Mudji Rachmat Ramelan muji@unila.ac.id



Formal


MBA, on Information Technology, 2005 Meinders Business
School, Oklahoma City University, Oklahoma.
B.Sc. Management. 1998. Marketing Management FE-UNILA
Non Formal





MCP (Microsoft Certified Professionals) on Windows 2000
Server and Windows 2000 Professional, Dbase III+
Programming, Paradox Programming, Novell Operating
System, CCNA, Oracle 8, Sun Thin Client
Diving Certificate Scuba Diver 3 1 Star Diver CMAS / POSSI
Short Course in internet Technology Prince of Songkha
University, Phuket Thailand
Short Course Training on Information Technology Develop ment at Kunsan Vocational Training Institute, South Korea
Short course for INHERENT administrator, ITB, Bandung

 (1999 – now) Lecturer at Management Department, FE UNILA



(1996) Network Administrator Buletin Board Service - UNILA
(1999) TA at Medical Faculty, Sriwijaya University Palembang
(1997-2000) Administrator Project for UNILA–LAMPUNG node on with
AI3 (Asia Internet Initiatives Interconnection)



(1999–2000) Network Design Team for (SIAKAD) UNILA
(1997–2002) IT Procurement Unit LPIU-DUE Project UNILA
(1996 – 2002) Network Design Team and IU UNILA BACKBONE



(2002 ) Procurement Unit for TPSDP–UNILA cooperation with BINUS
(Bina Nusantara), GUNADARMA, BUMIGORA University.
Task Force Inherent K2 Universitas Lampung 2006
Procurement IMHERE Project UNILA 2007 – 2008


PIC INHERENT Local Node UNILA 2006 - now
Koordinator BBS-Unilanet Pusat Pelayanan Internet PUSKOM UNILA –
July 2006 - now







Activities







This “telephone” has too many shortcomings to be seriously considered as a means of communication. The device is inherently of no value to us.
Western Union internal memo, 1876
I think there is a world market for maybe five computers.
-Thomas Watson, chairman of IBM, 1943
But what [is a microchip] good for?
-Engineer at the Advanced Computing
Systems Division of IBM, 1968
There is no reason anyone would want a computer in their home.
-Ken Olson, president, chairman, and founder of Digital Equipment Corp., 1977
640K ought to be enough for anybody.
-Attributed to Bill Gates, chairman of Microsoft, 1981
Dell has a great business model, but that dog won’t scale.
John Shoemaker, head of Sun’s server division, 2000

Internet and Intranet








Internet Map
 Internet map: http://www.caida.org/tools/visualization/mapnet/Backbones/

Internet History






1836 Telegraph, Patented.
1858-1866 Transatlantic cable. Europe and US
1876 Telephone by Alexander Graham Bell
1957 Sputnik launch (USSR), Advanced Research Projects
Agency (ARPA) Inside US DoD
 1962 - 1968 Packet-switching (PS) networks initiate as foundation of data transfer in internet
1969 the birth of ARPANET by DoD
1971 ARPANET expanded to 15 nodes (23 host), email were introduce
 1972 the first public demonstration of ARPANET connecting 40 host, Telnet were introduce

Internet History (con ’ t)
1973
 The first International connection of ARPANET to University
College of London (England) and Royal Radar
Establishment (Norway)
 Ethernet and FTP (file transfer protocol) format were initiate, the idea of internet emerged.
1974
 TCP (Transmission Control Program) used as standard in
ARPANET network
 Telenet, commercial version of ARPANET launched.
1976



Networking networks expanding.
UUCP (Unix-to-Unix CoPy) created by AT&T Bell Labs and distributed together with UNIX
UNIX as operating system still used until now.

Internet History (con ’ t)
1977


E-mail become more popular
Internet became reality with 100 connected host.


THEORYNET became the fist network that provide email to more than 100 researcher.
Email format and specifications became standard
 Public demonstration of ARPANET/Packet Radio Net/
SATNET Internet protocols through gateways.
1979



News Groups introduced
USENET created with UUCP and still used until today
ARPA created Internet Configuration Control Board.

Internet History (con ’ t)
1981


Various private and commercial network started to combine and connected.
BITNET ("Because It's Time NETwork ” ) started as first cooperative network at City University (New York) with first connection to Yale University
1982
 TCP/IP (Transmission Control Protocol (TCP) dan Internet
Protocol (IP) ), became future data communication standard.
1983
 Internet became bigger and bigger
 Name server created, host naming with alphabet characters started.


Internet Activities Board (IAB) created replacing ICCB
Berkeley Labs launch UNIX 4.2BSD with TCP/IP

Internet History (con ’ t)
1984
 Host connected reach 1000 hosts

1986
Domain Name Server (DNS) implemented, host naming become less complicated 123.456.789.10 = www.myuniversity.mydept.mynetwork.mycountry
(www.unila.ac.id).
 Internet power become reality with 5000 host connected and 241 news groups.

1987
Network News Transfer Protocol (NNTP) created.


Internet commercialization, host number increased to
28.000
UUNET established provided commercial UUCP and
Usenet access.

Internet History (con ’ t)
1988
 Introduction of Internet Relay Chat (IRC)
1989
 Host increase to 100,000 hosts.
 The first relay between commercial email and internet
 Internet Engineering Task Force (IETF) and Internet
Research Task Force (IRTF) established under IAB
1990



Host increase to 300,000 Hosts and 1,000 News groups
ARPANET existence decrease
The World (world.std.com) the first company that provide internet service through dial up

Internet History (con ’ t)
1991
 Friendly User Interface ke WWW created.
 Gopher created by Paul Lindner and Mark P. McCahill from university of Minnesota.

1992
World-Wide Web (WWW) standard established by CERN;
Tim Berners-Lee
 Multimedia change the face of internet




Host number increase to 1 million, News groups reach
4,000
Established of Internet Society (ISOC)
The first MBONE audio multicast (March) dan video multicast (November).
"Surfing the Internet" introduced by by Jean Armour Polly.

Internet History (con ’ t)
1993
 WWW revolution, 2 Million hosts and 600 WWW sites.



Business and Media really take notice of the Internet.
White house and United Nations on-line.
Mosaic popularity in internet as front end for WWW evolved to Netscape the most popular WWW browser at that time.
1994


Internet commercialization started, 3 million host10.000 www sites and 10.00 newsgroup
ARPANET/Internet 25 th year anniversary.


Local community started to connect directly to internet,
US senate start to give information server access.
Internet Became life standard, the first Cyberbank opened

Internet History (con ’ t)
1995
 6.5 Million Hosts, 100,000 WWW Sites.
 dial-up systems (by Compuserve, America Online, Prodigy) selling internet access
 Domain name registration is not free any more.
 Search Engine technology introduced.
1996
 Microsoft entering internet business, 12.8 Million hosts and
0.5 million WWW sites.
 Telephone Technology through internet (VO-IP) became threat to telecommunication industry, they plead to US senate to banned this technology. (US Senate only banned this technology only for 1 year)
 WWW wars between netscape dan microsoft started.

 200,000,000 IP Hosts
> 840,000,000 Users





 INTERNET naming based on TCP/IP protocol
 IP (Internet Protocol)
 Based on 4 column between 0 and 255 and each column separated by dot.
 xxx.xxx.xxx.xxx
 167.205.136.1
 35.8.7.92
 This technology called IPv4 (Internet Protocol
Version 4)

 IP address management in the world being distributed and manage by InterNIC where it will distributed to ISP
(Internet Service Provider),
 ISP will distributed to its user and customer.
 DNS (domain name system) used to give flexibility to translate ip address number to non number identification.
 167.205.136.1 = www.unila.ac.id
 208.150.216.210 = www.kompas.com

 DNS concepts can be describe as




 maiser.unila.ac.id
1 . 2 . 3 . 4
4 = country code
 .id = Indonesia


.uk = United Kingdom
.us = United States
(peter@jerk.edu.uk)
(peter@mars.nasa.go)
 .jp = Japan (shien@maca.ac.jp)
.au = Australia
.sg = Singapore
(bob@landiv.mil.au)
(head@intel.com)


 maiser.unila.ac.id
 1 . 2 . 3 . 4
.ac / the third column = institution type










.ac. = Academic
.edu.= Education
(admin@maiser.unila.ac.id)
(admin@grep.mit.edu)
.mil.= militer (pentagon-info@mil.us)
.com/co.= commercial (snake@petshop.com)
.gov/go. = government (alatas@rty.deplu.gov.id)
.org / or = organization (info@golkar.org)
.net. = Internet Service Provider (server@idola.net.id)
.tv. = television
Web = web provide company
Sch = school


 maiser.unila.ac.id
 1 . 2 . 3 . 4
.unila / 2 nd column = institution name
 .itb.= Institut Teknologi Bandung




.ui. = Universitas Indonesia
.bppt. = BPPT
.ptme = PT. Metrodata Elektronik
(info@nic.itb.ac.id)
(puskom@ui.ac.di)
(info@bppt.go.id)
(sales@ptme.com)
.republika = Koran Republika (kontak@republika.co.id)
 Maiser. / 1 st column = machine/host name/sub institution
 Webmaster@unila.ac.id
 maiser = komputer mail server


Info@cnrg.itb.ac.id
 cnrg = computer network research group
Info@xxx.oke.edu
 xxx = komputer xxx



Format email

 xxx@xxx.xxx.xxx
MISAL :

 zarina@maiser.unila.ac.id
majordomo@itb.ac.id

 majordomo@columbia.edu
admin@unila.ac.id
Email reader
 Pine





Outlook
Netscape Messengger
Eudora
Pegasus environment) dll
(unix environment)
(windows environment)
(windows environment)
(windows environment)
(dos/windows







From
To
CC
BCC
Subject
(sender)
(receiver)
(carbon copy / tembusan)
(blind carbon copy / tembusan)
(isi subyek dari email)
ATTACHMENT (sisipan file)

gTLD Entity Notes
.aero
air-transport industry
Must verify eligibility for registration; only those in various categories of air-travel-related entities may register.
.asia
Asia-Pacific region This is a TLD for companies, organizations, and individuals based in the region of Asia, Australia, and the Pacific.
.biz
business This is an open TLD; any person or entity is permitted to register;
.cat
.com
.coop
Catalan commercial cooperatives however, registrations may be challenged later if they are not by commercial entities in accordance with the domain's charter.
This is a TLD for websites in the Catalan language or related to
Catalan culture.
This is an open TLD; any person or entity is permitted to register.
The .coop TLD is limited to cooperatives as defined by the
Rochdale Principles.
The .edu TLD is limited to accredited postsecondary institutions .edu
educational
(nearly all 2 and 4-year colleges and universities in the U.S. and increasingly overseas, e.g., Australia and China).
.gov
U.S. governmental The .gov TLD is limited to U.S. governmental entities and agencies (mostly but not exclusively federal).
.info
information This is an open TLD; any person or entity is permitted to register.

gTLD
.int
.jobs
Entity international organizations companies
Notes
The .int TLD is strictly limited to organizations, offices, and programs which are endorsed by a treaty between two or more nations.
The .jobs TLD is designed to be added after the names of established companies with jobs to advertise. At this time, owners of a "company.jobs" domain are not permitted to post jobs of third party employers.
The .mil TLD is limited to use by the U.S. military.
.mil
U.S. military
.mobi
mobile devices Must be used for mobile-compatible sites in accordance with standards.
.museum
museums
.name
individuals, by name
Must be verified as a legitimate museum.
This is an open TLD; any person or entity is permitted to register; however, registrations may be challenged later if they are not by individuals (or the owners of fictional characters) in accordance with the domain's charter.

.net
.org
.pro
.tel
gTLD
.travel
Entity network organization professions
Notes
This is an open TLD; any person or entity is permitted to register.
This is an open TLD; any person or entity is permitted to register.
Currently, .pro is reserved for licensed or certified lawyers, accountants, physicians and engineers in France, Canada, UK and the U.S. A professional seeking to register a .pro domain must provide their registrar with the appropriate credentials.
Internet communication services travel and tourism Must be verified as a legitimate travel-related entity.
industry related sites








Tuvalu and the Federated States of Micronesia , small island-states in the Pacific, have partnered with VeriSign and FSM Telecommunications respectively, to sell domain names using the .tv
and .fm
TLDs to television and radio stations.
.ad
is a ccTLD for Andorra , but has recently been increasingly used by advertising agencies or classified advertising .
.am
is a ccTLD for Armenia , but is often used for AM radio stations, or for domain hacks (such as .i.am)
.dj
is a ccTLD for Djibouti but is used for CD merchants and disc jockeys.
.je
is a ccTLD for Jersey but is often used as a diminutive in Dutch (e.g. "huis.je"), as
"you" ("zoek.je" = "search ye!"), or as "I" in French (e.g. "moi.je") .la
is a ccTLD for
Laos but is marketed as the TLD for Los Angeles .
.li
is a ccTLD for Liechtenstein but is marketed as the TLD for Long Island .
.lv
is a ccTLD for Latvia but is also used to abbreviate Las Vegas or less frequently, love . .ly
is a ccTLD for Libya but is also used for words ending with suffix "ly".











.sc
is a ccTLD for Seychelles but is often used as .Source
.sh
is a ccTLD for Saint Helena , but is also sometimes used for entities connected to the German Bundesland of Schleswig-Holstein .
.si
is a ccTLD for Slovenia , but is also used by Hispanic sites as "yes" ("sí"). Mexican mayor candidate Jorge Arana, for example, had his web site registered as http://www.jorgearana.si
(i.e. "Jorge Arana, sí", meaning Jorge Arana, yes").
.sr
is a ccTLD for Suriname but is marketed as being for "seniors".
.st
is a ccTLD for São Tomé and Príncipe but is being marketed worldwide as an abbreviation for various things including "street".
.tk
is a ccTLD for Tokelau but is bought by someone and given away at dot.tk page
.tm
is a ccTLD for Turkmenistan but it can be used as "Trade Mark"
.to
is a ccTLD for Tonga but is often used as the English word "to", like "go.to"; also is marketed as the TLD for Toronto .
.tv
is a ccTLD for Tuvalu but it is used for the television ("TV") / entertainment industry purposes.
.vg
is a ccTLD for British Virgin Islands but is sometimes used to abbreviate Video games











.vu
is a ccTLD for Vanuatu but means "seen" in French as well as an abbreviation for the English language word "view".
.ws
is a ccTLD for Samoa (earlier Western Samoa), but is marketed as
.Website
.md
is a ccTLD for Moldova , but is marketed to the medical industry (as in
"medical domain" or "medical doctor").
.me
is a ccTLD for Montenegro , and is recently opened to individuals.
.ms
is a ccTLD for Montserrat , but is also used by Microsoft for such projects as popfly.ms
.
.mu
is a ccTLD for Mauritius , but is used within the music industry.
.ni
is a ccTLD for Nicaragua , but is occasionally adopted by companies from Northern Ireland , particularly to distinguish from the more usual
.uk
within all parts of the United Kingdom
.nu
is a ccTLD for Niue but marketed as resembling "new" in English and
"now" in Scandinavian/Dutch. Also meaning "nude" in French/Portuguese.
.pr
is a ccTLD for Puerto Rico , but can be used in the meaning of "Public
Relations"

 Broadband
 Speedy (Indonesia)
 Cox.net (US)
 Dial Up



Telkomnet Instant
(Indonesia_
Netzero (US)
 Wireless Lan
2.4 Ghz
 5.x Ghz
 Fiber Optic
 Mobile


Telkomsel Flash
Indosat


Virgin Mobile
AT&T
 PRICING !!!!



The usefulness, or utility, of a network equals the square of the number of users
 The more users on a network, the more useful it becomes
Until critical mass is reached, a change in technology only affects the technology


Once critical mass is attained, social, political, and economic systems change
Example: The Internet is growing exponentially. We can expect more value, for less cost, virtually every time we log on.
38










South Korea (95%)
Singapore (88%)
Netherlands (85%)
Denmark (82%)
Taiwan (81%)
Hong Kong (81%)
Israel (77%)
Switzerland (76%)
Canada (76%)











Norway (75%)
Australia (72%)
Finland (69%)
France (68%)
United Kingdom (67%)
United Arab Emirates
(65%)
Japan (64%)
Sweden (63%)
Estonia (62%)
Belgium (62%)
USA (60%)
Source : http://arstechnica.com/tech-policy/news/2009/06/us-20th-in-broadband-penetration-trails-s-korea-estonia.ars












1977: 111 hosts on Internet
1981: 213 hosts
1983: 562 hosts
1984: 1,000 hosts
1986: 5,000 hosts
1987: 10,000 hosts
1989: 100,000 hosts
1992: 1,000,000 hosts
2001: 150 – 175 million hosts
2002: over 200 million hosts
By 2010, about 80% of the planet will be on the
Internet













http://docs.google.com
http://maps.google.com/ http://www.google.com/trends http://www.google.com/analytics/
Zinio.com
www.netflix.com
http://books.google.com/ http://translate .
google .com
http://www4.passur.com/jfk.html
http://radar.weather.gov
http://www.news9.com/global/Category.asp?c=118562 http://www.internetworldstats.com/stats.htm





Shopping cart Website

 http://ecommerce.networksolutions.com/ http://www.fortune3.com

 http://store.resellfortune.com/ http://www.activecheckout.com/
Security
 http://www.verisign.com
Payment


 http://www.daopay.com
http://www.plimus.com/ http://www.onebip.com
E-commerce sites

 www.nike.com
http://www.thaigem.com

 http://www.gov.tw/ (Taiwan)
 http://www.gov.sg/ (Singapore)
 http://www.ecitizen.gov.sg/ (Singopore)
 http://www.usa.gov/ (USA)
 http://www.bantul.go.id
 http://www.agamkab.go.id/
 http://www.kotabekasi.go.id/





 Singapore : SINGAREN ( www.singaren.net.sg
)





Australia : AARNET ( www.aarnet.edu.au
)
China : CERNET ( www.cernet.edu.cn
)
USA : ABILENE (abilene.internet2.edu)
Europe : GEANT ( www.geant.net
)
Asia : TEIN2 ( www.tein2.net
)

• ADVANCE NETWORK
– Stm 1 : 155 Mbps
– UI, ITB, UGM, UNDIP, UNIBRAW, ITS
• MEDIUM NETWORK
– 4E1: 8 Mbps
– USU, UNAND, UNUD, UNHAS, UNSRAT, UNSRI, UNSYIAH, UNRI,
UNTIRTA, UNJA, UNIB, UNILA, UNDANA, UNRAM, UNHALU,
UNMUL, UNTAN, UNPAR, UNLAM, UNTAD, UNG
• BASIC NETWORK
– 1E1 : 2 Mbps
– UNCEN, UNIPA, UNPATI, UNKHAIR
• REDUNDANT LINK
– 1 Mbps :
– UNSRAT-UNMUL ; UNTAN-UNSYIAH; UNIB-UNRAM; UNDANA-
UNHALU

 Sekitar Juli 2006
 Kategori dan Fungsi utama JARDIKNAS :



JARDIKNAS Kantor Dinas/Institusi
 Transaksi data online SIM Pendidikan
JARDIKNAS Perguruan Tinggi

Riset dan Pengembangan IPTEKS
JARDIKNAS Sekolah

Akses Informasi dan E-Learning
 JARDIKNAS Guru dan Siswa

Akses Informasi dan Interaksi Komunitas

Zona
Teknologi
Zona
Perguruan
Tinggi
Zona Kantor
Dinas/Institusi
Media
Akses
Serat Optik dan Satelit
Serat Optik,
Wireline dan
Satelit
Kapasitas
Jaringan
(Bandwidth)
2 Mbps s/d
155 Mbps
Teknologi
Jaringan
256 Kbps s/d
2 Mbps
STM-1, VSAT
IP
Dedicated atau
Leased Line
MPLS, VPN IP, dan VSAT
Zona Sekolah
Wireless dan
Wireline
64 Kbps s/d
1 Mbps.
ADSL dan
Wireless 2.4
Ghz
Zona Guru dan Siswa
Seluler dan
Wireline
32 Kbps s/d
384 Kbps
ADSL,
3G/UMTS,
GPRS,
CDMA,
Dialup

(Keynote Speech, By, H. E. Prof. Dr. Bambang Sudibyo, MBA., Minister of National Education, Republic of Indonesia, In Microsoft Government Leader Forum (MGLF), Asia Pacific
2008, Jakarta, 8 May 2008)
 Sampai akhir 2007
 865 nodes (OfficeNet)
 10.000 nodes (SchoolNet)
 83 perguruan tinggi negeri
 200 perguruan tinggi swasta
 36 unit belajar jarak jauh Universitas Terbuka

 Video Conference
 VOIP
 IPv6
 PJJ PGSD / LPTK
 Peningkatan Content Pembelajaran
 Grid Computing

1.
inherent.unsil.ac.id
2.
inherent.ugm.ac.id
3.
inherent.stta.ac.id
8.
inherent.brawijaya.ac.
id
9.
inherent.ipb.ac.id
15. www.inherent.ui.edu
16. inherent.usm.ac.id
10. inherent.unimal.ac.id
17. inherent.uniku.ac.id
4.
inherent.wijayakusumasb
y.ac.id
5.
inherent.uwiga.ac.id
11. inherent.uns.ac.id
18. inherent.itn.ac.id:81
12. inherent.stsi-bdg.ac.id 19. inherent.unnes.ac.id
6.
inherent.uii.ac.id 13. inherent.unila.ac.id 20. inherent.usu.ac.id
7.
inherent.gunadarma.ac.id
14. inherent.uwiga.ac.id
21. inherent.unimmer.ac.id

 2006

 INHERENT 33.702.749.722,00
JARDIKNAS 35.028.065.000,00
 Total 68.730.814.722,00
 2007
 INHERENT ……….?
 JARDIKNAS ……..?
 Total ……..?



Implemented on
 Garuda, bank mandiri, BII, BNI, Telkom, FIF, SQP Indonesia,
Citibank, IBM Indonesia
BNI




November 2006 18.431 employee, on October 2007 16.733 employee already use E-learning program
The number will be higher than stated mostly because one employee can attend several modules repeatedly
Courseware (Content) 8.1 M Rp.

69 course
 269 module, 167 hours
Efficiency approx. 64 M Rp. On transportation, pocket money, consumption and accommodation

 BII












Employee Competency
BII Portal Corporate University (open source) as knowledge management system
CMS (content management system based)
LMS (learning management system) implementation (open source)
0.1% development cost from total training budget’
Upgrading hardware performance, creating teaching module
Created module (mandate module for employee)



Know your customer – anti money laundering
Operational risk management
Product knowledge and service quality
Target 70 hours on e-learning
Target to cover 6.305 employee estimate
Traditional methods can only covering 2.000 employee a year
With e-learning all 6.305 employee can be covered in one year
85% cost reduction

 FIF (Federal International Finance)
 Traditional methods


 every fresh employee must take Basic mentality module
Target for 2.500 employee at a 650 M Rp.
6 days training
 New Methods




Converting traditional training to e-learning
3 days
2.500 employee at approx. 185 M Rp.
Efficiency at 72%

 Computer crime includes
 Unauthorized use, access, modification, or destruction of hardware, software, data, or network resources
 The unauthorized release of information
 The unauthorized copying of software
 Denying an end user access to his/her own hardware, software, data, or network resources
 Using or conspiring to use computer or network resources illegally to obtain information or tangible property

 Hacking is
 The obsessive use of computers
 The unauthorized access and use of networked computer systems
 Electronic Breaking and Entering
 Hacking into a computer system and reading files, but neither stealing nor damaging anything
 Cracker
 A malicious or criminal hacker who maintains knowledge of the vulnerabilities found for private advantage





Denial of Service


Hammering a website’s equipment with too many requests for information
Clogging the system, slowing performance, or crashing the site
Scans


Widespread probes of the Internet to determine types of computers, services, and connections
Looking for weaknesses
Sniffer


Programs that search individual packets of data as they pass through the Internet
Capturing passwords or entire contents
Spoofing
 Faking an e-mail address or Web page to trick users into passing along critical information like passwords or credit card numbers






Trojan House
 A program that, unknown to the user, contains instructions that exploit a known vulnerability in some software
Back Doors
 A hidden point of entry to be used in case the original entry point is detected or blocked
Malicious Applets
 Tiny Java programs that misuse your computer’s resources, modify files on the hard disk, send fake email, or steal passwords
War Dialing
 Programs that automatically dial thousands of telephone numbers in search of a way in through a modem connection
Logic Bombs
 An instruction in a computer program that triggers a malicious act





Buffer Overflow
 Crashing or gaining control of a computer by sending too much data to buffer memory
Password Crackers
 Software that can guess passwords
Social Engineering
 Gaining access to computer systems by talking unsuspecting company employees out of valuable information, such as passwords
Dumpster Diving
 Sifting through a company’s garbage to find information to help break into their computers

 Many computer crimes involve the theft of money
 The majority are “inside jobs” that involve unauthorized network entry and alternation of computer databases to cover the tracks of the employees involved
 Many attacks occur through the Internet
 Most companies don’t reveal that they have been targets or victims of cybercrime

 Unauthorized use of computer systems and networks is time and resource theft
 Doing private consulting
 Doing personal finances
 Playing video games
 Unauthorized use of the Internet or company networks
 Sniffers
 Used to monitor network traffic or capacity
 Find evidence of improper use



General email abuses
Unauthorized usage and access


Copyright infringement/plagiarism
Newsgroup postings


Transmission of confidential data
Pornography


Hacking
Non-work-related download/upload
 Leisure use of the Internet


Use of external ISPs
Moonlighting
Chapter 13 Security and Ethical Challenges 73

 Software Piracy
 Unauthorized copying of computer programs
 Licensing
 Purchasing software is really a payment for a license for fair use
 Site license allows a certain number of copies
A third of the software industry’s revenues are lost to piracy
Chapter 13 Security and Ethical Challenges 74

 Intellectual Property
 Copyrighted material
 Includes such things as music, videos, images, articles, books, and software
 Copyright Infringement is Illegal
 Peer-to-peer networking techniques have made it easy to trade pirated intellectual property
 Publishers Offer Inexpensive Online Music
 Illegal downloading of music and video is down and continues to drop
Chapter 13 Security and Ethical Challenges 75

 A virus is a program that cannot work without being inserted into another program
 A worm can run unaided
 These programs copy annoying or destructive routines into networked computers
 Copy routines spread the virus
 Commonly transmitted through
 The Internet and online services
 Email and file attachments
 Disks from contaminated computers
 Shareware
Chapter 13 Security and Ethical Challenges 76



My Doom, 2004
 Spread via email and over Kazaa file-sharing network



Installs a back door on infected computers
Infected email poses as returned message or one that can’t be opened correctly, urging recipient to click on attachment
Opens up TCP ports that stay open even after termination of the worm
 Upon execution, a copy of Notepad is opened, filled with nonsense characters
Netsky, 2004



Mass-mailing worm that spreads by emailing itself to all email addresses found on infected computers
Tries to spread via peer-to-peer file sharing by copying itself into the shared folder
It renames itself to pose as one of 26 other common files along the way



SoBig, 2004
 Mass-mailing email worm that arrives as an attachment
 Examples: Movie_0074.mpg.pif, Document003.pif
 Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for email addresses to which it can send itself
 Also attempts to download updates for itself
Klez, 2002




A mass-mailing email worm that arrives with a randomly named attachment
Exploits a known vulnerability in MS Outlook to auto-execute on unpatched clients
Tries to disable virus scanners and then copy itself to all local and networked drives with a random file name
Deletes all files on the infected machine and any mapped network drives on the 13th of all even-numbered months

 Sasser, 2004
 Exploits a Microsoft vulnerability to spread from computer to computer with no user intervention
 Spawns multiple threads that scan local subnets for vulnerabilities

 Cost of the top five virus families
 Nearly 115 million computers in 200 countries were infected in 2004
 Up to 11 million computers are believed to be permanently infected
 In 2004, total economic damage from virus proliferation was $166 to $202 billion
 Average damage per computer is between
$277 and $366

 Adware
 Software that purports to serve a useful purpose, and often does
 Allows advertisers to display pop-up and banner ads without the consent of the computer users
 Spyware
 Adware that uses an Internet connection in the background, without the user’s permission or knowledge
 Captures information about the user and sends it over the Internet

 Spyware can steal private information and also
 Add advertising links to Web pages
 Redirect affiliate payments
 Change a users home page and search settings
 Make a modem randomly call premium-rate phone numbers
 Leave security holes that let Trojans in
 Degrade system performance
 Removal programs are often not completely successful in eliminating spyware

 The power of information technology to store and retrieve information can have a negative effect on every individual’s right to privacy
 Personal information is collected with every visit to a Web site
 Confidential information stored by credit bureaus, credit card companies, and the government has been stolen or misused

 Opt-In
 You explicitly consent to allow data to be compiled about you
 This is the default in Europe
 Opt-Out
 Data can be compiled about you unless you specifically request it not be
 This is the default in the U.S.
84

 Violation of Privacy


Accessing individuals’ private email conversations and computer records
Collecting and sharing information about individuals gained from their visits to Internet websites
 Computer Monitoring
 Always knowing where a person is


 Mobile and paging services are becoming more closely associated with people than with places
Computer Matching
 Using customer information gained from many sources to market additional business services
Unauthorized Access of Personal Files
 Collecting telephone numbers, email addresses, credit card numbers, and other information to build customer profiles

 There are multiple ways to protect your privacy
 Encrypt email
 Send newsgroup postings through anonymous remailers
 Ask your ISP not to sell your name and information to mailing list providers and other marketers
 Don’t reveal personal data and interests on online service and website user profiles

 Electronic Communications Privacy Act and Computer Fraud and Abuse Act

 Prohibit intercepting data communications messages, stealing or destroying data, or trespassing in federal-related computer systems
U.S. Computer Matching and Privacy Act



Regulates the matching of data held in federal agency files to verify eligibility for federal programs
Other laws impacting privacy and how much a company spends on compliance
Sarbanes-Oxley





Health Insurance Portability and Accountability Act (HIPAA)
Gramm-Leach-Bliley
USA Patriot Act
California Security Breach Law
Securities and Exchange Commission rule 17a-4
Chapter 13 Security and Ethical Challenges 87






The opposite side of the privacy debate…
 Freedom of information, speech, and press
Biggest battlegrounds - bulletin boards, email boxes, and online files of Internet and public networks
Weapons used in this battle – spamming, flame mail, libel laws, and censorship
Spamming - Indiscriminate sending of unsolicited email messages to many Internet users
Flaming


Sending extremely critical, derogatory, and often vulgar email messages or newsgroup posting to other users on the Internet or online services
Especially prevalent on special-interest newsgroups
Chapter 13 Security and Ethical Challenges 88

 Laws intended to regulate activities over the Internet or via electronic communication devices


Encompasses a wide variety of legal and political issues
Includes intellectual property, privacy, freedom of expression, and jurisdiction


The intersection of technology and the law is controversial
 Some feel the Internet should not be regulated


Encryption and cryptography make traditional form of regulation difficult
The Internet treats censorship as damage and simply routes around it
Cyberlaw only began to emerge in 1996
 Debate continues regarding the applicability of legal principles derived from issues that had nothing to do with cyberspace
Chapter 13 Security and Ethical Challenges 89

 Encryption
 Data is transmitted in scrambled form
 It is unscrambled by computer systems for authorized users only
 The most widely used method uses a pair of public and private keys unique to each individual
Chapter 13 Security and Ethical Challenges 90

 Firewalls
 A gatekeeper system that protects a company’s intranets and other computer networks from intrusion
 Provides a filter and safe transfer point for access to/from the Internet and other networks
 Important for individuals who connect to the Internet with DSL or cable modems
 Can deter hacking, but cannot prevent it
Chapter 13 Security and Ethical Challenges 91

Chapter 13 Security and Ethical Challenges 92

 Denial of service attacks depend on three layers of networked computer systems
 The victim’s website
 The victim’s Internet service provider
 Zombie or slave computers that have been commandeered by the cybercriminals
Chapter 13 Security and Ethical Challenges 93

 At Zombie Machines
 Set and enforce security policies
 Scan for vulnerabilities
 At the ISP
 Monitor and block traffic spikes
 At the Victim’s Website
 Create backup servers and network connections
Chapter 13 Security and Ethical Challenges 94

 Email Monitoring
 Use of content monitoring software that scans for troublesome words that might compromise corporate security
 Virus Defenses
 Centralize the updating and distribution of antivirus software
 Use a security suite that integrates virus protection with firewalls, Web security, and content blocking features
Chapter 13 Security and Ethical Challenges 95






Security Codes


Multilevel password system
Encrypted passwords
 Smart cards with microprocessors
Backup Files
 Duplicate files of data or programs
Security Monitors


Monitor the use of computers and networks
Protects them from unauthorized use, fraud, and destruction
Biometrics
 Computer devices measure physical traits that make each individual unique
 Voice recognition, fingerprints, retina scan
Computer Failure Controls


Prevents computer failures or minimizes its effects
Preventive maintenance
 Arrange backups with a disaster recovery organization
Chapter 13 Security and Ethical Challenges 96

 In the event of a system failure, fault-tolerant systems have redundant processors, peripherals, and software that provide
Fail-over capability: shifts to back up components 



Fail-save capability: the system continues to operate at the same level
Fail-soft capability: the system continues to operate at a reduced but acceptable level
A disaster recovery plan contains formalized procedures to follow in the event of a disaster
 Which employees will participate





What their duties will be
What hardware, software, and facilities will be used
Priority of applications that will be processed
Use of alternative facilities
Offsite storage of databases
Chapter 13 Security and Ethical Challenges 97

 IT Security Audits
 Performed by internal or external auditors
 Review and evaluation of security measures and management policies
 Goal is to ensure that that proper and adequate measures and policies are in place
Chapter 13 Security and Ethical Challenges 98

Chapter 13 Security and Ethical Challenges 99