TASK ways to compromise our personal computer

TASK 01 Write down allpossible ways how your personal computer system could be compromised. What arethe possible attack vectors? 1.1 An Overview of Compromised Computer “Compromised”is a good way of saying that someone or something has maliciously broken intoyour computer without your knowledge or permission. It means that you cannottrust the integrity of any file on your computer (including program files,image files, operating system files, etc.

). You cannot find a copy of yourcomputer without copying “right before compromising” to match yourfiles, your password, or your personal information.Steps forcompromise the personal computer 1.     Disconnect thecomputer from the network2.     Contact the InformationSecurity Office3.     Give users toany computer of temporary service interruption4.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

     There is norecord information on a computer that is not compromised5.      Wait for further instructions from the Information Security Office There are many possibleways to compromise our personal computer system ·        We can always install OperatingSystem updates·        We can keep our installedapplications up-to-date·        We cannot use the same passwordat every site·        We can Installand be sure to update your anti-virus software·        We can use afirewall·        We can backupour data·        We can enablethe display of file extensions·        We do not openattachments from people you do not know·        We can ignoreemails that state you won a contest or a stranger asking for assistance withtheir inheritance·        We can watch outfor online and phone support scams·        We can ignoreweb pop ups that state your computer is infected or has a problem      1.2 Attack VectorAn attack vectoris defined by technique through hackers for unauthorized access to a device ornetwork for technical purposes. In other words, it is used to attack or use anetwork, computer or device.

Attack vectors assist wavelength elements toattack the system or network impacts, including human traits. Viruses, emailattachments, web pages, popup windows, instant messages, chat rooms andcheating. These Modes include programming (or, in some cases, hardware), ahuman operator, or fraud protection system, except for fraud. To some extent,firewalls and antivirus software can prevent attack vectors.

But the securitysystem is not entirely a source of attack. Hackers are continuously updatingthe attack vectors and looking for new Ones and in their search for securingunauthorized access to computers and servers, there is no effective securitysystem for a long time. Most common types of software attacks are viruses, worms,Trojan horses, logic bombs, back doors, denial-of-service, alien software,phishing and pharming.   Viruses Segments ofcomputer code that performs unintended actions ranging from merely annoying todestructive. It is a piece of self-replicating code embedded within anotherprogram (host). Viruses associated with program files·        Hard disks, floppy disks, CD-ROMS·        Email attachments  How virusesspread·        Diskettes or CDs·        Email·        Files downloaded from Internet  Well-knownviruses·        Brain·        Michelangelo·        Melissa·        Love Bug Viruses today·        Commercial antivirus software·        Few people keep up-to-dateWorms Destructiveprograms that replicate themselves without requiring another program to providea safe environment for replication.Self-containedprogramIt spreadsthrough a computer networkExploitssecurity holes in networked computersFamous worms·        WANK·        CodeRed·        Sapphire(Slammer)·        Blaster·        Sasser Trojan horses Software programs that hide in other computer programs andreveal their designed behavior only when they are activated.

 Program with benigncapability that masks a sinister purpose Remote accessTrojan: Trojan horse that gives attack access to victim’s computer·        BackOrifice·        SubSeven RAT serversoften found within files downloaded from erotica/porn Usenet sites Give attack withthe complete control of the affected computer. The attackers usually hide theTrojan horse from running games on their PCs in games and other small programs. Logic bombsDesigned toactivate and perform a destructive action at a certain time.  Back doors ortrap doorsTypically apassword, known only to the attacker, that allows access to the system withouthaving to go through any security.

 Denial-of-service  An attacker sends so many information requests to a targetsystem that the target cannot handle them successfully and can crash the entiresystem.    1.3 Alien Software Attacks Pestware: Clandestinesoftware that uses up valuable system resources and can report on your Websurfing habits and other personal information.

Adware: Designedto help popup advertisements appear on your screen. Spyware:  Software that gathers userinformation through the user’s Internet connection without their knowledge(i.e. keylogger, password capture).  Spamware: Designed to useyour computer as a launch pad for spammers. Spam: Unsolicitede-mail, usually for purposes of advertising. Cookies: Small amount ofinformation that Web sites store on your computer, temporarily or more-or-lesspermanently  Web bugs: Small, usually invisible, graphic images that are added to aWeb page or e-mail.

 Phishing: Uses deceptionto fraudulently acquire sensitive personal information such as account numbersand passwords disguised as an official-looking e-mail.  Pharming: Fraudulentlyacquires the Domain Name for a company’s Web site and when people type in theWeb site URL they are redirected to a fake Web site.              1.

4 Types of Attacks Interruption -An asset is destroyed, unavailable or unusable (availability) Interception -Unauthorized party gains access to an asset (confidentiality) Modification -Unauthorized party tampers (unauthorized alternation) with asset (integrity) Fabrication – Unauthorizedparty inserts counterfeit (fraudulent imitation) object into the system (authenticity) Denial -Person denies taking an action (authenticity)   Passive attacks: ·        Eavesdropping (secretly listen to aconversation)·        Monitoring Active attacks: ·        Masquerade – oneentity pretends to be a different entity·        Replay – passivecapture of information and its retransmission·        Modificationof messages -legitimate message is altered·        Denial of service – prevents normaluse of resources. An intentional action designed to prevent legitimate usersfrom making use of a computer service. Goal of this attack is disrupt aserver’s ability to respond to its clients. About 4,000 Web sites attacked eachweek.                TASK 02 Congratulations!You are elected member of the newly established computer and data security teamin ABC institution.

1)     Makea list of all possible risks that can have an impact on the security andstability of your data and internal and external Information & Technologyservices.2)     Makea list of recommendations to lower the risks.  2.1 What is Computer System Security Risks? Computersecurity risks are the process of performing any damage or damage to computerhardware, software, data, information or processing capabilities. 2.2 Types of Computer Security Risks·        Internetand network attack·        Unauthorizedaccess and use·        Hardwaretheft·        Softwaretheft·        Informationtheft·        Systemfailure 2.3 Internet and network attack Information sentvia networks has a higher risk of security than a company’s premises. It contains·        Malware·        Botnets·        BackDoors·        Denialof service attacks·        Spoofing Malware (malicious software)  A program thatacts without knowledge of any user and intentionally changes the systemperformance.

  Type of malware:i.                   Computerviruses ii.                 Wormsiii.                Trojan Horses iv.

               Rootkitv.                 Backdoor vi.               SpywareBotnets Compromised computers that are connectedto a network like the Internet that use networks that attack other networks areusually used for wrong purposes. Backdoor  A program or set of instructions in aprogram that allow users to bypass security controls when accessing a program,computer, or network Denialof service attacks or DoS attack It is an assault whose purpose is todisrupt computer access to an Internet service such as the Web or e-mail. Spoofing A technique intruders use to make theirnetwork or Internet transmission appear legitimate to a victim computer ornetwork.   2.

4Unauthorized Access and Use Unauthorizedaccess The use of a computer or network withoutpermission. Unauthorizeduse The use of a computer or its data forunapproved or possibly illegal activities.   2.5Hardware Theft and Vandalism Hardwaretheft It is the act of stealing computerequipment. Hardwarevandalism The act of defacing or destroyingcomputer equipment.

       2.6Software Theft ·        Stealssoftware media·        Illegallycopies a program·        Intentionallyerases programs·        Illegallyregisters and/or activates a program  2.7Information Theft ·        Occurswhen someone steals personal or confidential information. ·        Ifstolen, the loss of information can cause as much damage as (if not more than)hardware or software theft.  2.8System Failure ·        A system failure is the prolongedmalfunction of a computer ·        A variety of factors can lead to systemfailure, including: o  Aging hardware o  Natural disasterso  Electrical power problems Ø  Noise,undervoltages, and overvoltages o  Errors in computer programs  2.9Recommendations to lower the risks ·        Install quality antivirus·        Install real-timeanti-spyware protection·        Keep anti-malwareapplications current·        Perform dailyscans·        Disable autorun·        Disable imagepreviews in Outlook·        Don’t click onemail links or attachments·        Surf smart·        Use ahardware-based firewall·        Deploy DNS protection

x

Hi!
I'm Mary!

Would you like to get a custom essay? How about receiving a customized one?

Check it out