Computer Security Essentials

Cookies

  • Small text files stored by a browser to identify and customize user sessions.
  • First-party: set by the visited site; Third-party: set by external domains for tracking.
  • Risks: profiling, sale of browsing data, surveillance by corporate/government entities.
  • Management options: delete, block (all or third-party), or allow via browser settings.

Cyberattacks & Cybercrime

  • Cyberattack: deliberate misuse of systems; aims — disable services or gain unauthorized data access.
  • Cybercrime: any criminal act using computers; now earns more than illegal drug trade.
  • Cyberterrorism: politically/ideologically driven attacks on critical infrastructure.
  • Cyberbullying & Cyberstalking: repeated online harassment of individuals.

Malware Categories

  • Virus: code that needs execution to replicate & damage files/system.
  • Worm: self-replicating across networks, exhausts bandwidth/storage.
  • Trojan: looks legitimate, executes hidden malicious tasks; no self-replication.
  • Rootkit: hides deeply, provides backdoor control at every boot.
  • Spyware: silently records browsing, keystrokes, credentials.
  • Adware: gathers browsing history to push targeted ads.
  • Ransomware: encrypts data, demands payment (often in bitcoin) for decryption.
  • Keylogger: hardware/software recording every keystroke.

Network-Based Threats

  • DoS: floods a single target with requests, exhausting resources.
  • DDoS: distributed DoS via botnet zombies, amplifying traffic volume.
  • Botnet/Zombie: group of compromised machines under hacker control.
  • Packet Sniffer: tool capturing network packets; legitimate for diagnostics, illicit for data theft.

Email & Web Scams

  • Phishing: spoofed messages and sites that steal credentials; may include convincing logos/URLs.
  • Pharming: malware or DNS poisoning redirects victims to fake sites.
  • Spam (UBE): unsolicited bulk e-mail; ~50\% of all e-mails.
  • Macro Virus: malicious macro embedded in documents/spreadsheets.

Protective Tools & Techniques

  • Firewall: hardware/software filtering traffic by rules/ports; best practice — combine both forms.
  • NAT: hides internal IP addresses, supplements firewall security.
  • Internet Filter/Parental Control: blocks specified content, downloads, or sites.
  • Spam Filter: scans incoming mail for suspicious patterns to block spam.
  • VPN, HTTPS, private/incognito mode enhance safe browsing.

Passwords & Authentication

  • Password: secret code authenticating account access; does NOT verify user identity.
  • Good hygiene: unique, strong (letters+numbers+symbols), changed regularly, never shared.
  • Biometrics used to verify user identity beyond the password.

Diagnosing Compromises

  • Infection clues: sudden pop-ups, redirected searches, spam sent from your address.
  • Hack indicators: fake AV alerts, new toolbars, unauthorized social-media posts.
  • Steps: reboot in safe mode, run updated antivirus/anti-malware.

Physical Threats to Hardware

  • Major causes: drops, liquid spills, power surges, excessive heat/humidity, strong magnetic fields.
  • Use surge protectors; ensure adequate cooling and safe handling.