Chapter 4 Computer Science :: Computer Ethics and Security
1.
2.
3. Why ?
At the end of this chapter, student should be
able to :
● defining ;
○ computer ethics, computer security risks
● list areas of computer ethics.
● identify types of security risks.
● identify different ways to overcome security risks
● identify types of Intellectual Property
● describe the importance of Intellectual Property
why peoples, especially students who enrolled SC015 need to acquire
the knowledge of - Computer Ethics & Security ?
4. Ethics and Society
Ethics,
standards determine whether an action is good
or bad
Computer Ethics,
moral guidelines that govern the use of
computers and information systems.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 581
5. Ethics and Society cont'
Seven (7) frequently discussed areas of
computer ethics are :-
1. unauthorized use of computers & networks.
2. software theft (piracy).
3. information accuracy.
4. intellectual property rights.
5. codes of conduct.
6. information privacy, and
7. green computing.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 581
6. Ethics and Society cont'
Seven (7) frequently discussed areas of
computer ethics are :-
1. unauthorized use of computers & networks.
2. software theft (piracy).
3. information accuracy.
4. intellectual property rights.
5. codes of conduct.
6. information privacy, and
7. green computing.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 581
We discuss about
these list later, :)
7. Computer Security Risks
Chapter 11 - Manage Computing Securely. Safely and Ethically page 556
Computer Security Risks
any event or action that could cause a loss or damage to
computer
Computer Crime
any illegal act involving a computer.
Cybercrime
online or Internet-based illegal acts.
8. Computer Security Risks cont'
Chapter 11 - Manage Computing Securely. Safely and Ethically page 556
*Perpetrators of cybercrime fall into seven (7)
basic categories :-
hacker, cracker, script kiddie, corporate spy, unethical
employee, cyberextortionist and cyberterrorist.
perpetrators - someone who has committed a crime
9. Computer Security Risks cont'
Chapter 11 - Manage Computing Securely. Safely and Ethically page 556
#1. Hacker
● a computer *enthusiast.
● accessing computer or network illegally.
● the intention of their security breaches is to
improve security.
● advanced computer & network skills.
enthusiast - person who is highly interested in a particular
activity or subject.
10. Computer Security Risks cont'
Chapter 11 - Manage Computing Securely. Safely and Ethically page 556
#2. Cracker
● illegally accessing computer with intention to,
● destroy data, stealing information and
attempting several malicious act.
● advanced computer & network skills.
11. Computer Security Risks cont'
Chapter 11 - Manage Computing Securely. Safely and Ethically page 556
#3. Script Kiddie
● same intention with cracker BUT,
● lack technical skills knowledge.
● depends on prewritten hacking and cracking
programs to break into computers.
enthusiast - person who is highly interested in a particular
activity or subject.
12. Computer Security Risks cont'
Chapter 11 - Manage Computing Securely. Safely and Ethically page 556
#4. Corporate Spy
● excellent computer & networking skills.
● hired to break & steals *proprietary data &
informations in a computers, OR
● to help identify security risks in own
companies.
proprietary - relating to an owner or ownership.
13. Computer Security Risks cont'
Chapter 11 - Manage Computing Securely. Safely and Ethically page 556
#5. Unethical Employee
● exploiting a security weakness.
● seeking financial gains from selling
confidential information.
● unsatisfied employees may want to revenge.
proprietary - relating to an owner or ownership.
14. Computer Security Risks cont'
Chapter 11 - Manage Computing Securely. Safely and Ethically page 557
#6. Cyberextortionist
● uses e-mail for extortion.
● threatening (if they are not paid with money)
actions such as :-
○ exposing confidential information
○ exploit security flaw
○ launch an attack (compromising the
organization's network)
15. Computer Security Risks cont'
Chapter 11 - Manage Computing Securely. Safely and Ethically page 557
#7. Cyberterrorist
● uses Internet or network to,
● destroy or damage computers for,
● political reasons
● targetting :-
○ nation's air traffic control system
○ electricity-generating companies
○ telecommunications infrastructures.
16. Computer Security Risks cont'
Chapter 11 - Manage Computing Securely. Safely and Ethically page 557
The more common computer security risks
include :-
Internet and Networks Attacks, Unauthorized Access and
Use, Hardware/Software/Information Theft and System
Failure
17. Computer Security Risks cont'
Chapter 11 - Manage Computing Securely. Safely and Ethically page 557
The more common computer security risks
include :-
18. Computer Security Risks cont'
Chapter 11 - Manage Computing Securely. Safely and Ethically page 557
The more common computer security risks
include :-
Internet and Networks Attacks, Unauthorized Access and
Use, Hardware/Software/Information Theft and System
Failure
19. after completing this section you will be
able to
Describe various types of Internet and network attacks
(computer viruses, worms, Trojan horses, rootkits, botnets,
denial of service attacks, back doors, spoofing), and
Identify ways to safeguard (safety/security measures)
against these attacks, including using firewalls, intrusion
detection software and honeypots.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 555
Common
Internet/Network Attacks
20. Common Computer Security Risks #1
Internet and Networks Attacks
Chapter 11 - Manage Computing Securely. Safely and Ethically page 558
Internet and networks attacks that *jeopardize security
includes :-
jeopardize - put (someone or something) into a
situation in which there is a danger of loss, harm, or
failure
● rootkits;
● botnets;
● denial of service
attacks;
● spoofing
● computer viruses,
● worms,
● Trojan horses
21. Common Computer Security Risks #1
Internet and Networks Attacks
Computer Viruses, Worms, Trojan Horses, and
Rootkits
Chapter 11 - Manage Computing Securely. Safely and Ethically page 558
● Every unprotected computer is susceptible to the first
type of computer security risk
● Computer viruses, worms, Trojan horses, and rootkits
are classified as malware (short for malicious software).
● Malware - program that act without user's knowledge
and deliberately alter the computer's operation.
22. Common Computer Security Risks #1
Internet and Networks Attacks
Computer Viruses, Worms, Trojan Horses, and
Rootkits
Chapter 11 - Manage Computing Securely. Safely and Ethically page 558
● Virus or computer virus is a program
(computer program)
● create to infects a computer, and
gives negatives effects (damaging
files, system software, and
operating system)
● altering the operation of a computer
without user's knowledge or
permission.
23. Common Computer Security Risks #1
Internet and Networks Attacks
Computer Viruses, Worms, Trojan Horses, and
Rootkits
Chapter 11 - Manage Computing Securely. Safely and Ethically page 558
● Worm is also a program (computer
program)
● create to copy itself in a computer,
and gives negatives effects (using
up resources and possibly
shutting down a computer or
network)
● repeatedly copies and resides in
memory of a computer, or even in
the network.
24. Common Computer Security Risks #1
Internet and Networks Attacks
Computer Viruses, Worms, Trojan Horses, and
Rootkits
Chapter 11 - Manage Computing Securely. Safely and Ethically page 558
● Trojan horse is also a program
(computer program)
● looks like a legitimate program,
and gives negatives effects when
being triggered (damaging files,
system software, and operating
system)
● does not replicate such as worms.
25. Who ? who creates - Computer Viruses, Worms,
Trojan horse ?
Why ? why they creates these malicious program ?
What ? What is the similarities of Computer Viruses, Worms and
Trojan horse ?
and what about Rootkits ?
How ?
.. how does a viruses, or a worm infected computer ?
27. What ? What are the symptoms if a computer has been compromised
by a virus, worm, trojan horse
How ?
.. to secure (safeguards) computer from all threats
(Computer Virus, Worm, Trojan horse and rootkits - and
all of their siblings ? (spyware, back door)
Common Computer Security Risks #1
Internet and Networks Attacks
Computer Viruses, Worms, Trojan Horses, and
Rootkits
28. What ?
What are the symptoms if a computer has been compromised
by a virus, worm, trojan horse
● operating system (OS) run much slower than usual
● available memory is less than expected
● files becomes corrupted
● screen displays unusual message or image
● musics or unusual sounds play
randomly
● existing programs and files
disappear
● system properties change
● OS does not start-up
● OS shuts down unexpectedly
29. How
to safeguards a
computer from viruses ?
Chapter 11 - Manage Computing Securely. Safely and Ethically page 560
30. ● by using any antivirus program, user can safeguards a
computer system from viruses and other malware.
● Antivirus program - a program that protects
computer against viruses by identifying and removing
any computer viruses found in memory, on storage
media or on incoming files.
● Popular antivirus program ;
○ Kaspersky Anti-Virus
○ avast! antivirus
○ CA Anti-Virus
○ McAfee VirusScan
○ AVG Anti-Virus
Chapter 11 - Manage Computing Securely. Safely and Ethically page 560
Safeguards against Computer Viruses and other
Malware
31. Common Computer Security Risks #1
Internet and Networks Attacks
Chapter 11 - Manage Computing Securely. Safely and Ethically page 562
Internet and networks attacks that jeopardize security
includes :-
jeopardize - put (someone or something) into a
situation in which there is a danger of loss, harm, or
failure
● rootkits;
● botnets;
● denial of service
attacks;
● spoofing
● computer viruses,
● worms,
● Trojan horses
32. Common Computer Security Risks #1
Internet and Networks Attacks
Botnets; Denial of Services (DoS) Attacks; and Spoofing.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 562
● group of compromised computers
in a network.
● compromised computers also
known as zombies - a computer that
being controlled remotely by an
outsider.
● used as a part of network to attack
other networks, usually for *nefarious
purposes.
nefarious - wicked or criminal: "the nefarious activities of the
organized-crime syndicates".
.
33. Common Computer Security Risks #1
Internet and Networks Attacks
Botnets; Denial of Services (DoS) Attacks; and Spoofing.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 562
● an assault to an Internet services
(example of Internet services : web
e-mails).
● purpose to disrupt computer
access to an Internet services
● variant of DoS is distributed DoS or
DDoS (using zombies).
34. Common Computer Security Risks #1
Internet and Networks Attacks
Botnets; Denial of Services (DoS) Attacks; and Spoofing.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 563
● technique that make their network
or Internet transmission appear
legitimate to a victim computer or
network.
● spoofing variants includes ;
○ e-mail spoofing
○ IP-spoofing
35. Common Computer Security Risks #1
Internet and Networks Attacks
Chapter 11 - Manage Computing Securely. Safely and Ethically page 562
Internet and networks attacks that *jeopardize security
includes :-
jeopardize - put (someone or something) into a
situation in which there is a danger of loss, harm, or
failure
● rootkits;
● botnets;
● denial of service
attacks;
● spoofing
● computer viruses,
● worms,
● Trojan horses
36. Chapter 11 - Manage Computing Securely. Safely and Ethically page 560
How
to safeguards a
computer from ..
Botnets, DoS, DDoS, Spoofing - and all of their
siblings ? (rootkit, back doors)
37. Chapter 11 - Manage Computing Securely. Safely and Ethically page 563
Safeguards against Botnets, DoS/DDoS Attacks, Back
Doors and Spoofing
some of the latest antivirus programs include provisions to
protect a computer from DoS/DDoS attacks.
user also can ;
● use firewall solutions,
● install an *intrusion detection software, and
● setup *honeypots
38. Firewall ;
● is a hardware and/or software
● protect a network’s resources from intrusion by users on
another network (i.e Internet)
● should be implemented in all networked computer.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 563
Safeguards against Botnets, DoS/DDoS Attacks, Back
Doors and Spoofing
39. Personal Firewall ;
● is a utility program (firewall software)
● detects and protects personal computer and its data
from unauthorized intrusions.
● constantly monitor transmissions and inform user of any
attempted intrusion.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 563
Safeguards against Botnets, DoS/DDoS Attacks, Back
Doors and Spoofing
Stand-Alone Personal Firewall
Software
● Norton Personal Firewall
● CA Personal Firewall
● McAfee Internet Security
● Webroot Desktop Firewall
● ZoneAlam Pro
● *Windows Firewall
* included with the installation of
Windows-based operating system
40. example concept, the uses of Firewall ;
Chapter 11 - Manage Computing Securely. Safely and Ethically page 563
Safeguards against Botnets, DoS/DDoS Attacks, Back
Doors and Spoofing
41. Computer Security Risks cont'
Chapter 11 - Manage Computing Securely. Safely and Ethically page 564
The more common computer security risks
include :-
Internet and Networks Attacks, Unauthorized Access and
Use, Hardware/Software/Information Theft and System
Failure
42. Chapter 11 - Manage Computing Securely. Safely and Ethically page 564
Common Computer Security Risks #2
Unauthorized Access
and Use
● Unauthorized access - the use of a computer
without permission.
● Unauthorized use - the use of computer or
its data for unapproved or possibly illegal
act.
○ illegal act includes;
■ sending personal e-mail messages.
■ accessing to a bank computer and perform
unauthorized transfer,
■ etc
43. Chapter 11 - Manage Computing Securely. Safely and Ethically page 565
How
to safeguards a computer from ..
Unauthorized Access and Use
44. Chapter 11 - Manage Computing Securely. Safely and Ethically page 565
Safeguards against Unauthorized Access and Use
● organizations should use access control to minimize the
chance of a perpetrator intentionally accessing
confidential information on a computer.
● Access control - a security measure that defines who
can access computer, what actions they can take while
accessing the computer.
● Two-phases process in implementing access-control is ;
○ identification ,
■ process to verifies the validity of a user.
○ authentication
■ process to verifies the individual is the person he or she claims to
be.
45. Chapter 11 - Manage Computing Securely. Safely and Ethically page 566
Safeguards against Unauthorized Access and Use
● Identification and Authentication Methods
○ user name
○ password
● User name or user ID (identification), is a unique
combination of characters (alphanumeric) that identifies
one specific user.
● Password, private combination of characters
associated with the user name that allow access to
certain computer resources.
46. Computer Security Risks cont'
Chapter 11 - Manage Computing Securely. Safely and Ethically page 570
The more common computer security risks
include :-
Internet and Networks Attacks, Unauthorized Access and
Use, Hardware/Software/Information Theft and System
Failure
47. Chapter 11 - Manage Computing Securely. Safely and Ethically page 570
Common Computer Security Risks #3
Hardware/Software/Information
Theft
● hardware theft - act of stealing computer equipment.
● software theft's variants act includes;
■ steals software media
■ intentionally erases programs
■ illegally copies a programs, OR/AND
■ illegally registers and/or activates program
● information theft - act of stealing personal or confidential
info.
48. Chapter 11 - Manage Computing Securely. Safely and Ethically page 570
How
to safeguards a computer
from ..
Hardware, Software, Information
Theft
49. Chapter 11 - Manage Computing Securely. Safely and Ethically page 570
Safeguards against Hardware Theft
● using physical access controls such as ;
○ locked doors and windows
● installing alarm systems for additional security.
● attach physical security devices such as cables that lock
○ equipment to desk.
○ mobile computer to a stationary object.
50. ● to protect software media from
being stolen owners should keep ..
○ original software boxes and media in
secure location (i.e media cabinets with
lock).
● to protect from software piracy,
software manufacturers should ..
○ issue users license agreement,
■ the right to use the software
● (single user license/end-user license
agreement)
Chapter 11 - Manage Computing Securely. Safely and Ethically page 571
Safeguards against Software Theft
51. ● to protect information on the Internet and
networks, organizations and individuals use
a variety of encryption techniques.
○ encryption - converting readable data (plaintext) into
unreadable characters (ciphertext), preventing
unauthorized access.
○ decryption - converting unreadable data (ciphertext)
to its original state/data (plaintext)
○ the study of encryption and decryption process (to
promote a secure communication) is often known as
a cryptography.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 573
Safeguards against Information Theft
52. Computer Security Risks cont'
Chapter 11 - Manage Computing Securely. Safely and Ethically page 575
The more common computer security risks
include :-
Internet and Networks Attacks, Unauthorized Access and
Use, Hardware/Software/Information Theft and System
Failure
53. Chapter 11 - Manage Computing Securely. Safely and Ethically page 570
Common Computer Security Risks #4
System Failure
● System failure is a prolonged malfunction of a
computer.
● It can cause loss of ;
○ hardware, software, data and information.
● Cause ;
○ aging hardware
○ natural disasters (fires, flood, hurricanes,
earthquake)
○ random events (*electrical power problems)
○ error in computer program
* the most common cause of system failure
54. Chapter 11 - Manage Computing Securely. Safely and Ethically page 570
How
to safeguards a computer
from ..
System Failure ?
55. ● to protect against electrical power
variations, use
■ surge protector (also called surge-
protector)
● uses special electrical components to ;
○ stabilize current flow, and keep out
overvoltage from reaching
computer/electronic equipment.
■ uninterruptable power supply (UPS)
● a device that contains surge protection
circuit and a batteries - that provide
temporary power during loss of power.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 571
Safeguards against System Failure
56. Chapter 11 - Manage Computing Securely. Safely and Ethically page 577
How
to safeguards a computer from ..
ALL OF THE ABOVE ?
Common Security Risk ;
#1 Internet & Network Attacks
#2 Unauthorized Access & Use
#3 Theft (Hardware/Software/Information)
#4 System Failure
57. ● to protect against all computer security
risk, computer user should ;
■ back-up (duplicates files,program or
disk) so it can be used (restore) if
the original is lost, damage or
destroyed.
● to back-up is to make a copy of files,
program or disk
○ manually back-up - copy data to any
available storage media.
○ back-up program/software
Chapter 11 - Manage Computing Securely. Safely and Ethically page 577
Ultimate Safeguards -
Back-up
58. Ultimate Safeguards -
Human Aspects : Awareness
previous CS015 Computer Security Risk slideshow
● expose employees or staff to computer
security through continuously security training,
courses.
● make a systematic routine check to update
(security patches, virus definition,other
malicious code) a computer system - early
preventing a threat/risks.
● proper handling of computer and information
59. Objectives check !
● defining ;
○ computer ethics, computer security risks
● list areas of computer ethics.
● identify types of security risks.
● identify different ways to overcome security risks
● identify types of Intellectual Property
● describe the importance of Intellectual Property
60. Ethics and Society cont'
Seven (7) frequently discussed areas of
computer ethics are :-
1. unauthorized use of computers & networks.
2. software theft (piracy).
3. information accuracy.
4. intellectual property rights.
5. codes of conduct.
6. information privacy, and
7. green computing.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 581
OK let’s discuss,
:)
61. Ethics and Society
Ethics,
standards determine whether an action is good
or bad
Computer Ethics,
moral guidelines that govern the use of
computers and information systems.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 581
62. Ethics and Society cont'
Seven (7) frequently discussed areas of
computer ethics are :-
1. unauthorized use of computers & networks.
2. software theft (piracy).
3. information accuracy.
4. intellectual property rights.
5. codes of conduct.
6. information privacy, and
7. green computing.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 581
63. Ethics and Society cont'
Information Accuracy
Terminologies and their meaning ;
● Intellectual Property (IP) - unique and original works (i.e ideas,
inventions,art,writing,product,logos)
○ Intellectual property rights - rights to which creator are
entitled for their work.
■ Copyright - exclusive rights given to author/artist for their
materials.
● copyright infringement is piracy
○ infringement is a violation (an act that disregard an
agreement of a right)
● Code of Conduct - written guideline that help determine whether a
specific computer action is ethical or unethical.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 582
64. Ethics and Society cont'
Importance of Intellectual Property
The importance of Intellectual Property ;
● to protect the original creation from individuals.
● to preserve features and process that make thing work ( inventor
will therefore benefits - get a profit , from their work)
previous CS015 Computer Security Risk slideshow
65. Ethics and Society cont'
Type of Intellectual Property
http://www.myipo.gov.my/home
A patent is an exclusive right granted for an
invention, which is a product or a process that
provides a new way of doing something, or
offers a new technical solution to a problem.
A trade mark is a sign which distinguishes the
goods and services of one trader from those of
another. A mark includes words, logos,
pictures, names, letters, numbers or a
combination of these.
A copyright exclusive rights given to
author/artist for their materials (literary works;
musical works; artistic works; films; sound
recordings; broadcasts; and derivative works)
67. Ethics and Society cont'
Code of Conduct
Code of Conduct - written guideline that help determine whether a specific computer action is ethical
or unethical.
The sample of IT Code of Conduct ;
Chapter 11 - Manage Computing Securely. Safely and Ethically page 583
68. Ethics and Society cont'
Information Privacy
Terminologies and their meaning ;
● Information Privacy - right of individuals and companies to deny
or restrict the collection and use of information about them.
○ Risk relating to privacy of information ;
■ Spam
■ Phishing
■ Pharming
■ Spyware and Adware
Chapter 11 - Manage Computing Securely. Safely and Ethically page 582
69. Ethics and Society cont'
Information Privacy : Risk#1 Spam
Spam (also known as Internet junk mail)
● Spam - unsolicited e-mail message or newsgroup posting sent to
many recipients or newsgroup at once.
○ *unsolicited - not asked for, given or done voluntarily : “unsolicited junk mail”
● content of spam ranges from
○ selling product or service
○ promoting business opportunity
○ advertising offensive material
Safeguard your privacy from Spam !
1. use e-mail filtering - a service that block e-mail messages from
designated sources
2. purchase and use anti-spam program - help to remove spam before it
reaches your inbox
Chapter 11 - Manage Computing Securely. Safely and Ethically page 587
70. Ethics and Society cont'
Information Privacy : Risk#1 Spam
example (spam e-mail message)
Chapter 11 - Manage Computing Securely. Safely and Ethically page 587
71. Ethics and Society cont'
Information Privacy : Risk#2 Phishing
Phishing (also known as Scam)
● Phishing - a scam in which perpetrator sends and official looking
e-mail message that attempt to obtain individuals personal
and financial information.
● method of operations ;
○ an e-mail asking to reply a personal information, or
○ an e-mail with a link that direct individuals to a phony (fake)
Web to collect the information.
Safeguard your privacy from Phishing !
1. if an e-mail looks legitimate, it is recommend to visit the official site
directly (never click the link provided in the e-mail)
2. use phishing filter (available in some Web browsers) - a program that
warns or block user from potentially fraudulent (fake) or suspicious
sites.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 587
72. Ethics and Society cont'
Information Privacy : Risk#3 Pharming
Pharming (also known as Scam, similar to Phishing)
● Pharming - a scam in where perpetrator attempts to get individuals
personal and financial information via spoofing process
● method of operations ;
○ user type in a Web address in the Web browser, user will
redirected to a phony Web sites that looks legitimate.
○ the phony (fake) Web sites is use to collect the victim
information.
Safeguard your privacy from Pharming !
1. if an e-mail looks legitimate, it is recommend to visit the official site directly (never
click the link provided in the e-mail)
2. use phishing filter (available in some Web browsers) - a program that warns or
block users from potentially fraudulent (fake) or suspicious sites.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 588
73. Ethics and Society cont'
Information Privacy : Risk#4 Spyware & Adware
Spyware
● a program placed on a computer without the user’s knowledge.
● the program secretly collect information about the user.
● method of operations ;
○ collect information regarding user’s Web browsing habits by
hiding spyware in adware - a program display an online
advertisement in a banner or pop-up windows on Web page, e-
mail messages, or other Internet services.
Safeguard your privacy from Spyware & Adware !
1. use spyware and adware remover - a program that helps to detect and
remove/delete spyware and adware.
2. some operating systems and Web browsers include spyware removers.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 588
74. Chapter 11 - Manage Computing Securely. Safely and Ethically page 584
Ethics and Society cont'
Green Computing
● involves reducing the electricity and
environmental waste while using a computer
75. Conclusion
This chapter identified some potential computer security
risks and the safeguards (security measure) that
organizations and individuals can implement to minimize
the risks.