Fluent Essays

Assingement 1Assingement 2part 1part 2part 3Assingement 3part 1part 2kindly find the attached file all question and Chapters is_quiz.docx easttom_ppt_03_final.ppt easttom_ppt_04_final__1_.ppt easttom_ppt_05_final.ppt easttom_ppt_06_final.ppt Unformatted Attachment Preview Assingement 1 Computer Security Issues in the NEWS (Current Events #1) (Chapters 3- 4) Your syllabus and textbook contain a list of topics and web resources where you can find information about network and computer topics. Each week, you must locate an article online pertaining to this course (the choice is yours). Prepare a brief written summary (2-4 paragraphs that describe the article. Include a LINK to the article or a reference citation so the work can be located (an example will be provided). Assingement 2 Computer Security Issues in the NEWS (Current Events #2) (Chapters 5-6) 1) Your syllabus and textbook contain a list of topics and web resources where you can find information about network and computer topics. Each week, you must locate an article online pertaining to this course (the choice is yours). Prepare a brief written summary (2-4 paragraphs that describe the article. Include a LINK to the article or a reference citation so the work can be located (an example will be provided). 2) What are the risks associated with using public Wi-Fi? 3) Many believe that complete security is infeasible. Therefore, we are left with incomplete security. Generally, the greater the security, the greater the cost. Discuss how one should weigh the benefits and associated costs of security. Assingement 3 Current Events Article Assignment (Week 5) 1) Please post your weekly current events article on any computer security topic here. 2) How is the regulation of security and trustworthiness on the Internet likely to develop? Will the private sector improve trust online? Will governments have to step in more? Will public confidence in the Internet decline to such a great extent that other infrastructures will become more popular? Computer Security Fundamentals by Chuck Easttom Chapter 3 Cyber Stalking, Fraud, and Abuse Chapter 3 Objectives ◼ ◼ ◼ ◼ Know the various types of Internet investment scams and auction frauds Know specific steps youcan take to avoid fraud on the Internet Have an understanding of what identity theft is and how it is done Know specific steps that can be taken to avoid identity theft © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 2 Chapter 3 Objectives- Cont. ◼ ◼ ◼ Understand what cyber stalking is, and be familiar with relevant laws Know how to configure a web browsers privacy settings Know what laws apply to these computer crimes © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 3 Internet Fraud Works ◼ Investment Scams ◼ Auction Frauds ❑ ❑ ❑ ◼ Shill bidding Bid shielding Bid siphoning Identity Theft ❑ ❑ Phishing Cross-Site Scripting © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 4 Investment Scams ◼ Pump and dump ◼ Investment advice © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 5 Laws About Internet Fraud ◼ 18 U.S.C. 1028, also known as The Identity Theft and Assumption Deterrence Act of 1998 ◼ State laws against cyber stalking © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 6 Identity Theft ◼ How bad is it? ◼ Phishing ❑ ❑ Spear phishing Whaling © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 7 Cyber Stalking ◼ What is it? ◼ Real-world cases © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 8 Cyber Stalking Cases ◼ What is it? ◼ Real-world cases ❑ ❑ ◼ Robert James Murphy Massachusetts case How to evaluate cyber stalking © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 9 Protecting Against Investment Fraud ◼ ◼ ◼ ◼ Only invest with well-known, reputable brokers. If it sounds too good to be true, then avoid it. Ask yourself why this person is informing you of this great investment deal. Why would a complete stranger decide to share some incredible investment opportunity with you? Remember that even legitimate investment involves risk, so never invest money that you cannot afford to lose. © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 10 Protect Yourself Against Identity Theft ◼ ◼ ◼ ◼ Do not provide your personal information to anyone if it is not absolutely necessary. Destroy documents that have personal information on them. Check your credit frequently. If your state has online driving records, then check yours once per year. © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 11 Secure Browser Settings ◼ ◼ ◼ Internet Explorer Firefox Chrome © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 12 Protect Yourself Against Auction Fraud ◼ ◼ ◼ ◼ Only use reputable auction sites. If it sounds too good to be true, don’t bid. Some sites actually allow you to read feedback other buyers have provided on a given seller. Read the feedback, and only work with reputable sellers. When possible use a separate credit card (one with a low limit) for online auctions. © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 13 Protect Yourself Against Cyber Stalking ◼ If you use chat rooms, discussion boards, and so forth, do not use your real name. Set up a separate email account with an anonymous service, such as Yahoo!, Gmail, or Hotmail. Then use that account and a fake name online. This makes it hard for an online stalker to trace back to you personally. © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 14 Protect Yourself Against Cyber Stalking (cont.) ◼ If you are the victim of online harassment, keep all the e-mails in both digital and printed format. Use some of the investigative techniques you explore later in this book to try toidentify the perpetrator. If you are successful, then you can take the e-mails and the information on the perpetrator to law enforcement officials. © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 15 Protect Yourself Against Cyber Stalking (cont.) ◼ Do not, in any case, ignore cyber stalking. According to the Working to Halt Online Abuse Web site,19 \% of cyber stalking cases escalate to stalking in the real world. © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 16 Summary ◼ ◼ Clearly, fraud and identity theft are real and growing problems. In this modern age of instant access to information and online purchasing, it is critical that everyone takes steps to protect themselves against this issue. Cyber stalking is one area that is often new to both civilians and law enforcement. Unfortunately, cyber stalking cases can escalate into real-world violence. © 2016 Pearson, Inc. Chapter 3 Cyber Stalking, Fraud, and Abuse 17 Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks Chapter 4 Objectives ◼ ◼ ◼ ◼ Understand how DoS attacks are accomplished Know how certain DoS attacks work Protect against DoS attacks Defend against specific DoS attacks © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 2 Introduction ◼ Denial-of-Service Attacks ❑ ❑ ❑ ❑ One of the most common types of attacks Prevent legitimate users from accessing the system Know how it works Know how to stop it © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 3 Introduction (cont.) ◼ Computers have physical limitations ❑ ❑ ❑ ❑ ◼ Number of users Size of files Speed of transmission Amount of data stored Exceed any of these limits and the computer will cease to respond © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 4 Overview ◼ LOIC ❑ ❑ GUI Easy to use © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 5 Overview (cont) ◼ XOIC ❑ ❑ GUI Easy to use © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 6 Overview (cont.) ◼ Common Tools Used for DoS ❑ TFN and TFN2K ◼ ◼ ◼ ◼ ◼ ◼ Can perform various protocol floods. Master controls agents. Agents flood designated targets. Communications are encrypted. Communications can be hidden in traffic. Master can spoof its IP. © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 7 Overview (cont.) ◼ Common Tools Used for DoS ❑ Stacheldracht ◼ ◼ ◼ Combines Trinoo with TFN Detects source address forgery Performs a variety of attacks © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 8 Overview (cont.) Stacheldracht on the Symantec site © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 9 Overview (cont.) ◼ DoS Weaknesses ❑ The flood must be sustained. ◼ ◼ Whenmachines are disinfected, the attack stops. Hacker’s own machine are at risk of discovery. © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 10 DoS Attacks ◼ TCP SYN Flood Attack ❑ ❑ ❑ Hacker sends out a SYN packet. Receiver must hold space in buffer. Bogus SYNs overflow buffer. © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 11 DoS Attacks (cont.) © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 12 DoS Attacks (cont.) ◼ Methods of Prevention ❑ SYN Cookies ◼ ◼ ◼ ◼ Initially no buffer is created. Client response is verified using a cookie. Only then is the buffer created. Resource-intensive. © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 13 DoS Attacks (cont.) ◼ Methods of Prevention ❑ RST Cookies ◼ ◼ ◼ ◼ Sends a false SYNACK back Should receive an RST in reply Verifies that the host is legitimate Not compatible with Windows 95 © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 14 DoS Attacks (cont.) ◼ Methods of Prevention ❑ Stack Tweaking ◼ ◼ ◼ Complex method Alters TCP stack Makes attack difficult but not impossible © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 15 DoS Attacks (cont.) ◼ Smurf IP Attack ❑ Hacker sends out ICMP broadcast with spoofed source IP. ◼ ◼ ◼ Intermediaries respond with replies. ICMP echo replies flood victim. The network performs a DDoS on itself. © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 16 DoS Attacks (cont.) CERT listing on Smurf attacks © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 17 DoS Attacks (cont.) ◼ Protection against Smurf attacks ❑ ❑ ❑ ❑ Guard against Trojans. Have adequate AV software. Utilize proxy servers. Ensure routers don’t forward ICMP broadcasts. © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 18 DoS Attacks (cont.) ◼ UDP Flood Attack ❑ ❑ ❑ Hacker sends UDP packets to a random port Generates illegitimate UDP packets Causes system to tie up resources sending back packets © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 19 DoS Attacks (cont.) ◼ ICMP Flood Attack ❑ ❑ Floods – Broadcasts of pings or UDP packets Nukes – Exploit known bugs in operating systems © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 20 DoS Attacks (cont.) ◼ The Ping of Death (PoD) ❑ ❑ ❑ Sending a single large packet. Most operating systems today avoid this vulnerability. Still, keep system patched. © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 21 DoS Attacks (cont.) ◼ Teardrop Attack ❑ ❑ ❑ Hacker sends a fragmented message Victim system attempts to reconstruct message Causes system to halt or crash © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 22 DoS Attacks (cont.) ◼ Land Attack ❑ ❑ ❑ Simplest of all attacks Hacker sends packet with the same source and destination IP System “hangs” attempting to send and receive message © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 23 DoS Attacks (cont.) ◼ Echo/Chargen Attack ❑ ❑ ❑ Echo service sends back whatever it receive.s Chargen is a character generator. Combined, huge amounts of data form an endless loop. © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 24 Distributed Denial of Service (DD0S) ◼ ◼ ◼ ◼ Routers communicate on port 179 Hacker tricks routers into attacking target Routers initiate flood of connections with target Target system becomes unreachable © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 25 Real-World Examples ◼ MyDoom ❑ ◼ Worked through e-mail Slammer ❑ Spread without human intervention © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 26 How to Defend Against DoS Attacks ◼ In addition to previously mentioned methods ❑ Configure your firewall to ◼ ◼ ◼ ❑ Filter out incoming ICMP packets. Egress filter for ICMP packets. Disallow any incoming traffic. Use tools such as NetStat and others. © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 27 How to Defend Against DoS Attacks (cont.) ◼ ◼ ◼ ◼ ◼ ◼ Disallow traffic not originating within the network. Disable all IP broadcasts. Filter for external and internal IP addresses. Keep AV signatures updated. Keep OS and software patches current. Have an Acceptable Use Policy. © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 28 Summary ◼ ◼ ◼ ◼ DoS attacks are common. DoS attacks are unsophisticated. DoS attacks are devastating. Your job is constant vigilance. © 2016 Pearson, Inc. Chapter 4 Denial of Service Attacks 29 Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware Chapter 5 Objectives ◼ ◼ ◼ ◼ Understand viruses and how they propagate Have a working knowledge of several specific viruses Understand virus scanners Understand what a Trojan horse is © 2016 Pearson, Inc. Chapter 5 Malware 2 Chapter 5 Objectives (cont.) ◼ ◼ ◼ ◼ Have a working knowledge of several specific Trojan horse attacks Understand the buffer overflow attack Understand spyware Defend against these attacks © 2016 Pearson, Inc. Chapter 5 Malware 3 Introduction ◼ Virus outbreaks ❑ ❑ ❑ ◼ ◼ ◼ How they work Why they work How they are deployed Buffer overflow attacks Spyware Other malware © 2016 Pearson, Inc. Chapter 5 Malware 4 Viruses ◼ A computer virus ❑ ❑ ❑ Self-replicates Spreads rapidly May or may not have a malicious payload © 2016 Pearson, Inc. Chapter 5 Malware 5 Viruses (cont.) How a virus spreads ❑ Finds a network connection; copies itself to other hosts on the network ◼ Requires programming skill OR ❑ Mails itself to everyone in host’s address book ◼ Requires less programming skill © 2016 Pearson, Inc. Chapter 5 Malware 6 Viruses (cont.) ◼ E-mail propagation ❑ More common for one major reason; ◼ ◼ ❑ Microsoft Outlook is easy to work with. Five lines of code can cause Outlook to send emails covertly. Other viruses spread using their own e-mail engine. © 2016 Pearson, Inc. Chapter 5 Malware 7 Viruses (cont.) ◼ Network propagation. ❑ ◼ Web site delivery. ❑ ◼ Less frequent, but just as effective Relies on end-user negligence Multiple vectors for a virus are becoming more common. © 2016 Pearson, Inc. Chapter 5 Malware 8 Viruses (cont.) ◼ Virus Types ❑ ❑ ❑ ❑ ❑ ❑ Macro Multi-Partite Armored Memory Resident Sparse Infector Polymorphic © 2016 Pearson, Inc. Chapter 5 Malware 9 Viruses (cont.) Symantic site information on the Sobig virus © 2016 Pearson, Inc. Chapter 5 Malware 10 Viruses (cont.) Information on the Minmail virus from the Sophos site © 2016 Pearson, Inc. Chapter 5 Malware 11 Viruses (cont.) Information on the Bagle virus from the internet.com site © 2016 Pearson, Inc. Chapter 5 Malware 12 Viruses (cont.) Virus hoaxes from the McAfee site © 2016 Pearson, Inc. Chapter 5 Malware 13 Viruses (cont.) Wikipedia information on Robert Tappan Morris, Jr. © 2016 Pearson, Inc. Chapter 5 Malware 14 Viruses (cont.) ◼ Examples ❑ ❑ ❑ Rombertik Gameover ZeuS FakeAV © 2016 Pearson, Inc. Chapter 5 Malware 15 Viruses (cont.) ◼ Rules for avoiding viruses: ❑ ❑ Use a virus scanner. DO NOT open questionable attachments. ◼ ❑ Use a code word for safe attachments from friends. Do not believe “Security Alerts.” © 2016 Pearson, Inc. Chapter 5 Malware 16 Ransomeware ◼ Examples ❑ ❑ Cryptolocker Cryptowall © 2016 Pearson, Inc. Chapter 5 Malware 17 Trojan Horses A program that looks benign, but is not ◼ A cute screen saver or apparently useful login box can ❑ ❑ ❑ Download harmful software. Install a key logger . Open a back door for hackers. © 2016 Pearson, Inc. Chapter 5 Malware 18 Trojan Horses (cont.) ◼ Competent programmers can craft a Trojan horse: ❑ ❑ ◼ To appeal to a certain person or To appeal to a certain demographic Company policy should prohibit unauthorized downloads. © 2016 Pearson, Inc. Chapter 5 Malware 19 Trojan Horses (cont.) Still-valid CERT advisory on Trojan horses © 2016 Pearson, Inc. Chapter 5 Malware 20 Trojan Horses (cont.) ◼ Competent programmers can craft a Trojan horse: ❑ ❑ ◼ To appeal to a certain person or To appeal to a certain demographic Company policy should prohibit unauthorized downloads. © 2016 Pearson, Inc. Chapter 5 Malware 21 The Buffer Overflow Attack ◼ EliteWrap. © 2016 Pearson, Inc. Chapter 5 Malware 22 The Buffer Overflow Attack (cont.) A Microsoft Security Bulletin on a buffer overflow attack © 2016 Pearson, Inc. Chapter 5 Malware 23 The Buffer Overflow Attack (cont.) Web tutorial for writing buffer overflows © 2016 Pearson, Inc. Chapter 5 Malware 24 Spyware ◼ ◼ ◼ ◼ Requires more technical knowledge Usually used for targets of choice Must be tailored to specific circumstances Must then be deployed © 2016 Pearson, Inc. Chapter 5 Malware 25 Spyware (cont.) ◼ Forms of spyware ❑ ❑ Web cookies Key loggers © 2016 Pearson, Inc. Chapter 5 Malware 26 Spyware (cont.) ◼ Legal Uses ❑ ❑ ◼ Monitoring children’s computer use Monitoring employees Illegal Uses ❑ Deployment will be covert © 2016 Pearson, Inc. Chapter 5 Malware 27 Spyware (cont.) Example of free spyware removal software © 2016 Pearson, Inc. Chapter 5 Malware 28 Other Forms of Malware ◼ Rootkit ❑ A collection of hacking tools that can ◼ ◼ ◼ ◼ Monitor traffic and keystrokes Create a backdoor Alter log files and existing tools to avoid detection Attack other machines on the network © 2016 Pearson, Inc. Chapter 5 Malware 29 Malicious Web-Based Code ◼ Web-Based mobile code ❑ ❑ ❑ Code that is portable on all operating systems Multimedia rushed to market results in poorly scripted code Spreads quickly on the web © 2016 Pearson, Inc. Chapter 5 Malware 30 Logic Bombs ◼ Go off on a specific condition ❑ ❑ Often date Can be other criteria © 2016 Pearson, Inc. Chapter 5 Malware 31 APT ◼ Advanced Persistent Threat ❑ ❑ Advanced techniques, not script kiddy’s Ongoing over a significant period of time © 2016 Pearson, Inc. Chapter 5 Malware 32 Detecting and Eliminating Viruses and Spyware ◼ Antivirus software operates in two ways: ◼ Scans for virus signatures ❑ ◼ Keeps the signature file updated Watches the behavior of executables ▪ ▪ © 2016 Pearson, Inc. Attempts to access e-mail address book Attempts to change Registry settings Chapter 5 Malware 33 Detecting and Eliminating Viruses and Spyware (cont.) ◼ Anti-spyware software ❑ ❑ ❑ ❑ www.webroot.com www.spykiller.com www.zerospy.com www.spectorsoft.com © 2016 Pearson, Inc. Chapter 5 Malware 34 Summary ◼ ◼ ◼ ◼ There are a wide variety of attacks. Computer security is essential to the protection of personal information and your company’s intellectual property. Most attacks are preventable. Defend against attacks with sound practices plus antivirus and antispyware software. © 2016 Pearson, Inc. Chapter 5 Malware 35 Computer Security Fundamentals by Chu ... Purchase answer to see full attachment