CP100 Internet Research 3.

1. Define the term, digital security risks, and briefly describe the types of cybercriminals

A digital security risk is any event or action that could cause a loss of or damage to a
computer or mobile device hardware, software, data, information, or processing capability.

Any illegal act involving the use of a computer or related devices generally is referred to as a
computer crime.

A cybercrime is an online or Internet-based illegal act.

TYPES OF CYBER CRIMINALS:

Hacker

is a term that refers to many different computing topics. However, in the mainstream, a
hacker is any individual or group that circumvents security to access unauthorized data. It
utilizes alternative system access methods to sabotage computer systems and
networks.Most hackers are highly skilled computer programmers that locate security
gaps and access secure systems via unique analytical skills. A great hacker is
known to be able to "think outside the box."

Cracker

is someone who breaks into someone else's computer system, often on a network;
bypasses passwords or licenses in computer programs; or in other ways intentionally
breaches computer security. A cracker can be doing this for profit, maliciously, for some
altruistic purpose or cause, or because the challenge is there. Some breaking-and-entering
has been done ostensibly to point out weaknesses in a site's security system.

Script kiddie

is an individual who uses scripts or software written by someone else to exploit or break
into a computer system. It is a derogatory term, describing someone who uses malicious
tools without knowing how they work or being skilled enough to create them. A hacker or
power user, on the other hand, has an understanding of what he or she is doing, finds
security vulnerabilities, or creates the programs or scripts that others use.

Corporate spies

has extensive computer and networking skills and is hired to break into a specific
computer or computer network to steal, delete data and/or information. Shady companies hire
these types of people in a practice known as corporate espionage. They do this to gain an
advantage over their competition. Business and home users must do their best to protect or
safeguard their computers from security risks. The next part of this article will give some
pointers to help protect your computer. However, one must remember that there is no
guaranteed way of protecting your computer, so learning about your options is important.

Unethical employees

is one who illegally accesses their company’s network for numerous reasons. One could
be the money they can get from selling top secret information, or some may be bitter and
want revenge.

Cyberextortionist

is someone who uses email as an offensive force. They usually send a company a
threatening email stating that they will release some confidential information, exploit a
security leak, or launch an attack that will harm a company’s network. They use blackmail to
demand a certain amount of money in exchange for not launching an attack.

Cyberterrorist

is someone who uses a computer network or the Internet to destroy computer systems
for political reasons. It’s similar to a terrorist attack because it requires highly skilled
individuals, millions of dollars to implement and years of planning.

2. Describe various types of Internet and network attacks (malware, botnets, denial of
service attacks, back doors, and spoofing) and explain ways to safeguard against these
attacks, including firewalls

Backdoor

Backdoor refers to any method by which authorized and unauthorized users are able to get
around normal security measures and gain high level user access (aka root access) on a
computer system, network, or software application. Once they're in, cybercriminals can use
a backdoor to steal personal and financial data, install additional malware, and hijack
devices.

Protection against backdoor attacks

Detecting backdoor malware is not easy as it runs without showing much signs of its
existence. Even many detection tools fail to detect it and protect the system. Thus, we need
to learn ways that can help in reducing the risk of a breach.

The first line of defense one should adopt is to have a firewall running on the system. It
blocks entry point unauthorized access meaning execution of port binding backdoor will be
nearly impossible.

Have a strong network monitoring especially for open source based programs and check
that they come from reputable sources.

Add additional layer of security to network monitoring as it is the key to protect against
backdoor attacks. Network monitoring guarantees that any suspicious activity won’t take
place unnoticed. If command and control server is gathering information the network
administrator will get to know and they can take measures to stop the attack and moderate
any damage.

Use an anti-malware program, as some backdoor attacks manipulate the network traffic to
make it look genuine and don’t hit the alarms. So, to avoid such situations an update anti-
malware is a must. As, it can quickly and easily detect such backdoors. You can use
Systweak Anti-Malware for this purpose as it has all the essential features and it even
performs thorough scanning and cleaning to identify and delete these nasty threats.

DoS (Denial of Service) –

A DoS attack renders a network, host, or other pieces of infrastructure unusable by

legitimate users. Most Internet DoS attacks fall into one of three categories :

• Vulnerability attack: This involves sending a few well-crafted messages to a vulnerable

application or operating system running on a targeted host. If the right sequence of packets
is sent to a vulnerable application or operating system, the service can stop or, worse, the
host can crash.

• Bandwidth flooding: The attacker sends a deluge of packets to the targeted host—so many
packets that the target’s access link becomes clogged, preventing legitimate packets from
reaching the server.
• Connection flooding: The attacker establishes a large number of half-open or fully open
TCP connections at the target host. The host can become so bogged down with these
bogus connections that it stops accepting legitimate connections.

Malware attack

Malicious software can be described as unwanted software that is installed in your system
without your consent. It can attach itself to legitimate code and propagate; it can lurk in
useful applications or replicate itself across the Internet. Here are some of the most common
types of malware:

Macro viruses — These viruses infect applications such as Microsoft Word or Excel. Macro
viruses attach to an application’s initialization sequence. When the application is opened,
the virus executes instructions before transferring control to the application. The virus
replicates itself and attaches to other code in the computer system.

File infectors — File infector viruses usually attach themselves to executable code, such as
.exe files. The virus is installed when the code is loaded. Another version of a file infector
associates itself with a file by creating a virus file with the same name, but an .exe
extension. Therefore, when the file is opened, the virus code will execute.

System or boot-record infectors — A boot-record virus attaches to the master boot record on
hard disks. When the system is started, it will look at the boot sector and load the virus into
memory, where it can propagate to other disks and computers.

Polymorphic viruses — These viruses conceal themselves through varying cycles of

encryption and decryption. The encrypted virus and an associated mutation engine are
initially decrypted by a decryption program. The virus proceeds to infect an area of code.
The mutation engine then develops a new decryption routine and the virus encrypts the
mutation engine and a copy of the virus with an algorithm corresponding to the new
decryption routine. The encrypted package of mutation engine and virus is attached to new
code, and the process repeats. Such viruses are difficult to detect but have a high level of
entropy because of the many modifications of their source code. Anti-virus software or free
tools like Process Hacker can use this feature to detect them.

Stealth viruses — Stealth viruses take over system functions to conceal themselves. They
do this by compromising malware detection software so that the software will report an
infected area as being uninfected. These viruses conceal any increase in the size of an
infected file or changes to the file’s date and time of last modification.
Trojans — A Trojan or a Trojan horse is a program that hides in a useful program and
usually has a malicious function. A major difference between viruses and Trojans is that
Trojans do not self-replicate. In addition to launching attacks on a system, a Trojan can
establish a back door that can be exploited by attackers. For example, a Trojan can be
programmed to open a high-numbered port so the hacker can use it to listen and then
perform an attack.

Logic bombs — A logic bomb is a type of malicious software that is appended to an

application and is triggered by a specific occurrence, such as a logical condition or a specific
date and time.

Worms — Worms differ from viruses in that they do not attach to a host file, but are self-
contained programs that propagate across networks and computers. Worms are commonly
spread through email attachments; opening the attachment activates the worm program. A
typical worm exploit involves the worm sending a copy of itself to every contact in an
infected computer’s email address In addition to conducting malicious activities, a worm
spreading across the internet and overloading email servers can result in denial-of-service
attacks against nodes on the network.

Droppers — A dropper is a program used to install viruses on computers. In many

instances, the dropper is not infected with malicious code and, therefore might not be
detected by virus-scanning software. A dropper can also connect to the internet and
download updates to virus software that is resident on a compromised system.

Ransomware — Ransomware is a type of malware that blocks access to the victim’s data
and threatens to publish or delete it unless a ransom is paid. While some simple computer
ransomware can lock the system in a way that is not difficult for a knowledgeable person to
reverse, more advanced malware uses a technique called cryptoviral extortion, which
encrypts the victim’s files in a way that makes them nearly impossible to recover without the
decryption key.

Adware — Adware is a software application used by companies for marketing purposes;

advertising banners are displayed while any program is running. Adware can be
automatically downloaded to your system while browsing any website and can be viewed
through pop-up windows or through a bar that appears on the computer screen
automatically.

Spyware — Spyware is a type of program that is installed to collect information about users,
their computers or their browsing habits. It tracks everything you do without your knowledge
and sends the data to a remote user. It also can download and install other malicious
programs from the internet. Spyware works like adware but is usually a separate program
that is installed unknowingly when you install another freeware application.

Botnets
Botnets are the millions of systems infected with malware under hacker control in order to
carry out DDoS attacks. These bots or zombie systems are used to carry out attacks against
the target systems, often overwhelming the target system’s bandwidth and processing
capabilities. These DDoS attacks are difficult to trace because botnets are located in
differing geographic locations.

Botnets can be mitigated by:

RFC3704 filtering, which will deny traffic from spoofed addresses and help ensure that traffic
is traceable to its correct source network. For example, RFC3704 filtering will drop packets
from bogon list addresses.

Black hole filtering, which drops undesirable traffic before it enters a protected network.
When a DDoS attack is detected, the BGP (Border Gateway Protocol) host should send
routing updates to ISP routers so that they route all traffic heading to victim servers to a
null0 interface at the next hop.

Spoofing (Identity or IP Address Spoofing)

Any internet connected device sends IP datagrams which are internet data packets into the
network. These datagrams carry application layer data and the sender’s IP address and if
the attacker is able of getting the control over the software running on a network device, it
gets easy for them to alter the device’s protocols and putting an arbitrary IP address into the
data packet’s source address field. Spoofers do it so that it becomes difficult to find the
actual host who sent the datagram.

Ingress filtering is the countermeasure of spoofing and routers usually perform this. Routers
perform ingress filtering to check the IP address of incoming datagrams and try to find out if
the source addresses which are to be known, to be reachable via that interface. Router
discards the source address of the packets which are not in the valid range.

How to Protect Your Network From Cyber Attacks

Network based mitigation

Install IDS/IPS with the ability to track floods (such as SYN, ICMP, etc.)
Install a firewall that has the ability to drop packets rather than have them reach the internal
server. The nature of a web server is such that you will allow HTTP to the server from the
Internet. You will need to monitor your server to know where to block traffic.

Have contact numbers for your ISP's emergency management team (or response team, or
the team that is able to respond to such an event). You will need to contact them in order to
prevent the attack from reaching your network's perimeter in the first place.

Host based mitigation

Ensure that HTTP open sessions time out at a reasonable time. When under attack, you will
want to reduce this number.

Ensure that TCP also time out at a reasonable time.

Install a host-based firewall to prevent HTTP threads from spawning for attack packets

Proactive measures

For those with the know-how, it would be possible to "fight back" with programs that can
neutralize the threat. This method is used mostly by networks that are under constant attack
such as government sites.

Network based mitigation

Install IDS/IPS with the ability to track floods (such as SYN, ICMP, etc.)

Install a firewall that has the ability to drop packets rather than have them reach the internal
server. The nature of a web server is such that you will allow HTTP to the server from the
Internet. You will need to monitor your server to know where to block traffic.

Have contact numbers for your ISP's emergency management team (or response team, or
the team that is able to respond to such an event). You will need to contact them in order to
prevent the attack from reaching your network's perimeter in the first place.

Host based mitigation

Ensure that HTTP open sessions time out at a reasonable time. When under attack, you will
want to reduce this number.

Ensure that TCP also time out at a reasonable. A firewall is a network security system
designed to prevent unauthorized access to or from a private network. Firewalls can be
implemented as both hardware and software, or a combination of both. Network firewalls are
frequently used to prevent unauthorized Internet users from accessing private networks
connected to the Internet, especially intranets. All messages entering or leaving the intranet
pass through the firewall, which examines each message and blocks those that do not meet
the specified security criteria.

Install a host-based firewall to prevent HTTP threads from spawning for attack packets

Proactive measures

For those with the know-how, it would be possible to "fight back" with programs that can
neutralize the threat. This method is used mostly by networks that are under constant attack
such as government sites.

A firewall is a network security system designed to prevent unauthorized access to or from

a private network. Firewalls can be implemented as both hardware and software, or a
combination of both. Network firewalls are frequently used to prevent unauthorized Internet
users from accessing private networks connected to the Internet, especially intranets. All
messages entering or leaving the intranet pass through the firewall, which examines each
message and blocks those that do not meet the specified security criteria.

3. What are the techniques to prevent unauthorized computer access and use, including
access controls, user names, passwords, possessed objects, and biometric devices?

Unauthorized access is the use of a computer or network without permission

Unauthorized use is the use of a computer or its data for unapproved or possibly illegal
activities

Organizations take several measures to help prevent unauthorized access and use

Acceptable use policy – outlines the activities for which the computer and network may and
may not be used

Disable file and printer sharing – ensure that others cannot access your files or your printer

Access controls define who can access a computer, device, or network; when they can
access it; and what actions they can take while accessing it

The computer, device, or network should maintain an audit trail that records in a file both
successful and unsuccessful access attempts

There are various methods of access control that can be used to safeguard against
unauthorized access and use

User name and password

Possessed object

Biometric device

User name

Unique combination of characters that identifies one specific user

Password

Private combination of characters associated with the user name that allows access to
certain computer resources

Passphrase

Private combination of words, often containing mixed capitalization and punctuation,

associated with a user name that allows access to certain computer resources

PIN (personal identification number)

Numeric password, either assigned by a company or selected by a user

A possessed object is any item that you must possess, or carry with you, in order to gain
access to a computer or computer facility

Badges

Cards

Smart cards

Keys

A biometric device authenticates a person’s identity by translating a personal characteristic

into a digital code that is compared with a digital code in a computer or mobile device
verifying a physical or behavioral characteristic

Fingerprint reader – captures curves and indentations of a fingerprint

Face recognition system – captures live face image

Hand geometry system – measures the shape and size of a person’s hand

Voice verification system – compares a person’s live speech with their stored voice pattern

Signature verification system – recognizes the shape of your handwritten signature

Iris recognition system – read patterns in the iris of the eye

Two-step verification uses two separate methods, one after the next, to verify the identity of
a user

Used with:

ATMs

Digital forensics is the discovery, collection, and analysis of evidence found on computers
and networks

Involves examination of media, programs, data and log files of computers, mobile devices,
servers and networks

Many areas use digital forensics:

● Law enforcement
● Criminal prosecutors
● Military intelligence
● Insurance agencies
● Information security departments

4. What are the ways that software manufacturers protect against software piracy?

Software Theft Software theft occurs when someone:

● Steals software media

● Intentionally erases programs
● Illegally registers and/or activates a program
● Illegally copies a program (software piracy)

Software Theft

Many manufacturers incorporate an activation process into their programs to ensure the
software is not installed on more computers than legally licensed. During the product
activation, which is conducted either online or by phone, users provide the software
product’s identification number to associate the software with the computer or mobile
device on which the software is installed.

A license agreement is the right to use software

● Single-user license agreement

● Network license – allows multiple users to access the software on the server
simultaneously
● Site license – permits users to install the software on multiple computers
5. How does encryption, digital signatures, and digital certificates work?

Information Theft

Information theft occurs when someone steals personal or confidential information

Encryption is a process of converting data that is readable by humans (plaintext) into

encoded characters (ciphertext) to prevent unauthorized accessTo read the data, recipient
must decrypt or decode it

Encryption algorithm – a set of steps that can convert plaintext into ciphertext

Two basic types of encryption:

● Private key encryption – both originator and recipient use the same secret key to
encrypt and decrypt data
● Public key encryption – uses two encryption keys; public key and private key

A digital signature is an encrypted code that a person, website, or organization

attaches to an electronic message to verify the identity of the message sender. Often
used to ensure that an impostor is not participating in an Internet transaction.

A digital certificate is a notice that guarantees a user or a website is legitimate.

A website that uses encryption techniques to secure its data is known as a secure site.
Web addresses of secure sites often begin with https. Secure sites use digital
certificates along with security protocols.

6. Identify safeguards against hardware theft, vandalism, and failure

Hardware theft is the act of stealing digital equipment.

Hardware vandalism is the act of defacing or destroying digital equipment.

A hardware failure is the prolonged malfunction of a device. A variety of reasons can lead
to hardware failure:

● Aging hardware
● Natural or man-made disasters
● Electrical power problems
● Errors in programs or apps

Backing Up – The Ultimate Safeguard

A backup is a duplicate of a file, program, or media that can be used if the original is lost,
damaged, or destroyed. To back up a file means to make a copy of it. Off-site
backups are stored in a location separate from the computer or mobile device site.
Safe deposit box at a bank
Briefcase
Cloud storage
Cloud backup

Categories of backups:
● Full
● Differential
● Incremental
● Selective
● Continuous data protection
● Cloud
● Three-generation backup policy
● Grandparent – oldest copy
● Parent – second oldest copy
● Child – most recent

7. Identify the risks and safeguards associated with wireless communications

Some perpetrators connect to other’s wireless networks to gain free Internet access or
confidential data. Others connect to a network through an unsecured wireless access point
(WAP) or combination router/WAP

8. What are the issues related to information accuracy, intellectual property rights, codes
of conduct, and green computing?

Technology ethics are the moral guidelines that govern the use of computers, mobile
devices, information systems, and related technologies. Areas of computer ethics are:

● Unauthorized use of computers, mobile devices and networks

● Software theft (piracy)
● Information accuracy
● Intellectual property rights
● Codes of conduct
● Green computing
● Information privacy

Information Accuracy - Not all information on the Internet is correct.

Intellectual property refers to unique and original works such as ideas, inventions, art,
writings, processes, company and product names, and logos. Intellectual property
rights are the rights to which creators are entitled to their work. Many of these works
 are available digitally and easily redistributed or altered without permission. A
copyright protects any tangible form of expression. Digital rights management (DRM)
is a strategy designed to prevent illegal distribution of movies, music, and other
digital content.

A code of conduct is a written guideline that helps determine whether a specification is

ethical/unethical or allowed/not allowed

Green computing involves reducing the electricity and environmental waste while using
computers, mobile devices, and related technologies. Measures users can take to
contribute to green computing.

9. Discuss the issues surrounding information privacy, including electronic profiles,

cookies, phishing, spyware and adware, social engineering, privacy laws, employee
monitoring, and content filtering.

Information privacy refers to the right of individuals and companies to deny or restrict the
collection, use, and dissemination of information about them. Huge databases store data that is
personal and confidential online. Websites often collect data about you, so that they can
customize advertisements and send you personalized messages. Some employers monitor your
computer usage and messages

Techniques use by companies and employers to collect personal data:

● Electronic profiles
● Cookies
● Phishing
● Spyware and Adware
● Social engineering
● Employee monitoring
● Content filtering

Information about you can be stored in a database when you:

● Fill out a printed or online form
● Create a profile on an online social network
● Register a product warranty
A cookie is a small text file that a web server stores on your computer. Websites use cookies for
a variety of reasons:
● Allow for personalization;
● to track user preferences
● Store user names and/or passwords
 ● Assist with online shopping;
● to keep track of items in a user’s shopping cart
● Track how often users visit a site
● Target advertisements

Phishing is a scam in which a perpetrator sends an official looking message that attempts to
obtain your personal and/or financial information. With clickjacking, an object that can be tapped
or clicked on a website contains a malicious program.

Spyware is a program placed on a computer or mobile device without the user’s knowledge that
secretly collects information about the user and then communicates the information it collects to
some outside source while the user is online. Adware is a program that displays an online
advertisement in a banner or pop-up window on webpages, messages, or other Internet
services.

Social engineering is defined as gaining unauthorized access to or obtaining confidential

information by taking advantage of the trusting human nature of some victims and the naivety of
others.
● Techniques use by social engineers:
● Pretending to be an administrator
● Feigning an emergency situation
● Impersonating an acquaintance
● Sift through company dumpsters
● Watch or film people dialing phone numbers or using ATMs
● Snoop around computers or mobile devices looking for openly displayed confidential
information

Employee monitoring involves the use of computers, mobile devices, or cameras to observe,
record, and review an employee’s use of a technology, including communications such as
messages, keyboard activity (used to measure productivity), and websites visited. Many
programs exist that easily allow employers to monitor employees. Further, it is legal for
employers to use these programs.

Cybercrime and cybercriminals.

Risks and safeguards associated with Internet and network attacks, unauthorized access and
use, software theft, information theft, and hardware theft, vandalism, and failure. Various backup
strategies and methods of securing wireless communications. Ethical issues in society and
various ways to protect the privacy of personal information