1 intro to info tech computer issues copyright 2007 by janson industries this presentation can be...
TRANSCRIPT
1
Intro to Info TechComputer Issues
Copyright 2007 by Janson Industries
This presentation can be viewed on line at: http://web.fscj.edu/Janson/cgs1060/wk14.Issues.ppt
Copyright 2012 by Janson Industries2
Objectives
Discuss major issues impeding the spread of computers
Security: H/W, S/W and data
Privacy
Health
Show how IT companies combat these issues
Copyright 2012 by Janson Industries3
Security Issue: unauthorized access to
computing resources
Not just destruction
Changing, even copying Your Visa balance is now 0 SSNs, Grand Theft Auto 17
People minimize because it's impersonal (just files, non-violent)
Copyright 2012 by Janson Industries4
Cybercriminal types Hacker
Non-malicious access
Trying to "show security problems"
Cracker
Malicious access
Script kiddie Follow instructions or use s/w No technical skills
Copyright 2012 by Janson Industries5
Cybercriminal types Corporate spies
Usually not destructive
Trying to steal or gather info Hitachi http://www.businesspundit.com/10-most-
notorious-acts-of-corporate-espionage/
Unethical employees
Revenge – destructive
For profit Salami shaving
Copyright 2012 by Janson Industries6
Cybercriminal types Cyberextortionist
Threatens to harm computer resources or expose info
Overwhelm a company's servers Delete data
Looking to be paid off Is this any better then Somali pirates?
Cyberterrorist Attack and destroy computer
resources US in Gulf War 1
Copyright 2012 by Janson Industries7
Attack Types Attacks rarely done by hand at a
computer
Usually involves unleashing some malware (malicious s/w)
Viruses S/W that is installed unknowingly May harm or simply copy
Keep track of accounts and pws Relay info back
May replicate onto other computers
Copyright 2012 by Janson Industries8
Attack Types Worm
S/W that is installed unknowingly Replicates itself over and over,
impeding the system "I love you" email
Trojan horse S/W that is inside legitimate s/w Usually an event kicks it off
Michaelangelo
Copyright 2012 by Janson Industries9
Attack Types Malware can do many things
Slow system performance
Destroy s/w and data Even operating system
Change system settings
Deny system usage (DoS – Denial of Service attack)
Lock out the keyboard Flood an email server Yankee Doodle
Copyright 2012 by Janson Industries10
Attack Types Botnets
A network of infected computers Infected computers called zombies
User doesn’t know that the computer is being controlled remotely
Your good IP address used to: Send spam Attack servers Access other computers
Headline from NYT 3/29/09
Vast Spy System Loots Computers in 103 Countries
Copyright 2012 by Janson Industries11
Copyright 2012 by Janson Industries12
Attack Types Backdoors: access that
circumvents security Programmer created when s/w
written Installed after initial illegal access
Certain key combination Create a new user id and pw
Spoofing: make your computer resources look like someone else's Make your ip or email address look
like BOAs
Copyright 2012 by Janson Industries13
Got this email from "Yahoo"
Notice typo, bad grammar, and short time frame – trying to scare me into making a bad choice
Copyright 2012 by Janson Industries14
How? User tries to open an infected file
Opens what they think is a picture
User inadvertently runs it Thinks they're running a game
Uses an infected secondary storage media Where has that thumb drive been?
Connects to an infected network
Copyright 2012 by Janson Industries15
Prevention? Never open a file from an
unknown source
Don't use unknown secondary storage media
Don't open email attachments unless they are expected Even if it is from someone you trust
Install antivirus s/w Most computers come with some Lots of free stuff available
Copyright 2012 by Janson Industries16
Antivirus S/W Initially will scan all files looking
for malware If found will delete If can't delete will quarantine
Thereafter will check any downloaded files
Update s/w often Updates will protect against the latest
threats
Copyright 2012 by Janson Industries17
Some OS let you automate the updates
Copyright 2012 by Janson Industries18
Firewall System to protect a networked
computer Consists of s/w and possibly
specialized hardware
Monitors and validates all external communications
Example A proxy server with firewall s/w
Copyright 2012 by Janson Industries19
Firewall Proxy server gets all
communication and decides yes/no
Yes/no can be decided by many factors Where it came from Type of communication Content
User sets the rules
Copyright 2012 by Janson Industries20
Firewall Examples:
No FTP communications allowed No executable files Only these IP addresses allowed
Additional advantage No direct access to internal
network External systems don't know
location of internal resources Can only attack the proxy
Copyright 2012 by Janson Industries21
User Authentication Create user id and pw
Person must specify before access granted
Not perfect: can be hacked Hacker tries every possible combo System only allows 5 unsuccessful
attempts
Physical objects like FOBs Every minute generates a new code Or, like a car, unlocks the computer
Biometric devices
Copyright 2012 by Janson Industries22
User Authentication Digital signature
Encrypted code added to a message
Confirms who you are Can also confirm content not
changed (like a check bit)
Digital certificate Given to a site that has been
certified secure When communicating encrypted
certificate sent with msg
Copyright 2012 by Janson Industries23
System Security Audit Trail: a record of
Sign on attempts Date and time Resources accessed
Like chain of custody on CSI
Additional security for individual resources Shippers can access shipping data Only bldg F computers can access
the bldg F printer
Copyright 2012 by Janson Industries24
Hardware Theft Kept behind locked doors
Cabled to desk
Need physical device to operate
Policies I can't leave students unattended
in lab
Copyright 2012 by Janson Industries25
Information Theft Both from storage and when
transmitted over network
Encryption Windows allows you to encrypt files
and foldersJust another property
Takes longer to access cause it must be decrypted
DVDs are encrypted (CSS – Content Scrambling System)
Copyright 2012 by Janson Industries26
Software Piracy Illegally copying
Retards new development
Many levels Government Corporate Private
Copying for friends Copying to sell
License agreement
Product activation key
Copyright 2012 by Janson Industries27
Software Piracy In addition, laws are sometimes
vague
Copyright gives "fair use" to purchasers Can you install a game on multiple
computers? Can you "rip" a movie DVD so you
can watch it on your laptop? Can a restaurant show the movie? Can you post the movie on your
website so others can watch?
Copyright 2012 by Janson Industries28
Software Piracy SOPA – Stop Online Piracy Act
What is it?
HR3261
Legal action can be taken by DoJ or copyright owner against any site deemed to have "only limited purpose or use other than infringement”
Copyright 2012 by Janson Industries29
Software Piracy Can demand that search engines, social
networking sites and domain name services block access to the targeted site
If these companies fail to comply, DoJ or copyright owner can begin legal proceedings against them
Makes unauthorized web streaming of copyrighted content a felony with a penalty up to five years in prison
Copyright 2012 by Janson Industries30
SOPA Who’s fer it?
Motion Picture Assoc of America
Entertainment S/W Assoc GoDaddy.com
Who’s agin it? Google Wikipedia Major League Gaming Obama
Copyright 2012 by Janson Industries31
Software Piracy What about PIPA (Protect IP Act)
Stop search engines (Google, Yahoo) from directing users to sites with stolen content
Came before the Senate 1/24/2012
Copyright 2012 by Janson Industries32
System Failure Power surges
Surge protector
Power outage UPS (uninterruptible power supply) Usually include a surge protector
Disaster recovery Backup data Can automate
Copyright 2012 by Janson Industries33
Select where to back up to
Start to specify what to back up to
Copyright 2012 by Janson Industries34
Select what to back up
Pick a date/time to run or set up a schedule
Copyright 2012 by Janson Industries35
Information Privacy Concerns:
What is being collected?
Is it lawful to collect?
Who has access?
How well is it protected?
Copyright 2012 by Janson Industries36
Unknowing Shoppers in Japan Security cameras film all
customers in store
If person shoplifts or makes an unreasonable complaint
Put on blacklist as "shoplifter" or "complainer"
When customer enters other stores, warning issued to store staff (that only they can see)
Copyright 2012 by Janson Industries37
Unknowing Shoppers in Japan Customers not notified they
are listed
No recourse
If erroneous, no way to fix
Copyright 2012 by Janson Industries38
Event Data Recorder Installed in cars, tracks
Direction
Speed
Seat belt usage
Will be mandatory in all cars 9/2014
No warrant required for law enforcement to access
Copyright 2012 by Janson Industries39
Event Data Recorder "We know everyone who
breaks the law. We have GPS in your car, so we know what your doing."
Jim Farley, Ford Motors Sales Executive
What about cameras in cars
Who has rights to those images?
Copyright 2012 by Janson Industries40
Event Data Recorder 2015 Stingray has windshield
mounted camera and microphone in cabin
Performance data recorder
Real time feedback on driving
GAO says some automakers keep data from onboard Nav systems and mapping apps
Copyright 2012 by Janson Industries41
What is Being Collected Obviously:
Your doctor has your medical records
Amazon knows what you have bought, has your address, & CC #
Visa knows everything you bought, how much $, when, and where
Email provider, FaceBook, & MySpace have copies of all your emails and postings
Google and Yahoo keep login records for 18 months
Copyright 2012 by Janson Industries42
What is Being Collected Not so obviously:
Cookies: files that store preferences Can be read to keep track of web sites
you visit Can be read to see what you like and
appropriate ads displayed
Spyware: tracks what sites you visit Installed surreptitiously on consumers Employers use to track employee
computer usage Parents/husband-wife/boy-girl friend
Copyright 2012 by Janson Industries43
What is Being Collected Not so obviously:
Phishing: official looking email that solicits information
SSN, Bank Account #'s and PINs Pharming: official looking website that
solicits information You try to go to BOA website and are
directed to a look alike Posted info
Your email address on your home page• Can I gather that and send you spam?
• Can I sell that to spammers?
Your pictures on MySpace, Facebook
Copyright 2012 by Janson Industries44
Is it Lawful to Collect Obviously not
Phishing, Pharming
Obviously Email, FaceBook, MySpace Info used to conduct business
Amazon, your doctor, Visa But only info needed to do business
Not so obviously Cookies, Spyware, Posted info If deleted, can FaceBook keep copy?
Copyright 2012 by Janson Industries45
Is it Lawful to Collect Not so obviously
Cookies: provide convenience Spyware:
Parent/employer have the right to monitor Aren't your activities on the web just like
walking into different stores in a mall?• So, it's public domain information
Monitoring Email Lawsuits pending re: whether employer can
read your email? Currently – YES!
Cameras in the workplace Should the college be able to put cameras
in all the classrooms?
Copyright 2012 by Janson Industries46
Is it Lawful to Collect Not so obviously
Posted info: public domain
Can I use your images on my website?
Why can't a company use to sell a product?
Even if deleted, wasn’t it made available to everyone?
• FaceBook tried to change its usage policy to imply they had rights to everything forever
Copyright 2012 by Janson Industries47
Who Can See It Authorities need a search warrant
from a judge to see emails that are
Less than 180 days old and unread
In some cases:
Prosecutors can obtain a court order by presenting facts that suggest the messages are relevant
Prosecutors can issue subpoenas without any court involvement
Copyright 2012 by Janson Industries48
Who Can See It After arrests police have been searching
cell phones
See where arrestee has been, who called, etc.
6/25/14 ruling by Supreme Court requires police to get warrant
The fact that the new technology make private life portable renders it no "less worthy of the protection for which the Founders fought" – CJ Roberts
Copyright 2012 by Janson Industries49
Who Can See It The Supreme Court ruling only
affects gov't searches
Corporate, commercial, and workplace privacy still not fully settled
Copyright 2012 by Janson Industries50
Who Can See It There are some laws that clarify:
Companies can't release: Video rental history Cable subscribers records Credit records
Limits on: Educational records Government records Disclosure of health records
Copyright 2012 by Janson Industries51
Who Can See It How accurate is it?
If CC comp lists your income as $3K instead of $30K
Will you get: A mortgage from a bank? A second CC?
Some rules Must be able to see you credit
report for free Access to educational records
1974
Copyright 2012 by Janson Industries52
Is It Protected How safe is it?
A hospital is good at healing
How good is it at protecting the data?
How good is it at preventing unauthorized access?
Jax girl sent out 20 letters
Copyright 2012 by Janson Industries53
How email is Protected Digital Signatures
Some encrypted code attached to email to prove it is authentic
Certificates 3rd party validation that email is authentic
DMARC Common spec for email authentication Yahoo, MS, FB, Google support it
Copyright 2012 by Janson Industries54
How to Protect Privacy Anonymizers
Proxy server between client and the Internet
Hides who you are from sites and where you go on the Internet
Of course, it can be tracked that you are using an anonymizer
Some repressive govts ban the use
Anonymizer.com
Copyright 2012 by Janson Industries55
How to Protect Privacy Onion Router s/w
Pass communications between a network of servers
Conceals original location
Data encrypted multiple times At each relayed server, one layer of
decryption is performed
www.torproject.org Browser that hides you location
Copyright 2012 by Janson Industries56
Copyright 2012 by Janson Industries57
Can you think of any possible down side?
Copyright 2012 by Janson Industries58
How to Protect Privacy Encrypt your messages/files
Some email services offer this service along with other options such as timed destruction of msgs and email addrs
Software to encrypt Windows provides encryption capability
Wickr – mobile app to encrypt photos, text, etc.
When file erased, writes over metadata that could be used to recreate info
Copyright 2012 by Janson Industries59
Computers and Health Any health issues?
Dropping one on your foot would hurt.. RSI (repetitive strain/stress injury)
Keyboard, mouse, joy stick
Eye strain Backaches, headaches "PlayStation" palm
Solution: ergonomics and common sense “Maybe you should take a break”
Copyright 2012 by Janson Industries60
Computers and Health Computer addiction
Is there something inherent in the computer to make it addictive?
People get addicted to: Shoes Shopping Gambling
Has more to do with the person than the thing
What about games?
Copyright 2012 by Janson Industries61
Computers and Health Huge amount of electronic waste
Toxic materials in the devices
Electricity usage
Solutions Laws about recycling devices Green computing
Use energy star devices When possible print on both sides of paper Recycle paper, toner and ink cartridges
Copyright 2012 by Janson Industries62
Points to Remember People resist using computers
because of concerns re: Crime/safety Privacy Health
Computer and s/w mfgs continue to improve products to solve these issues
Govt passing laws to clarify what can and cannot be done