CSC 113 Unit 8: Security & Privacy Issues in IT PDF

Summary

This document provides an overview of Information Technology security and privacy issues as part of a university course. It covers topics like basic terms, types of cybercrime, malware, and strategies for improving computer security.

Full Transcript

University of Eswatini
Department of Computer Science

CSC 113: Introduction to
Information Technology

Unit 8: Security and Privacy
Issues in IT
 Table of Contents
Unit 8: Security and Privacy issues in IT.................................................................. 1
8.1 Introduction................................................................................................... 1
8.2 Basic Terms................................................................................................... 1
8.3 Network and Internet Security Concerns....................................................... 1
8.4 Types of Cybercrime..................................................................................... 1
8.5 Activity.......................................................................................................... 4
8.6 Malicious Programs (Malware)..................................................................... 5
8.7 How to secure a Computer............................................................................ 6
8.8 Practice Safe Computing............................................................................... 7
8.9 DoS and Zombie attacks................................................................................ 7
8.10 Activity.......................................................................................................... 8
8.11 Wi-Fi Networks............................................................................................. 8
8.12 Wireless Network Authentication................................................................. 8
8.13 Privacy risks caused by Networks and the Internet....................................... 9
8.14 Privacy Laws................................................................................................. 9
8.15 Strategies for Improving Security................................................................ 10
8.16 Preventing Data Loss................................................................................... 11
8.17 Unit summary.............................................................................................. 11
8.18 Assessment.................................................................................................. 11

i
 Unit 8: Security and Privacy issues in IT

INTRODUCTION
In this unit you will learn about some of the threats that exist when using networks and the
Internet, and about some of the precautions you can take to protect yourself and your computers
from exposure. Upon completion of this unit, you will be able to:
✓ Recognize different types of cybercrime
✓ Differentiate between various types of malware
✓ Explain how to secure a computer
✓ Practice safe computing
✓ Discuss laws related to computer security and privacy.

BASIC TERMS
Cybercrime: Cybercrime are criminal activities carried out by means of a computer.
Packet: A packet is a piece of message transmitted over a packet-switched
network.
MAC Address: A MAC address is a hardware identification number that uniquely
identifies each device on a network.

8.1 NETWORK AND INTERNET SECURITY CONCERNS
Computer crime is becoming increasingly common. It is relatively easy to attack a computer
to cause a disruption or steal data. In fact, this can be carried out over a network or the Internet
with low risk of the crime being traced back to the perpetrator. Computer security is built
around upholding three goals:
❖ Confidentiality: Your data should be visible and accessible only to those whom you
choose to see it.
❖ Integrity: The data you see and store should be reliable and accurate, and should not
be tempered with. You need to be able to trust this data
❖ Availability: Your data should be accessible when you want it including after a mishap
or disaster.

8.2 TYPES OF CYBERCRIME
Personal cybercrime: Personal cybercrime is perpetrated against individuals, as opposed to
businesses and other organizations. These are crimes that affect you directly and that you need
to be aware them. Such crimes include computer fraud which involves schemes that convinces
you to voluntarily and knowingly give money or property to a person. Other personal crimes

1
are shill bidding which is fake bidding to drive up the price of an item and identity theft occurs
when someone uses your name, ID number, or bank or credit cards for financial gain.
Additional personal cybercrime includes:
❖ Cyberbullying: When the exchange involves two minors, it is cyberbullying; when it
involves adults, it is cyber-harassment.
❖ cyber-stalking: Cyber-stalking is more serious in nature, with the stalker
demonstrating a pattern of harassment and posing a credible threat of harm.
❖ Phishing uses email messages and IMs that appear to be from a legitimate business.
The intent of such a communication is to trick you into providing personal information.
One of the common threats- and one that is also easy to carry out- is phishing. In a
phishing attack, offenders send email messages to unsuspecting users in an attempt to
trick them into giving away personal information such as login details or credit card
information. The attackers then use this information to conduct fraudulent activities.
This type of attack is often successful because the email message appears to be from
trustworthy source, such as a bank or other reputable organization. Such emails are not
always sent under the guise of banks. They may appear to be from mobile phone
providers, computer companies, or any other organization you may have an account
with. Phishing emails are getting more sophisticated and harder to recognize, but there
are some considerations that will help you identify them:
▪ Do you actually have an account with the bank or company?
▪ Check the source of the email. Does the email address match the organization’s
standard email address?
▪ If you hover over the link to the company website with your mouse, it shows
you the true URL. Is the address correct?
▪ Are there grammar and spelling mistakes? Does the message appear in the
language you would expect?
▪ Check for the presence of the security padlock icon in the address bar. The
presence of the security padlock icon is an indication that the message be
genuine- although it is not a guarantee.
❖ Spoofing: When a computer connects to a network, it has several identities that are
unique with the environment. It has a name and an Internet address, also known as the
Internet Protocol (IP) address. In addition, the network chip in the computer has an
address (known as Media Access Control, or MAC address). A computer is granted
access to a network as a legitimate device because its IP address is among those
authorized for that network. In a spoofing attack, the attacker’s computer assumes a
false Internet address in order to gain access to a network. Spoofing is an attack which
a user pretends to be another by providing false IP address data. This type of attack is
typically used by people who want to gain access to data but do not have a legitimate
username or password to the network where the data resides. In that case, the attackers
wait for a legitimate user to log in, and then hijacks that user’s IP address and takes
over.

2
❖ Packet Sniffing: When data is sent over a network, it is sent in multiple small packets
rather one large file. When you download a web page, you see the completed item on
the screen, but in reality, that one page might be composed of several hundred packets
of data. The same applies to an Internet telephony program such as Skype. It takes
upwards of 50 packets of data to carry one second of speech. Sniffing is the capability
to capture copies of data packets as they travel across the network and decode their
content. Often, data sent over a network or the Internet is unencrypted, so someone with
the right software can capture and copy the packets that made up the data and decipher
the contents. In simple terms, the sniffer software draws a picture of what it sees and
stores this data in a file.
❖ Pharming redirects you to a phony website even if you type the right address into your
browser. They do this by hijacking a company’s domain name that has not been
renewed or that has security-compromised web servers. Both phishing and pharming
appear to be from legitimate sites.
❖ Password Cracking: When you log in to computer or connect to an account on the
Internet, you identify yourself who you are with a username or number and you
authenticate your identity, typically with a password. Passwords are the most common
method of authentication because they are easy to use and maintain. People who want
to break into a system or account often attempt password cracking-that is, they attempt
to identify a user’s password. Password cracking can be accomplished in several ways:
▪ Guessing: The more you know the easier it is to guess his password.
▪ Keylogger: is a piece of hardware or a software program that captures every
keystroke a user types. A hardware Keylogger (see Figure 16.3) can be used to
capture keystrokes sent from a physical keyboard to a computer, while a
software Keylogger can capture keystrokes from a virtual keyboard or other
input device. When a user enters a password, the keystrokes are logged, and the
password is captured for the attacker to use to gain access to user’s account.
▪ Social engineering: is the art of obtaining someone’s password either by
befriending her ot tricking her into sharing it, Two classical social engineering
methods are pretending to be an administrator who needs to know a password
to fix a problem and sending a phishing email asking a user to fill in a form that
requires her username and password.
▪ Sniffing: Sniffing is the practice of capturing data packets on the network. In
many cases, when people enter their passwords, data packets contain those
passwords in clear text. If the packets can be captured, the password can be
discovered.
▪ Password-cracking tools: Dozens of software programs are designed for
password-cracking. Different types of passwords (Window logon passwords,
Adobe document passwords, and website passwords, for example) require
different password-cracking tools.

3
 ❖ Social Network Attacks: Social networks provide ways for cybercriminals to contact
and scam you. Common threats include:

Adware and other malware

Suspicious emails and notifications

Phishing and other “send money” scams

Clickjacking, where clicking on a link allows malware to post unwanted links on
your page

Clickbaiting that uses a link that tantalizes you with just enough information to get
you to click the link, driving traffic to a webpage

Sharebaiting, which happens when users share unverified posts.
Cybercrime Against Organizations:
❖ Hacking is the act of gaining unauthorized access to a computer system or network.
Hacking has three categories:

White-hat hackers, or “sneakers,” find security holes in a system to prevent
future hacking. They are often security experts who are paid to hack systems.

Black-hat hackers, sometimes referred to as “crackers,” hack into systems for
malicious purposes, such as theft or vandalism.

Gray-hat hackers hack into systems illegally but not for malicious intent.
❖ Hacktivism, such as that committed by Anonymous, is hacking to make a political
statement. A data breach occurs when sensitive data is stolen or viewed by someone
who is not authorized to do so. An unlawful attack on computers or networks done to
intimidate a government or its people for a political or social agenda is known as cyber-
terrorism.
Only about 4 to 5 percent of the web is indexed and searchable by search engines. This is called
the surface web or clear web. The remaining 95 to 96 percent is unindexed, and is called the
deep web. Most of this content is perfectly legal, just hidden from indexers, such as medical
and financial records, database content, and legal documents. The dark web is a subset of the
deep web that is encrypted and hidden. The dark web consists of many types of websites both
legal and illegal. The dark web black markets sell drugs, guns, cyber weapons, and data.

ACTIVITY
1. Describe the three goals of computer security
2. How is password cracking accomplished?
3. Describe the following types of cybercrime:
a. Phishing
b. Spoofing

4
 c. Pharming
4. State common Threats that can be carried out on social networks.

8.3 MALICIOUS PROGRAMS (MALWARE)
As noted in the preceding section, computer criminals engage in a wide variety of activities to
compromise your computer system, data and online identity. They are aided in their efforts by
various types of malicious software, grouped together under the title malware. This section
outlines the types of malware programs. Malware is malicious software that includes spam,
adware and spyware, viruses, worms, Trojan horses, and root kits:
❖ Spam is a mass, unsolicited email. It is popular because it is easy and inexpensive to
implement. Other forms include fax spam, I M spam, and text spam. The act of sending
spam is called spamming.
❖ A cookie is a small text file that allows the website to recognize the user and personalize
the site. Although they are useful, they could be used to collect information that you do
not want to share.
❖ Adware shows you ads, usually in the form of pop-ups or banner ads in websites and
in software. Ads generate income for the software developer. When these ads use C P
U cycles and Internet bandwidth, it can reduce P C performance.
❖ Spyware is a form of malware that secretly gathers personal information about you. It
is usually installed by accident when a user clicks on a pop-up or installs a freeware
program that has a tracking feature.
❖ A virus is a program that replicates itself and infects computers. A computer virus
needs a host file on which to travel, such as a game or email. The attack, also known as
the payload, may corrupt or delete files, or it may even erase an entire disk. The virus
uses the email program or game on the infected computer to send out copies of itself
and infect other machines. A virus is a piece of malicious software that is installed
without the user’s knowledge or consent. When executed, the virus program replicates
and spread to “infect’ other computer programs, data files, or even the boot sector of
the hard drive.
❖ A logic bomb performs a malicious act when certain conditions are met—for example,
when an employee name is removed from a database. When the trigger is a specific
time or date, such as April Fool’s Day, a logic bomb is called a time bomb.
❖ Like viruses, worms are self-replicating, but they do not need a host. Worms travel
over networks, and once a network is infected, it seeks other network machines to
infect. Worms- is similar to a virus in that it may have a malicious payload. However,
worms are designed to automatically spred from computer to computer over a network
or the Internet. Like viruses, the consequences of worms range from destructive to
annoying. A worm might delete files or direct users to a fake website, or it might just
do something annoying like swapping left and right button actions. At the very least, a
worm will consume network bandwidth.

5
 ❖ A botnet is a network of computer zombies or bots controlled by a master. Fake security
notifications are the most common way to spread bots. A botnet could launch a denial-
of-service attack, which cripples a server or network by sending out excessive traffic.
❖ A Trojan horse, or Trojan, is a program that appears to be legitimate but is actually
malicious. Trojans might install adware, a toolbar, or a keylogger, or open a
backdoor…. Trojan- a piece of software, such as a game or utility, that may look
innocent but has a malicious purpose. Typically, the user knowingly installs the game
or utility, but does not realize there’s a Trojan inside. When the user runs the program,
the Trojan starts running in the background, often without the user’s knowledge.
❖ Ransomware is malware that prevents you from using your computer until you pay a
fee. Payment is usually requested in bitcoin, an anonymous, digital, encrypted currency.
❖ A root kit is a set of programs that allows someone to gain control over a computer
system while hiding the fact that the computer has been compromised. A root kit is
almost impossible to detect. It allows the machine to become further infected by
masking behaviour of other malware.

8.4 HOW TO SECURE A COMPUTER
One of the most common ways to get a malware infection on a computer is by downloading it.
This could happen in a drive-by download. A drive-by download occurs when you visit a
website that installs a program in the background without your knowledge. A firewall is
designed to block unauthorized access to your network, but a software firewall blocks access
to an individual machine.
Antivirus programs protect against viruses, Trojans, worms, and spyware. Antispyware
software prevents adware and spyware software from installing itself on your computer.
Security suites are packages of security software that include a combination of features.
A router is a device that connects two or more networks. A home router also acts like a firewall.
Network address translation (NAT) is a router security feature that shields devices on a private
network (home) from the public network, the Internet.
A wireless router provides a wireless access point to your network. Use the router setup utility
to change the SSID, service set identifier, or wireless network name, and enable and configure
wireless encryption.
The operating system is the most important piece of security software. It is best to keep it
patched and up-to-date. By default, Windows and OS X computers are configured to
automatically install updates. The only way to try to be safe is to be proactive and diligent in
protecting your computer system.
The earliest anti-virus programs were designed to detect and protect against viruses, but have
improved over the years into broader security solutions that can detect viruses, worms, Trojans
and sometimes more complex threats.

6
8.5 PRACTICE SAFE COMPUTING
There are three types of user accounts: Standard, Administrator, and Guest. User Account
Control (UAC) will notify you before changes are made to your computer. Do not turn the
UAC feature off, and remember to always read any message before clicking Yes. Malware can
trick users into clicking fake Windows notifications.
There are many rules to use when creating strong passwords. Some basic guidelines include:
mixing upper- and lowercase letters; using at least eight characters; using at least one number
and, if allowed, a special character; and eliminating words in the dictionary or ones that are
personally identifiable.
Encryption converts unencrypted, plain text on a website into code called ciphertext. To read
encrypted information, you must have a key to decrypt it. You also need to be sure the website
is a secure one. You can check for this by confirming the https protocol in the URL and a
padlock in the address bar. Windows includes Encrypting File System (EFS), which enables
you to encrypt individual files. Mac OS X has a similar feature called FileVault. When visiting
a website, look for the lock icon and https:// preceding the web address.
Installing software copies files to the computer; it may alter system settings. Be sure you
understand what changes an installed application will make to your computer.
You should only download from reliable sources. An attack that occurs on the day an exploit
is discovered, before the publisher can fix it, is called a zero-day exploit.
Software publishers release updates. Updates can address security holes or bugs (flaws in the
programming) or add new features. A patch or hotfix addresses individual problems; a service
pack is a larger, planned update.
Many businesses and schools have an Acceptable Use Policy (AUP) by which computer and
network users must abide. Restrictions depend on the type of business and type of information
to which you need access. Although these policies can be restrictive and annoying, they force
users to practice safe computing.

8.6 DOS AND ZOMBIE ATTACKS
In a Denial of Service (DoS) attack, the attacker floods a website or service with thousands of
requests for access - so many that it cannot deal with them all. As a result, legitimate users are
prevented from accessing the site or service. Dos attacks often involve many thousands of
computers from all over the world, all launching multiple requests against the targeted website
or service, making them difficult to prevent. Once an attack is started, it can render the target
site unavailable very quickly. The computers that launch these attacks are called zombies. A
Zombie is a computer that has been infected with a particular type of a Trojan called a bot.
Initially, the bot runs in the background, doing very little beyond communicating with its
master over the internet every now and then, awaiting instructions. One day, it, along with
thousands of other bots, receives instructions to bombard a particular website as part of a DoS
attack. This is called a botnet. Millions if computers around the world are part of multiple
botnets, all used for DoS attacks.

7
ACTIVITY
1. Define the following terms:
a. Spam
b. Cookie
c. Adware
d. Spyware
e. Virus
f. Root kit
2. Describe how a computer can be secured from malware.
3. Describe any two safe computing practices.
4. How are Zombie attack carried out?

8.7 WI-FI NETWORKS
Hackers frequently target Wi-Fi networks. When Wi-Fi networks are not properly secured, it
is easy to steal data on them with little chance of being caught. Hackers don’t even need any
special equipment to penetrate such a Wi-Fi. When people use their devices to locate and
connect to a wireless network, they use a list of available networks. Some of these networks
may be open access, meaning you don’t need a password to connect whilst some may require
a password. Insecure networks are identified with a small exclamation mark; the other
networks have encrypted connections. Some wireless networks appear to be genuine, but in
fact attempt to intercept your traffic. These types of Wi-Fi are called rogue Wi-Fi.
Rogue Wi-Fi networks usually seem authentic, often with a name that is similar or the same as
legitimate network. What is the difference between these networks and authentic Wi-Fi
networks? This network “sniffs” all your traffic, making a copy of everything you type-
including any username, passwords, and all credit card numbers. Public places where many
people are looking for Wi-Fi, such as coffee shops, restaurants, and airports, are common
locations for rogue Wi-Fi connections. How can you tell whether a Wi-Fi network to which
you want to connect is in fact rogue? It’s not easy. If you are directed to “Terms and
Conditions” page after you connect, that is good indication that the network is legitimate. A
time limit is another sign that the network may be genuine. But your best bet is to simply ask
someone who works at the location whether it offers Wi-Fi, and if so, the name of the network.

8.7.1 Wireless Network Authentication
Several systems of wireless network security have been developed over the years, each one an
improvement over earlier system in terms of security level. Here are the most common ones,
in order of the oldest to newest (and most secure):

Wired Equivalent Privacy (WEP): An older and less secure form of wireless
encryption. An older and weaker form of wireless encryption. It is available in both 64-
bit and 128-bit encryption key versions. (The more bits, the greater the security).

8
 Wi-Fi Protected Access (WPA): A form of wireless encryption providing 128-bit
encryption key. A security system designed to overcome the weaknesses of WEP,
providing an improved 128-bit encryption.

WPA2: An improved version of Wi-Fi Protected Access that provides stronger
protection with a 128-bit or 256-bit encryption key. An improved version of WPA that
provides even stronger protection with a 128-bit or 256-bit encryption.
To make it easier for devices to connect to home network that use encryption, some wireless
access points include a feature called Wi-Fi Protected Setup (WPS). WPS enables a user to
connect a device to a trusted network by pressing a button on the wireless access point to
temporarily place it into a mode that allows new connections, and then clicking an onscreen
button in the operating system to complete the connection. Another way to make a wireless
network more secure is to set the wireless access point not to broadcast its service set
identification (SSID), which is its name.

8.8 PRIVACY RISKS CAUSED BY NETWORKS AND THE INTERNET
When you use a search engine, the search engine site can gather information about you based
on the terms you search for and the questions you ask. When you provide personal information
on the internet- such as your name, address, email, and so forth- to a website, that website can
store the information and perhaps use it for purposes other than those you intended.
Your computer has a unique identity. Someone who knows this unique identity can access your
computer via network and view, change, or delete your personal data.
When you store data on your computer, you store it as files. As the number of files grows, it
becomes harder to locate the data you want. This is where database come in. A database stores
data in a way that enables you to search for and locate it quickly. There are millions of databases
worldwide that, together, store billions of files. Often these files contain information about
individuals. If these networks are vulnerable to unauthorized access, sensitive data for many
people may be compromised.

8.9 PRIVACY LAWS
To protect people’ privacy, there are rules to govern how personal information is handled. Most
countries have data protection and privacy laws to control the access and distribution of this
personal information. Different countries have different rules, but most require that any
personal information stored is:

Used only for the intended purpose

Accurate

Sufficient for the purpose, with no unnecessary information held

Accessible by the owner

Obtained legally

Kept secure from unauthorized access

9
 Deleted when no longer needed
Of course, just because there are laws designed to protect your privacy online does not mean
that you shouldn’t take additional steps to keep yourself safe.

8.10 STRATEGIES FOR IMPROVING SECURITY
Some of the work is done for you by operating system vendor, who typically add security
features when they produce new versions of an operating system. For example, Microsoft
Windows now has a built-in firewall, and Microsoft offers its own anti-virus security products.
You can improve security by:

Restricting Access: The easiest and most effective security measure you can take is to
restrict access to the data on your computer. You can do this by using passwords,
applying permissions, and enabling firewalls:
o Using Passwords – When Windows is installed on a computer with only one
user account, it does not require the use of a password to log in to the operating
system. When you start the computer, it takes you straight to the desktop. That
means anybody could start the computer and see what is stored on it as well as
run programs without permission. Therefore, it is critical to create a strong
password for your computer. A strong password should contain a mix of
uppercase and lowercase letters, numbers, and special characters such as @ or
#, and be difficult or impossible for other people to guess.
o Sharing Folders with Permissions – If your Windows computer will have
more than one regular user, you can create a user account for each person. Each
person’s data- his/her pictures, music, movies, documents, and so on-will be
stored in his/her own user folder. Only a folder’s owner can access the contents
of his/her user folder. This is to help keep the data secure.
o Using a Firewall – A firewall is a security barrier on your computer or network
that controls what traffic is allowed into and out of your computer or network.
The barrier is designed to separate your computer or network, which you trust,
from an external network, which you might not. The firewall works from a set
of instructions, or rules. It looks at every packet of traffic that attempts to travel
through the firewall in their direction and decides whether to allow it or block
it. Computers that run later versions of the Windows operating system include
firewall application by default, called Windows Firewall.

Encrypting Data: When you store data on a hard drive, the data is written such that it
can be read by anyone who has access to the drive. That means if someone were to steal
your computer, that person would have access to the data on your hard drive. Even if
he/she did not have the password required to log on to your system, she could still
access the contents of your hard drive simply by removing it from your computer and
installing it on another machine. Encryption involves using a mathematical process to
scramble data to such an extent it is impossible to read…unless you have a key. The
key unscrambles or decrypts the data so that it is readable again. When you use

10
 encryption on your computer, you work as normal; the encryption and decryption
processes take place in the background.

8.11 PREVENTING DATA LOSS
Except for “Backing up” your data onto a hard drive; Windows comes with built-in backup
utility, Windows Backup, that you can use to back up your files and also restore them in the
event of damage or loss.

UNIT SUMMARY
In this unit you learned about computer crime. Computer crime is becoming increasingly
common. It is essential that you be aware of computer security and take the necessary steps to
secure your data and online identity. Computer criminals engage in many types of activities
that can compromise your computer system, your data, and your online identity.
You can take many steps to improve security. One step is to restrict access to your computer
and data by using strong passwords, applying permissions, and enabling firewalls. You can
also use encryption to scramble the data on your hard drive, thereby preventing others from
being able to read it. Security is not just about preventing unauthorized access to your data,
however. It’s also about protecting your data from damage or loss by storing copies of your
data somewhere safe.

ASSESSMENT
1. List three goals of computer security.
2. List four types of activities that computer criminals engage in.
3. Why is it important to have an active firewall either on your computer or at the edge of
your network (or both)?
4. Briefly describe wireless network authentication

11