Embed Size (px)
Citation preview
8/2/2019 CS111 - malak
http://slidepdf.com/reader/full/cs111-malak 1/12
ASSIGNMENT TERM 01 2012 | By: Malak
CLASS CODE:CS111
COMPUTER & INFORMATIONPROCESSING
Student ID:
Lecturer Name: Miss Marwah
8/2/2019 CS111 - malak
http://slidepdf.com/reader/full/cs111-malak 2/12
Table of ContentsTable of Contents ..................................................................................................................................2
What are IT attacks? .............................................................................................................................3
Virus Attack ..........................................................................................................................................4
System Compromise .............................................................................................................................5
Spam Mail ............................................................................................................................................5
Port Scanning .......................................................................................................................................6
Website defacement ..............................................................................................................................7
BACKING UP OF IMPORTANT FILES ...........................................................................................8
Acts of Human Error of Failure .......................................................................................................9
Deliberate acts sabotage or vandalism ...........................................................................................10
Deliberate acts of theft ....................................................................................................................10
Deliberate software attacks .............................................................................................................11Forces of nature ..............................................................................................................................11
Technical hardware failure .............................................................................................................12
Technical software failure ..............................................................................................................12
............................................................................................................................................................. 12
References ...........................................................................................................................................12
8/2/2019 CS111 - malak
http://slidepdf.com/reader/full/cs111-malak 3/12
Question 1:
What are IT attacks?
In computer , an attack is any effort to destroy, expose, alter, disable, steal or gain unauthorized
access to or make unauthorized use of an asset. An attack usually is perpetrated by someone with
bad intentions. The general term used to describe the category of software used to logically
attacking computers is called malware. IT Security risk means that there might be unauthorizedaccess to or theft of proprietary data. Common people often post their business email addresses on
external websites. These can be picked up and used to hack into other corporate accounts or flood
employee in-boxes with unwanted spam. Installing unlawful wireless access points also increasesthe risk that outside agents could hack into company servers. It also degrades the quality of the
internal wireless local area network system, subsequently potentially resulting in lost productivity.
A Threat is a potential for violation of security, which exists when there is a circumstance,
capability, action, or event that could violate security and cause harm. That is, a threat is a possible
danger that might develop defencelessness.A threat can be either intentional (e.g., an individual cracker) or "accidental" (e.g., the possibility
of a computer malfunctioning).
8/2/2019 CS111 - malak
http://slidepdf.com/reader/full/cs111-malak 4/12
security threats
Virus Attack A virus is a small piece of software that piggybacks on real programs. A computer virus is a
computer program that can reproduce and stretch from one computer to another. Viruses canincrease their chances of dispersal to other computers by infecting files on a network file system or a file system that is accessed by other computers. The term "virus" is also normally, but incorrectly
used, to refer to other types of malware, including but not limited to adware and spyware programs
that do not have a reproductive ability.
For example, a virus might attach itself to a program such as a spreadsheet program. Each time the
spreadsheet program runs, the virus runs, too, and it has the chance to reproduce (by attaching toother programs) or inflict disaster.
Virus attack belongs to Malware Category. Programs in this category are generally considered to
cause a significant security risk to the user's system and/or information. The actions taken bymalicious programs can take range from stealing the user's confidential data, infecting the
computer resulting in completely crashing the user's computer.
8/2/2019 CS111 - malak
http://slidepdf.com/reader/full/cs111-malak 5/12
System CompromiseA compromised computer is one that has been hacked by a cracker, which is a person who breaks
into a computer's systems with malicious intentions but it can also occur either throughautomation. A compromised system can be used to attack other systems and is generallyconsidered a threat to all other systems connected to a network. Some may do this to send mass
emails. Others may compromise a computer to steal personal information. A compromised system
is more than just a hacked computer. Besides being a threat, a compromised system can also be a problem, exposing many types of sensitive data, such as:
• Social Security numbers (SSN)
• credit card numbers (CC)
• personal information, including passwords to a user’s bank account, e-mail and other on-
line accounts
It is virtually impossible to determine the full scope of an attacker's reach into a compromised
system, and the server should not be trusted for production use. It belongs to network threat.
Spam MailSpam mail has different identities like email spam, junk email or unsolicited bulk email. It is a
subset of electronic spam involving nearly identical messages sent to numerous recipients byemail. Networks of virus-infected computers are used to send about 80% of spam. Spammers
collect email addresses from different places like websites, chat rooms, customer lists, newsgroups,
and viruses which harvest users' address books, and are sold to other spammers.
Real spam is generally e-mail advertising for some product sent to a mailing list or newsgroup.There are different approaches of spam which include appending, image spam, blank spam and
backscatter spam.
Although computer experts are constantly designing better and better ways to filter out unwantedmail, the spammers are also constantly devising ways to get around those technical solutions. It is a
very frustrating situation for users as well as for technical support personnel. It is a basic fact of
Internet life that if you use the Internet, you will get unsolicited email.Spam mail belongs to Spoofing attacks that are aimed at obtaining user account information.
Spoofing identity attacks typically affect data secrecy.
8/2/2019 CS111 - malak
http://slidepdf.com/reader/full/cs111-malak 6/12
Port ScanningPort Scanning is the name for the technique used to identify open ports and services available on anetwork host. It is similar to a thief going through your neighbourhood and checking every door
and window on each house to see which ones are open and which ones are locked. All machines
connected to a LAN or connected to Internet via a modem run many services that listen at well-
known and not so well-known ports. TCP ports are commonly monitored but UDP ports are not.By port scanning the attacker finds which ports are available (i.e., being listened to by a service).
It is sometimes utilized by security technicians to audit computers for vulnerabilities; however, it isalso used by hackers to target victims. It can be used to send requests to connect to the targeted
computers, and then keep track of the ports which appear to be opened, or those that respond to the
request. Port scanning software, in its most basic state, simply sends out a request to connect to the
target computer on each port sequentially and makes a note of which ports responded or seem opento more in-depth probing. Hackers typically utilize port scanning because it is an easy way in
which they can quickly discover services they can break into. They also use port scanners to
conduct tests for open ports on Personal Computers that are connected to the web.Port scanning belongs to unauthorized access threat category.
8/2/2019 CS111 - malak
http://slidepdf.com/reader/full/cs111-malak 7/12
Website defacementWebsite defacement is the replacement of the original home page by a system hacker that breaks
into a web server and alters the hosted website creating one of his own. Defacement is in general akind of electronic graffiti, although recently it has become a means to spread messages by
politically motivated cyber activist or hackers. This is a very general form of attack that seriously
damages the trust and the reputation of a website. Detecting web page defacements is one of themain services for the security monitoring system. Network firewalls cannot guard against all web
vulnerabilities. For precaution we should install additional Web application security to lessen the
defacement risk. It is also important that only a few authorized users are allowed root access to awebsite’s contents.
Website defacement belongs to Spoofing attacks which involve providing fake information about
a principal's uniqueness to obtain unauthorized access to systems and their services.
8/2/2019 CS111 - malak
http://slidepdf.com/reader/full/cs111-malak 8/12
Question 2
BACKING UP OF IMPORTANT FILES
The most important aspect of the computer is DATA. We can reinstall the operating system and sothe applications, but it may be difficult or impossible to recreate the original data.
We should never think "it will never happen to me." While there is certainly a chance that you will
never have a need for the backups you make of your files, if something does happen to your computer you will certainly be glad that you have them. And you do not have to backup your entire
computer, but only the files that are of the most importance to you.
Some things are easily replaced, and there is no need to backup these sorts of things, but thoseirreplaceable documents or files that are yours and yours alone should be saved in a place where
8/2/2019 CS111 - malak
http://slidepdf.com/reader/full/cs111-malak 9/12
they cannot be damaged. That way, no matter what happens to your computer, you can have
security in the fact that all of your files are available in backup.
It is essential that we always back up our important information and have a plan for recoveringfrom a system failure due to the following threats:
• Acts of human error of failure
• Deliberate acts sabotage or vandalism
• Deliberate acts of theft
• Deliberate software attacks
• Forces of nature
• Technical hardware failure
• Technical software failure
Backup should be an essential part of our computing experience if we spend great amounts of time on computer and/or use computer for important personal or business dealings. There are
too many stories of people who have lost all of their files due to certain reasons. When you
backup your files, you are storing your files separately from your computer.
Acts of Human Error of Failure
Employees are among the greatest threats to an organization’s data. Human error in losing data
include
1. Accidental deletions of a file or program,
2. Accidental keystroke
8/2/2019 CS111 - malak
http://slidepdf.com/reader/full/cs111-malak 10/12
3. Accidental formats
4. Misplacement of CDs or Memory sticks
5. Administration errors
6. Inability to read unknown file format
7. Inexperience
8. Improper training
9. Incorrect assumptions
That can happen to anybody at any time regardless of how expensive or sophisticated the storage
device. Keeping 3 or 4 complete copies of your data in multiple places on multiple formatsimproves your chances of recovery.
In the physical environment a potential act of human error or failure can be represented by anemployee accidentally spilling coffee on his or her laptop computer. A compromise to intellectual
property can include an employee without an appropriate security clearance copying a classifiedmarketing plan.
Deliberate acts sabotage or vandalism
This category of threat addresses the individual or group of individuals who want to deliberately
sabotage the operations of a computer system, or perform acts of vandalism to either destroy or
damage the data and the image of the organization. These threats can range from petty vandalism by employees to organized sabotage against an organization. Organizations rely on image so Web
defacing can lead to dropping consumer confidence and sales. Rising threat of hacktivist orcyber-activist operations can lead to the most extreme version is cyber-terrorism.
Deliberate acts of theftThe value of information suffers when it is copied and taken away without the owner’s knowledge.Physical theft can be controlled by using a wide variety of measures used from locked doors to
guards or alarm systems. Electronic theft is a more complex problem to manage and control.
Organizations may not even know it has occurred. Examples include employees stealing computer equipment, credentials, passwords, and laptops.
8/2/2019 CS111 - malak
http://slidepdf.com/reader/full/cs111-malak 11/12
Deliberate software attacksWhen an individual or group designs software to attack systems, they create malicious
code/software called malware, designed to damage, destroy, or deny service to thetarget systems. There may be six types of software attacks:
• Virus• Worms
• Trojan Horses
• Back Door / Trap Door
• Polymorphic Threats
• Virus & Worm Hoaxes
Forces of natureForces of nature or acts of God pose the most dangerous threats, because they are unexpected andcan occur with very little warning. These threats can disrupt not only the lives of individuals, but
also the storage, transmission, and use of information. These include fire, flood, earthquake,
lightning, landslide, mudslide, tornado, severe windstorm, hurricane, typhoon, tsunami as well asvolcanic eruption. Forces of nature disrupt not only individual lives, but also storage, transmission,
and use of information. Organizations must implement controls to limit damage and preparecontingency plans for continued operations.
8/2/2019 CS111 - malak
http://slidepdf.com/reader/full/cs111-malak 12/12
Technical hardware failureTechnical hardware failures or errors occur when a manufacturer distributes to users equipment
containing a known or unknown flaw. These defects can cause the system to perform outside of
expected parameters, resulting in unreliable service or lack of availability. Some errors areterminal, in that they result in the unrecoverable loss of the equipment. Some errors are
intermittent, in that they only periodically manifest themselves, resulting in faults thatare not easily repeated.
Technical software failureThis category of threats comes from purchasing software with unknown, hidden faults. Large
quantities of computer code are written, debugged, published, and sold only to determine that not
all bugs were resolved. Sometimes, unique combinations of certain software and hardware reveal
new bugs. Sometimes, these items aren’t errors, but are purposeful shortcuts left by programmersfor honest or dishonest reasons.
References
Information Technology Risks | eHow.com http://www.ehow.com/info_7954636_information-technology-risks.html#ixzz1ngxCYJ2G
http://ist.mit.edu/security/backup
http://uwacadweb.uwyo.edu/DTC/ThreatList.asp
http://www.utica.edu/faculty_staff/qma/needforsecurity.pdf http://webfuse.cqu.edu.au/Courses/2008/T1/COIT13211/Study_Schedule/tute09.htm
