Transcript Slide 1

Mudji Rachmat Ramelan
[email protected]
 Formal
 MBA, on Information Technology, 2005 Meinders Business
School, Oklahoma City University, Oklahoma.
 B.Sc. Management. 1998. Marketing Management FE-UNILA
 Non Formal
 MCP (Microsoft Certified Professionals) on Windows 2000
Server and Windows 2000 Professional, Dbase III+
Programming, Paradox Programming, Novell Operating
System, CCNA, Oracle 8, Sun Thin Client
 Diving Certificate Scuba Diver 3 1 Star Diver CMAS / POSSI
 Short Course in internet Technology Prince of Songkha
University, Phuket Thailand
 Short Course Training on Information Technology Develop
ment at Kunsan Vocational Training Institute, South Korea
 Short course for INHERENT administrator, ITB, Bandung
 (1999 – now) Lecturer at Management Department, FE UNILA
 (1996) Network Administrator Buletin Board Service - UNILA
 (1999) TA at Medical Faculty, Sriwijaya University Palembang
 (1997-2000) Administrator Project for UNILA–LAMPUNG node on with
AI3 (Asia Internet Initiatives Interconnection)
(1999–2000) Network Design Team for (SIAKAD) UNILA
(1997–2002) IT Procurement Unit LPIU-DUE Project UNILA
(1996 – 2002) Network Design Team and IU UNILA BACKBONE
(2002 ) Procurement Unit for TPSDP–UNILA cooperation with BINUS
(Bina Nusantara), GUNADARMA, BUMIGORA University.
Task Force Inherent K2 Universitas Lampung 2006
Procurement IMHERE Project UNILA 2007 – 2008
PIC INHERENT Local Node UNILA 2006 - now
Koordinator BBS-Unilanet Pusat Pelayanan Internet PUSKOM UNILA –
July 2006 - now
 Sistem Informasi Manajemen
 E-Commerce
 Teknologi Informasi
 Pengantar Aplikasi Komputer
 Pemasaran International
 Internet and Intranet
 History and Function
 Email dan internet
 Browsing (if possible)
 Transfer File and File Saving
 Virus
This “telephone” has too many shortcomings to be seriously
considered as a means of communication. The device is inherently
of no value to us.
-Western Union internal memo, 1876
I think there is a world market for maybe five computers.
-Thomas Watson, chairman of IBM, 1943
But what [is a microchip] good for?
-Engineer at the Advanced Computing
Systems Division of IBM, 1968
There is no reason anyone would want a computer in their home.
-Ken Olson, president, chairman, and founder
of Digital Equipment Corp., 1977
640K ought to be enough for anybody.
-Attributed to Bill Gates, chairman of Microsoft, 1981
Dell has a great business model, but that dog won’t scale.
-John Shoemaker, head of Sun’s server division, 2000
Internet and Intranet
 Internet
 International network of network that are
commercial (private) and publicly owned,
connecting thousands of different network
from more 200 countries around the world.
(Managing digital Firm Page 17, K.C
Internet and Intranet
 Intranet
 An internal network based on internet and
World Wide Web Standards (Managing
digital Firm Page 24, K.C Laudon)
 Extranet
 Private Intranet that is accessible to
authorized outsiders. (Managing digital Firm
Page 24,
K.C Laudon)
Internet Map
 Internet map:
Internet History
1836 Telegraph, Patented.
1858-1866 Transatlantic cable. Europe and US
1876 Telephone by Alexander Graham Bell
1957 Sputnik launch (USSR), Advanced Research Projects
Agency (ARPA) Inside US DoD
1962 - 1968 Packet-switching (PS) networks initiate as
foundation of data transfer in internet
1969 the birth of ARPANET by DoD
1971 ARPANET expanded to 15 nodes (23 host), email were
1972 the first public demonstration of ARPANET connecting 40
host, Telnet were introduce
Internet History (con’t)
 The first International connection of ARPANET to University
College of London (England) and Royal Radar
Establishment (Norway)
 Ethernet and FTP (file transfer protocol) format were initiate,
the idea of internet emerged.
 TCP (Transmission Control Program) used as standard in
ARPANET network
 Telenet, commercial version of ARPANET launched.
 Networking networks expanding.
 UUCP (Unix-to-Unix CoPy) created by AT&T Bell Labs and
distributed together with UNIX
 UNIX as operating system still used until now.
Internet History (con’t)
 E-mail become more popular
 Internet became reality with 100 connected host.
 THEORYNET became the fist network that provide
email to more than 100 researcher.
 Email format and specifications became standard
 Public demonstration of ARPANET/Packet Radio Net/
SATNET Internet protocols through gateways.
 News Groups introduced
 USENET created with UUCP and still used until today
 ARPA created Internet Configuration Control Board.
Internet History (con’t)
 Various private and commercial network started to
combine and connected.
 BITNET ("Because It's Time NETwork”) started as first
cooperative network at City University (New York) with
first connection to Yale University
 TCP/IP (Transmission Control Protocol (TCP) dan Internet
Protocol (IP) ), became future data communication
 Internet became bigger and bigger
 Name server created, host naming with alphabet
characters started.
 Internet Activities Board (IAB) created replacing ICCB
 Berkeley Labs launch UNIX 4.2BSD with TCP/IP
Internet History (con’t)
 Host connected reach 1000 hosts
 Domain Name Server (DNS) implemented, host naming
become less complicated 123.456.789.10 =
 Internet power become reality with 5000 host connected
and 241 news groups.
 Network News Transfer Protocol (NNTP) created.
 Internet commercialization, host number increased to
 UUNET established provided commercial UUCP and
Usenet access.
Internet History (con’t)
 Introduction of Internet Relay Chat (IRC)
 Host increase to 100,000 hosts.
 The first relay between commercial email and internet
 Internet Engineering Task Force (IETF) and Internet
Research Task Force (IRTF) established under IAB
 Host increase to 300,000 Hosts and 1,000 News
 ARPANET existence decrease
 The World ( the first company that
provide internet service through dial up
Internet History (con’t)
 Friendly User Interface ke WWW created.
 Gopher created by Paul Lindner and Mark P. McCahill from
university of Minnesota.
 World-Wide Web (WWW) standard established by CERN;
Tim Berners-Lee
 Multimedia change the face of internet
 Host number increase to 1 million, News groups reach
 Established of Internet Society (ISOC)
 The first MBONE audio multicast (March) dan video
multicast (November).
 "Surfing the Internet" introduced by by Jean Armour Polly.
Internet History (con’t)
WWW revolution, 2 Million hosts and 600 WWW sites.
Business and Media really take notice of the Internet.
White house and United Nations on-line.
Mosaic popularity in internet as front end for WWW
evolved to Netscape the most popular WWW browser at
that time.
 Internet commercialization started, 3 million host10.000
www sites and 10.00 newsgroup
 ARPANET/Internet 25th year anniversary.
 Local community started to connect directly to internet,
US senate start to give information server access.
 Internet Became life standard, the first Cyberbank opened
Internet History (con’t)
 6.5 Million Hosts, 100,000 WWW Sites.
 dial-up systems (by Compuserve, America Online, Prodigy)
selling internet access
 Domain name registration is not free any more.
 Search Engine technology introduced.
 Microsoft entering internet business, 12.8 Million hosts and
0.5 million WWW sites.
 Telephone Technology through internet (VO-IP) became
threat to telecommunication industry, they plead to US senate
to banned this technology. (US Senate only banned this
technology only for 1 year)
 WWW wars between netscape dan microsoft started.
September 2002
The Internet Reached Two
Important Milestones:
200,000,000 IP Hosts
> 840,000,000 Users
Internet Growth Trends
 2005
 The sky is the limits
 Use search engine to find more
Domain Name
 INTERNET naming based on TCP/IP protocol
 IP (Internet Protocol)
 Based on 4 column between 0 and 255 and each column
separated by dot.
This technology called IPv4 (Internet Protocol
Version 4)
Domain Name
 IP address management in the world being distributed
and manage by InterNIC where it will distributed to ISP
(Internet Service Provider),
 ISP will distributed to its user and customer.
 DNS (domain name system) used to give flexibility to
translate ip address number to non number
 =
 =
Domain Name
 DNS concepts can be describe as
 1
. 2 .3.4
 4 = country code
= Indonesia
= United Kingdom
= United States
= Japan
= Australia
= Singapore
([email protected])
([email protected])
([email protected])
([email protected])
([email protected])
Domain Name
 1
. 2 .3.4
 .ac / the third column = institution type
.ac. = Academic
([email protected])
.edu.= Education
([email protected])
.mil.= militer
([email protected])
.com/co.= commercial ([email protected])
.gov/go. = government ([email protected])
.org / or = organization ([email protected])
.net. = Internet Service Provider ([email protected])
.tv. = television
Web = web provide company
Sch = school
Domain Name
 1
. 2 .3.4
 .unila / 2nd column = institution name
.itb.= Institut Teknologi Bandung
([email protected])
.ui. = Universitas Indonesia
([email protected])
.bppt. = BPPT
([email protected])
.ptme = PT. Metrodata Elektronik
([email protected])
.republika = Koran Republika ([email protected])
 Maiser. / 1st column = machine/host name/sub institution
 [email protected]  maiser = komputer mail server
 [email protected] cnrg = computer network research
 [email protected].edu  xxx = komputer xxx
 Format email
 [email protected]
 [email protected][email protected][email protected][email protected]
 Email reader
 Pine
 Outlook
 Netscape Messengger
 Eudora
 Pegasus
 dll
(unix environment)
(windows environment)
(windows environment)
(windows environment)
Main component of email
(carbon copy / tembusan)
(blind carbon copy / tembusan)
(isi subyek dari email)
(sisipan file)
Must verify eligibility for registration; only those in various
categories of air-travel-related entities may register.
Asia-Pacific region This is a TLD for companies, organizations, and individuals based
in the region of Asia, Australia, and the Pacific.
This is an open TLD; any person or entity is permitted to register;
however, registrations may be challenged later if they are not by
commercial entities in accordance with the domain's charter.
This is a TLD for websites in the Catalan language or related to
Catalan culture.
This is an open TLD; any person or entity is permitted to register.
The .coop TLD is limited to cooperatives as defined by the
Rochdale Principles.
The .edu TLD is limited to accredited postsecondary institutions
(nearly all 2 and 4-year colleges and universities in the U.S. and
increasingly overseas, e.g., Australia and China).
U.S. governmental The .gov TLD is limited to U.S. governmental entities and
agencies (mostly but not exclusively federal).
This is an open TLD; any person or entity is permitted to register.
U.S. military
mobile devices
.museum museums
individuals, by
The .int TLD is strictly limited to organizations, offices, and
programs which are endorsed by a treaty between two or
more nations.
The .jobs TLD is designed to be added after the names of
established companies with jobs to advertise. At this time,
owners of a "" domain are not permitted to post
jobs of third party employers.
The .mil TLD is limited to use by the U.S. military.
Must be used for mobile-compatible sites in accordance with
Must be verified as a legitimate museum.
This is an open TLD; any person or entity is permitted to
register; however, registrations may be challenged later if they
are not by individuals (or the owners of fictional characters) in
accordance with the domain's charter.
travel and tourism Must be verified as a legitimate travel-related entity.
industry related
This is an open TLD; any person or entity is permitted to
This is an open TLD; any person or entity is permitted to
Currently, .pro is reserved for licensed or certified lawyers,
accountants, physicians and engineers in France, Canada, UK
and the U.S. A professional seeking to register a .pro domain
must provide their registrar with the appropriate credentials.
Other top domain name trends 1
 Tuvalu and the Federated States of Micronesia, small island-states in the Pacific,
have partnered with VeriSign and FSM Telecommunications respectively, to sell
domain names using the .tv and .fm TLDs to television and radio stations.
.ad is a ccTLD for Andorra, but has recently been increasingly used by advertising
agencies or classified advertising.
.am is a ccTLD for Armenia, but is often used for AM radio stations, or for domain
hacks (such as
.dj is a ccTLD for Djibouti but is used for CD merchants and disc jockeys.
.je is a ccTLD for Jersey but is often used as a diminutive in Dutch (e.g. ""), as
"you" ("" = "search ye!"), or as "I" in French (e.g. "") .la is a ccTLD for
Laos but is marketed as the TLD for Los Angeles.
.li is a ccTLD for Liechtenstein but is marketed as the TLD for Long Island.
.lv is a ccTLD for Latvia but is also used to abbreviate Las Vegas or less frequently,
love. .ly is a ccTLD for Libya but is also used for words ending with suffix "ly".
Other top domain name trends 2
 .sc is a ccTLD for Seychelles but is often used as .Source
 .sh is a ccTLD for Saint Helena, but is also sometimes used for entities connected to
the German Bundesland of Schleswig-Holstein.
.si is a ccTLD for Slovenia, but is also used by Hispanic sites as "yes" ("sí"). Mexican
mayor candidate Jorge Arana, for example, had his web site registered as (i.e. "Jorge Arana, sí", meaning Jorge Arana, yes").
.sr is a ccTLD for Suriname but is marketed as being for "seniors".
.st is a ccTLD for São Tomé and Príncipe but is being marketed worldwide as an
abbreviation for various things including "street".
.tk is a ccTLD for Tokelau but is bought by someone and given away at page
.tm is a ccTLD for Turkmenistan but it can be used as "Trade Mark"
.to is a ccTLD for Tonga but is often used as the English word "to", like ""; also is
marketed as the TLD for Toronto.
.tv is a ccTLD for Tuvalu but it is used for the television ("TV") / entertainment
industry purposes.
.vg is a ccTLD for British Virgin Islands but is sometimes used to abbreviate Video
Other top domain name trends 3
 .vu is a ccTLD for Vanuatu but means "seen" in French as well as an
abbreviation for the English language word "view".
.ws is a ccTLD for Samoa (earlier Western Samoa), but is marketed as
.md is a ccTLD for Moldova, but is marketed to the medical industry (as in
"medical domain" or "medical doctor").
.me is a ccTLD for Montenegro, and is recently opened to individuals.
.ms is a ccTLD for Montserrat, but is also used by Microsoft for such
projects as
.mu is a ccTLD for Mauritius, but is used within the music industry.
.ni is a ccTLD for Nicaragua, but is occasionally adopted by companies
from Northern Ireland, particularly to distinguish from the more usual
.uk within all parts of the United Kingdom
.nu is a ccTLD for Niue but marketed as resembling "new" in English and
"now" in Scandinavian/Dutch. Also meaning "nude" in French/Portuguese.
.pr is a ccTLD for Puerto Rico, but can be used in the meaning of "Public
Internet Value
Business Use of the Internet
Internet connectivity
 Broadband
 Speedy (Indonesia)
 (US)
 Dial Up
 Telkomnet Instant
 Netzero (US)
 Wireless Lan
 2.4 Ghz
 5.x Ghz
 Fiber Optic
 Mobile
 Telkomsel Flash
 Indosat
 Virgin Mobile
 AT&T
 PRICING !!!!
Metcalfe’s Law
 The usefulness, or utility, of a network equals the
square of the number of users
 The more users on a network, the more useful
it becomes
 Until critical mass is reached, a change in technology
only affects the technology
 Once critical mass is attained, social, political, and
economic systems change
 Example: The Internet is growing exponentially. We can
expect more value, for less cost, virtually every time we
log on.
Broadband Internet Trend
South Korea (95%)
Singapore (88%)
Netherlands (85%)
Denmark (82%)
Taiwan (81%)
Hong Kong (81%)
Israel (77%)
Switzerland (76%)
Canada (76%)
Norway (75%)
Australia (72%)
Finland (69%)
France (68%)
United Kingdom (67%)
United Arab Emirates
Japan (64%)
Sweden (63%)
Estonia (62%)
Belgium (62%)
USA (60%)
Source :
Internet Population (in million)
Internet Growth Trends
1977: 111 hosts on Internet
1981: 213 hosts
1983: 562 hosts
1984: 1,000 hosts
1986: 5,000 hosts
1987: 10,000 hosts
1989: 100,000 hosts
1992: 1,000,000 hosts
2001: 150 – 175 million hosts
2002: over 200 million hosts
By 2010, about 80% of the planet will be on the
Internet Application
E-Commerce Matrix
E-commerce sites component
 Shopping cart Website
 Security
 Payment
 E-commerce sites
Waseda University e-gov rank
Waseda University e-gov rank
 (Taiwan)
 (Singapore)
 (Singopore)
 (USA)
 Indonesia Higher Education Network
 Pertama kalinya Indonesia mempunyai jaringan
riset dan pendidikan
 Agustus 2006
 Jaringan sejenis di negara lain
Singapore : SINGAREN (
Australia : AARNET (
China : CERNET (
Europe : GEANT (
Asia : TEIN2 (
Tingkatan jaringan (network)
– Stm 1 : 155 Mbps
– 4E1: 8 Mbps
– 1E1 : 2 Mbps
– 1 Mbps :
Konfigurasi INHERENT 2006 (Jilid 1)
Jejaring Pendidikan Nasional
 Sekitar Juli 2006
 Kategori dan Fungsi utama JARDIKNAS :
 JARDIKNAS Kantor Dinas/Institusi
Transaksi data online SIM Pendidikan
 JARDIKNAS Perguruan Tinggi
Riset dan Pengembangan IPTEKS
Akses Informasi dan E-Learning
 JARDIKNAS Guru dan Siswa
Akses Informasi dan Interaksi Komunitas
Media Koneksi dan Network Jardiknas
Zona Kantor
Zona Sekolah
Zona Guru
dan Siswa
Serat Optik
dan Satelit
Serat Optik,
Wireline dan
Wireless dan
Seluler dan
2 Mbps s/d
155 Mbps
256 Kbps s/d
2 Mbps
64 Kbps s/d
1 Mbps.
32 Kbps s/d
384 Kbps
dan VSAT
Leased Line
ADSL dan
Wireless 2.4
Node Tersambung JARDIKNAS akhir 2007
(Keynote Speech, By, H. E. Prof. Dr. Bambang Sudibyo, MBA., Minister of National Education, Republic of Indonesia, In Microsoft Government Leader Forum (MGLF), Asia Pacific
2008, Jakarta, 8 May 2008)
 Sampai akhir 2007
 865 nodes (OfficeNet)
 10.000 nodes (SchoolNet)
 83 perguruan tinggi negeri
 200 perguruan tinggi swasta
 36 unit belajar jarak jauh Universitas Terbuka
Jardiknas Lampung
Jaringan FO Unila
Pemanfaatan INHERENT
 Video Conference
 IPv6
 Peningkatan Content Pembelajaran
 Grid Computing
Beberapa Situs Content INHERENT
8. 15.
inherent.wijayakusumasb 11.
 2006
 INHERENT 33.702.749.722,00
 Total 68.730.814.722,00
 2007
 INHERENT ……….?
 Total ……..?
 Implemented on
 Garuda, bank mandiri, BII, BNI, Telkom, FIF, SQP Indonesia,
Citibank, IBM Indonesia
 November 2006 18.431 employee, on October 2007 16.733 employee
already use E-learning program
 The number will be higher than stated mostly because one
employee can attend several modules repeatedly
 Courseware (Content) 8.1 M Rp.
69 course
269 module, 167 hours
 Efficiency approx. 64 M Rp. On transportation, pocket money,
consumption and accommodation
E-learning case studies
 Employee Competency
 BII Portal Corporate University (open source) as knowledge
management system
CMS (content management system based)
LMS (learning management system) implementation (open source)
0.1% development cost from total training budget’
Upgrading hardware performance, creating teaching module
Created module (mandate module for employee)
Know your customer – anti money laundering
Operational risk management
Product knowledge and service quality
Target 70 hours on e-learning
Target to cover 6.305 employee estimate
Traditional methods can only covering 2.000 employee a year
With e-learning all 6.305 employee can be covered in one year
85% cost reduction
E-learning case studies
 FIF (Federal International Finance)
 Traditional methods
every fresh employee must take Basic mentality module
Target for 2.500 employee at a 650 M Rp.
6 days training
 New Methods
Converting traditional training to e-learning
3 days
2.500 employee at approx. 185 M Rp.
Efficiency at 72%
Internet Security
 Computer crime includes
 Unauthorized use, access, modification, or destruction
of hardware, software, data, or network resources
 The unauthorized release of information
 The unauthorized copying of software
 Denying an end user access to his/her own hardware,
software, data, or network resources
 Using or conspiring to use computer or network
resources illegally to obtain information or tangible
Cybercrime Protection Measures
 Hacking is
 The obsessive use of computers
 The unauthorized access and use of networked computer
 Electronic Breaking and Entering
 Hacking into a computer system and reading files, but
neither stealing nor damaging anything
 Cracker
 A malicious or criminal hacker who maintains knowledge
of the vulnerabilities found for
private advantage
Common Hacking Tactics
 Denial of Service
 Hammering a website’s equipment with too many requests for
 Clogging the system, slowing performance, or crashing the site
 Scans
 Widespread probes of the Internet to determine types of
computers, services, and connections
 Looking for weaknesses
 Sniffer
 Programs that search individual packets of data as they pass
through the Internet
 Capturing passwords or entire contents
 Spoofing
 Faking an e-mail address or Web page to trick users into passing
along critical information like passwords or credit card numbers
Common Hacking Tactics
 Trojan House
 A program that, unknown to the user, contains instructions that
exploit a known vulnerability in some software
Back Doors
 A hidden point of entry to be used in case the original entry point
is detected or blocked
Malicious Applets
 Tiny Java programs that misuse your computer’s resources, modify
files on the hard disk, send fake email, or steal passwords
War Dialing
 Programs that automatically dial thousands of telephone numbers
in search of a way in through a modem connection
Logic Bombs
 An instruction in a computer program that triggers a malicious act
Common Hacking Tactics
 Buffer Overflow
 Crashing or gaining control of a computer by sending too much
data to buffer memory
 Password Crackers
 Software that can guess passwords
 Social Engineering
 Gaining access to computer systems by talking unsuspecting
company employees out of valuable information, such as passwords
 Dumpster Diving
 Sifting through a company’s garbage to find information to help
break into their computers
Cyber Theft
 Many computer crimes involve the theft of money
 The majority are “inside jobs” that involve
unauthorized network entry and alternation of
computer databases to cover the tracks of the
employees involved
 Many attacks occur through the Internet
 Most companies don’t reveal that they have been
targets or victims of cybercrime
Unauthorized Use at Work
 Unauthorized use of computer systems and networks
is time and resource theft
 Doing private consulting
 Doing personal finances
 Playing video games
 Unauthorized use of the Internet or company networks
 Sniffers
 Used to monitor network traffic or capacity
 Find evidence of improper use
Internet Abuses in the Workplace
 General email abuses
 Unauthorized usage and access
 Copyright infringement/plagiarism
 Newsgroup postings
 Transmission of confidential data
 Pornography
 Hacking
 Non-work-related download/upload
 Leisure use of the Internet
 Use of external ISPs
 Moonlighting
Chapter 13 Security and Ethical Challenges
Software Piracy
 Software Piracy
 Unauthorized copying of computer programs
 Licensing
 Purchasing software is really a payment
for a license for fair use
 Site license allows a certain number of copies
A third of the software
industry’s revenues are
lost to piracy
Chapter 13 Security and Ethical Challenges
Theft of Intellectual Property
 Intellectual Property
 Copyrighted material
 Includes such things as music, videos, images, articles,
books, and software
 Copyright Infringement is Illegal
 Peer-to-peer networking techniques have made it easy
to trade pirated intellectual property
 Publishers Offer Inexpensive Online Music
 Illegal downloading of music and video is
down and continues to drop
Chapter 13 Security and Ethical Challenges
Viruses and Worms
 A virus is a program that cannot work without being
inserted into another program
 A worm can run unaided
 These programs copy annoying or destructive routines
into networked computers
 Copy routines spread the virus
 Commonly transmitted through
 The Internet and online services
 Email and file attachments
 Disks from contaminated computers
 Shareware
Chapter 13 Security and Ethical Challenges
Top Five Virus Families of all Time
 My Doom, 2004
 Spread via email and over Kazaa file-sharing network
 Installs a back door on infected computers
 Infected email poses as returned message or one that can’t be opened
correctly, urging recipient to click on attachment
 Opens up TCP ports that stay open even after termination of the
 Upon execution, a copy of Notepad is opened, filled with nonsense
 Netsky, 2004
 Mass-mailing worm that spreads by emailing itself to all email
addresses found on infected computers
 Tries to spread via peer-to-peer file sharing by copying itself into the
shared folder
 It renames itself to pose as one of 26 other common files along the
Top Five Virus Families of all Time
 SoBig, 2004
 Mass-mailing email worm that arrives as
an attachment
 Examples: Movie_0074.mpg.pif, Document003.pif
 Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for
email addresses to which it can send itself
 Also attempts to download updates for itself
 Klez, 2002
 A mass-mailing email worm that arrives with a randomly named
 Exploits a known vulnerability in MS Outlook to auto-execute on
unpatched clients
 Tries to disable virus scanners and then copy itself to all local and
networked drives with a random file name
 Deletes all files on the infected machine and any mapped network
drives on the 13th of all even-numbered months
Top Five Virus Families of all Time
 Sasser, 2004
 Exploits a Microsoft vulnerability to spread from computer to
computer with no user intervention
 Spawns multiple threads that scan local subnets for vulnerabilities
The Cost of Viruses, Trojans,
 Cost of the top five virus families
 Nearly 115 million computers in 200 countries were
infected in 2004
 Up to 11 million computers are believed to
be permanently infected
 In 2004, total economic damage from virus proliferation
was $166 to $202 billion
 Average damage per computer is between
$277 and $366
Adware and Spyware
 Adware
 Software that purports to serve a useful purpose, and
often does
 Allows advertisers to display pop-up and banner ads
without the consent of the computer users
 Spyware
 Adware that uses an Internet connection in the
background, without the user’s permission
or knowledge
 Captures information about the user and sends it over
the Internet
Spyware Problems
 Spyware can steal private information and also
 Add advertising links to Web pages
 Redirect affiliate payments
 Change a users home page and search settings
 Make a modem randomly call premium-rate phone
 Leave security holes that let Trojans in
 Degrade system performance
 Removal programs are often not completely successful in
eliminating spyware
Privacy Issues
 The power of information technology to store and
retrieve information can have a negative effect on
every individual’s right to privacy
 Personal information is collected with every
visit to a Web site
 Confidential information stored by credit
bureaus, credit card companies, and the government has
been stolen or misused
Opt-in Versus Opt-out
 Opt-In
 You explicitly consent to allow data to be compiled
about you
 This is the default in Europe
 Opt-Out
 Data can be compiled about you unless you specifically
request it not be
 This is the default in the U.S.
Privacy Issues
 Violation of Privacy
 Accessing individuals’ private email conversations and
computer records
 Collecting and sharing information about individuals gained
from their visits to Internet websites
 Computer Monitoring
 Always knowing where a person is
 Mobile and paging services are becoming more closely
associated with people than with places
 Computer Matching
 Using customer information gained from many sources to
market additional business services
 Unauthorized Access of Personal Files
 Collecting telephone numbers, email addresses, credit card
numbers, and other information to build customer profiles
Protecting Your Privacy on the
 There are multiple ways to protect your privacy
 Encrypt email
 Send newsgroup postings through anonymous remailers
 Ask your ISP not to sell your name and information to
mailing list providers and
other marketers
 Don’t reveal personal data and interests on
online service and website user profiles
Privacy Laws
 Electronic Communications Privacy Act
and Computer Fraud and Abuse Act
 Prohibit intercepting data communications messages, stealing or
destroying data, or trespassing in federal-related computer systems
 U.S. Computer Matching and Privacy Act
 Regulates the matching of data held in federal agency files to verify
eligibility for federal programs
 Other laws impacting privacy and how
much a company spends on compliance
 Sarbanes-Oxley
 Health Insurance Portability and Accountability Act (HIPAA)
 Gramm-Leach-Bliley
 USA Patriot Act
 California Security Breach Law
 Securities and Exchange Commission rule 17a-4
Chapter 13 Security and Ethical Challenges
Computer Libel and Censorship
 The opposite side of the privacy debate…
 Freedom of information, speech, and press
 Biggest battlegrounds - bulletin boards, email boxes, and online
files of Internet and public networks
 Weapons used in this battle – spamming, flame mail, libel laws,
and censorship
 Spamming - Indiscriminate sending of unsolicited email
messages to many Internet users
 Flaming
 Sending extremely critical, derogatory, and often vulgar email
messages or newsgroup posting to other users on the Internet
or online services
 Especially prevalent on special-interest newsgroups
Chapter 13 Security and Ethical Challenges
 Laws intended to regulate activities over the Internet or via electronic
communication devices
 Encompasses a wide variety of legal and political issues
 Includes intellectual property, privacy, freedom of expression, and
 The intersection of technology and the law is controversial
 Some feel the Internet should not be regulated
 Encryption and cryptography make traditional form of regulation
 The Internet treats censorship as damage and simply routes around
 Cyberlaw only began to emerge in 1996
 Debate continues regarding the applicability of legal principles
derived from issues that had nothing to do with cyberspace
Chapter 13 Security and Ethical Challenges
Internetworked Security Defenses
 Encryption
 Data is transmitted in scrambled form
 It is unscrambled by computer systems for authorized
users only
 The most widely used method uses a pair of public and
private keys unique to each individual
Chapter 13 Security and Ethical Challenges
Internetworked Security Defenses
 Firewalls
 A gatekeeper system that protects a company’s intranets
and other computer networks from intrusion
 Provides a filter and safe transfer point for
access to/from the Internet and other networks
 Important for individuals who connect to the Internet
with DSL or cable modems
 Can deter hacking, but cannot prevent it
Chapter 13 Security and Ethical Challenges
Internet and Intranet Firewalls
Chapter 13 Security and Ethical Challenges
Denial of Service Attacks
 Denial of service attacks depend on three
layers of networked computer systems
 The victim’s website
 The victim’s Internet service provider
 Zombie or slave computers that have been
commandeered by the cybercriminals
Chapter 13 Security and Ethical Challenges
Defending Against Denial of Service
 At Zombie Machines
 Set and enforce security policies
 Scan for vulnerabilities
 At the ISP
 Monitor and block traffic spikes
 At the Victim’s Website
 Create backup servers and network connections
Chapter 13 Security and Ethical Challenges
Internetworked Security Defenses
 Email Monitoring
 Use of content monitoring software that scans
for troublesome words that might compromise
corporate security
 Virus Defenses
 Centralize the updating and distribution of antivirus
 Use a security suite that integrates virus protection with
firewalls, Web security,
and content blocking features
Chapter 13 Security and Ethical Challenges
Other Security Measures
 Security Codes
 Multilevel password system
 Encrypted passwords
 Smart cards with microprocessors
 Backup Files
 Duplicate files of data or programs
 Security Monitors
 Monitor the use of computers and networks
 Protects them from unauthorized use, fraud, and destruction
 Biometrics
 Computer devices measure physical traits that make each individual
 Voice recognition, fingerprints, retina scan
 Computer Failure Controls
 Prevents computer failures or minimizes its effects
 Preventive maintenance
 Arrange backups with a disaster recovery organization
Chapter 13 Security and Ethical Challenges
Other Security Measures
 In the event of a system failure, fault-tolerant systems have
redundant processors, peripherals, and software that provide
 Fail-over capability: shifts to back up components
 Fail-save capability: the system continues to operate at the same
 Fail-soft capability: the system continues to operate at a reduced
but acceptable level
 A disaster recovery plan contains formalized procedures to follow in
the event of a disaster
 Which employees will participate
 What their duties will be
 What hardware, software, and facilities will be used
 Priority of applications that will be processed
 Use of alternative facilities
 Offsite storage of databases
Chapter 13 Security and Ethical Challenges
Auditing IT Security
 IT Security Audits
 Performed by internal or external auditors
 Review and evaluation of security measures
and management policies
 Goal is to ensure that that proper and adequate
measures and policies are in place
Chapter 13 Security and Ethical Challenges
Protecting Yourself from
Chapter 13 Security and Ethical Challenges