Computer Security and Safety, Ethics & Privacy

Discovering
Computers 2011
Living in a Digital World

Objectives Overview
Objectives Overview

Define the term, Describe various types
Discuss techniques to
Discuss techniques to
computer security risks,
i ik of Internet and network
fI d k
prevent unauthorized
and briefly describe the attacks, and identify
computer access and
types of cybercrime ways to safeguard
use
perpetrators against these attacks

Explain the ways
Identify safeguards Discuss how encryption
software manufacturers
against hardware theft works, and explain why
p g
protect against
and vandalism
and vandalism it is necessary
it is necessary
software piracy

See Page 555 Discovering Computers 2011: Living in a Digital World 2
for Detailed Objectives Chapter 11

Objectives Overview
Objectives Overview

Discuss the types of
Discuss the types of Identify risks and
Identify risks and
Explain the options
devices available that safeguards associated
available for backing up
protect computers from with wireless
computer resources
system failure
system failure communications

Recogni e issues related
Recognize issues related
Discuss ways to prevent
to information accuracy, Discuss issues
health‐related disorders
intellectual property surrounding information
j
and injuries due to
rights, codes of conduct,
rights codes of conduct privacy
computer use
and green computing

See Page 555 Discovering Computers 2011: Living in a Digital World 3
for Detailed Objectives Chapter 11

Computer Security Risks

• A computer security risk is any event or action that could
cause a loss of or damage to computer hardware,
software, data, information, or processing capability
• A cybercrime is an online or Internet‐based illegal act

Hackers Crackers Script Kiddies
Script Kiddies Corporate Spies
Corporate Spies

Unethical
Cyberextortionists Cyberterrorists
Employees

Pages 556 ‐ 557 Discovering Computers 2011: Living in a Digital World 4
Chapter 11


Pages 556 – 557 Discovering Computers 2011: Living in a Digital World 5
Figure 11‐1 Chapter 11

Internet and Network Attacks

• Information transmitted over networks has a higher
degree of security risk than information kept on an
organization’s premises
• An online security service is a Web site that evaluates
your computer to check for Internet and e‐mail
vulnerabilities

Click to view Web Link,
click Chapter 11, Click Web
Link from left navigation,
then click Computer
Emergency Response Team
Coordination Center below
Chapter 11
Page 558 Discovering Computers 2011: Living in a Digital World 6


Computer
Worm Trojan Horse Rootkit
Virus
• Affects a • Copies itself • A malicious • Program that
computer repeatedly, program that hides in a
negatively by
ti l b using up
i hides within
hid ithi computer
t
altering the resources or looks like and allows
way the and possibly a legitimate someone
computer shutting program from a
works down the remote
p
computer or location to
network take full
control

Chapter 11

Video: Attack of the Mobile Viruses
Video: Attack of the Mobile Viruses

CLICK TO START
CLICK TO START
Discovering Computers 2011: Living in a Digital World 8
Chapter 11


• An infected computer has one or more of the
g y p
following symptoms:
Operating system Available memory Screen displays
Files become
runs much slower is less than unusual message
corrupted
than usual expected or image

Unknown
M i l
Music or unusual P fil
Programs or files
Existing programs programs or files
sound plays do not work
and files disappear mysteriously
randomly properly
appear

Operating system
System properties Operating system
shuts down
change does not start up
does not start up
unexpectedly

Chapter 11


• Users can take several
precautions to protect
their home and work
computers and mobile
devices from these
malicious infections

Page 560 – 561 Discovering Computers 2011: Living in a Digital World 12


• A botnet is a group of compromised computers connected to a
network
– A compromised computer is known as a zombie
A compromised computer is known as a zombie
• A denial of service attack (DoS attack) disrupts computer access to
Internet services
Internet services
– Distributed DoS (DDoS)
• A back door is a program or set of instructions in a program that
p g p g
allow users to bypass security controls
• Spoofing is a technique intruders use to make their network or
Internet transmission appear legitimate
then click DoS Attacks
below Chapter 11

Chapter 11


• A firewall is hardware and/or software that
p
protects a network’s resources from intrusion

then click Firewalls
below Chapter 11



Intrusion detection software
•A l
Analyzes all network traffic
ll t k t ffi
• Assesses system vulnerabilities
• Identifies any unauthorized intrusions
d ifi h i di i
• Notifies network administrators of suspicious behavior
tt t b h
patterns or system breaches
Honeypot
yp
• Vulnerable computer that is set up to entice an intruder to
break into it
break into it
Chapter 11

Unauthorized Access and Use

Unauthorized access is
Unauthorized access is Unauthorized use is the
Unauthorized use is the
the use of a computer or use of a computer or its
network without data for unapproved or
permission possibly illegal activities

Chapter 11


• O
Organizations take
i i k
several measures to
help prevent
help prevent
unauthorized access
and use
and use
– Acceptable use policy
– Disable file and printer
Disable file and printer
sharing
– Firewalls
– Intrusion detection
software



• Access controls define who can access a
p y
computer, when they can access it, and what
actions they can take
– Two‐phase processes called identification and
Two‐phase processes called identification and
authentication
–UUser name
– Password
– Passphrase
– CAPTCHA


• A possessed object is any • A biometric device
item that you must carry to authenticates a person’s
gain access to a computer
gain access to a computer identity by translating a
identity by translating a
or computer facility personal characteristic into
– Often are used in g
a digital code that is
combination with a personal compared with a digital
identification number (PIN) code in a computer

then click Biometric Devices
below Chapter 11



• Digital forensics is the discovery, collection, and
y p
analysis of evidence found on computers and
networks
• Many areas use digital forensics
Many areas use digital forensics
Law Criminal Military
y
enforcement prosecutors intelligence

Information
Insurance
security
g
agencies
departments
d t t
Chapter 11

Hardware Theft and Vandalism

Hardware vandalism
Hardware theft is the
Hardware theft is the
is the act of defacing
act of stealing
or destroying
or destroying
t i
computer equipment t
computer equipment

Chapter 11


• To help reduce the of chances of theft, companies
y y
and schools use a variety of security measures
Cables to lock
Physical access controls Alarm systems
equipment

Real time location Passwords, possessed
system objects, and biometrics

then click RTLS
below Chapter 11


Software Theft
Software Theft

• Software theft occurs when someone:

Steals software Intentionally
y
media erases programs

Illegally
Ill ll
Illegally copies a registers and/or
program activates a
program
Chapter 11

Software Theft
Software Theft

• A single‐user license agreement typically contains the
following conditions:
Permitted to
• Install the software on one computer
Install the software on one computer
• Make one copy of the software
• Remove the software from your computer before giving it away or selling it

Not permitted to
• Install the software on a network
• Give copies to friends or colleagues while continuing to use the software
• Export the software
• Rent or lease the software
R l h f
Chapter 11

Software Theft
Software Theft

• Copying, loaning,
borrowing, renting, or
distributing software
can be a violation of
copyright law
• Some software requires
product activation to
function fully
then click Business Software
Alliance below Chapter 11


Information Theft
Information Theft

• Information theft occurs when someone steals
p
personal or confidential information
• Encryption is a process of converting readable
data into unreadable characters to prevent
data into unreadable characters to prevent
unauthorized access


Information Theft
Information Theft


Information Theft
Information Theft

• A digital signature is an encrypted code that a
p
person, Web site, or organization attaches to an
g
electronic message to verify the identity of the
sender
– Often used to ensure that an impostor is not
participating in an Internet transaction
participating in an Internet transaction
• Web browsers and Web sites use encryption
techniques

Chapter 11

Information Theft
Information Theft

• Popular security techniques include

Digital Transport Layer
Certificates Security (TLS)

Secure HTTP VPN
then click Digital Certificates
below Chapter 11

Chapter 11

Information Theft
Information Theft

Figures 11‐19 – 11‐20 Chapter 11

System Failure
System Failure

• A system failure is the prolonged malfunction of a
p
computer
• A variety of factors can lead to system failure,
including:
– Aging hardware
– Natural disasters
– Electrical power problems
p p
• Noise, undervoltages, and overvoltages
– Errors in computer programs
Errors in computer programs
Chapter 11

System Failure
System Failure

• Two ways to protect from system failures caused
y p g
by electrical power variations include surge
protectors and uninterruptable power supplies
(UPS)

then click Surge Protectors
below Chapter 11

Figures 11‐21 – 11‐22 Chapter 11

Backing Up The Ultimate Safeguard
Backing Up – The Ultimate Safeguard

• A backup is a duplicate of a file, program, or disk
g g
that can be used if the original is lost, damaged,
or destroyed
– To back up a file means to make a copy of it
To back up a file means to make a copy of it
• Offsite backups are stored in a location separate
from the computer site
Cloud
Storage

Chapter 11

Backing Up The Ultimate Safeguard
Backing Up – The Ultimate Safeguard

• Two categories of • Three‐generation
backups: backup policy
– Full backup
Grandparent
– Selective backup

Parent

Child

Chapter 11

Wireless Security
Wireless Security

• Wireless access poses additional security risks
– About 80 percent of wireless networks have no security
protection
• War driving allows individuals to detect wireless
networks while driving a vehicle through the area

then click War Driving
below Chapter 11


Wireless Security
Wireless Security

• In additional to using firewalls, some safeguards
p y
improve security of wireless networks:
A wireless access
Change the default
Change the default
point should not
SSID
broadcast an SSID

Configure a WAP
so that only Use WPA or WPA2
certain devices can security standards
access it
access it
Chapter 11

Health Concerns of Computer Use

• The widespread use of
computers has led to
health concerns
– Repetitive strain injury
(RSI)
• Tendonitis
• Carpal tunnel syndrome
Carpal tunnel syndrome
(CTS)
– Computer vision
p
syndrome (CVS)



• Ergonomics is an
applied science devoted
to incorporating
comfort, efficiency, and
safety into the design of
items in the workplace



• Computer addiction occurs when the computer
consumes someone’s entire social life
• Symptoms of users include:
Craves Overjoy when Unable to stop
computer at the computer
time
ti computer
t activity
ti it

Irritable when
I it bl h Neglects
N l t Problems at
P bl t
not at the family and work or
computer friends school
Chapter 11

Ethics and Society
Ethics and Society

• Computer ethics are
the moral guidelines
that govern the use of
computers and
information systems
• Information accuracy is
a concern
– Not all information on
the Web is correct


Ethics and Society
Ethics and Society

Intellectual property rights are the rights to which creators
are entitled for their work
are entitled for their work

• A copyright protects any tangible form of expression
py g p y g p

An IT code of conduct is a written guideline that helps
determine whether a specific computer action is ethical or
determine whether a specific computer action is ethical or
unethical

then click Digital Rights
Management
below Chapter 11
Chapter 11

Ethics and Society
Ethics and Society


Ethics and Society
Ethics and Society

• Green computing involves reducing the electricity
g p
and environmental waste while using a computer


Ethics and Society
Ethics and Society

• Information privacy refers to the right of
p y
individuals and companies to deny or restrict the
collection and use of information about them
• Huge databases store data online
Huge databases store data online
• It is important to safeguard your information

Chapter 11

Ethics and Society
Ethics and Society


Ethics and Society
Ethics and Society

• When you fill out a
form, the merchant that
receives the form
usually enters it into a
database
• Many companies today
allow people to specify
whether they want
their personal
information distributed

Ethics and Society
Ethics and Society

• A cookie is a small text file that a Web server stores on
your computer
• Web sites use cookies for a variety of reasons:

Assist with
h
Allow for Store users’
online
personalization passwords
shopping

Track how
Track how
Target
Click to view Web Link, often users
click Chapter 11, Click Web advertisements
then click Cookies
visit a site
below Chapter 11

Chapter 11

Ethics and Society
Ethics and Society


Ethics and Society
Ethics and Society

• S
Spam iis an unsolicited
li i d
e‐mail message or
newsgroup posting
newsgroup posting
• E‐mail filtering blocks
e‐mail messages from
e mail messages from
designated sources
• Anti spam programs
Anti‐spam programs
attempt to remove
spam before it reaches
spam before it reaches
your inbox


Ethics and Society
Ethics and Society

• Phi hi i
Phishing is a scam in
i
which a perpetrator sends
an official looking e mail
an official looking e‐mail
message that attempts to
obtain your personal and
financial information
• Pharming is a scam
where a perpetrator
h
attempts to obtain your
personal and financial
personal and financial
information via spoofing


Ethics and Society
Ethics and Society

• The concern about privacy has led to the
g g
enactment of federal and state laws regarding the
storage and disclosure of personal data
– See Figure 11‐36 on page 589 for a listing of major U S
See Figure 11‐36 on page 589 for a listing of major U.S.
government laws concerning privacy
• Th 1970 F i C di R
The 1970 Fair Credit Reporting Act li i h
i A limits the
rights of others viewing a credit report to only
those with a legitimate business need

Chapter 11

Ethics and Society
Ethics and Society

Social engineering is defined as gaining
unauthorized access or obtaining confidential
unauthorized access or obtaining confidential
information by taking advantage of trust and naivety

Employee monitoring involves the use of computers
to observe record and review an employee’s use of
to observe, record, and review an employee s use of
a computer

then click Social Engineering
below Chapter 11

Chapter 11

Ethics and Society
Ethics and Society

• C
Content filtering i h
fil i is the
process of restricting
access to certain material
access to certain material
on the Web
• Many businesses use
y
content filtering
• Internet Content Rating
Association (ICRA)
• Web filtering software
restricts access to
specified Web sites


Summary

Potential computer risks and
Potential computer risks and Wireless security risks and
Wireless security risks and
the safeguards safeguards

Ethi l i di
Ethical issues surrounding
information accuracy,
Computer‐related health
p intellectual property rights,
p p y g
issues and preventions codes of conduct, green
computing, and information
privacy
Chapter 11

Discovering
Computers 2011
Living in a Digital World

Chapter 11 Complete

Computer Security and Safety, Ethics & Privacy

More Related Content

Computer Security and Safety, Ethics & Privacy