Transcript Crime and Security in the Networked Economy Part 4

Part 4
Crime and Security in
the Networked Economy
The Changing Face of Crime
• IT Crime
• IT Security
• Types of IT Crime
– Theft
– Fraud
– Copyright Infringement
– Attacks
TECHNOLOGY TRENDS & ETHICAL
ISSUES
• Computing Power Doubles Every 18
Months
• Advances In Data Storage
• Advances In Data Mining Techniques
• Advances In Telecommunications
Infrastructure
*
The Changing Face of Crime
• Types of IT Criminals
– Employees
– Outside Parties
• Hackers
– Organized Crime
• Counterfeit Products
• Intellectual Property Infringement
Risks to Information Systems
Human errors, accidents and omissions 50Ð80%
Human errors, accidents, and omissions 50-80%
Dishonest
employees
Dishonest
employees
1010Ð17%
-17%
Natural
disasters
10Ð15%
Natural
Disasters
10-15%
Disgruntled
employees
3Ð4%
Disgruntled
employees
3-4%
ater 2Ð3%
WaterW
2-3%
Outsiders
1Ð3%
Outsiders
1-3%
Source: Forcht, K.A, Computer Security Management, with the permission of
Course Technology, Inc. Copyright 1992 by Boyd and Fraser Publishing Co.
Figure 17.4 What
causes
damage to
ISs?
What
causes
damage
to IS?
Changing Nature of Crime
Aspect of Crime
Industrial
Economy (1950)
Networked
Economy (2000)
Location
Local
Remote
Impact
Low
High
Format
Physical
Electronic
Risk
High
Low
Types of IT Crime
• Theft of hardware, data or
information
– National Computer Registry
• Fraudulent use of IT
– Credit card fraud
– Investor fraud
– Medical and drug-related fraud
– Auction site fraud
Security
• Policies, protection, and tools to
safeguard hardware, software,
communication network, and data
from unauthorized access, alteration,
theft and physical damage.
Risks To Hardware
•
•
•
•
•
Hardware Failure
Natural Disasters
Blackouts and Brownouts
Vandalism
Theft
Risks To Application and Data
•
•
•
•
•
•
Software Failure
Theft
Alteration or Destruction
Computer Virus
Hacker
Mishap
– Training
Risks to Information Systems
CAUSE
Theft
Power Failure
Accidents
Miscellaneous Causes
Lightening
Fire
Transit
Water
Total
LOSSS IN
MILLIONS
NUMBERS
OF REPORTS
$1,011
$318
$246
$157
$86
$72
$53
$51
$1,994
275,000
389,000
276,000
269,000
91,000
19,000
54,000
34,000
1,407,000
Source: Software, The Insurance Agency, Inc., quoted in “1993 Computer
Losses,” MacWeek, Vol 8 No 36, September 12, 1994, p. 28.
Theft/Alteration of Information
• Secure Passwords
– Biometric Controls
• Data Entry Controls
• Audit Trails
• Separation of Duties
• Back-up copies
secured
• Shred Printouts
• Secure diskettes
Protection from Disasters
• Fault-tolerant Systems
– Extra hardware, software, and power supply
components that can back the system up and
keep it running.
• Back-up of Data
• Secure Area
• Battery Back-up
– UPS
Copyright Infringement
•
•
•
•
Software Piracy
Business Software Alliance
1980 Software Copyright Act
1997 No Electronic Theft Act
(NET)
Copyright Infringement
• Music Piracy
• Motion Picture
Experts Group
• MPEG version 3
• MP3 Rio Player
• NET Act Coverage
Computer Virus
• Software Program that spreads
through system destroying data and
Operating System.
–
–
–
–
–
Scan Disks with Current Antivirus Program
Know Origin of Software
Don’t Copy
Anti-Virus
Watch Downloads
Passwords for Access
Virus Generation Process
Virus is Created
at Terminal or PC
Virus is Transmitted to Other
Computers via Network or Disk
Virus Replicates
Itself on
New Computers,
Taking Over
Main Memory
Virus Sends Copies of Itself
over Network or on Disk
to More Computers
•
•
•
•
•
•
VIRUS Attacks
Worm
Trojan Horse
Time Bomb
Logic Bomb
Trapdoor
Attacks on Web and E-mail
Servers
Information Technology Security
• Threats to the Computer
–Physical Security
• Controlled Access
–Data Security
• Backups
–Internet Security
Information Technology Security
• Surge Protection
• Uninterruptible Power Supplies
(UPS)
• Password Policy and Use
• Personal Identification Number
(PIN)
• System Audit Software
HACKER
• Person who gains unauthorized access to
a computer network for profit, criminal
mischief, or personal pleasure.
–
–
–
–
Passwords
Callback
Firewall
Encryption
Data Encryption Systems
• Plaintext
–Ciphertext
–Public Key Encryption
Systems
–Private Key
Types of IT Crime
Secure Electronic Transmission (SET)
Purchase
is Requested
Transaction
is Approved
SET Encryption
Request is Sent to
E-commerce Server
Merchant
Sends Record
to Bank
Bank Credits
Merchant’s Account
E-Commerce Server
Verifies Transaction
Encrypting Communications Increases
Security
Plain Text
LetÕ
s meet at
11pm at the
regular place
Encrypted Message
encryption
@#$%^&*)(hJKgfSed
%$dE?><:Ó{><?V
Decrypted Message
decryption
Figure 17.10 Encrypting communications increases security.
LetÕ
s meet at
11pm at the
regular place
Firewalls
• Software to separate users from computing
resources.
• Allows retrieval and viewing of certain material,
but blocks attempts to make any changes in the
information or to access data that reside on the
same computer.
• They are also used to keep unauthorized
software away.
Firewall Around Network
Internet Security
• 4 Basic Firewall Actions
– Packet can be dropped entirely
– Alert network administrator
– Return failed message to sender
– Action can be logged only