chapter 4 computers and security. why should i be concerned about computer security? you may be...
TRANSCRIPT
Chapter 4Chapter 4
Computers and SecurityComputers and Security
Why Should I Be Concerned About Why Should I Be Concerned About Computer Security?Computer Security?
YOUYOU
may be affected in a negative waymay be affected in a negative way
Unauthorized Access and Use, Unauthorized Access and Use, Computer SabotageComputer Sabotage
CybercrimeCybercrime – any illegal act using a – any illegal act using a computercomputer
Unauthorized Unauthorized AccessAccess – use without – use without permissionpermission
Unauthorized UseUnauthorized Use – have – have permissionpermission to to use a computer, but use it to access things use a computer, but use it to access things you you do not do not have permission to access or have permission to access or use that is not authorized (personal e-mail use that is not authorized (personal e-mail at work!)at work!)
Code of ConductCode of Conduct
Figure 4-1
HackingHacking
Unauthorized access into a remote Unauthorized access into a remote computer and/or networkcomputer and/or network
ProfessionalProfessional Hacking – done to check Hacking – done to check security of a company at company’s security of a company at company’s requestrequest
CyberterrorismCyberterrorism – attacks against the – attacks against the internetinternet
Interception of CommunicationsInterception of Communications
More likely due to More likely due to wirelesswireless networking or using networking or using cell phones cell phones to to transmit datatransmit data
War DrivingWar Driving – using someone else’s – using someone else’s bandwidthbandwidth
Sit outside someone’s house and use Sit outside someone’s house and use their internet access to connect to their internet access to connect to the webthe web
Computer Computer SabotageSabotage
Acts of malicious (Acts of malicious (malwaremalware--malicious/logic programs) destruction malicious/logic programs) destruction to computers or computer resourcesto computers or computer resources
Computer Virus and MalwareComputer Virus and Malware
VirusVirus – software sabotage – software sabotage Infects your computerInfects your computer Travels through Travels through sharedshared
networks/disks/etcnetworks/disks/etc New ones discovered New ones discovered dailydaily
How a Virus might SpreadHow a Virus might Spread
Figure 4-3
Types of MalwareTypes of Malware
BasicBasic – attaches to a file/program and infects – attaches to a file/program and infects anything accessing itanything accessing it
WormWorm – duplicates itself until out of memory – duplicates itself until out of memory
Trojan HorseTrojan Horse – looks like a legitimate – looks like a legitimate programprogram
Logic BombLogic Bomb – activates when a condition is – activates when a condition is met (key is pressed or info is changed)met (key is pressed or info is changed)
Time BombTime Bomb – triggered by a date or time – triggered by a date or time (Michelangelo Virus, March 6)(Michelangelo Virus, March 6)
Signs of Virus InfectionSigns of Virus Infection
1.1. Unusual Unusual message/graphicsmessage/graphics appear appear2.2. Available memory is Available memory is lessless than it should than it should
bebe3.3. Program/file is missing or suddenly Program/file is missing or suddenly
appearsappears4.4. File size change File size change without explanationwithout explanation5.5. Files/programs will not Files/programs will not workwork6.6. Computer Computer crashescrashes/restarts/freezes up /restarts/freezes up
continuouslycontinuouslyCreating a virus is not illegal, distributing is!Creating a virus is not illegal, distributing is!
Denial of Service Denial of Service AttackAttack
Floods the network with so many Floods the network with so many requests that is shuts down or denies requests that is shuts down or denies serviceservice
Hackers may use Hackers may use viruses (worms) viruses (worms) to to launch these attackslaunch these attacks
How a DNS worksHow a DNS works
Data or Program AlterationData or Program Alteration
Breaching a system to Breaching a system to deletedelete or or change datachange data, modify programs, or , modify programs, or deface websitesdeface websites
Figure 4-5
Other TermsOther Terms Data DiddlingData Diddling: it involves : it involves altering some key operations altering some key operations on on
a computer system in some un-sanctioned way. An a computer system in some un-sanctioned way. An example is student changing grades in a school file. example is student changing grades in a school file.
Salami Shaving:Salami Shaving: small amounts are shaved from large small amounts are shaved from large amounts amounts and are accumulated elsewhere. A bank employee and are accumulated elsewhere. A bank employee may shave few cents from clients' accounts. Clients may may shave few cents from clients' accounts. Clients may not notice the shaving, but when these small amounts not notice the shaving, but when these small amounts accumulate, they become large. Supermarkets are often accumulate, they become large. Supermarkets are often accused of this crime when they do not update prices to accused of this crime when they do not update prices to reflect lower shelf prices.reflect lower shelf prices.
TrapdoorsTrapdoors: : leaving,leaving, within a completed program, within a completed program, an illicit an illicit
program that will allowprogram that will allow illegal illegal accessaccess
Piggybacking:Piggybacking: using another person's identification code using another person's identification code or using that person's files before he logs off or using that person's files before he logs off to bypass all to bypass all security systems. security systems.
Protecting Against Protecting Against Unauthorized Access/Use Unauthorized Access/Use and Computer Sabotageand Computer Sabotage
Possessed Knowledge Access Possessed Knowledge Access SystemsSystems
Creating a Strong Creating a Strong PasswordPassword at least at least 88 characters characters Join 2 words togetherJoin 2 words together Mix letters and numbersMix letters and numbers Change Change frequentlyfrequently Do not shareDo not share Family names Family names backback in the family tree in the family tree Add letter/numbers to the front/back of wordsAdd letter/numbers to the front/back of words Make sure no one is watching (Make sure no one is watching (shoulder surfingshoulder surfing))
Possessed Knowledge Access Possessed Knowledge Access Systems Cont.Systems Cont.
User NamesUser Names PIN (PIN (Personal Identification NumbersPersonal Identification Numbers)) Security codes Security codes
Possessed Object Access SystemsPossessed Object Access Systems
Examples:Examples: Security CardsSecurity Cards BadgesBadges KeysKeys
Biometric Access SystemsBiometric Access Systems
Use some part of the body to gain Use some part of the body to gain accessaccess
FingerprintFingerprint RetinalRetinal Face RecognitionFace Recognition Hand GeometryHand Geometry Voice VerificationVoice Verification Signature VerificationSignature Verification
Firewalls and Antivirus SoftwareFirewalls and Antivirus Software
Software and/or hardware that keeps Software and/or hardware that keeps unauthorizedunauthorized people from accessing your people from accessing your computercomputer
1.1. Keep Keep definitions/signaturesdefinitions/signatures up to date up to date
2.2. Virus Virus EncyclopediasEncyclopedias on the Web on the Web
3.3. Install security Install security patchespatches (cures) (cures)
4.4. Keep Keep backupsbackups
5.5. Be wary of Be wary of attachmentsattachments
Zone AlarmZone Alarm
Figure 4-8
Norton (Symantec) AntivirusNorton (Symantec) Antivirus
Figure 4-10
McAfee
Avast (free)
AVG (free)
Email and File EncryptionEmail and File Encryption
EncryptionEncryption – – scramblingscrambling the data as it the data as it leaves your computerleaves your computer
DecryptionDecryption – – unscramblingunscrambling the data the data when it arrives at your computerwhen it arrives at your computer
Example of Public Key EncryptionExample of Public Key Encryption
Figure 4-12
Secure Web ServersSecure Web Servers Prevent Prevent unauthorizedunauthorized access to a website access to a website
• Padlock/Broken keyPadlock/Broken key• https://https://
Virtual Private Networks (VPN)Virtual Private Networks (VPN) Continuous secure channel for a businessContinuous secure channel for a business Private tunnelPrivate tunnel
Wi-FiWi-Fi – must turn on settings on hardware – must turn on settings on hardware
Online Theft, Fraud, and Online Theft, Fraud, and Other Dot ConsOther Dot Cons
Accessing a PC that is Accessing a PC that is not not yours and stealing yours and stealing
informationinformation
Identity Theft and ProtectionIdentity Theft and Protection
Obtaining personal info about another Obtaining personal info about another and “masquerading” as that personand “masquerading” as that person
Figure 4-14
Step 1: The thief obtainsinformation about an individual.
Step 2: The thief uses theinformation to make purchases,obtain credit cards, etc.
Step 3: The victim eventuallyfinds out.
SCAMSCAM
Remember what these letters Remember what these letters mean….mean….• Be Be SStingytingy about sharing info about sharing info• CCheckheck your records your records• Ask Ask AAnnuallynnually for a credit report – free for a credit report – free
once per yr. (3 credit bureaus)once per yr. (3 credit bureaus)• MMaintainaintain accurate records accurate records
Online Auction FraudOnline Auction Fraud
Paying for merchandise ordered Paying for merchandise ordered online that never is delivered or online that never is delivered or misrepresentedmisrepresented
Use a credit card or some other form Use a credit card or some other form of delayed payment (like Paypal)of delayed payment (like Paypal)
Internet Scams, Spoofing, & Internet Scams, Spoofing, & PhishingPhishing
Spoofing or PhishingSpoofing or Phishing – making it – making it appear that an email originates from appear that an email originates from somewhere other than its actual somewhere other than its actual source source Phishing Video
Internet ScamsInternet Scams – include a wide – include a wide range of scams offered through Web range of scams offered through Web sitessites
Example of PhishingExample of Phishing
Using Digital Signatures and Using Digital Signatures and CertificatesCertificates
Digital Digital SignatureSignature – Used to verify the – Used to verify the identity of the sender of a documentidentity of the sender of a document
Security code is different for each Security code is different for each document sentdocument sent
Digital Digital CertificateCertificate – The “Certificate – The “Certificate Authority” guarantees that they are Authority” guarantees that they are who the claim they arewho the claim they are
Digital CertificateDigital Certificate
Viewing a secure web page’s digital Viewing a secure web page’s digital certificatecertificate
Hardware Theft, Damage, Hardware Theft, Damage, and System Failureand System Failure
System Failure and Other DisastersSystem Failure and Other Disasters
System FailureSystem Failure – the complete – the complete stopping of your computer’s stopping of your computer’s capabilitiescapabilities
Can occur because of hardware Can occur because of hardware problemsproblems• Natural disastersNatural disasters• Caused by man (9/11)Caused by man (9/11)
Software problems also cause Software problems also cause computers to malfunction (Y2K bug)computers to malfunction (Y2K bug)
Protecting Against Hardware TheftProtecting Against Hardware Theft
Window and door Window and door lockslocks
LockingLocking cabinets cabinets SilentSilent alarms alarms Sign Sign in and out in and out
proceduresprocedures
Protection (cont)Protection (cont)
Surge Surge protectors/suppressorprotectors/suppressor Uninterruptible Uninterruptible Power Supply - Power Supply -
battery battery Protect against dust, dirt, Protect against dust, dirt,
sunlight, sunlight, staticstatic electricity, and electricity, and excess motionexcess motion
DisasterDisaster recovery plan recovery plan Back up plans/Back up plans/offsiteoffsite storage storage
Software Piracy and Digital Software Piracy and Digital CounterfeitingCounterfeiting
Software Software PiracyPiracy – illegal copying of – illegal copying of copyrighted softwarecopyrighted software
Includes:Includes: Giving copies to friendsGiving copies to friends Installing on more machines than Installing on more machines than
permittedpermitted Digital Digital counterfeitingcounterfeiting
• Making fake documents: Making fake documents: passports, birth certificatespassports, birth certificates
Figure 4-25
Protecting Against PiracyProtecting Against Piracy
Laws – Laws – IntellectualIntellectual Property RightsProperty Rights
Copyright Protection – Copyright Protection – exclusive rights to the exclusive rights to the creator of the softwarecreator of the software
Copy Protection Copy Protection SchemesSchemes Flexible Licensing: Flexible Licensing: EULAEULA
(End User License (End User License Agreement)Agreement)
Usually 1 license for each Usually 1 license for each computer computer
Figure 4-24
Multiple Computer LicensesMultiple Computer Licenses
SiteSite License License – can have as many – can have as many copies at that site as you wishcopies at that site as you wish• Building (MASH)Building (MASH)
Pack LicensePack License – buying in – buying in multiplesmultiples of of 5, 10, 25, etc.5, 10, 25, etc.
NetworkNetwork License License – covers the entire – covers the entire network; server may “meter” network; server may “meter” number of licenses runningnumber of licenses running
AuthenticityAuthenticity
HologramsHolograms StickersStickers Digital WatermarksDigital Watermarks Traceable copying on machinesTraceable copying on machines New currency designsNew currency designs Companies will watch Companies will watch online auctions online auctions
and look for stolen hardware and and look for stolen hardware and softwaresoftware
Anti-counterfeiting Measures used Anti-counterfeiting Measures used with U.S. Currencywith U.S. Currency
Figure 4-26
WatchdogWatchdog Organizations Organizations
Business Software AllianceBusiness Software Alliance• www.bsa.org
Software Publishers AssociationSoftware Publishers Association• www.siia.net
Personal ChoicePersonal Choice – theft increases the – theft increases the chance of viruses, drives up price, chance of viruses, drives up price, jobs lost, reduce demand, against jobs lost, reduce demand, against the lawthe law
Personal Safety IssuesPersonal Safety Issues
CyberstalkingCyberstalking – repeated threats of – repeated threats of harassingharassing behavior via email or other behavior via email or other internet communicationsinternet communications
Online PornographyOnline Pornography – Public libraries – Public libraries and schools must use a and schools must use a filterfilter to to receive public moneyreceive public money