Chapter_05.pdf

Full Transcript

Discovering Computers
Technology in a World of Computers,
Mobile Devices, and the Internet

Chapter 5
Digital Safety
and Security
Objectives Overview

Describe various types
Define the term, digital Discuss techniques to
of Internet and network
security risks, and prevent unauthorized
attacks, and explain
briefly describe the computer access and
ways to safeguard
types of cybercriminals use
against these attacks

Explain the ways that Discuss how
software manufacturers encryption, digital
protect against signatures, and digital
software piracy certificates work

See Page 202 Discovering Computers 2014: Chapter 5 2
for Detailed Objectives
Objectives Overview

Identify risks and
Identify safeguards
Explain the options safeguards associated
against hardware theft,
available for backing up with wireless
vandalism, and failure
communications

Recognize issues related
to information accuracy, Discuss issues
intellectual property surrounding information
rights, codes of conduct, privacy
and green computing

See Page 202 Discovering Computers 2014: Chapter 5 3
for Detailed Objectives
Digital Security Risks

A digital security risk is any event or action that could
cause a loss of or damage to a computer or mobile device
hardware, software, data, information, or processing
capability
Any illegal act involving the use of a computer or related
devices generally is referred to as a computer crime
A cybercrime is an online or Internet-based illegal act

Page 202 Discovering Computers 2014: Chapter 5 4
Digital Security Risks

Page 203 Discovering Computers 2014: Chapter 5 5
Figure 5-1
Digital Security Risks

Hacker Cracker Script kiddie

Unethical
Corporate spies Cyberextortionist
employees

Cyberterrorist

Page 204 Discovering Computers 2014: Chapter 5 6
Internet and Network Attacks
Information transmitted
over networks has a higher
degree of security risk than
information kept on an
organization’s premises
Malware, short for
malicious software, consists
of programs that act
without a user’s knowledge
and deliberately alter the
operations of computers
and mobile devices

Pages 204 - 205 7
Discovering Computers 2014: Chapter 5
Table 5-1
Internet and Network Attacks

Page 205 Discovering Computers 2014: Chapter 5 8
Figure 5-2
Internet and Network Attacks

A botnet is a group of compromised computers or mobile devices
connected to a network
– A compromised computer or device is known as a zombie
A denial of service attack (DoS attack) disrupts computer access to
Internet services
– Distributed DoS (DDoS)
A back door is a program or set of instructions in a program that
allow users to bypass security controls
Spoofing is a technique intruders use to make their network or
Internet transmission appear legitimate

Pages 206 - 207 Discovering Computers 2014: Chapter 5 9
Internet and Network Attacks

A firewall is hardware and/or software that
protects a network’s resources from intrusion

Pages 208 - 209 Discovering Computers 2014: Chapter 5 10
Figure 5-4
Unauthorized Access and Use

Unauthorized access is Unauthorized use is the
the use of a computer or use of a computer or its
network without data for unapproved or
permission possibly illegal activities

Page 210 Discovering Computers 2014: Chapter 5 11
Unauthorized Access and Use

Organizations take
several measures to
help prevent
unauthorized access
and use
– Acceptable use policy
– Disable file and printer
sharing

Page 210 12
Discovering Computers 2014: Chapter 5
Figure 5-5
Unauthorized Access and Use

Access controls define who can access a computer,
device, or network; when they can access it; and
what actions they can take while accessing it
The computer, device, or network should maintain an
audit trail that records in a file both successful and
unsuccessful access attempts
– User name
– Password
– Passphrase
– CAPTCHA

Pages 211 - 212 Discovering Computers 2014: Chapter 5 13
Figure 5-6
Unauthorized Access and Use

A possessed object is any A biometric device
item that you must carry to authenticates a person’s
gain access to a computer identity by translating a
or computer facility personal characteristic into
– Often are used in a digital code that is
combination with a PIN compared with a digital
(personal identification code in a computer
number)

Page 213 14
Discovering Computers 2014: Chapter 5
Unauthorized Access and Use

Face
Fingerprint
recognition
reader
system

Hand Voice
geometry verification
system system

Signature Iris
verification recognition
system system
Pages 213 – 214 Discovering Computers 2014: Chapter 5 15
Figures 5-8 – 5-10
Unauthorized Access and Use

Digital forensics is the discovery, collection, and
analysis of evidence found on computers and
networks
Many areas use digital forensics
Law Criminal Military
enforcement prosecutors intelligence

Information
Insurance
security
agencies
departments
Page 214 Discovering Computers 2014: Chapter 5 16
Software Theft

Software theft occurs when someone:

Steals software Intentionally
media erases programs

Illegally registers
Illegally copies a
and/or activates
program
a program
Page 215 Discovering Computers 2014: Chapter 5 17
Software Theft

Many manufacturers incorporate an activation
process into their programs to ensure the
software is not installed on more computers than
legally licensed
During the product activation, which is conducted
either online or by phone, users provide the
software product’s identification number to
associate the software with the computer or
mobile device on which the software is installed
Page 215 Discovering Computers 2014: Chapter 5 18
Software Theft

A single-user license agreement typically contains the
following conditions:

Pages 215 – 216 Discovering Computers 2014: Chapter 5 19
Figure 5-11
Information Theft

Information theft occurs when someone steals
personal or confidential information
Encryption is a process of converting data that is
readable by humans into encoded characters to
prevent unauthorized access

Pages 216 - 217 Discovering Computers 2014: Chapter 5 20
Table 5-2
Information Theft

Page 217 Discovering Computers 2014: Chapter 5 21
Figure 5-12
Information Theft

A digital signature is an encrypted code that a
person, website, or organization attaches to an
electronic message to verify the identity of the
sender
– Often used to ensure that an impostor is not participating
in an Internet transaction
A digital certificate is a notice that guarantees a user
or a website is legitimate
A website that uses encryption techniques to secure
its data is known as a secure site

Page 218 Discovering Computers 2014: Chapter 5 22
Information Theft

Page 218 Discovering Computers 2014: Chapter 5 23
Figure 5-13
Hardware Theft, Vandalism, and Failure

Hardware vandalism
Hardware theft is
is the act of defacing
the act of stealing
or destroying digital
digital equipment
equipment

Page 219 Discovering Computers 2014: Chapter 5 24
Hardware Theft, Vandalism, and Failure

To help reduce the of chances of theft, companies
and schools use a variety of security measures

Page 219 Discovering Computers 2014: Chapter 5 25
Figure 5-14
Backing Up – The Ultimate Safeguard

A backup is a duplicate of a file, program, or
media that can be used if the original is lost,
damaged, or destroyed
– To back up a file means to make a copy of it
Off-site backups are stored in a location separate
from the computer or mobile device site

Cloud
Storage

Page 219 Discovering Computers 2014: Chapter 5 26
Backing Up – The Ultimate Safeguard

Categories of backups: Three-generation
– Full backup policy
– Differential
Grandparent
– Incremental
– Selective
– Continuous data
protection Parent

Child

Page 219 27
Discovering Computers 2014: Chapter 5
Backing Up – The Ultimate Safeguard

Page 220 Discovering Computers 2014: Chapter 5 28
Table 5-3
Wireless Security

Wireless access poses
additional security risks
Some intruders intercept
and monitor
communications as they
transmit through the air
Others connect to a
network through an
unsecured wireless access
point (WAP) or
combination router/WAP

Page 221 29
Discovering Computers 2014: Chapter 5
Figure 5-16
Ethics and Society

Computer ethics are
the moral guidelines
that govern the use of
computers, mobile
devices, and
information systems
Information accuracy is
a concern
– Not all information on
the web is correct

Pages 224 - 225 30
Discovering Computers 2014: Chapter 5
Figure 5-18
Ethics and Society

Intellectual property refers to unique and original
works such as ideas, inventions, art, writings,
processes, company and product names, and logos
Intellectual property rights are the rights to which
creators are entitled to their work
A copyright protects any tangible form of expression
Digital rights management (DRM) is a strategy
designed to prevent illegal distribution of movies,
music, and other digital content
Page 225 Discovering Computers 2014: Chapter 5 31
Ethics and Society

A code of conduct is a written guideline that helps
determine whether a specification is
ethical/unethical or allowed/not allowed

Page 226 Discovering Computers 2014: Chapter 5 32
Figure 5-19
Ethics and Society

Green computing involves reducing the electricity
and environmental waste while using computers,
mobile devices, and related technologies

Pages 226 - 227 Discovering Computers 2014: Chapter 5 33
Figure 5-20
Information Privacy

Information privacy refers to the right of
individuals and companies to deny or restrict the
collection and use of information about them
Huge databases store data online
It is important to safeguard your information

Page 227 Discovering Computers 2014: Chapter 5 34
Information Privacy

Page 228 35
Discovering Computers 2014: Chapter 5
Figure 5-21
Information Privacy

Information about you
can be stored in a
database when you:
– Fill out a printed or
online form
– Create a social
networking profile
– Register a product
warranty

Pages 228 - 229 36
Discovering Computers 2014: Chapter 5
Figure 5-22
Information Privacy

A cookie is a small text file that a web server stores on
your computer
Websites use cookies for a variety of reasons:
Store user Assist with
Allow for
names and/or online
personalization
passwords shopping

Track how
Target
often users
advertisements
visit a site
Page 229 Discovering Computers 2014: Chapter 5 37
Information Privacy

Page 230 Discovering Computers 2014: Chapter 5 38
Figure 5-23
Information Privacy

Phishing is a scam in which a perpetrator sends an
official looking email message that attempts to
obtain your personal and/or financial information
With clickjacking, an object that can be clicked on
a website contains a malicious program

Page 231 Discovering Computers 2014: Chapter 5 39
Information Privacy

Spyware is a program placed on a computer or
mobile device without the user’s knowledge that
secretly collects information about the user and
then communicates the information it collects to
some outside source while the user is online
Adware is a program that displays an online
advertisement in a banner or pop-up window on
webpages, email messages, or other Internet
services
Page 231 Discovering Computers 2014: Chapter 5 40
Information Privacy

Social engineering is defined as gaining
unauthorized access to or obtaining confidential
information by taking advantage of the trusting
human nature of some victims and the naivety of
others

Page 232 Discovering Computers 2014: Chapter 5 41
Information Privacy

The concern about privacy has led to the
enactment of federal and state laws regarding the
storage and disclosure of personal data
– See Table 5-4 on page 233 for a listing of major U.S.
government laws concerning privacy

Pages 232 - 233 Discovering Computers 2014: Chapter 5 42
Information Privacy

Employee monitoring involves the use of computers, mobile
devices, or cameras to observe, record, and review an
employee’s use of a technology, including communications such
as email messages, keyboard activity (used to measure
productivity), and websites visited

Many programs exist that easily allow employers to monitor
employees. Further, it is legal for employers to use these
programs

Page 233 Discovering Computers 2014: Chapter 5 43
Ethics and Society

Content filtering is the
process of restricting
access to certain
material on the Web
– Many businesses use
content filtering
Web filtering software
restricts access to
specified websites

Page 234 44
Discovering Computers 2014: Chapter 5
Figure 5-24
Summary

Risks and safeguards associated
with Internet and network
attacks, unauthorized access and
Variety of digital security risks Cybercrime and cybercriminals
use, software theft, information
theft, and hardware theft,
vandalism, and failure

Various backup strategies and Ethical issues in society and
methods of securing wireless various ways to protect the
communications privacy of personal information

Page 235 Discovering Computers 2014: Chapter 5 45
 Discovering Computers
Technology in a World of Computers,
Mobile Devices, and the Internet

Chapter 5
Digital Safety
and Security
Chapter 5 Complete