Chapter 4Chapter 4

Computers and SecurityComputers and Security

Why Should I Be Concerned About Why Should I Be Concerned About Computer Security?Computer Security?

YOUYOU

may be affected in a negative waymay be affected in a negative way

Unauthorized Access and Use, Unauthorized Access and Use, Computer SabotageComputer Sabotage

CybercrimeCybercrime – any illegal act using a – any illegal act using a computercomputer

Unauthorized Unauthorized AccessAccess – use without – use without permissionpermission

Unauthorized UseUnauthorized Use – have – have permissionpermission to to use a computer, but use it to access things use a computer, but use it to access things you you do not do not have permission to access or have permission to access or use that is not authorized (personal e-mail use that is not authorized (personal e-mail at work!)at work!)

Code of ConductCode of Conduct

Figure 4-1

HackingHacking

Unauthorized access into a remote Unauthorized access into a remote computer and/or networkcomputer and/or network

ProfessionalProfessional Hacking – done to check Hacking – done to check security of a company at company’s security of a company at company’s requestrequest

CyberterrorismCyberterrorism – attacks against the – attacks against the internetinternet

Interception of CommunicationsInterception of Communications

More likely due to More likely due to wirelesswireless networking or using networking or using cell phones cell phones to to transmit datatransmit data

War DrivingWar Driving – using someone else’s – using someone else’s bandwidthbandwidth

Sit outside someone’s house and use Sit outside someone’s house and use their internet access to connect to their internet access to connect to the webthe web

Computer Computer SabotageSabotage

Acts of malicious (Acts of malicious (malwaremalware--malicious/logic programs) destruction malicious/logic programs) destruction to computers or computer resourcesto computers or computer resources

Computer Virus and MalwareComputer Virus and Malware

VirusVirus – software sabotage – software sabotage Infects your computerInfects your computer Travels through Travels through sharedshared

networks/disks/etcnetworks/disks/etc New ones discovered New ones discovered dailydaily

How a Virus might SpreadHow a Virus might Spread

Figure 4-3

Types of MalwareTypes of Malware

BasicBasic – attaches to a file/program and infects – attaches to a file/program and infects anything accessing itanything accessing it

WormWorm – duplicates itself until out of memory – duplicates itself until out of memory

Trojan HorseTrojan Horse – looks like a legitimate – looks like a legitimate programprogram

Logic BombLogic Bomb – activates when a condition is – activates when a condition is met (key is pressed or info is changed)met (key is pressed or info is changed)

Time BombTime Bomb – triggered by a date or time – triggered by a date or time (Michelangelo Virus, March 6)(Michelangelo Virus, March 6)

Signs of Virus InfectionSigns of Virus Infection

1.1. Unusual Unusual message/graphicsmessage/graphics appear appear2.2. Available memory is Available memory is lessless than it should than it should

bebe3.3. Program/file is missing or suddenly Program/file is missing or suddenly

appearsappears4.4. File size change File size change without explanationwithout explanation5.5. Files/programs will not Files/programs will not workwork6.6. Computer Computer crashescrashes/restarts/freezes up /restarts/freezes up

continuouslycontinuouslyCreating a virus is not illegal, distributing is!Creating a virus is not illegal, distributing is!

Denial of Service Denial of Service AttackAttack

Floods the network with so many Floods the network with so many requests that is shuts down or denies requests that is shuts down or denies serviceservice

Hackers may use Hackers may use viruses (worms) viruses (worms) to to launch these attackslaunch these attacks

How a DNS worksHow a DNS works

Data or Program AlterationData or Program Alteration

Breaching a system to Breaching a system to deletedelete or or change datachange data, modify programs, or , modify programs, or deface websitesdeface websites

Figure 4-5

Other TermsOther Terms Data DiddlingData Diddling: it involves : it involves altering some key operations altering some key operations on on

a computer system in some un-sanctioned way. An a computer system in some un-sanctioned way. An example is student changing grades in a school file. example is student changing grades in a school file.

Salami Shaving:Salami Shaving: small amounts are shaved from large small amounts are shaved from large amounts amounts and are accumulated elsewhere. A bank employee and are accumulated elsewhere. A bank employee may shave few cents from clients' accounts. Clients may may shave few cents from clients' accounts. Clients may not notice the shaving, but when these small amounts not notice the shaving, but when these small amounts accumulate, they become large. Supermarkets are often accumulate, they become large. Supermarkets are often accused of this crime when they do not update prices to accused of this crime when they do not update prices to reflect lower shelf prices.reflect lower shelf prices.

TrapdoorsTrapdoors: : leaving,leaving, within a completed program, within a completed program, an illicit an illicit

program that will allowprogram that will allow illegal illegal accessaccess

Piggybacking:Piggybacking: using another person's identification code using another person's identification code or using that person's files before he logs off or using that person's files before he logs off to bypass all to bypass all security systems. security systems.

Protecting Against Protecting Against Unauthorized Access/Use Unauthorized Access/Use and Computer Sabotageand Computer Sabotage

Possessed Knowledge Access Possessed Knowledge Access SystemsSystems

Creating a Strong Creating a Strong PasswordPassword at least at least 88 characters characters Join 2 words togetherJoin 2 words together Mix letters and numbersMix letters and numbers Change Change frequentlyfrequently Do not shareDo not share Family names Family names backback in the family tree in the family tree Add letter/numbers to the front/back of wordsAdd letter/numbers to the front/back of words Make sure no one is watching (Make sure no one is watching (shoulder surfingshoulder surfing))

Possessed Knowledge Access Possessed Knowledge Access Systems Cont.Systems Cont.

User NamesUser Names PIN (PIN (Personal Identification NumbersPersonal Identification Numbers)) Security codes Security codes

Possessed Object Access SystemsPossessed Object Access Systems

Examples:Examples: Security CardsSecurity Cards BadgesBadges KeysKeys

Biometric Access SystemsBiometric Access Systems

Use some part of the body to gain Use some part of the body to gain accessaccess

FingerprintFingerprint RetinalRetinal Face RecognitionFace Recognition Hand GeometryHand Geometry Voice VerificationVoice Verification Signature VerificationSignature Verification

Firewalls and Antivirus SoftwareFirewalls and Antivirus Software

Software and/or hardware that keeps Software and/or hardware that keeps unauthorizedunauthorized people from accessing your people from accessing your computercomputer

1.1. Keep Keep definitions/signaturesdefinitions/signatures up to date up to date

2.2. Virus Virus EncyclopediasEncyclopedias on the Web on the Web

3.3. Install security Install security patchespatches (cures) (cures)

4.4. Keep Keep backupsbackups

5.5. Be wary of Be wary of attachmentsattachments

Zone AlarmZone Alarm

Figure 4-8

Norton (Symantec) AntivirusNorton (Symantec) Antivirus

Figure 4-10

McAfee

Avast (free)

AVG (free)

Email and File EncryptionEmail and File Encryption

EncryptionEncryption – – scramblingscrambling the data as it the data as it leaves your computerleaves your computer

DecryptionDecryption – – unscramblingunscrambling the data the data when it arrives at your computerwhen it arrives at your computer

Example of Public Key EncryptionExample of Public Key Encryption

Figure 4-12

Secure Web ServersSecure Web Servers Prevent Prevent unauthorizedunauthorized access to a website access to a website

• Padlock/Broken keyPadlock/Broken key• https://https://

Virtual Private Networks (VPN)Virtual Private Networks (VPN) Continuous secure channel for a businessContinuous secure channel for a business Private tunnelPrivate tunnel

Wi-FiWi-Fi – must turn on settings on hardware – must turn on settings on hardware

Online Theft, Fraud, and Online Theft, Fraud, and Other Dot ConsOther Dot Cons

Accessing a PC that is Accessing a PC that is not not yours and stealing yours and stealing

informationinformation

Identity Theft and ProtectionIdentity Theft and Protection

Obtaining personal info about another Obtaining personal info about another and “masquerading” as that personand “masquerading” as that person

Figure 4-14

Step 1: The thief obtainsinformation about an individual.

Step 2: The thief uses theinformation to make purchases,obtain credit cards, etc.

Step 3: The victim eventuallyfinds out.

SCAMSCAM

Remember what these letters Remember what these letters mean….mean….• Be Be SStingytingy about sharing info about sharing info• CCheckheck your records your records• Ask Ask AAnnuallynnually for a credit report – free for a credit report – free

once per yr. (3 credit bureaus)once per yr. (3 credit bureaus)• MMaintainaintain accurate records accurate records

Online Auction FraudOnline Auction Fraud

Paying for merchandise ordered Paying for merchandise ordered online that never is delivered or online that never is delivered or misrepresentedmisrepresented

Use a credit card or some other form Use a credit card or some other form of delayed payment (like Paypal)of delayed payment (like Paypal)

Internet Scams, Spoofing, & Internet Scams, Spoofing, & PhishingPhishing

Spoofing or PhishingSpoofing or Phishing – making it – making it appear that an email originates from appear that an email originates from somewhere other than its actual somewhere other than its actual source source Phishing Video

Internet ScamsInternet Scams – include a wide – include a wide range of scams offered through Web range of scams offered through Web sitessites

Example of PhishingExample of Phishing

Using Digital Signatures and Using Digital Signatures and CertificatesCertificates

Digital Digital SignatureSignature – Used to verify the – Used to verify the identity of the sender of a documentidentity of the sender of a document

Security code is different for each Security code is different for each document sentdocument sent

Digital Digital CertificateCertificate – The “Certificate – The “Certificate Authority” guarantees that they are Authority” guarantees that they are who the claim they arewho the claim they are

Digital CertificateDigital Certificate

Viewing a secure web page’s digital Viewing a secure web page’s digital certificatecertificate

Hardware Theft, Damage, Hardware Theft, Damage, and System Failureand System Failure

System Failure and Other DisastersSystem Failure and Other Disasters

System FailureSystem Failure – the complete – the complete stopping of your computer’s stopping of your computer’s capabilitiescapabilities

Can occur because of hardware Can occur because of hardware problemsproblems• Natural disastersNatural disasters• Caused by man (9/11)Caused by man (9/11)

Software problems also cause Software problems also cause computers to malfunction (Y2K bug)computers to malfunction (Y2K bug)

Protecting Against Hardware TheftProtecting Against Hardware Theft

Window and door Window and door lockslocks

LockingLocking cabinets cabinets SilentSilent alarms alarms Sign Sign in and out in and out

proceduresprocedures

Protection (cont)Protection (cont)

Surge Surge protectors/suppressorprotectors/suppressor Uninterruptible Uninterruptible Power Supply - Power Supply -

battery battery Protect against dust, dirt, Protect against dust, dirt,

sunlight, sunlight, staticstatic electricity, and electricity, and excess motionexcess motion

DisasterDisaster recovery plan recovery plan Back up plans/Back up plans/offsiteoffsite storage storage

Software Piracy and Digital Software Piracy and Digital CounterfeitingCounterfeiting

Software Software PiracyPiracy – illegal copying of – illegal copying of copyrighted softwarecopyrighted software

Includes:Includes: Giving copies to friendsGiving copies to friends Installing on more machines than Installing on more machines than

permittedpermitted Digital Digital counterfeitingcounterfeiting

• Making fake documents: Making fake documents: passports, birth certificatespassports, birth certificates

Figure 4-25

Protecting Against PiracyProtecting Against Piracy

Laws – Laws – IntellectualIntellectual Property RightsProperty Rights

Copyright Protection – Copyright Protection – exclusive rights to the exclusive rights to the creator of the softwarecreator of the software

Copy Protection Copy Protection SchemesSchemes Flexible Licensing: Flexible Licensing: EULAEULA

(End User License (End User License Agreement)Agreement)

Usually 1 license for each Usually 1 license for each computer computer

Figure 4-24

Multiple Computer LicensesMultiple Computer Licenses

SiteSite License License – can have as many – can have as many copies at that site as you wishcopies at that site as you wish• Building (MASH)Building (MASH)

Pack LicensePack License – buying in – buying in multiplesmultiples of of 5, 10, 25, etc.5, 10, 25, etc.

NetworkNetwork License License – covers the entire – covers the entire network; server may “meter” network; server may “meter” number of licenses runningnumber of licenses running

AuthenticityAuthenticity

HologramsHolograms StickersStickers Digital WatermarksDigital Watermarks Traceable copying on machinesTraceable copying on machines New currency designsNew currency designs Companies will watch Companies will watch online auctions online auctions

and look for stolen hardware and and look for stolen hardware and softwaresoftware

Anti-counterfeiting Measures used Anti-counterfeiting Measures used with U.S. Currencywith U.S. Currency

Figure 4-26

WatchdogWatchdog Organizations Organizations

Business Software AllianceBusiness Software Alliance• www.bsa.org

Software Publishers AssociationSoftware Publishers Association• www.siia.net

Personal ChoicePersonal Choice – theft increases the – theft increases the chance of viruses, drives up price, chance of viruses, drives up price, jobs lost, reduce demand, against jobs lost, reduce demand, against the lawthe law

Personal Safety IssuesPersonal Safety Issues

CyberstalkingCyberstalking – repeated threats of – repeated threats of harassingharassing behavior via email or other behavior via email or other internet communicationsinternet communications

Online PornographyOnline Pornography – Public libraries – Public libraries and schools must use a and schools must use a filterfilter to to receive public moneyreceive public money