Objective: Identify a security threat to personal computers and computer systems

Question

Objective: Identify a security threat to personal computers and computer systems from the Internet.

Report Requirements:

Report should be double-spaced

Contain an appropriate title

Your name in subtitle (line beneath title) and have a blank line after it

Indent paragraphs

Explain why the item is a security threat first! You may quote from the internet be sure

and give credit.

No typos.

Use complete sentences.

Instructions: Choose one of the following ideas and write a 1 to 1 12 page report on the topic. Document your sources. You may not use your textbook. Use at least 3 different sources from the internet. Answer the question(s) in bold at the end of your choice.

1. Bank Card Breaches: In the last decade there have been numerous high-profile breaches involving the theft of data from millions of bank cards—TJX, Barnes and Noble, Target and Home Depot to name a few. Some of these involved hacking the point-of-sale systems inside a store to steal card data as it traversed a retailer’s network; others, like the Barnes and Noble hack, involved skimmers installed on card readers to siphon card data as soon as the card was swiped. Knowing this is a possible, how can you be more careful and protect your credit?

2. Data Destruction: Malware can wipe data and master boot records from your hard drive and render your systems inoperable. What steps can you take to protect your computer from malware and your data in case it is destroyed?

3. Ransomware Attacks: Ransomware is a type of malware that restricts access to the system that it infects in some way, and demands a ransom paid to the operators of the malware for the restriction to be removed. CryptoLocker is one of these programs. What things can you do to protect against ransomware?

4. Mobile Pay Systems/eWallets: Mobile payment systems such as Apple Pay have made it faster for consumers to pay. Cybercriminals will be looking for flaws in these systems. What positive security features do mobile payment systems have to protect the user?

5. Privacy and email: Unless you take special precautions, nothing you send by email is secure. Free email accounts use the contents of your messages to target advertising. Employers can read your email if sent through their systems. So knowing your email is not private,

6. Social networking Web sites: These have become established forums for keeping in contact with old acquaintances and meeting new ones, for sharing personal information, and for establishing mobile communication capabilities. The information you share with your online contacts allows you to keep in touch without much effort. But who else is looking at that information? And how are they going to use it? What can you do to protect yourself from stalkers, etc. on these sites?

7. Jobseekers: Potential employers often use whatever information they can gather about an applicant in making a hiring decision including searching social media sites. Should it matter to potential employers what information you post on your personal website?

8. Electronic Tracking: Information may be gathered from a user’s actions online using “cookies” (short strings of text stored on one’s hard drive). One website can read a cookie set by another website. How can you limit how much information cookies obtain about you?

9. Spam Mail: Junk email. Not all spam is just plain junk, often times spam is infected with malware. How can you protect or limit amount of spam you receive? What should you do if you get spam?

10. Wi-Fi Vulnerabilities: Wi-Fi helps users browse the internet wirelessly or in public places. However, unsecured Wi-Fi connections or compromised Wi-Fi networks can allow a third party to browse or monitor another person’s computer. So if you use these free wi-fi areas (Starbuck, Panera bread, airport, etc.), what can you do to protect yourself and what should you not access in these public places?

11. Using Weak or common passwords: You can find most common passwords used by doing an internet search. Why is it not a good reason to use the same password for all your sites? What are some ways, you can securely keep up with your different passwords?

12. BYOD (bring-your-own-device): is a workplace concept where workers bring their own computers and mobile devices to work. Workers or students connect their devices on the school or work network. Why is this a concern to schools and businesses?

13. Social Engineering: A tactic aimed at manipulating people into divulging confidential data of either a personal or corporate nature. How can you protect yourself of company against social engineering attacks?

Explanation / Answer

Rensomware

Ransomware is a form of malware in which rogue software code effectively holds a user's computer hostage until a "ransom" fee is paid. Ransomware often infiltrates a pc as a computer worm or Trojan horse that takes advantage of open security vulnerabilities. Most ransomware attacks are the result of clicking on an infected e-mail attachment or visiting a hacked website.

Ransomware typically propagates as a trojan, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program then runs a payload. Payloads vary, with the simplest simply displaying a fake warning notice. Such scareware-based ransomware display notices that imitate those issued by companies or law enforcement agencies and falsely claim that the system has been used for illegal activities, or contains illegal content such as pornography and pirated software or media. Some ransomware payloads imitate product activation notices, falsely claiming that a computer's installation is counterfeit or requires re-activation.

How Rensomware works

1.    Initial ransomware infection: typically via an email attachment, a malicious download or installed by other malware.

2.    Ransomware alters the relevant registry keys and files to make sure its code is running when the computer runs.

3.    Calling home: malware calls the attacker’s server to get encryption keys and register the attack.

4.    Doing the dirty work: it then proceeds to encrypt the user’s files using the key obtained from the attacker’s server.

5.    Making some noise: ransomware displays ransom notices and links that allow the victim to access websites accepting payment in Bitcoins.

Protect against Rensomware

1. Backup Your Data

This can’t be overemphasized. Make sure your files are saved and backed up beyond the desktop. A simple step is to save files in a network folder as well as on a simple external hard drive. Just make sure that the hard drive doesn’t remain connected to your workstation, as it will remain vulnerable to attack as well.

2. Embrace the Cloud

Backing up your files with a cloud provider is an ideal solution to combat the threat of ransomware. The provider stores your data on their servers in a secure data center. You can access said files any time from anywhere, as long as you have an Internet connection. A qualified IT provider will have his or her own security measures in place to ensure that your data is properly backed up and safe.

You also have to be vigilant about keeping the threats out of your system in the first place. That starts with making smart choices, for instance…

3. DO NOT Open Attachments if you Don’t Know the Source

The most common avenue for malware like this to infect a network is through downloading an email attachment. Sometimes it’s masked as an urgent message, a voicemail message, a fax, or even a joke. If you decide to open a file from someone you don’t know, the joke could be on you in the form of a pink slip. Find out for sure if any attachment is legit before you even think about opening it.

5. Content Filtering

A qualified IT service provider can work with you to find a content filtering solution that works best for you and your organization. For instance, even if you don’t want to completely restrict employee access to certain websites, we can implement a solution where interaction alone will be restricted.

6. Use Protection

It’s important to make sure all of your anti-virus software is up to date. As viruses are created and unleashed on the public, they can slip past anti-virus software until a “patch” is created that combats that specific virus. It’s like a never-ending game between the virus creators and the virus fighters. Those threats that are yet unknown to anti-virus software are known as Zero-Day Viruses, and leave systems vulnerable until a patch is created and implemented. Some modern browsers also offer add-ons that effectively combat ransomware by keeping scripts from running automatically.

Related Questions

Navigate

• Browse (All)
• Browse O
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.