1. 2 technology in action chapter 9 securing your system: protecting your digital data and devices...

1

2

Technology in Action

Chapter 9

Securing Your System: Protecting Your Digital Data and Devices

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

3

Chapter Topics

• Computer virus types• Protecting computers from viruses• Hackers• Firewalls• Passwords and password management

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

4

Chapter Topics (cont.)

• Biometrics• Spyware and spam• Backup methods• Protecting physical assets

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

5

Computer Threats

• Cybercrimes are criminal acts conducted by cybercriminals through the use of computers

• Computer users need to protect themselves from becoming victims of cybercriminals

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

6Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

7Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

8

Ways to lose your money

Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

9

Types of Cybercrime• Fraud-related

– Nondelivery of ordered items– Credit and debit card fraud– Advanced fee scams

• Non-fraud-related – Computer intrusions– Unsolicited e-mail– Child pornography

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

10

Computer Threats: Viruses

• Virus: A program that attaches itself to another program and spreads itself to other computers

• Viruses are hidden within the code of a host program

• Any computing device can be infected with a virus

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

11

Got you sucker!!

Naked_britney.jpg is a virus!!!

Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

12

What Viruses Do

• Replicate themselves– Slow down networks

• Secondary objectives– Display annoying messages– Delete files on the hard drive– Change computer settings

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

13

How Does a Computer Catch a Virus?

• Viruses copy themselves and infect a file on your computer

• Spread by – Sharing disks or

flash drives– Opening an e-mail

attachment– Downloading

infected audio or video files

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

14

Types of Viruses

• Boot-sector viruses– Replicate themselves in the boot sector of the

hard drive• Logic bombs

– Activate when certain conditions are met• Time bombs

– Triggered by the passage of time or on a certain date

• Worms– Travel between systems through networks

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

15

ZIP Bombs via email !!!• Many email systems try to protect us by

scanning attachments• If the attachment has a compressed file,

the system will decompress/expand the file onto the server for checking…

• What if the attachment is 1-billion “X” in a row?

• It compresses to about 30k but when expanded, can cause the system to crash to do lack of disk space

Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

16

Types of Viruses (cont.)• Script viruses

– Hidden on Web pages as miniprograms • Macro viruses

– Attached to documents• E-mail viruses

– Use e-mail address books to distribute themselves

• Encryption viruses– Compress files using a complex encryption key

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

17

Virus Classifications

• Polymorphic viruses– Periodically rewrite themselves to avoid

detection• Multipartite viruses

– Infect multiple file types• Stealth viruses

– Erase their code from the hard drive and reside in the active memory

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

18

Antivirus Software• Programs designed to

detect viruses– Scan files looking for

virus signatures (unique code)

– Provide options for deleting or fixing infected files

– Inoculate files against further infection

• Needs to be updated frequently

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

19

Antivirus vendors

Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

20Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

21

Dealing with an Infected Computer

1. Boot computer with antivirus installation disc.

2. Run directly from DVD/CD.

3. Allow software to delete or quarantine infected files.

4. Research viruses found to ensure further manual steps are not needed.

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

22

Prevent Instant Messaging Viruses

• Allow contact from Buddy or Friends List users only.

• Never automatically accept transfers of data.

• Avoid using instant messaging programs on public computers.

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

23

Other Ways to Protect Your System

• Keep your antivirus and operating system (OS) software up to date

• Load security patches as soon as they are available

• Enable automatic updates

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

24

Hackers

• Anyone who unlawfully accesses a computer system

• Types of hackers – White hat– Black hat– Script kiddies

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

25

Hackers WikiLeaks• Publish private & classified documents from

hacked government & business computers

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

26

Hackers WikiLeaks• Publish private & classified documents from

hacked government & business computers

Albert Gonzalez• Obtained and sold 170 million credit card & ATM

numbers (2005-2007) using packet sniffing.

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

27

Hackers WikiLeaks• Publish private & classified documents from

hacked government & business computers

Albert Gonzalez• Obtained and sold 170 million credit card & ATM

numbers (2005-2007) using packet sniffing.

George Hotz – “geohot” (born 1989)• Unlocking the iPhone – use on any carrier• Hacking “jailbreaking” Playstation 3• Sued by Sony

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

28

What Hackers Steal

• Hackers try to steal data stored on hard drives:– Credit card numbers– Bank account numbers

• Also can steal information through packet sniffing or a keylogger

• Use information to purchase items illegally or to commit identity theft

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

29

How Computers Are Attacked

• Trojan horse• Backdoor program

– Zombies• Denial of service

attacks (DoS)• Distributed denial

of service attacks (DDoS)

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

30

Anatomy of a Denial of Service Attack

• Ask the remote computer a simple question

• Ask it many Many MANY times !!!

• The remote computer is so pre-occupied in telling me to go away, nothing else gets done

Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

31Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

32

How Hackers Gain Access

• Direct access– Hacking software

• Indirect access– Internet connection– Logical ports

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

33

Firewalls • Software programs or hardware designed to

close logical ports to invaders– Most current operating systems include reliable

firewalls– Security suite often include firewalls– Network routers can contain a hardware firewall

• Firewalls are critical if you have an always-on broadband connection

• Test your computer’s vulnerability

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

34Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

35

Nasty Tools - Cain and Able

Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

36

Bluetooth Attacks

• Bluesnarfing – Exploits flaw in access software to steal

information contained on the device• Bluebugging

– Hacker takes control of the device• Make your device invisible

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

37

Bluetooth attacks

Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

38

Passwords• Create a strong password

– At least 14 characters, including numbers, symbols, and upper- and lowercase letters

– Not a single word or a word from a dictionary– Not easily associated with you (birthday,

name of pet, nickname)– Use different passwords for different sites– Do not tell anyone or write down password– Change password regularly (every month)

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

39Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall

40

Wireless Networks on the Road

• Beware – “Evil twins”– Free Internet access in paid locations

• Protect yourself– Check with authorized personnel for official

name of hotspot– Do not use free access from unknown

sources

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

41

Password Managers

• Remember all your different passwords• Built into

– Operating systems– Web browsers– Some security

packages

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

42

Anonymous Web Surfing

• Public computers – Shared computers risk subsequent user

viewing your data– Might already have viruses or hacking tools

installed• Portable privacy devices• Linux OS on a flash drive

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

43

Biometric Authentication Devices

• Read unique personal characteristics– Fingerprint– Iris patterns– Voice patterns– Face patterns

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

44

Malware

• Software that has a malicious intent– Grayware (nondestructive)

• Adware• Spyware

– Viruses (destructive)• Antispyware software

– Included in many Internet security suites– Stand-alone spyware removal available

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

45

Spam or Spim

• Spam: Unwanted or junk e-mail – To avoid SPAM

• Create free Web-based e-mail account for filling out online forms or making online purchases

• Use a spam filter• Do not try to “unsubscribe” from spam e-mails• Use an e-mail forwarding service

• Spim: Unsolicited instant messages

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

46

Cookies

• A Web site assigns an ID number to your computer, stored in a cookie file

• Each time you log in to the site, it notes the visit and keeps track of it in a database

• Provide info about browsing habits• Identify user preferences• Pose some privacy risks, but low security

threat

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

47

Protecting Your Personal Information

• Protect information from identity thieves– Social Security number– Phone number– Street address

• Check privacy settings on social networking sites: Keep your information as private as possible

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

48

Backing Up Your Data

• Backup– A copy of a file that can be used to

replace the original• Types of files to back up

– Program– Data

• Backup routine– Frequency– Changed files

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

49

Backing Up Your Data (cont.)

• Software programs for easy backup– Schedule automatic backups– Can back up files, folders, or entire drives– Back up to external hard drive, USB device,

or DVD• Entire system backup software

– Takes an image of the entire system – Stores on a separate hard drive– In case of failure, a new drive is inserted

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

50

Backing Up Your Data (cont.)

• Store backups offsite• Online backups

– Store backup files on Internet servers– Some services free

• Windows Live Sky Drive• ADrive

– Fees for some services• Network attached storage (NAS) devices

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

51

Social Engineering

• Uses social skills to generate human interaction to entice individuals to reveal sensitive information– Usually does not use a computer or face-to-

face interaction– Pretexting

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

52

Phishing and Pharming

• Phishing– Uses e-mail to lure user to fake Web sites– Tricks user into revealing private data

• Pharming– Malicious code changes Web browser’s ability

to find Web addresses

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

53

Hoaxes• An attempt to make

someone believe something that is untrue– Target large

audiences– Practical joke, agents

of social change, or time wasters

– Mostly e-mailCopyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

54

Protect Physical Assets

• Environmental factors– Avoid

• Sudden movement• Excessive heat or cold• Dust• Food and liquids

– Use padded case for notebooks

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

55

Power Surges

• Occur when electrical current is supplied in excess of normal voltage (120 volts in the United States)

• Caused by:– Old or faulty wiring– Downed power lines– Malfunctions at electric substations– Lightning strikes

• Use surge protectorsCopyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

56

Deterring Theft

• Alarms• Locks• Software alerts

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

57

E-waste

Computer technology advances rapidly.

Every 3-5 years we replace our systems.

What do we do with the old one?

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

58

E-waste

Computer technology advances rapidly.

Every 3-5 years we replace our systems.

What do we do with the old one?• Reduce, Re-use, Recycle• The world produces ~ 50 million tonnes of

E-waste each year.

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

59

E-waste

Computer technology advances rapidly.

Every 3-5 years we replace our systems.

What do we do with the old one?• Reduce, Re-use, Recycle• The world produces ~ 50 million tonnes of

E-waste each year.

Re-use• Give old computers to those that can’t

afford them

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

60

E-waste

Recycle• About 90% of your computer can be

recycled – plastics, metals, etc

Problems?

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

61

E-waste

Recycle• About 90% of your computer can be

recycled – plastics, metals, etc

Problems?• Recycling has become big business• Labour intensive• Some components are made of toxic

materials• Who disassembles the components?

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

62Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

63

What components did you recycle?• CPU, RAM, Harddrive, etc.

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

64

What components did you recycle?• CPU, RAM, Harddrive, etc.• Anything on your harddrive you might not

want someone else to have?

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

65

What components did you recycle?• CPU, RAM, Harddrive, etc.• Anything on your harddrive you might not

want someone else to have?• Personal information & documents• Web browser history• Stored passwords• Banking info

Even if you delete your files, they can sometimes be recovered!!!

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

66

Chapter 9 Summary Questions

• From which types of viruses do I need to protect my computer?

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

67

Chapter 9 Summary Questions

• What can I do to protect my computer from viruses?

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

68

Chapter 9 Summary Questions

• How can hackers attack my computing devices, and what harm can they cause?

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

69

Chapter 9 Summary Questions

• What is a firewall, and how does it keep my computer safe from hackers?

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

70

Chapter 9 Summary Questions

• How do I create secure passwords and manage all of my passwords?

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

71

Chapter 9 Summary Questions

• How can I surf the Internet anonymously and use biometric authentication devices to protect my data?

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

72

Chapter 9 Summary Questions

• How do I manage online annoyances such as spyware and spam?

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

73

Chapter 9 Summary Questions

• What data do I need to back up, and what are the best methods for doing so?

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

74

Chapter 9 Summary Questions

• What is social engineering, and how do I avoid falling prey to phishing and hoaxes?

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

75

Chapter 9 Summary Questions

• How do I protect my physical computing assets from environmental hazards, power surges, and theft?

Copyright © 2012 Pearson Education, Inc. Publishing as Prentice Hall

Chapter 1Chapter 9 76

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic,

mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America.

Copyright © 2012 Pearson Education, Inc.  Publishing as Prentice Hall