Adam Capriola Risks of Computing 9/11/05 Many people don't recognize that along with ethics in the real world, we have ethics in the cyber world. There are rules and laws on the Internet just like there are rules and laws in the real world. When people are on the Internet, they feel like they are anonymous, and they do whatever they feel like. For example, when elementary and middle school students were polled, almost half of the students believed that hacking wasn't a crime. People just don't believe that there are rigid rules that apply to using the Internet. They don't think there are any consequences to their actions because no one knows who they are, and also because if anyone were to find out who they were, there is a great distance between where people live. They don't think they would be contacted or found. This lack of understanding the laws regarding the use of the Internet leads to a risk of computing for the unsuspecting everyday user of the information highway. Attackers (or hackers) on your computer can claim to have the same Internet protocol (IP) address as someone else. This is called IP spoofing. This would allow them to make illegal actions under the identity of someone else. This would allow them to do thing they shouldn't be doing and they would not be caught. Whoever the IP address belongs to could be accused of doing things they didn't do. The hacker could also take control of the user's console and that user would not know. This is called IP session hijacking. The user would just be logged off their system and be allowed to log back on, while in the meantime the hacker can go through their e-mail, run any programs, and steal information among other things. Computer users are also at risk to “unauthorized access” attacker. In these types of attacks, the hacker will use some resources on your computer that they should not have access to. One way the hacker does this is by executing commands illicitly. They could read your files and send e-mail to people under your name, which they should not be able to do. They could also do worse things, like changing your IP address and making your computer shut down every time it is booted up. Another type of unauthorized access attack is confidentiality breaches. Hackers can steal your information and use it against you. For example, if you are in a business, they could take some idea your company came up with, and sell it to one of your competitors. They could also steal some of your personal information and release it to the public. This could be very damaging to your reputation. Adam Capriola Risks of Computing 9/11/05 The last type of unauthorized access attack is destructive behavior. There are two types of this attack. “Data diddling” is when a hacker messes with data in your saved files. For example, they may change a few numbers around in your spreadsheet or change the numbers in your account for auto-depositing your paychecks. This attack is most likely not noticed right away, but when you do notice, the effects can be very damaging. If the hacker changed some numbers on your spreadsheet, how do you know which ones are right and which ones are wrong? The other type of destructive behavior attack is data destruction. This is when the attacker simply deletes your files. When this happens, it is very damaging, especially for a business. There is no way to recover the files and they are left with nothing. There are however ways to stay protected against hackers. One thing a computer user can do is make make backups of your files. Simply put your files onto a blank CD or a floppy disk so they are safe even if a hacker were to tamper with or delete all your files. They may be able to attack your computer, but they can't attack a CD, floppy disk, or any external memory device. This would keep your files safe in the event of an attack, or even if you were to have a hardware failure. You should also be sure not to leave your files in the open. Save them in a place not so easily found by an attacker. This decreases the chance that a hacker will do something malicious to your important files. If they cannot find your important data, they cannot harm your important data. This is a simple thing that many computers do not do. It is also important to avoid using systems with single points of failure, meaning if your computer has one flaw in its security, it is very vulnerable to attacks. Make sure that your security system can't be broken through one component. If you give a hacker an inch, they will take it a mile. A minor attack could escalate and become a disaster. You should make sure you update your system patches. Old bugs in the system can be exploited, and if you don't stay up to date with the current fixes, attackers will exploit the old bugs. They cannot attack the fixes as easily. This is a very simple and easy thing to help protect yourself, yet if you don't do this, it is a very simple and easy way for the attacker to break into your system. Firewalls are another thing that can protect you from hackers. Connecting to the Adam Capriola Risks of Computing 9/11/05 Internet provides two-way traffic, in and out of your computer. A firewall serves as a barrier and limits the traffic in and out of your computer. It can prevent a hacker from breaking into your system. Also, even if a hacker does break into your system, the firewall can prevent them from sending files from your computer. A firewall is a very important part to protecting your computer against attacks. However, if you set your modem to answer incoming calls, an attacker can sneak around your firewall. This gives them another entry point into your computer. You must protect your modem, too. The terminal sever, which provides access to your network must be logged and checked for suspicious activity. It's also important for you to have a good password; it shouldn't be easily guessed. There are devices which create one time six to eight digit passwords, so a hacker would never be able to guess the right password because it's ever changing. Routers now have built in encryption between specific routers. This keeps them safe so an attacker could not break into your system. The information is encrypted so they could not read it out get into your console. This provides a secure route between computers. Companies are also now using Virtual Private Networks. I uses the Internet to connect two different offices to each other. The only problem with this is that everyone on the network has access to everything, it isn't possible to provide specific information to one computer on the network. Hackers cannot break into a Virtual Private Network because the link is encrypted. There are numerous risks to computing and it is very important to be prepared for them. You have to watch out for hackers that can mimic your IP address, read your files, tamper with your files, and even delete your files. These risks are real, but if you are prepared you can safely utilize the Internet. Make sure you backup your files, keep your system updated, and have a firewall among other things to keep your computer safe. If you take all the necessary precautions, you will be at low risk to an attack, and you should be able to fully enjoy the Internet without the fear attackers. Bibliography: http://www.cerias.purdue.edu/education/k12/cerias_resources/files/infosec_newsletters/07cyberethics.php Adam Capriola Risks of Computing http://ethics.csc.ncsu.edu/ http://www.interhack.net/pubs/network-security/network-security.html 9/11/05