2. Learning Objectives
• LO6.1: Explain network and Internet security concerns
• LO6.2: Identify online threats
• LO6.3: Describe cyberstalking and other personal safety
concerns
• LO6.4: Assess personal computer
security
• LO6.5: Identify privacy concerns
• LO6.6: Discuss current network
and Internet security legislation
CMPTR Chapter 6: Network and Internet Security and Privacy 2
3. LO6.1: Understanding Security
Concerns
• Computer crime—or cybercrime—includes any illegal act
involving a computer.
• Cybercrime is a multibillion-dollar business that is often
conducted by seasoned criminals.
• All computer users should be aware of the security concerns
surrounding computer network and Internet use, and they
should take appropriate precautions.
CMPTR Chapter 6: Network and Internet Security and Privacy 3
4. LO6.1: Understanding Security
Concerns
• Topics Covered:
– Unauthorized Access and Unauthorized Use
– Hacking
– War Driving and Wi-FI Piggybacking
– Interception of Communications
CMPTR Chapter 6: Network and Internet Security and Privacy 4
5. Unauthorized Access and
Unauthorized Use
• Unauthorized access occurs whenever an individual gains
access to a computer, network, file, or other resource without
permission— typically by hacking into the resource.
• Unauthorized use involves using a computer resource for
unauthorized activities.
• To explain acceptable computer
use to their employees, students,
or other users, many organizations
and educational institutions
publish guidelines for behavior,
often called codes of conduct.
CMPTR Chapter 6: Network and Internet Security and Privacy 5
6. Hacking
• Hacking refers to the act of breaking into a computer or
network.
• The increased number of systems controlled by computers and
connected to the Internet, along with the continually
improving abilities of hackers and the increasing availability of
sets of tools that allow hackers to access a system, has led to
an increased risk of cyberterrorism—where terrorists launch
attacks via the Internet.
CMPTR Chapter 6: Network and Internet Security and Privacy 6
7. War Driving and Wi-Fi Piggybacking
• War driving typically involves driving in a car with a portable
computer looking for unsecured Wi-Fi networks to connect to.
• Wi-Fi piggybacking refers to accessing someone else’s
unsecured Wi-Fi network from the hacker’s current location
CMPTR Chapter 6: Network and Internet Security and Privacy 7
8. Interception of Communications
• Instead of accessing data stored on a computer via hacking,
some criminals gain unauthorized access to data, files, email
messages, VoIP calls, and other content as it is being sent over
the Internet.
• A new trend is criminals intercepting
credit and debit card information during
the card verification process; that is,
intercepting the data from a card in real
time as a purchase is being authorized.
CMPTR Chapter 6: Network and Internet Security and Privacy 8
9. LO6.2: Online Threats
• Topics Covered:
– Botnets
– Computer Viruses and Other Types of Malware
– Denial of Service (DoS) Attacks
– Data, Program, or Web Site Alteration
– Online Theft, Online Fraud, and Other Dot Cons
– Theft of Data, Information, and Other Resources
– Identity Theft, Phishing, and Pharming
– Protecting Against Identity Theft
– Online Auction Fraud and Other Internet Scams
CMPTR Chapter 6: Network and Internet Security and Privacy 9
10. Botnets
• A computer that is controlled by a hacker or other computer
criminal is referred to as a bot or zombie computer.
• A group of bots that are controlled by one individual and can
work together in a coordinated fashion is called a botnet.
• According to the FBI, an estimated one million U.S. computers
are currently part of a botnet.
CMPTR Chapter 6: Network and Internet Security and Privacy 10
11. Computer Viruses and Other Types
of Malware
• Malware is a generic term that refers
to any type of malicious software.
– Virus: a program installed without the user’s knowledge
and designed to alter the way a computer operates or to
cause harm to the computer system.
CMPTR Chapter 6: Network and Internet Security and Privacy 11
12. Computer Viruses and Other Types
of Malware
CMPTR Chapter 6: Network and Internet Security and Privacy 12
13. Computer Viruses and Other Types
of Malware
– Like a computer virus, a computer worm is a malicious
program that is typically designed to cause damage.
– A Trojan horse is a type of malware that masquerades
as something else—usually an application program.
CMPTR Chapter 6: Network and Internet Security and Privacy 13
14. Computer Viruses and Other Types
of Malware
CMPTR Chapter 6: Network and Internet Security and Privacy 14
15. Denial of Service (DoS) Attacks
• A denial of service (DoS) attack is an act of sabotage that
attempts to flood a network server or Web server with so
many requests for action that it shuts down or simply cannot
handle legitimate requests any longer, causing legitimate
users to be denied service.
CMPTR Chapter 6: Network and Internet Security and Privacy 15
16. Denial of Service (DoS) Attacks
• DoS attacks today are often directed toward popular sites and
typically are carried out via multiple computers.
– This is known as a distributed denial of service (DDoS)
attack.
CMPTR Chapter 6: Network and Internet Security and Privacy 16
17. Data, Program, or Web Site
Alteration
• Another type of computer sabotage occurs when a hacker
breaches a computer system to delete data, change data,
modify programs, or otherwise alter the data and programs
located there.
• Data on Web sites can also be altered by hackers.
CMPTR Chapter 6: Network and Internet Security and Privacy 17
18. Online Theft, Online Fraud, and
Other Dot Cons
• The best protection against many dot cons is protecting your
identity—that is, protecting any identifying information about
you that could be used in fraudulent activities.
CMPTR Chapter 6: Network and Internet Security and Privacy 18
19. Theft of Data, Information, and
Other Resources
• Data theft or information theft is the theft of data or
information located on or being sent from a computer.
• It can be committed by stealing an actual computer, or it can
take place over the Internet or a network by an individual
gaining unauthorized access to that data by hacking into the
computer or by intercepting the data in transit.
CMPTR Chapter 6: Network and Internet Security and Privacy 19
20. Identity Theft, Phishing, and
Pharming
• Identity theft occurs when someone obtains enough
information about a person to be able to masquerade as that
person—usually to buy products or services in that person’s
name.
CMPTR Chapter 6: Network and Internet Security and Privacy 20
21. Identity Theft, Phishing, and
Pharming
• Phishing is the use of a spoofed email message to trick the
recipient into revealing sensitive personal information, such
as credit card numbers.
• More targeted, personalized phishing schemes are known as
spear phishing.
• Pharming is another type of scam that uses spoofed domain
names to obtain
personal information for
use in fraudulent
activities.
CMPTR Chapter 6: Network and Internet Security and Privacy 21
22. Identity Theft, Phishing, and
Pharming
CMPTR Chapter 6: Network and Internet Security and Privacy 22
23. Protecting Against Identity Theft
• In addition to disclosing personal information only when it is
necessary and only via secure Web pages, you should use
security software and keep it up to date.
• To avoid phishing schemes, never click a link in an email
message to go to a secure Web site—always type the URL for
that site in your browser.
• To prevent identity theft, protect your Social Security number
and give it out only when necessary.
CMPTR Chapter 6: Network and Internet Security and Privacy 23
25. Online Auction Fraud and Other
Internet Scams
• Online auction fraud (sometimes called Internet auction
fraud) occurs when an online auction buyer pays for
merchandise that is never delivered, or that is delivered but it
is not as represented.
• The best protection against many dot cons is common sense.
CMPTR Chapter 6: Network and Internet Security and Privacy 25
26. LO6.3: Cyberstalking and Other
Personal Safety Concerns
• Topics Covered:
– Cyberbullying and Cyberstalking
– Online Pornography
– Protecting Against Personal Safety Concerns
CMPTR Chapter 6: Network and Internet Security and Privacy 26
27. Cyberbullying and Cyberstalking
• Two of the most common ways individuals are harassed
online are cyberbullying and cyberstalking.
• Although there are as yet no specific federal laws against
cyberstalking, all states have made it illegal, and some federal
laws do apply if the online actions include computer fraud or
another type of computer crime, suggest a threat of personal
injury, or involve sending obscene email messages.
CMPTR Chapter 6: Network and Internet Security and Privacy 27
28. Online Pornography
• A variety of controversial and potentially objectionable
material is available on the Internet. Although there have
been attempts to ban this type of material from the Internet,
they have not been successful.
• Because of the strong link experts believe exists between child
pornography and child molestation, many experts are very
concerned about the amount of child pornography that can
be found and distributed via the Internet.
CMPTR Chapter 6: Network and Internet Security and Privacy 28
29. Protecting Against Personal Safety
Concerns
• To protect yourself against cyberstalking and other types of
online harassment:
– Use gender-neutral, nonprovocative identifying names.
– Be careful about the types of photos you post of yourself
online and do not reveal personal information to people
you meet online.
– Do not respond to any insults or other harassing
comments you may receive online.
– Consider requesting that your personal information be
removed from online directories, especially those
associated with your email address or other online
identifiers.
CMPTR Chapter 6: Network and Internet Security and Privacy 29
30. LO6.4: Personal Computer Security
• Topics Covered:
– Hardware Loss and Damage
– System Failure and Other Disasters
– Protecting Against Hardware Loss, Hardware Damage, and
System Failure
– Firewalls, Encryption, and Virtual Private Networks (VPNs)
CMPTR Chapter 6: Network and Internet Security and Privacy 30
31. Hardware Loss and Damage
• Hardware loss can occur when a personal computer, USB flash
drive, mobile device, or other piece of hard- ware is stolen or
is lost by the owner.
• One of the most obvious types of hardware loss is hardware
theft, which occurs when hardware is stolen from an
individual or from a business, school, or other organization.
CMPTR Chapter 6: Network and Internet Security and Privacy 31
32. System Failure and Other Disasters
• System failure is the complete malfunction of a computer
system.
• System failure can occur because of a hardware problem,
software problem, or computer virus. It can also occur
because of a natural disaster, sabotage, or a terrorist attack.
CMPTR Chapter 6: Network and Internet Security and Privacy 32
33. Protecting Against Hardware Loss,
Hardware Damage, and System Failure
CMPTR Chapter 6: Network and Internet Security and Privacy 33
34. Protecting Against Hardware Loss,
Hardware Damage, and System Failure
• Full disk encryption (FDE) provides an easy way to protect the
data on an entire computer in case it is lost or stolen.
• A hard drive that uses FDE, which
is often referred to as a self-
encrypting hard drive, typically
needs a username and password
or biometric characteristic before
the computer containing the
drive will boot.
CMPTR Chapter 6: Network and Internet Security and Privacy 34
35. Protecting Against Hardware Loss,
Hardware Damage, and System Failure
• Passwords are secret words or character combinations
associated with an individual.
• Create strong passwords:
– At least 8 characters long
– Combination of upper and lowercase letters, numbers,
and symbols
– Do not form words found in the dictionary or that match
the username that the password is associated with
CMPTR Chapter 6: Network and Internet Security and Privacy 35
36. Protecting Against Hardware Loss,
Hardware Damage, and System Failure
• Proper care of hardware can help prevent serious damage to a
computer system:
– Protective cases
– Ruggedized devices
CMPTR Chapter 6: Network and Internet Security and Privacy 36
37. Protecting Against Hardware Loss,
Hardware Damage, and System Failure
• To protect hardware from
damage due to power
fluctuations, everyone should
use a surge suppressor with a
computer whenever it is
plugged into a power outlet.
• Users who want their desktop
computers to remain
powered up when the
electricity goes off should use
an uninterruptible power
supply (UPS).
CMPTR Chapter 6: Network and Internet Security and Privacy 37
38. Protecting Against Hardware Loss,
Hardware Damage, and System Failure
CMPTR Chapter 6: Network and Internet Security and Privacy 38
39. Firewalls, Encryption, and Virtual
Private Networks (VPNs)
• A firewall is a security system that essentially creates a barrier
between a computer or network and the Internet in order to
protect against unauthorized access.
• Encryption is a method of scrambling the contents of an email
message or a file to make it unreadable if an unauthorized
user intercepts it.
– Secure Web pages use encryption to protect information
transmitted via that Web page.
CMPTR Chapter 6: Network and Internet Security and Privacy 39
40. Firewalls, Encryption, and Virtual
Private Networks (VPNs)
• Private key encryption uses a single secret private key to both
encrypt and decrypt a file or message being sent over the
Internet.
• Public key encryption, also called asymmetric key encryption,
utilizes two encryption keys to encrypt and decrypt
documents.
• While email and file encryption can be used to transfer
individual messages and files securely over the Internet, a
virtual private network (VPN) is designed to be used when a
continuous secure channel over the Internet is needed.
CMPTR Chapter 6: Network and Internet Security and Privacy 40
41. Firewalls, Encryption, and Virtual
Private Networks (VPNs)
CMPTR Chapter 6: Network and Internet Security and Privacy 41
42. LO6.5: Understanding Privacy
Concerns
• Privacy is usually defined as the state of being concealed or
free from unauthorized intrusion.
• The term information privacy refers to the rights of
individuals and companies to control how information about
them is collected and used.
• Topics Covered:
– Databases, Electronic Profiling,
Spam, and Other Marketing Activities
– Protecting the Privacy of Personal Information
– Electronic Surveillance and Monitoring
– Protecting Personal and Workplace Privacy
CMPTR Chapter 6: Network and Internet Security and Privacy 42
43. Databases, Electronic Profiling,
Spam, and Other Marketing Activities
• Marketing databases contain marketing and demographic
data about people, such as where they live and what products
they buy.
• Information about individuals is also available in government
databases.
• Collecting in-depth information about an individual is known
as electronic profiling.
CMPTR Chapter 6: Network and Internet Security and Privacy 43
45. Databases, Electronic Profiling,
Spam, and Other Marketing Activities
• Most businesses
and Web sites that
collect personal
information have a
privacy policy that
discloses how the
personal
information you
provide will be
used.
CMPTR Chapter 6: Network and Internet Security and Privacy 45
46. Databases, Electronic Profiling,
Spam, and Other Marketing Activities
• Spam refers to unsolicited email sent to a large group of
individuals at one time.
CMPTR Chapter 6: Network and Internet Security and Privacy 46
47. Protecting the Privacy of Personal
Information
• For online shopping, signing up for free offers, message
boards, product registration, and other activities that typically
lead to junk email, use a disposable or throw-away email
address (a second address obtained from your ISP or a free
email address from Windows Live Hotmail or Google’s
Gmail).
CMPTR Chapter 6: Network and Internet Security and Privacy 47
48. Protecting the Privacy of Personal
Information
CMPTR Chapter 6: Network and Internet Security and Privacy 48
49. Electronic Surveillance and
Monitoring
• Computer monitoring software: records
keystrokes, log the programs or Web sites
accessed, or otherwise monitors someone’s
computer activity.
• Video surveillance: the use of video cameras to monitor
activities of individuals for work-related or crime-preventions
purposes.
• Employee monitoring: recording or observing the actions of
employees while on the job.
• Presence technology: enables one computing device to locate
and identify the current status of another device on the same
network.
CMPTR Chapter 6: Network and Internet Security and Privacy 49
50. Protecting Personal and Workplace
Privacy
• There are not many options for
protecting yourself against
computer monitoring by your
employer or the government, or
against video surveillance
systems.
• Businesses should take the
necessary security measures to
ensure that employee activities
are not being monitored by a
hacker or other unauthorized
individual.
CMPTR Chapter 6: Network and Internet Security and Privacy 50
51. LO6.6: Network and Internet
Security Legislation
• It’s difficult for the legal system to keep pace with the rate at
which technology changes.
• The high level of concern regarding computer security and
personal privacy has led state and federal legislators to pass a
variety of laws since the 1970s.
CMPTR Chapter 6: Network and Internet Security and Privacy 51
52. LO6.6: Network and Internet
Security Legislation
CMPTR Chapter 6: Network and Internet Security and Privacy 52