Linux Security Fundamentals. David Higby Clinton
Чтение книги онлайн.

Читать онлайн книгу Linux Security Fundamentals - David Higby Clinton страница 9

СКАЧАТЬ unauthorized use of your passwords, you should ideally notice when you’re not prompted for the secondary authentication method and back away.

      In general, be deeply suspicious of desperate requests for help and unsolicited job offers. Scammers often pretend to be relatives or close friends who have gotten into trouble while traveling and require a quick wire transfer. Job offers can sometimes mask attempts to access your bank account or launder fake checks written against legitimate businesses.

      It’s a nasty and dangerous world out there. Think carefully. Ask questions. Seek a second opinion. Always remember this wise rule: “If it’s too good to be true, it probably isn’t.” And remember, the widow of Nigeria’s former defense minister does not want you to keep $34 million safe for her in your bank account. Really.

      Summary

      You are responsible for digital interactions and operations taking place using your accounts or on accounts administrated by you. You should work to prevent harm from resulting from any of that activity.

      Understanding how criminals—and careless administrators—can put your data at risk is critical to learning how to protect yourself and the users you’re responsible for.

      Before engaging in online activity, always try to think through the possible short- and long-term consequences. Is what you’re about to do likely to cause you or others harm?

      Reading the privacy policy documents associated with the platforms and services you use can help you understand the threat environment you’ll be using.

      Always examine the context of online information: is it part of a reliable website or associated with a well-known institution?

      Be aware of the kinds of threats you’re likely to face as you go about your life on the internet. Only by understanding what can go wrong can you hope to protect yourself and the people who rely on you.

      Back to the Basics

      Understand the kinds of personal data that are the most sensitive and vulnerable to abuse. Your browser history, social media account activities, online ecommerce transaction information, and health records are all categories of personal data that require special attention and protection.

      Understand the regulatory requirements for which you and your infrastructure are responsible. Businesses operating in the European Union must conform to the policies of the General Data Protection Regulation (GDPR). The Payment Card Industry Data Security Standards (PCI-DSS), and the US government’s Health Insurance Portability and Accountability Act (HIPAA) are also important standards.

      Be familiar with common kinds of digital “social engineering” attacks. Spam describes unsolicited email messages sent with the goal of getting you to respond, usually by purchasing a product of doubtful value. Spoofing misrepresents the origin and sender of the email. Phishing attacks try to get you to interact with a web resource that’s made to look like an actual legitimate site.

      Review Questions

      1 What best describes doxxing?Falsely and illegally directing law enforcement authorities toward a nonexistent crimePublicizing a target’s personal contact and location information without authorizationPersistent and unwanted monitoring and harassing of a targetA coordinated social media attack against an individual involving large numbers of attackers

      2 What best describes cybermobbing?Publicizing a target’s personal contact and location information without authorizationFalsely and illegally directing law enforcement authorities toward a nonexistent crimeA coordinated social media attack against an individual involving large numbers of attackersPersistent and unwanted monitoring and harassing of a target

      3 As an employer, which of the following are most likely to present legal liabilities for you and your organization? (Choose two.)Threatening comments posted by your employees on your organization’s websiteThreatening comments posted by your employees on their own social media accountsCriminal activity (like cyberstalking) launched by an employee using public resourcesCriminal activity (like cyberstalking) launched using your organization’s website resources (like a technical support forum)

      4 Which of the following types of data should generally be considered personal and private? (Choose two.)The browser history on a user’s personal computerOld social media postsA consumer’s purchasing history with an online storeOfficial records of criminal trial proceedings

      5 What elements are likely to be included in your “browser history”? (Choose two.)Transcripts of recent text message conversationsPasswords you’ve used for online application authenticationInformation about your computer and software profileInformation about the state of a past website session

      6 Why should you be conscious and concerned about any of your personal data that the owners of online services and applications might control? (Choose two.)Because you could be prevented from accessing such information on your ownBecause it might be stolen by third parties and mined for information that might prove damaging to youBecause it might be sold to third parties or used by the services themselves in ways that infringe on your rightsBecause your information might change and updating remote databases can be time-consuming and inconvenient

      7 What best describes the General Data Protection Regulation (GDPR)?It mandates the destruction of financial and health data as soon as an organization is no longer required to retain it.It mandates the retention of financial and civil records related to European Union government activities.It mandates the protection, privacy, and safety of healthcare-related data in the United States.It mandates the protection, privacy, and safety of personal data moving through EU territories.

      8 Which of these is an industry (rather than government-mandated) regulatory framework?HIPAAPCI-DSSGDPRSarbanes-Oxley (SOX)

      9 Why is it important to read an organization’s privacy policy if you intend to interact with their service? (Choose two.)To better understand the security and privacy safeguards built into the applicationTo be better able to predict the chances the organization might misuse or unnecessarily expose your dataTo better understand the true potential costs of using the service in questionTo understand how the organization might use your data

      10 What best describes spoofing?Using an internet address (URL) that closely resembles a well-known, legitimate siteMisrepresenting the origin address within an email messageAttempting to trick individuals into revealing private informationSending unsolicited and often dishonest email messages

      11 What best describes phishing?Using an internet address (URL) that closely resembles a well-known, legitimate siteSending unsolicited and often dishonest email messagesAttempting to trick individuals into revealing private informationMisrepresenting the origin address within an email message

      12 What should you consider when assessing the value of the online information you encounter? (Choose two.)The СКАЧАТЬ