Internet Fundamentals/Security
Appearance
This lesson introduces Internet security, including browser and browsing security, personally identifiable information, and related ethical and legal issues.
Objectives and Skills
[edit | edit source]Objectives and skills for this lesson include:[1][2]
- Identify security issues related to Internet clients (e.g., Web browsers, e-mail, instant messaging) in the workplace, including certificates, malware, illicit servers, viruses.
- Identify and use principles of Personal Information Management (PIM), including common applications.
- Identify security-related ethical and legal issues faced by IT professionals.
Readings
[edit | edit source]- Wikipedia: Internet security
- Wikipedia: Personally identifiable information
- Wikibooks: Ethics for IT Professionals/Professional Code of Ethics
Multimedia
[edit | edit source]- YouTube: The Internet: Encryption & Public Keys
- YouTube: Symmetric Key and Public Key Encryption
- YouTube: The Internet: Cybersecurity & Crime
- YouTube: Cybersecurity 101
Student Presentations
[edit | edit source]Activities
[edit | edit source]- Complete the following tutorials:
- Practice web browser safety.
- Review browser options:
- Chrome: Google: Choose Your Privacy Settings.
- Firefox: Mozilla: Privacy and Security Settings.
- Internet Explorer: Microsoft: Change Security and Privacy Settings for Internet Explorer.
- Opera: Opera: Guide to security and privacy
- Safari: Apple: Manage Cookies and Other Website Data.
- Check your browser's version to ensure the browser is up to date.
- Check add-ons to ensure they are up to date.
- Disable unneeded add-ons.
- Clear the browser cache. Identify how to clear browser history and cookies.
- Check autoform settings and remove any personal information you do not want saved.
- Visit a secure website, such as https://en.wikiversity.org and view certificate information for that website.
- Use private / incognito browsing to visit a website that normally remembers you. Notice how you are unknown to the website when using private browsing.
- Review browser options:
- Use anti-malware software to scan your system and test malware detection.
- All: Review Wikipedia: Comparison of antivirus software. Download a free, well-known anti-malware application and scan your system.
- All: Review Wikipedia: EICAR test file. Download and save the EICAR test file to test your anti-malware application and follow the process for removing malware.
- Research password managers and multi-factor authentication. Consider setting up a password manager and using multi-factor authentication on your Apple, Facebook, Google, and/or Microsoft accounts, as well as your password manager and your financial institutions.
- Test your firewall using a testing service such as Gibson Research: ShieldsUP!
Lesson Summary
[edit | edit source]- Internet security is a branch of computer security specifically related to the Internet, often involving browser security but also network security on a more general level, as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet.[3]
- The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing, online viruses, trojans, worms, and more.[4]
- A computer user can be tricked or forced into downloading software onto a computer that is of malicious intent. Such software comes in many forms, such as viruses, Trojan horses, spyware, and worms.[5]
- Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency. The term badware is sometimes used, and applied to both true (malicious) malware and unintentionally harmful software.[6]
- A botnet is a network of zombie computers that have been taken over by a robot or bot that performs large-scale malicious acts for the creator of the botnet.[7]
- Computer Viruses are programs that can replicate their structures or effects by infecting other files or structures on a computer. The common use of a virus is to take over a computer to steal data.[8]
- Computer worms are programs that can replicate themselves throughout a computer network, performing malicious tasks throughout.[9]
- Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.[10]
- Scareware is scam software with malicious payloads, usually of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user.[11]
- Spyware refers to programs that surreptitiously monitor activity on a computer system and report that information to others without the user's consent.[12]
- A Trojan horse, commonly known as a Trojan, is a general term for malicious software that pretends to be harmless, so that a user willingly allows it to be downloaded onto the computer.[13]
- KeyLogger, Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard.[14]
- A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.[15]
- Phishing occurs when the attacker pretends to be a trustworthy entity, either via email or web page.[16]
- TCP/IP protocols may be secured with cryptographic methods and security protocols. These protocols include Secure Sockets Layer (SSL), succeeded by Transport Layer Security (TLS) for web traffic, Pretty Good Privacy (PGP) for email, and IPsec for the network layer security.[17]
- Multi-factor authentication (MFA) is a method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).[18]
- A computer firewall controls access between networks and generally consists of gateways and filters which vary from one firewall to another. Firewalls also screen network traffic and are able to block traffic that is dangerous.[19]
- Antivirus software and Internet security programs can protect a programmable device from attack by detecting and eliminating viruses.[20]
- A password manager is a software application that helps a user store and organize passwords.[21]
- Personally identifiable information (PII), or sensitive personal information (SPI), is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.[22]
- Ethical codes are adopted by organizations to assist members in understanding the difference between 'right' and 'wrong' and in applying that understanding to their decisions.[23]
- An ethical code generally implies documents at three levels: codes of business ethics, codes of conduct for employees, and codes of professional practice.[24]
Key Terms
[edit | edit source]- antivirus software
- Computer software used to prevent, detect, and remove malicious software.[25]
- asymmetric encryption
- A cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner.[26]
- authentication
- The act of confirming identity.[27]
- decryption
- The process of converting unintelligible ciphertext back to plaintext.[28]
- digital certificate
- An electronic document used to prove the ownership of a public key.[29]
- digital signature
- A mathematical scheme for demonstrating the authenticity of digital messages or documents.[30]
- encryption
- The process of converting plaintext into unintelligible ciphertext.[31]
- hash function
- Any function that allows one to easily verify that some input data maps to a given hash value, but if the input data is unknown, it is deliberately difficult to reconstruct it by knowing the stored hash value.[32]
- IPsec
- A network protocol suite that authenticates and encrypts the packets of data sent over a network.[33]
- malware (malicious software)
- Hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.[34]
- patch
- Software designed to update a computer program.[35]
- personally identifiable information (PII)
- Information that can be used to identify an individual in context.[36]
- phishing
- The attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.[37]
- ransomware
- Malware that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.[38]
- right to be forgotten
- The right of an individual to have certain information deleted so that others can no longer trace them.[39]
- spyware
- Software that aims to gather information about a person or organization without their knowledge.[40]
- SSL/TLS
- Cryptographic protocols that provide communications security over a computer network.[41]
- symmetric encryption
- Algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext.[42]
- Trojan
- Any malicious computer program which misleads users of its true intent.[43]
- virus
- Malware that, when executed, replicates itself by modifying other computer programs and inserting its own code.[44]
- worm
- Standalone malware that replicates itself in order to spread to other computers.[45]
Assessments
[edit | edit source]- Flashcards: Quizlet: CIW IBA Lesson 8
- Flashcards: Quizlet: CIW IBA Lesson 8 Vocabulary
- Quiz: Quizlet: CIW IBA Lesson 8
- Quiz: Quizlet: CIW IBA Lesson 8 Vocabulary
See Also
[edit | edit source]- IT Fundamentals/Security
- Wikibooks: Introduction to Computer Information Systems/Security
- StaySafeOnline: Online Safety Basics
- US-CERT: Avoiding Social Engineering and Phishing Attacks
- CISA: Cyber Games
References
[edit | edit source]- ↑ CIW: Internet Business Associate Exam Objectives
- ↑ CIW: Internet Business Associate Course Description
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Internet security
- ↑ Wikipedia: Personally identifiable information
- ↑ Wikipedia: Ethical code
- ↑ Wikipedia: Ethical code
- ↑ Wikipedia: Antivirus software
- ↑ Wikipedia: Asymmetric encryption
- ↑ Wikipedia: Authentication
- ↑ Wikipedia: Cryptography
- ↑ Wikipedia: Digital certificate
- ↑ Wikipedia: Digital signature
- ↑ Wikipedia: Cryptography
- ↑ Wikipedia: Hash function
- ↑ Wikipedia: IPsec
- ↑ Wikipedia: Malware
- ↑ Wikipedia: Patch (computing)
- ↑ Wikipedia: Personally identifiable information
- ↑ Wikipedia: Phishing
- ↑ Wikipedia: Ransomware
- ↑ Wikipedia: Right to be forgotten
- ↑ Wikipedia: Spyware
- ↑ Wikipedia: Transport Layer Security
- ↑ Wikipedia: Symmetric encryption
- ↑ Wikipedia: Trojan horse (computing)
- ↑ Wikipedia: Computer virus
- ↑ Wikipedia: Computer worm