now i'll explain to you about computer scurity
let's begin
what is computer scurity? yeah,computer scurity is the protection of computing systems and the data that they store or access
computer scurity is scurity applied to computing devices such sd computers and smartphones,as well as computer networks such as private and public networks,including the whole internet.the field covers all the processes and mechanisms by which digitl equipment,information and service are protected from unitended or anauthorized acces,change or dertructuion and is growing importance in line with the increasing reliance on computers system of most societies worldwide.it includes physical security to prevent theft of equipment and informationn scurity to protect on that equipment.it is some times referred to as "cyber scurity "or "IT scurity :,through these terms generally do not refer to phsycal scurity (locks an such).
and what is CyberScurity? it is the process of applying scurity measures
computer scurity is scurity applied to computing devices such sd computers and smartphones,as well as computer networks such as private and public networks,including the whole internet.the field covers all the processes and mechanisms by which digitl equipment,information and service are protected from unitended or anauthorized acces,change or dertructuion and is growing importance in line with the increasing reliance on computers system of most societies worldwide.it includes physical security to prevent theft of equipment and informationn scurity to protect on that equipment.it is some times referred to as "cyber scurity "or "IT scurity :,through these terms generally do not refer to phsycal scurity (locks an such).
and what is CyberScurity? it is the process of applying scurity measures
why is computer scurity important?
computer scurity allows the university to carry out its mission by :
- enabling people to carry out the jobs,educations and research
- supporting critical business process
- protecting personal and sensitive information
many types of malicious code include the following :
- e-mail and other types of viruses
- trojan and other backdoors
- worms
- blended threats
- time boms
- spyware
- adware
- stealware
- denial of service attack
E-MAIL AND OTHER VIRUSES
examples of what Trojans allow remote users controling the Trojan to do include th efollowing :
TROJANS AND OTHER BACKDOORS
- remove files from the infected coputer
- download files to the infected computer.
- make registry changes the infected computer
- delete files on infected computer
- steal password and other confidental information
- log keystrokes of the computer user
- .rename files on the infected computer
- disable a keyboard,mouse or other peripherals
- shut down or reboot the infected computer
- run selected applications or terminate open applications
- disable virus protection or other computer scurity software
BACKDOORS
a backdoor in a computer system,a cryptosystem or an algorithm,is a method of bypassing normal authentification securing remote access to a computer,obtaining access to plaintext,and so on, while attempting to remain undetected. A special from of asymmetric encryption attacks,know as kleptographic attack,resist to be useful to the reverse engineer even after it is detected and analyzed.
the backdoors may take form of an installed program (e.g.,back orifice),or could be a modification to an existing program or hardware device.
WORMS
a worms is a malicious program that origintes on a single computer and search for other computer connected through a local area network (LAN) or Internet connection.when a worm finds another computer,it replicate. A worm continoues to attemot to replicate it self indefinitely or until a self-timing mechanism halts the process.
this is figure the illustraci
BLENDED THREAT
malicious code that is referred to as a blended threat is code that can replicate itself in more than oen mamer,can have more than one typr of trigger and can have multiple task capabilities.A blended threat attack can also plant a trojan on a computer The trigger can be set off by an e-mail program action or a Web surfing action. Malicious code writers have become sophisticated in blending the characteristics and capabilities of multiple threat types. This is part of the ongoing knowledge-building process in the malicious code–writing community.
TIME BOMBS
one of the first forms of malicious code was a time bomb (or logic bomb),which,when installed,is a dormant code that can be trigged at a future date by a specific event or circumstance.triggers can be a specific date and time or even a cumulative number of system start.
SPYWARE
unlike other exploits,denial of service attacks aren't used to gain unauthorized access or control of a system.they are intead designed to render it unusable.
attackers can deny service to individual victims,such as by deliberately entering a wrong password enough cansecutive times to cause the victim account to be locked,or they may averload the capabilities of a machine or network and block all users at once.
these type of attack are,in practice,very hard to prevent,because the behaviour of whole networks needs to be analyzed,not only the behaviour of small pieces of code.
distributed denial of service (DDoS) attacks are common,where a large number of compromised hosts (commonly referred to s "zombie computers",used as part of a botnet with,for example a worm,trojan horsem or blackdoors exploit to control them) are used to flood a terget system with network request,thus attempting to render it unusable through resource exhaustion.
the backdoors may take form of an installed program (e.g.,back orifice),or could be a modification to an existing program or hardware device.
WORMS
a worms is a malicious program that origintes on a single computer and search for other computer connected through a local area network (LAN) or Internet connection.when a worm finds another computer,it replicate. A worm continoues to attemot to replicate it self indefinitely or until a self-timing mechanism halts the process.
this is figure the illustraci
malicious code that is referred to as a blended threat is code that can replicate itself in more than oen mamer,can have more than one typr of trigger and can have multiple task capabilities.A blended threat attack can also plant a trojan on a computer The trigger can be set off by an e-mail program action or a Web surfing action. Malicious code writers have become sophisticated in blending the characteristics and capabilities of multiple threat types. This is part of the ongoing knowledge-building process in the malicious code–writing community.
TIME BOMBS
one of the first forms of malicious code was a time bomb (or logic bomb),which,when installed,is a dormant code that can be trigged at a future date by a specific event or circumstance.triggers can be a specific date and time or even a cumulative number of system start.
The term spywareis
used to describe any computer technology that gathers information about a
person or organization without their knowledge or consent. Spyware can be
installed on a computer through several covert means, including as part of a
software virus or as the result of adding a new program.
Note that the terms
spyware, stealware, and adware are sometimes used to describe the same or
similar types of malicious code. Several states, including Utah, Iowa,
California, and New York, are working on legislation to ban or control spyware.
In addition, the U.S. Congress is also considering new laws.
Spyware is used to
gather information such as recorded keystrokes (passwords), a list of Web sites
visited by the user, or applications and operating systems that are installed
on the computer. Spyware can also collect names, credit card numbers, and other
personal information. It is usually placed on a computer to gather information
about a user that is later sold to advertisers and other interested parties.
The information gathered by spyware is often combined with other databases to
create profiles of individuals, families, work groups, or even entire
companies. Such profiles are mainly used for direct marketing purposes. Figure
2.5 illustrates how spyware typically works.
Adware
Adware
Several advertising
networks have been accused of using a form of malicious code called Web bugs to
collect information about computer users to assist in the compilation of
personal profiles. These bugs can collect information about the Web sites that
Internet users visit and what they do at those Web sites. The information can
be stored in databases and used to select what types of banners or
advertisements users are shown.
Large Web sites that
request or require information from visitors in exchange for custom pages or
specialized sales approaches usually require that visitors accept cookies onto
their computers. The type of cookie that the Web site sends to the visitor’s
computer is sometimes referred to as a Web bug. Note that the terms spyware,
stealware, and adware are sometimes used to describe
the same or similar
types of malicious code.
The Web sites that are
using adware code claim that they take these actions to improve the customer
experience. The flip side of that perspective is that if users have a better
experience, they will spend more money at the Web site.
This tactic seems
harmless enough on the surface, but the danger is in what the Web site owners
ultimately do with the information collected. Web site owners usually post a
privacy policy assuring you that your privacy is protected. Most privacy
policies are oblique at best and are designed to provide the Web site owner
with maximum flexibility on how the data is used. Figure 2.6 illustrates how
adware can work.
unlike other exploits,denial of service attacks aren't used to gain unauthorized access or control of a system.they are intead designed to render it unusable.
attackers can deny service to individual victims,such as by deliberately entering a wrong password enough cansecutive times to cause the victim account to be locked,or they may averload the capabilities of a machine or network and block all users at once.
these type of attack are,in practice,very hard to prevent,because the behaviour of whole networks needs to be analyzed,not only the behaviour of small pieces of code.
distributed denial of service (DDoS) attacks are common,where a large number of compromised hosts (commonly referred to s "zombie computers",used as part of a botnet with,for example a worm,trojan horsem or blackdoors exploit to control them) are used to flood a terget system with network request,thus attempting to render it unusable through resource exhaustion.
SPOOFING
spoofing or user identity describes a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.
TAMPERING
tampering describe an intentional modification af products in a way that would make them harmful to the consumer.
REPUDIATION
repudiation describes as a situation where the authenticity of a signature is being challenged.
EXPLOSIT
an explosit (from the same word the french language,meaning "achievment".or "accomplishment") is a piece of software,a chunk of data,or sequence of commands that take advantage of a software "bug" or "glitch" in order to cause unintended or unanticipated behaviour to occur on computer software,hardware or something electronic (usually computerized).this frequently includes such things as gaining control of computer system or allowing privilege escalation or a denial of service attack.the term "exploit" generally refers to small programs dsigned to take advantage of a software flaw taht has been discovered,either remote or local.the code from the exploid program is frequently reused in trojan horses and computer viruses. in some cases, a vulnerability can lie in certain programs' processing of a specific file type,such as a non-executable media file.some curity web sites maintain lists of currently known unpatched vulnerabilities found in common programs (see "external links" below)
STEALWARE
stealware is another name oftn associated with web bugs or spyware .it's often used by web sites that have various types of affiliate marketing programs or that are members of affiliate markering plans.some peer to peer software applications are reported to have stealware attributes.note that the terms spyware,stealware and adware are sometimes used to describe same or similar types or malicious code.
SOCIAL ENGENEERING
Memanfaatkan sisi-sisi
kelemahan manusia untuk mendapatkan informasi tentang kode login, dan kode-kode
keamanan lainnya (Cara paling mudah untuk mendapatkan password adalah dengan
memintanya)
FAKE ANTI-VIRUS
cyber criminals knows this and take advantage of the fact.cyber criminlas have created thousands of websites that pretend to shell legitimate anti-virus software.when you connect to these wbsites the pretend to scan your computer is infected.they then recommend you buy and download their software,which will fix your infected computer.they wbsites are very profesional looking,with what appear to be real logos,costumer reviews and even rating.however,all of these are a lie. the anti-virus software is fakeif you download and install the program the software will infact your computer,giving cyber criminals total control of your computer .only download and install anti-virus software (or any software ) froms websites you know and trust.
MALICIOUS EMAIL
another common attack is through email.email is one of the most common methods used for attack because so many people around the world use it.also,with email it is very easy for cyber criminals will create official looking emails that look like they come from popular sites such as facebook,well known banks or trusted goverment organization.these emails are lies,usually any attachments are infected or any links take you to malicious websites that will attack your computer.
the best defense is to not unless you were expecting it.
SCAMS
finally,criminals arn't on;y after your computer but your money.once again,often the easiest way to steal something is to simpl ask fot it.oen way criminals do this is with scams,such as lottery scams.these emails explain that you have won the lottery.to collect you money you are requested to contact a person and give them banking information.the criminals then require you to pay a transaction fee or taxes to get your lottery winnings.once again this is all a lie,one you give up your information and pay the fee or taxes,the cyber criminals disappear,never to return .your banking information and money have just been stolen.the best way to protect yourself is simply to delete such email.if it sounds too good to be true,it most likely is.
that is all..
tanks to read my article and,wish we are rich knowlage
tanks to read my article and,wish we are rich knowlage
0 komentar:
Posting Komentar