chapter 11 lecture 21: pp.568-601 computer security, ethics and privacy

52
Chapter 11 Lecture 21: pp.568- 601 Computer Security, Ethics and Privacy

Upload: bernadette-phillips

Post on 16-Jan-2016

225 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Chapter 11Lecture 21: pp.568-

601 Computer Security, Ethics and Privacy

Page 2: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Chapter 11 Objectives

Describe the types of computer security risksDescribe the types of computer security risks

Identify ways to safeguard against computer viruses, worms, Trojan horses, denial of service attacks, back doors, and spoofing

Identify ways to safeguard against computer viruses, worms, Trojan horses, denial of service attacks, back doors, and spoofing

Discuss techniques to prevent unauthorized computer access and use

Discuss techniques to prevent unauthorized computer access and use

Identify safeguards against hardware theft and vandalism

Identify safeguards against hardware theft and vandalism

Explain the ways software manufacturers protect against software piracy

Explain the ways software manufacturers protect against software piracy

Define encryption and explain why it is necessary

Define encryption and explain why it is necessary

Discuss the types of devices available that protect computers from system failure

Discuss the types of devices available that protect computers from system failure

Explain the options available for backing up computer resources

Explain the options available for backing up computer resources

Identify risks and safeguards associated with wireless communications

Identify risks and safeguards associated with wireless communications

Recognize issues related to information accuracy, rights, and conduct

Recognize issues related to information accuracy, rights, and conduct

Discuss issues surrounding information privacy

Discuss issues surrounding information privacy

Discuss ways to prevent health-related disorders and injuries due to computer use

Discuss ways to prevent health-related disorders and injuries due to computer use

Page 3: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Computer Security Risks

A Computer security risk is…

p. 556 Fig. 11-1

An Action that causes loss of or damage to a computer system

Page 4: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Computer Viruses, Worms, and Trojan Horses

Viruses, worms, and Trojan horses are:

p. 558

VirusVirus is a potentially damaging computer program

WormWorm copies itself repeatedly,

using up resources

and possibly shutting down computer or

network

Trojan horseTrojan horse hides within or looks like

legitimate program until

triggered

PayloadPayload (destructive event) that is

delivered when you open file, run infected program, or boot computer with infected disk

in disk driveCan

spread and

damage files

Does not replicate itself on

other computer

s

Page 5: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Computer Viruses, Worms, and Trojan Horses

How can a virus spread through an e-mail message?

p. 559 Fig. 11-2

Step 1. Unscrupulous programmers create a virus program. They hide the virus in a Word document and attach the Word document to an e-mail message.

Step 2. They use the Internet to send the e-mail message to thousands of users around the world.

Step 3b. Other users do not recognize the name of the sender of the e-mail message. These users do not open the e-mail message. Instead they delete the e-mail message. These users’ computers are not infected with the virus.

Step 3a. Some users open the attachment and their computers become infected with the virus.

Page 6: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Computer Viruses, Worms, and Trojan Horses

To protect your system from a macro virus…

p. 560 Fig. 11-3

Set macro security level in applications that allow you to write macros

At medium security level, warning displays that document contains macro Macros are instructions

saved in an application, such as word processing or spreadsheet program

Page 7: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Computer Viruses, Worms, and Trojan Horses

An antivirus program…

p. 560 - 561 Fig. 11-4

Identifies and removes computer viruses

Most also protect against worms and Trojan horses

Page 8: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Computer Viruses, Worms, and Trojan Horses

A virus signature is…

p. 561 Fig. 11-5

A specific pattern of virus code Also called virus definition

Antivirus programs look for virus signatures

Page 9: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Keeps file in separate area of hard disk

Computer Viruses, Worms, and Trojan Horses

An antivirus program inoculates a program file by…

p. 561

Recording Recording information information

about program such about program such as file size and as file size and

creation creation datedate Attempts Attempts

to remove to remove any detected any detected

virusvirus

Using Using information information to detect if to detect if

virus tampers virus tampers with filewith file

QuarantinesQuarantines infected infected

files that it files that it cannot cannot removeremove

Page 10: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Computer Viruses, Worms, and Trojan Horses

Tips to prevent virus, worm, and Trojan horse infections…

p. 562

Install a personalfirewall program

If the antivirus program flags an e-mail attachment as infected, delete

the attachment immediately

Set the macro security in programs so you can enable or

disable macros

Never open an e-mail attachment

unless you are expecting it and

it is from a trusted source

Install an antivirus program on all of your computers

Check all downloaded programs for

viruses, worms, or Trojan horses

Page 11: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Computer Viruses, Worms, and Trojan Horses

What is a denial of service attack and back door?

p. 562

A denial of service attack is an assault whichdisrupts access to an Internet service such as

the Web or e-mail

A back door is a program or set of instructionsin a program that allow users to bypass

security controls when accessing a computerresource

Page 12: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Computer Viruses, Worms, and Trojan Horses

Spoofing is…

p. 563

MakingMaking a network a network or Internet or Internet

Transmission appear legitimateTransmission appear legitimate

IP spoofing occurs when an intruderIP spoofing occurs when an intrudercomputer fools a network into computer fools a network into

believing its IP address is from believing its IP address is from a trusted sourcea trusted source

Perpetrators of IP spoofing trick their victims into interacting

with a phony Web site

Page 13: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Computer Viruses, Worms, and Trojan Horses

A firewall is…

p. 563 Fig. 11-7

A security system consisting of hardware and/or software that prevents unauthorised network access

Page 14: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Computer Viruses, Worms, and Trojan Horses

A personal firewall utility is…

p. 564 Fig. 11-8

A program that protects personal computers and its data from unauthorised intrusions

Monitors transmissions to and from computer Informs you of attempted intrusion

Page 15: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Unauthorized Access and Use

Companies protect themselves against hackers by…

p. 564

Intrusion detection softwareIntrusion detection softwareanalyzes network traffic, assesses analyzes network traffic, assesses

system vulnerabilities, and identifies system vulnerabilities, and identifies intrusions and suspicious behaviorintrusions and suspicious behavior

Access controlAccess control defines who defines who can access computer and can access computer and what actions they can takewhat actions they can take

Audit trailAudit trail records records access attemptsaccess attempts

Page 16: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Unauthorized Access and Use

Other ways to protect your personal computer are…

p. 565 Fig. 11-9

Disable file and printer sharing on Internet connection

File and printer sharing

turned off

Page 17: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Unauthorized Access and Use

A user name is…

p. 566 Fig. 11-10

A unique set of characters that identifies a user Password is private

combination of characters associated with the user name that allows access to computer resources

Page 18: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Unauthorized Access and Use

Make your password more secure by…

p. 567 Fig. 11-11

Using longer passwords to provide greater security

Page 19: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Unauthorized Access and Use

A possessed object is…

p. 567 Fig. 11-12

An item that you must carry to gain access to a computer or facility

Often used with a numeric password called a Personal Identification Number (PIN)

Page 20: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Unauthorized Access and Use

A biometric device can…

p. 567 - 568 Fig. 11-13

Authenticate a person’s identity using personal characteristics Fingerprint, hand geometry,

voice, signature, and iris

Page 21: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Hardware Theft and Vandalism

Hardware theft and hardware vandalism…

p. 569 Fig. 11-14

Hardware theft is act of stealing computer equipment Cables sometimes used to lock

equipment Some notebook computers use

passwords, possessed objects, and biometrics as security methods

For PDAs, you can password-protect the device

Hardware vandalism is act of defacing or destroying computer equipment

Page 22: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Software Theft

Software theft is…

p. 570

The act of stealing or The act of stealing or illegally copying illegally copying

software or software or intentionally intentionally

erasing erasing programsprograms

Software Software piracypiracy is illegal is illegal duplication duplication of copyrighted of copyrighted softwaresoftware

Page 23: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Software Theft

A license agreement gives…

p. 570 Fig. 11-15

You the right to use software A standard single-user license agreement allows users to

install software on one computer, make backup copy, and sell software after removing from computer

Page 24: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Software Theft

Some safeguards against software theft include…

p. 571

Product activationProduct activation allow users to input allow users to input product identification numbers online or by product identification numbers online or by

phone and receive a unique installation phone and receive a unique installation identification number in returnidentification number in return

Business Software AllianceBusiness Software Alliance (BSA) (BSA) promotes better understanding of promotes better understanding of

software piracy problemssoftware piracy problems

Page 25: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Information Theft

Encryption…

p. 571 - 572 Fig. 11-16

Safeguards against information theft Is the process of converting plaintext (readable data)

into ciphertext (unreadable characters) Encryption key (formula) often uses more than one method To read the data, the recipient must decrypt, or decipher, the data

Page 26: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Information Theft

This is what an encrypted file looks like…

p. 573 Fig. 11-17

Page 27: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Secure siteSecure site – a Web site using

encryption to secure data

Internet Security Risks

How do Web browsers provide secure data transmission?

p. 573

Digital certificateDigital certificate is notice that guarantees Web site is legitimate

Many Web browsers use encryption

Page 28: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Internet Security Risks

A certificate authority (CA)…

p. 573 Fig. 11-18

Authorized person or company that issues and verifies digital certificates

Users apply for digital certificate from CA

Page 29: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Internet Security Risks

Secure Sockets Layer (SSL)…

p. 574 Fig. 11-19

Provides encryption of all data that passes between client and Internet server Web addresses

beginning with “https” indicate secure connections

Page 30: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Undervoltage—drop in electrical supply

System Failure

A system failure…

p. 574

Overvoltage or power surge—

significant increase in electrical power

Noise—unwanted electrical signal

Caused by aging hardware, Caused by aging hardware, natural disasters, or electrical natural disasters, or electrical

power disturbancespower disturbances

Can cause loss of hardware, Can cause loss of hardware, software, or datasoftware, or data

The prolonged malfunction The prolonged malfunction of a computerof a computer

Page 31: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

System Failure

A surge protector…

p. 574 - 575 Figs. 11-20–11-21

Protects computer and equipment from electrical power disturbances

Uninterruptible power supply (UPS) is surge protector that provides power during power loss

Page 32: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Backing Up — The Ultimate SafeguardA backup…

p. 576

Is a duplicate of file(s), program(s), or disk(s)

Full backupFull backupall files in the

computer

Full backupFull backupall files in the

computer

Selective Selective backupbackupselect

which files to back up

Selective Selective backupbackupselect

which files to back up

Three-generation Three-generation backupbackup

preserves three copies

of important files

Three-generation Three-generation backupbackup

preserves three copies

of important files

In case of system failure or corrupted files, restore files by copying to original location

Page 33: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Wireless Security

To ensuring wireless communication is secure…

p. 577 Fig. 11-22

Secure your wireless access point (WAP) WAP should not broadcast your network name Enable Wired Equivalent Privacy

Page 34: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Ethics and Society

Computer ethics are:

p. 578 - 579

Information privacyInformation privacy

Intellectual property rights—rights to

which creators are entitled for their work

Intellectual property rights—rights to

which creators are entitled for their work

Software theftSoftware theft Information accuracyInformation accuracy

Codes of conductCodes of conduct

Unauthorized use of computers and

networks

Unauthorized use of computers and

networks

Moral guidelines that govern use of computers and information systemsMoral guidelines that govern use of computers and information systems

Page 35: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Ethics and Society

An IT code of conduct is…

p. 580 Fig. 11-25

A written guideline that helps determine whether computer action is ethical

Employers can distribute to employees

Page 36: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Information Privacy

Information privacy is…

p. 580 and 586

Legal for employers to use monitoring software

programs

Difficult to maintain today because data is stored online

Employee monitoring is using computers to observe employee

computer use

Right of individuals and companies to restrict collection

and use of information about them

Page 37: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Information Privacy

Some ways to safeguard personal information include…

p. 581

Fill in only necessary informationon rebate, warranty, and

registration forms

Avoid shopping club and buyers cards

Install a cookie manager to filter cookies

Inform merchants that you do not want them to distribute

your personal information

Limit the amount of information you provide to Web sites; fill in only required information

Clear your history file when you are finished browsing

Set up a free e-mail account; use this e-mail address for

merchant forms

Turn off file and print sharing on your Internet connection

Install a personal firewall

Sign up for e-mail filtering through your

Internet service provider or use an antispam program,

such as Brightmail

Do not reply to spam for any reason

Surf the Web anonymously with a program such as Freedom Web Secure or through an anonymous

Web site such as Anonymizer.com

Page 38: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Information Privacy

An electronic profile is…

p. 581 - 582 Fig. 11-27

Data collected when you fill out form on Web Merchants sell

your electronic profile

Often you can specify whether you want personal information distributed

Page 39: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Information Privacy

A cookie is…

p. 582

Set browser to accept cookies, prompt you to accept cookies,

or disable cookies

Some Web sites sell or trade information

stored in your cookies

A small file on your computer that contains

data about you

User preferences

Interests and

browsing habits

How regularly you visit Web sites

Page 40: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Information Privacy

How do cookies work?

p. 583 Fig. 11-28

Step 1. When you type Web address of Web site in your browser window, browser program searches your hard disk for a cookie associated with Web site.

Unique ID

Cookies

Step 2. If browser finds a cookie, it sends information in cookie file to Web site.

Step 3. If Web site does not receive cookie information, and is expecting it, Web site creates an identification number for you in its database and sends that number to your browser. Browser in turn creates a cookie file based on that number and stores cookie file on your hard disk. Web site now can update information in cookie files whenever you access the site.

Unique ID

Request Home PageWeb server forwww.company.com

Page 41: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Information Privacy

Spyware, adware, and spam are:

p. 583 - 584 Fig. 11-29

Spyware is program placed on computer without user’s knowledge

Adware is a programthat displays onlineadvertisements

Spam is unsolicited e-mail message sent to many recipients

Page 42: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Information Privacy

Controlling spam…

p. 584

Collects spam incentral location

that you can view any time

Service that blocks e-mail

messages from designated

sources

E-mail filteringE-mail filtering

Sometimes removes valid

e-mail messages

Attempts to remove spam

Anti-spam programAnti-spam program

Page 43: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Information Privacy

Phishing is…

p. 584

A scam in which a perpetrator

sends an official lookinge-mail that attempts

to obtain your personalinformation

Page 44: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Information Privacy

Privacy laws (US) that have been enacted include…

p. 585 Fig. 11-30

Page 45: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Information Privacy

Privacy laws (US) continued…

p. 585 Fig. 11-30

Page 46: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Information Privacy

Content filtering is…

p. 587 Fig. 11-31

The process of restricting access to certain material Internet Content Rating

Association (ICRA) provides rating system of Web content

Web filtering software restricts access to specified sites

Page 47: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Computer Vision Syndrome Computer Vision Syndrome (CVS)(CVS)—eye and vision —eye and vision

problemsproblems

Computer Vision Syndrome Computer Vision Syndrome (CVS)(CVS)—eye and vision —eye and vision

problemsproblems

Health Concerns of Computer UseWhat are some health concerns of computer use?

p. 587 - 588

Repetitive strain injury (RSI)Repetitive strain injury (RSI)Repetitive strain injury (RSI)Repetitive strain injury (RSI)

Computer addictionComputer addiction—when —when computer consumes entire computer consumes entire

social lifesocial life

Computer addictionComputer addiction—when —when computer consumes entire computer consumes entire

social lifesocial life

TendonitisTendonitis—inflammation of —inflammation of tendon due to repeated motiontendon due to repeated motionTendonitisTendonitis—inflammation of —inflammation of

tendon due to repeated motiontendon due to repeated motion

Carpal Tunnel Syndrome (CTS)Carpal Tunnel Syndrome (CTS)—inflammation of nerve that —inflammation of nerve that

connects forearm to palmconnects forearm to palm

Carpal Tunnel Syndrome (CTS)Carpal Tunnel Syndrome (CTS)—inflammation of nerve that —inflammation of nerve that

connects forearm to palmconnects forearm to palm

Page 48: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Health Concerns of Computer UsePrecautions can prevent Repetitive Strain Injury…

p. 588 Fig. 11-32

Take frequent breaks during computer session Use wrist rest Exercise hands

and arms Minimize number

of times you switch between mouse and keyboard

Page 49: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Health Concerns of Computer UseEase eyestrain when working at the computer?

p. 588 Fig. 11-33

Page 50: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Health Concerns of Computer UseErgonomics is:

p. 589 Fig. 11-34

The applied science devoted to comfort, efficiency, and safety in workplace

keyboard height: 23” to 28”

feet flat on floor

adjustable height chair with 5 legs for stability

adjustable seat

adjustable backrest

elbows at 90° and arms and hands parallel to floor

Page 51: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Health Concerns of Computer UseGreen computing is…

p. 590 Fig. 11-35

Reducing electricity and environmental waste while using computer

Page 52: Chapter 11 Lecture 21: pp.568-601 Computer Security, Ethics and Privacy

Summary of Computer Security, Ethics and Privacy

Potential computer risksPotential computer risks

Safeguards that schools, business, and individuals can

implement to minimize these risks

Safeguards that schools, business, and individuals can

implement to minimize these risks

Wireless security risks and safeguardsWireless security risks and safeguards

Ethical issues surrounding information accuracy, intellectual property rights, codes

of conduct, and information privacy

Ethical issues surrounding information accuracy, intellectual property rights, codes

of conduct, and information privacy

Computer-related health issues, their preventions, and ways to keep the environment healthy

Computer-related health issues, their preventions, and ways to keep the environment healthy

Chapter 11 Complete