ECS - Cyber Attacks and Cyber Security Lesson

Cyber Attacks and Cyber Security

cyberattack.png

You have probably heard of the terms hacker and cracker.  Both terms are used to refer to an intruder who breaks into a computer system; however, hackers can break into computer systems legally to expose holes in computer systems while crackers break into a system illegally for personal gain.  Hackers also gain unauthorized access to computers, which is illegal. Sometimes hackers are hired to identify vulnerabilities in computer systems, which is legal. Some intrusions occur due to backdoors left by programmers and administrators for their convenience.  The backdoors provide shortcuts into programs created by system designers to expedite system maintenance. You discovered from previous units that unauthorized access can be gained by phishing exploits and viruses. Dumpster diving is also used to obtain personal information and documents from individuals and businesses. There are several methods hackers and crackers use to gain access to computers. Security mangers have divided the attacks into four categories to include access, modification, denial of service, and repudiation.  

Access attacks include snooping, eavesdropping, and interception and can take place in the form of looking for information in a person's workspace or tapping into a network using a sniffer which is a software program that allows the user to listen in on network traffic.  Modification attacks alter information illegally and can occur on devices where the information resides or when the information is in transmit. When this type of attack occurs, information is deleted, modified, or created. Denial-of-service attacks (DOS) prevent valid users from using resources.  This type of attack can make information, applications, systems, and communication unavailable.  Repudiation attacks remove evidence that an event occurred.

Cyber attacks occur frequently but there are steps you can take to secure your intellectual property and computer.  Information was shared in previous modules about the importance adhering to computer safeguards to ensure your personal information and computer hardware is protected. The safeguards below are being used by individuals and businesses to combat cyber crime.

  • Creation of an acceptable use policy.  The policy reveals who can access computers and networks.
  • Virtual private networks (VPN). A virtual private network is a setup in which a private connection is established within a larger network but is restricted to authorized users.
  • Creation of a disaster recovery plan. The plan can be used to minimize any disruption a disaster might create.  The plan should address data storage and recovery, centralized and distributed systems recovery, end-user recovery, network backup, internal and external data and voice communication restoration, emergency management and decision making, and customer service restoration.
  • Biometrics. This process uses biological identification such as fingerprints, voice recognition, or retinal scans.

Dumpster Diving - The process of picking through an individual's or company's trash to obtain confidential information.

Career Spotlight - Computer Forensics

Individuals pursuing a career in computer forensics assist in the investigation of crimes by collecting and analyzing physical evidence. Forensic science technicians reconstruct crime scenes by carefully studying information gathered by investigators and testing physical evidence. If you are considering a career in this field, the outlook is positive and it is estimated that the job growth in this area will increase through the year 2020 – 2030 according to the Occupational Outlook Handbook.  

[CC BY 4.0] UNLESS OTHERWISE NOTED | IMAGES: LICENSED AND USED ACCORDING TO TERMS OF SUBSCRIPTION