Chapter-13

Protecting your privacy, your

Computer and Your Data
Protecting Our Computer
 Identify Theft
Shoulder surfing
Shoulder surfing refers to a direct observation, such as
looking over a person's shoulder, to obtain information.
In some cases shoulder surfing is done for no reason
other than to get an answer, but in other instances it
may constitute a security breach as the the person
behind may be private information such as your PIN at
a bank machine, or Credit card information as you enter
it into a Web based shopping cart check-out. While
shoulder surfing is most common in busy and crowed
areas where the perpetrator is not as likely to be caught,
shoulder surfing can also be done with the aid of
binoculars or cameras from a more remote location.
 Snagging

A thief can try snagging

information by listening in on a
telephone line while the victim
gives credit card or other
personal information to a
legitimate agent.
 Dumpster Diving

Thieves can go through garbage

cans, dumpsters or trash bins to
obtain cancelled checks, credit
card statements or bank account
information that someone has
carelessly through out.
 Social Engineering
Social engineering is successful because its victims
naturally want to trust other people and are helpful.
The victims of social engineering are tricked into
releasing information that they do not realize will be
used to attack a computer network. For example, an
employee in an enterprise may be tricked into revealing
an employee identification number to someone who is
pretending to be someone he trusts or representing
someone he trusts. While that employee number may not
seem valuable to the employee, which makes it easier for
him to reveal the information in the first place, the
social engineer can use that employee number in
conjunction with other information that has been
gathered to get closer to finding a way into the
enterprise’s network.
Online Spying Tools
 Cookies
A message given to a Web browser by a Web server. The
browser stores the message in a text file
The main purpose of cookies is to identify users and
possibly prepare customized Web pages for them. When
you enter a Web site using cookies, you may be asked to
fill out a form providing such information as your name
and interests. This information is packaged into a cookie
and sent to your Web browser which stores it for later
use. The next time you go to the same Web site, your
browser will send the cookie to the Web server. The
server can use this information to present you with
custom Web pages. So, for example, instead of seeing
just a generic welcome page you might see a welcome
page with your name on it.
 Web Bugs

 A web bug is a small GIF

format image file that can be
embedded in a web page.
Behind the image, lies code that
functions in much the same way as
a cookies, allowing the bug’s
creator to track many of your
online tracks.
 Spyware
Any software that covertly gathers user information through the
user's Internet connection without his or her knowledge, usually
for advertising purposes.
 The spyware monitors user activity on the Internet and transmits
that information in the background to someone else.
Spyware can also gather information about e-mail addresses and
even passwords and credit card numbers.
Spyware is similar to a Trojan horse in that users unwittingly
install the product when they install something else.
Aside from the questions of ethics and privacy, spyware steals
from the user by using the computer's memory resources and also
by eating bandwidth as it sends information back to the spyware's
home base via the user's Internet connection. Because spyware is
using memory and system resources, the applications running in
the background can lead to system crashes or general system
instability
 Trojan horses
A destructive program. Trojan horses do not replicate
themselves but they can be just as destructive.
The term comes from the a Greek story of the Trojan
War, in which the Greeks give a giant wooden horse to
their foes, the Trojans, ostensibly as a peace offering.
But after the Trojans drag the horse inside their city
walls, Greek soldiers sneak out of the horse's hollow
belly and open the city gates, allowing their compatriots
to pour in and capture Troy.
 Spam
Electronic junk mail or junk newsgroup
postings. Some people define spam even
more generally as any unsolicited e-mail.
Real spam is generally e-mail advertising
for some product sent to a mailing list or
newsgroup. In addition to wasting
people's time with unwanted e-mail, spam
also eats up a lot of network bandwidth.
Treats to Hardware
 Power Related Threats
 Power Fluctuations
Power Failure
Theft and Vandalism
Natural Disasters
Treats to Data
 Malware

Short for malicious software,

software designed specifically to
damage or disrupt a system, such
as a virus or a Trojan horse.
 Cybercrime
Cyber crime encompasses any criminal
act dealing with computers and networks
.Additionally, cyber crime also includes
traditional crimes conducted through the
Internet. For example; telemarketing and
Internet fraud, identity theft, and credit
card account thefts are considered to be
cyber crimes when the illegal activities are
committed through the use of a computer
and the Internet.
 Hacking

 To modify a program, often in

an unauthorized manner, by
changing the code itself.
Code that is written to provide
extra functionality to an existing
program
 Sniffing
 A program and/or device that monitors
data traveling over a network. Sniffers
can be used both for legitimate network
management functions and for stealing
information off a network. Unauthorized
sniffers can be extremely dangerous to a
network's security because they are
virtually impossible to detect and can be
inserted almost anywhere. This makes
them a favorite weapon in the hacker's
arsenal.
 Spoofing
 E-mail Spoofing:e-mail header to make it
appear as if it came from somewhere or
someone other than the actual source.
IP spoofing: A technique used to gain
unauthorized access to computers, whereby the
intruder sends messages to a computer with an
IP address indicating that the message is
coming from a trusted host. To engage in IP
spoofing, a hacker must first use a variety of
techniques to find an IP address of a trusted
host and then modify the packet headers so that
it appears that the packets are coming from that
host.
 Cyber terrorism
 Cyber terrorism is a form of
warfare in which terrorists
attempt to harm or gain control
of important computer systems.