Slides created by
Bob Koziel
Hagerstown Community College

 Use MS Power Point XP to view the presentation. Earlier versions will not show the animations correctly.
 Slides with an icon: Click to view all parts of the slide. Some slides need to be clicked several times.
 Slides with an icon: Represents an internet link. Clicking on it will take you to the website. Internet connection required.
 Clicking on the or icon will take you to the previous slide or the next slide
 Slides with videos or sounds: Click on the picture to view videos or listen to sounds

BRYAN PFAFFENBERGER
Chapter 12
What You Will Learn
Computer Crime and Security
 How attackers and intruders gain entry into computer systems to harm or destroy data
 Ways you can help system administrators keep computer systems safe from unauthorized users and viruses
 People who are most likely to attack or harm computer systems and their motives
 Types of losses caused by computer system intrusions and attacks
 The tools and techniques used to defend computer systems against intruders and attackers

What is the scope of the problem?
 Computer security risk - Any event, action, or situation that leads to the loss of computer systems or data
 Computer crime - Actions that violate state or
Federal laws
 Cybercrime - Crimes carried out over the Internet

What are some techniques used to commit computer crimes?
 Intruders gain unauthorized access to computer systems
 Techniques used to gain access are:
 Password guessing
 Shoulder surfing
 Packet sniffing
 Dumpster diving
 Social engineering
 Superuser status
 SATAN
 Techniques used by insiders are:
 Salami shaving
 Data diddling

What are computer viruses ?
 Computer viruses are malicious programs that infect a computer system causing various problems with its use

They replicate and attach themselves to programs in the system

More than 20,000 different computer viruses

How does a computer get infected ?
 Inserting a disk with an infected program and then starting the program
 Downloading an infected program from the
Internet
 Being on a network with an infected computer
 Opening an infected e-mail attachment

What are the types of viruses ?
File infectors
 Attach themselves to program files
 Spreads to other programs on the hard drive
 Most common type of virus
Boot sector virus
 Attach themselves to the beginning of hard drive
 Executes each time computer is started
 May lead to destruction of all data
Macro virus
 Infect automatic command capabilities of productivity software
 Attach themselves to data files in word processing, spreadsheet and database programs
 Spread when data files are exchanged between users

What are some other types of destructive programs ?
Time bombs
 Also called logic bombs
 Harmless until a certain event or circumstances activate the program
Trojan horse
 Disguises itself as a useful program
 Contains hidden instructions
 May erase data or cause other damage
Worm
 Resembles a virus
 Spreads from one computer to another
 Controls infected computers
 Attacks other networked computers

Who creates malicious and damaging computer crimes?
Hackers
 Computer hobbyists
 Try to find weaknesses and loopholes in computer systems
 Rarely destructive
 Adhere to hacker’s code of ethics
Crackers
 Also called black hats
 Obsessed with entering secure computer systems
 Rarely destructive
 Leave calling cards on systems they enter
Cyber gangs
 Brings crackers together by way of the
Internet and meetings
Virus authors
 Usually teenage males
 Want to push the boundaries of antivirus software
 Can be very damaging

More of who creates malicious and damaging computer crimes?
Disgruntled employees
 Sabotage a company’s computer system
 Create security holes called trap doors
 Can divulge trade secrets or destroy data
Swindlers
 Use the Internet to scam money from people
 Favorite distribution methods are e-mail, chat rooms and web sites
 Types of scams are: Rip & tear ,
Pumping and dumping and Bogus goods
Spies
 Participate in corporate espionage
 Some are hackers or former employees
 125 countries are involved in industrial espoionage
Shills
 Used on Internet auctions
 A secret operative who bid’s on a seller’s item to drive up the bid

What is cyberstalking ?
 Newest and fastest growing crime
 Using the Internet and other electronic media to harass and threaten a person
 Most perpetrators are men most victims are women
 Children are at risk from online sexual predators

What’s the cost of computer crime?
 Staff time - Computer staff stops everything and focuses on the problem
 Downtime The system is shutdown unitl it’s safe to operate again
 Replacing equipment - Company pays when computers and parts are missing due to theft
 Adverse publicity - Crimes go unreported because of fear of publicity of loss
 Loss of privacy - Sensitive personal information can end up in the hands of criminals
 Risk to public safety - Many government agencies rely on computers to maintain public safety
 Denial of service - Internet service becomes overloaded and doesn’t function

Protecting computers from power related problems (surges & outages)
 Use programs that have an auto save/auto recovery function
 Equip system with an uninterruptible power supply ; A battery powered device that automatically turns on when power is interrupted

Controlling access
 Choose authentication passwords that have at least eight letters, mix upper and lower case letters and include numbers
 Callback systems - Access is granted or denied based on information caller gives
 Know & have authentication- Users have various ways of accessing a system
 Tokens - Electronic device that generates a logon code
 Digital certificates - Resemble computer ID cards
 Smartcards - Credit card sized device with internal memory
 Biometric authentication - Voice recognition, retinal scans, thumbprints and facial recognition

Install a firewall program
 Programs that are designed to prohibit outside sources from accessing the computer system
 Personal firewall - Designed to protect home computers from unauthorized access while connected to the Internet

Use encryption
 Encryption programs make information unreadable if it is stolen
 Update web browser to use 128-bit encryption for online shopping

Use antivirus programs
 Called vaccines or virus checkers
 Uses pattern-matching techniques to examine program files for patterns of virus code
 Two drawbacks:

They cannot find viruses not in their database
 They can not find new viruses that alter themselves to evade detection
 Use antivirus programs that offer frequent updates and monitor system functions
 Check disks for viruses that were used on another system

Backup data
 Backup programs and data regularly
 Store backups away from the computer system
 Types of backups:
 Full backups - Everything stored on the computer; Backup once a month
 Incremental backups - Backup only those files that have changed since last backup: Backup daily or weekly
 Disaster recovery plan - Large organizations should develop a detailed plan for emergencies

Tips for avoiding scams
 Do business with established companies
 Read the fine print
 Don’t provide financial or personal information to anyone
 Be skeptical about information received in chat rooms

Tips for preventing cyberstalkers
 Don’t share personal information in chat rooms
 Be extremely cautious about meeting anyone you’ve contacted online
 Contact the police if a situation occurs that makes you feel afraid while online

THE
END