IST Unit 2 Notes - Lesson 3 Digital Security Risks Name:

**this is expected to be on your desk at all times! Answers are in slideshows on Canvas.
WHAT’S THE RISK OF USING THE INTERNET?
● Think about how much we rely on the internet to perform our daily activities
● Our digital footprints leave traces of our activities everywhere
● Crucial that users take measures to protect or safeguard their computers, mobile devices, data, and programs from loss,
damage, and misuse

loss of or damage to computer hardware

● Digital Security Risk any event or action that could ___________________________________________,
software, data, information, or processing capability

● Security breaches can be accidental or intentional

Most intruders will only access data,

● Most intruders will only __________________________________________________________________ on
the computer system

● Some intruders may leave evidence of their presence by leaving a message or deliberately alter data
Cybercrimes

● Computer Crime: Any illegal act involving the use of a computer

__________________________________________
or related devices
internet-based illegal acts
● Cybercrime: online or __________________________________________
o Distributing malicious software
o Committing Identity theft

● Crimeware: software
__________________________________used by cybercriminals

Hacker someone who

accesses a computer or network
_______________________________ Cracker someone who Script Kiddie:
illegally
_______________________________ accesses a computer or network illegally has the same intent
intent of destroying data
with the __________________________ as a cracker but
● White hat: works to find the security ________________________________, does not have the
_______________
reaches to improved security stealing information, or other malicious _______________
technical skills and
actions _______________
knowledge
● Black hat: goal is to exploit the data ● will use pre-written
and do harm hacking and
Cyberextortionist someone who
demands payment to stop an attack
_______________________________ cracking programs
● Grey hat: may sometimes violate the to break into
_______________________________
laws or ethics, but does not have computers and
on an organization’s technology
malicious intent networks
infrastructure if they are not paid a sum
of money
● Cyberterrorist someone who uses the
Internet or network to ● Threaten to expose confidential
destroy or damage computers for political
_______________________________ information
_____________________________
reasons
● Exploits security flaws
● Cyberwarfare: an attack whose goal
ranges from disabling a government’s ● Launch an attack that will
computer network to crippling a compromise the organization’s
country network
 install themselves
Malware: ________________________________________________________________ on your computer
deliberately alter the computer's operations
without your knowledge or consent and _________________________________________________________
● pop up ads
● track your movements online
● Common to infect a device through email

destructive event or prank

Payload: __________________________________________________________________

software that delivers ads

Adware: __________________________________, mainly in a banner or pop ups, to your desktop
● can be installed when you download other programs

blocks or limits access

Ransomware: program that __________________________________________________________________
until the user pays a specified amount of money
to a computer, phone, or file __________________________________________________________________

gain access to the root of a computer system

Rootkit: program designed to ________________________________________________________________
that controls the hardware or software
● cannot be detected
● hides in a computer and allows someone from a remote location to take full control of the computer
__________________________________________________________________________________
Spyware: spies on the activity of a computer without your knowledge
● Collects information you and transmits the information to an outside source while you are online
__________________________________________________________________________________
● Tracks your browsing habits or activities online
● Keylogger can be used to learn passwords, account numbers, etc

looks like a legitimate program

Trojan: Hides within a computer and ___________________________________________________________
● Does not replicate itself to other computers or devices
● Opens a back door to your system
___________________________________________________ for hackers to access without detection

Virus: program that can _____________________________________________________________

reproduce itself and spread from computer to computer through a
file attachment

Worm: program that replicates itself and infects the entire network
_________________________________________________________________________
● Uses up resources and shuts down a device or network
● does not have to be attached through a file

Denial of Service Attacks

Botnets:
● A
group of compromised computers
___________________________
or mobile devices connected to a
network, such as the Internet, that
are used to attack other networks,
usually for nefarious purposes
● Zombie: a compromised device
whose owner is unaware the
device is being controlled remotely
by an outsider
● An assault whose purpose is to disrupt computer access to an Internet service, such
_______________________________________________________
_____________________________________________________
as the web or email
● May use an unsuspecting computer to send an influx of confusing
data messages or useless traffic to a computer network
Victim computer network slows down considerably
● ______________________________________________________
and eventually becomes unresponsive or unavailable, blocking
legitimate visitors from accessing the network
DDoS Attack
● A zombie army is used to attack computers or computer
Networks

● Bot: a program that performs a ● Attacks have been able to stop operations temporarily at
repetitive task on a network numerous websites, including powerhouses such as Yahoo!,
eBay, Amazon.com, and CNN. com
 allows user to bypass security controls
Back Doors: A program or set of instructions in a program that ____________________________________
_______________________________________________ when accessing a program, computer, or network
● Allows them to continue to ___________________________________________________________
access the computer remotely without the user's knowledge
● A rootkit can be a back door

How can you get Malware on your computer?

appears to be from a legitimate
● Phishing/Spoofing: practice of using email or a fake website that ______________________________
company in an attempt to scam you for information
__________________________________________________________________________________

● IP spoofing occurs when an intruder computer fools a network into believing its IP address is associated with a
trusted source

● Email spoofing occurs when the sender’s address or other components of an email header are altered so that it
appears that the email message originated from a different sender

Safeguards Against Attacks

Authentication
Firewalls passwords
● use of ________________________________ to make sure people
● Hardware and/or software that accessing information are who they claim to be
protects a network's resources from
_________________________________
___________________________by
intrusion finger prints
● can also use ______________________ (called biometric scanning)
users on another network facial recognition
or ____________________________________________to activate

● Used to protect network resources from

outsiders and restrict sensitive data Access Controls
A security measure that defines who can access
● ______________________________________________________
Personal Firewall a computer, device, or network and when they can access it
● Detects and protects a personal
log on name
● User Name or ID: _______________________________, or sign in
computer and its data from unauthorized
intrusions name is a unique combination of characters, such as letters of the
alphabet or numbers, that identifies one specific user
● Constantly monitor all transmissions to
private combination of characters
● Password: __________________________________ associated with
and from the computer and may inform a
user of any attempted intrusions a user name that allows access to certain resources

Information Security
● Digital signature an encrypted code that
a person, website,or organization
attaches to an electronic message to verify
________________________________
________________________________
the identity of the message sender
● Used to ensure that an impostor is not
participating in an Internet transaction
● Digital Certificate: a notice that
guarantees a user or a website is legitimate
_________________________________
_________________________________
● Secure Site: A website that uses
uses encryption techniques to secure its
_________________________________
data
_________________________________
● Uses HTTPS in the URL and may
display a closed lock
combinations of words
● Passphrase: a private ______________________________, often
containing mixed capitalization and punctuation, associated with a user
name that allows access to certain computer resources
○ More secure than passwords because they are longer
a numeric password
● PIN (Personal Identification Number): _________________________,
________________either assigned by a company or selected by a user
● Possessed Objects: any item that you must possess
_____________________________________, or
carry with you, in order to gain access to a computer or computer facility
○ EX: Smart cards, badges
translating a
● Biometric Scanners: authenticates a person’s identity by ___________
______________________________________
personal characteristic such as a fingerprint,
into a digital code that is compared with a digital code stored in
___________________________
a computer
_____________________________________ or mobile device verifying
a physical or behavioral characteristic
○ Fingerprint reader, facial recognition, voice verification