9 Network and Internet Security TODAY AND TOMORROW 11 th Edition CHAPTER 1 Chapter 9 Understanding Computers, 11 th Edition.

9 Network and Internet Security

TODAY AND TOMORROW

11th Edition

CHAPTERCHAPTER1Chapter 9 Understanding Computers, 11th Edition

2Chapter 9 Understanding Computers, 11th Edition

Learning Objectives Explain why computer users should be concerned

about network and Internet security. List several examples of unauthorized access,

unauthorized use, and computer sabotage. Explain what risks access control systems, firewalls,

antivirus software, and encryption protect against. Discuss online theft, identity theft, Internet scams,

spoofing, phishing, and other types of dot cons.


Learning Objectives, Cont’d Detail steps an individual can take to protect against

online theft, identity theft, Internet scams, spoofing, phishing, and other types of dot cons.

Identify personal safety risks associated with Internet use.

List steps individuals can take when using the Internet to safeguard their personal safety.

Name several laws related to network and Internet security.


Overview This chapter covers:

Security concerns stemming from the use of computer networks

Safeguards and precautions that can be taken to reduce the risk of problems related to these security concerns

Personal safety issues related to the Internet Legislation related to network and Internet

security


Why Be Concerned about Network and Internet Security?

Security concerns related to computer networks and the Internet abound

Computer crime: illegal act involving a computer, including Breaking through the security of a network Theft of financial assets Manipulating data for personal advantage Act of sabotage (releasing a computer virus,

shutting down a Web server) All computer users should be aware of security

issues and precautions that can be taken


Unauthorized Access, Unauthorized Use, and Computer Sabotage

Unauthorized access: gaining access to a computer, network, file, or other resource without permission; can be committed by Insiders Outsiders

Unauthorized use: using a computer resource for unapproved activities

Code of conduct: rules for behavior, typically by a business or school



Hacking Hacking: using a computer to break into another

computer system; the person doing the hacking is a hacker To steal information To sabotage a system To hijack PCs to generate spam or host Web

sites Social hacking Authorized hacking

Wi-Fi Hacking: gaining access to a computer via a wireless—such as a Wi-Fi (802.11)—network Many Wi-Fi networks are not secured


Hacking War Driving: driving around an area with a Wi-Fi-

enabled computer or mobile device to find a Wi-Fi network to use without authorization


Interception of Communications To gain access to data stored on a computer, some

criminals attempt to hack directly into that computer It is also possible to gain unauthorized access to

content as they are being sent over the Internet The increased use of wireless networks has opened

up new opportunities for data interception Once intercepted, the content can be read, altered, or

otherwise used for unintended purposes


Computer Sabotage Computer sabotage: act of malicious destruction to a

computer or computer resource

Malware: any type of malicious software Computer virus: malicious program embedded in a

file that is designed to cause harm to the computer system

Computer worm: malicious program designed to spread rapidly by sending copies of itself to other computers.

Trojan horse: malicious program that masquerades as something else



Computer Sabotage, Cont’d Denial of service (DoS) attack: act of sabotage that

floods a Web server with so much activity that it is unable to function


Computer Sabotage Data or program alteration: a hacker breaches a

computer system in order to delete data, change data, modify programs, perform cybervandalism, etc.


Protecting Against Unauthorized Access, Unauthorized Use, & Computer Sabotage

A number of security risks can be reduced by: Carefully controlling access to an organization’s

facilities and computer network Using appropriate security software

Reward programs may help reduce computer crime Microsoft’s multimillion-dollar reward fund for

individuals who supply information is leading to the arrest of virus writers


Access Control Systems Access control systems: used to control access to

facilities, computer networks Identification systems: verify that the person trying

to access the facility or system is an authorized user

Authentication systems: determine if the person is who he or she claims to be

Critical to protect data in company databases New PCI standards by credit card companies may

help improve business security procedures


Access Control Systems, Cont’d Types of access control systems

Possessed knowledge access systems—use information that only an individual should know

Passwords (should be strong passwords and changed frequently)

Usernames PINs Can be used in conjunction with other access

systems for two-factor authentication Disadvantage: can be used by an unauthorized

individual


Access Control Systems, Cont’d Types of access control systems, cont’d

Possessed object access systems—use physical objects that an individual has in his or her possession

Magnetic cards Smart cards Encoded badges USB security tokens Disadvantage: can be used by an

unauthorized individual


Access Control Systems, Cont’d Types of access control systems, cont’d

Biometric access systems—use one unique physical characteristic of an individual

Fingerprint Hand geometry Face Iris Advantage: can only be used by the authorized

individual




Access Control Systems, Cont’d Wireless network access considerations

In general, less secure than wired networks Network owners should:

Enable Wi-Fi security procedures (WEP is less secure than WPA)

Turn on encryption Not broadcast the network name Change the default network administrator

password



Firewalls and Antivirus Software Firewall: security system that provides a protective

boundary between a computer or network and the outside world Work by closing down all external communications

port addresses Blocks access to the PC from outside hackers Blocks access to the Internet from programs on

the user’s PC unless authorized by the user Important for home PCs that have a direct Internet

connection as well as for businesses



Firewalls and Antivirus Software, Cont’d

Antivirus software: used to detect and eliminate computer viruses and other types of malware Should be set up to run continuously to check

incoming e-mail messages, instant messages, and downloaded files

Should be set up to scan the entire PC regularly Needs to be updated regularly since new malware

is introduced at all times Best to have the program automatically download

new virus definitions on a regular basis Some programs also scan for other threats, such

as spyware




Encryption and Other Security Tools Encryption: method of scrambling e-mail or files to

make them unreadable

Secure Web servers: use encryption to protect information transmitted via their Web pages Most common is SSL Look for a locked padlock on the status bar and

https:// in the URL Only transmit credit card numbers and other

sensitive data via a secure Web server



Encryption and Other Security Tools, Cont’d

E-mail and file encryption: to protect e-mail messages and files while in transit Encrypted documents are unreadable until they

are decrypted Often implemented using a third-party encryption

program, such as Pretty Good Privacy (PGP) Most common types of encryption Usually uses keys (essentially passwords) Various strengths available; stronger encryption

uses larger keys and is more difficult to crack



Private key encryption: uses a single key Most often used to encrypt files on a PC If used to send files to others, the recipient needs to

be told the key Public key encryption: uses two keys

Public key: can be given to anyone; used to encrypt messages to be sent to that person

Private key: only known by the individual; used to decrypt messages sent that are encrypted with the individual’s public key

Key pairs can be obtained through a Certificate Authority




Virtual private networks (VPNs): path over the Internet that provides authorized users a secure means of accessing a private network Much less expensive than a private secure

network since uses the Internet Used to provide secure access to a company

system by individuals located outside the office


Take Caution with Employees A significant number of security breaches (~50%) are

committed by insiders Taking caution with employees can help avoid security

problems Screen potential new hires carefully Watch for disgruntled employees and ex-

employees Develop policies and controls Ask business partners to review their security to

avoid attacks coming from someone located at that organization


Online Theft, Fraud, and Other Dot Cons

Dot con: A fraud or scam carried out through the Internet

Data theft or information theft can be committed by Stealing an actual PC A hacker gaining unauthorized access Includes personal data, proprietary corporate

information, and money Identity theft: using someone else’s identity to

purchase goods or services, obtain new credit cards or bank loans, or illegally masquerade as that individual Expensive and time consuming to recover from



Online Theft, Fraud, and Other Dot Cons, Cont’d

Online auction fraud: when an item purchased through an online auction is never delivered, or the item is not as specified by the seller

Internet offer scams: a wide range of scams offered through Web sites or unsolicited e-mails

Spoofing: making it appear that an e-mail or a Web site originates from somewhere other than where it really does

Phishing: use of spoofed e-mail messages to gain credit card numbers and other personal data; after victim clicks a link in the message, they transmit information to the thief



Online Theft, Fraud, and Other Dot Cons, Cont’d

Spyware: program installed without the user’s knowledge that secretly collects information and sends it to an outside party via the Internet Can be installed with another program (particular

freeware programs) Can be installed by clicking a link in a phishing e-

mail message Can be installed by visiting a Web site Security risk if transmits personal data that can be

used in identity theft or other illegal activities Can also slow down a PC or make it malfunction


Protecting Against Online Theft, Fraud, and Other Dot Cons

Protecting against identity theft Do not give out personal information (Social

Security number, mother’s maiden name, etc.) unless absolutely necessary

Never give out sensitive information over the phone or by e-mail

Shred documents containing sensitive data, credit card offers, etc.

Don’t place sensitive outgoing mail in your mailbox Watch your bills and credit report to detect identity

theft early


Protecting Against Online Theft, Fraud, and Other Dot Cons, Cont’d

Protecting against other dot cons Use common sense Check online auction seller’s feedback before

bidding Pay for online purchases via a credit card so

transactions can be disputed if needed Never respond to e-mail request for updated credit

card information Never click a link in an unsolicited e-mail Keep your browser and operating system up to

date




Protecting against spyware Check Web

sites that list known spyware programs before downloading a program

Run antispyware programs regularly



Digital signature: unique digital code that can be attached to an e-mail message or document Can be used to verify the identity of the sender Can be used to guarantee the message or file has

not been changed Uses public key encryption

Document is signed with the sender’s private key; they key and the document create a unique digital signature

Signature is verified using the sender’s public key



Digital certificate: group of electronic data that can be used to verify the identity of a person or organization Obtained from a Certificate Authority Typically contains identity information about the

person or organization and a pair of keys to be used with encryption and digital signatures

Are also used with secure Web sites to guarantee that the site is secure and actually belongs to the stated individual or organization


certificate


Personal Safety Issues Cyberstalking: repeated threats or harassing

behavior via e-mail or another Internet communications method Can include:

Sending harassing e-mail messages to the victim

Sending unwanted files to the victim Posting inappropriate messages about the

victim Signing the victim up for offensive materal Publicizing the victim’s contact information


Personal Safety Issues Online pornography

Concern for parents and schools Difficult to stop due to constitutional rights Online pornography involving minors is illegal Link between online pornography and child

molestation Internet can make it easier to arrange dangerous

meetings between predators and children


Protecting Against Cyberstalking and Other Personal Safety Concerns

Safety tips for adults Be cautious in chat rooms, discussion groups Use gender-neutral, nonprovocative names Do not reveal personal information Do not respond to insults or harassing comments

Safety tips for children Parents should monitor Internet activities Have children use a PC in a family room They should be told which activities are allowed Instruct them to tell a parent of a request for

personal information or a personal meeting


Network and Internet Security Legislation

It is difficult for the legal system to keep pace with the rate at which technology changes

There are domestic and international jurisdictional issues

Computer crime legislation continues to be proposed and computer crimes are being prosecuted

Computer Fraud and Abuse Act is the main piece of legislation related to computer crimes


Summary Why Be Concerned about Network and Internet Security? Unauthorized Access, Unauthorized Use, and Computer

Sabotage Protecting Against Unauthorized Access, Unauthorized

Use, and Computer Sabotage Online Theft, Fraud, and Other Dot Cons Protecting Against Online Theft, Fraud, and Other Dot

Cons Personal Safety Issues Protecting Against Cyberstalking and Other Personal

Safety Concerns Network and Internet Security Legislation

9 Network and Internet Security TODAY AND TOMORROW 11 th Edition CHAPTER 1 Chapter 9 Understanding Computers, 11 th Edition.

Documents