Succeeding With Technology Chapter 11

Chapter 11
Computer Crime and Information Security

Information Security and Vulnerability Machine-Level Security Network Security Wireless Network Security Internet Security
Please discontinue use of cell phone and turn off the ringer.
Succeeding with Technology, 4th ed > Computer Crime and Information Security >
Information Security Overview

49% of businesses experience computer virus infestations 27% suffer targeted attacks from hackers 12 % suffer from electronic financial fraud costing on average nearly $500,000
2008 Computer Security Institutes Computer Crime and Security survey
Succeeding with Technology > th ed > Computer and Information Security > Technology, 4 Computer Crime Crime and Information Security >
Total Information Security

Total Information Security involves securing all components of the global digital information infrastructure.
Personal Computers Business Computer Systems Government Systems International Systems
Participation by EVERYONE is important and difficult to gain!
See what the White House has to say on the subject at http://www.whitehouse.gov/pcipb/
Total Information Security

To achieve total information security, we must examine security in levels. Risks increase with each expanding layer.
Information Security and Vulnerability

Key Terms Information Security Identity Theft Intellectual Property Intellectual Property Rights Cyberterrorism
Security Holes Software Patches Piracy Plagiarism Hacker Computer Forensics
What is at Stake?
At stake:
Personal Private Information

What would concern you most if a person who wished to do you harm had full control of your PC? What personal information do you consider private?
Depending on the circumstance, private information may include your:
Name Photo Phone number Address Birthday Social Security Number Bank Account Number Credit Card Number College Transcripts Financial Status Medical Records Religious affiliation Political affiliation
Identity Theft
Identity theft is the criminal act of using stolen information about a person to assume that persons identity, typically for financial gain.
Source: http://www.consumer.gov/sentinel
At stake:
Intellectual Property
Intellectual property refers to a product of the mind or intellect over which the owner holds legal entitlement. Intellectual property rights concern the legal ownership and use of intellectual property such as software, music, movies, data, and information. Intellectual property is legally protected through copyright, trademark, trade secret, and patent.
At stake:
Organizational Information
For many businesses, the information it processes and stores is highly valuable and key to its success. Business intelligence is the process of gathering and analyzing information in the pursuit of business advantage. Competitive intelligence is concerned with gathering information about competitors. Counterintelligence is concerned with protecting ones own information from access by the competition.
At stake:
National and Global Security

Cyberterrorism is a form of terrorism that uses attacks over the Internet to intimidate and harm a population.
Threat:
Software and Network Vulnerabilities

Security holes are software bugs that allow violations of information security. Software patches are corrections to the software bugs that cause security holes.
Microsofts Trustworthy Computing
Threat:
User Negligence
Threat:
Pirates and Plagiarists

Piracy involves the illegal copying, use, and distribution of digital intellectual property such as software, music, and movies. Plagiarism involves taking credit for someone elses intellectual property, typically a written idea, by claiming it as your own.
Threat:
Hackers, Crackers, Intruders, and Attackers

The terms hacker, cracker, intruder, and attacker are all used to label an individual who subverts computer security without authorization. There are many types of hackers, and not all are considered to behave unethically.
Machine-Level Security
Key Terms Username Password Biometrics Encryption
Protecting a Stand-alone PC
Computers not connected to a network can only be attacked through physical presence.
Keep the PC in a locked room. Identify the person accessing the machine through authentication. Something you know (i.e. password) Something you have (i.e. card-swipe) Something about you (i.e. fingerprint)
Passwords
A username identifies the user to the computer system. A password is a combination of characters known only to the user and used for authentication. An effective password should be:
strong by including words that are unrelated to your interests, and include upper and lowercase letters, numbers, and symbols unique dont use the same password for your bank account as you do for your email account changed regularly change your password twice a year
ID Devices and Biometrics

Security ID cards and tokens, something you have authentication, are used in some corporations to protect access to restricted areas and computer systems. Biometrics is the science and technology of authentication by scanning and measuring a persons unique physical features such as fingerprints, retinal patterns, and facial characteristics
Encryption
Encryption is a security technique that uses high-level mathematical functions and computer algorithms to encode data so that it is unintelligible to all but the intended recipient. Data stored on a PC can be encrypted and set so that a second password is required to decrypt it.
Backing Up Data and Systems

The most common cause of data loss is hardware failure. Best protection: follow regular backup procedures. Available backup services include: System utilities that back up selected files to compressed archives stored on secondary storage media or another computer on the network. Mirroring, which saves files to two locations to create exact duplicates. Internet services that perform scheduled, automated uploads of your valuable files to servers for safe keeping (www.remotedatabackups.com).
Remote Backup
Internet-based backup services are becoming increasingly popular as more users connect to the Internet through high-speed connections.
Network Security
Key Terms Multiuser system User permissions File ownership Interior threats
Multiuser System
A multiuser system is a computer system, such as a computer network, where multiple users share access to resources such as file systems.
User Permissions
User Permissions refer to the access privileges afforded to each network user in terms of who is able to read, write, and execute a file, folder, or drive. Files and folders are assigned user and group ownership.
Interior Threats
Interior threats refer to dangers to network resources from legitimate users. They include:
Threats to System Health and Stability Information Theft
Safeguards include the use of security and usage policies.

Security and Usage Policies

A security and network usage policy is a document, agreement, or contract that defines acceptable and unacceptable uses of computer and network resources.
Wireless Network Security

Key Terms Access point WLAN War driving MAC address Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA)
Wireless Fidelity (Wi-Fi)

Today the most popular wireless protocol is WiFi. Wi-Fi networks have popped up in offices and homes, on city streets, in airports, coffee shops, and even McDonalds.
Newly purchased access points typically have no security features enabled making it easy for any wireless device to connect.
War Driving
War driving is the act of driving through neighborhoods with a wireless notebook or handheld computer and looking for unsecured Wi-Fi networks.
Securing a Wireless Network

An Access Point can be configured, and security features enabled, through a simple Web interface using a computer connected to the access point.
Securing a Wireless Network

Use the Access Points configuration utility to:
Disable the Access Points broadcasting to make the access point invisible to the general public. Change the Access Points password from the default. Set the Access Point to only allow certain computers (MAC addresses) to connect. Encrypt data being sent over the network with WEP or WPA.
Wireless Access Point / Router
Cable Modem
Internet Security
Key Terms Firewall Virus Worm Antivirus Software Spyware Zombie Computer Antispyware Internet Fraud Phishing Virus Hoax
Hacking Tools and Methods

Key-logging software Packet-sniffing software Port scanning software SQL injection Social engineering
Why Do Hackers Hack?

As a hobby and challenge To inflict malicious vandalism To gain a platform for anonymous attacks To steal valuable information and services To Spy on someone
Kevin Mitnick hacked to steal software and expose security holes. After serving nearly five years in U.S. federal prison, Mitnick now has his own information security consulting business.
Defending Against Hackers

A firewall is network hardware and software that examines all incoming data packets and filters out ones that are potentially dangerous.
Firewall software from McAfee and Symantec are considered to be more robust than Windows Firewall. This McAfee screen shot shows several attacks on this PC over the course of one day.
All Windows users should protect their network connection with a firewall.
Worms and Viruses

A worm does not attach itself to other files but rather acts as a free agent, replicating itself numerous times in an effort to overwhelm systems. Worms and viruses are often spread through the Web, email, chat, and filesharing networks A virus is a program that attaches itself to a file, spreads to other files, and delivers a destructive action called a payload. There are many types of viruses
Worms and viruses are considered malicious software, or malware, Check out the latest malware at http://www.mcafee.com/us/threat_center
Worm and Virus Sources

A worm does not attach itself to other programs but rather acts as a free agent, replicating itself numerous times in an effort to overwhelm systems.
Viruses and Worms
Yeah right! This didnt come from Microsoft. The attachment is not a patch, nor an innocent text file (as it appears) but an executable file containing a virus.
Defending Against Viruses and Worms

Knowledge and caution play a big part in protecting PCs against viruses and worms:
Dont open e-mail or IM attachments that come from friends or strangers unless they are expected and inspected by antivirus software. Keep up with software patches for your operating system, your Web browser, your e-mail and IM software. Use caution when exploring Web sites created and maintained by unknown parties. Avoid software from unknown sources. Stay away from file-sharing networks; they do not protect users from dangerous files that are being swapped.
Antivirus software, also known as virus scan software, uses several techniques to find viruses on a computer system, remove them if possible, and keep additional viruses from infecting the system.
Varieties of Viruses
Scams, Spam, Fraud, and Hoaxes

Internet fraud is the crime of deliberately deceiving a person over the Internet in order to damage them and to obtain property or services from him or her unjustly. A phishing scam combines both spoofed e-mail and a spoofed Web site in order to trick a person into providing private information.
Classic Phishing
Is this email from customer.service@citibank.com legitimate?
If you clicked the link it would take you to a spoofed Citibank Webpage that looks like the real thing, and ask you to supply personal information like your username and password.
Holding the mouse pointer over the link in the original email shows that it really links to http://24.27.89.64:87 most likely a hackers Website.

Spam is the unsolicited junk mail that makes up more than 60 percent of todays email. A virus hoax is an email that warns of a virus that doesnt exist.

The objective of this e-mail is to warn all Hotmail users about a new virus that is spreading by MSN Messenger. The name of this virus is jdbgmgr.exe and it is sent automatically by the Messenger and by the address book too. The virus is not detected by McAfee or Norton and it stays quiet for 14 days before damaging the system. The virus can be cleaned before it deletes the files from your system. In order to eliminate it, it is just necessary to do the following steps: 1. Go to Start, click "Search" 2.- In the "Files or Folders option" write the name jdbgmgr.exe 3.- Be sure that you are searching in the drive "C" 4.- Click "find now" 5.- If the virus is there (it has a little bear-like icon with the name of jdbgmgr.exe DO NOT OPEN IT FOR ANY REASON 6.- Right click and delete it (it will go to the Recycle bin) 7.- Go to the recycle bin and delete it or empty the recycle bin. email has gotten This IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO thousands of Windows ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT users to trash their CAN CAUSE ANY DAMAGE.
own systems
Think again!
Do the search. Oh no! Ive got the Teddy Bear virus! Better delete it! This email has gotten thousands of Windows users to trash their own systems That file with the silly little Teddy bear icon is actually a necessary system file in Windows!
For more on this topic check out www.vmyths.com
Spyware, Adware, and Zombies

Spyware is software installed on a computer without the users knowledge to either monitor the user or allow an outside party to control the computer.
Zombies
A computer that carries out actions (often malicious) under the remote control of a hacker either directly or through spyware or a virus is called a zombie computer.
Experts say hundreds of thousands of computers are added to the ranks of zombies each week.
Zombies
Zombie computers can join together to form zombie networks (botnet). Zombie networks apply the power of multiple PCs to overwhelm Web sites with distributed denial-of-service attacks, to crack complicated security codes, or to generate huge batches of spam.
It has been estimated that 80 to 90 percent of spam originates from zombie computers.
Storm worm botnet for rent
Defend yourself
The main defenses against scams, spam, fraud, and hoaxes are awareness and common sense. Important safeguards include the following:
Do not click links received in e-mails. Instead, type URLs directly into your Web browser. Examine Web addresses closely to make sure that they are legitimate and include an https:// for forms, or a closed lock icon in the address or status bar. Do not believe any virus alert sent through email unless it comes from a verifiable source.
Chapter 11 Questions?

Succeeding With Technology Chapter 11

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Succeeding With Technology Chapter 11

Загружено:

Авторское право:

Доступные форматы

Chapter 11

Computer Crime and Information Security

Information Security Overview

Total Information Security

Participation by EVERYONE is important and difficult to gain!

Total Information Security

Information Security and Vulnerability

Security Holes Software Patches Piracy Plagiarism Hacker Computer Forensics

Personal Private Information

National and Global Security

Software and Network Vulnerabilities

Microsofts Trustworthy Computing

Pirates and Plagiarists

Hackers, Crackers, Intruders, and Attackers

ID Devices and Biometrics

Backing Up Data and Systems

Safeguards include the use of security and usage policies.

Security and Usage Policies

Wireless Network Security

Wireless Fidelity (Wi-Fi)

Securing a Wireless Network

Securing a Wireless Network

Wireless Access Point / Router

Hacking Tools and Methods

Why Do Hackers Hack?

Defending Against Hackers

Worms and Viruses

Worm and Virus Sources

Viruses and Worms

Defending Against Viruses and Worms

Scams, Spam, Fraud, and Hoaxes

Scams, Spam, Fraud, and Hoaxes

Scams, Spam, Fraud, and Hoaxes

Scams, Spam, Fraud, and Hoaxes

Spyware, Adware, and Zombies

Scams, Spam, Fraud, and Hoaxes

Вам также может понравиться