IS Security and Privacy

1. Hacker
   1. An expert in tech who use their knowledge to break into a comp or comp network either for profit or simply for the challenge
   2. Hacker Weapons

      Anotações:

      • PAGE 293 in book
      1. Hoaxes

         Anotações:

         • transmits a virus using a hoax virus with a real one attached
      2. Malicious Code

         Anotações:

         • includes a variety of threats including viruses, worms, and Trojan horses
         1. Denial of Service (DOS) attack

            Anotações:

            • Floods a website with so many requests for service that it slows down or crashes the site
         2. Virus
            1. Trojan-Horse Virus
         3. Worm

            Anotações:

            • Spreads itself not only from file to file, but also from computer to computer. Different then a virus because a WORM does not need to attach to anything to spread and can tunnel itself into computers
         4. distributed DOS (DDOS) attack

            Anotações:

            • Similar to DOS except that it attacks from multiple computers. Ping of Death-When thousands of computers try to access a website simultaneously, overloading it and causing it to shut down 
      3. Packet Tampering

         Anotações:

         • altering packets of data as they travel over the internet or intercept to eavesdrop (think class example when Anderson had a kid throw a paper ball) or altering data on comp disks after penetrating a network
      4. Sniffer

         Anotações:

         • A program or device that can monitor data as it travels over a network-Sniffer can pull all data like passwords, cc info, etc Fav weapon in Hackers arsenal
      5. Spoofing

         Anotações:

         • Forging the address of an email to appear to be coming from that user-NOT A VIRUS but a way to spread viruses
      6. Spyware

         Anotações:

         • Special class of adware that collects user data and transmits it over the web without the user knowing

Anotações:

• information security policies can help 

1. problem is that you have careless or malicious people ,such as:
   1. Insider

      Anotações:

      • A real user who purposely or accidentally misuses their access to an environment and causes some sort of business-affecting incident
      1. Social Engineering

         Anotações:

         • Hackers use social skills to trick people into revealing access credentials or other valuable info

1. DATA: Prevention and Resistance
   1. Content Filtering
   2. Encryption

      Anotações:

      • scrambles info and needs a key or password to decrypt
   3. Firewall

      Anotações:

      • Firewalls are like bouncers that monitors what goes in and out
   4. What is an example of prevention and resisitance
2. 3 areas that Technology can help with information security
   1. People: Authentication and Authorization
      1. Authentication

         Anotações:

         • confirm user identity
         1. What is an example of Authentication and Authorization
            1. Biometrics

               Anotações:

               • ID of users based on physical characterisitics
            2. Smart Card

               Anotações:

               • A device that can store info or small software to perform some limited processing like a key card, data storage device, form of digital cash
            3. Token

               Anotações:

               • Small electronic devices that change user passwords automatically
      2. Authorization

         Anotações:

         • Once you have identified yourself through authentication then the system determines what level of access privileges
      3. And
      4. Prevents
         1. Phishing

            Anotações:

            • a technique used to gain personal information for the purpose of identity theft -usually done by fraudulent emails that look like they came for legit businesses asking for you to provide some sort of important info
   2. Attack: Detection and Response
      1. Intrusion Detection Software
      2. What is an example of Detection and Response

         Anotações:

         • Intrusion Detection Software (IDS) Like a network policeman looking for suspicious things happening