Computer Security and Safety, Ethics, and Privacy

(Part 1)

IT Application Tools in Business & Accounting

What is Computer Security Risks?

Computer Security Risks

Is an any event or action that could cause a loss of or damage to computer hardware, software, data, information, or
processing capability, whether intentionally or unintentionally.

Computer crime - an intentional breach of computer security often involving a deliberate act that is against the law; any
illegal act involving a computer.

Cybercrime - online or internet-based illegal acts

7 Basic Categories of Cybercrime Perpetrators and Other Intrusions

Hacker - although originally a complimentary word for a computer enthusiast, now has a derogatory meaning and refers
to someone who accesses a computer or network illegally. Some hackers claim the intent of their security breaches is to
improve security;

Cracker - someone who accesses a computer or network illegally but has the intent of destroying data, stealing
information, or other malicious action;Both hackers and crackers have advanced computer and network skills.

Script Kiddie- has the same intent as a cracker but does not have the technical skills and knowledge. Script kiddies often
use prewritten hacking and cracking programs to break into computers;

Corporate Spy - some corporate spies have excellent computer and networking skills and are hired to break into a
specific computer and steal its proprietary data and information. Unscrupulous companies hire corporate spies, a
practice known as corporate espionage, to gain a competitive advantage;

Unethical Employee - unethical employees break into their employers' computers for a variety of reasons. Some simply
want to exploit a security weakness. Others seek financial gains from selling confidential information. Disgruntled
employees may want revenge;

Cyberextortionist - someone who uses e-mail as a vehicle for extortion. These perpetrators send an organization a
threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an
attack that will compromise the organization's network - if they are not paid a sum of money;

The most common computer security risks are:

-Internet & Network Attacks

-Information Theft

-Failure

-System

-Theft

-Hardware

-Unauthorized Access & Use

-Software Theft
(1) Internet & Network Attacks

Malware (Malicious Software)

-Programs that act without a user's knowledge and deliberately alter the computer's operations.

✓ A computer virus is a potentially damaging computer program that affects, or infects, a computer negatively by
altering the way the computer works without the user's knowledge or permission. Once the virus infects the computer,
it can spread throughout and may damage files and system software, including the operating system.

✓ A worm is a program that copies itself repeatedly, for example in memory or on a network, using up resources and
possibly shutting down the computer or network.

✓ A Trojan horse is a program that hides within or looks like a legitimate program. A certain condition or action usually
triggers the Trojan horse. Unlike a virus or worm, a Trojan horse does not replicate itself to other computers.

✓ A rootkit is a program that hides in a computer and allows someone from a remote location to take full control of the
computer. Once the rootkit is installed, the rootkit author can execute programs, change settings, monitor activity, and
access files on the remote computer.

How Can you protect your system from a macro virus?

- Set macro security level in applications that allow you to write macros
- Set macro security level so that warning displays that document contains macro
- Macros are instructions saved in an application such as word processing or spreadsheet.

What is an antivirus program?

- Identifies and removes computer viruses

-Unscrupulous programmers write malware and then test it to ensure it can deliver its payload. The payload is the
destructive event or prank the program is intended to deliver. A computer infected by a virus, worm, Trojan horse, or
rootkit often has one or more of the following symptoms:

✓ Operating system runs much slower than usual

✓ Available memory is less than expected

✓ Files become corrupted

✓ Screen displays unusual message or image ✓ Unknown programs or files mysteriously appear

✓ Music or unusual sound plays randomly

✓ Existing programs and files disappear

✓ System properties change

✓ Operating system does not start up

✓ Operating system shuts down unexpectedly

-Malicious programs deliver payload on a computer in a variety of ways - when a user:

(1) opens an infected file,

(2) runs an infected program,

(3) boots the computer with infected removable media inserted in a drive or plugged in a port, (4) connects an
unprotected computer to a network, or

(5) when a certain condition or event occurs, such as the computer's clock changing to a specific date.

A common way computers become infected with viruses and other malware is through users opening infected e-mail
attachments

Tips for Preventing Viruses and Other Malware

1. Never start a computer with removable media inserted in the drives or plugged in the ports, unless the media are
uninfected.

2. Never open an e-mail attachment unless you are expecting it and it is from a trusted source.

3. Set the macro security in programs so that you can enable or disable macros. Enable macros only if the document is
from a trusted sourceand you are expecting it.

4. Install an antivirus program on all of your computers. Update the software and the virus signature files regularly.

5. Scan all downloaded programs for viruses and other malware.

6. If the antivirus program flags an e-mail attachment as infected, delete or quarantine the attachment immediately.

7. Before using any removable media, scan the media for malware. Follow this procedure even for shrink-wrapped
software from major developers. Some commercial software has been infected and distributed to unsuspecting users.

8. Install a personal firewall program.

9. Stay informed about new virus alerts and virus hoaxes.

- Attempts to remove any detected virus

What is the botnet, denial of service attack, back door, Spoofing?

A botnet is a group of compromised computers connected to a network such as the Internet that are used as part of a
network that attacks other networks, usually for nefarious purposes. A compromised computer, known as a zombie, is
one whose owner is unaware the computer is being controlled remotely by an outsider. Cybercriminals use botnets to
send spam via e-mail, spread viruses and other malware, or commit a denial-of-service attack.

A denial-of-service attack, or DoS attack, is an assault whose purpose is to disrupt computer access to an Internet service
such as the Web or e-mail. Perpetrators carry out a DoS attack in a variety of ways. For example, they may use an
unsuspecting computer to send an influx of confusing data messages or useless traffic to a computer network.

A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing
a program, computer, or network. Once perpetrators gain access to unsecure computers, they often install a back door
or modify an existing program to include a back door, which allows them to continue to access the computer remotely
without the user's knowledge.

Spoofing is a technique intruder use to make their network or Internet transmission appear legitimate to a victim
computer or network. E-mail spoofing occurs when the sender's address or other components of the e mail header are
altered so that it appears the e-mail originated from a different sender. E-mail spoofing commonly is used for virus
hoaxes, spam, and phishing scams. IP spoofing occurs when an intruder computer fools a network into believing its IP
address is associated with a trusted source. Perpetrators of IP spoofing trick their victims into interacting with a phony
Web site.

What is a firewall?

- Security system consisting of hardware and/or software that prevents unauthorized network access.

Organizations use firewalls to protect network resources from outsiders and to restrict employees' access to sensitive
data such as payroll or personnel records. They can implement a firewall solution themselves or outsource their needs
to a company specializing in providing firewall protection. Large organizations often route all their communications
through a proxy server, which is a component of the firewall. A proxy server is a server outside the organization's
network that controls which communications pass into the organization's network.

Home and small office/home office users often protect their computers with a personal firewall utility. A personal
firewall is a utility program that detects and protects a personal computer and its data from unauthorized intrusions.
Some operating systems, such as Windows, include personal firewalls.

To provide extra protection against hackers and other intruders, large organizations sometimes use intrusion detection
software to identify possible security breaches. Intrusion detection software automatically analyzes all network traffic,
assesses system vulnerabilities, identifies any unauthorized access (intrusions), and notifies network administrators of
suspicious behavior patterns or system breaches.

To utilize intrusion detection software requires the expertise of a network administrator because the programs are
complex and difficult to use and interpret. These programs also are quite expensive.
(2) Unauthorized Access and Use

Another type of computer security risk is unauthorized access and use. Unauthorized access is the use of a computer or
network without permission. Unauthorized use is the use of a computer or its data for unapproved or possibly illegal
activities. Unauthorized use includes a variety of activities:

✓ an employee using an organization's computer to send personal e-mail messages,

✓ an employee using the organization's word processing software to track his or her child's soccer league scores, or ;

✓ someone gaining access to a bank computer and performing an unauthorized transfer.

Many systems implement access controls using a two-phase process called identification and authentication.
Identification verifies that an individual is a valid user. Authentication verifies that the individual is the person he or she
claims to be. Three methods of identification and authentication include

(1) user names and passwords,

(2) possessed objects, and

(3) biometric devices. The technique(s) an organization uses should correspond to the degree of risk associated with the
unauthorized access,

User Names and Passwords. A user name, or user ID (identification), is a unique combination of characters, such as
letters of the alphabet or numbers, that identifies one specific user. A password is a private combination of characters
associated with the user name that allows access to certain computer resources.

Possessed Objects. A possessed object is any item that you must carry to gain access to a computer or computer facility.
Examples of possessed objects are badges, cards, smart cards, and keys. The card you use in an automated teller
machine (ATM) is a possessed object that allows access to your bank account.

Biometric Devices. A biometric device authenticates a person's identity by translating a personal characteristic, such as a
fingerprint, into a digital code that is compared with a digital code stored in the computer verifying a physical or
behavioral characteristic. If the digital code in the computer does not match the personal characteristic code, the
computer denies access to the individual.

Digital forensics, also called computer forensics, network forensics, or cyberforensics, is the discovery, collection, and
analysis of evidence found on computers and networks. Digital forensics involves the examination of computer media,
programs, data and log files on computers, servers, and networks. Many areas use digital forensics, including law
enforcement, criminal prosecutors, military intelligence, insurance agencies, and information security departments in
the private sector.
(3) Hardware Theft and Vandalism

Hardware theft is the act of stealing computer equipment.

Safeguards against Hardware Theft and Vandalism:

- Cables sometimes used to lock equipment

- Some notebook computers use passwords, possessed objects and biometrics as security methods

- For PDAs and smart phones, you can use password protect the device

Hardware vandalism is the act of defacing or destroying computer equipment. Hardware vandalism takes many forms,
from someone cutting a computer cable to individuals breaking into a business or school computer lab and aimlessly
smashing computers.

(4) Software Theft

Software theft occurs when someone steals software media, intentionally erases programs, illegally copies a program, or
illegally registers and/or activates a program. One form of software theft involves someone physically stealing the media
that contain the software or the hardware that contains the media, as described in the previous section.

Safeguards against Software Theft

-To protect software media from being stolen, owners should keep original software boxes and media in a secure
location. All computer users should back up their files and disks regularly, in the event of theft.

To protect themselves from software piracy, software manufacturers issue users license agreements. A license
agreement is the right to use the software. That is, you do not own the software. The license agreement provides
specific conditions for use of the software, which a user must accept before using the software. These terms usually are
displayed when you install the software.

The most common type of license included with software purchased by individual users is a single-user_license
agreement, also called an end-user license agreement (EULA). A single-user license agreement typically includes many of
the following conditions that specify a user's responsibility upon acceptance of the agree.

PERMITTED

-Install software on one computer only

-Make one copy of the software as backup

-Give or sell the software to another individual, but only if the software is removed from the user's computer first

NOT PERMITTED

-Install software on a network

-Give copies to friends and colleagues while continuing the use of the software
-Export the software

-Rent or lease the software

Unless otherwise specified by a license agreement, you do not have the right to copy, loan, borrow, rent, or in any way
distribute software. Doing so is a violation of copyright law. It also is a federal crime. Despite this, some experts estimate
for every authorized copy of software in use, at least one unauthorized copy exists.

(5) Information Theft

-Information theft occurs when someone steals personal or confidential information. An unethical company executive
may steal or buy stolen information to learn about a competitor. A corrupt individual may steal credit card numbers to
make fraudulent purchases.

Safeguards against Information Theft

Most companies attempt to prevent information theft by implementing the user identification and authentication
controls (discussed earlier). These controls are best suited for protecting information on computers located on an
organization's premises. Information transmitted over networks offers a higher degree of risk because unscrupulous
users can intercept it during transmission.

To protect information on the Internet and networks, companies and individuals use a variety of encryption techniques.

Encryption

-The process of converting readable data into unreadable characters to prevent unauthorized access. You treat
encrypted data just like any other data. That is, you can store it or send it in an e-mail message. To read the data, the
recipient must decrypt, or decipher, it into a readable form. In the encryption process, the unencrypted, readable data is
called plaintext. The encrypted (scrambled) data is called ciphertext. An encryption algorithm is a set of steps that can
convert readable plaintext into unreadable ciphertext.

Encryption programs typically use more than one encryption algorithm, along with an encryption key. An encryption key
is a programmed formula that the originator of the data uses to encrypt the plaintext and the recipient of the data uses
to decrypt the ciphertext.

Many Web browsers and Web sites use encryption. A Web site that uses encryption techniques to secure its data is
known as a secure site.

What is a certificate authority (CA)?

- Authorized person or company that issues and verifies digital certificates

A system failure is the prolonged malfunction of a computer. System failure can cause loss of hardware, software, data,
or information. A variety of causes can lead to system failure. These include aging hardware; natural disasters such as
fires, floods, or hurricanes; random events such as electrical power problems; and even errors in computer programs.

One of the more common causes system failure is an electrical power variation. Electrical power variations can cause
loss of data and loss of equipment. If the computer equipment is networked, a single power disturbance can damage
multiple systems.

What is a surged protector?

- Protects computer and equipment from electrical power disturbances.

To protect against data loss caused by a system failure or hardware/software/information theft, computer users should
back up files regularly.

A backup is a duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed. To back
up a file means to make a copy of it. In case of a system failure or the discovery of corrupted files, you restore the files
by copying the backed-up files to their original location on the computer.

Most operating systems include a backup program. Backup devices, such as external disk drives, also include backup
programs. Numerous stand-alone backup utilities exist. Many of these can be downloaded from the Web at no cost.

Wireless Security Risks

-Although wireless access provides many conveniences to users, it also poses additional security risks Same perpetrators
connect to other's wireless networks to gain free Internet access; others may try to access an organization's confidential
data.

Some intruders intercept and monitor communications as they transmit through the air. Others connect to a network
through an unsecured wireless access point (WAP). In one technique, called war driving, individuals attempt to detect
wireless networks via their notebook computer or mobile device while driving a vehicle through areas they suspect have
a wireless network.

How can I ensure my wireless communication is secure?

- Secure your wireless access point (WAP)

- WAP should not be broadcast your network name

- Enable Wired Equivalent Privacy (WEP) or WI-FI Protected Access (WPA)

- 802.11i, sometimes called WPA2, the most recent network security standard, conforms to the government's security
standards and uses more sophisticated encryption techniques than WPA.