Pace IT - Common Security Threats
Download as PPTX, PDF0 likes387 views
The document outlines common security threats including shoulder surfing, social engineering, phishing, pharming, malware, rootkits, spyware, and various types of viruses and worms. It emphasizes the importance of user education in mitigating these threats and provides a brief overview of the qualifications of the instructor and the pace-it program at Edmonds Community College. The document is funded by a grant from the U.S. Department of Labor and includes information on equal opportunity employment and accommodations for individuals with disabilities.
Pace IT - Common Security Threats
- 2. Page 2 Instructor, PACE-IT Program – Edmonds Community College Areas of Expertise Industry Certification PC Hardware Network Administration IT Project Management Network Design User Training IT Troubleshooting Qualifications Summary Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
- 3. Page 3 – Directed security threats. – Opportunity security threats. PACE-IT.
- 4. Page 4 Attacks don’t always fall into a neatly confined security category. Many attacks combine the different categories to increase their effectiveness. User education is the best method of mitigating these common security threats. PACE-IT.
- 5. Page 5 Common security threats.
- 6. Page 6 – Shoulder surfing. » Someone looking over the shoulder in an attempt to get access to information they are not supposed to have. » The user doesn’t need to be present for shoulder surfing to occur. – Social engineering. » Someone using social pressure to get the user to divulge information or secrets. » Can occur in person, over the phone, through email, by fake memos, and through other means. Common security threats.
- 7. Page 7 – Phishing. » A type of social engineering. » Attempting to get the end user to divulge sensitive information (as in usernames and passwords) by masquerading as a trusted entity. Communication is usually through email or some other electronic media. – Pharming. » Closely related to phishing, but can be more passive in nature. » Pharming specifically uses a webpage or site to glean sensitive information. » The website or page tricks the user into thinking they are at a trusted site, often through the use of redirection. Common security threats.
- 8. Page 8 Common security threats.
- 9. Page 9 – Malware » Malicious software used with the intent of causing harm; however, malware can also be used to describe legitimate code that is written poorly. » Broad category that contains all code based security threats. » Is often hidden in legitimate code. – Rootkits. » Stealth software that takes over the root (administrative) account. » Attempts to hide its presence from the end user and antivirus through its authority level. » Rootkits can be extremely difficult to remove because of their level of access to the system. Common security threats.
- 10. Page 10 Spyware is software that installs itself with the intent of collecting a user’s data or information on habits, without the user’s consent. Spyware is often configured to collect the information and then periodically transmit it to a remote site. A key logger is a form of spyware that collects all of the user’s keystrokes during the collection period. Common security threats.
- 11. Page 11 – Virus. » Malware that attaches itself to a host file. » When the host file is run so is the executable file of the virus. – Types of viruses. » Program or application: attaches to a program or application; when the host file is opened, the virus runs. » Boot sector: attaches to the boot sector of the PC; when the PC is booted, the virus loads (think rootkit). » Polymorphic: attempts to hide its presence by changing its signature. » Stealth: uses various methods to hide its presence. » Multipartite: combines several components into one package. None of the components on their own are effective. Common security threats.
- 12. Page 12 – Worm » Malware that doesn’t need a host file. » Exploits network resources and services to propagate and move. » Self replicating. » Consumes network resources, often resulting in a downed network. – Trojan » Malware that hides its purpose by disguising itself as something that the end user desires. » Used to get the end user to download a virus package. » This is often the method that is used to establish botnets or zombie nodes. Common security threats.
- 13. Page 13 Common security threats. Shoulder surfing requires the attacker to be nearby. Social engineering is using social pressure to exploit a user and gain knowledge. Phishing and pharming are similar. Phishing uses electronic media to get the user to voluntarily divulge information. Pharming uses a website or page. Topic Directed security threats. Summary Malware encompasses any code-based security threat. Rootkits gain access to the root level. Spyware records a user’s information and habits. Viruses require a host file, worms require network access, and a Trojan is not what it seams. Opportunity security threats.
- 15. This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.