COMPUTER SECURITY AND SAFETY, ETHICS, AND PRIVACY Slides By Rana Usman Sattar Student Of BBA(Hons) PMAS Arid Agriculture University Rawalpindi Gmail: [email protected] Facebook: [email protected]
COMPUTER SECURITY ANDSAFETY, ETHICS, AND PRIVACY
Slides By Rana Usman SattarStudent Of BBA(Hons)PMAS Arid Agriculture University RawalpindiGmail: [email protected]: [email protected]
COMPUTER SECURITY RISKS
A computer security risk is any event oraction that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
While some breaches to computer security are accidental, many are intentional.
COMPUTER SECURITY RISKS
An intentional breach of computer securityoften involves a deliberate act that is againstthe law.
Any illegal act involving a computergenerally is referred to as a computer crime.
The term cybercrime refers to online orInternet-based illegal acts. Software used bycybercriminals sometimes is called crimeware.
COMPUTER SECURITY RISKS
Perpetrators of cybercrime and other intrusions fall into seven basic categories:
COMPUTER SECURITY RISKS
The term hacker, although originally acomplimentary word for a computerenthusiast, now has a derogatory meaningand refers to someone who accesses acomputer or network illegally.
A cracker also is someone who accessesa computer or network illegally but hasthe intent of destroying data, stealinginformation, or other malicious action
COMPUTER SECURITY RISKS
A script kiddie has the same intent as acracker but does not have the technical skillsand knowledge.
COMPUTER SECURITY RISKS
Some corporate spies have excellentcomputer and networking skills and arehired to break into a specific computer andsteal its proprietary data and information, orto help identify security risks in their ownorganization.
Unethical employees may break into theiremployers’ computers for a variety of reasons.
COMPUTER SECURITY RISKS
A cyberextortionist is someone who usese-mail as a vehicle for extortion. Theseperpetrators send an organization athreatening e-mail message indicating theywill expose confidential information, exploita security flaw, or launch an attack
A cyberterrorist is someone who uses theInternet or network to destroy or damagecomputers for political reasons
INTERNET AND NETWORK ATTACKS A computer virus is a potentially damaging
computer program that affects, or infects, acomputer negatively by altering the waythe computer works without the user’sknowledge or permission
A worm is a program that copies itselfrepeatedly, for example in memory or on anetwork, using up resources and possiblyshutting down the computer or network.
INTERNET AND NETWORK ATTACKS A Trojan horse (named after the
Greekmyth) is a program that hides within or lookslike a legitimate program.
A rootkit is a program that hides in a computer and allows someone from a remote location to take full control of the computer.
BOTNETS
A botnet is a group of compromisedcomputers connected to a network such as theInternet that are used as part of a network thatattacks other networks, usually for nefariouspurposes.
A bot is a program that performs a repetitivetask on a network. Cybercriminals installmalicious bots on unprotected computers tocreate a botnet.
DENIAL OF SERVICE ATTACKS
A denial of service attack, or DoS attack, is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail.
A more devastating type of DoS attack is theDDoS (distributed DoS) attack, in which a zombie army is used to attack computers or computer networks.
BACK DOORS
A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network Once perpetrators gain access to unsecure computers, they often install a back door or modify an existing program to include a back door, which allows them to continue to access the computer remotely without the user’s knowledge.
SPOOFING
Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network.
E-mail spoofing IP spoofing
SAFEGUARDS AGAINST BOTNETS, DOS/DDOATTACKS, BACK DOORS, AND SPOOFING
FirewallsA firewall is hardware and/or software that Protects a network’s resources from intrusion by users on another network such as the Internet.
Organizations use firewalls to protect networkresources from outsiders and to restrict employees’ access to sensitive data such as payroll or personnel records.
SAFEGUARDS AGAINST BOTNETS, DOS/DDOATTACKS, BACK DOORS, AND SPOOFING
A proxy server is a server outside the organization’s network that controls which communications pass into the organization’s network.
Intrusion Detection Software automatically analyses all network traffic, assesses system vulnerabilities, identifies any unauthorizedintrusions, and notifies network administratorsof suspicious behaviour patterns or systembreaches.
SAFEGUARDS AGAINST BOTNETS, DOS/DDOATTACKS, BACK DOORS, AND SPOOFING
Honeypots Some organizations use honey pots so that they can analyse an attack being perpetrated.
A honey pot is a vulnerable computer that is set up to entice an intruder to break into it.
SAFEGUARDS AGAINST COMPUTER VIRUSESAND OTHER MALWARE
Do not start a computer with removable media inserted in the drives or plugged in the ports.
Never open an e-mail attachment unless youare expecting the attachment and it is from atrusted source.
Some viruses are hidden in macros, whichare instructions saved in software such as a word processing or spreadsheet program.
SAFEGUARDS AGAINST COMPUTER VIRUSESAND OTHER MALWARE
Users should install an antivirus program andupdate it frequently.
UNAUTHORIZED ACCESSAND USE
Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or possibly
illegal activities.
IDENTIFYING AND AUTHENTICATING USERS Identification verifies that an individual is a
valid user. Authentication verifies that the individual is
the person he or she claims to be. Three methods of identification and
authentication include user names and passwords, possessed objects (badges, cards, smart cards,and keys, PIN), and biometric devices.
DIGITAL FORENSICS
Digital forensics, also called computer forensics, network forensics, or cyberforensics, is the discovery, collection, and analysis of evidence found on computers and networks.
Digital forensics involves the examination of computer media, programs, data and log files on computers,servers, and networks. Many areas use digital forensics, including law enforcement, criminal prosecutors, military intelligence, insurance agencies, and information security departments in the private sector.
HARDWARE THEFT AND VANDALISM Hardware theft is the act of stealing
computer equipment. Hardware vandalism is the act of
defacing ordestroying computer equipment. Hardwarevandalism takes many forms, from someonecutting a computer cable to individuals breakinginto a business or school computer lab andaimlessly smashing computers.
SAFEGUARDS AGAINST HARDWARE THEFTAND VANDALISM
Physical access controls, such as locked doors and windows, usually are adequate to protect the equipment.
Some businesses use a real time location system (RTLS) to track and identify the location of high-risk or high-value items. One implementation of RTLS places RFID tags in items to be tracked.
SOFTWARE THEFT
Software theft occurs when someone (1) steals software media, (2) intentionally erases programs, (3) illegally copies a program, or (4) illegally registers and/or activates a program(key gen).
SAFEGUARDS AGAINST SOFTWARE THEFT To protect themselves from software
piracy,software manufacturers issue users licenseagreements.
A license agreement is the right to use the software. All computer users should back up their files and disks regularly, in the event of theft.
INFORMATION THEFT
Information theft occurs when someone steals personal or confidential information. If stolen, the loss of information can cause as much damage as (if not more than) hardware or software theft.
SAFEGUARDS AGAINST INFORMATION THEFT
Encryption Encryption is a process of converting
readable data into unreadable characters to prevent unauthorized access. You treat encrypted data just like any other data. That is, you can store it or send it in an e-mail message. To read the data, the recipient must decrypt, or decipher, it into a readable form.
SAFEGUARDS AGAINST INFORMATION THEFT
A digital signature is an encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the message sender.
A digital certificate is a notice that guarantees a user or a Web site is legitimate. E-commerce applications commonly use digital certificates.
Web browsers, such as Internet Explorer, often display a warning message if a Web site does not have a valid digital certificate.
SAFEGUARDS AGAINST INFORMATION THEFT
Transport Layer Security (TLS), a successor to Secure Sockets Layer (SSL), provides encryption of all data that passes between a client and an Internet server.
Secure HTTP (S-HTTP) allows users to choose an encryption scheme for data that passes between a client and a server. With S-HTTP, the client and server both must have digital certificates.
VPN
SYSTEM FAILURE
A system failure is the prolongedmalfunction of a computer. System failure alsocan cause loss of hardware, software, data, orinformation.
A variety of causes can lead to systemfailure. These include aging hardware; naturaldisasters such as fires, floods, or hurricanes;random events such as electrical power
problems; and even errors in computer programs.
WIRELESS SECURITY
A wireless access point (WAP) should beconfigured so that it does not broadcast anetwork name, known as an SSID (serviceset identifier).
Wi-Fi Protected Access (WPA) is a securityStandard
An 802.11i network, sometimes calledWPA2, the most recent network securitystandard
ETHICS AND SOCIETY
Computer ethics are the moral guidelines that govern the use of computers and information systems.
Seven frequently discussed areas of computer
ethics are unauthorized use of computersand networks, software theft (piracy), information accuracy, intellectual property rights, codes of conduct, information privacy, and green computing.
Information AccuracyInformation accuracy today is a concernbecause many users access information maintained by other people or companies, such as on the Internet.
Intellectual Property Rights Intellectual property (IP) refers to unique and original
works such as ideas, inventions, art, writings, processes, company and product names, and logos. Intellectual property rights are the rights to which creators are entitled for their work.
A copyright gives authors and artists exclusiverights to duplicate, publish, and sell their materials.
Codes of ConductRecognizing that individuals need specificstandards for the ethical use of computers, anumber of computer-related organizations haveestablished IT (information technology) codes ofconduct.
An IT code of conduct is a written guideline that helps determine whether a specific computer action is ethical or unethical.
Green ComputingGreen computing involves reducing theelectricity and environmental waste while using a computer. People use, and often waste, resources such as electricity and paper while using a computer.
Information privacy refers to the right ofindividuals and companies to deny or restrictthe collection and use of information aboutthem.
Electronic Profiles When you fill out a form such as a magazine
subscription, product warranty registrationcard, or contest entry form, the merchant that receives the form usually enters it into a database.
CookiesE-commerce and other Web applicationsoften rely on cookies to identify users andcustomize Web pages.
A cookie is a small text file that a Web server stores on your computer. Cookie files typically contain data about you, such as your user name or viewing preferences.
SpamSpam is an unsolicited e-mail message or newsgroup posting sent to many recipients or news groups at once.
Spam is Internet junk mail The content of spam ranges from selling a product or service, to promoting a business opportunity, to advertising offensive material.
An alternative to e-mail filtering is to purchase an anti-spam program that attempts to remove spam before it reaches your inbox.
Privacy LawsThe concern about privacy has led to theenactment of federal and state laws regarding the storage and disclosure of personal data.
Social EngineeringSocial engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others.
PhishingPhishing is a scam in which a person sends an official looking e-mail message that attempts to obtain your personal and financial information.
Spyware and Adware spyware is a program placed on a computer without the
user’s knowledge that secretly collects information about the user. spyware is a program placed on a computer without the user’s knowledge that secretly collects information about the user.
Adware is a program that displays an online advertisement in a banner or pop-up window on Web pages, e-mail messages, or other Internet services.
Employee MonitoringEmployee monitoring involves the use of computers to observe, record, and review an employee’s use of a computer, including communications such as e-mail messages, keyboard activity (used to measure productivity), and Web sites visited.
Content FilteringContent filtering is the process of restricting access to certain material on the Web. Content filtering opponents argue that banning any materials violates constitutional guarantees of free speech and personal rights.