Security

© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco PublicITE PC v4.1 Chapter5 1

Security

ITE PC v4.1 Chapter 5 2© 2007-2010 Cisco Systems, Inc. All rights reserved. Cisco Public

Test

• December 13• Binary Numbers• Computer Networks• Internet Protocols• Security


Security Threats

• Data Security• Viruses• Worms• Trojans


Security Threats

• Viruses• Virus is a program written with malicious intent and sent out by attackers

• The virus is transferred to another computer through e-mail, file transfers, and instant messaging

• It hides by attaching itself to a file on the computer.

• When the file is accessed, the virus executes and infects the computer


Security Threats

• Viruses

• Keystroke Recording• Used to record passwords and credit card numbers


Security Threats

• Famous Virus

• ILOVEYOU (2000)

• Disguised itself as a text file in an email which, when opened, would automatically send itself to every contact in a users address book

• Caused billions in lost business


Security Threats

• Worms

• Do not rely on humans

• Are not attached to programs that need to be opened

• Copies itself and sends its copies throughout a computer network (such as the internet)


Security Threats

• Famous Worm

• Code Red (July 2001)

• Named after “Code Red” Mountain Dew

• Spread to web servers and changed website to:• HELLO! Welcome to http://www.worm.com! Hacked By Chinese!

• Became a meme…

•Also launched DDoS attacks


Security Threats

• Trojans

• Appear to do one thing, really do another

• Often disguised as useful hardware

• Technically a type of worm


Security Threats

• Spam• Junk e-mail

• Often advertising

• May contain links to viruses, infected sites, or popups


TCP/IP Attacks

•TCP/IP

• The protocol used to control all of the communications on the internet

• Common Attacks• DoS• DDoS• Spoofing


TCP/IP Attacks

• Denial of Service (DoS) Attacks• Prevent users from accessing servers• Server is too busy, overloads, ceases to operate• Types:

• Ping of Death: Repeated, larger than normal pings• E-Mail Bomb: Large quantity of email that overloads e-mail server

•Distributed Denial of Service (DDoS)•Uses infected computers, called zombies


TCP/IP Attacks

•Spoofing• A person or program impersonates another with false data

• Phishing Scams• Legitimate webpage is reproduced on another server under attacker’s control• Used to harvest usernames and passwords

•E-mail Spoofing• False sender information


Data Protection

•Password Protection•Two Levels

• BIOS• Operating system will not boot• BIOS cannot be changed

• Login• Prevent access to computer and network


Data Protection

•Password Protection• Password Security

• NOT 123456• Rules

• Passwords should expire• Mixture of letters and numbers• DO NOT WRITE THEM DOWN• Do not use the same password for everything• Longer is better… for passwords, pervert


Data Protection

•Password Protection• Smartcards

• Plastic card, needs to be swiped

• Biometric Security• Fingerprint• Retinal scan, etc.


Data Protection

•Wireless Security

• What IS the difference between:• Wired equivalent privacy• Wi-fi protected access• Wi-fi protected access 2• Lightweight extensible authentication protocol

Documents

Security