Computer Security Risks Definición: • Un riesgo de seguridad en computadoras es cualquier evento o acción que pueda causar pérdida o daño al hardware, software, datos, información, o capacidad de procesamiento. Computer crime • Cualquier acto ilegal que envuelva el uso de un sistema computadorizado • Cybercrime se refiere a actos ilegales llevados a cabo en linea o a través del internet Cybercrime • Hacker • Cracker • Corporate spy • Unethical employees • Cyberextortionist • Cyberterrorist Internet & Network attacks • Online security service – web site donde se evalua el computador para verificar la vulnerabilidad de este para Internet o e-mails Malware (malicious software) • Computer virus • Worms • Trojan horse • Back doors • spyware Safeguards • Firewalls • Intrusion Detection Software • honeypots Unauthorized Access and Use (Safeguards) • Identifying and Authenticating Users * user names & passwords * possessed objects * biometric devices Hardware Theft (safeguards) • Cables that lock the equipment to a desk Software Theft • Steals software media • Intentionally erases programs • Illegally copies Software Theft (safeguards) • License agreement • Character identification number Information Theft (safeguards) • Encryption Name Method Plaintext Ciphertext Transposition Switch the order of characters SOFTWARE OSTFAWER Expansion Insert characters between existing characters USER UYSYEYRY Substitution Replace characters with other characters INFORMATION WLDIMXQUWIL Compaction Remove characters and store elsewhere ACTIVATION ACIVTIN Information Theft (safeguards) • Digital certificates • Digital signature • Secure Sockets Layer (SSL) • Secure HTTP (S-HTTP) System Failure • Uninterruptible Power Supply (UPS) • Backup Wireless Security • • • • Firewalls Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) 802.11i network Computer Ethics • Guias morales que dirigen el uso de computadoras y de sistemas de información. • Areas de discusión: – – – – – – Uso no autorizado de computadoras y networks Piratería de software Derechos de propiedad intelectual Códigos de conducta Privacidad de la información Presición de la información Issue 1) A company requires employees to wear badges that track their whereabouts while at work. 2) A supervisor reads an employee’s e-mail. 3) An employee uses his computer at work to send e-mail messages to a friend. 4) An employee sends an e-mail message to several coworkers and blind copies his supervisor. 5) An employee forwards an e-mail message to a third party without permission from the sender. 6) An employee uses her computer at work to complete a homework assigment for school. 7) The vice president of your Student Government Association (SGA) downloads a photograph from the web and uses it in a flier recruiting SGA members. 8) A student copies text from the web and uses it in a research paper for his English Composition class. 9) An employee sends political campaign material to individuals on her employer’s mailing list. 10) As an employee in the registration office, you have access to student grades. You look up grades for your friends, so they do not have to wait for delivery of grades reports from the postal service. 11) An employee makes a copy of software and install it on her home computer. No one uses her home computer while she is at work, and she uses her home computer only to finish projects from work. 12) An employee who has been laid off install a computer virus on his employer’s computer. 13) A person designing a web page finds one on the web similar to his requirements, copies it, modifies it, and published it as his own web page. 14) A student researches using only the web to write a report. 15) In a society in which all transactions occur online (a cashless society), the government tracks every transaction you make and automatically deducts taxes from your bank account. 16) Someone copies a well-known novel to the web and encourages others to read it. Ethical Unethical Information Technology Code of Conduct 1) Computers may not be used to harm other people. 2) Employees may not interfere with others’ computer work. 3) Employees may not meddle in others’ computer files. 4) Computers may not be used to steal. 5) Computers may not be used to bear false witness. 6) Employees may not copy or use software illegally. 7) Employees may not use others’ computer resources without authorization. 8) Employees may not use others’ intellectual property as their own. 9) Employees shall consider the social impact of programs and systems they design. 10) Employees always should use computers in a way that demonstrates consideration and respect for fellows humans. Intellectual Property Rights • Are the rights to which creators are entitled for their work. • Copyright gives authors and artist exclusive rights to duplicate, publish, and sell their materials. Information Privacy • The right of individuals and companies to deny or restrict the collection and use of information about them. Techniques that companies and employers use to collect personal data • Electronic Profiles • Cookies • Spyware and Adware • Spam • Phishing Social Engineering • Is defined as gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims. Health Concerns of Computer Use • • • • • Repetitive strain injury (RSI) Computer vision syndrome (CVS) Ergonomics and Workplace Design Computer Addition Green computing Green Computing Suggestions • Use computers and devices that comply with the ENERGY STAR program. • Do not leave the computer running overnight • Turn off the monitor, printer, and other devices when not in use. • Use paperless methods to communicate. • Recycle paper. • Buy recycled paper. • Recycle toner cartridges. • Recycle old computers and printers. • Telecommute (save gas).