Outlines

_______________________________________________________________________________________________

(6) Computer issues

Computer crime Computer security Computer viruses, worms and Trojan horses Computer ethics

SCT0012 - UNDERSTANDING COMPUTER

SCT0012 - UNDERSTANDING COMPUTER

Computer crime
7 basic categories : any crime that involves
hacker someone who accesses a computer / network illegally intent : improve security cracker someone who accesses a computer / network illegally intent : destroy data, stealing information script kiddie usually teenagers whose use prewritten hacking and cracking programs to break into computer / network intent : same as cracker
SCT0012 - UNDERSTANDING COMPUTER

computer crime / cybercrime computer and network

data on a computer is accessed without permission illegal action

result : loss of data / data modifications

worst computer crime occurs when there are no indications that data was accessed

SCT0012 - UNDERSTANDING COMPUTER

unethical employees

Computer Security
Computer security risk :
Action that causes loss of or damage to computer system (hardware, software, data, information, processing capability)

break his employers computers intent : exploit security weakness, revenge

corporate spies

have excellent computer and network skills, break into specific computer to steal data and information intent : gain competitive advantage use email as vehicle for extortion intent : threatening his victim if they are not pay him some money

cyberextortionist

cyberterrorist
SCT0012 - UNDERSTANDING COMPUTER

someone who use Internet / network to destroy computers for political reasons
SCT0012 - UNDERSTANDING COMPUTER

Categories of security risk :

Unauthorized access and use Hardware theft and vandalism

Internet and network attacks :

Information transmit over network has higher degree of security risk compared to information saved in computer Viruses, worms, Trojan horses; denial of service attacks; spoofing Online security service check computer is vulnerable to internet / network computer

Internet and network attacks

Software theft System failure

Information theft

SCT0012 - UNDERSTANDING COMPUTER

SCT0012 - UNDERSTANDING COMPUTER

How can companies protect against hackers / crackers?

Unauthorized access and use :

use of computer / network
Intrusion detection software analyzes network traffic, assesses system vulnerabilities, and identifies intrusions and suspicious behavior Access control defines who can access computer and what actions they can take

Unauthorized access without permission

Unauthorized use use of computer / data for unapproved activities (illegal)

Audit trail records access attempts

SCT0012 - UNDERSTANDING COMPUTER

SCT0012 - UNDERSTANDING COMPUTER

How can individual protect against hackers / crackers? Set and use username/password
Username Unique combination of characters that identifies user

Disable file and printer sharing on Internet connection

File and printer sharing turned off

Password is private combination of characters associated with the user name that allows access to computer resources

SCT0012 - UNDERSTANDING COMPUTER

SCT0012 - UNDERSTANDING COMPUTER

How to make password more secure?

Longer passwords provide greater security

Hardware theft and vandalism :

Hardware theft is act of stealing computer equipment Hardware vandalism is act of defacing or destroying computer equipment

SCT0012 - UNDERSTANDING COMPUTER

SCT0012 - UNDERSTANDING COMPUTER

Safeguards against hardware theft and vandalism :

Software theft :
Act of stealing or illegally copying software or intentionally erasing programs Software piracy is illegal duplication of copyrighted software

physical access control : locked doors and windows to protect the computer / equipment install alarm systems attach additional physical security devices such as cables that lock the computer / equipment to desktop mobile computer user attach physical device to lock mobile computer temporary to stationary object install mini security system use password, and biometrics

SCT0012 - UNDERSTANDING COMPUTER

SCT0012 - UNDERSTANDING COMPUTER

Safeguards against software theft :

Information theft :
Steals personal / confidential information The loss of information can cause as much damage as hardware / software theft Crackers usually intercept during transmission of information over network

keeps original software boxes and media in a secure location

all computer users should back up their files regularly

software manufactures issue users license agreement product activation allows user to input product identification number online or by phone and receive unique installation identification number

SCT0012 - UNDERSTANDING COMPUTER

SCT0012 - UNDERSTANDING COMPUTER

Safeguards against information theft :

Encryption :
Process of converting plaintext (readable data) into ciphertext (unreadable characters) Encryption key (formula) often uses more than one method To read the data, the recipient must decrypt, or decipher, the data

implement user identification and authentication controls

use variety of encryption techniques to keep data secure and private via internet and network

encryption techniques digital signature digital certificates secure sockets layer secure http

SCT0012 - UNDERSTANDING COMPUTER

SCT0012 - UNDERSTANDING COMPUTER

System failure :

What does an encrypted file look like?

Prolonged malfunction of computer Can cause loss of hardware, software, or data

Caused by aging hardware, natural disasters, or electrical power disturbances

Noise unwanted electrical signal Undervoltage drop in electrical supply
SCT0012 - UNDERSTANDING COMPUTER SCT0012 - UNDERSTANDING COMPUTER

Overvoltage or power surge significant increase in electrical power

Computer Viruses, Worms, and Trojan horses

Ways of affecting computer :
Opens an infected file Runs an infected program Boots the computer with infected removable media inserted in a drive / plugged in port Connects an unprotected computer to a network Opening infected email attachments
SCT0012 - UNDERSTANDING COMPUTER SCT0012 - UNDERSTANDING COMPUTER

Virus is a potentially damaging computer program

Worm copies itself repeatedly, using up resources and possibly shutting down computer or network Trojan horse hides within or looks like legitimate program until triggered Does not replicate itself on other computers Payload (destructive event) that is delivered when you open file, run infected program, or boot computer with infected disk in disk drive

Can spread and damage files

What is an antivirus program?

How does an antivirus program identify virus in computer?

Identifies and removes computer viruses

scan for programs that attempt to modify the boot programs, the operating system and other programs that normally are read from but not modified

Most also protect against worms and Trojan horses

Scan memory, storage media, incoming files

inoculate existing infected files. Antivirus records information of that file (file size, creation look for virus signature / date). Virus detected will virus definition either remove or specific pattern of quarantine virus code. The code of virus should be updated regularly in antivirus programs program signature files
SCT0012 - UNDERSTANDING COMPUTER

SCT0012 - UNDERSTANDING COMPUTER

How does an antivirus program inoculate a program file?

Some tips for preventing virus, worm, and Trojan horse infections?
Set the macro security in programs so you can enable or disable macros Install an antivirus program on all of your computers Never open an e-mail attachment unless you are expecting it and it is from a trusted source

Records information about program such as file size and creation Uses date Attempts information to remove to detect if any detected virus tampers virus with file Quarantines infected files that it Keeps file cannot in separate remove
SCT0012 - UNDERSTANDING COMPUTER

If the antivirus program flags an e-mail attachment as infected, delete the attachment immediately

Check all downloaded programs for viruses, worms, or Trojan horses

Install a personal firewall program

area of hard disk

SCT0012 - UNDERSTANDING COMPUTER

Firewall : Personal firewall utility :

Program that protects personal computer and its data from unauthorized intrusions Monitors transmissions to and from computer Informs you of attempted intrusion

Security system consisting of hardware and/or software that prevents unauthorized network access

SCT0012 - UNDERSTANDING COMPUTER

SCT0012 - UNDERSTANDING COMPUTER

Computer ethics
Information privacy :
Right of individuals and companies to restrict collection and use of information about them Difficult to maintain today because data is stored online
Codes of conduct Codes of conduct

Moral guidelines that govern use of computers and information systems

Unauthorized use of Unauthorized use of computers and computers and networks networks Software theft Software theft Information accuracy Information accuracy

Intellectual property Intellectual property rights rights to rights rights to which creators are which creators are entitled for their work entitled for their work

Employee monitoring is using computers to observe employee computer use

Legal for employers to use monitoring software programs
SCT0012 - UNDERSTANDING COMPUTER

Information privacy Information privacy

SCT0012 - UNDERSTANDING COMPUTER

Cookie : Spyware, adware, and spam :

User preferences

Small file on your computer that contains data about you

Some Web sites sell or trade information stored in your cookies

Set browser to accept cookies, prompt you to accept cookies, or disable cookies

Spyware is program placed on computer without users knowledge Adware is a program that displays online advertisements Spam is unsolicited e-mail message sent to many recipients

How regularly you visit Web sites

Interests and browsing habits

SCT0012 - UNDERSTANDING COMPUTER

SCT0012 - UNDERSTANDING COMPUTER

How to control spam? Phishing :

E-mail filtering
Collects spam in central location that you can view any time

Service that blocks e-mail messages from designated sources

Anti-spam program AntiSometimes removes valid e-mail messages

Scam in which a perpetrator sends an official looking e-mail that attempts to obtain your personal information

Attempts to remove spam

SCT0012 - UNDERSTANDING COMPUTER

SCT0012 - UNDERSTANDING COMPUTER

What is content filtering?

Process of restricting access to certain material

Internet Content Rating Association (ICRA) provides rating system of Web content

REVISION

Web filtering software restricts access to specified sites

SCT0012 - UNDERSTANDING COMPUTER

SCT0012 - UNDERSTANDING COMPUTER

10