510 likes | 531 Views
Chapter 11: Computer Crime and Information Security. Succeeding with Technology: Second Edition. Objectives. Describe the types of information that must be kept secure and the types of threats against them Describe five methods of keeping a PC safe and secure
E N D
Chapter 11: Computer Crime and Information Security Succeeding with Technology: Second Edition
Objectives • Describe the types of information that must be kept secure and the types of threats against them • Describe five methods of keeping a PC safe and secure • Discuss the threats and defenses unique to multiuser networks Succeeding with Technology
Objectives (continued) • Discuss the threats and defenses unique to wireless networks • Describe the threats posed by hackers, viruses, spyware, frauds, and scams, and the methods of defending against them Succeeding with Technology
Information Security and Vulnerability – What is at Stake? • Identity theft • The criminal act of using stolen information about a person to assume that person’s identity • Intellectual property • Product of the mind or intellect over which the owner holds legal entitlement • Intellectual property rights • Ownership and use of intellectual property such as software, music, movies, data, and information Succeeding with Technology
What is at Stake? (continued) • Security threats to businesses • Virus • Insider abuse of Internet access • Laptop theft • Unauthorized access by insiders • Denial-of-service attacks • System penetration • Theft of proprietary information • Sabotage Succeeding with Technology
What is at Stake? (continued) • Business intelligence • Process of gathering and analyzing information in the pursuit of business advantage • Competitive intelligence • Form of business intelligence concerned with information about competitors • Counterintelligence • Concerned with protecting your own information from access by your competitors Succeeding with Technology
Threats to Information Security • Security vulnerabilities or security holes • Software bugs that allow violations of information security • Software patches • Corrections to software bugs that cause security holes • Piracy • The illegal copying, use, and distribution of digital intellectual property • Plagiarism • Taking credit for someone else’s intellectual property Succeeding with Technology
Threats to Information Security (continued) • Hackers, crackers, intruders, and attackers • Black-hat hacker • White-hat hacker • Gray-hat hacker • Script kiddie Succeeding with Technology
Machine Level Security • Common forms of authentication • Something you know • Password or personal identification number (PIN) • Something you have • ID cards, smartcards, badges, keys, • Something about you • Unique physical characteristics such as fingerprints Succeeding with Technology
Passwords • Username • Identifies a user to the computer system • Password • A combination of characters known only to the user that is used for authentication • Strongest passwords • Minimum of eight characters in length • Do not include any known words or names Succeeding with Technology
ID Devices and Biometrics • Biometrics • The science and technology of authentication by scanning and measuring a person’s unique physical features • Facial pattern recognition • Uses mathematical technique to measure the distances between 128 points on the face • Retinal scanning • Analyzes the pattern of blood vessels at the back of the eye Succeeding with Technology
Encrypting Stored Data • Encryption • Uses high-level mathematical functions and computer algorithms to encode data • Files • Can be encrypted “on the fly” as they are being saved, and decrypted as they are opened • Encryption and decryption • Tend to slow down computer slightly when opening and saving files Succeeding with Technology
Backing Up Data and Systems • Backup software typically provides the following options • Select the files and folders you wish to back up. • Choose the location to store the archive file. • Choose whether to back up all files (a full backup), or • Just those that have changed since the last backup (an incremental backup) Succeeding with Technology
System Maintenance • Computer housecleaning • Organizing the data files and software on your computer • Housecleaning activities can include • Deleting unneeded data files • Organizing the remaining data files logically into folders and subfolders • Emptying the recycle bin (Windows) or trash can (Mac) • Deleting unneeded saved e-mail messages Succeeding with Technology
Network Security - Multiuser System Considerations • Multiuser system • Computer system where multiple users share access to resources such as file systems • User permissions • The access privileges afforded to each network user • File ownership • Files and Folders on the system must carry information that identifies their creator Succeeding with Technology
Interior Threats • Threats from within a private network • Problems that occur on networks • Stem from allowing network users to introduce software and data files from outside the network • Many instances of identity theft • Occur with the assistance of insiders with corporate network access Succeeding with Technology
Security and Usage Policies • Security and network usage policy • Document, agreement, or contract that • Defines acceptable and unacceptable uses of computer and network resources • Typically warn against using the network for illegal activities • Employers • Not legally responsible for notifying employees of network usage policies Succeeding with Technology
Wireless Network Security • Wireless networks • Provide wonderful convenience • Have security risks • Wi-Fi networks • The most popular wireless protocol • Are popping up in offices, homes, on city streets, in airports, coffee shops, even in McDonalds Succeeding with Technology
Threats to Wireless Networks • Access point • Sends and receives signals to and from computers on the wireless local area network or WLAN • By default, are set to broadcast their presence • War driving • Driving through neighborhoods with a wireless notebook or handheld computer looking for unsecured Wi-Fi networks Succeeding with Technology
Securing a Wireless Network • Options within the configuration software • Allow you to disable the access point’s broadcasting of the network ID, the SSID • Change password used to connect to access point • Access point can be set to only allow certain computers to connect • Popular wireless encryption protocols • Wired Equivalent Privacy (WEP) • Wi-Fi Protected Access (WPA) Succeeding with Technology
Internet Security • When a computer is connected to the Internet • It becomes a target to millions of various attack • Computer’s IP address • Registered and known to others • Attacks against Internet-connected computers • Can come in the form of direct attacks or • Through viruses, worms, or spyware Succeeding with Technology
Hackers on the Internet • Methods of Attack • Key-logging • packet-sniffing • Port-scanning • Social engineering • Dumpster diving Succeeding with Technology
Viruses and Worms • Virus • Program that attaches itself to a file • Spreads to other files, and delivers a destructive action called a payload • Trojan horses • Appear to be harmless programs • When they run, install programs on the computer that can be harmful • Worm • Acts as a free agent, replicating itself numerous times in an effort to overwhelm systems Succeeding with Technology
Spyware, Adware, and Zombies • Spyware • Software installed on a computer without user’s knowledge • Zombie computer • Carries out actions (often malicious) under the remote control of a hacker • Antispyware • Software that searches a computer for spyware and other software that may violate a user’s privacy Succeeding with Technology
Scams, Spam, Fraud, and Hoaxes • Internet fraud • Deliberately deceiving a person over the Internet in order to damage them • Phishingscam • Combines both spoofed e-mail and a spoofed Web site in order to • Trick a person into providing private information • Virus hoax • E-mail that warns of a virus that does not exist Succeeding with Technology
Scams, Spam, Fraud, and Hoaxes (continued) • Spam • Unsolicited junk mail • Solutions to spam • Bayesian filters • “Trusted sender” technology • Reputation systems • Interfaces for client-side tools Succeeding with Technology
Summary • Total information security • Securing all components of the global digital information infrastructure • Fundamental security implemented at • The individual machine level • The point of entry to computers, computer networks, and the Internet Succeeding with Technology
Summary (continued) • When a computer is connected to a network • Security risks increase • With wireless technologies • Attacker no longer has to establish a wired connection to a network • Attacks against Internet-connected computers may come in the form of • Direct attacks by hackers (system penetration) or • Through viruses, worms, or spyware Succeeding with Technology