Security

© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco PublicITE PC v4.1 Chapter5 1

Security

ITE PC v4.1 Chapter 5 2© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

Test

• December 13• Binary Numbers• Computer Networks• Internet Protocols• Security

ITE PC v4.1 Chapter 5 3© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

Security Threats

• Data Security• Viruses• Worms• Trojans

ITE PC v4.1 Chapter 5 4© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

Security Threats

• Viruses• Virus is a program written with malicious intent and sent out by attackers

• The virus is transferred to another computer through e-mail, file transfers, and instant messaging

• It hides by attaching itself to a file on the computer.

• When the file is accessed, the virus executes and infects the computer

ITE PC v4.1 Chapter 5 5© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

Security Threats

• Viruses

• Keystroke Recording• Used to record passwords and credit card numbers

ITE PC v4.1 Chapter 5 6© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

Security Threats

• Famous Virus

• ILOVEYOU (2000)

• Disguised itself as a text file in an email which, when opened, would automatically send itself to every contact in a users address book

• Caused billions in lost business

ITE PC v4.1 Chapter 5 7© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

Security Threats

• Worms

• Do not rely on humans

• Are not attached to programs that need to be opened

• Copies itself and sends its copies throughout a computer network (such as the internet)

ITE PC v4.1 Chapter 5 8© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

Security Threats

• Famous Worm

• Code Red (July 2001)

• Named after “Code Red” Mountain Dew

• Spread to web servers and changed website to:• HELLO! Welcome to http://www.worm.com! Hacked By Chinese!

• Became a meme…

•Also launched DDoS attacks

ITE PC v4.1 Chapter 5 9© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

Security Threats

• Trojans

• Appear to do one thing, really do another

• Often disguised as useful hardware

• Technically a type of worm

ITE PC v4.1 Chapter 5 10© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

Security Threats

• Spam• Junk e-mail

• Often advertising

• May contain links to viruses, infected sites, or popups

ITE PC v4.1 Chapter 5 11© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

TCP/IP Attacks

•TCP/IP

• The protocol used to control all of the communications on the internet

• Common Attacks• DoS• DDoS• Spoofing

ITE PC v4.1 Chapter 5 12© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

TCP/IP Attacks

• Denial of Service (DoS) Attacks• Prevent users from accessing servers• Server is too busy, overloads, ceases to operate• Types:

• Ping of Death: Repeated, larger than normal pings• E-Mail Bomb: Large quantity of email that overloads e-mail server

•Distributed Denial of Service (DDoS)•Uses infected computers, called zombies

ITE PC v4.1 Chapter 5 13© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

TCP/IP Attacks

•Spoofing• A person or program impersonates another with false data

• Phishing Scams• Legitimate webpage is reproduced on another server under attacker’s control• Used to harvest usernames and passwords

•E-mail Spoofing• False sender information

ITE PC v4.1 Chapter 5 14© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

Data Protection

•Password Protection•Two Levels

• BIOS• Operating system will not boot• BIOS cannot be changed

• Login• Prevent access to computer and network

ITE PC v4.1 Chapter 5 15© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

Data Protection

•Password Protection• Password Security

• NOT 123456• Rules

• Passwords should expire• Mixture of letters and numbers• DO NOT WRITE THEM DOWN• Do not use the same password for everything• Longer is better… for passwords, pervert

ITE PC v4.1 Chapter 5 16© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

Data Protection

•Password Protection• Smartcards

• Plastic card, needs to be swiped

• Biometric Security• Fingerprint• Retinal scan, etc.

ITE PC v4.1 Chapter 5 17© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

Data Protection

•Wireless Security

• What IS the difference between:• Wired equivalent privacy• Wi-fi protected access• Wi-fi protected access 2• Lightweight extensible authentication protocol