Internet Fundamentals/Security

This lesson introduces Internet security, including browser and browsing security, personally identifiable information, and related ethical and legal issues.

Phish
Phish
Malware
Malware

Objectives and Skills

edit

Objectives and skills for this lesson include:[1][2]

  • Identify security issues related to Internet clients (e.g., Web browsers, e-mail, instant messaging) in the workplace, including certificates, malware, illicit servers, viruses.
  • Identify and use principles of Personal Information Management (PIM), including common applications.
  • Identify security-related ethical and legal issues faced by IT professionals.

Readings

edit
  1. Wikipedia: Internet security
  2. Wikipedia: Personally identifiable information
  3. Wikibooks: Ethics for IT Professionals/Professional Code of Ethics

Multimedia

edit
  1. YouTube: The Internet: Encryption & Public Keys
  2. YouTube: Symmetric Key and Public Key Encryption
  3. YouTube: The Internet: Cybersecurity & Crime
  4. YouTube: Cybersecurity 101

Student Presentations

edit
  1. YouTube: Browser Security
  2. YouTube: Security in Microsoft Edge

Activities

edit
  1. Complete the following tutorials:
  2. Practice web browser safety.
  3. Use anti-malware software to scan your system and test malware detection.
  4. Research password managers and multi-factor authentication. Consider setting up a password manager and using multi-factor authentication on your Apple, Facebook, Google, and/or Microsoft accounts, as well as your password manager and your financial institutions.
  5. Test your firewall using a testing service such as Gibson Research: ShieldsUP!

Lesson Summary

edit
  • Internet security is a branch of computer security specifically related to the Internet, often involving browser security but also network security on a more general level, as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet.[3]
  • The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing, online viruses, trojans, worms, and more.[4]
  • A computer user can be tricked or forced into downloading software onto a computer that is of malicious intent. Such software comes in many forms, such as viruses, Trojan horses, spyware, and worms.[5]
  • Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency. The term badware is sometimes used, and applied to both true (malicious) malware and unintentionally harmful software.[6]
  • A botnet is a network of zombie computers that have been taken over by a robot or bot that performs large-scale malicious acts for the creator of the botnet.[7]
  • Computer Viruses are programs that can replicate their structures or effects by infecting other files or structures on a computer. The common use of a virus is to take over a computer to steal data.[8]
  • Computer worms are programs that can replicate themselves throughout a computer network, performing malicious tasks throughout.[9]
  • Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.[10]
  • Scareware is scam software with malicious payloads, usually of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user.[11]
  • Spyware refers to programs that surreptitiously monitor activity on a computer system and report that information to others without the user's consent.[12]
  • A Trojan horse, commonly known as a Trojan, is a general term for malicious software that pretends to be harmless, so that a user willingly allows it to be downloaded onto the computer.[13]
  • KeyLogger, Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard.[14]
  • A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users.[15]
  • Phishing occurs when the attacker pretends to be a trustworthy entity, either via email or web page.[16]
  • TCP/IP protocols may be secured with cryptographic methods and security protocols. These protocols include Secure Sockets Layer (SSL), succeeded by Transport Layer Security (TLS) for web traffic, Pretty Good Privacy (PGP) for email, and IPsec for the network layer security.[17]
  • Multi-factor authentication (MFA) is a method of computer access control in which a user is granted access only after successfully presenting several separate pieces of evidence to an authentication mechanism – typically at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are).[18]
  • A computer firewall controls access between networks and generally consists of gateways and filters which vary from one firewall to another. Firewalls also screen network traffic and are able to block traffic that is dangerous.[19]
  • Antivirus software and Internet security programs can protect a programmable device from attack by detecting and eliminating viruses.[20]
  • A password manager is a software application that helps a user store and organize passwords.[21]
  • Personally identifiable information (PII), or sensitive personal information (SPI), is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.[22]
  • Ethical codes are adopted by organizations to assist members in understanding the difference between 'right' and 'wrong' and in applying that understanding to their decisions.[23]
  • An ethical code generally implies documents at three levels: codes of business ethics, codes of conduct for employees, and codes of professional practice.[24]

Key Terms

edit
antivirus software
Computer software used to prevent, detect, and remove malicious software.[25]
asymmetric encryption
A cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner.[26]
authentication
The act of confirming identity.[27]
decryption
The process of converting unintelligible ciphertext back to plaintext.[28]
digital certificate
An electronic document used to prove the ownership of a public key.[29]
digital signature
A mathematical scheme for demonstrating the authenticity of digital messages or documents.[30]
encryption
The process of converting plaintext into unintelligible ciphertext.[31]
hash function
Any function that allows one to easily verify that some input data maps to a given hash value, but if the input data is unknown, it is deliberately difficult to reconstruct it by knowing the stored hash value.[32]
IPsec
A network protocol suite that authenticates and encrypts the packets of data sent over a network.[33]
malware (malicious software)
Hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.[34]
patch
Software designed to update a computer program.[35]
personally identifiable information (PII)
Information that can be used to identify an individual in context.[36]
phishing
The attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.[37]
ransomware
Malware that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.[38]
right to be forgotten
The right of an individual to have certain information deleted so that others can no longer trace them.[39]
spyware
Software that aims to gather information about a person or organization without their knowledge.[40]
SSL/TLS
Cryptographic protocols that provide communications security over a computer network.[41]
symmetric encryption
Algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext.[42]
Trojan
Any malicious computer program which misleads users of its true intent.[43]
virus
Malware that, when executed, replicates itself by modifying other computer programs and inserting its own code.[44]
worm
Standalone malware that replicates itself in order to spread to other computers.[45]

Assessments

edit

See Also

edit

References

edit
  1. CIW: Internet Business Associate Exam Objectives
  2. CIW: Internet Business Associate Course Description
  3. Wikipedia: Internet security
  4. Wikipedia: Internet security
  5. Wikipedia: Internet security
  6. Wikipedia: Internet security
  7. Wikipedia: Internet security
  8. Wikipedia: Internet security
  9. Wikipedia: Internet security
  10. Wikipedia: Internet security
  11. Wikipedia: Internet security
  12. Wikipedia: Internet security
  13. Wikipedia: Internet security
  14. Wikipedia: Internet security
  15. Wikipedia: Internet security
  16. Wikipedia: Internet security
  17. Wikipedia: Internet security
  18. Wikipedia: Internet security
  19. Wikipedia: Internet security
  20. Wikipedia: Internet security
  21. Wikipedia: Internet security
  22. Wikipedia: Personally identifiable information
  23. Wikipedia: Ethical code
  24. Wikipedia: Ethical code
  25. Wikipedia: Antivirus software
  26. Wikipedia: Asymmetric encryption
  27. Wikipedia: Authentication
  28. Wikipedia: Cryptography
  29. Wikipedia: Digital certificate
  30. Wikipedia: Digital signature
  31. Wikipedia: Cryptography
  32. Wikipedia: Hash function
  33. Wikipedia: IPsec
  34. Wikipedia: Malware
  35. Wikipedia: Patch (computing)
  36. Wikipedia: Personally identifiable information
  37. Wikipedia: Phishing
  38. Wikipedia: Ransomware
  39. Wikipedia: Right to be forgotten
  40. Wikipedia: Spyware
  41. Wikipedia: Transport Layer Security
  42. Wikipedia: Symmetric encryption
  43. Wikipedia: Trojan horse (computing)
  44. Wikipedia: Computer virus
  45. Wikipedia: Computer worm