Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 11 Computer Crime and Information Security

Published byAldous Parks Modified over 10 years ago

Similar presentations

Presentation on theme: "Chapter 11 Computer Crime and Information Security"— Presentation transcript:

1 Chapter 11 Computer Crime and Information Security
Information Security and Vulnerability Machine-Level Security Network Security Wireless Network Security Internet Security Please discontinue use of cell phone and turn off ringer

2 Information Security Overview
All computer systems are vulnerable to attack. Most are already infected and/or compromised, including PCs used by most students in this class. It is only going to get worse. Two-thirds of Internet experts expect a devastating attack on the Internet between now and 2015. For more info…

3 Total Information Security
Total Information Security involves securing all components of the global digital information infrastructure. Personal Computers Business Computer Systems Government Systems International Systems Participation by EVERYONE is important and difficult to gain! See what the White House has to say on the subject at

4 Total Information Security
To achieve total information security, we must examine security in layers. Users are at the heart of total information security. Risks increase with each expanding layer. USER Network Internet Machine

5 11.1 Information Security and Vulnerability
What is at stake and what are the threats? Key Terms Information Security Identity Theft Intellectual Property Intellectual Property Rights Cyberterrorism Security Holes Software Patches Piracy Plagiarism Hacker Computer Forensics

6 What’s at Stake?

7 At stake: Personal Private Information
What would concern you most if a person who wished to do you harm had full control of your PC? What personal information do you consider private? Depending on the circumstance, private information may include your: Name Photo Phone number Address Birthday Social Security Number Bank Account Number Credit Card Number College Transcripts Financial Status Medical Records Religious affiliation Political affiliation All too common headlines… “Hackers attacked computer servers of a California university and may have gained access to the personal information of 59,000 people affiliated with the school…”

8 Identity Theft Identity theft is the criminal act of using stolen information about a person to assume that person’s identity, typically for financial gain. Source:

9 At stake: Intellectual Property
Intellectual property refers to a product of the mind or intellect over which the owner holds legal entitlement. Intellectual property rights concern the legal ownership and use of intellectual property such as software, music, movies, data, and information. Intellectual property is legally protected through copyright, trademark, trade secret, and patent

10 At stake: Organizational Information
For many businesses, the information it processes and stores is highly valuable and key to its success. Business intelligences is the process of gathering and analyzing information in the pursuit of business advantage. Competitive intelligence is concerned with gathering information about competitors. Counterintelligence is concerned with protecting one’s own information from access by the competition. Biggest security threats to businesses in order of frequency: Virus Insider abuse of Internet access Laptop theft Unauthorized access by insiders Denial-of-service attacks System penetration Theft of proprietary info Sabotage Financial fraud Telecommunications fraud Active wiretap

11 At stake: National and Global Security
Food for thought… The Internet is a powerful tool both for those who wish to build bridges between distant cultures and those that wish to tear them down. Cyberterrorism is a form of terrorism that uses attacks over the Internet to intimidate and harm a population. Washington, June 8, 2006 – Over the last two years, Abu Musab al-Zarqawi established the Web as a powerful tool of the global jihad, mobilizing computer-savvy allies who inspired extremists in Iraq and beyond with lurid video clips of the bombings and beheadings his group carried out. China Hacking: The Cyber Cold War

12 What are the threats?

13 Threat: Software and Network Vulnerabilities
Security holes are software bugs that allow violations of information security. Software patches are corrections to the software bugs that cause security holes. Food for thought… Perfect software would be impossible to hack. All too common headlines… “Microsoft warned on Tuesday of seven newly found flaws in its software that could allow an attacker to steal data and take over a personal computer running the Windows operating system…” Microsoft’s Trustworthy Computing

14 Threat: User Negligence

15 Threat: Pirates and Plagiarists
Piracy involves the illegal copying, use, and distribution of digital intellectual property such as software, music, and movies. Plagiarism involves taking credit for someone else’s intellectual property, typically a written idea, by claiming it as your own. Food for thought… The annual cost of piracy in is estimated to be: $4.2 billion for the music industry $6.1 billion for the motion picture industry $33 billion for the software industry

16 The problem with pirating MP3 music files
ARTIST 1 2 3 4 5 6 $ Traditional Music Distribution Consumers ARTIST 1 2 3 4 5 6 $ When consumers become distributors

17 A Complex Problem 1 2 3 4 5 6  $ Record Label Artist Online Store
Consumers

18 One Possible Evolution
Artist 1 2 3 4 5 6 $ Consumers

19 Threat: Hackers, Crackers, Intruders, and Attackers
The terms hacker, cracker, intruder, and attacker are all used to label an individual who subverts computer security without authorization. There are all types of hackers, not all are considered to behave unethically. Hackers On Planet Earth Computer forensics is the process of examining computing equipment to determine if it has been used for illegal unauthorized or unusual activities.

20 Securing all components of the global digital information infrastructure is referred to as ________________. Credit card companies interested in protecting customers from _______________ watch for purchases that are out of the ordinary and notify the customer to confirm that the purchase was not made by a thief. Music, software, designs, artwork, and literature are all forms of _____________ that are typically protected by copyright or trademark. Hackers make use of _________________ to gain illegal access to computer systems. If you purchase and download an MP3 song from Amazon.com, then the MP3 file to a friend you are ________________. Review

21 11.2 Machine-Level Security
Considerations for computers as stand-alone entities Username Password Biometrics Encryption Key Terms

22 Protecting a Stand-alone PC
Computers not connected to a network can only be attacked through physical presence. Keeping the PC in a locked room would be the first method of protection. The next method involves positively identifying the person accessing the machine through authentication. Something you know (i.e. password) Something you have (i.e. card-swipe) Something about you (i.e. fingerprint)

23 Passwords A username identifies the user to the computer system.
A password is a combination of characters known only to the user and used for authentication. For a password to be effective it should be: strong by including words that are unrelated to your interests, and include upper and lowercase letters, numbers, and symbols unique – don’t use the same password for your bank account as you do for your account changed regularly – change your password twice a year

24 ID Devices and Biometrics
Security ID cards and tokens, “something you have” authentication, are used in some corporations to protect access to restricted areas and computer systems. Biometrics is the science and technology of authentication by scanning and measuring a person’s unique physical features such as fingerprints, retinal patterns, and facial characteristics. More about tokens: Check out Face Recognition

25 Encryption Encryption is a security technique that uses high-level mathematical functions and computer algorithms to encode data so that it is unintelligible to all but the intended recipient. Data stored on a PC can be encrypted and set so that a second password is required to decrypt it. Demo: Encrypting a PPT file (tools > options > security) More on Encryption:

26 Backing Up Data and Systems
Food for thought… A recent study showed that only 57% of computer users back up stored data including digital photos, personal documents, work documents, music, and financial records. DO YOU BACKUP? HAVE YOU LOST DATA DUE TO HARDWARE FAILURE? The most common cause of data loss is hardware failure. The best protection against such loss is to follow regular backup procedures. Available backup services include: System utilities that back up selected files to compressed archives stored on secondary storage media or another computer on the network. Mirroring which saves files to two locations to create exact duplicates. Apple Time Capsule Internet services that perform scheduled, automated uploads of your valuable files to servers for safe keeping (

27 Review Which of the following is NOT a safe password practice
select a strong password change your password regularly use the same password for different accounts don’t write your password down London’s Heathrow airport has implemented ____________ through the use of a retinal scanner that checks the identity of workers as they clock into work. Through the use of _____________ files can be rendered unreadable while stored or in transit over a network. The one action that can save your data from being destroyed by hackers, viruses, system and hardware crashes, and spyware is _______________. Review

28 11.3 Network Security

29 User Permissions User Permissions refers to the access privileges afforded to each network user in terms of who is able to read, write, and execute a file, folder, or drive. Files and folders are assigned user and group ownership.

30 User Permissions Mac OS X Different operating systems have differing ways of handling user permissions. UNIX Windows XP (home)

31 Interior Threats Interior threats refer to dangers to network resources from legitimate users. They include: Threats to System Health and Stability Information Theft Safeguards include a the use of security and usage policies. FSU Network Usage Policies:

32 11.4 Wireless Network Security

33 Wireless Fidelity (Wi-fi)
Wi-fi is the widely used wireless networking standard that makes use of access points to connect devices to networks. Newly purchased access points typically have no security features enabled making it easy for any wireless device to connect. Access Point Network line More on Wi-fi in CH5

34 Threats to Wireless Networks
Cable Modem Wireless Access Point / Router To Cable Co. Z Cable Modem Wireless Access Point / Router Neighbors Internet Hackers The Internet

35 Threats to Wireless Networks
Cable Modem Wireless Access Point / Router To Cable Co. Z Cable Modem Wireless Access Point / Router Neighbors Internet Hackers Passers by The Internet

36

37 Securing a Wireless Network
An Access Point can be configured, and security features enabled, through a simple Web interface using a computer connected to the access point.

38 Securing a Wireless Network
Use the Access Points configuration utility to: Disable the Access Point’s broadcasting to make the access point invisible to the general public. Change the Access Point’s password from the default. Set the Access Point to only allow certain computers (MAC addresses) to connect. Encrypt data being sent over the network with WEP or WPA. Use Internet security software and practices discussed in the next section.

39 11.5 Internet Security Key Terms Firewall Virus Worm
Antivirus Software Key Terms Spyware Zombie Computer Antispyware Internet Fraud Phishing Virus Hoax

40 Hacking Tools and Methods
Key-logging software Packet-sniffing software Port scanning software Social engineering

41 Why Do Hackers Hack? As a hobby and challenge
To inflict malicious vandalism To gain a platform for anonymous attacks Distributed Denial-of-service DDoS Attacks To steal valuable information and services To Spy on someone “Hackers have turned toward more criminal and lucrative areas of directing attacks to specific individuals or organizations, often financially, competitively, politically or socially motivated.”

42 Defending Against Hackers
A firewall is network hardware and software that examines all incoming data packets and filters out ones that are potentially dangerous. All Windows users should protect their network connection with a firewall. ~demo Demo Steps: Windows Start > Connect To > Show all connections > Right-click a connection > Properties > Advanced > Windows Firewall Firewall software from McAfee and Symantec are considered to be more robust than Windows Firewall. This McAfee screen shot shows several attacks on this PC over the course of one day.

43 Viruses and Worms A virus is a program that attaches itself to a file, spreads to other files, and delivers a destructive action called a payload. There are many types of viruses A worm does not attach itself to other files but rather acts as a free agent, replicating itself numerous times in an effort to overwhelm systems. Worms and viruses are often spread through the Web, , chat, and file-sharing networks Viruses and worms are considered malicious software, or malware, Check out the latest malware at

44 Viruses and Worms Yeah right! This didn’t come from Microsoft. The attachment is not a patch, nor an innocent text file (as it appears) but an executable file containing a virus.

45 Defending Against Viruses and Worms
Don’t open or IM attachments that come from friends or strangers unless they are expected and inspected by antivirus software. Keep up with software patches for your operating system, your Web browser, your and IM software. Use caution when exploring Web sites created and maintained by unknown parties. Avoid software from unknown sources. Stay away from file-sharing networks; they do not protect users from dangerous files that are being swapped Knowledge and caution play a big part in protecting PCs against viruses and worms: Antivirus software, also known as virus scan software, uses several techniques to find viruses on a computer system, remove them if possible, and keep additional viruses from infecting the system.

46 Spyware, Adware, and Zombies
Spyware is software installed on a computer without the user’s knowledge to either monitor the user or allow an outside party to control the computer. The Internet service provider Earthlink said it uncovered an average of 28 spyware programs on each of its member’s PCs that were scanned Adware is spyware that displays advertisements.

47 Zombies A computer that carries out actions (often malicious) under the remote control of a hacker either directly or through spyware or a virus is called a zombie computer. Experts say hundreds of thousands of computers are added to the ranks of zombies each week.

48 Zombies Zombie computers can join together to form zombie networks (botnet). Zombie networks apply the power of multiple PCs to overwhelm Web sites with distributed denial-of-service attacks, to crack complicated security codes, or to generate huge batches of spam. It has been estimated that 80 to 90 percent of spam originates from zombie computers. Storm worm botnet for rent

49 Defending Against Spyware
Antispyware is software that searches a computer for spyware and other software that may violate a user’s privacy, allows the user to remove it, and provides continuing protection against future attacks.

50 Scams, Spam, Fraud, and Hoaxes

51 Scams, Spam, Fraud, and Hoaxes
Internet fraud is the crime of deliberately deceiving a person over the Internet in order to damage them and to obtain property or services from him or her unjustly. A phishing scam combines both spoofed and a spoofed Web site in order to trick a person into providing private information. Spoofing is the act of assuming the identity of another person or organization typically through or on the Web.

52 Classic Phishing Is this from legitimate? If you clicked the link it would take you to a spoofed Citibank Webpage that looks like the real thing, and ask you to supply personal information like your username and password. Holding the mouse pointer over the link in the original shows that it really links to most likely a hacker’s Website.

53 Scams, Spam, Fraud, and Hoaxes
Spam is the unsolicited junk mail that makes up more than 60 percent of today’s . A virus hoax is an that warns of a virus that doesn’t exist.

54 Scams, Spam, Fraud, and Hoaxes
The that has gotten thousands of Windows users to trash their own systems… The objective of this is to warn all Hotmail users about a new virus that is spreading by MSN Messenger. The name of this virus is jdbgmgr.exe and it is sent automatically by the Messenger and by the address book too. The virus is not detected by McAfee or Norton and it stays quiet for 14 days before damaging the system. The virus can be cleaned before it deletes the files from your system. In order to eliminate it, it is just necessary to do the following steps: 1. Go to Start, click "Search" 2.- In the "Files or Folders option" write the name jdbgmgr.exe 3.- Be sure that you are searching in the drive "C" 4.- Click "find now" 5.- If the virus is there (it has a little bear-like icon with the name of jdbgmgr.exe DO NOT OPEN IT FOR ANY REASON 6.- Right click and delete it (it will go to the Recycle bin) 7.- Go to the recycle bin and delete it or empty the recycle bin. IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT CAN CAUSE ANY DAMAGE.

55 Scams, Spam, Fraud, and Hoaxes
The that has gotten thousands of Windows users to trash their own systems… Think again! Do the search. Oh no! I’ve got the Teddy Bear virus! Better delete it! That file with the silly little Teddy bear icon is actually a necessary system file in Windows! For more on this topic check out

56 Defending Against Scams, Spam, Fraud, and Hoaxes
To avoid phishing scams, do not click links received in . Exam Web addresses closely to make sure that they are legitimate. Submit form data only from Web pages that have a secure connection ( Do not believe any virus warning unless it comes from a verifiable source. Use common sense and be wary of offers too good to be true.

57

58 Windows Security Suites
Another option… Security experts at Sophos recommend that home Windows users switch to Macs. From the 2006 Sophos Security Threat Management Report: “The vast majority of malware continues to be written for Windows…It seems likely that Macs will continue to be the safer place for computer users for some time to come - something that home users may wish to consider if they're deliberating about the next computer they should purchase."

59 By default, Wi-fi access points are set up with what level of security enabled?
Which of the following is NOT necessary to keep a Windows PC safe from attack: Use a Firewall Use Antivirus and Antispyware software Use a pop-up blocker and spam filter Install Windows updates Most PCs have ____________ installed working secretly in the background, without the user’s knowledge, sending spam and carrying out other hacker activities. Many of today’s most notorious cybercrimes are carried out by __________ computers working together in a botnet. If you receive an from a financial institution requesting that you “click the link” to access your account and check your account information, it is probably part of _______________. Review Provide a brief review of keyterms:Firewall, Virus, Worm, Antivirus Software, Spyware, Zombie Computer, Antispyware, Internet Fraud, Phishing, Virus Hoax

60 Chapter 11 Questions? Don’t forget to turn your phone on!!

Download ppt "Chapter 11 Computer Crime and Information Security"

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
How to protect yourself, your computer, and others on the internet

How to protect yourself, your computer, and others on the internet
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
The Internet.

The Internet.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.

Computer Ethics Ms. Scales. Computer Ethics Ethics  the right thing to do Acceptable Use Policy  A set of rules and guidelines that are set up to regulate.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
… refers to the protection of information systems and the information they manage against unauthorized access, use, manipulation, or destruction, and against.

… refers to the protection of information systems and the information they manage against unauthorized access, use, manipulation, or destruction, and against.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing Email that bites Paying for Privacy Pirates.

MIS PERSONAL, LEGAL, ETHICAL, AND ORGANIZATIONAL ISSUES OF INFORMATION SYSTEMS CHAPTER 4 Hossein BIDGOLI Phishing that bites Paying for Privacy Pirates.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
CYBER CRIME AND SECURITY TRENDS

CYBER CRIME AND SECURITY TRENDS

Similar presentations

Ads by Google