Cyber Security

What is Cybercrime?

Cybercrime is the use of computers and networks to perform illegal activities such as spreading computer viruses, online bullying, performing unauthorized electronic fund transfers, etc.

Most cybercrimes are committed through the internet.

Some cybercrimes can also be carried out using Mobile phones via SMS and online chatting applications.

Type of Cybercrime

The following list presents the common types of cybercrimes:

1.     COMPUTER FRAUD:Intentional deception for personal gain via the use of computer systems.

2.     PRIVACY VIOLATION:Exposing personal information such as email addresses, phone number, and account details, etc. on social media, websites, etc.

3.     IDENTITY THEFT:Stealing personal information from somebody and impersonating that person.

4.     SHARING COPYRIGHTED FILES/INFORMATION:This involves distributing copyright protected files such as eBooks and computer programs etc.

5.     ELECTRONIC FUNDS TRANSFER:This involves gaining an un-authorized access to bank computer networks and making illegal fund transfers.

6.     ELECTRONIC MONEY LAUNDERING:This involves the use of the computer to launder money.

7.     ATM FRAUD:This involves intercepting ATM card details such as account number and PIN numbers. These details are then used to withdraw funds from the intercepted accounts.

8.     DENIAL OF SERVICE ATTACKS:This involves the use of computers in multiple locations to attack servers with a view of shutting them down.

9.       SPAM:Sending unauthorized emails. These emails usually contain advertisements.

 

What is Ethical Hacking?

Ethical Hacking is identifying weakness in computer systems and/or computer networks and coming with countermeasures that protect the weaknesses.

 Ethical hackers must abide by the following rules.

Get written permission from the owner of the computer system and/or computer network before hacking.

Protect the privacy of the organization been hacked.

Transparently report all the identified weaknesses in the computer system to the organization.

Inform hardware and software vendors of the identified weaknesses.

 

Legality of Ethical Hacking

Ethical Hacking is legal if the hacker abides by the rules stipulated in the above section on the definition of ethical hacking.

Skills Required to Become aN Ethical Hacker

Skills allow you to achieve your desired goals within the available time and resources.

As a hacker, you will need to develop skills that will help you get the job done.

These skills include learning how to program, use the internet, good at solving problems, and taking advantage of existing security tools.

What is a programming language?

A programming language is a language that is used to develop computer programs. The programs developed can range from operating systems; data based applications through to networking solutions. 

Why should you learn how to program?

Hackers are the problem solver and tool builders, learning how to program will help you implement solutions to problems. It also differentiates you from “Script Kiddies”.

Writing programs as a hacker will help you to automate many tasks which would usually take lots of time to complete.

Writing programs can also help you identify and exploit programming errors in applications that you will be targeting.

You don’t have to reinvent the wheel all the time, and there are a number of open source programs that are readily useable.

You can customize the already existing applications and add your methods to suit your needs.

OTHER SKILLS

In addition to programming skills, a good hacker should also have the following skills:

Know how to use the internet and search engines effectively to gather information.

Get a Linux-based operating system and the know the basics commands that every Linux user should know.

Practice makes perfect, a good hacker should be hard working and positively contribute to the hacker community.

He/she can contribute by developing open source programs, answering questions in hacking forums, etc.

SUMMARY

·        Hacking is identifying and exploiting weaknesses in computer systems and/or computer networks.

·        Cybercrime is committing a crime with the aid of computers and information technology infrastructure.

·        Ethical Hacking is about improving the security of computer systems and/or computer networks.

·        Ethical Hacking is legal

The common computer system threats and how you can protect systems against them.

·        Topics covered in this lesson

·        What is a Security Threat?

·        What are Physical Threats?

·        What are Non-physical Threats?

A computer system threat is anything that leads to loss or corruption of data or physical damage to the hardware and/or infrastructure.

Knowing how to identify computer security threats is the first step in protecting computer systems.

The threats could be intentional, accidental or caused by natural disasters.

What is a Security Threat?

Security Threat is defined as a risk that which can potentially harm computer systems and organization.

The cause could be physical such as someone stealing a computer that contains vital data.

The cause could also be non-physical such as a virus attack.

In this class, we will define a threat as a potential attack from a hacker that can allow them to gain unauthorized access to a computer system.

What are Physical Threats?

A physical threat is a potential cause of an incident that may result in loss or physical damage to the computer systems.

The following list classifies the physical threats into three (3) main categories;

Internal: The threats include fire, unstable power supply, humidity in the rooms housing the hardware, etc.

External: These threats include Lightning, floods, earthquakes, etc.

HUMAN:These threats include theft, vandalism of the infrastructure and/or hardware, disruption, accidental or intentional errors.

To protect computer systems from the above mentioned physical threats, an individual must have physical security control measures.

The following list shows some of the possible measures that can be taken:

Internal: Fire threats could be prevented by the use of automatic fire detectors and extinguishers that do not use water to put out a fire. The unstable power supply can be prevented by the use of voltage controllers. An air conditioner can be used to control the humidity in the computer room.

External: Lightning protection systems can be used to protect computer systems against such attacks. Lightning protection systems are not 100% perfect, but to a certain extent, they reduce the chances of Lightning causing damage. Housing computer systems in high lands are one of the possible ways of protecting systems against floods.

Humans: Threats such as theft can be prevented by use of locked doors and restricted access to computer rooms.

What are Non-physical threats?

A non-physical threat is a potential cause of an incident that may result in loss or corruption of system data.

Disrupt business operations that rely on computer systems.

Loss of sensitive information

Illegal monitoring of activities on computer systems.

The non-physical threats are also known as logical threats. The following list is the common types of non-physical threats:

·        Virus

·        Trojans

·        Worms

·        Spyware

·        Key loggers

·        Adware

·        Denial of Service Attacks

·        Distributed Denial of Service Attacks

·        Unauthorized access to computer systems resources such as data

·        Phishing

 

OTHER COMPUTER SECURITY RISKS

To protect computer systems from the above-mentioned threats, an individual must have logical security measures in place.

The following list shows some of the possible measures that can be taken to protect cyber security threats

·        To protect against viruses, Trojans, worms, etc. an individual can use anti-virus software. In additional to the anti-virus software, an organization/individual can also have control measures on the usage of external storage devices and visiting the website that is most likely to download unauthorized programs onto the user’s computer.

·        Unauthorized access to computer system resources can be prevented by the use of authentication methods. The authentication methods can be, in the form of user ids and strong passwords, smart cards or biometric, etc.

·        Intrusion-detection/prevention systems can be used to protect against denial of service attacks.There are other measures too that can be put in place to avoid denial of service attacks.