Accounting Information Systems

Similar documents
CHAPTER 8 SECURING INFORMATION SYSTEMS

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

Ethical Hacking and Prevention

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Ethical Hacking. Content Outline: Session 1

Mobile MOUSe HACKING REVEALED ONLINE COURSE OUTLINE

Personal Cybersecurity

SECURE USE OF IT Syllabus Version 2.0

ECDL / ICDL IT Security. Syllabus Version 2.0

INF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015

Guide to Network Security First Edition. Chapter One Introduction to Information Security

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Chapter 10: Security and Ethical Challenges of E-Business

Chapter 6 Network and Internet Security and Privacy

Cyber Security Practice Questions. Varying Difficulty

Curso: Ethical Hacking and Countermeasures

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

Principles of Information Security, Fourth Edition. Chapter 2 The Need for Security

Technology in Action 12/11/2014. Cybercrime and Identity Theft (cont.) Cybercrime and Identity Theft (cont.) Chapter Topics

Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright Chapter 12 1

4 Information Security

Securing Information Systems

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Endpoint Security - what-if analysis 1

About The Presentation 11/3/2017. Hacker HiJinx-Human Ways to Steal Data. Who We Are? Ethical Hackers & Security Consultants

Identity Theft, Fraud & You. PrePare. Protect. Prevent.

Securing Information Systems

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Web insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.

Chapter 4 Network and Internet Security

3.5 SECURITY. How can you reduce the risk of getting a virus?

Chapter 9 Security and Privacy

Security, Privacy and Authentication. Michael Power Gowling Lafleur Henderson LLP

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

NETWORK SECURITY. Ch. 3: Network Attacks

Security and Authentication

Securing Information Systems

Webomania Solutions Pvt. Ltd. 2017

Introduction to Computing

Sizing and Scoping ecrime

Access Controls. CISSP Guide to Security Essentials Chapter 2

Unique Phishing Attacks (2008 vs in thousands)

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

POST GRADUATE DIPLOMA IN CYBER SECURITY (PGDCS)

CS System Security Mid-Semester Review

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Securing Information Systems Barbarians at the Gateway

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

Web Application Security. Philippe Bogaerts

CTS2134 Introduction to Networking. Module 08: Network Security

Online Security and Safety Protect Your Computer - and Yourself!

Network Security Issues and New Challenges

SYLLABUS DATE OF LAST REVIEW: 012/2016 CIP CODE: Departmental Syllabus SEMESTER: Information Assurance COURSE TITLE: CIST0225 COURSE NUMBER:

Chapter 4. Network Security. Part I

CS System Security 2nd-Half Semester Review

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

Protection and Security

JPCERT/CC Incident Handling Report [January 1, March 31, 2018]

GCIH. GIAC Certified Incident Handler.

Phishing Activity Trends Report January, 2005

Bank Infrastructure - Video - 1

e-commerce Study Guide Test 2. Security Chapter 10

Computer Security. Assoc. Prof. Pannipa Phaiboonnimit. Adapted for English Section by Kittipitch Kuptavanich and Prakarn Unachak

Securing Information Systems

SECURITY ON PUBLIC WI-FI New Zealand. A guide to help you stay safe online while using public Wi-Fi


White paper. Common attacks and counter measures. How Keytalk helps protect against sniffing, man in the middle, phishing and trojan attacks

Security Testing. Who, What, When and How of Security Testing. Heidi Harmes-Campbell.

MPEG Frame Types intrapicture predicted picture bidirectional predicted picture. I frames reference frames

KASPERSKY FRAUD PREVENTION FOR ENDPOINTS

QUARTERLY TRENDS AND ANALYSIS REPORT

Cybersecurity glossary. Please feel free to share this.

Certified Cyber Security Analyst VS-1160

The Tension. Security vs. ease of use: the more security measures added, the more difficult a site is to use, and the slower it becomes

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Quick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Security Awareness. Chapter 2 Personal Security

NHS South Commissioning Support Unit

Copyright

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

DumpsTorrent. Latest dumps torrent provider, real dumps

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Unit 2 Assignment 2. Software Utilities?

Hacking Terminology. Mark R. Adams, CISSP KPMG LLP

Communication Networks ( ) / Fall 2013 The Blavatnik School of Computer Science, Tel-Aviv University. Allon Wagner

C h a p t e r. Viruses. Crypto-malware. Ransomware. Worm. Trojan. Rootkit. Keylogger. Adware. Spyware. Bots RAT. Logic bomb.

CompTIA Security+ (Exam SY0-401)

Securing Information Systems

5. Execute the attack and obtain unauthorized access to the system.

Language-Based Protection

The Security Problem

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

Certified Ethical Hacker (CEH)

Security+ CompTIA Certification Boot Camp

13 Ways Through A Firewall What you don t know will hurt you

GAQM Exam CEH-001 Certified Ethical Hacker (CEH) Version: 6.0 [ Total Questions: 878 ]

Transcription:

Accounting Information Systems Fourteenth Edition Chapter 6 Computer Fraud and Abuse Techniques ALW AYS LEARNING

Learning Objectives Compare and contrast computer attack and abuse tactics. Explain how social engineering techniques are used to gain physical or logical access to computer resources. Describe the different types of malware used to harm computers.

Types of Attacks Hacking Unauthorized access, modification, or use of an electronic device or some element of a computer system Social Engineering Techniques or tricks on people to gain physical or logical access to confidential information Malware Software used to do harm

Hacking Hijacking Gaining control of a computer to carry out illicit activities Botnet (robot network) Zombies Bot herders Denial of Service (DoS) Attack Spamming Spoofing Makes the communication look as if someone else sent it so as to gain confidential information.

Forms of Spoofing E-mail spoofing Caller ID spoofing IP address spoofing Address Resolution (ARP) spoofing SMS spoofing Web-page spoofing (phishing) DNS spoofing

Hacking with Computer Code Cross-site scripting (XSS) Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user. Buffer overflow attack Large amount of data sent to overflow the input memory (buffer) of a program causing it to crash and replaced with attacker s program instructions. SQL injection (insertion) attack Malicious code inserted in place of a query to get to the database information

Other Types of Hacking Man in the middle (MITM) Hacker is placed in between a client (user) and a host (server) to read, modify, or steal data. Masquerading/impersonation Piggybacking Password cracking War dialing and driving Phreaking Data diddling Data leakage Podslurping

Hacking Used for Embezzlement Salami technique: Taking small amounts at a time Round-down fraud Economic espionage Theft of information, intellectual property, and trade secrets Cyber-extortion Threats to a person or business online through e-mail or text messages unless money is paid

Hacking Used for Fraud Internet misinformation E-mail threats Internet auction Internet pump and dump Click fraud Web cramming Software piracy

Social Engineering Techniques Identity theft Assuming someone else s identity Pretexting Using a scenario to trick victims to divulge information or to gain access Posing Creating a fake business to get sensitive information Phishing Sending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive data Pharming Redirects Web site to a spoofed Web site URL hijacking Takes advantage of typographical errors entered in for Web sites and user gets invalid or wrong Web site Scavenging Searching trash for confidential information Shoulder surfing Snooping (either close behind the person) or using technology to snoop and get confidential information Skimming Double swiping credit card Eavesdropping

Why People Fall Victim Compassion Desire to help others Greed Want a good deal or something for free Sex appeal More cooperative with those that are flirtatious or good looking Sloth Lazy habits Trust Will cooperate if trust is gained Urgency Cooperation occurs when there is a sense of immediate need Vanity More cooperation when appeal to vanity

Minimize the Threat of Social Engineering Never let people follow you into restricted areas Never log in for someone else on a computer Never give sensitive information over the phone or through e-mail Never share passwords or user IDs Be cautious of someone you don t know who is trying to gain access through you

Types of Malware Spyware Secretly monitors and collects information Can hijack browser, search requests Adware, Scareware Ransomware Locks you out of all your programs and data using encryption Keylogger Software that records user keystrokes Trojan Horse Malicious computer instructions in an authorized and properly functioning program Trap door Set of instructions that allow the user to bypass normal system controls Packet sniffer Captures data as it travels over the Internet Virus A section of self-replicating code that attaches to a program or file requiring a human to do something so it can replicate itself Worm Stand alone self replicating program

Cellphone Bluetooth Vulnerabilities Bluesnarfing Stealing contact lists, data, pictures on bluetooth compatible smartphones Bluebugging Taking control of a phone to make or listen to calls, send or read text messages

Key Terms (1 of 3) Hacking Hijacking Botnet Zombie Bot herder Denial-of-service (DoS) attack Spamming Dictionary attack Splog Spoofing E-mail spoofing Caller ID spoofing IP address spoofing MAC address Address Resolution Protocol (ARP) spoofing SMS spoofing Web-page spoofing DNS spoofing Zero day attack Patch Cross-site scripting (XSS) Buffer overflow attack SQL injection (insertion) attack Man-in-the-middle (MITM) attack Masquerading/impersonation Piggybacking

Key Terms (2 of 3) Password cracking War dialing War driving War rocketing Phreaking Data diddling Data leakage Podslurping Salami technique Round-down fraud Economic espionage Cyber-extortion Cyber-bullying Sexting Internet terrorism Internet misinformation E-mail threats Internet auction fraud Internet pump-and-dump fraud Click fraud Web cramming Software piracy Social engineering Identity theft Pretexting Posing Phishing vishing

Key Terms (3 of 3) Carding Pharming Evil twin Typosquatting/URL hijacking QR barcode replacements Tabnapping Scavenging/dumpster diving Shoulder surfing Lebanese looping Skimming Chipping Eavesdropping Malware Spyware Adware Torpedo software Scareware Ransomware Keylogger Trojan horse Time bomb/logic bomb Trap door/back door Packet sniffers Steganography program Rootkit Superzapping Virus Worm Bluesnarfing Bluebugging

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback