Saturday, April 22, 2017

Digital Security and Ethics

  • Risks
    • Hacker
    • Cracker
    • Script Kiddie
    • Corporate spies
    • Unethical employees
    • Cyber-extortionist
    • cyber-terrorists
  • Types of Risks
    • Virus
      • Antivirus
    • Worm
    • Trojan Hose
      • Anti-spyware
      • Anti-malware
    • Rootkit
      • Anti-Virus
    • Ransomware
  • Risks Explained
    • Computer Virus
      • Affects a computer negatively by altering the way the computer works
    • Worm
      • copies itself repeatedly, using up resources and possibly shutting down the computer or network
    • Trojan Horse
      • A malicious program that hides within or looks like a legitimate program
    • Rootkit
      • Program that hides in a computer and allows someone from a remote location to take full control
  • Symptoms
    • OS running slow, stops intermittently or does not start
    • Less memory available
    • Corrupt files and programs
    • Programs do not operate properly
    • Unknown programs are activated
  • Tools
    • Hardware firewall
    • Software firewall
    • Anti-virus
      • Virus definition and signature
      • Quarantine
    • Anti-malware
    • Malware removal tool
    • Windows update
      • Service Packs
    • Internet security
  • Hardware Firewalls
    • Used for blocking access to ports on computers behind a firewall
    • Hides the IP address behind a private IP address
    • Built into many routers
      • In particular, into wireless routers
  • Hardware Firewall Brands
    • Wireless routers from the following brands have built-in firewalls
      • D-Link, Linksys and NetGear
  • Software Firewall
  • Barrier Against Intruders
    • Hardware firewall
    • Software firewall
  • Likely Source of Viruses
    • Email
      • This is the most likely source of viruses entering a computer
    • Removable disks, or flash disks in general
    • Booting with removable disks
    • Macros in Programs
    • Executing scripts in Web pages
  • Forced Execution
    • Some website would force the execution of a script
      • ctrl-alt-del and ending the task would provide a way out of executing the script
      • In some cases, closing the website would be a way out of executing the script
  • Preventing attacks
    • tips for preventing virus and other malware
      • never start a computer with removable media inserted in the drives or plugged in te ports, unless the media are uninfected
      • Never open an e-mail attachment unless you are expecting it and it is from a trusted source
      • Set the macro security in programs so that you can enable or disable macros. Enable macros only if the document is from a trusted source and you are expecting it 
      • Install an antivirus program on all of your computers. update the software and the virus signature files regularly
      • scan all downloaded programs for viruses and other malware
      • if the antivirus program flags and e-mail attatchment as infected, delete or quarantine the attatchment immediately
      • before using any removable media, scan the media for malware/ Follow the procedure even for shrink-wrapped software from major developers. Some commercial software has been infected and distributed to unsuspecting users
      • Install a personal firewall program
      • stay informed about new virus alerts and virus hoaxes
  • Import Considerations in Preventing Attacks
    • Avoid booting a computer with a removable media
    • disable the execution of macros in office documents such as word and excel documents and outlook emails
  •  Cookies
    • cookies are stored on computers by website
    • Information stored in cookies are accessed by the website each time the site is visited
    • cookies can be and possibly should be removed as soon as possible, if not, periodically
  • types of cookies
    • authentication cookies
    • cookies stored by websites
    • third-party tracking cookies
    • Firefox examples
  • Types of Attack
    • botnets
    • denial of service
    • back doors
    • spoofing
    • spamming
  • firewalls
    • Linksys firewall
    • D-link WBR 1310
    • NetGear
  • Software firewalls
    • Windows firewall example
  • Authorizing Access
    • password
    • access auditing
    • possessed object
    • PINs
    • Biometric devices
  • Authentication
    • One factor
    • Two Factor
    • Three Factor
    • Four Factor
  • Certification
    • A digital signature is an encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity on the sender
    • A digital certificate is a notice that guarantees a user or a Web site is legitimate
      • Issued by a certificate authority
  • Investigating Computer Evidence
    • digital forensics
  • Theft
    • safeguarding against theft
    • software and hardware theft
  • data protection
    • encryption
    • word example
    • using encryption program
      • TrueCrypt - now discontinued
      • VeraCrypt - an alternative to TrueCrypt
      • BitLocker encryption
  • BitLocker and VeraCrypt
    • BitLocker usually encrypts the whole drive
    • It can also encrypt folders
    • VeraCrypt can encrypt part of a drive
  • Encrypting Folders and files
  • Systems Safeguard
    • UPS
    • Backup
    • Hot-pluggable devices
    • Hot-swappable devices
    • RAID
  • Wireless LANs
    • SSID
    • Broadcasting SSID
      • Avoid fro security reason
    • Encryption
  • Wireless Encryption
  • Health Concerns
    • displays
    • repeated typing  
    • Ergonomics
  • Ethics and Accuracy
    • ethics
    • accuracy
    • green computing
  • Code of Conduct
    • Sample IT Code of Conduct
      • Technology may not be used to ham other people
      • employees may not meddle in others files
      • employees may use technology only for purposes in which they have been authorized
      • technology may not be used to steal
      • technology may not be used to bear fake witness
      • employees may not copy or use software illegally
      • employees may not use others' technology resources without authorization
      • employees may not use others' intellectual property as their own
      • employees shall consider the social impact of programs and systems they design
      • employees always should use technology in a way that demonstrates consideration and respect for fellow humans
  •  Copyright
  • Information Privacy
    • electronic profiles
    • cookies
      • removing cookies
    • spyware and adware
    • spam
    • phishing
    • social engineering
  •  Privacy and other IT laws
  • Content Filtering and Blocking
    • Limited access to certain parts of the website
      • ex: access to library database requires a password
    • prevent access to certain websites
  • Security Concerns
    • Phishing
    • Spyware
    • Adware
    • Social Engineering

No comments:

Post a Comment