Provides a general overview of digital security in terms of threats and protective measures and practices. (Follows Cengage text, Module 7)

1. S
Digital Security
Securing Your System:
Protecting Your Digital Data and Devices
CSC 103

2. Encryption - Decryption
 encryption: The process of scrambling
or hiding data or information so that it
cannot be understood without the key
necessary to view it in its original form.
 plaintext: An original, unencrypted
message or file.

3. Encryption - Decryption
 ciphertext: An encrypted message or file.
 decryption: The process of removing the
encryption to produce clear text.
 cryptographic key: A specific word,
number, or phrase that must be used to
encrypt or decrypt data.

4. Encryption - Decryption

5. Encryption - Decryption
 cryptographic
algorithm:
A specific procedure
for encrypting and
decrypting data.
One letter stands
for another

6. What can be encrypted?
 Data sent over wired and wifi networks
 Credit Card Info, Bank Account Info
 Personal Information
 Storage volumes
 Individual files

7. User Authentication
 The process of verifying the identity
of an entity that is attempting to
access a device, network, or web site.
 Examples: passwords, PIN’s,
fingerprint scans, facial recognition.

8. Two-factor Authentication
 verifying identity
based on two
devices, such as a
password (computer)
and a verification
code (phone).

9. Hacking Passwords
 Brute force attack: uses password-
cracking software to generate every
possible combination of letters, numerals,
and symbols.
 Dictionary attack: hackers guess your
password by stepping through a dictionary
containing word lists and common
mutations of words.

10. Password Protection
 Be smart and secure about your passwords.
 Use different passwords for different sites.
 Don’t use terms that people can find on
Social Media - birthdays, addresses,
anniversaries, kids names, pet names,
spouses, etc.

11. Most Popular Passwords
internethealthreport.org

12. Online Threats:
Malware
 Malware: malicious software.
 Can gather information though keystrokes.
 Can infect your registry, system files, etc. in
the form of viruses and worms.
 Can lead to extortion – holding your
computer ransom for money

13. Computer Viruses
 Computer program (malware) that attaches itself
to another computer program (host) and
attempts to spread/replicate itself to other
computers when files are exchanged.
 Requires human interaction to spread
 Some are less dangerous than others.
 Can be eradicated with anti-virus software as
long as anti-virus software is up to date.

14. Spreading Viruses
 Code Injection: is the process of
modifying an executable file or data
stream by adding additional commands.
 Side-loading: a process where an app
from an un-official app store is installed
on a device.

15. How to Catch a Virus
 Downloading infected audio & video
files from “free” sites.
 Downloading fake plug-ins (Flash).
 Email attachments (opening)
 Pop-ups or fake update pop-ups

16. Rootkit Viruses
 Code that is designed to hide the existence
of processes and privileges.
 By bypassing system privileges and
settings, hackers can become shadow
administrators with access to all data
on a device or network.

17. Worms
 Program that can self distribute
and replicate without any human
interaction.
 Types: mass-mailing worm, internet
worm and file-sharing worm

18. Script & Macro Viruses
 Script: list of commands (mini-programs
like JavaScript) that can be executed on a
computer without user interaction.
 Macros: a single instruction that expands
automatically into a set of
instructions/actions that perform a
particular task. (Excel, Word)

19. Trojan Horses
 Trojan Horse: appears to be something useful
or desirable (game or a screen saver), but works
maliciously in the background.
 Can install backdoor programs or rootkits
that Can hide in or modify system files.
 Can allow hackers access or take control of
computer without your knowledge - computer
becomes a zombie.

20. Virus Symptoms
 Strange icons appear
 Unusual home page
 Odd messages, pop-ups
or sounds
 Corrupt files
 Programs can’t launch
 Computer shuts down without warning

21. Anti-Virus Software
 Popular products:
Symantec, Kaspersky,
AVG, Avira, Avast
McAfee, Norton
 Run a scan once a week.
Keep updated.

22. Anti-Virus Software
How they Work:
 Detect: They look for a virus signature
(a portion of code unique to a virus)
 Stop Execution:
Quarantine the virus in a secure area.
 Prevention: Inoculates by recording key
attributes of files and by comparing files
when scanning.

23. Online Threats:
Spyware
 Spyware: malware that sits on your computer
and spies on you and can transmit information
about you.
 Adware: monitors web browsing activity to
supply data to generate targeted ads.
 Keyloggers can gather information though
keystrokes and browsing habits.
 Man-in-the-middle: Monitor communications

24. Online Threats:
Phishing & Spear Phishing
 Phishing: Encourages you to download or click
on links and provide personal info or bank
account numbers, etc. Can pose as real
company, representative – check URLs, links,
email addresses, etc.
 Spear phishing can be more targeted to a
specific individual or department.
 Spoofing: Pretend to be someone you’re not,
Altered MAC address or IP address.

25. Zero-Day Attacks
 Vulnerabilities that have not yet been
discovered.
 Hackers keep these vulnerabilities to
themselves.
 White Hat Hackers: Share these with
developers.

26. Denial of Service Attacks
 DoS: attack that occurs when legitimate users
are denied access to a computer system because
a hacker is repeatedly flooded by requests that
tie up its resources.
 Can be sent by botnet, (group of robot
programs) to run on network of zombie
computers.

27. Ransomware
 Your data files (docs, pictures, music,
videos, etc.) are encrypted (held hostage)
until you pay for decryption key (to
untraceable payment system.
 Your OS will still run.
 Huge problem if personal files are not
backed up.

28. Email & Encryption Viruses
 Email viruses: uses the address book in the
victim’s e-mail system to distribute itself.
 Encryption Viruses: (aka Ransomware)
malicious program that searches for common
data files and compresses them into a file
using a complex encryption key rendering
files unusable. You then receive a message to
send payment in order to fix.

29. Online: Cookies
 Cookies: small text file that some websites
automatically store on a client computer’s
hard drive when a user visits the site.
 Cookies are not malicious. Some sites may
not work without it. Helps fill in forms and
remember your status for shopping, etc. But
they will remember your browsing habits.

30. Hackers
 White hat:
Ethical, want to expose weaknesses
or flaws for various reasons
 Black hat:
Destructive, illegal pursuits
 Grey Hat:
Tow the line, may want
to sell services, land a job.

31. Hacker Tools
 Keylogger:
spyware program that monitors keystrokes in
order to steal passwords, login IDs, or credit
card information.
 Packet Analyzer (sniffer):
device or software program designed to
detect and record digital information being
transmitted over a network (packets).

32. Protecting Yourself
 Firewalls: help protect the ports of your
networks and computers and keep IP
addresses more secure.
 Mac OSX and Windows come with firewall
protection as do routers.

33. Protecting Yourself
 Be smart about what sites you visit.
If you visit questionable sites, clear your history,
cache, and your session cookies. If it doesn’t feel
right, or look right, get out.
 Backup Your Data: Cloud, external drives, flash
drives, etc.
 Run your Operating System Software updates –
many include security fixes.