Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security and Safety, Ethics and Privacy

Similar presentations

Presentation on theme: "Computer Security and Safety, Ethics and Privacy"— Presentation transcript:

1 Computer Security and Safety, Ethics and Privacy
Chapter 11

2 Computer Security Risks
What is a computer security risk? Any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability. Intentional Breach of Computer Security Computer Crime (illegal act involving a computer) Cybercrime (Online or Internet-based illegal acts)

3 Seven Basic Categories of Cybercrime
Hacker – Access a computer illegally Cracker – Access a computer illegally but has the intent of destroying Script Kiddie – Same intent but not have the technical skills and knowledge Corporate Spies – Hired to break into a computer, steal data info, to help indentify security risks Unethical employees-want to exploit a security weakness

4 Seven Basic Categories of Cybercrime cont..
Cyberextortionist – Use the as a vehicle for extortion Cyberterriorist - Destroy or damage for political reason Both requires a team of highly skilled individuals, millions of dollars and years of planning

5 Common Computer Security Risks
Internet and Network Attacks Unauthorized Access and Use Hardware theft Software theft Information theft System failure

6 Internet and Network Attacks
What are Computer Viruses, worms, Trojan horses and Rootkits? Computer Viruses Potentially damaging computer program Worm A program that copies itself repeatedly, using up resources and possibly shutting down computer or network Trojan Horse Hides within or looks likes a legitimate program until triggered Rootkits Hides in a computer and allows someone from a remote location to take full control

7 Computer Virus, Worms, Trojan Horse and Rootkits
What is Malware? Programs that act without a user’s knowledge and deliberately alters the computer operation. Unscrupulous programmer write malware and then test to ensure it can deliver it payload (destructive event or prank the program is intended to deliver)

8 Malware Delivers Its Payload
When a user: Opens an infected file Runs an infected program Boots the computer with an infected removable media Connect to an unprotected computer Most common way – attachments

9 Safeguards Against Computer Virus
No guarantee methods Some ways to Prevent Viruses Do not start computer with removable disks Never open attachment unless from trusted source Install an Antivirus program Stay informed about new virus and virus hoax

10 Internet and Network Attacks
What is an Antivirus program? Popular Antivirus Programs AVG Anti-Virus avast! Antivirus CA Anti-Virus F-Secure Anti-Virus Kaspersky Anti-Virus McAfee Virus Scan Norton AntiVirus Trend Micro AntiVirus Vexira Antivirus Identifies and removes computer viruses Most also protect against worms, Trojan horses and spyware

11 Internet and Network Attacks
What is a virus signature? Specific pattern of virus code Also called virus definition Antivirus programs look for virus signatures

12 Internet and Network Attacks
How does an antivirus program inoculate a program file? Records information about program such as file s and creation date Uses information to detect if virus tampers with file Quarantines Infected files that cannot remove Attempts to remove any detected virus

13 Internet and Network Attacks
What are a Botnet, denial of service attack, back door and spoofing? A Botnet is a group of comprised computers connected to a network that are used as part of a network that attack other networks A denial of service attack is an assault whose purpose is to disrupt a computer access to an Internet data A back door is a program or set of instruction in a program that allow users to bypass security controls when accessing a computer resource Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network

14 Safegaurd against Botnet, DoS/DDoS attack, Backdoors and Spoofing
Firewalls Protects a network’s resources from intrusion by user on another network Intrusion Detection Software Automatically analyze all network traffic, assess system vulnerabilities, identifies any unauthorized intrusion, and notifies network administration of suspicious behavior pattern. Honeypots A vulnerable computer that is setup to enticed an intruder to break into it

15 Unauthorized Access and Use- Section 2
What is Unauthorized Access and Unauthorized Use? Unauthorized Access – use of a computer in a network without permission Unauthorized Use – the use of a computer or its data for unapproved or possibility illegal activities

16 Safeguard Against Unauthorized Access and Use
Use Written Acceptable Use Policy (AUP) Disable file and printer sharing on your Internet connection Use Firewalls Use Intrusion detection software Identify and authenticate users

17 Identifying and Authentically Users
Access controls (security measure that defines who can access a computer) Maintain an audit trail (records in a file both successful and unsuccessful access attempt) Two – Phase Process Identification – verifies individual is a valid user Authentication – verifies the individual is the person he/she claims to be

18 Three Methods of Identifying and Authenticating
User Names and Passwords Possessed Objects Biometrics Devices

19 Three Methods of Identifying and Authenticating
What are User Names and Passwords? User ID – a unique combination of character that identifies on specific user Password – a private combination of character associated the user name Longer passwords provides greater security CAPTCHA (Completely Automated Public Turing Test to Tell Computer and Humans Apart) Display a series of distorted characters

20 Three Methods of Identifying and Authenticating
What is a Possessed Object? Any items you must carry to gain access to a computer or a computer facility Examples: badges, cards, smart cards and keys Often used with Personal Identification Number (PIN)

21 Three Methods of Identifying and Authenticating
What is a Biometric Devices? Authenticated a person’s identify by translating a personal characteristics into digital codes Examples: Fingerprint readers, hand geometry systems, face recognition system, voice verification system, signature verification system, iris recognition system and retinal scanner

22 Digital Forensics What is Digital Forensics?
Discovery, collection, and analysis of evidence found on computers and networks Involves – examination of computer media, programs, data and log files

23 Hardware Theft and Vandalism
What are hardware theft and hardware vandalism? Hardware Theft – act of stealing computer equipment Vandalism – act of defacing or destroying a computer

24 Safeguards against Hardware Theft and Vandalism
Physical Access Controls Locked doors Install alarms Use cables that lock the equip Real time location system Track and Identify the location of high risk or high value items)

25 Software Theft -Section 3
What is software theft? Occurs when someone Steals software media Intentionally erases programs Illegally copies a program (piracy) Illegally register and/or activates a program

26 Safeguards Against Software Theft
Keep original software box in a secure location Backup files Protect from software piracy License agreement (right to use software) Don’t own the software Most common type of license – single-use license agreement/end-user license agreement (EULA)

27 End-User License Agreement (EULA)
Permitted to: Install the software on one computer Make one copy – Backup Give or sell only if the software is removed Not Permitted to: Install the software on a network Gives copies to friends Export the software Rent or lease the software

28 Software Theft What are some other safeguards against software theft?
Business Software Alliance (BSA) promotes better understanding of software piracy problems Product activation allows user to input product identification number online or by telephone and receive unique installation identification number

29 Information Theft Occurs when someone steals personal or confidential information Safeguards Use user identification and authentication Use encryption techniques

30 Safeguard against Information Theft
What is Encryption? Process of converting readable data into unreadable characters to prevent unauthorized access Encryption Process Readable data – plaintext Scramble data – ciphertext Encryption key – use to encrypt the plaintext

31 Two Basic Types of Encryption Keys
Private Key (symmetric) Both the originator and recipient use the same secret key to encrypt and decrypt data Public Key (asymmetric) Two encryption keys (public and private) A message is encrypted with a public key must be decrypted along with the corresponding private key Popular encryption program – Pretty Good Privacy (PGP)

32 Safeguards Against Information Theft
Digital Certificates- notice that guarantees a user on a web site is legitimate Transport Layer Security- provides encryption of all data that pasts between a client and a Internet server

33 Safeguards Against Information Theft
Secure HTTP – allows users to choose an encryption scheme for data that passes between a client and a Internet server VPN-Virtual Private Network Provide the mobile users with a secure connection to the company network server

34 System Failure What is a system failure?
Prolonged malfunction of computer Can cause loss of hardware, software , or data Caused by aging hardware, natural disaster, or electrical power disturbances Overvoltage or power surge-significant power increase in electrical power Noise-unwanted electrical signal Undervoltage-drop in electrical supply

35 Safeguards What is a surge protectors? Uninterruptible Power Supply
Absorb small overvoltage Not 100% effective Uninterruptible Power Supply A device that contains surge protection circuits and more batteries that can provide power during a temporary or permanent loss of power

36 Backing up – The Ultimate Safety
What is a backup? Duplicate of file, program, or disk Three-generation backup Preserves three copies of important files Full backup all files in computer Selective backup Select which files to back up Store in a fireproof and heat proof safe or vault, offsite

Download ppt "Computer Security and Safety, Ethics and Privacy"

Similar presentations

Ads by Google