1 intro to info tech computer issues copyright 2007 by janson industries this presentation can be...

1

Intro to Info TechComputer Issues

Copyright 2007 by Janson Industries

This presentation can be viewed on line at: http://web.fscj.edu/Janson/cgs1060/wk14.Issues.ppt

Copyright 2012 by Janson Industries2

Objectives

Discuss major issues impeding the spread of computers

Security: H/W, S/W and data

Privacy

Health

Show how IT companies combat these issues


Security Issue: unauthorized access to

computing resources

Not just destruction

Changing, even copying Your Visa balance is now 0 SSNs, Grand Theft Auto 17

People minimize because it's impersonal (just files, non-violent)


Cybercriminal types Hacker

Non-malicious access

Trying to "show security problems"

Cracker

Malicious access

Script kiddie Follow instructions or use s/w No technical skills


Cybercriminal types Corporate spies

Usually not destructive

Trying to steal or gather info Hitachi http://www.businesspundit.com/10-most-

notorious-acts-of-corporate-espionage/

Unethical employees

Revenge – destructive

For profit Salami shaving


Cybercriminal types Cyberextortionist

Threatens to harm computer resources or expose info

Overwhelm a company's servers Delete data

Looking to be paid off Is this any better then Somali pirates?

Cyberterrorist Attack and destroy computer

resources US in Gulf War 1


Attack Types Attacks rarely done by hand at a

computer

Usually involves unleashing some malware (malicious s/w)

Viruses S/W that is installed unknowingly May harm or simply copy

Keep track of accounts and pws Relay info back

May replicate onto other computers


Attack Types Worm

S/W that is installed unknowingly Replicates itself over and over,

impeding the system "I love you" email

Trojan horse S/W that is inside legitimate s/w Usually an event kicks it off

Michaelangelo


Attack Types Malware can do many things

Slow system performance

Destroy s/w and data Even operating system

Change system settings

Deny system usage (DoS – Denial of Service attack)

Lock out the keyboard Flood an email server Yankee Doodle


Attack Types Botnets

A network of infected computers Infected computers called zombies

User doesn’t know that the computer is being controlled remotely

Your good IP address used to: Send spam Attack servers Access other computers

Headline from NYT 3/29/09

Vast Spy System Loots Computers in 103 Countries


Attack Types Backdoors: access that

circumvents security Programmer created when s/w

written Installed after initial illegal access

Certain key combination Create a new user id and pw

Spoofing: make your computer resources look like someone else's Make your ip or email address look

like BOAs


Got this email from "Yahoo"

Notice typo, bad grammar, and short time frame – trying to scare me into making a bad choice


How? User tries to open an infected file

Opens what they think is a picture

User inadvertently runs it Thinks they're running a game

Uses an infected secondary storage media Where has that thumb drive been?

Connects to an infected network


Prevention? Never open a file from an

unknown source

Don't use unknown secondary storage media

Don't open email attachments unless they are expected Even if it is from someone you trust

Install antivirus s/w Most computers come with some Lots of free stuff available


Antivirus S/W Initially will scan all files looking

for malware If found will delete If can't delete will quarantine

Thereafter will check any downloaded files

Update s/w often Updates will protect against the latest

threats


Some OS let you automate the updates


Firewall System to protect a networked

computer Consists of s/w and possibly

specialized hardware

Monitors and validates all external communications

Example A proxy server with firewall s/w


Firewall Proxy server gets all

communication and decides yes/no

Yes/no can be decided by many factors Where it came from Type of communication Content

User sets the rules


Firewall Examples:

No FTP communications allowed No executable files Only these IP addresses allowed

Additional advantage No direct access to internal

network External systems don't know

location of internal resources Can only attack the proxy


User Authentication Create user id and pw

Person must specify before access granted

Not perfect: can be hacked Hacker tries every possible combo System only allows 5 unsuccessful

attempts

Physical objects like FOBs Every minute generates a new code Or, like a car, unlocks the computer

Biometric devices


User Authentication Digital signature

Encrypted code added to a message

Confirms who you are Can also confirm content not

changed (like a check bit)

Digital certificate Given to a site that has been

certified secure When communicating encrypted

certificate sent with msg


System Security Audit Trail: a record of

Sign on attempts Date and time Resources accessed

Like chain of custody on CSI

Additional security for individual resources Shippers can access shipping data Only bldg F computers can access

the bldg F printer


Hardware Theft Kept behind locked doors

Cabled to desk

Need physical device to operate

Policies I can't leave students unattended

in lab


Information Theft Both from storage and when

transmitted over network

Encryption Windows allows you to encrypt files

and foldersJust another property

Takes longer to access cause it must be decrypted

DVDs are encrypted (CSS – Content Scrambling System)


Software Piracy Illegally copying

Retards new development

Many levels Government Corporate Private

Copying for friends Copying to sell

License agreement

Product activation key


Software Piracy In addition, laws are sometimes

vague

Copyright gives "fair use" to purchasers Can you install a game on multiple

computers? Can you "rip" a movie DVD so you

can watch it on your laptop? Can a restaurant show the movie? Can you post the movie on your

website so others can watch?


Software Piracy SOPA – Stop Online Piracy Act

What is it?

HR3261

Legal action can be taken by DoJ or copyright owner against any site deemed to have "only limited purpose or use other than infringement”


Software Piracy Can demand that search engines, social

networking sites and domain name services block access to the targeted site

If these companies fail to comply, DoJ or copyright owner can begin legal proceedings against them

Makes unauthorized web streaming of copyrighted content a felony with a penalty up to five years in prison


SOPA Who’s fer it?

Motion Picture Assoc of America

Entertainment S/W Assoc GoDaddy.com

Who’s agin it? Google Wikipedia Major League Gaming Obama


Software Piracy What about PIPA (Protect IP Act)

Stop search engines (Google, Yahoo) from directing users to sites with stolen content

Came before the Senate 1/24/2012


System Failure Power surges

Surge protector

Power outage UPS (uninterruptible power supply) Usually include a surge protector

Disaster recovery Backup data Can automate


Select where to back up to

Start to specify what to back up to


Select what to back up

Pick a date/time to run or set up a schedule


Information Privacy Concerns:

What is being collected?

Is it lawful to collect?

Who has access?

How well is it protected?


Unknowing Shoppers in Japan Security cameras film all

customers in store

If person shoplifts or makes an unreasonable complaint

Put on blacklist as "shoplifter" or "complainer"

When customer enters other stores, warning issued to store staff (that only they can see)


Unknowing Shoppers in Japan Customers not notified they

are listed

No recourse

If erroneous, no way to fix


Event Data Recorder Installed in cars, tracks

Direction

Speed

Seat belt usage

Will be mandatory in all cars 9/2014

No warrant required for law enforcement to access


Event Data Recorder "We know everyone who

breaks the law. We have GPS in your car, so we know what your doing."

Jim Farley, Ford Motors Sales Executive

What about cameras in cars

Who has rights to those images?


Event Data Recorder 2015 Stingray has windshield

mounted camera and microphone in cabin

Performance data recorder

Real time feedback on driving

GAO says some automakers keep data from onboard Nav systems and mapping apps


What is Being Collected Obviously:

Your doctor has your medical records

Amazon knows what you have bought, has your address, & CC #

Visa knows everything you bought, how much $, when, and where

Email provider, FaceBook, & MySpace have copies of all your emails and postings

Google and Yahoo keep login records for 18 months


What is Being Collected Not so obviously:

Cookies: files that store preferences Can be read to keep track of web sites

you visit Can be read to see what you like and

appropriate ads displayed

Spyware: tracks what sites you visit Installed surreptitiously on consumers Employers use to track employee

computer usage Parents/husband-wife/boy-girl friend


What is Being Collected Not so obviously:

Phishing: official looking email that solicits information

SSN, Bank Account #'s and PINs Pharming: official looking website that

solicits information You try to go to BOA website and are

directed to a look alike Posted info

Your email address on your home page• Can I gather that and send you spam?

• Can I sell that to spammers?

Your pictures on MySpace, Facebook


Is it Lawful to Collect Obviously not

Phishing, Pharming

Obviously Email, FaceBook, MySpace Info used to conduct business

Amazon, your doctor, Visa But only info needed to do business

Not so obviously Cookies, Spyware, Posted info If deleted, can FaceBook keep copy?


Is it Lawful to Collect Not so obviously

Cookies: provide convenience Spyware:

Parent/employer have the right to monitor Aren't your activities on the web just like

walking into different stores in a mall?• So, it's public domain information

Monitoring Email Lawsuits pending re: whether employer can

read your email? Currently – YES!

Cameras in the workplace Should the college be able to put cameras

in all the classrooms?


Is it Lawful to Collect Not so obviously

Posted info: public domain

Can I use your images on my website?

Why can't a company use to sell a product?

Even if deleted, wasn’t it made available to everyone?

• FaceBook tried to change its usage policy to imply they had rights to everything forever


Who Can See It Authorities need a search warrant

from a judge to see emails that are

Less than 180 days old and unread

In some cases:

Prosecutors can obtain a court order by presenting facts that suggest the messages are relevant

Prosecutors can issue subpoenas without any court involvement


Who Can See It After arrests police have been searching

cell phones

See where arrestee has been, who called, etc.

6/25/14 ruling by Supreme Court requires police to get warrant

The fact that the new technology make private life portable renders it no "less worthy of the protection for which the Founders fought" – CJ Roberts


Who Can See It The Supreme Court ruling only

affects gov't searches

Corporate, commercial, and workplace privacy still not fully settled


Who Can See It There are some laws that clarify:

Companies can't release: Video rental history Cable subscribers records Credit records

Limits on: Educational records Government records Disclosure of health records


Who Can See It How accurate is it?

If CC comp lists your income as $3K instead of $30K

Will you get: A mortgage from a bank? A second CC?

Some rules Must be able to see you credit

report for free Access to educational records

1974


Is It Protected How safe is it?

A hospital is good at healing

How good is it at protecting the data?

How good is it at preventing unauthorized access?

Jax girl sent out 20 letters


How email is Protected Digital Signatures

Some encrypted code attached to email to prove it is authentic

Certificates 3rd party validation that email is authentic

DMARC Common spec for email authentication Yahoo, MS, FB, Google support it


How to Protect Privacy Anonymizers

Proxy server between client and the Internet

Hides who you are from sites and where you go on the Internet

Of course, it can be tracked that you are using an anonymizer

Some repressive govts ban the use

Anonymizer.com


How to Protect Privacy Onion Router s/w

Pass communications between a network of servers

Conceals original location

Data encrypted multiple times At each relayed server, one layer of

decryption is performed

www.torproject.org Browser that hides you location


Can you think of any possible down side?


How to Protect Privacy Encrypt your messages/files

Some email services offer this service along with other options such as timed destruction of msgs and email addrs

Software to encrypt Windows provides encryption capability

Wickr – mobile app to encrypt photos, text, etc.

When file erased, writes over metadata that could be used to recreate info


Computers and Health Any health issues?

Dropping one on your foot would hurt.. RSI (repetitive strain/stress injury)

Keyboard, mouse, joy stick

Eye strain Backaches, headaches "PlayStation" palm

Solution: ergonomics and common sense “Maybe you should take a break”


Computers and Health Computer addiction

Is there something inherent in the computer to make it addictive?

People get addicted to: Shoes Shopping Gambling

Has more to do with the person than the thing

What about games?


Computers and Health Huge amount of electronic waste

Toxic materials in the devices

Electricity usage

Solutions Laws about recycling devices Green computing

Use energy star devices When possible print on both sides of paper Recycle paper, toner and ink cartridges


Points to Remember People resist using computers

because of concerns re: Crime/safety Privacy Health

Computer and s/w mfgs continue to improve products to solve these issues

Govt passing laws to clarify what can and cannot be done

1 intro to info tech computer issues copyright 2007 by janson industries this presentation can be...

Documents

attack typesmalware

attack typesbackdoors

attack typeswormsw

attack typesattacks

harm computer resources

computer resourcesus

email address look

sw writteninstalled