Chapter 11: Computer Crime and Information Security

1
Chapter 11 Computer Crime and Information
Security

• Succeeding with Technology Second Edition

2
Objectives

• Describe the types of information that must be
  kept secure and the types of threats against them
• Describe five methods of keeping a PC safe and
  secure
• Discuss the threats and defenses unique to
  multiuser networks

3
Objectives (continued)

• Discuss the threats and defenses unique to
  wireless networks
• Describe the threats posed by hackers, viruses,
  spyware, frauds, and scams, and the methods of
  defending against them

4
Information Security and Vulnerability What is
at Stake?

• Identity theft
• The criminal act of using stolen information
  about a person to assume that persons identity
• Intellectual property
• Product of the mind or intellect over which the
  owner holds legal entitlement
• Intellectual property rights
• Ownership and use of intellectual property such
  as software, music, movies, data, and information

5
(No Transcript)
6
(No Transcript)
7
(No Transcript)
8
What is at Stake? (continued)

• Security threats to businesses
• Virus
• Insider abuse of Internet access
• Laptop theft
• Unauthorized access by insiders
• Denial-of-service attacks
• System penetration
• Theft of proprietary information
• Sabotage

9
What is at Stake? (continued)

• Business intelligence
• Process of gathering and analyzing information in
  the pursuit of business advantage
• Competitive intelligence
• Form of business intelligence concerned with
  information about competitors
• Counterintelligence
• Concerned with protecting your own information
  from access by your competitors

10
(No Transcript)
11
Threats to Information Security

• Security vulnerabilities or security holes
• Software bugs that allow violations of
  information security
• Software patches
• Corrections to software bugs that cause security
  holes
• Piracy
• The illegal copying, use, and distribution of
  digital intellectual property
• Plagiarism
• Taking credit for someone elses intellectual
  property

12
(No Transcript)
13
(No Transcript)
14
Threats to Information Security (continued)

• Hackers, crackers, intruders, and attackers
• Black-hat hacker
• White-hat hacker
• Gray-hat hacker
• Script kiddie

15
(No Transcript)
16
Machine Level Security

• Common forms of authentication
• Something you know
• Password or personal identification number (PIN)
• Something you have
• ID cards, smartcards, badges, keys,
• Something about you
• Unique physical characteristics such as
  fingerprints

17
(No Transcript)
18
Passwords

• Username
• Identifies a user to the computer system
• Password
• A combination of characters known only to the
  user that is used for authentication
• Strongest passwords
• Minimum of eight characters in length
• Do not include any known words or names

19
(No Transcript)
20
(No Transcript)
21
ID Devices and Biometrics

• Biometrics
• The science and technology of authentication by
  scanning and measuring a persons unique physical
  features
• Facial pattern recognition
• Uses mathematical technique to measure the
  distances between 128 points on the face
• Retinal scanning
• Analyzes the pattern of blood vessels at the back
  of the eye

22
(No Transcript)
23
Encrypting Stored Data

• Encryption
• Uses high-level mathematical functions and
  computer algorithms to encode data
• Files
• Can be encrypted on the fly as they are being
  saved, and decrypted as they are opened
• Encryption and decryption
• Tend to slow down computer slightly when opening
  and saving files

24
Backing Up Data and Systems

• Backup software typically provides the following
  options
• Select the files and folders you wish to back up.
• Choose the location to store the archive file.
• Choose whether to back up all files (a full
  backup), or
• Just those that have changed since the last
  backup (an incremental backup)

25
(No Transcript)
26
System Maintenance

• Computer housecleaning
• Organizing the data files and software on your
  computer
• Housecleaning activities can include
• Deleting unneeded data files
• Organizing the remaining data files logically
  into folders and subfolders
• Emptying the recycle bin (Windows) or trash can
  (Mac)
• Deleting unneeded saved e-mail messages

27
Network Security - Multiuser System
Considerations

• Multiuser system
• Computer system where multiple users share access
  to resources such as file systems
• User permissions
• The access privileges afforded to each network
  user
• File ownership
• Files and Folders on the system must carry
  information that identifies their creator

28
(No Transcript)
29
(No Transcript)
30
Interior Threats

• Threats from within a private network
• Problems that occur on networks
• Stem from allowing network users to introduce
  software and data files from outside the network
• Many instances of identity theft
• Occur with the assistance of insiders with
  corporate network access

31
Security and Usage Policies

• Security and network usage policy
• Document, agreement, or contract that
• Defines acceptable and unacceptable uses of
  computer and network resources
• Typically warn against using the network for
  illegal activities
• Employers
• Not legally responsible for notifying employees
  of network usage policies

32
(No Transcript)
33
Wireless Network Security

• Wireless networks
• Provide wonderful convenience
• Have security risks
• Wi-Fi networks
• The most popular wireless protocol
• Are popping up in offices, homes, on city
  streets, in airports, coffee shops, even in
  McDonalds

34
(No Transcript)
35
Threats to Wireless Networks

• Access point
• Sends and receives signals to and from computers
  on the wireless local area network or WLAN
• By default, are set to broadcast their presence
• War driving
• Driving through neighborhoods with a wireless
  notebook or handheld computer looking for
  unsecured Wi-Fi networks

36
(No Transcript)
37
Securing a Wireless Network

• Options within the configuration software
• Allow you to disable the access points
  broadcasting of the network ID, the SSID
• Change password used to connect to access point
• Access point can be set to only allow certain
  computers to connect
• Popular wireless encryption protocols
• Wired Equivalent Privacy (WEP)
• Wi-Fi Protected Access (WPA)

38
Internet Security

• When a computer is connected to the Internet
• It becomes a target to millions of various attack
• Computers IP address
• Registered and known to others
• Attacks against Internet-connected computers
• Can come in the form of direct attacks or
• Through viruses, worms, or spyware

39
(No Transcript)
40
Hackers on the Internet

• Methods of Attack
• Key-logging
• packet-sniffing
• Port-scanning
• Social engineering
• Dumpster diving

41
(No Transcript)
42
Viruses and Worms

• Virus
• Program that attaches itself to a file
• Spreads to other files, and delivers a
  destructive action called a payload
• Trojan horses
• Appear to be harmless programs
• When they run, install programs on the computer
  that can be harmful
• Worm
• Acts as a free agent, replicating itself numerous
  times in an effort to overwhelm systems

43
(No Transcript)
44
Spyware, Adware, and Zombies

• Spyware
• Software installed on a computer without users
  knowledge
• Zombie computer
• Carries out actions (often malicious) under the
  remote control of a hacker
• Antispyware
• Software that searches a computer for spyware and
  other software that may violate a users privacy

45
(No Transcript)
46
Scams, Spam, Fraud, and Hoaxes

• Internet fraud
• Deliberately deceiving a person over the Internet
  in order to damage them
• Phishing scam
• Combines both spoofed e-mail and a spoofed Web
  site in order to
• Trick a person into providing private information
• Virus hoax
• E-mail that warns of a virus that does not exist

47
Scams, Spam, Fraud, and Hoaxes (continued)

• Spam
• Unsolicited junk mail
• Solutions to spam
• Bayesian filters
• Trusted sender technology
• Reputation systems
• Interfaces for client-side tools

48
(No Transcript)
49
Summary

• Total information security
• Securing all components of the global digital
  information infrastructure
• Fundamental security implemented at
• The individual machine level
• The point of entry to computers, computer
  networks, and the Internet

50
Summary (continued)

• When a computer is connected to a network
• Security risks increase
• With wireless technologies
• Attacker no longer has to establish a wired
  connection to a network
• Attacks against Internet-connected computers may
  come in the form of
• Direct attacks by hackers (system penetration) or
• Through viruses, worms, or spyware