• No results found

Computer Security Literacy

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Computer Security Literacy"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

Computer Security Literacy

Staying

Safe

in

a

Digital

World

Douglas

Jacobson and

Joseph

Idziorek

CRC Press

Taylor& FrancisGroup Boca Raton London New York CRC Press isanimprint ofthe

Taylor& FrancisGroup,aninforma business

(2)

Preface,

xv

About the

Authors,

xxiii

Chapter 1

What Is Information Security?

1

1.1

INTRODUCTION

1

1.2 HOW MUCH OF

OUR DAILY

LIVES RELIES ON

COMPUTERS?

2

1.3 SECURITY TRUISMS 4

1.4

BASIC SECURITY

TERMINOLOGY 6

1.5 CYBER ETHICS 11

1.6

THE PERCEPTION

OF SECURITY 12

1.7 THREAT

MODEL

13 1.8 SECURITY

IS

A MULTIDISCIPLINARY

TOPIC

17

1.9 SUMMARY 17

BIBLIOGRAPHY 19

Chapter

2

Introduction

to

Computers

and the Internet

21

2.1

INTRODUCTION

21 2.2 COMPUTERS 21 2.2.1 Hardware 22 2.2.2

Operating Systems

24 2.2.3

Applications

25 2.2.4 Users 25 v

(3)

vi Contents

2.3 OPERATION OF A COMPUTER 25 2.3.1

Booting

a

Computer

26

2.3.2

Running

an

Application

27

2.3.3

Anatomy

ofan

Application

28

2.4 OVERVIEW OF THE INTERNET 30

2.4.1 Protocols 32 2.4.2 Internet

Addressing

36

2.4.3 Internet Protocol Addresses 38 2.4.4 PublicversusPrivate IP Addresses 41

2.4.5

Finding

an IP

Address

42

2.4.6 Domain Name Service 43

2.4.7 Network

Routing

46

2.4.8 World Wide Web 50

2.5 COMPUTERS AND THE INTERNET 51

2.6 SECURITY ROLE-PLAYING CHARACTERS 53

2.7 SUMMARY 54

BIBLIOGRAPHY 56

Chapter

3 Passwords Under Attack

57

3.1 INTRODUCTION 57 3.2 AUTHENTICATION PROCESS 58 3.3 PASSWORD THREATS 61

3.3.1 Bob Discloses Password 62 3.3.2 Social

Engineering

63 3.3.3

Key-Logging

65 3.3.4 Wireless

Sniffing

66 3.3.5 Attacker Guesses Password 67 3.3.6

Exposed

Password File 70

3.3.7

Security

Questions

75

3.3.8

Stop Attacking

My

Password 76 3.4 STRONG PASSWORDS 77

(4)

3.5

PASSWORD

MANAGEMENT: LET'S BE PRACTICAL 81

3.6 SUMMARY 84

BIBLIOGRAPHY

86

Chapter

4 Email

Security

89

4.1 INTRODUCTION 89 4.2 EMAIL SYSTEMS 89

4.2.1

Message

Transfer

Agent

90

4.2.2 User

Agents

91

4.2.3

Email

Addressing

93 4.2.4 Email

Message

Structure 93

4.3

EMAIL SECURITY

AND PRIVACY 96

4.3.1

Eavesdropping

96 4.3.2

Spam

and

Phishing

98 4.3.3

Spoofing

98 4.3.4 Malicious Email Attachments 99

4.3.5

Replying

and

Forwarding

100

4.3.6

To,

Carbon

Copy,

and Blind Carbon

Copy

101

4.4 SUMMARY 102

BIBLIOGRAPHY 103

Chapter

5 Malware: The Dark

Side

of

Software

105

5.1 INTRODUCTION 105 5.2 WHAT

IS

MALWARE? 106 5.3 HOW DO I GET MALWARE? 108 5.3.1 Removable Media 108 5.3.2 Documents

and Executables

110 5.3.3 InternetDownloads 112 5.3.4 Network Connection 113 5.3.5

Email Attachments

115 5.3.6

Drive-By

Downloads 116 5.3.7

Pop-Ups

117 5.3.8 Malicious

Advertising

120

(5)

viii Contents

5.4 WHAT DOES

MALWARE DO?

120

5.4.1 Malicious

Adware

121 5.4.2

Spyware

122 5.4.3 Ransomware 122 5.4.4 Backdoor 123

5.4.5 Disable

Security Functionality

123 5.4.6 Botnets 124

5.5 SUMMARY 124

BIBLIOGRAPHY

126

Chapter

6

Malware: Defense

in Depth

129

6.1

INTRODUCTION

129

6.2 DATA

BACKUP

130

6.3

FIREWALLS

132

6.3.1 Function ofa Firewall 132

6.3.2 What

Types

of MalwareDoes aFirewall Protect

Against?

135

6.3.3

Two

Types

of Firewalls 136

6.3.4

Putting

aHolein aFirewall 138

6.3.5

Firewalls

Are Essential 139

6.4

SOFTWARE

PATCHES

140

6.4.1

Patch

Tuesday

and

Exploit Wednesday

141

6.4.2 Patches Are Not

Limited

to

Operating

Systems

141

6.4.3

Zero-Day

Vulnerabilities

142 6.4.4

Just

Patch it 142

6.5

ANTIVIRUS

SOFTWARE 143

6.5.1 Antivirus

Signatures

143 6.5.2 Function of

Antivirus Software

145 6.5.3 Antivirus Limitations 145 6.5.4 False Positives

and False

Negatives

147 6.5.5

Sneaky

Malware

147 6.5.6 Antivirus Is Nota

Safety

Net 149

(6)

6.6

USER EDUCATION

149

6.7

SUMMARY

151

BIBLIOGRAPHY

153

Chapter

7

Securely Surfing

the

World

Wide Web

155

7.1 INTRODUCTION 155 7.2 WEB BROWSER 155

7.2.1 Web Browser

and

Web Server Functions 156

7.2.2 Web

Code

157

7.2.3 HTML:

Images

and

Hyperlinks

157 7.2.4

File and Code

Handling

160 7.2.5 Cookies 164

7.3

"HTTP SECURE"

168

7.4 WEB

BROWSER

HISTORY 174

7.5 SUMMARY 177

BIBLIOGRAPHY 179

Chapter 8

Online

Shopping

181

8.1

INTRODUCTION

181

8.2

CONSUMER DECISIONS

182

8.2.1 Defensein

Depth

183 8.2.2 Credit Cardversus Debit Card 183 8.2.3

Single-Use

Credit Cards 184 8.2.4 Passwords 185 8.2.5 Do YourHomework 185

8.3

SPYWARE AND KEY-LOGGERS

186

8.4 WIRELESS SNIFFING 186 8.5 SCAMS AND PHISHING WEBSITES 186

8.5.1 Indicators of Trust 188

8.6 MISUSE AND EXPOSURE OF INFORMATION 189

8.6.1

Disclosing

Information

189

(7)

x Contents

8.7 SUMMARY 190

BIBLIOGRAPHY 191

Chapter

9 Wireless Internet

Security

193

9.1

INTRODUCTION

193

9.2

HOW WIRELESS NETWORKS WORK

194

9.3

WIRELESS SECURITY

THREATS 196

9.3.1

Sniffing

196

9.3.2 Unauthorized Connections 199 9.3.3

Rogue

Router 200 9.3.4 EvilTwin Router 201

9.4 PUBLIC WI-FI SECURITY 202 9.5 WIRELESS NETWORK ADMINISTRATION 203

9.5.1

Default

Admin Password 204

9.5.2 Service Set Identifier 205 9.5.3 Wireless

Security

Mode 206 9.5.4 MAC Address

Filtering

207 9.5.5 Firewall 209 9.5.6 Power Off Router 209

9.6 SUMMARY 209

BIBLIOGRAPHY 211

Chapter 10

Social Networking

213

10.1 INTRODUCTION 213 10.2 CHOOSE YOUR FRIENDS WISELY 214 10.2.1 AccessControl 214 10.2.2

Friend

Gluttony

215 10.2.3 Relative

Privacy

215 10.2.4

Why

Do You WanttoBe

My

Friend? 216

10.3

INFORMATION SHARING

217

10.3.1

Location, Location,

Location 217 10.3.2 What ShouldI Not

Share?

219

(8)

10.3.3

Opt

In versus

Opt

Out 220

10.3.4

Job

Market 221

10.4 MALWARE AND PHISHING 223

10.4.1 Koobface 223 10.4.2

Applications

225 10.4.3

Hyperlinks

226 10.4.4

Phishing

227 10.5 SUMMARY 228

REFERENCES

229

Chapter 11

Social

Engineering:

Phishing

for

Suckers

233

11.1 INTRODUCTION 233 11.2 SOCIAL ENGINEERING: MALWARE

DISTRIBUTION

234 11.2.1 Instant

Messages

234 11.2.2 Fake Antivirus 236 11.2.3 Emails 237 11.2.4 Phone

Calls

239 11.3 PHISHING 239 11.3.1

Phishing

Emails 239 11.3.2 No Shame Game 241 11.3.4

Other

Types

of

Phishing

242

11.4 DETECTING A PHISHING URL 243 11.4.1

Reading

aURL 245

11.4.2 Protocol 245

11.4.3

Top-Level

Domain Name 247 11.4.4 Domain Name 248 11.4.5 Subdomain Name 249 11.4.6

File Path

250 11.4.7 File 251

11.5

APPLICATION OF KNOWLEDGE

252

11.5.1 Tools of the Trade 254

11.6 SUMMARY 256

(9)

xii Contents

Chapter 12

Staying Safe Online: The Human Threat

259

12.1

INTRODUCTION

259

12.2

THE DIFFERENCES

BETWEEN CYBERSPACE AND

THE

PHYSICAL WORLD 260

12.3 CONSIDER THE CONTEXT: WATCH WHAT YOU SAY AND HOW IT IS

COMMUNICATED

262 12.4 WHAT YOU

DO

ON

THE INTERNET LASTS FOREVER

264 12.5 NOTHING IS

PRIVATE,

NOW OR

IN THE

FUTURE

265 12.6 CAN YOU REALLY

TELL

WHO YOU ARE TALKING

WITH? 266

12.7 CAMERAS

AND PHOTO

SHARING 268 12.8 I AM A

GOOD

PERSON,

THAT WOULD NEVER

HAPPEN TO

ME 269

12.9

IS THERE

ANYTHING I CAN DO TO MAKE THE

INTERNET A SAFER PLACE FOR MY CHILD? 271

BIBLIOGRAPHY

272

Chapter 13

Case Studies

275

13.1 INTRODUCTION 275 13.2 UNABLE TO REMOVE MALWARE: HELP! 275 13.3 SECURELY HANDLING SUSPICIOUS EMAIL

ATTACHMENTS 278

13.4 RECOVERING FROM A

PHISHING ATTACK

281 13.5 EMAIL ACCOUNT HACKED? NOW

WHAT?

282

13.6 SMART PHONES AND MALWARE 284

13.7

HEY! YOU! GET OFF MY WIRELESS NETWORK 286

13.8

BAD BREAKUP? SEVER YOUR DIGITAL TIES 287

13.9

"DISPLAY

IMAGES BELOW"? THE MEANING

BEHIND THE

QUESTION

287 13.10 PHISHING EMAIL FORENSICS 288 13.11

IT'S

ON THE

INTERNET,

SO IT MUST BE TRUE 292 13.12 BUYING

AND

SELLING ONLINE 294

(10)

Chapter

14

Moving Forward

with

Security

and

Book

Summary

297

14.1 INTRODUCTION 297

14.2

AFTER

THE

COMPLETION

OF THE

BOOK

297

14.3

DEFENSE-IN-DEPTH TASKS

299

14.4 CHAPTER

SUMMARIES

300

Chapter

1: Introduction 300

Chapter

2:

Computers

and

the Internet 300

Chapter

3: Passwords 301

Chapter

4: Email 301

Chapter

5: Malware 302

Chapter

6: Malware Defense 303

Chapter

7:

Securely Surfing

the Web 303

Chapter

8:

Online

Shopping

303

Chapter

9: Wireless Internet

Security

304

Chapter

10:

Social

Networking

304

Chapter

11: Social

Engineering: Phishing

for Suckers

305

Chapter

12:

Staying

Safe

Online: The Human Threat 305

Chapter

13:Case Studies 306

GLOSSARY,

307

APPENDIX A: READING

LIST,

315

APPENDIX

B: BASICS OF

CRYPTOGRAPHY,

319

References

Download now ( PDF - 10 Page - 230.01 KB )

Related documents

Ab-Initio Interview Questions

Join with DB Component joins records from the flow or flows connected to its in port with records read directly from a database, and outputs new records containing data based

PICARD - Video Games and Their Relationship With Other Media

In the United States, adaptations of animated films and television series was a less of a phenomenon, with the notable exceptions of games based on Disney characters (of which

RS Security Co., Ltd. RS Security Co., Ltd is specialized in physical access control turnstiles;

With standard fire interface, wing open for evacuation even power is not cut off when fire alarm triggered, memory can be set, swipe cards several times for group pass.. Fast

Ws Fl Training Manual

In the Warp Speed Fat Loss Nutrition Manual, Mike will go into more detail about how you can use diet to further guarantee that you do not lose one ounce of muscle while on the

Zourabichvili - El vocabulario de Deleuze.pdf

Por lo tanto, es al mismo tiempo como el pensamiento re­ clama, ante el aspecto nuevo y sin embargo inasignable de los datos, la revelación de lazos específicos que nos digan en

41-44 Lecture Microwave Solid State Devices

• Although ordinary PN junction diodes exhibit the variable capacitance effect and these diodes can be used for this applications, special diodes optimized to give the required

FRESH F IRE. MULTIMEDIA DESIGN Studio. New Logo from scratch, based on client brief, 5 options provided + reverts & changes R 1 500

Website built in the Joomla 3 CMS, customised professional template, 10 - 30 pages of info, galleries, contact form, professional business Facebook page, two additional

Drawing Winter 2013

I used a water-soluble colored pencil on areas like the handrail and pathway to make sure they re- ally popped.” When working on a white sur- face, Averill uses the corner of a f