Write down all
possible ways how your personal computer system could be compromised. What are
the possible attack vectors?
1.1 An Overview of Compromised Computer
is a good way of saying that someone or something has maliciously broken into
your computer without your knowledge or permission. It means that you cannot
trust the integrity of any file on your computer (including program files,
image files, operating system files, etc.). You cannot find a copy of your
computer without copying “right before compromising” to match your
files, your password, or your personal information.
compromise the personal computer
computer from the network
Contact the Information
Give users to
any computer of temporary service interruption
There is no
record information on a computer that is not compromised
5. Wait for further instructions from the Information Security Office
There are many possible
ways to compromise our personal computer system
We can always install Operating
We can keep our installed
We cannot use the same password
at every site
We can Install
and be sure to update your anti-virus software
We can use a
We can backup
We can enable
the display of file extensions
We do not open
attachments from people you do not know
We can ignore
emails that state you won a contest or a stranger asking for assistance with
We can watch out
for online and phone support scams
We can ignore
web pop ups that state your computer is infected or has a problem
1.2 Attack Vector
An attack vector
is defined by technique through hackers for unauthorized access to a device or
network for technical purposes. In other words, it is used to attack or use a
network, computer or device. Attack vectors assist wavelength elements to
attack the system or network impacts, including human traits.
attachments, web pages, popup windows, instant messages, chat rooms and
cheating. These Modes include programming (or, in some cases, hardware), a
human operator, or fraud protection system, except for fraud.
To some extent,
firewalls and antivirus software can prevent attack vectors. But the security
system is not entirely a source of attack. Hackers are continuously updating
the attack vectors and looking for new Ones and in their search for securing
unauthorized access to computers and servers, there is no effective security
system for a long time.
Most common types of software attacks are viruses, worms,
Trojan horses, logic bombs, back doors, denial-of-service, alien software,
phishing and pharming.
computer code that performs unintended actions ranging from merely annoying to
destructive. It is a piece of self-replicating code embedded within another
program (host). Viruses associated with program files
Hard disks, floppy disks, CD-ROMS
Diskettes or CDs
Files downloaded from Internet
Commercial antivirus software
Few people keep up-to-date
programs that replicate themselves without requiring another program to provide
a safe environment for replication.
through a computer network
security holes in networked computers
Software programs that hide in other computer programs and
reveal their designed behavior only when they are activated.
Program with benign
capability that masks a sinister purpose
Trojan: Trojan horse that gives attack access to victim’s computer
often found within files downloaded from erotica/porn Usenet sites
Give attack with
the complete control of the affected computer. The attackers usually hide the
Trojan horse from running games on their PCs in games and other small programs.
activate and perform a destructive action at a certain time.
Back doors or
password, known only to the attacker, that allows access to the system without
having to go through any security.
An attacker sends so many information requests to a target
system that the target cannot handle them successfully and can crash the entire
1.3 Alien Software Attacks
software that uses up valuable system resources and can report on your Web
surfing habits and other personal information.
to help popup advertisements appear on your screen.
Spyware: Software that gathers user
information through the user’s Internet connection without their knowledge
(i.e. keylogger, password capture).
Designed to use
your computer as a launch pad for spammers.
e-mail, usually for purposes of advertising.
Cookies: Small amount of
information that Web sites store on your computer, temporarily or more-or-less
Web bugs: Small, usually invisible, graphic images that are added to a
Web page or e-mail.
Phishing: Uses deception
to fraudulently acquire sensitive personal information such as account numbers
and passwords disguised as an official-looking e-mail.
acquires the Domain Name for a company’s Web site and when people type in the
Web site URL they are redirected to a fake Web site.
1.4 Types of Attacks
An asset is destroyed, unavailable or unusable (availability)
Unauthorized party gains access to an asset (confidentiality)
Unauthorized party tampers (unauthorized alternation) with asset (integrity)
Fabrication – Unauthorized
party inserts counterfeit (fraudulent imitation) object into the system (authenticity)
Person denies taking an action (authenticity)
Eavesdropping (secretly listen to a
Masquerade – one
entity pretends to be a different entity
Replay – passive
capture of information and its retransmission
of messages -legitimate message is altered
Denial of service – prevents normal
use of resources. An intentional action designed to prevent legitimate users
from making use of a computer service. Goal of this attack is disrupt a
server’s ability to respond to its clients. About 4,000 Web sites attacked each
You are elected member of the newly established computer and data security team
in ABC institution.
a list of all possible risks that can have an impact on the security and
stability of your data and internal and external Information & Technology
a list of recommendations to lower the risks.
2.1 What is Computer System Security Risks?
security risks are the process of performing any damage or damage to computer
hardware, software, data, information or processing capabilities.
2.2 Types of Computer Security Risks
and network attack
access and use
2.3 Internet and network attack
via networks has a higher risk of security than a company’s premises.
of service attacks
Malware (malicious software)
A program that
acts without knowledge of any user and intentionally changes the system
Type of malware:
Compromised computers that are connected
to a network like the Internet that use networks that attack other networks are
usually used for wrong purposes.
A program or set of instructions in a
program that allow users to bypass security controls when accessing a program,
computer, or network
of service attacks or DoS attack
It is an assault whose purpose is to
disrupt computer access to an Internet service such as the Web or e-mail.
A technique intruders use to make their
network or Internet transmission appear legitimate to a victim computer or
Unauthorized Access and Use
The use of a computer or network without
The use of a computer or its data for
unapproved or possibly illegal activities.
Hardware Theft and Vandalism
It is the act of stealing computer
The act of defacing or destroying
copies a program
registers and/or activates a program
when someone steals personal or confidential information.
stolen, the loss of information can cause as much damage as (if not more than)
hardware or software theft.
A system failure is the prolonged
malfunction of a computer
A variety of factors can lead to system
Electrical power problems
undervoltages, and overvoltages
Errors in computer programs
Recommendations to lower the risks
Install quality antivirus
previews in Outlook
Don’t click on
email links or attachments
Deploy DNS protection