Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Chapter 10

advertisement 
Chapter 10
Computer Security
Professor Michael J. Losacco
CIS 1110 – Using Computers
Overview
Chapter
10
Describe Types of Security Risks
Identify Safeguards Against Risks
Explain Encryption
Discuss System Failure Prevention
Recognize Ethical Issues
Discuss Health-related Disorders
2/44
Security Risks
Chapter
10
Action that Causes
Loss of Data
Damage to Computer System
Cybercrime
Online or Internet-based Illegal Act
Malware
Short for Malicious Software
Designed to Damage or Disrupt System
3/44
Security Risks
Chapter
10
Hacker
Person Who Breaches Network Security
Cracker
Person Who Illegally Modifies Software
Script Kiddies
Use Programs Developed by Others
Attack Computer Systems & Networks
4/44
Security Risks
Chapter
10
Corporate Spies
Unethical Employess
Cyberextortionists
Cyberterrorists
Cyberespionage
Government Body & Agency Incidents
Zero-day Exploits
Attack Based on Known Vulnerability
No Patch or Fix Exists
5/44
Internet & Network Attacks
Chapter
10
Virus
Code from Outside Source
Implants Itself in Computer
Ability to Replicate & Distribute Itself
Activation
Opening Infected File
Payload
Event that Transpires when Virus Executes
6/44
Internet & Network Attacks
Chapter
10
Worm
Copies Itself Repeatedly
Uses Up Resources
Possibly Shuts Down Network
Trojan Horse
Hides in Legitimate Program
Captures Logon Keystrokes
Redirects to Counterfeit Site
7/44
Internet & Network Attacks
Chapter
10
Denial of Service (DoS)
Designed to Make Network Unusable
Flooding it With Useless Traffic
Disrupts Access to Internet or Email
Rootkit
Hides in Computer
Activated Before OS Completely Loads
Remote Takes Full Control of Computer
8/44
Internet & Network Attacks
Chapter
10
Botnet
Group of Compromised Computers
Connected to a Network
Zombie or Bot
Compromised Computer
Steal Identities, Customer & Employee Data
Packet Sniffer
Captures Data Traversing a Network
9/44
Internet & Network Attacks
Chapter
10
Back Door
Secret Code in Program
Bypasses Security when Accessing Computer
Spoofing
Network or Internet Transmission
Appear as Legitimate to Victim
RAM Scraper
Capture Data from Volatile Memory
10/44
Internet & Network Attacks
Chapter
10
SQL Injection
Exploit how Web Pages Communicate
With Back-end Databases
Social Engineering
Attacker Invents Scenario
Persuade, Manipulate, or Trick Target
Perform an Action or Divulge Information
11/44
Internet & Network Attacks
Chapter
10
Brute-force Attack
Automated Process
Iterating Possible Username/Password
Car Hacking
Decrypt RFID Key Fobs
Beckham – 2 $180K BMWs
12/44
Internet & Network Attacks
Chapter
10
Prevention
Antivirus
Detects & Identifies Viruses
Looks for Signature
Specific Pattern of Virus Code
Inoculates Existing Program Files
Records File Size & Creation Date
Removes or Quarantines Viruses
Creates Rescue/Recovery Disk
13/44
Internet & Network Attacks
Chapter
10
Prevention
Firewall
Security System
Consists of Hardware and / or Software
Monitors Communication Ports
Informs You of Attempted Intrusion
14/44
Internet & Network Attacks
Chapter
10
Prevention
Intrusion Detection Software
Analyzes Network Traffic
Assesses System Vulnerabilities
Identifies Intrusions & Suspicious Behavior
Honeypot
Vulnerable Computer
Set Up to Entice Intruder to Break into it
15/44
Unauthorized Access & Use
Chapter
10
Access Control
Defines
Who Can Access a Computer
When They Can Access It
What Actions They Can Take
Two-phase Processes
Identification
Authentication
16/44
Unauthorized Access & Use
Chapter
10
Access Control
User Name
Unique Characters that Identifies User
Password
Private Characters Associated with User
Longer Passwords Provide Greater Security
Avoid the Obvious
Easy to Remember
Passphrase
CAPTCHA
Type Distorted Characters
17/44
Unauthorized Access & Use
Chapter
10
Possessed Object
Item That You Must Carry to Gain Access
Often Used with PIN
AKA Personal Identification Number
Numeric Password
18/44
Unauthorized Access & Use
Chapter
10
Biometric Device
Authenticates Identity
Uses Personal Characteristic
Signature
Voice
Fingerprint
Hand Geometry
Iris Verification
19/44
Unauthorized Access & Use
Chapter
10
Digital Forensics
Discovery
Collection
Analysis
Of Evidence Found on Computers
20/44
Hardware Theft & Vandalism
Chapter
10
Hardware Theft
Stealing Equipment
Vandalism
Defacing / Destroying Equipment
Security Methods
Alarm
Cable Lock
Possessed Object
Biometrics
21/44
Software Theft
Chapter
10
Steal Software Media
Intentionally Erase Programs
Illegally Copy a Program
Illegally Register a Program
Illegally Activate a Program
Security Method
Product Activation
Unique ID Required to Install Software
22/44
Information Theft
Chapter
10
Stolen Personal or Confidential Data
Encryption
Convert Readable Data into Unreadable
Used to Transmit Files Over Internet
Recipient Must Decrypt to Read Data
23/44
Information Theft
Chapter
10
Encryption Mechanics
24/44
Information Theft
Chapter
10
War Driving
Drive Vehicle Through Area
Detect Wireless Networks
Digital Signature
Encrypted Code
Attached to Electronic Message
Verifies Identity of Sender
Digital Certificate
Guarantees Site Legitimacy
25/44
Information Theft
Chapter
10
Transport Layer Security (TLS)
Protocol that Guarantees Privacy
Between Client/Server Apps on Internet
S-HTTP
HTTP Extension
Support Sending Data Securely over Web
26/44
Information Theft
Chapter
10
Data Loss
http://www.privacyrights.org/data-breach
Organization
Event
What
# Records
Monster.com
Hack
Job Seeker Data
UCLA
Hack
Student/Faculty Data
800,000
Digital River
Hack
India, $500,000
200,000
Boston Globe
Printouts as Wrapping
Subscriber Data
240,000
Circuit City
Lost Credit Card Tapes
Customer Data
2,100,000
Dept Veteran Affairs
Stolen from Home
Veterans Data
26,500,000
1,300,000
27/44
System Failure
Chapter
10
Prolonged Malfunction of Computer
Aging Hardware
Natural Disasters
Electrical Power Problems
Noise
Unwanted Electrical Signal
Undervoltage
Drop in Electrical Supply
Overvoltage (Power Surge, Spike)
Significant Increase in Electrical Power
28/44
System Failure
Chapter
10
Surge Protector
Protects Against Power Disturbances
Uninterruptible Power Supply (UPS)
Provides Short-term Power
29/44
Backup
Chapter
10
Duplicate of File, Program, or Disk
Full Backup
All Files in Computer
Selective Backup
Select Which Files to Back Up
Restore
Copy Files Back to Original Location
Stored Offsite
30/44
Health Concerns
Chapter
10
CVS (Computer Vision Syndrome)
Eye & Vision Problems
RSI (Repetitive Strain Injury)
Carpal Tunnel Syndrome
Nerve Inflammation
Forearm to Palm
Tendonitis
Tendon Inflammation
Repeated Motion
31/44
Health Concerns
Chapter
10
Ergonomics
Workplace Comfort, Efficiency, & Safety
keyboard height:
23” to 28”
elbows at 90° and
arms and hands
parallel to floor
adjustable seat
adjustable height
chair with 4 or 5
legs for stability
feet flat on floor
32/44
Health Concerns
Chapter
10
Computer Addiction
Computer Consumes Entire Social Life
Symptoms
Craves Computer Time
Unable to Stop Computer Activity
Irritable When Not at Computer
Neglects Family & Friends
33/44
Ethics & Society
Chapter
10
Computer Ethics
Moral Guidelines
Govern Use of Computers & Systems
Information Accuracy
Not All Web Information is Correct
34/44
Ethics & Society
Chapter
10
Copyright
Set Of Exclusive Rights
Granted to Author of an Original Work
Includes Right to Copy, Distribute, Adapt
Intellectual Property Rights
Rights for Creators of Their Work
35/44
Ethics & Society
Chapter
10
IT Code of Conduct
Written Guideline
Determines Ethical Computer Action
Employers Distribute to Employees
36/44
Ethics & Society
Chapter
10
Green Computing
Reduce Computer Electricity
U.S. Servers Consume 1.2% of Electricity
Reduce Environmental Waste
37/44
Information Privacy
Chapter
10
Restrict Right to Collect Personal Data
Difficult to Maintain
Data is Stored Online
Electronic Profiling
Online Data Collected
Fill Out Form or Click Advertisement
Employee Monitoring
Observe Employee Computer Use
38/44
Information Privacy
Chapter
10
Content Filtering
Restrict Access to Certain Material
ICRA (Internet Content Rating Assoc)
Provides Rating System of Web Content
Web Filtering Software
Restricts Access to Specified Sites
39/44
Information Privacy
Chapter
10
Cookie
Small File on Your Computer
User Preferences
Passwords
How Regularly You Visit Web Sites
Target Advertisements
Some Sites Sell / Trade Cookie Data
Browser Settings
Specify Sites You Will Accept Cookies From
40/44
Information Privacy
Chapter
10
Chip Implants (FDA Approved 2004)
Size of a Grain of Rice
ID
Medical History (1000+ Mexican Patients)
Secure Access (Mexico)
Access to VIP Areas (Barcelona Nightclub)
“Mark of the Beast” (Virginia)
41/44
Information Privacy
Chapter
10
Spam
Unsolicited Email Messages
Internet Junk Mail
90.5% of All Email in September 08
eWeek 11/08
Email Filtering
Blocks Emails from Designated Sources
Collects Spam in Central Location
Anti-spam Program
Remove Spam Before Reaching Inbox
42/44
Information Privacy
Chapter
10
Spyware
Placed Without User's Knowledge
Result of Installing New Program
Secretly Collects Information About User
Adware
Shows Ads in Lieu of Payment
43/44
Information Privacy
Chapter
10
Phishing
Perpetrator Sends Official Looking Email
Obtain Personal & Financial Information
Pharming
Obtain Personal & Financial Information
Via Spoofing
ShadowCrew
Buy/Sell CC#, Identities, Security Holes
Recruit Hackers
4,000 Criminals Participating
44/44
Related documents
AIS-IN01_Raj_Bharaj_Computer_Crime
AIS-IN01_Raj_Bharaj_Computer_Crime
Cryptography and Network Security Chapter 1
Cryptography and Network Security Chapter 1
Protecting Your Identity
Protecting Your Identity
Cryptography and Network Security 4/e
Cryptography and Network Security 4/e
Download
advertisement