Research Paper : To write a 7-9 page paper (minimum 4 references) from articles

Question

Research Paper: To write a 7-9 page paper (minimum 4 references) from articles that relate to a specific topic covered in the text this course. The paper should contain a title page and a reference page. This assignment is not just a review of articles, but conclusions from articles reviewed based on facts presented in the articles. It must be written in APA format.

Topic :

Safe Computing:
A lot of the threats today you can combat yourself, just armed with a little bit of knowledge. Internet security software is an essential piece of the cyber security pie, however, it can’t protect you form every single threat out there. Comprehensive Internet security software, coupled with a well educated user will go a long way on the threat landscape, so get your learn on, and empower yourself to navigate the web safely.

Some search guide to related topic:

The Importance of General Software Updates and Patches

How To Protect Yourself From Phishing Scams

How To Safely and Securely Use USB Memory Sticks

SSL Certificates: What Consumers Need to Know

5 Ways You Didn't Know You Could Get a Virus, Malware, or Your Social Account Hacked

What is Social Engineering?

What Is A Man In The Middle Attack?

Public Wi-Fi Security 101: What Makes Public Wi-Fi Vulnerable To Attack And How To Stay Safe

Best of luck.

Explanation / Answer

The Importance of General Software Updates and Patches

Answer:

Once a software application is released for production, it goes into the maintenance phase. This phase takes care of all the bugs, security holes and other issues that are reported by the users/other sources, which if not addressed timely will affect the quality and performance of the software, ultimately resulting in user dissatisfaction. Vendors release service packs or patch updates on regular interval to maintain the current release or version of the software. This may contain patches for:

On the other hand, upgrades are released as a totally new version of software. Upgrades generally contain enhancements to previous versions in terms of new features, capabilities, design, UI and are mostly requirement driven. Upgrades are important to keep systems updated with new technology and provide interoperability with other systems. Further, in some cases upgrades are made mandatory if the vendor decides to discontinue support for the existing/older versions.

Software updates perform a myriad of tasks. They are available for both our operating system and individual software programs. Performing these updates will deliver a multitude of revisions to your computer, such as adding new features, removing outdated features, updating drivers, delivering bug fixes, and most importantly, fixing security holes that have been discovered.

Web server Updates fall under application software and are treated the same way as any other updates or upgrades, but are specific to web server. This could be in the form of a security patch, support for new technologies or general bug fixes.

Patch management allows you to proactively manage patches and software updates by automating the collection, analysis and delivery of patches across your enterprise. The solution consists of a central, extensible repository to house various operating systems, hardware and software vendors' patches, as well as improved installation inventory and specific software update distribution options.

How To Protect Yourself From Phishing Scams

Answer:

To help you protect yourself from phishing, we offer the following tips:

You should always be careful about giving out personal information over the Internet. Luckily, companies have begun to employ tactics to fight against phishers, but they cannot fully protect you on their own.

Remember that you may be targeted almost anywhere online, so always keep an eye out for those “phishy” schemes and never feel pressure to give up personal information online.

How To Safely and Securely Use USB Memory Sticks

Answer:

You may have noticed growing reports in the media about the dangers of using USB memory sticks. It is true, they are susceptible to being exploited like everything else, however, and these exploits aren’t terribly easy to carry out by hackers. Mostly because an attacker needs physical access to your computer in order to infect it.

What Can a “Bad” USB Stick Do?

A malicious device can install malware such as backdoor Trojans, information stealers and much more. They can install browser hijackers that will redirect you to the hacker’s website of choice, which could host more malware, or inject adware, spyware or greyware onto your computer. While the ramifications of these threats can range from annoying to devastating, you can stay protected from these threats.

Staying Protected is Easier Than You Think

SSL Certificates: What Consumers Need to Know

Answer:

E-commerce has grown at exponential rates in the past decade, with consumers quickly recognizing the convenience of purchasing goods online. This growth in online purchases rests upon a foundation of trust. People trust that the websites they use to track finances and make online purchases are secure and legitimate largely because of Secure Socket Layer (SSL) certificates.

SSL certificates verify that the provider is who they claim to be and also indicate secure connections between personal devices and company websites. There are three types of SSL certificates, each requiring a different level of authentication: DV, OV and EV.

Understanding the differences among each SSL certificate type is important to help prevent falling victim to scammers. For example, DV certificates are quick and easy to procure and don’t require any type of information indicating the person trying to get the DV certificate actually represents a legitimate business. Fraudsters often use DV certificates to lure consumers to phishing websites that look authentic but are designed to steal sensitive information. For this reason, doing any type of ecommerce transaction on a DV-only site poses risk.

SSL certificates verify that the provider is who they claim to be and also indicate secure connections between personal devices and company websites. Understanding SSL certificates is important to help prevent falling victim to scammers. Because at the end of the day, not all sites, or SSL certificates, are created equal.

Different types of certificates

Website owners purchase SSL certificates through Certification Authorities (CA). There are three different types of SSL certificates, each providing a different level of security. The problem is that, even though all of these certificates provide the safety padlock in the URL bar of a browser, along with the HTTPS (“S” indicating “secure”) in the address bar, the levels of security between types of certificates differ greatly. This is why it is important to understand what kind of SSL certificate a site is using when looking to perform financial transactions or anything involving personal user data.

5 Ways You Didn't Know You Could Get a Virus, Malware, or Your Social Account Hacked

Answer:

Most tech-savvy folks are familiar with the standard forms of malware: phishing scams, adware, spyware, viruses, worms and the like. However, as technology advances, so do cybercriminals, and they are attempting to fly lower under the radar to get your information. As a result there are newly emerging forms of malware that you may not be aware of.

Social Media Scams and Malware

Grayware is a form of malware that doesn’t really do any physical damage to your data as other malware can, and it presents itself in a more annoying matter, such as adware and spyware. It has a high prevalence in social media, usually in the form of “click bait”, where an enticing article will lead you to a website that asks that you fill out a quick survey before accessing the media. That information is then collected and sold to other cybercriminals and can be used in attempts to hack into your personal accounts. If you want to learn more about how to protect yourself against these kinds of scams, you can check out an article I previously wrote about Social Scams, when the fake Robin Williams “Goodbye” Video SCAM went viral.

In addition to grayware running rampant on these platforms, there are also high risks of encountering dangerous malware across social networks. When the television show, “Breaking Bad”, was in its heyday, there was a popular Twitter scam making the rounds. Links were posted luring users to download a leaked copy of the next unaired episode. Following the link led the user to a page where a file is downloaded. The page directed users to another link to install a program that would allow them to play the video. The link sent users to an affiliate program, which was how the spammers made money. Granted, this scam seemed fairly harmless to the user’s computer, however, there are other instances where what is downloaded can be a dangerous malware program. Always use caution when clicking on unknown links and attempting to download unknown files.

Exploit Kits

Exploit kits are generally what they sound like - a malicious toolkit that searches your computer for software that has not been updated. These kits look for security holes in software with the goal of implanting malware on the user’s machines. This can happen by visiting websites that have malvertising on them. Malvertising can be found on any website, trusted or unknown, and it uses online advertising by embedding malicious code in legitimate advertisements. Recently, Yahoo was a target(link is external) of this by hosting malicious ads that redirected users to websites hosting these kits. Exploit kits are not always found in malvertising, however. The popular men’s website Askmen.com was recently compromised to redirect users to a site hosting an exploit kit. This is why it is very important to make sure all of your software is up to date.

Mobile Ransomware
Ransomware on computers isn’t a new threat, but recently it has started to migrate to popular mobile platforms. Ransomware is a program that will target important files such as photos and documents and encrypts them, blocking the user from accessing them. The user is then sent a message demanding payment to unlock the files. Earlier this year, the first versions of mobile ransomware were spotted in the wild. The ransomware is contracted by visiting an infected site and then is automatically downloaded to the phone, or by downloading a malicious app. If your device becomes infected, do not pay the fee! Instead, make sure you get in the habit of regular backups and restore your phone from the most recent backup. You can learn how to spot fake mobile apps by checking out “How to Spot a Fake Android App.”

Online Gaming Malware Attacks
There have been a few instances of gaming malware in the media lately. One that may not cost you money, but it can cost you the many hours you’ve spent building up your characters. Twitch.tv, a website used to stream live gameplay was recently infiltrated by a bot in their chat rooms that lured users using raffles. Upon clicking the link to enter the raffle, a Java form displays a phony raffle form. After filling out the form, the malware installs itself on the user’s computer, targets the user’s Steam account and then wipes out the entire Steam wallet and inventory. In turn, the cybercriminals will sell the user’s items on the Steam community for money. Similarly, there was an issue with a malicious trojan(link is external) in the popular World of Warcraft game, masquerading as a legitimate game add-on. Once installed, the trojan completely takes over the user’s account. It is highly recommended that users not disable their antivirus programs when playing online games.

Browser Extension Adware and Malware
Browser extensions are a very popular add-on used for a multitude of tasks while surfing the Internet. But I bet you’re not aware that some of them can be stealing your information! Some malicious extensions will either track every site you visit or inject adware into those sites. While this is not a huge concern as far as what this will do to the data on your computer, it is a pretty large privacy concern. Attackers can use these extensions to perform click fraud by adding rogue ads to websites and redirecting you to those sites. Although this is lower on the threat level, this newer form of malware is evolving into something much more invasive. As a matter of fact, the European Union Agency for Network and Information Security (ENISA) has warned (link is external)that there has been an increase in malicious browser extensions that are aimed at taking over social network accounts. So while at the moment, they’re not at the top of the threat list, they’re definitely something to keep an eye on.

Internet threats can appear in all shapes and sizes, many of which you may not be aware of. Luckily, the new Norton is. We have your back so you don’t have to worry about every little thing you may come across, and you can go about your business and leave the complicated stuff to us.

What is Social Engineering?

Answer:

Social engineering is the non-technical cracking of information security (IS). It applies deception for the sole purpose of gathering information, fraud or system access. A number of tactics may be used, including:

Social engineering was initially associated with the social sciences. However, the way it is used also makes it relevant to computer professionals, as it is a significant threat to any system's security.

Spear phishing is a common social engineering technique. For example, a phisher may send an email to addresses at a target company asking a user to verify security information. The email is made to appear legitimate and from the IT staff or senior management, along with a warning for major consequences if the required information is not provided. As with a regular phishing attack, the victim clicks a link that goes to a site the hacker sets up to gather the sensitive information, generally with the look and feel of the real website. After obtaining the info, the hacker has the ability to access the company's network by using a legitimate login.

Dumpster diving refers to a literal search of an organization's garbage for information that can be used to access a company's network. Companies often discard sensitive information, including system manuals, which intruders use to access information systems. In some cases, unerased and complete hard drives with extremely sensitive information are discarded, allowing a dumpster diver to easily boot up and obtain information.

Social engineering is as dangerous and harmful as any other technical attack. In fact, you could argue that social engineering is more serious than other threats, as humans are always in a vulnerable state. It is not that tough to properly configure a firewall. It is very difficult to train new staff about the dangers of social engineering exploits.

What Is A Man In The Middle Attack?

Answer:

A man-in-the-middle (MITM) attack is a form of eavesdropping where communication between two users is monitored and modified by an unauthorized party. Generally, the attacker actively eavesdrops by intercepting a public key message exchange and retransmits the message while replacing the requested key with his own.

In the process, the two original parties appear to communicate normally. The message sender does not recognize that the receiver is an unknown attacker trying to access or modify the message before retransmitting to the receiver. Thus, the attacker controls the entire communication.

This term is also known as a janus attack or a fire brigade attack.

MITM is named for a ball game where two people play catch while a third person in the middle attempts to intercept the ball. MITM is also known as a fire brigade attack, a term derived from the emergency process of passing water buckets to put out a fire.

The MITM intercepts communications between two systems and is performed when the attacker is in control of a router along normal point of traffic. The attacker in almost all cases is located on the same broadcast domain as the victim. For instance, in an HTTP transaction, a TCP connection exists between client and server. The attacker splits the TCP connection into two connections – one between the victim and the attacker and the other between attacker and the server. On intercepting the TCP connection, the attacker acts as a proxy reading, altering and inserting data in intercepted communication. The session cookie reading the HTTP header can easily be captured by the intruder.

In an HTTPS connection, two independent SSL connections are established over each TCP connection. An MITM attack takes advantage of the weakness in network communication protocol, convincing the victim to route traffic through the attacker instead of normal router and is generally referred to as ARP spoofing.

Public Wi-Fi Security 101: What Makes Public Wi-Fi Vulnerable To Attack And How To Stay Safe

Answer:

A free Wi-Fi connection can seem like a lifesaver when you’re on the go. Public Wi-Fi can be found in popular public places like airports, coffee shops, malls, restaurants, and hotels — and it allows you to access the Internet for free. Of course, we all know jumping on a free Internet connection can be a convenient way to access online accounts, catch up on work, and check emails while on the go. These “hotspots” are so widespread and common that people frequently connect to them without thinking twice. However, the security risks should not be forgotten.

If you decide to use public Wi-Fi, just be aware that you could be making yourself an easy target for hackers — and putting your information and more at risk. Although it sounds harmless to log on and check your social media account or browse some news articles, reading e-mail, checking your bank account, or performing any activity that requires a login is risky business on public Wi-Fi.

The average free public Wi-Fi isn’t secure and just because you may need a password to log in, it doesn’t mean your online activities are encrypted. Various reasons make public Wi-Fi susceptible to attack. One issue has to do with the encryption protocol used by some wireless networks. Another reason has to do with the possibility of joining a rogue Wi-Fi hotspot.

While the best way to protect your information is to avoid accessing sensitive information or performing sensitive transactions when connected to public Wi-Fi, there are additional measures you should be aware of. These articles can help you learn more about the risks and what else you can do to be safe when surfing on Wi-Fi anywhere.

The average free public Wi-Fi isn’t secure and just because you may need a password to log in, it doesn’t mean your online activities are encrypted.

Various reasons make public Wi-Fi susceptible to attack. One issue has to do with the encryption protocol used by some wireless networks. Another reason has to do with the possibility of joining a rogue Wi-Fi hotspot.

Some wireless networks may use older standards for encryption, which can cause security problems. Wireless Encryption Protocol (WEP), one of the first encryption schemes for wireless networking devices, was found to be weak and easily susceptible to being cracked. Wi-Fi Protected Access (WPA) was intended to replace WEP as the standard for wireless networking devices, but it too was found to have weaknesses. Given their flaws, users are especially at risk when connected to a wireless network that uses these encryption protocols. In fact, tools like Aircrack-ng, available online, are built to perform brute force attacks to crack weak keys on networks using WEP or WPA.

Another issue that can arise when attempting to use free public Wi-Fi is the risk of joining a rogue Wi-Fi hotspot. In such case, an attacker creates a rogue hotspot with the intent to unleash man-in-the-middle (MITM) attacks on unsuspecting victims that join their rogue network. This type of attack allows an attacker to intercept the communication between you and the servers of the websites you visit, allowing them to read, insert, and modify messages.

With pre-built kits that can perform MITM attacks, even minimally skilled hackers can easily eavesdrop and monitor your online traffic to capture valuable information, such as login credentials, credit card numbers, and social security numbers.

Signs you may be logged on to a rogue Wi-Fi

Devices are known to probe for known Wi-Fi networks, and attackers can use this to their advantage. An attacker’s rogue Wi-Fi hotspot can pretend to act as your home network or as a public network that you might come across at a coffee shop. Instead of connecting to a real public Wi-Fi hotspot, your device ends up connecting to the attacker’s rogue hotspot and now the attacker is sitting between you and the actual Wi-Fi network, so they are able to see your online traffic. Another tactic that can be used is to create a public Wi-Fi network called “Free Wi-Fi” and wait for victims to join. Naturally, lots of people will try to connect, especially if free Internet service is being offered.

If you’re away from home, say at a coffee shop, and all of a sudden your computer shows that you're connected to your home network. Chances are someone could have caught your computer’s broadcast request. In some cases, if you’re browsing a website that you know should be encrypted (HTTPS) such as your bank or your favorite social networking site, but the page is rendering in HTTP, then someone might be performing a man-in-the-middle attack and serving you the HTTP version of the site in order to capture your login credentials.

Measures you can take to stay protected on public Wi-Fi

Generally speaking, as a precaution, you shouldn’t engage in any sort of sensitive web browsing, such as accessing your bank account or entering payment details when connected to public Wi-Fi. Consider these additional safety measures to keep your information protected:

Related Questions

Navigate

• Browse (All)
• Browse R
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.