210 likes | 224 Views
Chapter 6 Network and Internet Security and Privacy. Why be concerned about Internet security?. The Computer Fraud and Abuse Act of 1986 is the main law protecting against computer crimes. The USA PATRIOT Act increased the scope and penalties of computer fraud:
E N D
Chapter 6 Network and Internet Security and Privacy Why be concerned about Internet security?
The Computer Fraud and Abuse Act of 1986 is the main law protecting against computer crimes. The USA PATRIOT Act increased the scope and penalties of computer fraud: • raising the maximum penalty for violations to 10 years (from 5) for a first offense and 20 years (from 10) for a second offense; • ensuring that violators only need to intend to cause damage generally, not intend to cause damage or other specified harm over the $5,000 statutory damage threshold; • allowing aggregation of damages to different computers over a year to reach the $5,000 threshold; • enhancing punishment for violations involving any (not just $5,000) damage to a government computer involved in criminal justice or the military; • including damage to foreign computers involved in US interstate commerce; • including state law offenses as priors for sentencing; and • expanding the definition of loss to expressly include time spent investigating and responding for damage assessment and for restoration.
Unauthorized Access (hacking) Gaining access to a computer, network, or system without authorization. Businesses, schools, and organizations have codes of conduct outlining acceptable computer use. Theft of Data Data theft or information theft is the theft of data or information located on or being sent from a computer. Interception of Communications Instead of accessing data stored on a computer via hacking, some criminals gain unauthorized access to data, files, email messages, VoIP calls, and other content as it is being sent over the Internet. A new trend is criminals intercepting credit and debit card information during the card verification process; that is, intercepting the data from a card in real time as a purchase is being authorized.
Botnets and Zombie Computers • A computer that is controlled by a hacker or other computer criminal is referred to as a bot or zombie computer. • A group of bots that are controlled by one individual and can work together in a coordinated fashion is called a botnet. • According to the FBI, an estimated one million U.S. computers are currently part of a botnet. WiFi Piggybacking Many home users have wireless (WiFi) networks. Many people do not have security implemented and neighbors or someone driving down the street could access their network and use their Internet access.
Computer/Data Sabotage Malicious destruction to a computer or data. This could be performed physically or electronically. A disgruntled employee could destroy a network server or backup tapes. Data or programs could be altered. Web sites could be defaced. Denial of Service A denial of service (DoS) attack is an act of sabotage that attempts to flood a network server or Web server with so many requests for action that it shuts down or simply cannot handle legitimate requests any longer, causing legitimate users to be denied service.
Identity Theft This occurs when someone obtains enough information about a person (e.g. name, birth date, SS#, address, credit card#, mother’s maiden name) to be able to masquerade as that person. The thief could get a driver’s license and credit cards under your name. Salami Shaving/Slicing Writing a computer program that transfers small amounts of money (e.g. a few cents) from each transaction to a secret account. This is usually performed by someone within a company. e.g. the movie Office Space Online Auction Fraud Purchase items on eBay and never receive them. Craigslist also has many scams.
PhishingThe use of a spoofed e-mail to gain credit card numbers, usernames and passwords, or other personal info. The user is often redirected to a fraudulent (spoofed) web site.
Spoofed or FraudulentWeb Sites (dot cons)Many phishing scams use spoofedweb sites. The user will type in hisusername/password which is storedon the server. • In addition to disclosing personal information only when it is necessary and only via secure Web pages, you should use security software and keep it up to date. • To avoid phishing schemes, never click a link in an email message to go to a secure Web site—always type the URL for that site in your browser.
Malware – Malicious programs installed without your knowledge. This includes adware, spyware, and viruses. The best defense is anti-virus software and good practices. • Adware • Software that delivers advertisements to • your desktop. It could be installed without • your knowledge, or built in to legitimate apps. • Spyware • Software that secretly gathers information • about the user and transmits it on the • Internet. It could be marketing information transmitted to advertisers or it could be more malicious and transmit your keystrokes (e.g. usernames and passwords) to someone on the internet. • Viruses • A program that is installed without the permission or knowledge of the user. It will affect the computer’s operation in some manner. Viruses are attached to legitimate executable files and can replicate themselves to other files when you execute them. It is common to get a virus from executable files downloaded from the Internet, or from executable files attached to e-mails and instant messages.
A couple types of viruses: Trojan Horseis a virus that is disguised as a legitimate program. They are downloaded from the Internet and executed by the user. For example: a game. A regular virus attaches itself to a legitimate program and executes when you run the program. Worm is a type of virus that replicates itself over the network or Internet without user intervention, as opposed to being attached to a file that is downloaded. Without a firewall, your computer could get a worm when you connect to the Internet.
E-mail Hoaxes/Chain LettersE-mails chain letters are usually an unreliable source of news. You can go to snopes.com to verify the content of an e-mail, as well as other rumors. • >>> TO: MASSAOL@aol.com >>> FROM: GatesBeta@microsoft.com >>> ATTACH: Tracklog@microsoft.com/Track883432/~TraceActive/On.html >>> Hello Everyone, >>> And thank you for signing up for my Beta Email Tracking >>> Application or (BETA) for short. My name is Bill Gates. >>> Here at Microsoft we have just compiled an >>> e-mail tracing program that tracks everyone to whom this message >>> is forwarded to. It does this through an unique IP (Internet Protocol) >>> address log book database. We are experimenting with >>> this and need your help. Forward this to everyone you know >>> and if it reaches 1000 people everyone on the list will >>> receive $1000 and a copy of Windows98 at my expense. >>> Enjoy. >>> Note: Duplicate entries will not be counted. You will be >>> notified by email with further instructions once this email >>> has reached 1000 people. Windows98 will not be shipped >>> unitl it has been released to the generalpublic. >>> Your friend, >>> Bill Gates & The Microsoft Development Team. Subject: Make A Wish Foundation (fwd) A plea from a sick little girl Little Kimberly Anne is dying of a horrible tropical disease. Her goal, before she passes into the Great Beyond, is to collect as many free America Online disks as she can, to make the Guiness Book of Records. Her project is being sponsored by the Wish-Upon-a-Star Foundation, which specializes in fulfilling the final wishes of such sick little girls. So, next time you get an unwanted AOL disk in the mail, don't throw it away! Think of the sparkle it will bring to the eye of a dying child. Write on the package: [Address deleted to prevent this hoax from continuing.] Please copy this message and circulate it to your friends, neighbors, and ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ co-workers. Only you can child's wish reality! God bless you from the Wish-Upon-a-Star Foundation!</h3>
Email EncryptionE-mail is currently the popular form of business communication. E-mail (SMTP) messages are not encrypted when being sent over the Internet. Some companies will have encryption for internal e-mails. Some devices such as Blackberries offer encryption for messages to other Blackberry users.Web Site EncryptionWeb sites which are encrypteduse public/private key encryption.These web sites use the https://The web browser will also displaya lock. If you click on the area tothe left of the https, you can seethe security certificate. The website is also verified as authenticby a 3rd party such as VeriSign.
Protecting Against Hardware Loss, Hardware Damage, and System Failure Who would you trust to give you drugs?
Which one of these software programs is from a well-known company? Since a program can affect your computer the same way a drug can affect your body, who do you trust to install a program on your computer?
Be careful installing web browser plug-ins – this is a popular way to trick you into installing malware. The safest way to install a plug-in is to go to the site that makes the software rather than the site that tries to install it for you. Here are some popular browser plug-ins. Be careful when you install legitimate software because the installation program often tries to install extra unneeded software. Java – from www.sun.com Flash – from www.adobe.com Acrobat Reader – from www.adobe.com Shockwave – from www.adobe.com Quicktime – from www.apple.com RealPlayer – from www.realaudio.com Windows Media Player – from www.microsoft.com
Most add-on toolbars contain adware and/or spyware My recommendation: DON’T install them. If you REALLY want it, research it first.
To protect hardware from damage due to power fluctuations, everyone should use a surge suppressor with a computer whenever it is plugged into a power outlet. Users who want their desktop computers to remain powered up when the electricity goes off should use an uninterruptible power supply (UPS).
WiFi Security - prevents unauthorized access and piggybacking - provides encryption WEP(least secure) Wired Equivalent Privacy WPA(more secure) WiFi Protected Access
Firewalls • Firewalls block unrequested Internet traffic to your computer. • Windows includes the Windows Firewall (software firewall) • Many home DSL/Cable routers include a firewall (hardware firewall)
What is your primary defense against hardware loss, damage, or system failure? Backups!!!!!!!!!!! • Securing Backup MediaThe media used to store backups (tapes, CD-R, DVD-R) needs to be secure. Fireproof safes provide some protection. Off-site storage of backups adds considerable protection of media. Data storage companies store backup media at secure remote locations. Disaster Recovery PlanSpells out what an organization will do to prepare for and recover from a disruptive event.Q: What data do YOU have that should be backed up?Q: How do YOU backup your data?