Chapter_10.pdf

Full Transcript

Chapter 10
Issues and Trends

ITIF0014
Fundamentals of Information Technology

1
Objectives Overview

Define the term, computer security risks, and briefly describe the
types of cybercrime perpetrators
Describe various types of Internet and network attacks, and identify
ways to safeguard against these attacks
Discuss techniques to prevent unauthorized computer access and use
Identify safeguards against hardware theft and vandalism
Explain the ways software manufacturers protect against software
piracy
Discuss how encryption works, and explain why it is necessary

2
Objectives Overview

Discuss the types of devices available that protect computers from
system failure
Explain the options available for backing up computer resources
Identify risks and safeguards associated with wireless
communications
Discuss ways to prevent health-related disorders and injuries due to
computer use
Recognize issues related to information accuracy, intellectual property
rights, codes of conduct, and green computing
Discuss issues surrounding information privacy
See Page 555
3
for Detailed Objectives
Computer Security Risks
A computer security risk is any event or action that could cause a loss
of or damage to computer hardware, software, data, information, or
processing capability
A cybercrime is an online or Internet-based illegal act

Hackers Crackers Script Kiddies Corporate Spies

Unethical
Cyber extortionists Cyber terrorists
Employees

4
Computer Security Risks

5
Internet and Network Attacks
Information transmitted over networks has a higher degree of
security risk than information kept on an organization’s premises
An online security service is a Web site that evaluates your computer
to check for Internet and e-mail vulnerabilities

6
Internet and Network Attacks
Computer
Worm Trojan Horse Rootkit
Virus
Affects a Copies itself A malicious Program that
computer repeatedly, program that hides in a
negatively by using up hides within computer and
altering the resources and or looks like a allows
way the possibly legitimate someone
computer shutting down program from a
works the computer remote
or network location to
take full
control
7
Internet and Network Attacks
An infected computer has one or more of the following symptoms:

Operating system Available memory Screen displays
Files become
runs much slower is less than unusual message
corrupted
than usual expected or image

Unknown
Music or unusual Programs or files
Existing programs programs or files
sound plays do not work
and files disappear mysteriously
randomly properly
appear

Operating system
System properties Operating system
shuts down
change does not start up
unexpectedly

8
Internet and Network Attacks

9
Internet and Network Attacks

10
Internet and Network Attacks

Users can take several
precautions to protect their
home and work computers and
mobile devices from these
malicious infections

11
Internet and Network Attacks

A botnet is a group of compromised computers connected to a
network
A compromised computer is known as a zombie
A denial of service attack (DoS attack) disrupts computer access to
Internet services
Distributed DoS (DDoS)
A back door is a program or set of instructions in a program that
allow users to bypass security controls
Spoofing is a technique intruders use to make their network or
Internet transmission appear legitimate
12
Internet and Network Attacks

A firewall is hardware
and/or software that
protects a network’s
resources from intrusion

13
Internet and Network Attacks

Intrusion detection software
Analyzes all network traffic
Assesses system vulnerabilities
Identifies any unauthorized intrusions
Notifies network administrators of suspicious behavior patterns or
system breaches
Honeypot
Vulnerable computer that is set up to entice an intruder to break into
it
14
Unauthorized Access and Use

Unauthorized access
the use of a computer or
network without permission

Unauthorized use
the use of a computer or its data
for unapproved or possibly
illegal activities
15
Unauthorized Access and Use

Organizations take several
measures to help prevent
unauthorized access and use
Acceptable use policy
Disable file and printer sharing
Firewalls
Intrusion detection software

16
Unauthorized Access and Use

Access controls define who can
access a computer, when they can
access it, and what actions they can
take
Two-phase processes called
identification and authentication
User name
Password
Passphrase
CAPTCHA
Unauthorized Access and Use
A possessed object is any item A biometric device
that you must carry to gain authenticates a person’s identity
access to a computer or by translating a personal
computer facility characteristic into a digital code
Often are used in combination that is compared with a digital
with a personal identification code in a computer
number (PIN)

18
Unauthorized Access and Use

Digital forensics is the discovery, collection, and analysis of evidence
found on computers and networks
Many areas use digital forensics

Law Criminal Military
enforcement prosecutors intelligence

Information
Insurance
security
agencies
departments
19
Hardware Theft and Vandalism

Hardware vandalism
Hardware theft is the
is the act of defacing
act of stealing
or destroying
computer equipment
computer equipment

20
Hardware Theft and Vandalism

To help reduce the of chances of theft, companies and schools use a
variety of security measures

Physical access Cables to lock
Alarm systems
controls equipment

Real time location Passwords, possessed
system objects, and biometrics

21
Software Theft
Software theft occurs when someone:

Steals software media

Intentionally erases programs

Illegally copies a program

Illegally registers and/or activates a program

22
Software Theft

A single-user license agreement typically contains the following
conditions:
Permitted to
Install the software on one computer
Make one copy of the software
Remove the software from your computer before giving it away or selling
it
Not permitted to
Install the software on a network
Give copies to friends or colleagues while continuing to use the software
Export the software
Rent or lease the software
23
Software Theft

Copying, loaning, borrowing,
renting, or distributing software
can be a violation of copyright
law
Some software requires product
activation to function fully

24
Information Theft
Information theft occurs when someone steals personal or
confidential information
Encryption is a process of converting readable data into unreadable
characters to prevent unauthorized access

25
Information Theft

26
Information Theft

A digital signature is an encrypted code that a person, Web site, or
organization attaches to an electronic message to verify the identity
of the sender
Often used to ensure that an impostor is not participating in an Internet
transaction
Web browsers and Web sites use encryption techniques

27
Information Theft
Popular security techniques include

Digital Certificates

Transport Layer Security (TLS)

Secure HTTP

VPN
28
Information Theft

29
System Failure

A system failure is the prolonged malfunction of a computer
A variety of factors can lead to system failure, including:
Aging hardware
Natural disasters
Electrical power problems
Noise, undervoltages, and overvoltages
Errors in computer programs

30
System Failure

Two ways to protect from system failures caused by electrical power
variations include surge protectors and uninterruptable power
supplies (UPS)

31
Backing Up – The Ultimate Safeguard

A backup is a duplicate of a file, program, or disk that can be used if
the original is lost, damaged, or destroyed
To back up a file means to make a copy of it
Offsite backups are stored in a location separate from the computer
site

Cloud Storage

32
Backing Up – The Ultimate Safeguard

Two categories of backups: Three-generation backup policy
Full backup
Selective backup Grandparent

Parent

Child

33
Wireless Security
Wireless access poses additional security risks
About 80 percent of wireless networks have no security protection
War driving allows individuals to detect wireless networks while
driving a vehicle through the area

34
Wireless Security
In additional to using firewalls, some safeguards improve security of
wireless networks:

A wireless access
Change the default
point should not
SSID
broadcast an SSID

Configure a WAP so
that only certain Use WPA or WPA2
devices can access security standards
it
35
Health Concerns of Computer Use

The widespread use of
computers has led to health
concerns
Repetitive strain injury (RSI)
Tendonitis
Carpal tunnel syndrome (CTS)
Computer vision syndrome (CVS)

36
Health Concerns of Computer Use

37
Health Concerns of Computer Use

Ergonomics is an applied science
devoted to incorporating
comfort, efficiency, and safety
into the design of items in the
workplace

38
Health Concerns of Computer Use
Computer addiction occurs when the computer consumes someone’s
entire social life
Symptoms of users include:

Overjoy when Unable to stop
Craves
at the computer
computer time
computer activity

Irritable when Neglects
Problems at
not at the family and
work or school
computer friends
39
Ethics and Society

Computer ethics are the moral
guidelines that govern the use of
computers and information
systems
Information accuracy is a
concern
Not all information on the Web is
correct

40
Ethics and Society

Intellectual property rights are the rights to which
creators are entitled for their work

A copyright protects any tangible form of expression

An IT code of conduct is a written guideline that
helps determine whether a specific computer
action is ethical or unethical
41
Ethics and Society

42
Ethics and Society
Green computing involves reducing the electricity and environmental
waste while using a computer

43
Ethics and Society

Information privacy refers to the right of individuals and companies
to deny or restrict the collection and use of information about them
Huge databases store data online
It is important to safeguard your information

44
Ethics and Society

45
Ethics and Society

When you fill out a form,
the merchant that receives
the form usually enters it
into a database
Many companies today
allow people to specify
whether they want their
personal information
distributed

46
Ethics and Society

A cookie is a small text file that a Web server stores on your computer
Web sites use cookies for a variety of reasons:

Assist with
Allow for Store users’
online
personalization passwords
shopping

Track how
Target
often users
advertisements
visit a site
47
Ethics and Society

48
Ethics and Society

Spam is an unsolicited e-mail
message or newsgroup posting
E-mail filtering blocks
e-mail messages from designated
sources
Anti-spam programs attempt to
remove spam before it reaches
your inbox

49
Ethics and Society

Phishing is a scam in which a
perpetrator sends an official
looking e-mail message that
attempts to obtain your personal
and financial information
Pharming is a scam where a
perpetrator attempts to obtain
your personal and financial
information via spoofing

50
Ethics and Society

The concern about privacy has led to the enactment of federal and
state laws regarding the storage and disclosure of personal data
See Figure 11-36 on page 589 for a listing of major U.S. government laws
concerning privacy
The 1970 Fair Credit Reporting Act limits the rights of others viewing
a credit report to only those with a legitimate business need
Ethics and Society

Social engineering is defined as gaining unauthorized access or
obtaining confidential information by taking advantage of trust
and naivety

Employee monitoring involves the use of computers to
observe, record, and review an employee’s use of a computer
Ethics and Society
Content filtering is the process of
restricting access to certain material
on the Web
Many businesses use content filtering
Internet Content Rating Association
(ICRA)
Web filtering software restricts
access to specified Web sites

53
Thank you

u n i t a r. m y