290 likes | 458 Views
Pertemuan 21 Masyarakat dan Teknologi Informasi Masa Kini. Matakuliah : T0604 - Pengantar Teknologi Informasi Tahun : 200 8 Versi : 2 .0/0.0. Sumber: Chapter 9. The Challenges of Digital Age: Society and IT, p.463.
E N D
Pertemuan 21Masyarakat dan Teknologi Informasi Masa Kini Matakuliah : T0604-Pengantar Teknologi Informasi Tahun : 2008 Versi : 2.0/0.0 Sumber: Chapter 9. The Challenges of Digital Age: Society and IT, p.463 Williams, B.K, Stacy C. Sawyer (2007). Using Information Technology: A Practical Introduction to Computers & Communications. Seventh Edition, McGraw-Hill, New York. ISBN-13: 978-0-07-110768-6
Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : • menjelaskan: bagaimana data digital digunakan utk membodohi orang lain, dan dapat menjelaskan jenis-jenis ancaman pada komputer, dan karakteristik dari lima komponen sekuriti (C2)
Outline Materi • Truth Issues: Manipulating Digital Data • Security Issues: Threats • Security: Safeguarding Computers & Communications
Truth Issues: Manipulating Digital Data • Digital Images and Sounds can be manipulated • Pro: Creates new forms of art • Morphing software makes one image morph into another http://www.cs.utah.edu/~dejohnso/morph.html • Movies such as “Crouching Tiger, Hidden Dragon” and “Harry Potter” contain many scenes that could never actually happen • Adobe Photoshop allows changes, enhancements to photos • Digital technology allows musicians to sing every track of a song and accompany themselves • Con: Has made photographs & recordings untrustworthy • Famous Yalta summit photo edited: Stallone added in!
Truth Issues: Manipulating Digital Data • Photographs may not be authentic • Photographs may be deliberately misleading • 1994 Time magazine photo of O.J. Simpson was digitally darkened to make him appear sinister • Could this have biased potential jury members? • Fashion model photos are routinely elongated to make models appear more slender • How many girls become anorexic to try to match those models’ impossible perfection? • http://www.etniesgirl.com/blog/2005/11/30/photoshop-101-even-models-have-flaws • http://www.tutorialized.com/tutorial/Basic-Model-Retouching/9547 • http://news.bbc.co.uk/1/hi/health/769290.stm
Truth Issues: Manipulating Digital Data • Techniques to combat digital deception • Prof. William H. Mitchell of M.I.T. wrote the first systematic, critical analysis of the digital revolution • Corbis http://pro.corbis.com/ adds a digital watermark to its photos • Hany Farid of Dartmouth College devised algorithms to detect changes to uncompressed digital photos • Prof. Jessica Fridrich of S.U.N.Y. at Binghamton is researching digital cameras that hide a picture of the photographer’s iris inside each digital photo
Truth Issues: Manipulating Digital Data • Limitations of Public databases • You can’t get the whole story • Start with a public database, THEN do more research • The data is not necessarily accurate • Cross-check against multiple sources • Each database service has boundaries • Know what those boundaries are • Different keywords bring different results • History is limited • These databases often begin with data from 1980 or later
Security Issues: Threats • Errors and accidents • Natural hazards • Computer crime • Computer criminals Is my computer safe? I’m concerned about it. What do I need to do to use it safely for work, home, and school?
Security Issues: ThreatsErrors & Accidents • Human errors • People choose the wrong computer • Too simple or too complex • Human emotions affect performance • People get frustrated • Human perceptions are slower than the equipment • Watch out when you click the OK button! You may have just deleted something important!
Security Issues: ThreatsErrors & Accidents • Procedural errors • When people fail to follow safe procedures, errors can occur • Software errors • Programmers make coding errors • Famous example: Utility billing software: • Customer pays early – software credits account • Customer pays late – software credits account, adds late fee in for next bill • Programmer forgot to consider customers who pay exactly on time – their payments were never credited at all!
Security Issues: ThreatsErrors & Accidents • Electromechanical problems • Mechanical systems wear out • Power failures shut down computers unless you have battery backup • Using cellphones and Blackberries while driving can cause people to crash • Dirty data problems • Incomplete, updated, or inaccurate data • Check your records – medical, school, and credit to make sure they are accurate • Natural hazards can lead to disasters
Security Issues: ThreatsComputer Crimes • Two types of computer crime • It can be an illegal act perpetrated against computers or telecommunications • It can be the use of computers or telecommunications to accomplish an illegal act
Security Issues: ThreatsComputer Crimes • Theft of hardware • Theft of software • Theft of online music and videos • Theft of time and services • Theft of information • Internet-related fraud • Taking over your PC • Crimes of malice • Computer criminals
Security Issues: ThreatsComputer Crimes • Theft of hardware can range from • Shoplifting an item from a computer store • Stealing an entire PC or laptop • Theft of software • Pirated software is software obtained illegally • This includes “softlifting” - buying one copy of the software and using it on multiple computers • Software makers have prosecuted both companies and individuals including students for software piracy
Security Issues: ThreatsComputer Crimes • Theft of online music and movies • Entertainment industry takes this seriously and prosecutes offenders • Stealing music • Illegal file swapping services • Damages can be up to $150,000 per song • Stealing movies • The film industry has taken aggressive aim at pirated movies • 11-nation crackdown announced in 2005
Security Issues: ThreatsComputer Crimes • Theft of time and services • Theft of computer time at work • Surfing or playing games when you should be working • Some employees violate policy by conducting personal business online such as online auctions from work • Most employers have policies against viewing X-rated web sites at work • Theft of phone services • Phone phreaks use company phone systems to make “free” unauthorized long distance calls • Why break the law, when you can get free long distance over the internet using skype www.skype.com
Security Issues: ThreatsComputer Crimes • Theft of Information • A common crime today • Can include theft of personal information, medical information, or credit card and financial information • Legislation to make it a crime to steal someone’s identity was the 1998 Identity Theft and Assumption Deterrence Act • The U.S. Department of Justice discusses their approach to this crime at http://www.usdoj.gov/criminal/fraud/idtheft.html • If you are a victim of identity theft, you may file a report online at the Federal Trade Commission’s website at https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG_CODE=PU03
Security Issues: ThreatsComputer Crimes • Internet-related Fraud • Because it lends itself to anonymity, internet-related fraud is becoming more common • Well-known examples include: • Nigerian letter scam • Letter says you can get a lot of money out of Nigeria if you pay a “money transfer fee” first • Evil twin attacks • A cracker sets up an attack computer as a duplicate public access point in a public location • Phishing • Sending emails that appear to come from a trusted source that links you to a website where you type in personal information that is intercepted by the phisher
Security Issues: ThreatsComputer Crimes • Internet-related Fraud (continued) • Pharming • Malicious software is implanted in your computer that directs you to an imposter web page • Trojan horses • A program such as a “free” online game or screensaver that loads hidden programs that take over your computer or cause mischief without your knowledge • For example, Windows users who install the phony MSN Messenger Version 8 "beta" are actually installing an IM worm that spreads to their IM contacts, and connects their computer to a remote control "bot" network run by malicious hackers
Security Issues: ThreatsComputer Crimes • Crimes of Malice: Crashing entire computer systems • Sometimes criminals are more interested in vandalizing systems than they are in gaining control of them • In 2003, an entrepreneur with a grudge because he lost a sale retaliated by shutting down the WeaKnees website • Crackers regularly attempt to crash Microsoft’s website • Security specialists monitor for possible cyber-attacks on electrical and nuclear power plants, dams, and air traffic control systems • Crackers have attacked the internet too and brought down large sections of it
Security Issues: ThreatsComputer Crimes • Computer criminals may include • Individuals or small groups who • Use fraudulent email and websites • Steal peoples’ identities for monetary gains • Show off their power for bragging rights • Employees who • Have a grudge against their current or former employers • Have a grudge against another employee • Sell their company’s secrets for personal profit • Outside partners and company suppliers
Security Issues: ThreatsComputer Crimes • Computer criminals may also include • Corporate spies • Enemy foreign intelligence services • Organized crime • Terrorists • Computer criminals do not include your employer, who is legally allowed to monitor the computers at work • Check your company’s computer usage policy • Make sure you follow the rules • Know that any data you store in the computer at work – including emails – is company property
Security: SafeguardingComputers & Communications • Security is • A system of safeguards for protecting information technology against disasters, system failures, and unauthorized access that can result in damage or loss • Computer Security’s Five Components • Deterrence of computer crime • Identification and access • Encryption • Protection of software and data • Disaster recovery plans
Security: SafeguardingComputers & Communications • Deterrents to computer crime • Enforcing laws • CERT: The Computer Emergency Response Team • Provides round-the-clock information on international computer security threats • The CERT website is www.cert.org • For example, on December 15, 2005 announced a partnership between the US and ictQatar, the Qatar Supreme Council for Information and Communications Technology, to conduct and coordinate cybersecurity activities • On December 13, 2005 CERT issued alert SA05-347A documenting Windows Explorer vulnerabilities
Security: SafeguardingComputers & Communications • More deterrents to computer crimes • Tools to fight fraudulent and unauthorized online uses • Rule-based detection software • Predictive-statistical-model software • Employee internet management software • Internet filtering software • Electronic surveillance • Verify legitimate right of access • Use cards, keys, signatures, and badges • Use PINs and passwords • Use physical traits and personal identification
Security: SafeguardingComputers & Communications • Encryption • The process of altering readable data into unreadable form to prevent unauthorized access • Advantage: encrypting data that is available over the internet keeps thieves and crackers from reading it • On Dec. 7, 2005, Guidance Software, a maker of Computer Forensics software, informed their customers that criminals had stolen their credit cards because Guidance had FAILED to encrypt a database that was accessible over the internet • Disadvantage: encrypting data may prevent law-enforcement officials from reading the data criminals are sending to each other Discussion Question: Does information privacy outweigh law enforcement’s needs to track down and prosecute criminals? Should we all encrypt our information to prevent crackers and criminals from stealing it?
Security: SafeguardingComputers & Communications • 4 ways to protect software & data • Educate employees in backing up data, virus protection, and not sharing passwords • Control of access to restrict usage • Audit controls to document who used what programs and computers and when • People controls include screening applicants, background checks, monitoring internet, email, and computer usage
Security: SafeguardingComputers & Communications • Disaster-recovery plans • A method of restoring information-processing operations that have been halted by destruction or accident • Reinforced by 2001 World Trade Center attack • Reinforced by company data losses incurred during 2005 Hurricane Katrina • Plans range in price and complexity from • Backing up data from disk to tape, CD, or zip disk, with a UPS • Automatically storing data redundantly in two places, with a generator • Having an off-site computerized data storage center with independent power supply • Having a complete “hot” redundant data center that can instantly be used if there is a disaster More $$$