introduction to computer technology computer crime, security and legal issues part 3-session_1...
TRANSCRIPT
INTRODUCTION TO COMPUTER TECHNOLOGY
COMPUTER CRIME, SECURITY AND LEGAL ISSUES
Part 3-Session_1
Akanferi Albert [email protected]@gmail.com
026-7023-177
OBJECTIVES OF THE SESSION• To define and explain computer crime• To explain some of the types of computer
crimes• To define and explain computer security and
control• To explain some of the control measures to
computer vulnerability• To explain computer related legal issues
INTRODUCTION• Computers systems and digital data
generally are very vulnerable as well as expensive.
• However, they are very important in the daily lives of businesses and individuals
• Hence, they need to be protected, but the normal laws are not enough to handle the complexities of this phenomenon.
INTRODUCTION• Until the introduction of computer and data
misuse acts were passed, in some countries, two highly damaging activities were not against the law.
• These were hacking into computers and the deliberate infection of computer systems with viruses.
• Although an offended individual or organization could use civil courts to seek damages for losses suffered, there was no effective legal protection against this offence
– Defined as the commission of illegal acts through the use of computer or against a computer system.
Or – as “any violations of criminal law that involve a
knowledge of computer technology for their perpetration, investigation, or prosecution”
– Computer may be target of crime, e.g.:• Breaching confidentiality of protected
computerized data• Accessing a computer system without authority
– Computer may be instrument of crime, e.g.:• Theft of trade secrets• Using e-mail for threats or harassment© Pearson Education 20125
COMPUTER CRIME
• Hence when we access a computer without authority, or with intent to harm, even if by accident, we commit a crime.
COMPUTER CRIME
–Hackers vs. crackers–Activities include•System intrusion•System damage•Cybervandalism–Intentional disruption,
defacement, destruction of Web site or corporate information system
© Pearson Education 20127
HACKERS AND COMPUTER CRIME
• Spoofing–Misrepresenting oneself by using fake e-mail
addresses or masquerading as someone else–Redirecting Web link to address different
from intended one, with site masquerading as intended destination
• Sniffer– Eavesdropping program that monitors
information traveling over network– Enables hackers to steal proprietary
information such as e-mail, company files, etc. © Pearson Education 20128
HACKERS AND COMPUTER CRIME
• Denial-of-service attacks (DoS)– Flooding server with thousands of false
requests to crash the network.
• Distributed denial-of-service attacks (DDoS)–Use of numerous computers to launch a DoS–Botnets• Networks of “zombie” PCs infiltrated by bot
malware•Worldwide, 6 - 24 million computers serve
as zombie PCs in thousands of botnets © Pearson Education 20129
HACKERS AND COMPUTER CRIME
• Identity theft– Theft of personal Information (social security id,
driver’s license or credit card numbers) to impersonate someone else
• Phishing– Setting up fake Web sites or sending e-mail
messages that look like legitimate businesses to ask users for confidential personal data.
• Evil twins– Wireless networks that pretend to offer
trustworthy Wi-Fi connections to the Internet
© Pearson Education 201210
HACKERS AND COMPUTER CRIME
• Pharming–Redirects users to a bogus Web page, even
when individual types correct Web page address into his or her browser
• Click fraud–Occurs when individual or computer
program fraudulently clicks on online ad without any intention of learning more about the advertiser or making a purchase
• Cyberterrorism and Cyberwarfare© Pearson Education 201211
HACKERS AND COMPUTER CRIME
• Computer Viruses
Forms of malicious codes written with an aim to harm a computer system and destroy information.
Can replicate themselves and harm the computer systems on a network without the knowledge of the system users.
Viruses spread to other computers through network file system, through the network, Internet or by the means of removable devices like USB drives and CDs.
Writing computer viruses is a criminal activity as virus infections can crash computer systems, thereby destroying great amounts of critical data.
HACKERS AND COMPUTER CRIME
• Cyberstalking
The use of communication technology, mainly the Internet, to torture other individuals is known as cyberstalking.
False accusations, transmission of threats and damage to data and equipment fall under the class of cyberstalking activities.
Cyberstalkers often target the users by means of chat rooms, online forums and social networking websites to gather user information and harass the users on the basis of the information gathered.
Obscene emails, abusive phone calls and other such serious effects of cyberstalking have made it a type of computer crime.
HACKERS AND COMPUTER CRIME
– hardware failure, – software failure, – personnel actions, – terminal access penetration, – theft of data, – theft of service, – theft of equipment, fire, – electrical problems, – user errors, – programme changes and – telecommunication problems.
Threats to computer include:
• The potential for unauthorized access, abuse or fraud is not limited to a single location but can occur at any access point in the network, hence, the need to provide computer security and control.
DEFINITION OF SECURITY & CONTROL
DEFINITION OF SECURITY & CONTROL• Security refers to the policies, procedures and
technical measures used to prevent unauthorized access, alteration, theft or physical damage to information systems.
• Access Control consists of all the various mechanisms (physical, logical, administrative) used to ensure that only authorized persons or processes are allowed to use or access a system.
PHYSICAL CONTROLS
• These are physical measures put in place to ensure security of computer and related resources in an organisation
• Physical controls can further be grouped into:Preventive Physical ControlsDetective Physical Controls
PREVENTIVE PHYSICAL CONTROLS• Preventive physical
controls are employed to prevent unauthorized personnel from entering computing facilities (i.e. locations housing computing resources, supporting utilities, computer hard copy, and input data media) and to help protect against natural disasters.
• Backup files and documentation
• Fences• Security guards• Badge systems• Double door systems• Locks and keys• Backup power• Biometric access controls• Site selection• Fire extinguishers
Examples of these controls include:
DETECTIVE PHYSICAL CONTROLS• Detective physical controls warn
protective services personnel that physical security measures are being violated.
• Examples of these controls include:Motion detectorsSmoke and fire detectorsClosed-circuit television monitorsSensors and alarms
TECHNICAL CONTROLS• Technical security involves the use of safeguards
incorporated in computer hardware, operations or applications software, communications hardware and software, and related devices.
• Technical controls are sometimes referred to as logical controls.
• Technical controls can also further be grouped into:Preventive Technical ControlsDetective Technical Controls
PREVENTIVE TECHNICAL CONTROLS• Preventive technical controls are used to prevent unauthorized
personnel or programs from gaining REMOTE access to computing resources.
• Examples of these controls include: Access control software Antivirus software Library control systems Passwords Smart cards Encryption Dial-up access control and call back in systems
DETECTIVE TECHNICAL CONTROLS
• Detective technical controls warn personnel of violations or attempted violations of preventive technical controls.
• Examples of these include: Audit trails and Intrusion detection expert systems
ADMINISTRATIVE CONTROLS• Administrative or personnel security consists of
management constraints, operational procedures, accountability procedures, and supplemental administrative controls established to provide an acceptable level of protection for computing resources.
• In addition, administrative controls include procedures established to ensure that all personnel who have access to computing resources have the required authorizations and appropriate security clearances.
ADMINISTRATIVE CONTROLS
• Administrative controls can also further be grouped into:Preventive Administrative ControlsDetective Administrative Controls
PREVENTIVE ADMINISTRATIVE CONTROLS• Preventive administrative
controls are personnel-oriented techniques for controlling people’s behavior to ensure the confidentiality, integrity, and availability of computing data and programs.
• Examples of preventive • administrative controls include:• Security awareness and
technical training • Separation of duties• Procedures for recruiting and
terminating employees • Security policies and
procedures• Supervision • Disaster recovery, contingency
and emergency plans • User registration for computer
access
DETECTIVE ADMINISTRATIVE CONTROLS
• Detective administrative controls are used to determine how well security policies and procedures are complied with, to detect fraud, and to avoid employing persons that represent an unacceptable security risk.
• This type of control includes:Security reviews and auditsPerformance evaluationsRequired vacationsBackground investigations Rotation of duties
COPYRIGHT LAW AND SOFTWARE CONTRACTS• Copyright in general term is the right to
publish, reproduce and sell the matter and form of a literary, musical, dramatic or artistic work.
• The owner of the copyright can sell the item that the copyright relates to, and can stop other people from selling the same works because they are breaching the copyright obtained by the original author.