Security Risks

SO MUCH TEXT. Paul, can you suggest any cuts? --MF, 8/5/19

On this page, you will learn about threats to online security.

Originally, network security was a relatively minor consideration because the Arpanet was a small computer network of military personnel and university users. The real need for security arose once businesses were allowed on the Internet in 1995. These days, people give their credit card numbers to online shopping sites, do much of their banking online, and send their social security numbers to tax firms and credit bureaus. And computers controlling critical social infrastructure (such as power plants, telephone switching systems, traffic lights, and hospital equipment) can be attacked by criminals and other countries' militaries.

Common Security Issues for Users

design flaws: IOC-2.B.10, anti-virus and anti-malware: IOC-2.C.7, phishing: IOC-2.C.1
malware: IOC-2.B.9, keylogging: IOC-2.C.2, virus: IOC-2.B.8, antivirus or anti-malware software: IOC-2.B.7, phishing: IOC-2.C.1

Software has bugs (even published software written by professionals). And people can use those bugs for bad purposes (such as crashing your computer or implanting keylogging software to collect everything you type, including passwords and other confidential information). Software developers try to prevent security bugs and fix them when they turn up, but not every software developer distributes fixes promptly. (And not every computer user keeps up with software updates perfectly!)

The general name for programs that try to affect your computer badly is malware. You computer can end up with malware if you or someone using your computer downloads untrustworthy software (such as from freeware or shareware sites; not everything on those sites is bad, but if you aren't careful, you might install something that is).

One kind of malware is called a virus. Computer viruses make copies of themselves (just as biological viruses do) and try to spread themselves over the network to other computers. People use antivirus software to help prevent these attacks. People also use firewalls to limit connections into or out of their computer. (Both your computer and your router probably run firewall software.)

Another common attack strategy is called phishing: an attacker sends you an email that appears to be from some official organization (such as your bank) and tricks you into giving information to the attackers (such as your bank password). The attacker can then use your personal information to gain access to sensitive online resources, such as your bank accounts or emails.

    IOC-2.C
  1. Write Out Your ThoughtsDescribe three ways someone could gain unauthorized access to your computer or data.
  2. IOC-2.B
  3. Describe an example of a computer security issue that you or someone you know know has experienced or could experience.

Common Security Issues with Public Systems

A Denial of Service (DoS) attack consists of sending a lot of requests to a server at the same time (for instance, requests for a web page or some data). This can overload the server's network bandwidth. A DoS attack doesn't destroy data or collect passwords; it just causes a temporary inability to reach the targeted server so other users of that server are denied service.

A DDoS (Distributed Denial of Service) attack uses a virus to flood a server with many requests from many computers at once so that users of that server are denied service.

A variant is the Distributed Denial of Service (DDoS) attack, in which the attacker first uses viruses and other malware to take control of many (sometimes hundreds of thousands of) computers around the world. This network of infected computers is called a botnet. The attacker then launches a DoS attack from all of the victims' computers at the same time. Besides increasing the number of simultaneous server requests, DDoS makes it harder to determine who is at fault, since the attack seems to come from many innocent people.

rogue access point: IOC-2.C.3, IOC-2.C.4

Unless your data is encrypted, it can be read or modified as it's being sent over public networks. One way that this can happen is through a rogue access point.

:

A rogue access point is a wireless access point that gives access to a secure network without the authorization of the network administrator.

A rogue access point may be installed by someone trying to improve access to the network or by an attacker. But either way, the lack of proper security can allow data being sent over that WiFi network to be intercepted. For example, if your computer has password access to a WiFi network, and you enable Bluetooth network sharing, you are allowing anyone in Bluetooth range of your computer access to the secure network.

Is Too Much Security Possible?

Too much security has its own set of problems. A perfectly secure Internet would prevent anonymous publishing, restricting freedom of speech. To prevent fraud, it's important to be able to verify the source of a message, but if the source of a message can be verified, the message can't be anonymous. That's problematic both for privacy and for freedom of speech.

  1. This question is similar to those you will see on the AP CSP exam.
    Which of the following are existing vulnerabilities of the Internet, according to experts?
    A physical attack that involves cutting fiber-optic cables.
    Attacking electrical systems that control the energy grid.
    Eroding the trust and confidence that the general public has in their online privacy and secure online transactions.