Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 10 Online Security - Coggle Diagram
Chapter 10
Online Security
Computer security
Physical security
= tangible protection devices
Logical security
= Protection of assets using nonphysical
The protection of assets from unauthorized access, use, alteration, or destruction.
Threat
= any act / object posing danger to computer assets
Countermeasure
= Procedure tht recognizes, reduces, or eliminates a threat.
Eavesdropper
=a person / devises tht can listen in on and copy Internet transmissions
Crackers / hackers
= people who write programs / manipulated technologies to obtain unauthorized access to computers and networks
White hat hacker
(good hackers)
Black hat hacker
(bad hackers)
Elements of
Computer Security
Secrecy
= protecting against unauthorized data disclosure and ensuring the authenticity of the data source
Integrity
= preventing unauthorized data modification
man-in-the-middle exploit
= e-mail often altered in a way tht changes the message’s original meaning
Necessity
= preventing data delays (removal)
Establishing a security policy
Security policy
=
why they being protected
,
who is responsible for tht protection
,
which behaviours are acceptable
, and
which are not
Cookies and Web Bugs
Stateless connection
= (open session) maintained btw the client and the server
Two ways of categorizing cookies
Time duration
Session cookies
= exist until client connection ends
Persistent cookies
= remain indefinitely
Cookie sources
first-party cookies
= web server site places them on client computer
Third-party cookies
= different web site places them on client computer
Web bug
= tiny graphic tht third-party Web site places on another site's Web page
Active Content
Scripting language
= provide executable script
exp:
JavaScript
and
VBScript
Applet
= small application program
Trojan horse
= program hidden inside another program / Web page tht masks its true purpose.
Zombie
(Trojan horse)= secretly takes over another computer 4 the purpose of launching attacks on other computers.
Botnet (robotic network, zombie farm)
= all controlled computers act as an attacking unit
ActiveX
control= an object tht contains programs & properties tht Web designers place on Web pages to perform particular tasks
Viruses, Worms, and Antivirus Software
Worm
= type of virus tht replicate itself on the computers tht it infects & can spread quickly through the Internet
macro virus
= virus tht is coded as a small program & embedded in a file formatted 4 use in a program such as
Microsoft Word or Excel
ILOVEYOU virus
= searched 4 others passwords & forwarded tht information to the original perpetrator
Antivirus software
= detected virus & worms and either deletes them or isolates them on the client computer so they cannot run
Digital certificate (digital ID)
= an attachment to an e-mail's sender or the Web site
Signed code
= serves a photo on a driver's license or passport
Certification authority (CA)
= applying for digital certificates to supply appropriate proof of identity
key
= long binary number tht used with the encryption algorithm to lock the characters of the message being protected
Secure Sockets Layer-Extended Validation (SSL-EV) digital certificate
= Issued aft more extensive verification confirmed
Steganography
= Hiding information within another piece of information
Al Qaeda
= used steganography to hide attack orders