DIGITAL SECURITY

LESSON 6

Digital security risk is any event or action that could cause a loss of or damage to computer or mobile
device hardware, software, data, information, or processing capability.

Any illegal act involving the use of a computer or related devices generally is referred to as a computer
crime. The term cybercrime refers to online or Internet-based illegal acts such as distributing malicious
software or committing identity theft. Software used by cybercriminals sometimes is called crimeware.

Perpetrators of cybercrime typically fall into one of these basic categories: hacker, cracker, script kiddie,
corporate spy, unethical employee, cyber-extortionist, and cyberterrorist.

• The term hacker, although originally a complimentary word for a computer enthusiast, now has a
derogatory meaning and refers to someone who accesses a computer or network illegally. Some
hackers claim the intent of their security breaches is to improve security.
• A cracker also is someone who accesses a computer or network illegally but has the intent of
destroying data, stealing information, or other malicious action. Both hackers and crackers have
advanced computer and network skills.
• A script kiddie has the same intent as a cracker but does not have the technical skills and
knowledge. Script kiddies often use prewritten hacking and cracking programs to break into
computers and networks.
• Some corporate spies have excellent computer and networking skills and are hired to break into a
specific computer and steal its proprietary data and information, or to help identify security risks in
their own organization. Unscrupulous companies hire corporate spies, a practice known as
corporate espionage, to gain a competitive advantage.
• A cyber-extortionist is someone who demands payment to stop an attack on an organization’s
technology infrastructure.
• A cyberterrorist is someone who uses the Internet or network to destroy or damage computers for
political reasons. The term, cyberwarfare, describes an attack whose goal ranges from disabling a
government’s computer network to crippling a country. Cyberterrorism and cyberwarfare usually
require a team of highly skilled individuals, millions of dollars, and several years of planning.

INTERNET AND NETWORK ATTACKS

Malware, short for malicious software, consists of programs that act without a user’s knowledge and
deliberately alter the operations of computers and mobile devices.

Malware can deliver its payload, or destructive event or prank, on a computer or mobile device in a
variety of ways, such as when a user opens an infected file, runs an infected program, connects an
unprotected computer or mobile device to a network, or when a certain condition or event occurs, such
as the computer’s clock changing to a specific date.

Common Types of Malware

 • Virus
A potentially damaging program that affects, or infects, a computer or mobile device negatively
by altering the way the computer or device works without the user’s knowledge or permission.

Page | 1
• Worm
A program that copies itself repeatedly, for example in memory or on a network, using up resources
and possibly shutting down the computer, device, or network.

• Trojan horse
A program that hides within or looks like a legitimate program. Unlike a virus or worm, a trojan horse
does not replicate itself to other computers or devices.

• Rootkit
A program that hides in a computer or mobile device and allows someone from a remote location
to take full control of the computer or device.

• Spyware
A program placed on a computer or mobile device without the user’s knowledge that secretly
collects information about the user and then communicates the information it collects to some
outside source while the user is online.

• Adware
A program that displays an online advertisement in a banner, pop-up window, or pop-under
window on webpages, email messages, or other Internet services.

A botnet, or zombie army, is a group of compromised computers or mobile devices connected to a

network, such as the Internet, that are used to attack other networks, usually for nefarious purposes. A
compromised computer or device, known as a zombie, is one whose owner is unaware the computer or
device is being controlled remotely by an outsider.

A bot is a program that performs a repetitive task on a network. Cybercriminals install malicious bots on
unprotected computers and devices to create a botnet. The perpetrator then uses the botnet to send
spam via email, spread viruses and other malware, or commit a distributed denial of service attack.

A Denial-of-Service attack (DoS attack) is an assault whose purpose is to disrupt computer access to an
Internet service, such as the web or email. A more devastating type of DoS attack is the Distributed DoS
attack (DDoS attack) in which a zombie army is used to attack computers or computer networks.

A back door is a program or set of instructions in a program that allows users to bypass security controls
when accessing a program, computer, or network.

Spoofing is a technique that intruders use to make their network or Internet transmission appear legitimate
to a victim computer or network. Two common types of spoofing schemes are IP and email spoofing.

• IP spoofing occurs when an intruder computer fools a network into believing its IP address is
associated with a trusted source.
 • Email spoofing occurs when the sender’s address or other components of an email header are
altered so that it appears that the email message originated from a different sender.

Page | 2

Safeguards against Internet and Network Attacks

It is impossible to ensure a virus or malware never will attack a computer, but you can take steps to protect
your computer by following these practices:

• Use virus protection software. Install a reputable antivirus program and then scan the entire
computer to be certain it is free of viruses and other malware. Update the antivirus program and
the virus signatures (known specific patterns of viruses) regularly.

• Use a firewall. Set up a hardware firewall or install a software firewall that protects your network’s
resources from outside intrusions.

• Be suspicious of all unsolicited email and text messages. Never open an email message unless you
are expecting it, and it is from a trusted source.

• Disconnect your computer from the Internet . If you do not need Internet access, disconnect the
computer from the Internet. Some security experts recommend disconnecting from the computer
network before opening email attachments.

• Download software with caution. Download programs or apps only from websites you trust,
especially those with music and video sharing software.
 • Close spyware windows. If you suspect a pop-up or pop-under window may be spyware, close the
window. Never tap or click an Agree or OK button in a suspicious window.

• Before using any removable media, scan it for malware . Follow this procedure even for shrink
wrapped software from major developers. Never start a computer with removable media inserted
in the computer unless you are certain the media are uninfected.

• Keep current. Install the latest updates for your computer software. Stay informed about new virus
alerts and virus hoaxes.

• Back up regularly. In the event your computer becomes unusable due to a virus attack or other
malware, you will be able to restore operations if you have a clean (uninfected) backup.

Page | 3
A firewall is hardware and/or software that protects a network’s resources from intrusion by users on
another network, such as the Internet. All networked and online users should implement a firewall solution.

Large organizations often route all their communications through a proxy server, which typically is a
component of the firewall. A proxy server is a server outside the organization’s network that controls which
communications pass in and out of the organization’s network.

A personal firewall is a software firewall that detects and protects a personal computer and its data from
unauthorized intrusions. Some small/home office users purchase a hardware firewall, such as a router or
other device that has a built-in firewall, in addition to or instead of a personal firewall. Hardware firewalls
stop malicious intrusions before they attempt to affect your computer or network.

UNAUTHORIZED ACCESS AND USE

Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of
a computer or its data for unapproved or possibly illegal activities.

Safeguards against Unauthorized Access and Use

Organizations take several measures to help prevent unauthorized access and use. At a minimum, they
should have a written Acceptable Use Policy (AUP) that outlines the activities for which the computer and
network may and may not be used.

An access control is a security measure that defines who can access a computer, device, or network;
when they can access it; and what actions they can take while accessing it. In addition, the computer,
device, or network should maintain an audit trail that records in a file both successful and unsuccessful
access attempts.

A user name — also called a user ID (identification), log on name, or sign in name — is a unique
combination of characters, such as letters of the alphabet or numbers, that identifies one specific user. A
password is a private combination of characters associated with the user name that allows access to
certain computer resources.
Instead of passwords, some organizations use passphrases to authenticate users. A passphrase is a private
combination of words, often containing mixed capitalization and punctuation, associated with a user
name that allows access to certain computer resources.

A PIN (Personal Identification Number), sometimes called a passcode, is a numeric password, either
assigned by a company or selected by a user. PINs provide an additional level of security.

Some websites use a CAPTCHA, which

stands for Completely Automated Public
Turing test to tell Computers and Humans
Apart. A CAPTCHA is a program developed
at Carnegie Mellon University that displays
an image containing a series of distorted
characters for a user to identify and enter in
order to verify that user input is from humans
and not computer programs.

Page | 4
A possessed object is any item that you must possess, or carry with you, in order to gain access to a
computer or computer facility.

A biometric device authenticates a person’s identity by translating a personal characteristic, such as a

fingerprint, into a digital code that is compared with a digital code stored in a computer or mobile device
verifying a physical or behavioral characteristic.

• A fingerprint reader, or fingerprint scanner, captures curves and indentations of a fingerprint • A

face recognition system captures a live face image and compares it with a stored image to
determine if the person is a legitimate user.
• Hand Geometry System measures the shape and size of a person’s hand
• A Voice Verification System compares a person’s live speech with their stored voice pattern. • A
Signature Verification System recognizes the shape of your handwritten signature, as well as measures
the pressure exerted and the motion used to write the signature.
• High security areas use Iris Recognition Systems. The camera in an iris recognition system uses iris
recognition technology to read patterns in the iris of the eye.

In an attempt to further protect personal data and information from online thieves, many organizations
such as financial institutions or universities that store sensitive or confidential items use a two-step
verification process. With two-step verification, also known as two-factor verification, a computer or
mobile device uses two separate methods, one after the next, to verify the identity of a user.

Digital forensics, also called cyberforensics, is the discovery, collection, and analysis of evidence found on
computers and networks.
Page | 5