Computer Security Literacy



Similar documents
Why is a strong password important?

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Malware & Botnets. Botnets

Business ebanking Fraud Prevention Best Practices

BE SAFE ONLINE: Lesson Plan

Online Banking Fraud Prevention Recommendations and Best Practices

Common Cyber Threats. Common cyber threats include:

Countermeasures against Spyware

Reliance Bank Fraud Prevention Best Practices

Business Internet Banking / Cash Management Fraud Prevention Best Practices

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

External Supplier Control Requirements

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

NATIONAL CYBER SECURITY AWARENESS MONTH

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Detailed Description about course module wise:

Protection of Personal Computer Best Practices for General User

Laura Royer, Extension Faculty, University of Florida/IFAS Osceola County Extension Services

Certified Secure Computer User

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

Designing and Coding Secure Systems

It Won t Happen To Me! A Network and PCI Security Webinar Presented By FMS and VendorSafe

Computer Security. Introduction to. Michael T. Goodrich Department of Computer Science University of California, Irvine. Roberto Tamassia PEARSON

Web Security School Final Exam

RESILIENT. SECURE and SOFTWARE. Requirements, Test Cases, and Testing Methods. Mark S. Merkow and Lakshmikanth Raghavan. CRC Press

CYBERTRON NETWORK SOLUTIONS

Cyber Security. Maintaining Your Identity on the Net

Course Content: Session 1. Ethics & Hacking

The SMB Cyber Security Survival Guide

CESG Certification of Cyber Security Training Courses

Ethical Hacking Course Layout

Alexander Nikov. 9. Information Assurance and Security, Protecting Information Resources. Learning Objectives. You re on Facebook? Watch Out!

Practical tips for a. Safe Christmas

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Essentials of PC Security: Central Library Tech Center Evansville Vanderburgh Public Library

OKPAY guides. Security Guide

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

INSTANT MESSAGING SECURITY

Cyber Security Best Practices. 1. Introduction What is cyber security and why is it important?

Section 12 MUST BE COMPLETED BY: 4/22

Certified Secure Computer User

TMCEC CYBER SECURITY TRAINING

Infocomm Sec rity is incomplete without U Be aware,

Deliuery Networks. A Practical Guide to Content. Gilbert Held. Second Edition. CRC Press. Taylor & Francis Group

Computer Protection. Computer Protection. Computer Protection 5/1/2013. Classic Battle of Good vs Evil. David Watterson & Ross Cavazos

How to stay safe online

Information Security. Louis Morgan, CISSP Information Security Officer

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

3 day Workshop on Cyber Security & Ethical Hacking

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

Don t Click That Link and other security tips. Laura Perry Jennifer Speegle Mike Trice

Network Security Survey of Small Businesses


Chapter 15: Computer and Network Security

Safe Practices for Online Banking

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

BLACKJACKING: SECURITY THREATS TO BLACKBERRY DEVICES, PDAS, AND CELL PHONES IN THE ENTERPRISE

How To Understand The History Of The Web (Web)

FORBIDDEN - Ethical Hacking Workshop Duration

Security A to Z the most important terms

2016 Trends in Cybersecurity: A Quick Guide to the Most Important Insights in Security

National Cyber Security Month 2015: Daily Security Awareness Tips

CHAPMAN & HALL/CRC INNOVATIONS IN SOFTWARE ENGINEERING AND SOFTWARE DEVELOPMENT. Software Test Attacks to Break Mobile and Embedded Devices

An Introduction on How to Better Protect Your Computer and Sensitive Data

RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY 229 Information Security Fundamentals

guide to staying safe online How to shop, bank, socialise and protect your identity online.

74% 96 Action Items. Compliance

Internet Safety & Awareness. Dan Tomlinson 02/23/2013

Build Your Own Security Lab

A Systems Engineering Approach to Developing Cyber Security Professionals

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

VIDEO Intypedia013en LESSON 13: DNS SECURITY. AUTHOR: Javier Osuna García-Malo de Molina. GMV Head of Security and Process Consulting Division

Scams and Schemes. objectives. Essential Question: What is identity theft, and how can you protect yourself from it? Learning Overview and Objectives

Ten Tips to Avoid Viruses and Spyware

Network Security. Demo: Web browser

AVOIDING ONLINE THREATS CYBER SECURITY MYTHS, FACTS, TIPS. ftrsecure.com

Managing Web Security in an Increasingly Challenging Threat Landscape

Scene of the Cybercrime Second Edition. Michael Cross

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Understand What s Going On

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Best Practices Guide to Electronic Banking

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Networking. Systems Design and. Development. CRC Press. Taylor & Francis Croup. Boca Raton London New York. CRC Press is an imprint of the

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

13 Ways Through A Firewall What you don t know will hurt you

Secure Your Mobile Workplace

Cyber Security Awareness. Internet Safety Intro.

Different Types of Adware and Services

Basic Security Considerations for and Web Browsing

Transcription:

Computer Security Literacy Staying Safe in a Digital World Douglas Jacobson and Joseph Idziorek CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Group, an informa business A CHAPMAN & HALL BOOK

Contents Preface, xv About the Authors, xxiii Chapter 1 What Is Information Security? 1 1.1 INTRODUCTION 1 1.2 HOW MUCH OF OUR DAILY LIVES RELIES ON COMPUTERS? 2 1.3 SECURITY TRUISMS 4 1.4 BASIC SECURITY TERMINOLOGY 6 1.5 CYBER ETHICS 11 1.6 THE PERCEPTION OF SECURITY 12 1.7 THREAT MODEL 13 1.8 SECURITY IS A MULTIDISCIPLINARY TOPIC 17 1.9 SUMMARY 17 BIBLIOGRAPHY 19 Chapter 2 Introduction to Computers and the Internet 21 2.1 INTRODUCTION 21 2.2 COMPUTERS 21 2.2.1 Hardware 22 2.2.2 Operating Systems 24 2.2.3 Applications 25 2.2.4 Users 25 v

vi Contents 2.3 OPERATION OF A COMPUTER 25 2.3.1 Booting a Computer 26 2.3.2 Running an Application 27 2.3.3 Anatomy of an Application 28 2.4 OVERVIEW OF THE INTERNET 30 2.4.1 Protocols 32 2.4.2 Internet Addressing 36 2.4.3 Internet Protocol Addresses 38 2.4.4 Public versus Private IP Addresses 41 2.4.5 Finding an IP Address 42 2.4.6 Domain Name Service 43 2.4.7 Network Routing 46 2.4.8 World Wide Web 50 2.5 COMPUTERS AND THE INTERNET 51 2.6 SECURITY ROLE-PLAYING CHARACTERS 53 2.7 SUMMARY 54 BIBLIOGRAPHY 56 Chapter 3 Passwords Under Attack 57 3.1 INTRODUCTION 57 3.2 AUTHENTICATION PROCESS 58 3.3 PASSWORD THREATS 61 3.3.1 Bob Discloses Password 62 3.3.2 Social Engineering 63 3.3.3 Key-Logging 65 3.3.4 Wireless Sniffing 66 3.3.5 Attacker Guesses Password 67 3.3.6 Exposed Password File 70 3.3.7 Security Questions 75 3.3.8 Stop Attacking My Password 76 3.4 STRONG PASSWORDS 77 3.4.1 Creating Strong Passwords 77

Contents vii 3.5 PASSWORD MANAGEMENT: LET'S BE PRACTICAL 81 3.6 SUMMARY 84 BIBLIOGRAPHY 86 Chapter 4 Email Security 89 4.1 INTRODUCTION 89 4.2 EMAIL SYSTEMS 89 4.2.1 Message Transfer Agent 90 4.2.2 User Agents 91 4.2.3 Email Addressing 93 4.2.4 Email Message Structure 93 4.3 EMAIL SECURITY AND PRIVACY 96 4.3.1 Eavesdropping 96 4.3.2 Spam and Phishing 98 4.3.3 Spoofing 98 4.3.4 Malicious Email Attachments 99 4.3.5 Replying and Forwarding 100 4.3.6 To, Carbon Copy, and Blind Carbon Copy 101 4.4 SUMMARY 102 BIBLIOGRAPHY 103 Chapter 5 Malware: The Dark Side of Software 105 5.1 INTRODUCTION 105 5.2 WHAT IS MALWARE? 106 5.3 HOW DO I GET MALWARE? 108 5.3.1 Removable Media 108 5.3.2 Documents and Executables 110 5.3.3 Internet Downloads 112 5.3.4 Network Connection 113 5.3.5 Email Attachments 115 5.3.6 Drive-By Downloads 116 5.3.7 Pop-Ups 117 5.3.8 Malicious Advertising 120

viii Contents 5.4 WHAT DOES MALWARE DO? 120 5.4.1 Malicious Adware 121 5.4.2 Spyware 122 5.4.3 Ransomware 122 5.4.4 Backdoor 123 5.4.5 Disable Security Functionality 123 5.4.6 Botnets 124 5.5 SUMMARY 124 BIBLIOGRAPHY 126 Chapter 6 Malware: Defense in Depth 129 6.1 INTRODUCTION 129 6.2 DATA BACKUP 130 6.3 FIREWALLS 132 6.3.1 Function of a Firewall 132 6.3.2 What Types of Malware Does a Firewall Protect Against? 135 6.3.3 Two Types of Firewalls 136 6.3.4 Putting a Hole in a Firewall 138 6.3.5 Firewalls Are Essential 139 6.4 SOFTWARE PATCHES 140 6.4.1 Patch Tuesday and Exploit Wednesday 141 6.4.2 Patches Are Not Limited to Operating Systems 141 6.4.3 Zero-Day Vulnerabilities 142 6.4.4 Just Patch it 142 6.5 ANTIVIRUS SOFTWARE 143 6.5.1 Antivirus Signatures 143 6.5.2 Function of Antivirus Software 145 6.5.3 Antivirus Limitations 145 6.5.4 False Positives and False Negatives 147 6.5.5 Sneaky Malware 147 6.5.6 Antivirus Is Not a Safety Net 149

Contents ix 6.6 USER EDUCATION 149 6.7 SUMMARY 151 BIBLIOGRAPHY 153 Chapter 7 Securely Surfing the World Wide Web 155 7.1 INTRODUCTION 155 7.2 WEB BROWSER 155 7.2.1 Web Browser and Web Server Functions 156 7.2.2 Web Code 157 7.2.3 HTML: Images and Hyperlinks 157 7.2.4 File and Code Handling 160 7.2.5 Cookies 164 7.3 "HTTP SECURE" 168 7.4 WEB BROWSER HISTORY 174 7.5 SUMMARY 177 BIBLIOGRAPHY 179 Chapter 8 Online Shopping 181 8.1 INTRODUCTION 181 8.2 CONSUMER DECISIONS 182 8.2.1 Defense in Depth 183 8.2.2 Credit Card versus Debit Card 183 8.2.3 Single-Use Credit Cards 184 8.2.4 Passwords 185 8.2.5 Do Your Homework 185 8.3 SPYWARE AND KEY-LOGGERS 186 8.4 WIRELESS SNIFFING 186 8.5 SCAMS AND PHISHING WEBSITES 186 8.5.1 Indicators of Trust 188 8.6 MISUSE AND EXPOSURE OF INFORMATION 189 8.6.1 Disclosing Information 189 8.6.2 Audit Credit Card Activity 190

x Contents 8.7 SUMMARY 190 BIBLIOGRAPHY 191 Chapter 9 Wireless Internet Security 193 9.1 INTRODUCTION 193 9.2 HOW WIRELESS NETWORKS WORK 194 9.3 WIRELESS SECURITY THREATS 196 9.3.1 Sniffing 196 9.3.2 Unauthorized Connections 199 9.3.3 Rogue Router 200 9.3.4 Evil Twin Router 201 9.4 PUBLIC WI-FI SECURITY 202 9.5 WIRELESS NETWORK ADMINISTRATION 203 9.5.1 Default Admin Password 204 9.5.2 Service Set Identifier 205 9.5.3 Wireless Security Mode 206 9.5.4 MAC Address Filtering 207 9.5.5 Firewall 209 9.5.6 Power Off Router 209 9.6 SUMMARY 209 BIBLIOGRAPHY 211 Chapter 10 Social Networking 213 10.1 INTRODUCTION 213 10.2 CHOOSE YOUR FRIENDS WISELY 214 10.2.1 Access Control 214 10.2.2 Friend Gluttony 215 10.2.3 Relative Privacy 215 10.2.4 Why Do You Want to Be My Friend? 216 10.3 INFORMATION SHARING 217 10.3.1 Location, Location, Location 217 10.3.2 What Should I Not Share? 219

Contents xi 10.3.3 Opt In versus Opt Out 220 10.3.4 Job Market 221 10.4 MALWARE AND PHISHING 223 10.4.1 Koobface 223 10.4.2 Applications 225 10.4.3 Hyperlinks 226 10.4.4 Phishing 227 10.5 SUMMARY 228 REFERENCES 229 Chapter 11 Social Engineering: Phishing for Suckers 233 11.1 INTRODUCTION 233 11.2 SOCIAL ENGINEERING: MALWARE DISTRIBUTION 234 11.2.1 Instant Messages 234 11.2.2 Fake Antivirus 236 11.2.3 Emails 237 11.2.4 Phone Calls 239 11.3 PHISHING 239 11.3.1 Phishing Emails 239 11.3.2 No Shame Game 241 11.3.4 Other Types of Phishing 242 11.4 DETECTING A PHISHING URL 243 11.4.1 Reading a URL 245 11.4.2 Protocol 245 11.4.3 Top-Level Domain Name 247 11.4.4 Domain Name 248 11.4.5 Subdomain Name 249 11.4.6 File Path 250 11.4.7 File 251 11.5 APPLICATION OF KNOWLEDGE 252 11.5.1 Tools of the Trade 254 11.6 SUMMARY 256 BIBLIOGRAPHY 257

xii Contents Chapter 12 Staying Safe Online: The Human Threat 259 12.1 INTRODUCTION 259 12.2 THE DIFFERENCES BETWEEN CYBERSPACE AND THE PHYSICAL WORLD 260 12.3 CONSIDER THE CONTEXT: WATCH WHAT YOU SAY AND HOW IT IS COMMUNICATED 262 12.4 WHAT YOU DO ON THE INTERNET LASTS FOREVER 264 12.5 NOTHING IS PRIVATE, NOW OR IN THE FUTURE 265 12.6 CAN YOU REALLY TELL WHO YOU ARE TALKING WITH? 266 12.7 CAMERAS AND PHOTO SHARING 268 12.8 I AM A GOOD PERSON, THAT WOULD NEVER HAPPEN TO ME 269 12.9 IS THERE ANYTHING I CAN DO TO MAKE THE INTERNET A SAFER PLACE FOR MY CHILD? 271 BIBLIOGRAPHY 272 Chapter 13 Case Studies 275 13.1 INTRODUCTION 275 13.2 UNABLE TO REMOVE MALWARE: HELP! 275 13.3 SECURELY HANDLING SUSPICIOUS EMAIL ATTACHMENTS 278 13.4 RECOVERING FROM A PHISHING ATTACK 281 13.5 EMAIL ACCOUNT HACKED? NOW WHAT? 282 13.6 SMART PHONES AND MALWARE 284 13.7 HEY! YOU! GET OFF MY WIRELESS NETWORK 286 13.8 BAD BREAKUP? SEVER YOUR DIGITAL TIES 287 13.9 "DISPLAY IMAGES BELOW"? THE MEANING BEHIND THE QUESTION 287 13.10 PHISHING EMAIL FORENSICS 288 13.11 IT'S ON THE INTERNET, SO IT MUST BE TRUE 292 13.12 BUYING AND SELLING ONLINE 294 BIBLIOGRAPHY 295

Contents xiii Chapter 14 Moving Forward with Security and Book Summary 297 14.1 INTRODUCTION 297 14.2 AFTER THE COMPLETION OF THE BOOK 297 14.3 DEFENSE-IN-DEPTH TASKS 299 14.4 CHAPTER SUMMARIES 300 Chapter 1: Introduction 300 Chapter 2: Computers and the Internet 300 Chapter 3: Passwords 301 Chapter 4: Email 301 Chapter 5: Malware 302 Chapter 6: Malware Defense 303 Chapter 7: Securely Surfing the Web 303 Chapter 8: Online Shopping 303 Chapter 9: Wireless Internet Security 304 Chapter 10: Social Networking 304 Chapter 11: Social Engineering: Phishing for Suckers 305 Chapter 12: Staying Safe Online: The Human Threat 305 Chapter 13: Case Studies 306 GLOSSARY, 307 APPENDIX A: READING LIST, 315 APPENDIX B: BASICS OF CRYPTOGRAPHY, 319 APPENDIX C: WEB SURFING SECURITY TECHNOLOGIES, 333

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information