Introduction to Computing

 
Chapter 5

Computer Application in Society

Chapter 5

Internet Security
 
Introduction

As more people today are engage on using the internet, the number of people who is vulnerable
in threats could also grow. In Philippines alone, an average Filipino spend 10 hours or more each
day online. Sharing, storing, and gathering information through the internet is crucial that the
user must take measures to protect their private and important data.

To understand the risk and threats concerning the internet, this module will discuss it thoroughly.
Varied activities are also provided at the end.

Specific Objectives

At the end of the lesson, the students should be able to:

- Describe various types of Internet and network attacks

- Discuss techniques to prevent unauthorized computer access and use
- Identify safeguards against hardware theft and vandalism
- Explain the ways to protect against software theft and information theft

Duration

Chapter 5: Internet Security = 3 hours

(2 hours discussion; 1 hours
assessment)
Lesson Proper

Internet and network attacks

Information transmitted over networks has a higher degree of security risk than information kept
on an organization’s premises. In an organization, network administrators usually take measures
to protect a network from security risks. On the Internet, where no central administrator is
present, the security risk is greater. Internet and network attacks that jeopardize security include
computer viruses, worms, Trojan horses, and rootkits; botnets; denial of service attacks; back
doors; and spoofing. The following sections address these computer security risks and suggest
measures organizations and individuals can take to protect their computers while on the Internet
or connected to a network.

● Computer Viruses, Worms, Trojan Horses, and Rootkits Every unprotected computer
is susceptible to the first type of computer security risk — a computer virus, worm,
Trojan horse, and/or rootkit.

• A computer virus is a potentially damaging computer program that affects, or infects, a

computer negatively by altering the way the computer works without the user’s
knowledge or permission. Once the virus infects the computer, it can spread throughout
and may damage files and system software, including the operating system.

• A worm is a program that copies itself repeatedly, for example in memory or on a

network, using up resources and possibly shutting down the computer or network.

• A Trojan horse (named after the Greek myth) is a program that hides within or looks
like a legitimate program. A certain condition or action usually triggers the Trojan horse.
Unlike a virus or worm, a Trojan horse does not replicate itself to other computers.

• A rootkit is a program that hides in a computer and allows someone from a remote
location to take full control of the computer. Once the rootkit is installed, the rootkit
author can execute programs, change settings, monitor activity, and access files on the
remote computer.

Computer viruses, worms, Trojan horses, and rootkits are classified as malware (short for
malicious software), which are programs that act without a user’s knowledge and
deliberately alter the computer’s operations. Unscrupulous programmers write malware
and then test it to ensure it can deliver its payload. The payload is the destructive event or
prank the program is intended to deliver. A computer infected by a virus, worm, Trojan
horse, or rootkit often has one or more of the following symptoms:

• Operating system runs much slower than usual

• Available memory is less than expected
• Files become corrupted
 • Screen displays unusual message or image
• Unknown programs or files mysteriously appear
• Music or unusual sound plays randomly
• Existing programs and files disappear
• Programs or files do not work properly
• System properties change
• Operating system does not start up
• Operating system shuts down unexpectedly

Figure This figure shows how a virus could spread.

● Safeguards against Computer Viruses and Other Malware

Using an antivirus is essential when trying to keep your computer healthy and free from
viruses. Computers are an incredible technology that many of us use every day of our
lives. However, they’re prone to viruses and malware that could harm our files and steal
our personal data, such as banking details and social security information. If you’re in the
market for some extra security, here are 8 ways to protect your computer from viruses.

1. Install an Antivirus
There are many antivirus programs available, all ranging in price as the level of security
increases. Installing the best antivirus is no easy task, and sometimes it may be safer for
us to download more than one if they each cover different security aspects.
It can be said that there’s no need for antivirus as long as we don’t access the internet
from our PC. This is, however, not necessarily true, as we can carry viruses between
systems on USB sticks. It’s crucial to remember that you don’t have to spend a lot
money, or any money at all, to have a safe and secure computer.

2. Keep Your Software up to Date

All computer operating systems receive frequent updates that enhance individual
features. These updates also include security measures that keep our computers safe from
the latest batch of viruses and malware cooked up by hackers.

We need to ensure that updates are notified or set to download and install automatically.
Be warned, these installations can be time-consuming, especially if there are significant
changes and security measures that change how the system handles various data.

3. Backup Your Computer

Sometimes we’re unable to delete a virus or malware off our computers, and when this
happens, we’ll need to remove some of our data. Occasionally, file corruption from
harmful code may mean we have to reformat our hard drives.

Without a backup, there’s no way to recover any lost data. This is even more critical
since hard drives may accidentally corrupt themselves and cost us our files. However, a
backup that contains the virus and malicious code will only repeat the issues we’ve
experienced until we don’t back up the malware.

There are three basic options for storing your backup: external hard drives, online
storage, and cloud storage. Sites such as Google Drive offer free cloud storage for a
limited amount of space.

4. Use a Strong Password

A password is the first line of defense that protects our accounts from anyone trying to
gain unauthorized access into them. Once someone’s into an account, they can steal data
or place harmful content into cloud storage that may automatically update to the
computer.

A strong password is complex and often does not relate to ourselves in any way. The
most common passwords that are easily guessed are “password,” 123456, and 12345678.
Using the same login details for every website or app leaves us vulnerable to an attack
even if just one account is illegally accessed.

5. Watch the Downloads

Websites can be sneaky when they’re loaded with malware and suspicious content. If a
download starts that we didn’t authorize, we should immediately cancel it and exit the
web page as it’s likely to be filled with more malicious code.
 If we use an outdated browser such as Internet Explorer, we need to ensure that the
security setting is on at least medium, if not more, to prevent any unwanted code from
accessing our system. Otherwise, there’s a chance that downloads may occur in the
background without alerting us.

6. Install an Ad-block
Online pop-up advertisements can often lead to sketchy websites that steal our data and
install viruses. It’s often easier said than done when trying to avoid these, unless we
download a reliable ad-blocker that stops us from seeing them all together.

It’s easy to find find free ad-blockers and various paid ones. The difference in price
generally relates to how well it functions. We should be careful when browsing the web
even if we have an active ad-block on since many sites prevent entry unless the extension
or app is disabled.

7. Run a Virus Scan Often

As great as all our ad-block and antivirus software is, there’s still potential to download a
virus or install malware. As a result, we must run a virus scan at least on a weekly basis
to prevent or minimize the damage done by malicious coding. This can be done moments
before we backup to ensure we have no harmful files.

8. Avoid Suspicious Links

Links can be a dangerous thing, especially when they’re from an unknown source. A
common trick that’s still used today is sending phishing emails that link to harmful
websites that may install a virus or steal our data. Being careful about what we click on
will save us from many potential threats.

● Botnets

A botnet is a group of compromised computers connected to a network such as the

Internet that are used as part of a network that attacks other networks, usually for
nefarious purposes. A compromised computer, known as a zombie, is one whose owner is
unaware the computer is being controlled remotely by an outsider. Cybercriminals use
botnets to send spam via e-mail, spread viruses and other malware, or commit a denial of
service attack.

● Denial of Service Attacks

A denial of service attack, or DoS attack, is an assault whose purpose is to disrupt

computer access to an Internet service such as the Web or e-mail. Perpetrators carry out a
DoS attack in a variety of ways. For example, they may use an unsuspecting computer to
send an influx of confusing data messages or useless traffic to a computer network. The
victim computer network slows down considerably and eventually becomes unresponsive
or unavailable, blocking legitimate visitors from accessing the network. Perpetrators have
a variety of motives for carrying out a DoS attack. Those who disagree with the beliefs or
actions of a particular organization claim political anger motivates their attacks. Some
 perpetrators use the attack as a vehicle for extortion. Others simply want the recognition,
even though it is negative.

● Back Doors

A back door is a program or set of instructions in a program that allow users to bypass
security controls when accessing a program, computer, or network. Once perpetrators
gain access to unsecure computers, they often install a back door or modify an existing
program to include a back door, which allows them to continue to access the computer
remotely without the user’s knowledge.

● Spoofing

Spoofing is a technique intruders use to make their network or Internet transmission

appear legitimate to a victim computer or network. E-mail spoofing occurs when the
sender’s address or other components of the e-mail header are altered so that it appears
the e-mail originated from a different sender. E-mail spoofing commonly is used for virus
hoaxes, spam, and phishing scams. IP spoofing occurs when an intruder computer fools a
network into believing its IP address is associated with a trusted source. Perpetrators of
IP spoofing trick their victims into interacting with a phony Web site.

● Safeguards against Botnets, DoS Attacks, Back Doors, and Spoofing

To defend against botnets, DoS attacks, improper use of back doors, and spoofing, users
can implement firewall solutions and install intrusion detection software. The following
sections discuss these safeguards.

A firewall is hardware and/or software that protects a network’s resources from intrusion
by users on another network such as the Internet. All networked and online computer
users should implement a firewall solution.
 Figure This figure shows how firewall works in your computer.

● Intrusion Detection Software

To provide extra protection against hackers and other intruders, large organizations
sometimes use intrusion detection software to identify possible security breaches.
Intrusion detection software automatically analyzes all network traffic, assesses system
vulnerabilities, identifies any unauthorized access (intrusions), and notifies network
administrators of suspicious behavior patterns or system breaches. To utilize intrusion
detection software requires the expertise of a network administrator because the programs
are complex and difficult to use and interpret. These programs also are quite expensive.

Unauthorized Access and Use

Another type of computer security risk is unauthorized access and use. Unauthorized access is
the use of a computer or network without permission. Unauthorized use is the use of a computer
or its data for unapproved or possibly illegal activities. Unauthorized use includes a variety of
activities: an employee using an organization’s computer to send personal e-mail messages, an
employee using the organization’s word processing software to track his or her child’s soccer
league scores, or someone gaining access to a bank computer and performing an unauthorized
transfer.

● Safeguards against Unauthorized Access and Use

Organizations take several measures to help prevent unauthorized access and use. At a
minimum, they should have a written acceptable use policy (AUP) that outlines the
computer activities for which the computer and network may and may not be used. An
organization’s AUP should specify the acceptable use of computers by employees for
personal reasons. Some organizations prohibit such use entirely. Others allow personal
use on the employee’s own time such as a lunch hour.
 Other measures that safeguard against unauthorized access and use include firewalls and
intrusion detection software, which were discussed in the previous section, and
identifying and authenticating users.

● Identifying and Authenticating Users

Many organizations use access controls to minimize the chance that a perpetrator
intentionally may access or an employee accidentally may access confidential
information on a computer. An access control is a security measure that defines who can
access a computer, when they can access it, and what actions they can take while
accessing the computer. In addition, the computer should maintain an audit trail that
records in a file both successful and unsuccessful access attempts. An unsuccessful
access attempt could result from a user mistyping his or her password, or it could result
from a hacker trying thousands of passwords.

Organizations should investigate unsuccessful access attempts immediately to ensure

they are not intentional breaches of security. They also should review successful access
for irregularities, such as use of the computer after normal working hours or from remote
computers.

Many systems implement access controls using a two-phase process called identification
and authentication. Identification verifies that an individual is a valid user. Authentication
verifies that the individual is the person he or she claims to be. Three methods of
identification and authentication include user names and passwords, possessed objects,
and biometric devices. The technique(s) an organization uses should correspond to the
degree of risk associated with the unauthorized access.

User Names and Passwords

A user name, or user ID (identification), is a unique combination of characters, such as

letters of the alphabet or numbers, that identifies one specific user. A password is a
private combination of characters associated with the user name that allows access to
certain computer resources

Possessed Objects

A possessed object is any item that you must carry to gain access to a computer or
computer facility. Examples of possessed objects are badges, cards, smart cards, and
keys. The card you use in an automated teller machine (ATM) is a possessed object that
allows access to your bank account.

Possessed objects often are used in combination with personal identification numbers. A
personal identification number (PIN) is a numeric password, either assigned by a
company or selected by a user. PINs provide an additional level of security. An ATM
card typically requires a four-digit PIN. PINs are passwords. Select them carefully and
protect them as you do any other password.
 Biometric Devices

A biometric device authenticates a person’s identity by translating a personal

characteristic, such as a fingerprint, into a digital code that is compared with a digital
code stored in the computer verifying a physical or behavioral characteristic. If the digital
code in the computer does not match the personal char ac teristic code, the computer
denies access to the individual.

Digital Forensics

Digital forensics, also called computer forensics, network forensics, or cyberforensics, is

the discovery, collection, and analysis of evidence found on computers and networks.
Digital forensics involves the examination of computer media, programs, data and log
files on computers, servers, and networks. Many areas use digital forensics, including law
enforcement, criminal prosecutors, military intelligence, insurance agencies, and
information security departments in the private sector.

Hardware Theft and Vandalism

Hardware theft and vandalism are other types of computer security risks. Hardware theft
is the act of stealing computer equipment. Hardware vandalism is the act of defacing or
destroying computer equipment. Hardware vandalism takes many forms, from someone
cutting a computer cable to individuals breaking into a business or school computer lab
and aimlessly smashing computers. Companies, schools, and other organizations that
house many computers are at risk of hardware theft and vandalism, especially those that
have smaller system units that easily can fit in a backpack or briefcase. Mobile users also
are susceptible to hardware theft. It is estimated that more than 600,000 notebook
computers are stolen each year. The size and weight of these computers, especially
netbooks, make them easy to steal.

● Safeguards against Hardware Theft and Vandalism

To help reduce the chances of theft, companies and schools use a variety of security
measures. Physical access controls, such as locked doors and windows, usually are
adequate to protect the equipment. Many businesses, schools, and some homeowners
install alarm systems for additional security. School computer labs and other areas with a
large number of semifrequent users often attach additional physical security devices such
as cables that lock the equipment to a desk (Figure 10-9), cabinet, or floor. Small locking
devices also exist that require a key to access a hard disk or optical disc drive.

Some businesses use a real time location system (RTLS) to track and identify the location
of high-risk or high-value items. One implementation of RTLS places RFID tags in items
to be tracked.
 Mobile computer users must take special care to protect their equipment. Some users
attach a physical device such as a cable to lock a mobile computer temporarily to a
stationary object. Other mobile users install a mini-security system in the notebook
computer. Some of these security systems shut down the computer and sound an alarm if
the computer moves outside a specified distance. Others can be configured to photograph
the thieves when they use the computer. Notebook computer security systems and
tracking software also can track the location of a stolen notebook computer.

Some notebook computers use passwords, possessed objects, and biometrics as methods
of security. When you start these computers, you must enter a password, slide a card in a
card reader, or press your finger on a fingerprint reader before the hard disk unlocks. This
type of security does not prevent theft, but it renders the computer useless if it is stolen.

Software Theft

Another type of computer security risk is software theft. Software theft occurs when
someone steals software media, intentionally erases programs, illegally copies a program,
or illegally registers and/or activates a program. One form of software theft involves
someone physically stealing the media that contain the software or the hardware that
contains the media, as described in the previous section. Another form of software theft
occurs when software is stolen from software manufacturers. This type of theft, called
piracy, is by far the most common form of software theft. Software piracy is the
unauthorized and illegal duplication of copyrighted software. A related form of software
theft involves users illegally obtaining registration numbers and/or activation codes.

● Safeguards against Software Theft

To protect software media from being stolen, owners should keep original software boxes
and media in a secure location. All computer users should back up their files and disks
regularly, in the event of theft.

To protect themselves from software piracy, software manufacturers issue users license
agreements. A license agreement is the right to use the software. That is, you do not own
the software. The license agreement provides specific conditions for use of the software,
which a user must accept before using the software (Figure 10-10). These terms usually
are displayed when you install the software

The most common type of license included with software purchased by individual users
is a single-user license agreement, also called an end-user license agreement (EULA). A
single-user license agreement typically includes many of the following conditions that
specify a user’s responsibility upon acceptance of the agreement.

Users are permitted to:

• Install the software on only one computer. (Some license agreements allow users to
install the software on one desktop computer and one notebook computer.)
 • Make one copy of the software as a backup.
• Give or sell the software to another individual, but only if the software is removed from
the user’s computer first. Users are not permitted to:
• Install the software on a network, such as a school computer lab.
• Give copies to friends and colleagues, while continuing to use the software.
• Export the software.
• Rent or lease the software.

Unless otherwise specified by a license agreement, you do not have the right to copy,
loan, borrow, rent, or in any way distribute software. Doing so is a violation of copyright
law. It also is a federal crime. Despite this, some experts estimate for every authorized
copy of software in use, at least one unauthorized copy exists. Read Ethics & Issues 10-1
for a related discussion.

In an attempt to prevent software piracy, Microsoft and other manufacturers have

incorporated an activation process into many of its consumer products. During the
product activation, which is conducted either online or by telephone, users provide the
software product’s 25-character identification number to receive an installation
identification number unique to the computer on which the software is installed.

If you are not completely familiar with your school or employer’s policies governing
installation of software, check with the information technology department or your
school’s technology coordinator

Software Theft

Information theft is yet another type of computer security risk. Information theft occurs
when someone steals personal or confidential information. An unethical company
executive may steal or buy stolen information to learn about a competitor. A corrupt
individual may steal credit card numbers to make fraudulent purchases.

● Safeguards against Information Theft

Most companies attempt to prevent information theft by implementing the user

identification and authentication controls discussed earlier in this chapter. These controls
are best suited for protecting information on computers located on an organization’s
premises. Information transmitted over networks offers a higher degree of risk because
unscrupulous users can intercept it during transmission. To protect information on the
Internet and networks, companies and individuals use a variety of encryption techniques.

● Encryption

Encryption is the process of converting readable data into unreadable characters to

prevent unauthorized access. You treat encrypted data just like any other data. That is,
you can store it or send it in an e-mail message. To read the data, the recipient must
decrypt, or decipher, it into a readable form.
 In the encryption process, the unencrypted, readable data is called plaintext. The
encrypted (scrambled) data is called ciphertext. An encryption algorithm is a set of steps
that can convert readable plaintext into unreadable ciphertext. An encryption key is a
programmed formula that the originator of the data uses to encrypt the plaintext and the
recipient of the data uses to decrypt the ciphertext.

Security failure

A security breach is any incident that results in unauthorized access to computer data,
applications, networks or devices. It results in information being accessed without authorization.
Typically, it occurs when an intruder is able to bypass security mechanisms.

How Data Breaches Happen

Data breaches can be far more than a temporary terror — they may change the course of
your life. Businesses, governments, and individuals alike can experience huge complications
from having sensitive information exposed. Whether you are offline or online, hackers can get to
you through the internet, Bluetooth, text messages, or the online services that you use.

What is a Data Breach?

To define data breach: a data breach exposes confidential, sensitive, or protected information to
an unauthorized person. The files in a data breach are viewed and/or shared without permission.

Anyone can be at risk of a data breach — from individuals to high-level enterprises and
governments. More importantly, anyone can put others at risk if they are not protected.

In general, data breaches happen due to weaknesses in:

● Technology
● User behavior

How do Data Breaches happen?

The assumption is that a data breach is caused by an outside hacker, but that's not always true.
Reasons for how data breaches happen might sometimes be traced back to intentional attacks.
However, it can just as easily result from a simple oversight by individuals or flaws in a
company’s infrastructure.

Here’s how a data breach can occur:

● An Accidental Insider. An example would be an employee using a co-worker's computer

and reading files without having the proper authorization permissions. The access is
unintentional, and no information is shared. However, because it was viewed by an
unauthorized person, the data is considered breached.

● A Malicious Insider. This person purposely accesses and/or shares data with the intent of
causing harm to an individual or company. The malicious insider may have legitimate
authorization to use the data, but the intent is to use the information in nefarious ways.

● Lost or Stolen Devices. An unencrypted and unlocked laptop or external hard drive

anything that contains sensitive information goes missing.

● Malicious Outside Criminals. These are hackers who use various attack vectors to gather
information from a network or an individual.

Malicious Methods used to Breach Data

Since malicious data breaches result from cyberattacks, you should know what to watch for.
Here are some popular methods used by hackers
● Phishing
● Brute Force Attacks
● Malware

Phishing
These social engineering attacks are designed to fool you into causing a data breach.
Phishing attackers pose as people or organizations you trust to easily deceive you. Criminals of
this nature try to coax you into handing over access to sensitive data or provide the data itself.
Brute force attacks. In a more brash approach, hackers might enlist software tools to guess your
passwords.

Brute force attacks

work through all the possibilities for your password until they guess correctly. These
attacks take some time but have become rapid as computer speeds continue to improve. Hackers
even hijack other devices like yours via malware infections to speed up the process. If your
password is weak, it might only take a few seconds to crack it.
 
Malware
Your device’s operating system, software, hardware, or the network and servers you’re
connected to can have security flaws. These gaps in protection are sought out by criminals as the
perfect place to shove malware into. Spyware specifically is ideal for stealing private data while
being completely undetected. You might not find this infection until it’s too late.

What is targeted in Data Breaches?

Although a data breach can be the result of an innocent mistake, real damage is possible if the
person with unauthorized access steals and sells Personally Identifiable Information (PII) or
corporate intellectual data for financial gain or to cause harm.
Malicious criminals tend to follow a basic pattern: targeting an organization for a breach takes
planning. They research their victims to learn where the vulnerabilities are, such as missing or
failed updates and employee susceptibility to phishing campaigns.
Hackers learn a target's weak points, then develop a campaign to get insiders to mistakenly
download malware. Sometimes they go after the network directly.
Once inside, malicious criminals have the freedom to search for the data they want — and lots of
time to do it, as the average breach takes more than five months to detect.

Common vulnerabilities targeted by malicious criminals include the following:

● Weak credentials
 The vast majority of data breaches are caused by stolen or weak credentials. If malicious
criminals have your username and password combination, they have an open door into
your network. Because most people reuse passwords, cybercriminals can use brute force
attacks to gain entrance to email, websites, bank accounts, and other sources of PII or
financial information.
● Stolen credentials
  Breaches caused by phishing are a major security issue and if cyber criminals get
hold of this Personal information, they can use it to access things like your bank and
online accounts.
● Compromised assets (Various malware attacks)
are used to negate regular authentication steps that would normally protect a
computer.
● Payment Card Fraud.
Card skimmers attach to gas pumps or ATMs and steal data whenever a card is
swiped.
● Third-party access
  Although you may do everything possible to keep your network and data secure,
malicious criminals could use third-party vendors to make their way into your system.
● Mobile Devices
 When employees are allowed to bring their own devices (BYOD) into the
workplace, it's easy for unsecured devices to download malware-laden apps that give
hackers to data stored on the device. That often includes work email and files as well as
the owner's PII.

The damage a Data Breach can do

In many cases, data breaches cannot just be patched up with some password changes. The
effects of a data leak can be a lasting issue for your reputation, finances, and more.

For business organizations: a data breach can have a devastating effect on an organization's
reputation and financial bottom line. Organizations such as Equifax, Target, and Yahoo, for
example, have been the victims of a data breach. And today, many people associate/remember
those companies for the data breach incident itself, rather than their actual business operations.

For government organizations: compromised data can mean exposing highly confidential

information to foreign parties. Military operations, political dealings, and details on essential
national infrastructure can pose a major threat to a government and its citizens.

For individuals: identity theft is a major threat to data breach victims. Data leaks can reveal
everything from social security numbers to banking information. Once a criminal has these
details, they can engage in all types of fraud under your name. Theft of your identity can ruin
your credit, pin you with legal issues, and it is difficult to fight back against.

Wireless Security

Wireless network security is the process of designing, implementing and ensuring

security on a wireless computer network. It is a subset of network security that adds protection
for a wireless computer network.

Wireless network security primarily protects a wireless network from unauthorized and
malicious access attempts. Typically, wireless network security is delivered through wireless
devices (usually a wireless router/switch) that encrypts and secures all wireless communication
by default. Even if the wireless network security is compromised, the hacker is not able to view
the content of the traffic/packet in transit. Moreover, wireless intrusion detection and prevention
systems also enable protection of a wireless network by alerting the wireless network
administrator in case of a security breach.
Some of the common algorithms and standards to ensure wireless network security are Wired
Equivalent Policy (WEP) and Wireless Protected Access (WPA).

How Does Wireless Security Work?

 Wireless Security Protocols such as Wired Equivalent Privacy (WEP) and Wi-Fi
Protected Access (WPA) is the authentication security protocols created by the Wireless Alliance
used to ensure wireless security. There are four wireless security protocols currently available.

● Wired Equivalent Privacy (WEP)

● Wi-Fi Protected Access (WPA)
● Wi-Fi Protected Access 2 (WPA 2)
● Wi-Fi Protected Access 3 (WPA 3)

What Are the Types of Wireless Security?

WIRED EQUIVALENT PRIVACY (WEP)

Wired Equivalent Privacy (WEP) is the first security protocol ever put in practice.
Designed in 1997, it has become obsolete but is still used in modern times with older devices.

WEP uses a data encryption scheme that is based on a combination of user- and system-
generated key values. However, it is widely known that WEP is the least secure network type as
hackers have developed tactics of reverse-engineering and cracking the encryption system.

WI-FI PROTECTED ACCESS (WPA)

Wi-Fi Protected Access (WPA) was developed to deal with the flaws that were found
with the WEP protocol. WPA offers features such as the Temporal Key Integrity Protocol
(TKIP) which was a dynamic 128-bit key that was harder to break into than WEP’s static,
unchanging key.
It also introduced the Message Integrity Check, which scanned for any altered packets sent by
hackers, the Temporal Key Integrity Protocol (TKIP), and the pre-shared key (PSK), among
others, for encryption.

WI-FI PROTECTED ACCESS 2 (WPA2)

In 2004, WPA2 brought significant changes and more features to the wireless security
gambit. WPA2 replaced TKIP with the Counter Mode Cipher Block Chaining Message
Authentication Code Protocol (CCMP) which is a far superior encryption tool.
WPA2 has been the industry standard since its inception, on March 13, 2006, the Wi-Fi Alliance
stated that all future devices with the Wi-Fi trademark had to use WPA2.

WPA2-PSK

WPA2-PSK (Pre-Shared Key) requires a single password to get on the wireless network.
It’s generally accepted that a single password to access Wi-Fi is safe but only as much as you
trust those using it. A major vulnerability comes from the potential damage done when login
credentials get placed in the wrong hands. That is why this protocol is most often used for a
residential or open Wi-Fi network.
To encrypt a network with WPA2-PSK you provide your router not with an encryption key, but
rather with a plain-English passphrase between 8 and 63 characters long. Using CCMP, that
passphrase, along with the network SSID, is used to generate unique encryption keys for each
wireless client. And those encryption keys are constantly changed. Although WEP also supports
passphrases, it does so only as a way to more easily create static keys, which are usually
composed of the hex characters 0-9 and A-F.

WPA2-Enterprise
WPA2-Enterprise requires a RADIUS server, which handles the task of authenticating
network user’s access. The actual authentication process is based on the 802.1X policy and
comes in several different systems labeled EAP.
There are just a few components that are needed to make WPA2-Enterprise work. Realistically,
if you already have access points and some spare server space, you possess all the hardware
needed to make it happen.

Because each device is authenticated before it connects, a personal, encrypted tunnel is

effectively created between the device and the network. The security benefits of a properly
configured WPA2-Enterprise grant a near-impenetrable network. This protocol is most often
used by businesses and governments due to its heightened security measures.

SecureW2 is an industry leader in WPA2-Enterprise security solutions – everything from

certificate-based authentication to device onboarding.

WI-FI PROTECTED ACCESS 3 (WPA3)

WP3 is introducing the first major changes to wireless security in 14 years. Some notable
additions for the security protocol are:

Greater protection for passwords

Individualized encryption for personal and open networks
More security for enterprise networks.

WPA3-PSK

To improve the effectiveness of PSK updates to WPA3-PSK offer greater protection by

improving the authentication process.

A strategy to do this uses Simultaneous Authentication of Equals (SAE) to make brute-

force dictionary attacks far more difficult for a hacker. This protocol requires interaction from
the user on each authentication attempt, causing a significant slowdown for those attempting to
brute-force through the authentication process.
WPA3-Enterprise
WPA3-Enterprise offers some added benefits but overall little changes in terms of
security with the jump from WPA2-Enterprise.

A significant improvement that WPA3-Enterprise offers is a requirement for server

certificate validation to be configured to confirm the identity of the server to which the device is
connecting. However, due to the lack of major improvements, it’s not likely to be a quick
transition to WPA3. WPA2 became a standard in 2004, and even today organizations have a
difficult time supporting it on their network. That’s why we came up with a solution that
provides

What are the Main Threats to Wi-Fi Security?

As the internet is becoming more accessible, via mobile devices and gadgets, data
security is becoming a top concern from the public, as it should be. Data breaches and security
malfunctions can cost individuals and businesses thousands of dollars.

It is important to know the threats that are most prevalent in order to be able to implement the
proper security measures.

MAN-IN-THE-MIDDLE ATTACKS
A man-in-the-middle (MITM) attack is an incredibly dangerous type of cyber-attack that
involves a hacker infiltrating a private network by impersonating a rogue access point and
acquiring login credentials.

The attacker sets up hardware pretending to be a trusted network, namely Wi-Fi, in order
to trick unsuspecting victims into connecting to it and sending over their credentials. MITM
attacks can happen anywhere, as devices connect to the network with the strongest signal, and
will connect to any SSID name they remember.

Ethics and Society

Ethics in cyber security is about what decisions are aligned with our values and what is
morally acceptable for both the data owner and the organization. Ethical standards should also
describe how to implement processes for ensuring ethical decision-making. Ethical issues are a
daily occurrence in cyber security.

Why ethic is important in computer security?

In computer security, cyber-ethics is what separates security personnel from the hackers.
It's the knowledge of right and wrong, and the ability to adhere to ethical principles while on the
job.

Computer Ethics

The Ten Commandments of computer ethics have been defined by the Computer Ethics
Institute.
1) Thou shalt not use a computer to harm other people:
2) Thou shalt not interfere with other people's computer work:
3) Thou shalt not snoop around in other people's files:
4) Thou shalt not use a computer to steal:
5) Thou shalt not use a computer to bear false witness:
6) Thou shalt not use or copy software for which you have not paid:
7) Thou shalt not use other people's computer resources without authorization:
8) Thou shalt not appropriate other people's intellectual output:
9) Thou shalt think about the social consequences of the program you write:
10) Thou shalt use a computer in ways that show consideration and respect:

Cybersecurity
Cybersecurity is the state or process of protecting and recovering computer systems,
networks, devices, and programs from any type of cyber-attack. Cyber-attacks are an
increasingly sophisticated and evolving danger to your sensitive data, as attackers employ new
methods powered by social engineering and artificial intelligence to circumvent traditional data
security controls.

The fact of the matter is the world is increasingly reliant on technology and this reliance will
continue as we introduce the next generation of new technology that will have access to our
connected devices via Bluetooth and Wi-Fi.

To keep customer data protected while embracing new technology, intelligent cloud security
solutions should be implemented to prevent unauthorized access and encourage the use of strong
passwords.

The Importance of Cybersecurity

Cybersecurity's importance is on the rise. Fundamentally, our society is more technologically
reliant than ever before and there is no sign that this trend will slow. Data leaks that could result
in identity theft are now publicly posted on social media accounts. Sensitive information like
social security numbers, credit card information and bank account details are now stored in cloud
storage services like Dropbox or Google Drive.

The fact of the matter is whether you are an individual, small business or large multinational, you
rely on computer systems every day. Pair this with the rise in cloud services, poor cloud service
security, smartphones and the Internet of Things (IoT) and we have a myriad of cybersecurity
threats that didn't exist a few decades ago. We need to understand the difference between
cybersecurity and information security, even though the skillsets are becoming more similar.

Governments around the world are bringing more attention to cybercrimes. GDPR is a great
example. It has increased the reputational damage of data breaches by forcing all organizations
that operate in the EU to:

⮚ Communicate data breaches

⮚ Appoint a data protection officer
⮚ Require user consent to process information
⮚ Anonymize data for privacy
The trend towards public disclosure is not limited to Europe. While there are no national laws
overseeing data breach disclosure in the United States, there are data breach laws in all 50 states.
Commonalities include:

⮚ The requirement to notify those affect as soon as possible

⮚ Let the government know as soon as possible
⮚ Pay some sort of fine

California was the first state to regulate data breach disclosures in 2003, requiring persons or
businesses to notify those affected "without reasonable delay" and "immediately following
discovery". Victims can sue for up to $750 and companies can be fined up to $7,500 per victim.

This has driven standards boards like the National Institute of Standards and Technology (NIST)
to release frameworks to help organizations understand their security risks, improve
cybersecurity measures, and prevent cyber-attacks.

Why is Cybercrime Increasing?

Information theft is the most expensive and fastest-growing segment of cybercrime. Largely
driven by the increasing exposure of identity information to the web via cloud services.

But it's not the only target. Industrial controls that manage power grids and other infrastructure
can be disrupted or destroyed. And identity theft isn't the only goal, cyber-attacks may aim to
compromise data integrity (destroy or change data) to breed distrust in an organization or
government.

Cybercriminals are becoming more sophisticated, changing what they target, how they affect
organizations and their methods of attack for different security systems.

Social engineering remains the easiest form of cyber-attack with ransomware, phishing, and
spyware being the easiest form of entry. Third-party and fourth-party vendors who process your
data and have poor cybersecurity practices are another common attack vector, making vendor
risk management and third-party risk management all the more important.

According to the Ninth Annual Cost of Cybercrime Study from Accenture and the Ponemon
Institute, the average cost of cybercrime for an organization has increased by $1.4 million over
the last year to $13.0 million and the average number of data breaches rose by 11 percent to 145.
Information risk management has never been more important.

Data breaches can involve financial information like credit card numbers or bank account details,
protected health information (PHI), personally identifiable information (PII), trade secrets,
intellectual property and other targets of industrial espionage. Other terms for data breaches
include unintentional information disclosure, data leak, cloud leak, information leakage or a data
spill.

Other factors driving the growth in cybercrime include:

 ⮚ The distributed nature of the Internet
⮚ The ability for cybercriminals to attack targets outside their jurisdiction making policing
extremely difficult
⮚ Increasing profitability and ease of commerce on the dark web
⮚ The proliferation of mobile devices and the Internet of Things.

What is the Impact of Cybercrime?

A lack of focus on cybersecurity can damage your business in range of ways including:

Economic costs
‍Theft of intellectual property, corporate information, disruption in trading and the cost of
repairing damaged systems

Reputational cost
‍Loss of consumer trust, loss of current and future customers to competitors and poor media
coverage

Regulatory costs
GDPR and other data breach laws mean that your organization could suffer from
regulatory fines or sanctions as a result of cybercrimes

All businesses, regardless of the size, must ensure all staff understand cybersecurity threats and
how to mitigate them. This should include regular training and a framework to work with to that
aims to reduce the risk of data leaks or data breaches.

Given the nature of cybercrime and how difficult it can be to detect, it is difficult to understand
the direct and indirect costs of many security breaches. This doesn't mean the reputational
damage of even a small data breach or other security event is not large. If anything, consumers
expect increasingly sophisticated cybersecurity measures as time goes on.

Information Privacy
Information privacy is the privacy of personal information and usually relates to personal
data stored on computer systems.
The need to maintain information privacy is applicable to collected personal information,
such as medical records, financial data, criminal records, political records, business related
information or website data. Information privacy is also known as data privacy.

Data privacy, also called information privacy, is the aspect of information technology
(IT) that deals with the ability an organization or individual has to determine what data in a
computer system can be shared with third parties.

What are the 3 Principles of Information Security?

The basic tenets of information security are confidentiality, integrity and availability.
Every element of the information security program must be designed to implement one or more
of these principles. Together they are called the CIA Triad.
Confidentiality
Confidentiality measures are designed to prevent unauthorized disclosure of information.
The purpose of the confidentiality principle is to keep personal information private and to ensure
that it is visible and accessible only to those individuals who own it or need it to perform their
organizational functions.

Integrity
Consistency includes protection against unauthorized changes (additions, deletions,
alterations, etc.) to data. The principle of integrity ensures that data is accurate and reliable and is
not modified incorrectly, whether accidentally or maliciously.

Availability
Availability is the protection of a system’s ability to make software systems and data
fully available when a user needs it (or at a specified time). The purpose of availability is to
make the technology infrastructure, the applications and the data available when they are needed
for an organizational process or for an organization’s customers.

The CIA Triad defines three key principles of data security

Information Security Vs Cybersecurity

Information security differs from cybersecurity in both scope and purpose. The two terms
are often used interchangeably, but more accurately, cybersecurity is a subcategory of
information security. Information security is a broad field that covers many areas such as
physical security, endpoint security, data encryption, and network security. It is also closely
related to information assurance, which protects information from threats such as natural
disasters and server failures.
Cybersecurity primarily addresses technology-related threats, with practices and tools
that can prevent or mitigate them. Another related category is data security, which focuses on
protecting an organization’s data from accidental or malicious exposure to unauthorized parties.

Information Security Policy

 An Information Security Policy (ISP) is a set of rules that guide individuals when using
IT assets. Companies can create information security policies to ensure that employees and other
users follow security protocols and procedures. Security policies are intended to ensure that only
authorized users can access sensitive systems and information.
Creating an effective security policy and taking steps to ensure compliance is an
important step towards preventing and mitigating security threats. To make your policy truly
effective, update it frequently based on company changes, new threats, conclusions drawn from
previous breaches, and changes to security systems and tools.
Make your information security strategy practical and reasonable. To meet the needs and
urgency of different departments within the organization, it is necessary to deploy a system of
exceptions, with an approval process, enabling departments or individuals to deviate from the
rules in specific circumstances.

Top Information Security Threats

There are hundreds of categories of information security threats and millions of known threat
vectors. Below we cover some of the key threats that are a priority for security teams at modern
enterprises.

Unsecure or Poorly Secured Systems

The speed and technological development often leads to compromises in security measures. In
other cases, systems are developed without security in mind, and remain in operation at an
organization as legacy systems. Organizations must identify these poorly secured systems, and
mitigate the threat by securing or patching them, decommissioning them, or isolating them.

Social Media Attacks

Many people have social media accounts, where they often unintentionally share a lot of
information about themselves. Attackers can launch attacks directly via social media, for
example by spreading malware via social media messages, or indirectly, by using information
obtained from these sites to analyze user and organizational vulnerabilities, and use them to
design an attack.

Social Engineering
Social engineering involves attackers sending emails and messages that trick users into
performing actions that may compromise their security or divulge private information. Attackers
manipulate users using psychological triggers like curiosity, urgency or fear.
Because the source of a social engineering message appears to be trusted, people are more likely
to comply, for example by clicking a link that installs malware on their device, or by providing
personal information, credentials, or financial details.
Organizations can mitigate social engineering by making users aware of its dangers and training
them to identify and avoid suspected social engineering messages. In addition, technological
systems can be used to block social engineering at its source, or prevent users from performing
dangerous actions such as clicking on unknown links or downloading unknown attachments.

Malware on Endpoints
 Organizational users work with a large variety of endpoint devices, including desktop
computers, laptops, tablets, and mobile phones, many of which are privately owned and not
under the organization’s control, and all of which connect regularly to the Internet.
A primary threat on all these endpoints is malware, which can be transmitted by a variety of
means, can result in compromise of the endpoint itself, and can also lead to privilege escalation
to other organizational systems.
Traditional antivirus software is insufficient to block all modern forms of malware, and more
advanced approaches are developing to securing endpoints, such as endpoint detection and
response (EDR).

Lack of Encryption
Encryption processes encode data so that it can only be decoded by users with secret
keys. It is very effective in preventing data loss or corruption in case of equipment loss or theft,
or in case organizational systems are compromised by attackers.
Unfortunately, this measure is often overlooked due to its complexity and lack of legal
obligations associated with proper implementation. Organizations are increasingly adopting
encryption, by purchasing storage devices or using cloud services that support encryption, or
using dedicated security tools.

Security Misconfiguration
Modern organizations use a huge number of technological platforms and tools, in
particular web applications, databases, and Software as a Service (SaaS) applications, or
Infrastructure as a Service (IaaS) from providers like Amazon Web Services.
Enterprise grade platforms and cloud services have security features, but these must be
configured by the organization. Security misconfiguration due to negligence or human error can
result in a security breach. Another problem is “configuration drift”, where correct security
configuration can quickly become out of date and make a system vulnerable, unbeknownst to IT
or security staff.
Organizations can mitigate security misconfiguration using technological platforms that
continuously monitor systems, identify configuration gaps, and alert or even automatically
remediate configuration issues that make systems vulnerable.

Active vs Passive Attacks

Information security is intended to protect organizations against malicious attacks. There
are two primary types of attacks: active and passive. Active attacks are considered more difficult
to prevent, and the focus is on detecting, mitigating and recovering from them. Passive attacks
are easier to prevent with strong security measures.

Active Attack
An active attack involves intercepting a communication or message and altering it for malicious
effect. There are three common variants of an active attacks:

● Interruption—the attacker interrupts the original communication and creates new,

malicious messages, pretending to be one of the communicating parties.
● Modification—the attacker uses existing communications, and either replays them to
fool one of the communicating parties, or modifies them to gain an advantage.
 ● Fabrication—creates fake, or synthetic, communications, typically with the aim of
achieving denial of service (DoS). This prevents users from accessing systems or
performing normal operations.

Passive Attack
In a passive attack, an attacker
monitors, monitors a system and
illicitly copies information without
altering it. They then use this
information to disrupt networks or
compromise target systems.
The attackers do not make any
change to the communication or
the target systems. This makes it
more difficult to detect. However,
encryption can help prevent
passive attacks because it
obfuscates the data, making it
more difficult for attackers to
make use of it.