Security

=Security Scavenger Hunt= || __ Ø ** hand in ** 1 print copy Ø submit your **file** to the class Wiki Security Page Ø print one copy for your team __ || ** Findings ** 2.  Phishing: Phishers pretend to be what kind of companies. 3.  Phishing: Phish sites can look remarkably like legitimate sites because they tend to: 4.  Viruses: Melissa was this type of Virus: 5.  It spread itself by: 6.  Antibot software can prevent your computer from being taken over or:  || 1. Phishing is the practice of luring unsuspecting Internet users to a fake Web site by using authentic-looking email with the real organization's logo, in an attempt to steal passwords, financial or personal information, or introduce a virus attack; the creation of a Web site replica for fooling unsuspecting Internet users into submitting personal or financial information or passwords 2. Phishing sites tend to be a false credit card company or bank. They usually are looking for your personal information. 3. You can spot phishing in many ways: Requests for confidential information via email or instant message, emotional language using scare tactics or urgent requests to respond, misspelled URLs, spelling mistakes or the use of sub-domains, links within the body of a message, lack of a personal greeting or customized information within a message. Legitimate emails from banks and credit card companies will often include partial account numbers, user name or password. 4 and 5. Melissa is a virus that exploits the macro feature within the Microsoft Office suite in order to infect documents and mass mail copies of itself to a victims address book. Melissa uses a feature that allows Office documents to activate other Microsoft applications and use their abilities. Hidden within a Word document, the virus gains access to Outlook and mass emails a message along with an infected copy of itself. 6. You can invest in antivirus software on your computer to prevent viruses. || 2.   Infragard was developed to promote: || 1. Infragard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. InfraGard is a partnership between the FBI and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.
 * ** Security Scavenger Hunt **
 * Students on Team: _ **
 * ** Directions: ** __Using the information provided below respond to each item. Each team is to:__
 * (be sure to use numbering to identify each) ** ||
 * ** Symantec.com ** || ||
 * 1.  What is the definition of phishing?
 * ** Find the FBI Boston Infragard webpage: ** || ||
 * 1.  Infragard is an alliance of:

2. InfraGard goal is to promote ongoing dialogue and timely communication between members and the FBI. || 2.   What is the difference between the three? 3.  Why is there such a thing as ethical hacking? || 1. There are thee types of hackers white hat, grey hat, and black hat.
 * ** Search Yahoo/Wikipedia/Google, etc… ** || ||
 * 1.  What three types of “hat” hacking exist?

2. A white hat hacker finds a fault in a securety system ie. a website then they will inform the owner immediatly.

A grey hat hacker finds a fault he will do what he feels like at the time ie. exploiting the site OR informing the owner.

A black hat hacker if they find a fault will immediatly exploit the site for there own benefitial gain ie. advertising and infecting other computers with "viruses" to gain access to more sites.

3. An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. To test a security system, ethical hackers use the same methods as their less principled counterparts, but report problems instead of taking advantage of them. Basically to catch the bad guy you have to think like the bad guy!!. || 2.   This type of outage occurs when attackers: || 1. Users were having accessibility problems with there Yahoo! account becuase there was a problem with the server.
 * ** Search for the CNET article: How a basic attack crippled Yahoo ** || ||
 * 1.  What type of “outage/attack” did Yahoo! Suffer?

2. In one of the most common forms, an attacker will effectively take over another machine, or a group of machines connected to the Web, and then program these "slave" machines to send streams of information at the target site. || 1. Authentication is dealing with the user’s connection to the SQL Server. Authorization is dealing with the data privilege a user has once they are connected to the SQL server. || If you ever have a problem with another eBay member or receive unwelcome email, you might find that you need to report an email to them. When reporting email, it’s important to include the email header. Using the header, so they can trace the path of an email back to the sender. There is a hyperlink you can click on to email this information to them. The email address is; spoof@ebay.com  || 2.  This type of hardware device is known as what type/category of authentication device? || 1. Most laptops now have fingerprint readers for validation of the user, so that they can put a hexidecmal security key for the password that the user wouldn't have to remember.
 * ** Search Yahoo! Etc. for: Authentication vs. Authorization ** || ||
 * 1.  What is the difference between the two? ||
 * ** Search eBay’s help for documentation on account protection ** || ||
 * 1.  Many online companies have email addresses to report suspicious activity. If you receive a suspicious email from someone posing as eBay, how can you report this information to eBay for investigation? (the email address) ||
 * ** Search HP.com or any other internet Search Engine ** || ||
 * 1.  Many new computers, particularly laptops have this hardware technology built in the keyboard for authentication to use the computer.

2.Not sure if there is an official term for this, but it is a unique genetic identifier, as you are the only one with that fingerprint in the world. || 2.   What is a Service Pack? 3.  What is Windows Vista’s latest SP number/version? || 1. You can get updates for office or any microsoft application from the web page.
 * ** Microsoft Windows Update Web Site: ** || ||
 * 1.  According to the FAQ, what types of updates can you download with Windows Update?

2. A service pack is a large update that fixes core problems with an operating system including security fixes and usually bringing new features to the operating system.

3. The latest Windows vista service pack is service pack 3. This had minor fix's and new tools for network administrators. || 2.   What is an SSID? 3.   A MAC address is an address given to a network device by the manufacturer. What example does Linksys give for using MAC addresses for security purposes?
 * ** Search Yahoo! For:  __** || ||
 * 1.  What are the 5 ways Linksys recommends to secure your home network?

|| 1. Change the default password,Change the default SSID, Enable WPA Encryption, Disable SSID broadcast, Enable MAC address filtering.

2. It is the name of the network

3. You filter the mac addresses that are allowed to enter your network. Enable only ones you own. || 2.   Which browsers are compared? 3.  How does your favorite stand? ||
 * ** How secure is your browser? Visit **[|**InfoWorld**] ** to find out ** || ||
 * 1.  Locate the following article: “InfoWorld Test Center's guide to browser security”
 * 2.** InfoWorld Test Center examines Chrome, IE, Firefox, Opera, and Safari and determines how secure they really are.

3. In my opinion safari is one of the safest, discover because it has new features and new antivirus programs frequently. That defined scams.  ||