pace it - common security threats

Common security threats.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certification

PC Hardware

Network Administration

IT Project Management

Network Design

User Training

IT Troubleshooting

Qualifications Summary

Education

M.B.A., IT Management, Western Governor’s University

B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions.

Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.


– Directed security threats.

– Opportunity security threats.

PACE-IT.


Attacks don’t always fall into a neatly confined security category.

Many attacks combine the different categories to increase their effectiveness. User education is the best method of mitigating these common security threats.

PACE-IT.

Directed security threats.Common security threats.

Directed security threats.

– Shoulder surfing.» Someone looking over the shoulder in an attempt

to get access to information they are not supposed to have.

» The user doesn’t need to be present for shoulder surfing to occur.

– Social engineering.» Someone using social pressure to get the user to

divulge information or secrets.» Can occur in person, over the phone, through

email, by fake memos, and through other means.



– Phishing.» A type of social engineering.» Attempting to get the end user to divulge

sensitive information (as in usernames and passwords) by masquerading as a trusted entity. Communication is usually through email or some other electronic media.

– Pharming.» Closely related to phishing, but can be more

passive in nature.» Pharming specifically uses a webpage or site to

glean sensitive information.» The website or page tricks the user into thinking

they are at a trusted site, often through the use of redirection.


Opportunity security threats.Common security threats.

Opportunity security threats.

– Malware» Malicious software used with the intent of causing

harm; however, malware can also be used to describe legitimate code that is written poorly.

» Broad category that contains all code based security threats.

» Is often hidden in legitimate code.

– Rootkits.» Stealth software that takes over the root

(administrative) account.» Attempts to hide its presence from the end user

and antivirus through its authority level.» Rootkits can be extremely difficult to remove

because of their level of access to the system.



Spyware is software that installs itself with the intent of collecting a user’s data or information on habits, without the user’s consent.

Spyware is often configured to collect the information and then periodically transmit it to a remote site. A key logger is a form of spyware that collects all of the user’s keystrokes during the collection period.



– Virus.» Malware that attaches itself to a host file.» When the host file is run so is the executable file

of the virus.

– Types of viruses.» Program or application: attaches to a program

or application; when the host file is opened, the virus runs.

» Boot sector: attaches to the boot sector of the PC; when the PC is booted, the virus loads (think rootkit).

» Polymorphic: attempts to hide its presence by changing its signature.

» Stealth: uses various methods to hide its presence.

» Multipartite: combines several components into one package. None of the components on their own are effective.



– Worm» Malware that doesn’t need a host file.» Exploits network resources and services to

propagate and move.» Self replicating.» Consumes network resources, often resulting in a

downed network.

– Trojan» Malware that hides its purpose by disguising itself

as something that the end user desires.» Used to get the end user to download a virus

package.» This is often the method that is used to establish

botnets or zombie nodes.


What was covered.Common security threats.

Shoulder surfing requires the attacker to be nearby. Social engineering is using social pressure to exploit a user and gain knowledge. Phishing and pharming are similar. Phishing uses electronic media to get the user to voluntarily divulge information. Pharming uses a website or page.

Topic


Summary

Malware encompasses any code-based security threat. Rootkits gain access to the root level. Spyware records a user’s information and habits. Viruses require a host file, worms require network access, and a Trojan is not what it seams.


THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.

PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.

pace it - common security threats

Education

common security threats

directed security threats

opportunity security

page tricks

confined security category

user education

end user

user doesnt