File

advertisement
Janash Plata
Cyber Crime
Crimes
Hacking
Theft
Cyber Stalking
Identity Theft
Malicious Software
Definition
Prevention
This is a type of crime
wherein a person’s
computer is broken into so
that his personal or
sensitive information can
be accessed.
Use up-to-date anti-virus
and anti-spyware software
This crime occurs when a
person violates copyrights
and downloads music,
movies, games and
software. There are even
peer sharing websites
which encourage software
piracy and many of these
websites are now being
targeted by the FBI.
Reduce the number of
preapproved credit card
offers you receive
This is a kind of online
harassment wherein the
victim is subjected to a
barrage of online messages
and emails.
Password protect all
accounts including cell
phones, land lines, e-mails,
banking and credit cards
with a secure password
that would be difficult for
anyone to guess. Change it
every year. Your secret
questions should not be
easily answered.
This has become a major
problem with people using
the Internet for cash
transactions and banking
services. In this cyber
crime, a criminal accesses
data about a person’s bank
account, credit cards,
Social Security, debit card
and other sensitive
information to siphon
money or to buy things
online in the victim’s name.
Don’t give out personal
information on the phone,
through the mail or over
the Internet unless you
initiated the contact.
These are Internet-based
software or programs that
are used to disrupt a
network.
Software that gives partial
to full control of your
computer to do whatever
the malware creator wants.
Malware can be a virus,
worm, trojan, adware,
spyware, root kit, etc.
Install anti-virus software
and keep it up-to-date.
This is your first line of
defense against computer
viruses and other
malicious software. There
is free anti-virus software,
which I will tell you about
in a moment, available for
download online.
Don’t give out your SSN
unnecessarily (only for tax
reasons, credit or verified
employment.) Before
providing personal
identifiers, know how it will
be used and if it will be
shared.
Janash Plata
Trap Doors or Back Doors
Denial-of-service attack
Eavesdropping
A backdoor in a computer
system, a cryptosystem or
an algorithm, is a method
of bypassing normal
authentication, securing
remote access to a
computer, obtaining access
to plaintext, and so on,
while attempting to remain
undetected. A special form
of asymmetric encryption
attacks, known as
kleptographic attack,
resists to be useful to the
reverse engineer even after
it is detected and analyzed
Removing a backdoor is a
difficult and complex
process. The ideal
approach is to make sure
that a backdoor is never
planted in the first place.
This is best achieved by
hiring a security
consultant who works for a
well-known and respected
organization; an individual
with an extensive track
record of working with
companies in a particular
field. The worst approach
is to hire a consultant,
perhaps via a Craigslist ad
or a newspaper classified,
without asking for
credentials and a verifiable
list of clients.
Not used to gain
unauthorized access or
control of a system. They
are instead designed to
render it unusable.
Attackers can deny service
to individual victims, such
as by deliberately entering
a wrong password enough
consecutive times to cause
the victim account to be
locked, or they may
overload the capabilities of
a machine or network and
block all users at once.
Locked in a file cabinet
somewhere may be a
document explaining the
original purpose of your
network design and its
interdependencies. For any
change to the network to
be made, the document
should be consulted and
updated.
Eavesdropping is the act of
surreptitiously listening to
a private conversation,
typically between hosts on
a network. For instance,
programs such as
Carnivore and
NarusInsight have been
used by the FBI and NSA
to eavesdrop on the
systems of internet service
providers. Even machines
that operate as a closed
system (i.e., with no
contact to the outside
world) can be eavesdropped
upon via monitoring the
faint electro-magnetic
transmissions generated by
the hardware; TEMPEST is
a specification by the NSA
referring to these attacks.
Stops a computer or other
device from seeing network
traffic that is not intended
for that port. When
Eavesdrop Prevention is
configured on a port of one
of these hubs, the hub
compares the port's
authorized station address
with the destination
address of any outbound
packets.
Janash Plata
Software Masquerade
Social Engineering
Computer Harassment
A masquerade is a type of
attack where the attacker
pretends to be an
authorized user of a
system in order to gain
access to it or to gain
greater privileges than they
are authorized for.
Used in computer security,
intrusion detection refers
to the process of
monitoring computer and
network activities and
analyzing those events to
look for signs of intrusion
in your system. The point
of looking for unauthorized
intrusions is to alert IT
professionals and system
administrators within your
organization to potential
system or network security
threats and weaknesses.
Social engineering is a
non-technical method of
intrusion hackers use that
relies heavily on human
interaction and often
involves tricking people
into breaking normal
security procedures. It is
one of the greatest threats
that organizations today
encounter.
NEVER provide
confidential information or,
for that matter, even nonconfidential data and
credentials via email, chat
messenger, phone or in
person to unknown or
suspicious sources.
If you receive an email with
a link to an unknown site
AVOID the instinct to click
it immediately even if it
seems to have been sent
from one of your contacts.
Take a look at the URL to
see if it looks suspicious.
Often the email might seem
to have arrived from one of
your contacts but if you
check the email address
you will see that it is not
legitimate. REMEMBER if it
looks fishy, it probably is!
Computer and internet
Recognize the situation for
harassment can come in all what it is: Online
types of forms. It can even
harassment.
tie into social media abuse.
If you are receiving emails
from someone that contain
content of threats,
inappropriate messages or
sexual in nature you need
to contact a professional to
determine where these
message are coming from
and who is sending them.
This can be very difficult to
trace and utilizing the right
partner is very important
to obtain the identity of the
person harassing you via
the computer.
Janash Plata
Data Diddling
Dumpster Diving
Data diddling can occur at
various points along the
chain of information entry,
and it is often very subtle
and virtually undetectable.
It can be something as
small as a time clerk
substituting his own name
or employee number for
another employee's name
or number. It can be
combated by ensuring that
all information is identical,
whether it is a hard copy or
the data within a digital
system.
Accounting controls,
supervision, auditing,
separation of duties, and
authorization limits.
Dumpster diving is a
technique used to retrieve
information that could be
used to carry out an attack
on a computer network.
Destroy all sensitive
information including junk
mail and paperwork that
includes:
Account numbers
Addresses
Birth dates
E-mail addresses
Names
Passwords and PINs
Phone numbers
Signatures
Social Security Numbers
War Dialing
Salami Attack
Logic Bomb
War dialing or wardialing is
a technique of using a
modem to automatically
scan a list of telephone
numbers, usually dialing
every number in a local
area code to search for
computers, Bulletin board
systems and fax machines.
Avoid scam
A salami attack is when
small attacks add up to
one major attack that can
go undetected due to the
nature of this type of cyber
crime.
Avoid suspicion from the
unsuspecting customer
A logic bomb is a piece of
code intentionally inserted
into a software system that
will set off a malicious
function when specified
conditions are met. For
example, a programmer
may hide a piece of code
that starts deleting files
(such as a salary database
trigger), should they ever
be terminated from the c
Logic bombs are difficult to
prevent because they can be
deployed from almost
anywhere. An attacker can
plant the logic bomb via a
variety of means on multiple
platforms, such as hiding the
malicious code in a script or
deploying it on a SQL server.
Janash Plata
Download