1.
Computer Security and Privacy

2.
Terms <ul><li>Computer security risk </li></ul><ul><li>Computer crime </li></ul><ul><li>Cybercrime </li></ul><ul><li>Hacker </li></ul><ul><li>Cracker </li></ul><ul><li>Script kiddie </li></ul><ul><li>Corporate spy </li></ul><ul><li>Unethical employee </li></ul><ul><li>Cyberextortionist </li></ul><ul><li>Cyberterrorist </li></ul><ul><li>Back doors </li></ul><ul><li>spoofing </li></ul><ul><li>Virus </li></ul><ul><li>Worm </li></ul><ul><li>Trojan horse </li></ul><ul><li>Malware </li></ul><ul><li>Payload </li></ul><ul><li>Virus signature/virus definition </li></ul><ul><li>Quarantine </li></ul><ul><li>Virus hoax </li></ul><ul><li>Botnets </li></ul><ul><li>Denial of service attacks </li></ul>

3.
Computer Security Risks <ul><li>Computer security risk – any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing. </li></ul><ul><li>Computer crime – any illegal act involving a computer. </li></ul><ul><li>Cybercrime – online or Internet-based illegal acts </li></ul>

4.
Cyber Crime Categories <ul><li>Hacker – someone who accesses a computer or network illegally. </li></ul><ul><ul><li>Claims intent is to improve security </li></ul></ul><ul><li>Cracker – someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious action. </li></ul>

5.
<ul><li>Script kiddie –Often are teenagers that use prewritten hacking and cracking programs to break into computers </li></ul><ul><ul><ul><li>has the same intent as a cracker </li></ul></ul></ul><ul><ul><ul><li>does not have the technical skills and background. </li></ul></ul></ul><ul><li>Corporate spies – are hired to break into a specific computer and steal its proprietary data and information </li></ul><ul><ul><ul><li>Have excellent computer and network skills </li></ul></ul></ul>Cyber Crime Categories

6.
<ul><li>Unethical employees – break into their employers ‘ computers for a variety of reasons </li></ul><ul><ul><li>1) To exploit a security weakness; 2) seek financial gains from selling confidential information; 3) disgruntled employees seek revenge </li></ul></ul><ul><li>Cyberextortionist – someone who uses e-mail as a vehicle for extortion. </li></ul><ul><ul><li>Send a company a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack that will compromise the company’s network—if they are not paid a sum of money </li></ul></ul>Cyber Crime Categories

7.
<ul><li>Cyberterrorist – uses the Internet or network to destroy or damage computers for political reasons. </li></ul><ul><ul><li>Usually require a team of highly skilled individuals, millions of dollars, and several years of planning </li></ul></ul>Cyber Crime Categories

8.
Internet and Network Attacks <ul><li>Attacks that jeopardize security include computer viruses, worms, and Trojan horses; botnets; denial of service attacks; back doors; and spoofing. </li></ul><ul><li>Virus – a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission </li></ul><ul><li>Worm –a program that copies itself repeatedly </li></ul><ul><li>Trojan horse – a program that hides within or looks like a legitimate program. </li></ul>

9.
<ul><li>Virus, worms, Trojan horse are classified as malware. </li></ul><ul><li>Malware (malicious software) – program that act without a user’s knowledge and deliberately alter the computer’s operation </li></ul><ul><li>Payload – the destructive event or prank the program is intended to deliver. </li></ul>Internet and Network Attacks

10.
Symptoms of a computer affected by virus, worm or Trojan horse <ul><li>Screen displays unusual message or image </li></ul><ul><li>Available memory is less than expected </li></ul><ul><li>Files become corrupted </li></ul><ul><li>Unknown programs or files mysteriously appear </li></ul><ul><li>Music or unusual sound plays randomly </li></ul><ul><li>Existing programs and files disappear </li></ul><ul><li>Programs or files do not work properly </li></ul><ul><li>System properties change </li></ul>

11.
Safeguards against viruses, worms, and Trojan horses <ul><li>Don’t start with removable media </li></ul><ul><ul><li>CDs, DVDs, and USB flash drives </li></ul></ul><ul><li>Never open an e-mail from an unknown source </li></ul><ul><li>Never open an e-mail attachment unless you are expecting the attachment </li></ul><ul><li>Set macro security level to medium </li></ul><ul><li>Stay informed about new virus alerts and virus hoaxes. </li></ul>

12.
<ul><li>Install antivirus program and update it frequently </li></ul><ul><ul><li>How antivirus programs work </li></ul></ul><ul><ul><ul><li>Look for virus signatures/virus definitions —a known specific pattern of virus code. </li></ul></ul></ul><ul><ul><ul><li>Quarantine infected file </li></ul></ul></ul>Safeguards against viruses, worms, and Trojan horses

13.
Network and Internet Security Risks <ul><li>Denial of service attack (DoS) hackers run multiple copies of a program to flood it and shut it down. </li></ul>

14.
<ul><li>Back Doors </li></ul><ul><ul><li>A program or set of instructions in a program that allows users to bypass security controls when accessing a program, computer, or network. </li></ul></ul><ul><li>Spoofing </li></ul><ul><ul><li>fooling another computer by pretending to send packets from a legitimate source </li></ul></ul>Network and Internet Security Risks

15.
Safeguards against DoS Attacks, Back Doors, and IP Spoofing <ul><li>Firewalls </li></ul><ul><ul><li>allows normal Web browser operations but prevents other types of communication </li></ul></ul><ul><ul><li>checks incoming data against a list of known sources </li></ul></ul><ul><ul><li>data rejected if it does not fit a preset profile </li></ul></ul>

16.
<ul><li>Intrusion Detection Software </li></ul><ul><ul><li>Automatically analyzes all network traffic, assesses system vulnerabilities </li></ul></ul><ul><ul><li>Identifies any unauthorized access (intrusions) </li></ul></ul><ul><ul><li>Notifies network administrators of suspicious behavior patterns or system breaches </li></ul></ul>Safeguards against DoS Attacks, Back Doors, and IP Spoofing

17.
Safeguards Against Unauthorized Access And Use <ul><li>Access control </li></ul><ul><ul><li>A security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer. </li></ul></ul><ul><li>Audit trail </li></ul><ul><ul><li>Records in a file both successful and unsuccessful access attempts. </li></ul></ul><ul><li>User Name and passwords </li></ul><ul><ul><li>Longer passwords provide better security </li></ul></ul>

18.
Password Protections Average Time to Discover Number of Characters Possible Combinations Human Computer 1 36 3 minutes .0000018 seconds 2 1,300 2 hours .00065 seconds 3 47,000 3 days .02 seconds 4 1,700,000 3 months 1 second 5 60,000,000 10 years 30 seconds 10 3,700,000,000,000,000 580 million years 59 years

19.
<ul><li>Possessed Objects </li></ul><ul><ul><li>Any item that you must carry to gain access to a computer or computer facility. (Examples: badges, cards, smart cards & key) </li></ul></ul><ul><ul><li>Often are used in combination with personal identification numbers. </li></ul></ul><ul><li>Biometric Devices </li></ul><ul><ul><li>Authenticates a person’s identify by translating a personal characteristics, such as a fingerprint, into a digital code that is then compared with a digital code stored in the computer to verify a physical or behavioral characteristic </li></ul></ul>Safeguards Against Unauthorized Access And Use

20.
Lets Review <ul><li>A back door attack is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. </li></ul><ul><ul><li>Answer </li></ul></ul><ul><ul><li>Denial of service </li></ul></ul>

21.
Lets Review <ul><li>2. All networked and online computer users should implement a firewall solution. </li></ul>Answer Yes, because a firewall protects a network’s resources from intrusion (software or hardware) by users on another network.

22.
Lets Review <ul><li>3. Computer viruses, worms, and Trojan horses are malware that act with a user’s knowledge. </li></ul>Answer Are classified as malware, but acts with out a user’s knowledge and deliberately alters the computer’s operations.

23.
Lets Review <ul><li>4. Shorter passwords provide greater security than longer ones. </li></ul>Answer The longer the password, the more effort required to discover it.

24.
Lets Review <ul><li>5. Updating an antivirus program’s quarantine protects a computer against viruses written since the antivirus program was released. </li></ul>Answer Updating an antivirus program’s signature files protects a computer against viruses written since the antivirus program was release.

25.
Theft and Vandalism <ul><li>Hardware </li></ul><ul><ul><li>Locking doors/windows </li></ul></ul><ul><ul><li>Install alarm systems </li></ul></ul><ul><ul><li>Using cables to lock computers to stationary object </li></ul></ul><ul><ul><li>Install a mini-security system </li></ul></ul><ul><li>Software piracy —unauthorized and illegal duplication of copyrighted software. </li></ul><ul><ul><li>License agreement </li></ul></ul>

26.
License Agreement <ul><li>Are permitted to </li></ul><ul><ul><li>Install on only one computer </li></ul></ul><ul><ul><li>Make one copy of the software as a backup </li></ul></ul><ul><ul><li>Give or sell the software to another individual, but only is the software is removed from the user’s computer first. </li></ul></ul><ul><li>Not allowed to: </li></ul><ul><ul><li>Install the software on a network, such as a school computer lab </li></ul></ul><ul><ul><li>Give copies to friends and colleagues, while continuing to use the software </li></ul></ul><ul><ul><li>Export the software </li></ul></ul><ul><ul><li>Rent or lease the software </li></ul></ul>

27.
Theft <ul><li>Information – occurs when someone steals personal or confidential information. </li></ul><ul><ul><li>Encryption—the process of converting readable data into unreadable characters to prevent unauthorized access. </li></ul></ul><ul><ul><ul><li>Plaintext--Unencrypted, readable data </li></ul></ul></ul><ul><ul><ul><li>Ciphertext—is the scrambled (encrypted) data </li></ul></ul></ul><ul><ul><ul><li>Encryption key—a programmed formula that the recipient of the data uses to decrypt ciphertext. </li></ul></ul></ul>

28.
Security Risk <ul><li>System failure – the prolonged malfunction of a computer </li></ul><ul><ul><li>Safeguards </li></ul></ul><ul><ul><ul><li>Surge protectors </li></ul></ul></ul><ul><ul><ul><li>Uninterruptible power supply (UPS) </li></ul></ul></ul><ul><li>Backup files </li></ul>

29.
Let’s Review <ul><li>True or False. An end-user license agreement (EULA) permits users to give copies to friends and colleagues, while continuing to use the software. </li></ul>Answer False, Does not permit users to give copies to friends and colleagues, while continuing to use the software.

30.
<ul><li>True or False. Encryption is a process of converting ciphertext into plaintext to prevent authorized access. </li></ul>Let’s Review Answer False. Converting plaintext into ciphertext

31.
<ul><li>3. True or False. Mobile users are not susceptible to hardware theft. </li></ul>Let’s Review Answer False. They are susceptible

32.
<ul><li>4. True or False. To prevent against data loss caused by a system failure, computer users should restore files regularly. </li></ul>Let’s Review Answer Backup files regularly

33.
Did You Know? The penalty for copying software can be up to $250,000, five years in prison , or both?

34.
Security Strategies for Protecting Computer Systems and Data <ul><li>Network Sniffer </li></ul><ul><li>displays network traffic data </li></ul><ul><li>shows which resources employees use and Web sites they visit </li></ul><ul><li>can be used to troubleshoot network connections and improve system performance </li></ul>