Banner Image

Tutoring Schedules | Types of Tutoring | Academic Support | Success Coaching | Tools & Resources | Meet our Tutors | Become a Tutor | Instructors Toolbox

Security+ Study Guide: Lesson 1 : It Security Lingo

Study Guide for Comptia Security+

Just the facts

Just like a police officer or a security guard, an IT Security Administrator is just suposed to "Keep the Peace". People walking along the information highway feel that, just like when they are driving or walking, saftey should not be a critical concern. They know there are people out there, like us, protecting them from unsavory characters like this guy.

http://cinesnark.files.wordpress.com/2012/05/moriarty.jpg

They never see him, they have no idea what he is planning, and they don't want to or need to. Thats where we come in. We have the tools and talent to stop him from keeping peaceful citizens from their apointed internet and networking rounds. Do you have what it takes? I bet you do. Look below for some of the basics on how we go about stopping characters like this here at ITSECNET!

http://www.fiftiesweb.com/tv/dragnet-2.jpg

Security Definitions

IT Security is the guarding of technology based hardware and data in a digital format through the use of technology, processes, and training.

It ensures that protective mesures are implimented in the proper manner to minimize the chance of threats, as well as proactively deal with any threats that may arise.

https://s3.amazonaws.com/libapps/accounts/20857/images/3462f29.jpg

CIA may sound more like an organization that would HANDEL all of IT security, but in fact its an acronym for the three major componets of Information Security

Confidentiality - Confidentiality is the ability to deny access to information from those people unauthorised to view it. It is perhaps the most obvious aspect of the CIA triad when it comes to security; but correspondingly, it is also the one which is attacked most often.

Integrity - Integrity is the ability to ensure that data that is accessed in any format, is an accurate and unchanged representation of the original secure information.

Availability - Availabilty is the ability to ensure that data is accessable to authorized users.

 

What is a cookie?

Cookies are usually small text files, given ID tags that are stored on your computer's browser directory or program data subfolders. Cookies are created when you use your browser to visit a website that uses cookies to keep track of your movements within the site, help you resume where you left off, remember your registered login, theme selection, preferences, and other customization functions.

The website stores a corresponding file(with same ID tag)to the one they set in your browser and in this file they can track and keep information on your movements within the site and any information you may have voluntarily given while visiting the website, such as email address.

Like virtual door keys, cookies unlock a computer's memory and allow a website to recognise users when they return to a site by opening doors to different content or services. Like a key, a cookie itself does not contain information, but when it is read by a browser it can help a website improve the service delivered

Cookie files are automatically lodged into the cookie file - the memory of your browser - and each one typically contains:

  • The name of the server the cookie was sent from
  • The lifetime of the cookie
  • A value - usually a randomly generated unique number

There are two types of cookies: session cookies and persistent cookies.

Session cookies are created temporarily in your browser's subfolder while you are visiting a website. Once you leave the site, the session cookie is deleted.

Persistent cookie files remain in your browser's subfolder and are activated again once you visit the website that created that particular cookie. A persistent cookie remains in the browser's subfolder for the duration period set within the cookie's file.

.

Malware means 'malicious software'.

It is any type of code or program used to perform malicious actions. There are three common types of malware  Most modern malware combines some parts of each of these to make a single malicious program.

  • Virus : A virus is a type of malware that is spread by infecting computer software and files. Viruses often, though not always, usually spread through human interaction, such as opening an infected email, opening an infected file loaded onto the computer you are using or media its resides on(Hard Drive, Network Drive, USB drive, CD or DVD or in some older cases, a floppy disk.  Once opened, the virus can attach itself to the computer operating system or specific programs, and be passed on if a file created on the computer or with that specific program is passed on to another user using a different computer.
  • Worm: A type of malware program that can be passed on from computer to computer automatically,  without requiring any human interaction for it to spread. Worms often spread across networks, though can also infect systems through other means, such as USB keys. An example of a worm is Conficker, which infected millions of computer systems starting in 2008 and is still active today. (To learn more about Conficker http://www.microsoft.com/security/pc-security/conficker.aspx)
  • Trojan : A shortened form of "Trojan Horse", this type of malware program appears to have a legitimate or at least benign use, but masks a hidden sinister function. For example, you may download and install a free screensaver which actually works well as a screensaver. But that software could also have a trojan attached to it and it will infect your computer once you install it.

Having Spyware on your computer does NOT mean James Bond is watching what you are buying on Amazon....or does it?

SpyWare: A type of malware that is designed to spy on the victim's activities, capturing sensitive data such as the person's passwords, online shopping, and screen contents. One popular type of spyware, a keylogger, is optimized for logging the victim's keyboard activity and transmitting the captured information to the remote attacker.

Spyware is software that performs certain behaviors, generally without appropriately obtaining your consent first, such as:

  • Advertising

  • Collecting personal information

  • Changing the configuration of your computer

Spyware is often associated with software that displays advertisements (called adware) or software that tracks personal or sensitive information. This is usally done using what is called a Tracking Cookie(see "What is a Cookie:)

This does not mean all software that provides ads or tracks your online activities are bad. For example, you might sign up for a free music service, but you "pay" for the service by agreeing to receive targeted ads. If you understand the terms and agree to them, you may have decided that it is a fair tradeoff. You might also agree to let the company track your online activities to determine which ads to show you.

Knowing what spyware does can be a very difficult process because most spyware is designed to be difficult to remove. Other kinds of spyware make changes to your computer that can be annoying and can cause your computer slow down or crash.

These programs can change your web browser's home page or search page, or add additional components to your browser you don't need or want. They also make it very difficult for you to change your settings back to the way you had them.

Hacker

While this term originally referred to a clever or expert programmer, it is now more commonly used to refer to someone who can gain unauthorized access to other computers. A hacker can "hack" his or her way through the security levels of a computer system or network. This can be as simple as figuring out somebody else's password or as complex as writing a custom program to break another computer's security software. Hackers are the reason software manufacturers release periodic "security updates" to their programs. While it is unlikely that the average person will get "hacked," some large businesses and organizations receive multiple hacking attempts a day.

The majority of hackers possess an advanced understanding of computer technology. The typical computer hacker will possess an expert level in a particular computer program and will have advanced abilities in regards to computer programming.
 
Unlike the majority of computer crimes which are regarded as clear cut in terms of legality issues, computer hacking is somewhat ambiguous and difficult to define. In all forms, however, computer hacking will involve some degree of infringement on the privacy of others or the damaging of a computer-based property such as web pages, software, or files.
 
As a result of this loaded definition, the impact of computer hacking will vary from a simple invasive procedure to an illegal extraction of confidential or personal information.
Definitions of Hacking
The New Hacker’s Dictionary, a resource used to elucidate upon the art of computer hacking, has defined the practice through an assortment of definitions:
A hacker may be defined as any person who enjoys exploring the intricacies of programmable systems and how to stretch their capabilities. This definition is held in contrast to a generic computer user, who prefers to access a computer’s minimal functions;
 
One who programs or who enjoys programming, as opposed to those individuals who simply theorize about programming;
An individual who possesses exceptional skill regarding computer programming;
A malicious meddler who attempts to discover and subsequently tamper with sensitive information through poking around computer-based technologies. These individuals are commonly referred to as “network hackers” or “password hackers.”
Regardless of the definition, there are unwritten rules or principles that a hacker will ultimately live by. The belief that information sharing is a powerful exercise and that is the ethical duty of hackers to share their expertise through the creation of free software and through facilitating access to information and to computing resources is a fundamental code for which the majority of hackers follow. In addition, computer hacking as a practice revolves around the belief that system-cracking as a hobby or for fun is ethically okay so long as the hacker commits no vandalism, theft, or a breach of confidentiality.
 
Issues of Computer Hacking
Computer hacking possesses a mixed perception. Due to our reliance on computer technologies and the critical information shared on networks, the art of computer hacking has been skeptically viewed. That being said, there is also a “Robin Hood” mentality attached to the practice, where free programs or facilitated measures have been awarded to the average computer user.
The primary issue attached to computer hacking stems from an individual’s ability to access crucial or personal information that is found on a computer network. The ability to retrieve and subsequently tamper with such information will give way to the potential to commit heinous criminal acts.

Techopedia explains White Hat Hacker

White hat hackers are usually seen as hackers who use their skills to benefit society. They may be reformed black hat hackers or they may simply be well-versed in the methods and techniques used by hackers. An organization can hire these consultants to do tests and implement best practices that make them less vulnerable to malicious hacking attempts in the future.

For the most part, the term is synonymous with "ethical hacker." The term comes from old Western movies where the cliché was for the "good guy" to wear a white cowboy hat. Of course, the "bad guys" always seemed to wear a black hat.

http://cdn.static-economist.com/sites/default/files/imagecache/full-width/images/print-edition/20140222_WBD001_0.jpg

Security can be fun

Walter O'Brien (hacker name: "Scorpion") was diagnosed as a child prodigy with an IQ of 197 and at 13 years old started his company ScorpionComputerServices.com. Scorpion has mitigated risk for 7 years on $1.9 trillion of investments and has invented and applied Artificial Intelligence engines to protect United States war fighters in Afghanistan. Scorpion is now a think tank for hire that provides intelligence on demand as a concierge service for funded challenges through ConciergeUp.com. Since 1988, Scorpion's team of world class experts partner with clients on a global basis, across industries, to add real measurable value in mission-critical initiatives from planning, to execution, to running the business. Scorpion's senior management has a collective knowledge of more than 413 technologies, 210 years in IT, and 1,360 projects. Scorpion himself has created over 177 unique technology inventions including ScenGen and WinLocX and is one of the world's leading experts in the application of computer science and artificial intelligence to solve complex industry challenges. http://www.scorpioncomputerservices.com/the_founder.html

http://www.scorpioncomputerservices.com/the_team.html

 

Steve Wozniak

white hat hackers

Have you ever heard of Steve Jobs? Of course you have! Well, Steve “Woz” Wozniak is known for being the “other Steve” of Apple Computers. Along with Jobs, Wozniak co-founded the company and paved the way towards what would later become a massive international success.

Before Apple existed, Wozniak began his computer career by creating something called blue boxes, a device that could bypass traditional telephone switch mechanisms in order to make free long-distance calls. Wozniak and Jobs built these boxes together and ended up selling them to their college classmates. From there, they progressed to bigger and better ideas.

After dropping out of college, Wozniak invented a computer that could be sold as a fully assembled PC board. The rest is, as they say, history. Wozniak was inducted into the National Inventors Hall of Fame in September 2000.

http://www.makeuseof.com/tag/5-worlds-famous-influential-white-hat-hackers/

 

Linus Torvalds

famous white hat hackers

Linus Torvalds is the creator of Linux, a family of operating systems that brought the flexibility and security of Unix-based systems to the public in an easy-to-digest manner. Linux has been growing in popularity over the past decade and it is poised as a very real alternative to Windows and Mac.

Torvalds started his hacking by fiddling around with his personal machines when he was a child. In 1991, he created the first version of the Linux kernel using the Minix operating system as his source of inspiration. Eventually, he asked for contributors to help him out. Fast forward many years later and now Linux is popular worldwide.

Though he wasn’t the first proponent of open-source software, the spread of Linux surely helped the growth of the open-source community. Without him, there would be no operating system that works as a strong replacement for the two main contenders. Torvalds has certainly made an impact in the world of computers.

http://www.makeuseof.com/tag/5-worlds-famous-influential-white-hat-hackers/

Tim Berners-Lee

famous white hat hackers

Tim Berners-Lee is credited as the brilliant mind behind the creation of the World Wide Web–not to be confused as the creator of the Internet, which he isn’t. He is the creator of the actual system that we all use to navigate the Internet in order to access particular files, folders, and websites.

He got his start with electronics at a relatively young age. When he was a student at Oxford University, Berners-Lee managed to build a computer from scratch using a soldering iron, TTL gates, an M6800 processor, and parts from an old television.

Later, he worked with CERN and developed an inhouse system that allowed researchers to share and update information quickly. This would be the seedling idea that eventually grew into the hypertext protocol for the World Wide Web.

http://www.makeuseof.com/tag/5-worlds-famous-influential-white-hat-hackers/

Julian Assange

famous white hat hackers

Julian Assange is a computer programmer and journalist who is best known for founding WikiLeaks, a website that publishes documents provided by
“whistleblowers,” or people who disclose information regarding allegedly illegal or dishonest activities within a government department. WikiLeaks was first launched in 2006.

At the age of 16, Assange began to hack using the handle “Mendax,” a name derived from the Latin splendide mendax meaning “a splendid liar.” He operated under a self-imposed code that included: 1) not harming systems that he broke into, 2) not altering information in systems that he broke into, and 3) sharing information whenever possible.

This behavioral code was the beginning of what would later become his driving philosophy for WikiLeaks. For Assange, access to government documents and open transparency was an integral aspect of a properly functioning government because it provided public oversight.

http://www.makeuseof.com/tag/5-worlds-famous-influential-white-hat-hackers/

Tsutomu Shimomura

white hat hackers

Funny enough, Tsutomu Shimomura is a white hat hacker who gets his fame from an incident with a black hat hacker, Kevin Mitnick. Specifically, Mitnick sent a personal attack to Shimomura by hacking into his computers. In response, Shimomura decided to help the FBI in capturing Mitnick.

In a battle of wits, Shimomura managed to outclass Mitnick by hacking a cell phone and using it to monitor phone calls. Using Mitnick’s own phone against him, Shimomura tracked him down to an apartment complex and Mitnick was quickly arrested. The events of this incident were later adapted to the big screen in a movie called Takedown.

http://www.makeuseof.com/tag/5-worlds-famous-influential-white-hat-hackers/