1 / 33

Chapter 12

Chapter 12. Computer Security and Risks. Topics. On-line Outlaws: Computer Crime Computer Security: Reducing Risks Security, Privacy, Freedom, and Ethics: The Delicate Balance Security and Reliability.

richard_edik
Download Presentation

Chapter 12

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 12 Computer Security and Risks

  2. Topics On-line Outlaws: Computer Crime Computer Security: Reducing Risks Security, Privacy, Freedom, and Ethics: The Delicate Balance Security and Reliability “Computers are power, and direct contact with power can bring out the best or worst in a person.” Former computer criminal turned corporate programmer

  3. On-line Outlaws:Computer Crime • Computers are used to break laws as well as uphold them • Computer crime involves: • Theft by computer • Software piracy and intellectual property laws • Software sabotage • Hacking and electronic trespassing

  4. The Computer Crime Dossier • Computer crime is defined as any crime accomplished through knowledge or use of computer technology • The typical computer criminal is a trusted employee with no criminal record

  5. The Computer Crime Dossier • According to the FBI: • Financial losses topped $120 million in 1999 • More than 60 percentof corporate, university,and government sitesreport at least one break-in per year

  6. Theft by Computer • Theft is the most common form of computer crime • Computers are usedto steal: • Money • Goods • Information • Computer resources

  7. Software Piracy and Intellectual Property Laws • Software piracy is the illegal duplication of copyrighted software • Intellectual property includes the results of intellectual activities in the arts, sciences, and industry

  8. Software Piracy and Intellectual Property Laws • Property laws: • Inventions are patented • Trade secrets are covered by contract law • The expression of intellectual property can be copyrighted • Look-and-feel lawsuits can result from mimicking intellectual property

  9. Software Sabotage • Trojan horse - performs a useful task while also being secretly destructive; time bombs are an example • Virus - spreads by making copies of itself from program to program or disk to disk • Worm - a program that travels independently over computer networks, seeking uninfected sites Sabotage of software can include: These are referred to as a virus.

  10. Software Sabotage How software sabotage works:

  11. Software Sabotage Virus detection software locates and removes viruses • These programs need to be frequently revised • More than 200 new virus appear each month!

  12. Hacking and Electronic Trespassing • Hackers are people who enjoyed learning the details of computer systems • Hackers (or crackers) refers to people who break into computer systems • Webjackershijack Web pages and redirect users to other sites • Denial of Service (DOS) attacks bombards servers and web sites with traffic that shuts down the network

  13. Cliff Stoll discovered an international computer espionage ring because of a .75 cent accounting error. Hacking and Electronic Trespassing • Breaking into other computer systems is called electronic trespassing • Electronic crime rings focus on stealing credit card numbers and other valuable information

  14. Computer Security: Reducing Risks • Computer crime has led to a need to protect computer systems • Computer security attempts to protect computers and the information they contain • Computer security protects against unwanted access, damage, modification, or destruction

  15. Computer Security: Reducing Risks • Physical Access Restrictions • Passwords • Firewalls, Encryptions, and Audits • Backups • Law, Management, and Ethics A variety of security techniques are used to protect computer systems

  16. Physical Access Restrictions • Physical access restrictions are based on: • Something you have, such as a key, ID card with photo, or a smart card • Something you know, such as a password, an ID number, or a piece of personal history • Something you do, such as your signature or your typing speed and error patterns

  17. Physical Access Restrictions • Something about you, such as voice print, fingerprints, retinal scans, or other measurements of individual body characteristics (biometrics)

  18. Passwords Passwords are the most common tool for restricting access to computer system • Effective passwords are: • Not real words • Not names • Changed frequently • Kept secret • A mix of alphabet letters and numbers

  19. Firewalls, Encryption,and Audits These security systems reduce or prohibit the interception of messages between computers: • Firewalls are like gateways with a lock • Codes protect transmitted information and take a special key to decode • Shields are specially developed machines that prevent unwanted interception

  20. Firewalls • The computer serves as a firewall by scanning every message for security risks before allowing it to pass into or out of the LAN

  21. Encryption • To make a message secure from outsiders requires encryption software • Encryption software scrambles the sent message using a key • A different key is needed to unscramble the received message

  22. Encryption

  23. Audit-Control Software • Audit-control software monitors and records computer activity • Effective audit-control software forces every user to leave a trail of electronic footprints

  24. Backups and Other Precautions • The best and most widely used method to recover data is a routine for making regular backups • Many computer systemsare backed up at theend of each work day

  25. Human Security Controls:Laws, Management, and Ethics • Security measuresprevent crime, but can also pose threats to personal privacy • Managers must make employees aware of security issues and risks

  26. Security, Privacy, Freedom, & Ethics: The Delicate Balance • Active badges can simultaneously improve security and threaten privacy by: • identifying who enters a door or logs onto amachine • finding an employee’s location or where theyhave been throughout the day “In this age of advanced technology, thick walls and locked doors cannot guard our privacy or safeguard our personal freedom.” Lyndon B. Johnson

  27. Share with care Beware of BBS risks Don’t pirate software Disinfect regularly Treat diskettes withcare Take your password seriously Lock sensitive data Use backup systems Consider encryptionfor Internet activities Prepare for the worst Rules of Thumb:Safe Computing

  28. Security and Reliability • Computer security involves more than protection from trespassing, sabotage, and other crimes • Software errors and hardware glitches account for some of the most important security issues, such as: • Bugs and Breakdowns • Computers at War

  29. Bugs and Breakdowns • Software bugs do more damage than viruses and computer burglars combined. • Facts about software engineering: • It is impossible to eliminate all bugs. • Even programs that appear to work can contain dangerous bugs. • The bigger the system,the bigger the problem.

  30. Bugs and Breakdowns • Computer breakdowns pose a risk to the public and the incidence doubles every two years. • Hardware problems are rare when compared withsoftware failures

  31. Computers at War • Smart weapons are missiles that use computerized guidance systems to locate their targets. • An autonomous system is a complex system that can assume almost complete responsibility for a task without human input.

  32. Warfare in the Digital Domain • The front lines of the future may in cyberspace • By attacking computer networks an enemy could conceivably cripple: • telecommunications systems • power grids • banking and financial systems • hospitals and medical systems • water and gas supplies • oil pipelines • emergency government services

More Related