Internet, and read the description below it.
12. Click Local Intranet, and read the description.
13. How is the security level for this zone different from the Internet zone?
14. Click the Sites button and then click the Advanced button.
15. Are there any websites in this zone?16. If not, are there any that you believe
should be there? 17. Click Close and then Cancel.
18. Click Trusted sites.19. In the Add this website to the zone box, http://pearsoned.com.20. Uncheck Require server verification, click Add.21. Click Close.
22. Click Privacy tab.23. Click Sites.24. Click OK.25. Click Settings.26. Click Learn more about Pop-up Blocker.27. Close the Help window and the Pop-up
Blocker Settings dialog box.28. Click Advanced tab.29. Check: Do not save encrypted pages to disk Empty Temporary Internet Files30. Both of these will increase your
security.31. Save file as
Lastname_Firstname_ch10_HowTo
Article 4 – An Ounce of Prevention Is Worth a Pound of Cure
Objective 4 – Discuss safe computing practices.
The list of threats grows daily in size and danger. The only way to be truly safe is to unplug your computer and never connect it to a network, but because this isn’t practical for most computer users, practicing safe computing is critical to protecting your system and your personal information.
User Accounts•W7 has several layers of security•First – type of accounts (right)
•Standard•Administrator•Guest
•UAC notifies before changes are made
Passwords Boxes•Safe•Different systems have different rules•More places = more complicated•Sarah Palin example•Facebook profile•Password-cracking software
Rules for good passwords•8 characters•Upper and lowercase letters•One number•One special character•No words found in a dictionary•Nothing personally identifiable •Don’t write it down•Security questions with unexpected answers•Different passwords for different accounts•More difficult passwords for bank accounts and credit cards•Change default passwords•Change passwords regularly
Encryption•Converts plain text into cipertext•Key needed•Secure connection•https means encrypted (right) • http – plain text
Acceptable Use Policies•AUP•Force user to practice safe computing•Restrictions variable•Highly secure AUP = prohibits personal use•Personal AUP
•Be smart when reading e-mail•Be wary of phishing and fraud scams•Use administrator accounts only when necessary•Use good, strong passwords•Be cautious of information you enter on websites•Look for https
Key Terms•acceptable use policy (AUP)•ciphertet•encryption•user account control (UAC)
4 Things You Need to Know•Standard account•UAC•Strong passwords•Encryption
Running Project•Do you have multiple user accounts set up on your computer?•Is your everyday account a standard user account or an administrator account?•Is it password protected?•What steps do you take to protect your information when you surf the Web?
Article 5 – The Law Is On Your SideObjective 5 – Discuss laws related to computer security and privacy.
Because computer crimes are so closely related to ordinary crime, many laws that already exist also apply to computer crimes. For example, theft and fraud are illegal whether a computer is used or not. However, cybercrime has also created new crimes that aren’t covered by existing laws, and over the past two decades, the U.S. has enacted several important laws.
The Enforcers•FBI•Secret Service•U.S. Immigration and Customs Enforcement•U.S. Postal Inspection Service•Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF)•Report cybercrimes – crime complaint center – ic3.gov (right)
Current Laws•1986 – Computer Fraud and Abuse Act•1988 – 2002 – added additional crimes•2001 – USA Patriot antiterrorism legislation •2002 – Cyber Security Enhancement Act•Difficult to catch because attack from outside U.S.•Convention of Cybercrime – 40 countries including U.S., Canada, and Japan
Take our Test•Visit lookstoogoodtobetrue.com, and click Take our Test. •Take several of the tests to see your risks•How well did you do?•Are there steps that you should be taking to better protect yourself?
Key Terms•internet crime•complaint center (IC3)
Running Project•Cybersecurity Enhancement Act of 2010 was still being debated.•What’s the status of this act?•Have there been any other cybercrime laws passed since then?
3 Things You Need to Know•Existing laws•IC3•International cooperation
Article 6 – What Can I Do With Knowledge About Security
and Privacy?Objective 6 – Identify the certifications and careers related to security
and privacy..
The world of information security can be exciting, and the job pays well, but it requires many long hours and a lot of education and experience to be successful.
The first step is to get some training and certification.
Certifications•CompTia •Cisco – CCNA, CCIE•Certified Ethical Hacker (CEH)•Computer Hacking Forensics Investigator(CHFI)•CISSP•GIAC•Computer Network Security Consultant
Botnets•Sleep mode or part of Botnet•Energy used my compromised systems•Keep machine clean and secure•Assure that it’s not part of a botnet•Turn it off
Objectives Recap
1. Discuss various types of cybercrime.2. Differentiate between different types of malware.3. Explain how to secure a computer.4. Discuss safe computing practices.5. Discuss laws related to computer security and privacy.6. Identify the certifications and careers related to
computer security and privacy.