DOCSLIB.ORG

Data Security & Risk Management

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Data Security & Risk Management _ Data Security & Risk Management________ ​ How to Get & Avoid Viruses/Malware 1. Non­Comprehensive Anti­Virus Protection _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ 1. Weak/Outdated (non­patched) programs ​ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ 2. Weak or Repeated Passwords ​ _________________________________________________________________________________________________ _________________________________________________________________________________________________ 3. Social Engineering ​ __________________________________________________________________________________________ __________________________________________________________________________________________ _________________________________________________________________________________________________ 4. Phishing Techniques ​ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ Encryption Process of encoding messages (or information) in such a way that only authorized parties can read it _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ Network Security _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ Educating Yourself/Every Member of Your Team _________________________________________________________________________________________________ _________________________________________________________________________________________________ E­Mail Security Tips _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ To Download this or any of Craig’s Courses go to www.RETI.ws/students ​ _ Data Security & Risk Management________ ​ Internet Security Tips _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ Computer Security Tips _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ Cloud Solution Tips Security Tips _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ Personal Security Tips _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ State Laws Online Display _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ NAR & Local IDX Policies _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ NAR Short Messaging Exception Rule _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ Can­spam Act of 2003 _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ Junk Fax Prevention Act _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ To Download this or any of Craig’s Courses go to www.RETI.ws/students ​ _ Data Security & Risk Management________ ​ Electronic Signatures ­ Uniform Electronic Transaction Act _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ NAR Code of Ethics Article 9 _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________ NAR Code of Ethics Article 14 _________________________________________________________________________________________________ _________________________________________________________________________________________________ _________________________________________________________________________________________________
Load more

Recommended publications
  • Symantec Report on Rogue Security Software July 08 – June 09
    REPORT: SYMANTEC ENTERPRISE SECURITY SYMANTEC REPORT: Symantec Report on Rogue Security Software July 08 – June 09 Published October 2009 Confidence in a connected world. White Paper: Symantec Enterprise Security Symantec Report on Rogue Security Software July 08 – June 09 Contents Introduction . 1 Overview of Rogue Security Software. 2 Risks . 4 Advertising methods . 7 Installation techniques . 9 Legal actions and noteworthy scam convictions . 14 Prevalence of Rogue Security Software . 17 Top reported rogue security software. 17 Additional noteworthy rogue security software samples . 25 Top rogue security software by region . 28 Top rogue security software installation methods . 29 Top rogue security software advertising methods . 30 Analysis of Rogue Security Software Distribution . 32 Analysis of Rogue Security Software Servers . 36 Appendix A: Protection and Mitigation. 45 Appendix B: Methodologies. 48 Credits . 50 Symantec Report on Rogue Security Software July 08 – June 09 Introduction The Symantec Report on Rogue Security Software is an in-depth analysis of rogue security software programs. This includes an overview of how these programs work and how they affect users, including their risk implications, various distribution methods, and innovative attack vectors. It includes a brief discussion of some of the more noteworthy scams, as well as an analysis of the prevalence of rogue security software globally. It also includes a discussion on a number of servers that Symantec observed hosting these misleading applications. Except where otherwise noted, the period of observation for this report was from July 1, 2008, to June 30, 2009. Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec™ Global Intelligence Network.
    [Show full text]
  • Watch out for Fake Virus Alerts
    State of West Virginia Cyber Security Tip ALERT West Virginia Office of Information Security and Controls – Jim Richards, WV Chief Information Security Officer WATCH OUT FOR FAKE VIRUS ALERTS Rogue security software, also known as "scareware," is software that appears to be beneficial from a security perspective (i.e. free virus scan) but provides limited or no security, generates erroneous or misleading alerts, or attempts to lure users into participating in fraudulent transactions. How does rogue security software get on my computer? Rogue security software designers create legitimate looking pop-up windows that advertise security update software. These windows might appear on your screen while you surf the web. The "updates" or "alerts" in the pop-up windows call for you to take some sort of action, such as clicking to install the software, accept recommended updates, or remove unwanted viruses or spyware. When you click, the rogue security software downloads to your computer. Rogue security software might also appear in the list of search results when you are searching for trustworthy antispyware software, so it is important to protect your computer. What does rogue security software do? Rogue security software might report a virus, even though your computer is actually clean. The software might also fail to report viruses when your computer is infected. Inversely, sometimes, when you download rogue security software, it will install a virus or other malicious software on your computer so that the software has something to detect. Some rogue security software might also: Lure you into a fraudulent transaction (for example, upgrading to a non-existent paid version of a program).
    [Show full text]
  • Bibliography
    Bibliography [1] M Aamir Ali, B Arief, M Emms, A van Moorsel, “Does the Online Card Payment Landscape Unwittingly Facilitate Fraud?” IEEE Security & Pri- vacy Magazine (2017) [2] M Abadi, RM Needham, “Prudent Engineering Practice for Cryptographic Protocols”, IEEE Transactions on Software Engineering v 22 no 1 (Jan 96) pp 6–15; also as DEC SRC Research Report no 125 (June 1 1994) [3] A Abbasi, HC Chen, “Visualizing Authorship for Identification”, in ISI 2006, LNCS 3975 pp 60–71 [4] H Abelson, RJ Anderson, SM Bellovin, J Benaloh, M Blaze, W Diffie, J Gilmore, PG Neumann, RL Rivest, JI Schiller, B Schneier, “The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption”, in World Wide Web Journal v 2 no 3 (Summer 1997) pp 241–257 [5] H Abelson, RJ Anderson, SM Bellovin, J Benaloh, M Blaze, W Diffie, J Gilmore, M Green, PG Neumann, RL Rivest, JI Schiller, B Schneier, M Specter, D Weizmann, “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications”, MIT CSAIL Tech Report 2015-026 (July 6, 2015); abridged version in Communications of the ACM v 58 no 10 (Oct 2015) [6] M Abrahms, “What Terrorists Really Want”,International Security v 32 no 4 (2008) pp 78–105 [7] M Abrahms, J Weiss, “Malicious Control System Cyber Security Attack Case Study – Maroochy Water Services, Australia”, ACSAC 2008 [8] A Abulafia, S Brown, S Abramovich-Bar, “A Fraudulent Case Involving Novel Ink Eradication Methods”, in Journal of Forensic Sciences v41(1996) pp 300-302 [9] DG Abraham, GM Dolan, GP Double, JV Stevens,
    [Show full text]
  • Bots and Botnets: Risks, Issues and Prevention
    EMEA MSSD The Journey, So Far: Trends, Graphs and Statistics Martin Overton, IBM UK 20th September 2007 | Author: Martin Overton © 2007 IBM Corporation EMEA MSSD Agenda . The ‘First’ IBM PC Virus . Statistics, 80’s . Statistics, 90’s . Statistics, 00’s . Malware Myth-busting . Putting it all Together . Conclusions . Questions The Journey, So Far: Trends, Graphs and Statistics | Martin Overton © 2007 IBM Corporation EMEA MSSD Disclaimer . Products or services mentioned in this presentation are included for information only. Products and/or services listed, mentioned or referenced in any way do not constitute any form of recommendation or endorsement by IBM or the presenter. All trademarks and copyrights are acknowledged. The Journey, So Far: Trends, Graphs and Statistics | Martin Overton © 2007 IBM Corporation EMEA MSSD Brain . The very first malware written for the IBM PC [and clones] used ‘stealth’ to hide its presence[1]: . Here is a short extract from the description of Brain from F-Secure explaining how the stealth function it used works: . “The Brain virus tries to hide from detection by hooking into INT 13. When an attempt is made to read an infected boot sector, Brain will just show you the original boot sector instead. This means that if you look at the boot sector using DEBUG or any similar program, everything will look normal, if the virus is active in memory. This means the virus is the first "stealth" virus as well.” [1] Source : http://www.research.ibm.com/antivirus/timeline.htm [2] More data can be found here : http://www.f-secure.com/v-descs/brain.shtml
    [Show full text]
  • Bibliography
    Bibliography [1] M Aamir Ali, B Arief, M Emms, A van Moorsel, “Does the Online Card Payment Landscape Unwittingly Facilitate Fraud?” IEEE Security & Pri- vacy Magazine (2017) [2] M Abadi, RM Needham, “Prudent Engineering Practice for Cryptographic Protocols”, IEEE Transactions on Software Engineering v 22 no 1 (Jan 96) pp 6–15; also as DEC SRC Research Report no 125 (June 1 1994) [3] A Abbasi, HC Chen, “Visualizing Authorship for Identification”, in ISI 2006, LNCS 3975 pp 60–71 [4] H Abelson, RJ Anderson, SM Bellovin, J Benaloh, M Blaze, W Diffie, J Gilmore, PG Neumann, RL Rivest, JI Schiller, B Schneier, “The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption”, in World Wide Web Journal v 2 no 3 (Summer 1997) pp 241–257 [5] H Abelson, RJ Anderson, SM Bellovin, J Benaloh, M Blaze, W Diffie, J Gilmore, M Green, PG Neumann, RL Rivest, JI Schiller, B Schneier, M Specter, D Weizmann, “Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications”, MIT CSAIL Tech Report 2015-026 (July 6, 2015); abridged version in Communications of the ACM v 58 no 10 (Oct 2015) [6] M Abrahms, “What Terrorists Really Want”,International Security v 32 no 4 (2008) pp 78–105 [7] M Abrahms, J Weiss, “Malicious Control System Cyber Security Attack Case Study – Maroochy Water Services, Australia”, ACSAC 2008 [8] A Abulafia, S Brown, S Abramovich-Bar, “A Fraudulent Case Involving Novel Ink Eradication Methods”, in Journal of Forensic Sciences v41(1996) pp 300-302 [9] DG Abraham, GM Dolan, GP Double, JV Stevens,
    [Show full text]
  • Gone Rogue: an Analysis of Rogue Security Software Campaigns (Invited Paper)
    Gone Rogue: An Analysis of Rogue Security Software Campaigns (Invited Paper) Marco Cova∗, Corrado Leitay, Olivier Thonnardz, Angelos Keromytisy and Marc Daciery ∗University of California, Santa Barbara, [email protected] ySymantec Research Labs, fCorrado Leita,Angelos Keromytis,Marc [email protected] zRoyal Military Academy, Belgium, [email protected] Abstract technique consists of attracting victims on malicious web sites that exploit vulnerabilities in the client In the past few years, Internet miscreants have software (typically, the browser or one of its plugins) developed a number of techniques to defraud and to download and install the rogue programs without make a hefty profit out of their unsuspecting victims. any user intervention. A troubling, recent example of this trend is cyber- Rogue AV programs are distributed by cyber- criminals distributing rogue security software, that is criminals to generate a financial profit. In fact, after malicious programs that, by pretending to be legitimate the initial infection, victims are typically tricked into security tools (e.g., anti-virus or anti-spyware), deceive paying for additional tools or services (e.g., to upgrade users into paying a substantial amount of money in to the full version of the program or to subscribe to an exchange for little or no protection. update mechanism), which are most often fictitious or While the technical and economical aspects of rogue completely ineffective. The cost of these scams range security software (e.g., its distribution and monetiza- from $30–$100. tion mechanisms) are relatively well-understood, much Despite its reliance on traditional and relatively less is known about the campaigns through which this unsophisticated techniques, rogue AV has emerged as type of malware is distributed, that is what are the un- a major security threat, in terms of the size of the derlying techniques and coordinated efforts employed affected population (Symantec’s sensors alone reported by cyber-criminals to spread their malware.
    [Show full text]
  • 13 Templates-Generics.Pdf
    CS 242 2012 Generic programming in OO Languages Reading Text: Sections 9.4.1 and 9.4.3 J Koskinen, Metaprogramming in C++, Sections 2 – 5 Gilad Bracha, Generics in the Java Programming Language Questions • If subtyping and inheritance are so great, why do we need type parameterization in object- oriented languages? • The great polymorphism debate – Subtype polymorphism • Apply f(Object x) to any y : C <: Object – Parametric polymorphism • Apply generic <T> f(T x) to any y : C Do these serve similar or different purposes? Outline • C++ Templates – Polymorphism vs Overloading – C++ Template specialization – Example: Standard Template Library (STL) – C++ Template metaprogramming • Java Generics – Subtyping versus generics – Static type checking for generics – Implementation of Java generics Polymorphism vs Overloading • Parametric polymorphism – Single algorithm may be given many types – Type variable may be replaced by any type – f :: tt => f :: IntInt, f :: BoolBool, ... • Overloading – A single symbol may refer to more than one algorithm – Each algorithm may have different type – Choice of algorithm determined by type context – Types of symbol may be arbitrarily different – + has types int*intint, real*realreal, ... Polymorphism: Haskell vs C++ • Haskell polymorphic function – Declarations (generally) require no type information – Type inference uses type variables – Type inference substitutes for variables as needed to instantiate polymorphic code • C++ function template – Programmer declares argument, result types of fctns – Programmers
    [Show full text]
  • Prof.Islam-Social Engineering
    Project Title: Distributed and Cloud-based Network Defense System for NRENs (DCNDS) Series 2 Workshop (20-21 November, 2019) Botnet Mitigation Best Practices and System Evaluation Workshop Social Engineering and Botnet Proliferation by Md. Saiful Islam Institute of Information and Communication Technology Bangladesh University of Engineering and Technology 2 Outline • Security & human factor in security • Social Engineering (SE) • Threat actors using social engineering • Characteristics of social engineer • Basic tendencies of human nature • SE categories & SE cycle • SE attack vectors: tailgating, impersonating, phishing etc. • Attack tools of an social engineer • Why do cybercriminals use botnet attacks? • Botnet defense- best practices 3 Security? • Security can be defined as - “The state of being free from danger or threat” . Security is all about knowing who and what to trust. It is important to know when and when not to take a person at their word and when the person you are communicating with & what they say who they are. 4 Security’s weakest link ? A company may have purchased – - The best security technologies that money can buy, - Trained their people so well that they lock up all their secrets before going home at night, and - Hired building guards from the best security firm in the business. That company is still totally vulnerable. 5 Security’s weakest link ? An Individuals may follow: - Every best-security practice recommended by the experts, - Slavishly install every recommended security products, - Be thoroughly vigilant about proper system configuration and - Apply various security patches regularly. Those individuals are still completely vulnerable . 6 Human Factor: Security’s weakest link • Anyone who thinks that security products alone offer true security is settling for the illusion of security.
    [Show full text]
  • Characteristics of a Computer Virus
    We Are The Devils Of Your Computer System A Computer Virus is a program that may disturb the normal working of a computer. CHARACTERISTICS OF A COMPUTER VIRUS: ● the ability to replicate itself. ● the ability to attach itself to another computer file. For fun Release anger Take revenge For fame Antivirus market Disrupt enemy’s information and network The term "computer virus" is often used incorrectly as a catch-all phrase to include all types of Malware such as Computer Worms, Spyware, Adware, and Root kits - all of which are slightly different than Computer Viruses. What is Malware? ● Malware is a general name for all programs that are harmful: ● Virus ● Trojan Horse ● Spyware ● Adware ● Rootkits VIRUS: A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. With an ability to replicate itself, thus continuing to spread. Also, known as Malicious Software, a program that can cause damage to a computer. •Boot sector virus •Master Boot Record (MBR) virus •File infector virus •Multipartite virus •Macro virus BOOT SECTOR VIRUS: Boot sector viruses generally hide in the boot sector, either in the bootable disk or the hard drive. It attaches itself to the primary active partition of the hard disk that is read by the computer upon boot up. MASTER BOOT RECORD VIRUS: MBR viruses are memory-resident viruses that infect disks in the same manner as boot sector viruses. However it, infects the MBR of the system, gets activated when the BIOS activates the Master boot code. MBR infectors normally save a legitimate copy of the master boot record in an different location.
    [Show full text]
  • Typedevil: Dynamic Type Inconsistency Analysis for Javascript
    TypeDevil: Dynamic Type Inconsistency Analysis for JavaScript Michael Pradel∗x, Parker Schuh∗, and Koushik Sen∗ ∗EECS Department, University of California, Berkeley xDepartment of Computer Science, TU Darmstadt Abstract—Dynamic languages, such as JavaScript, give pro- of type number with undefined, which is benign when grammers the freedom to ignore types, and enable them to write running the program in its default configuration but causes concise code in short time. Despite this freedom, many programs a crash with a slightly different configuration. Finding these follow implicit type rules, for example, that a function has a particular signature or that a property has a particular type. problems is difficult because they do not always lead to obvi- Violations of such implicit type rules often correlate with prob- ous signs of misbehavior when executing the programs. How lems in the program. This paper presents TypeDevil, a mostly can developers detect such problems despite the permissive dynamic analysis that warns developers about inconsistent types. nature of JavaScript? The key idea is to assign a set of observed types to each variable, All three examples in Figure 1 share the property that property, and function, to merge types based in their structure, and to warn developers about variables, properties, and functions a variable, property or function has multiple, inconsistent that have inconsistent types. To deal with the pervasiveness of types. In Figure 1a, variable dnaOutputStr holds both the polymorphic behavior in real-world JavaScript programs, we undefined value and string values. In Figure 1b, function present a set of techniques to remove spurious warnings and leftPad sometimes returns an object and sometimes returns to merge related warnings.
    [Show full text]
  • T-AIMD-99-146 Information Security: the Melissa Computer Virus
    United States General Accounting Office Testimony GAO Before the Subcommittee on Technology, Committee on Science, House of Representatives For Release on Delivery Expected at 10 a.m. INFORMATION SECURITY Thursday, April 15, 1999 The Melissa Computer Virus Demonstrates Urgent Need for Stronger Protection Over Systems and Sensitive Data Statement of Keith A. Rhodes Technical Director for Computers and Telecommunications Accounting and Information Management Division GAO/T-AIMD-99-146 Madam Chairwoman and Members of the Subcommittee: Thank you for inviting me to participate in todays hearing on the Melissa computer virus. Although it did disrupt the operations of thousands of companies and some government agencies, this virus did not reportedly permanently damage systems and did not compromise sensitive government data. Nevertheless, it has shown us just how quickly computer viruses can spread and just how vulnerable federal information systems are to computer attacks. Moreover, Melissa has clearly highlighted the urgent and serious need for stronger agency and governmentwide protection over sensitive data. Today, I will discuss the immediate effects of the Melissa virus and variations of it as well as its broader implications. I will also discuss some critical measures that should be taken to help ensure that federal departments and agencies are better prepared for future viruses and other forms of attack. Melissa is a macro virus that can affect users of Microsofts Word 1 97 or The Melissa Virus and Word 2000. Macro viruses are computer viruses that use an applications Its Immediate Impact own macro programming language2 to reproduce themselves. Macro viruses can inflict damage to the document or to other computer software.
    [Show full text]
  • What Are Kernel-Mode Rootkits?
    www.it-ebooks.info Hacking Exposed™ Malware & Rootkits Reviews “Accessible but not dumbed-down, this latest addition to the Hacking Exposed series is a stellar example of why this series remains one of the best-selling security franchises out there. System administrators and Average Joe computer users alike need to come to grips with the sophistication and stealth of modern malware, and this book calmly and clearly explains the threat.” —Brian Krebs, Reporter for The Washington Post and author of the Security Fix Blog “A harrowing guide to where the bad guys hide, and how you can find them.” —Dan Kaminsky, Director of Penetration Testing, IOActive, Inc. “The authors tackle malware, a deep and diverse issue in computer security, with common terms and relevant examples. Malware is a cold deadly tool in hacking; the authors address it openly, showing its capabilities with direct technical insight. The result is a good read that moves quickly, filling in the gaps even for the knowledgeable reader.” —Christopher Jordan, VP, Threat Intelligence, McAfee; Principal Investigator to DHS Botnet Research “Remember the end-of-semester review sessions where the instructor would go over everything from the whole term in just enough detail so you would understand all the key points, but also leave you with enough references to dig deeper where you wanted? Hacking Exposed Malware & Rootkits resembles this! A top-notch reference for novices and security professionals alike, this book provides just enough detail to explain the topics being presented, but not too much to dissuade those new to security.” —LTC Ron Dodge, U.S.
    [Show full text]