Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Mechanical Engineering

Masyarakat dan Teknologi Informasi Masa Kini Pertemuan 21

advertisement 
Matakuliah
Tahun
Versi
: T0604-Pengantar Teknologi Informasi
: 2008
: 2.0/0.0
Pertemuan 21
Masyarakat dan Teknologi
Informasi Masa Kini
Sumber:
Chapter 9. The Challenges of
Digital Age: Society and IT, p.463
Williams, B.K, Stacy C. Sawyer (2007).
Using Information Technology: A
Practical Introduction to Computers &
Communications. Seventh Edition,
McGraw-Hill, New York. ISBN-13: 978-007-110768-6
1
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa
akan mampu :
• menjelaskan: bagaimana data digital
digunakan utk membodohi orang lain, dan
dapat menjelaskan jenis-jenis ancaman
pada komputer, dan karakteristik dari lima
komponen sekuriti (C2)
2
Outline Materi
• Truth Issues: Manipulating Digital Data
• Security Issues: Threats
• Security: Safeguarding Computers &
Communications
3
Truth Issues: Manipulating
Digital Data
• Digital Images and Sounds can be manipulated
– Pro: Creates new forms of art
• Morphing software makes one image morph into another
http://www.cs.utah.edu/~dejohnso/morph.html
• Movies such as “Crouching Tiger, Hidden Dragon” and
“Harry Potter” contain many scenes that could never actually
happen
• Adobe Photoshop allows changes, enhancements to photos
• Digital technology allows musicians to sing every track of a
song and accompany themselves
– Con: Has made photographs & recordings
untrustworthy
• Famous Yalta summit photo edited: Stallone added in!
9-4
Truth Issues: Manipulating
Digital Data
– Photographs may not be authentic
– Photographs may be deliberately misleading
• 1994 Time magazine photo of O.J. Simpson was
digitally darkened to make him appear sinister
– Could this have biased potential jury members?
• Fashion model photos are routinely elongated to
make models appear more slender
– How many girls become anorexic to try to match those
models’ impossible perfection?
» http://www.etniesgirl.com/blog/2005/11/30/photoshop
-101-even-models-have-flaws
» http://www.tutorialized.com/tutorial/Basic-ModelRetouching/9547
» http://news.bbc.co.uk/1/hi/health/769290.stm
9-5
Truth Issues: Manipulating
Digital Data
• Techniques to combat digital deception
– Prof. William H. Mitchell of M.I.T. wrote the first
systematic, critical analysis of the digital revolution
– Corbis http://pro.corbis.com/ adds a digital watermark
to its photos
– Hany Farid of Dartmouth College devised algorithms
to detect changes to uncompressed digital photos
– Prof. Jessica Fridrich of S.U.N.Y. at Binghamton is
researching digital cameras that hide a picture of the
photographer’s iris inside each digital photo
9-6
Truth Issues: Manipulating
Digital Data
• Limitations of Public databases
– You can’t get the whole story
• Start with a public database, THEN do more research
– The data is not necessarily accurate
• Cross-check against multiple sources
– Each database service has boundaries
• Know what those boundaries are
– Different keywords bring different results
– History is limited
• These databases often begin with data from 1980 or later
9-7
Security Issues: Threats
•
•
•
•
Errors and accidents
Natural hazards
Computer crime
Computer criminals
9-8
Is my computer safe?
I’m concerned about it. What
do I need to do to use it
safely for work, home, and
school?
Security Issues: Threats
Errors & Accidents
• Human errors
– People choose the wrong computer
• Too simple or too complex
– Human emotions affect performance
• People get frustrated
– Human perceptions are slower than the
equipment
• Watch out when you click the OK button! You may
have just deleted something important!
9-9
Security Issues: Threats
Errors & Accidents
• Procedural errors
– When people fail to follow safe procedures, errors can
occur
• Software errors
– Programmers make coding errors
– Famous example: Utility billing software:
• Customer pays early – software credits account
• Customer pays late – software credits account, adds late fee
in for next bill
• Programmer forgot to consider customers who pay exactly
on time – their payments were never credited at all!
9-10
Security Issues: Threats
Errors & Accidents
• Electromechanical problems
– Mechanical systems wear out
– Power failures shut down computers unless you have
battery backup
– Using cellphones and Blackberries while driving can
cause people to crash
• Dirty data problems
– Incomplete, updated, or inaccurate data
– Check your records – medical, school, and credit to
make sure they are accurate
• Natural hazards can lead to disasters
9-11
Security Issues: Threats
Computer Crimes
• Two types of computer crime
– It can be an illegal act perpetrated against
computers or telecommunications
– It can be the use of computers or
telecommunications to accomplish an illegal
act
9-12
Security Issues: Threats
Computer Crimes
•
•
•
•
•
•
•
•
•
Theft of hardware
Theft of software
Theft of online music and videos
Theft of time and services
Theft of information
Internet-related fraud
Taking over your PC
Crimes of malice
Computer criminals
9-13
Security Issues: Threats
Computer Crimes
• Theft of hardware can range from
– Shoplifting an item from a computer store
– Stealing an entire PC or laptop
• Theft of software
– Pirated software is software obtained illegally
– This includes “softlifting” - buying one copy of the
software and using it on multiple computers
– Software makers have prosecuted both
companies and individuals including students for
software piracy
9-14
Security Issues: Threats
Computer Crimes
• Theft of online music and movies
– Entertainment industry takes this seriously
and prosecutes offenders
– Stealing music
• Illegal file swapping services
• Damages can be up to $150,000 per song
– Stealing movies
• The film industry has taken aggressive aim at
pirated movies
• 11-nation crackdown announced in 2005
9-15
Security Issues: Threats
Computer Crimes
• Theft of time and services
– Theft of computer time at work
• Surfing or playing games when you should be working
• Some employees violate policy by conducting personal
business online such as online auctions from work
• Most employers have policies against viewing X-rated
web sites at work
– Theft of phone services
• Phone phreaks use company phone systems to make
“free” unauthorized long distance calls
• Why break the law, when you can get free long
distance over the internet using skype www.skype.com
9-16
Security Issues: Threats
Computer Crimes
• Theft of Information
– A common crime today
– Can include theft of personal information, medical
information, or credit card and financial information
– Legislation to make it a crime to steal someone’s
identity was the 1998 Identity Theft and Assumption
Deterrence Act
– The U.S. Department of Justice discusses their
approach to this crime at
http://www.usdoj.gov/criminal/fraud/idtheft.html
– If you are a victim of identity theft, you may file a
report online at the Federal Trade Commission’s
website at
https://rn.ftc.gov/pls/dod/widtpubl$.startup?Z_ORG_CODE=PU03
9-17
Security Issues: Threats
Computer Crimes
• Internet-related Fraud
– Because it lends itself to anonymity, internetrelated fraud is becoming more common
– Well-known examples include:
• Nigerian letter scam
– Letter says you can get a lot of money out of Nigeria if
you pay a “money transfer fee” first
• Evil twin attacks
– A cracker sets up an attack computer as a duplicate
public access point in a public location
• Phishing
– Sending emails that appear to come from a trusted
source that links you to a website where you type in
personal information that is intercepted by the phisher
9-18
Security Issues: Threats
Computer Crimes
• Internet-related Fraud (continued)
– Pharming
• Malicious software is implanted in your computer that
directs you to an imposter web page
– Trojan horses
• A program such as a “free” online game or
screensaver that loads hidden programs that take
over your computer or cause mischief without your
knowledge
• For example, Windows users who install the phony
MSN Messenger Version 8 "beta" are actually
installing an IM worm that spreads to their IM
contacts, and connects their computer to a remote
control "bot" network run by malicious hackers
9-19
Security Issues: Threats
Computer Crimes
• Crimes of Malice: Crashing entire computer systems
– Sometimes criminals are more interested in vandalizing
systems than they are in gaining control of them
– In 2003, an entrepreneur with a grudge because he lost a
sale retaliated by shutting down the WeaKnees website
– Crackers regularly attempt to crash Microsoft’s website
– Security specialists monitor for possible cyber-attacks on
electrical and nuclear power plants, dams, and air traffic
control systems
– Crackers have attacked the internet too and brought down
large sections of it
9-20
Security Issues: Threats
Computer Crimes
• Computer criminals may include
– Individuals or small groups who
• Use fraudulent email and websites
• Steal peoples’ identities for monetary gains
• Show off their power for bragging rights
– Employees who
• Have a grudge against their current or former
employers
• Have a grudge against another employee
• Sell their company’s secrets for personal profit
– Outside partners and company suppliers
9-21
Security Issues: Threats
Computer Crimes
• Computer criminals may also include
–
–
–
–
Corporate spies
Enemy foreign intelligence services
Organized crime
Terrorists
• Computer criminals do not include your
employer, who is legally allowed to monitor the
computers at work
– Check your company’s computer usage policy
– Make sure you follow the rules
– Know that any data you store in the computer at work
– including emails – is company property
9-22
Security: Safeguarding
Computers & Communications
• Security is
– A system of safeguards for protecting information
technology against disasters, system failures, and
unauthorized access that can result in damage or loss
• Computer Security’s Five Components
–
–
–
–
–
Deterrence of computer crime
Identification and access
Encryption
Protection of software and data
Disaster recovery plans
9-23
Security: Safeguarding
Computers & Communications
• Deterrents to computer crime
– Enforcing laws
– CERT: The Computer Emergency Response Team
• Provides round-the-clock information on international
computer security threats
• The CERT website is www.cert.org
– For example, on December 15, 2005 announced a
partnership between the US and ictQatar, the Qatar
Supreme Council for Information and
Communications Technology, to conduct and
coordinate cybersecurity activities
– On December 13, 2005 CERT issued alert SA05347A documenting Windows Explorer vulnerabilities
9-24
Security: Safeguarding
Computers & Communications
• More deterrents to computer crimes
– Tools to fight fraudulent and unauthorized online uses
• Rule-based detection software
• Predictive-statistical-model software
• Employee internet management software
• Internet filtering software
• Electronic surveillance
– Verify legitimate right of access
• Use cards, keys, signatures, and badges
• Use PINs and passwords
• Use physical traits and personal identification
9-25
Security: Safeguarding
Computers & Communications
• Encryption
– The process of altering readable data into unreadable
form to prevent unauthorized access
– Advantage: encrypting data that is available over the
internet keeps thieves and crackers from reading it
• On Dec. 7, 2005, Guidance Software, a maker of Computer
Forensics software, informed their customers that criminals had
stolen their credit cards because Guidance had FAILED to encrypt a
database that was accessible over the internet
– Disadvantage: encrypting data may prevent lawenforcement officials from reading the data criminals are
sending to each other
Discussion Question: Does information privacy outweigh law enforcement’s needs to
track down and prosecute criminals? Should we all encrypt our information to
prevent crackers and criminals from stealing it?
9-26
Security: Safeguarding
Computers & Communications
• 4 ways to protect software & data
– Educate employees in backing up data, virus
protection, and not sharing passwords
– Control of access to restrict usage
– Audit controls to document who used what
programs and computers and when
– People controls include screening applicants,
background checks, monitoring internet,
email, and computer usage
9-27
Security: Safeguarding
Computers & Communications
• Disaster-recovery plans
– A method of restoring information-processing operations that
have been halted by destruction or accident
• Reinforced by 2001 World Trade Center attack
• Reinforced by company data losses incurred during 2005
Hurricane Katrina
– Plans range in price and complexity from
• Backing up data from disk to tape, CD, or zip disk, with a UPS
• Automatically storing data redundantly in two places, with a
generator
• Having an off-site computerized data storage center with
independent power supply
• Having a complete “hot” redundant data center that can instantly
be used if there is a disaster
More $$$
9-28
Kesimpulan
29
Related documents
Business Plan Scope Sheet - Cleveland Clinic Academy
Business Plan Scope Sheet - Cleveland Clinic Academy
How Cities Work - Urban Systems Collaborative
How Cities Work - Urban Systems Collaborative
Some studies have worked out that as many as 75%... crimes that are committed have alcohol misuse or drug abuse
Some studies have worked out that as many as 75%... crimes that are committed have alcohol misuse or drug abuse
Download
advertisement