Aveneu Park, Starling, Australia

TASK install Operating System updates · We can

TASK 01

 

Write down all
possible ways how your personal computer system could be compromised. What are
the possible attack vectors?

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

1.1 An Overview of Compromised Computer

 

“Compromised”
is a good way of saying that someone or something has maliciously broken into
your computer without your knowledge or permission. It means that you cannot
trust the integrity of any file on your computer (including program files,
image files, operating system files, etc.). You cannot find a copy of your
computer without copying “right before compromising” to match your
files, your password, or your personal information.

Steps for
compromise the personal computer

 

1.     
Disconnect the
computer from the network

2.     
Contact the Information
Security Office

3.     
Give users to
any computer of temporary service interruption

4.     
There is no
record information on a computer that is not compromised

5.      Wait for further instructions from the Information Security Office

 

There are many possible
ways to compromise our personal computer system

 

·        
We can always install Operating
System updates

·        
We can keep our installed
applications up-to-date

·        
We cannot use the same password
at every site

·        
We can Install
and be sure to update your anti-virus software

·        
We can use a
firewall

·        
We can backup
our data

·        
We can enable
the display of file extensions

·        
We do not open
attachments from people you do not know

·        
We can ignore
emails that state you won a contest or a stranger asking for assistance with
their inheritance

·        
We can watch out
for online and phone support scams

·        
We can ignore
web pop ups that state your computer is infected or has a problem

 

 

 

 

 

 

1.2 Attack Vector

An attack vector
is defined by technique through hackers for unauthorized access to a device or
network for technical purposes. In other words, it is used to attack or use a
network, computer or device. Attack vectors assist wavelength elements to
attack the system or network impacts, including human traits.

 

Viruses, email
attachments, web pages, popup windows, instant messages, chat rooms and
cheating. These Modes include programming (or, in some cases, hardware), a
human operator, or fraud protection system, except for fraud.

 

To some extent,
firewalls and antivirus software can prevent attack vectors. But the security
system is not entirely a source of attack. Hackers are continuously updating
the attack vectors and looking for new Ones and in their search for securing
unauthorized access to computers and servers, there is no effective security
system for a long time.

 

Most common types of software attacks are viruses, worms,
Trojan horses, logic bombs, back doors, denial-of-service, alien software,
phishing and pharming.

 

 

Viruses

 

Segments of
computer code that performs unintended actions ranging from merely annoying to
destructive. It is a piece of self-replicating code embedded within another
program (host). Viruses associated with program files

·        
Hard disks, floppy disks, CD-ROMS

·        
Email attachments

 

 

How viruses
spread

·        
Diskettes or CDs

·        
Email

·        
Files downloaded from Internet

 

 

Well-known
viruses

·        
Brain

·        
Michelangelo

·        
Melissa

·        
Love Bug

 

Viruses today

·        
Commercial antivirus software

·        
Few people keep up-to-date

Worms

 

Destructive
programs that replicate themselves without requiring another program to provide
a safe environment for replication.

Self-contained
program

It spreads
through a computer network

Exploits
security holes in networked computers

Famous worms

·        
WANK

·        
Code
Red

·        
Sapphire
(Slammer)

·        
Blaster

·        
Sasser

 

Trojan horses

 

Software programs that hide in other computer programs and
reveal their designed behavior only when they are activated.

 

Program with benign
capability that masks a sinister purpose

 

Remote access
Trojan: Trojan horse that gives attack access to victim’s computer

·        
Back
Orifice

·        
SubSeven

 

RAT servers
often found within files downloaded from erotica/porn Usenet sites

 

Give attack with
the complete control of the affected computer. The attackers usually hide the
Trojan horse from running games on their PCs in games and other small programs.

 

Logic bombs

Designed to
activate and perform a destructive action at a certain time.

 

Back doors or
trap doors

Typically a
password, known only to the attacker, that allows access to the system without
having to go through any security.

 

Denial-of-service

 

An attacker sends so many information requests to a target
system that the target cannot handle them successfully and can crash the entire
system.

 

 

 

1.3 Alien Software Attacks

 

Pestware: Clandestine
software that uses up valuable system resources and can report on your Web
surfing habits and other personal information.

Adware: Designed
to help popup advertisements appear on your screen.

Spyware:  Software that gathers user
information through the user’s Internet connection without their knowledge
(i.e. keylogger, password capture).

 

Spamware:
 Designed to use
your computer as a launch pad for spammers.

Spam:
 Unsolicited
e-mail, usually for purposes of advertising.

Cookies: Small amount of
information that Web sites store on your computer, temporarily or more-or-less
permanently

 

Web bugs: Small, usually invisible, graphic images that are added to a
Web page or e-mail.

 

Phishing: Uses deception
to fraudulently acquire sensitive personal information such as account numbers
and passwords disguised as an official-looking e-mail.

 

Pharming: Fraudulently
acquires the Domain Name for a company’s Web site and when people type in the
Web site URL they are redirected to a fake Web site.

 

 

 

 

 

 

 

 

 

 

 

 

 

1.4 Types of Attacks

 

Interruption –
An asset is destroyed, unavailable or unusable (availability)

 

Interception –
Unauthorized party gains access to an asset (confidentiality)

 

Modification –
Unauthorized party tampers (unauthorized alternation) with asset (integrity)

 

Fabrication – Unauthorized
party inserts counterfeit (fraudulent imitation) object into the system (authenticity)

 

Denial –
Person denies taking an action (authenticity)

 

 

 

Passive attacks:

 

·        
Eavesdropping (secretly listen to a
conversation)

·        
Monitoring

 

Active attacks:

 

·        
Masquerade – one
entity pretends to be a different entity

·        
Replay – passive
capture of information and its retransmission

·        
Modification
of messages -legitimate message is altered

·        
Denial of service – prevents normal
use of resources. An intentional action designed to prevent legitimate users
from making use of a computer service. Goal of this attack is disrupt a
server’s ability to respond to its clients. About 4,000 Web sites attacked each
week.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

TASK 02

 

Congratulations!
You are elected member of the newly established computer and data security team
in ABC institution.

1)     
Make
a list of all possible risks that can have an impact on the security and
stability of your data and internal and external Information & Technology
services.

2)     
Make
a list of recommendations to lower the risks.

 

 

2.1 What is Computer System Security Risks?

 

Computer
security risks are the process of performing any damage or damage to computer
hardware, software, data, information or processing capabilities.

 

2.2 Types of Computer Security Risks

·        
Internet
and network attack

·        
Unauthorized
access and use

·        
Hardware
theft

·        
Software
theft

·        
Information
theft

·        
System
failure

 

2.3 Internet and network attack

 

Information sent
via networks has a higher risk of security than a company’s premises.

 

It contains

·        
Malware

·        
Botnets

·        
Back
Doors

·        
Denial
of service attacks

·        
Spoofing

 

Malware (malicious software)

 

A program that
acts without knowledge of any user and intentionally changes the system
performance.

 

 Type of malware:

i.                   
Computer
viruses

ii.                 
Worms

iii.               
 Trojan Horses

iv.               
Rootkit

v.                 
Back
door

vi.               
Spyware

Botnets

 

Compromised computers that are connected
to a network like the Internet that use networks that attack other networks are
usually used for wrong purposes.

 

Back
door

 

A program or set of instructions in a
program that allow users to bypass security controls when accessing a program,
computer, or network

 

Denial
of service attacks or DoS attack

 

It is an assault whose purpose is to
disrupt computer access to an Internet service such as the Web or e-mail.

 

Spoofing

 

A technique intruders use to make their
network or Internet transmission appear legitimate to a victim computer or
network.

 

 

 

2.4
Unauthorized Access and Use

 

Unauthorized
access

The use of a computer or network without
permission.

 

Unauthorized
use

The use of a computer or its data for
unapproved or possibly illegal activities.

 

 

 

2.5
Hardware Theft and Vandalism

 

Hardware
theft

It is the act of stealing computer
equipment.

 

Hardware
vandalism

The act of defacing or destroying
computer equipment.

 

 

 

 

 

 

 

2.6
Software Theft

 

·        
Steals
software media

·        
Illegally
copies a program

·        
Intentionally
erases programs

·        
Illegally
registers and/or activates a program

 

 

2.7
Information Theft

 

·        
Occurs
when someone steals personal or confidential information.

·        
If
stolen, the loss of information can cause as much damage as (if not more than)
hardware or software theft.

 

 

2.8
System Failure

 

·        
A system failure is the prolonged
malfunction of a computer

·        
A variety of factors can lead to system
failure, including:

o  
Aging hardware

o  
Natural disasters

o  
Electrical power problems

Ø  Noise,
undervoltages, and overvoltages

o  
Errors in computer programs

 

 

2.9
Recommendations to lower the risks

 

·        
Install quality antivirus

·        
Install real-time
anti-spyware protection

·        
Keep anti-malware
applications current

·        
Perform daily
scans

·        
Disable autorun

·        
Disable image
previews in Outlook

·        
Don’t click on
email links or attachments

·        
Surf smart

·        
Use a
hardware-based firewall

·        
Deploy DNS protection

x

Hi!
I'm Mack!

Would you like to get a custom essay? How about receiving a customized one?

Check it out