Professional Documents
Culture Documents
Lecture 5 - Securing IS
Lecture 5 - Securing IS
Lecture 5 - Securing IS
Lecture 5
9
Distributed Denial-of-Service (DDoS)
Attacks
• Does not involve a break-in at the target computer
12
Phishing
• Smishing
– Phishing via short text messages
• Vishing
– Phishing via voice mail messages
16
Types of Attackers
• Attackers include:
– Adventure seekers wanting a challenge
– Common criminals looking for financial gain
– Industrial spies trying to gain an advantage
– Terrorists seeking to cause destruction
• Different objectives and access to varying
resources
• Willing to take different levels of risk to accomplish
an objective
• Crackers
– Cracking is a form of hacking with clear criminal
activity such as: Steal data and corrupt systems
• Cyberterrorist
– Attacks computers or networks in an attempt to
threaten or force a government to advance certain
political or social objectives
– Seeks to cause harm rather than gather information
– Destroys infrastructure components of financial
utilities and emergency response units
Ethics in Information Technology, Fourth Edition 21
Cybersecurity Tracks
22
Cybersecurity Tracks
• Defensive Track: Uses a reactive approach to security that
focuses on prevention, detection, and response to attacks. It
uses more traditional methods to keep networks safe from
cyber crime. The tactics rely on a thorough understanding of a
system environment and how to analyze it to detect potential
network flaws. This analysis influences the development and
deployment of preventive and protective measures that
discourage or outright stop cyber attacks.
25
Skills and Certifications
• An ethical hacker should have a wide range of computer skills.
They often specialize, becoming subject matter experts (SME) on
a particular area within the ethical hacking domain.
29
Exercise: Replace with Scientific Term
1. Legitimate-looking emails which lead users to fake
web sites to get recipient to reveal personal data.
2. Use hacking to achieve a political or social goal.
3. The computers taken over in DDoS attacks.
4. A form of hacking with clear criminal activity to steal
data and corrupt systems.
5. An authorized attempt to gain unauthorized access
to a computer system, application, or data.
6. Test limitations of systems out of intellectual
curiosity, some are smart and talented.
30
Exercise: Match
Column A Column B
1. Viruses A. Target machine is busy responding to
E stream of automated requests by zombies
D 2. Competitive B. Perpetrators who are authorized to access
intelligence the very systems they abuse
3. Denial-of-service C. Set of programs that enables administrator
A attack level access to a computer thus attacker
gains full control of system
B 4. Malicious D. Legally obtained information gathered
insiders using sources available to the public
F 5. Trojan horses E. Spread by the action of the “infected”
computer user
32