Transcript Multimedia Application Production

Chapter 11: Computer
Crime and Information
Security
Succeeding with Technology:
Second Edition
Objectives

Describe the types of information that must be kept
secure and the types of threats against them

Describe five methods of keeping a PC safe and
secure

Discuss the threats and defenses unique to
multiuser networks
Succeeding with Technology
2
Objectives (continued)

Discuss the threats and defenses unique to wireless
networks

Describe the threats posed by hackers, viruses,
spyware, frauds, and scams, and the methods of
defending against them
Succeeding with Technology
3
Information Security and
Vulnerability – What is at Stake?



Identity theft
 The criminal act of using stolen information about a
person to assume that person’s identity
Intellectual property
 Product of the mind or intellect over which the
owner holds legal entitlement
Intellectual property rights
 Ownership and use of intellectual property such as
software, music, movies, data, and information
Succeeding with Technology
4
Succeeding with Technology
5
Succeeding with Technology
6
Succeeding with Technology
7
What is at Stake? (continued)

Security threats to businesses
 Virus
 Insider abuse of Internet access
 Laptop theft
 Unauthorized access by insiders
 Denial-of-service attacks
 System penetration
 Theft of proprietary information
 Sabotage
Succeeding with Technology
8
What is at Stake? (continued)



Business intelligence
 Process of gathering and analyzing information in
the pursuit of business advantage
Competitive intelligence
 Form of business intelligence concerned with
information about competitors
Counterintelligence
 Concerned with protecting your own information
from access by your competitors
Succeeding with Technology
9
Succeeding with Technology
10
Threats to Information Security




Security vulnerabilities or security holes
 Software bugs that allow violations of information
security
Software patches
 Corrections to software bugs that cause security
holes
Piracy
 The illegal copying, use, and distribution of digital
intellectual property
Plagiarism
 Taking credit for someone else’s intellectual property
Succeeding with Technology
11
Succeeding with Technology
12
Succeeding with Technology
13
Threats to Information Security
(continued)

Hackers, crackers, intruders, and attackers
 Black-hat hacker
 White-hat hacker
 Gray-hat hacker
 Script kiddie
Succeeding with Technology
14
Succeeding with Technology
15
Machine Level Security

Common forms of authentication
 Something you know
Password or personal identification number (PIN)
Something you have
 ID cards, smartcards, badges, keys,
Something about you
 Unique physical characteristics such as fingerprints



Succeeding with Technology
16
Succeeding with Technology
17
Passwords



Username
 Identifies a user to the computer system
Password
 A combination of characters known only to the user
that is used for authentication
Strongest passwords
 Minimum of eight characters in length
 Do not include any known words or names
Succeeding with Technology
18
Succeeding with Technology
19
Succeeding with Technology
20
ID Devices and Biometrics



Biometrics
 The science and technology of authentication by
scanning and measuring a person’s unique physical
features
Facial pattern recognition
 Uses mathematical technique to measure the
distances between 128 points on the face
Retinal scanning
 Analyzes the pattern of blood vessels at the back of
the eye
Succeeding with Technology
21
Succeeding with Technology
22
Encrypting Stored Data



Encryption
 Uses high-level mathematical functions and
computer algorithms to encode data
Files
 Can be encrypted “on the fly” as they are being
saved, and decrypted as they are opened
Encryption and decryption
 Tend to slow down computer slightly when opening
and saving files
Succeeding with Technology
23
Backing Up Data and Systems

Backup software typically provides the following
options
 Select the files and folders you wish to back up.
 Choose the location to store the archive file.
 Choose whether to back up all files (a full backup),
or
 Just those that have changed since the last backup
(an incremental backup)
Succeeding with Technology
24
Succeeding with Technology
25
System Maintenance


Computer housecleaning
 Organizing the data files and software on your
computer
Housecleaning activities can include
 Deleting unneeded data files
 Organizing the remaining data files logically into
folders and subfolders
 Emptying the recycle bin (Windows) or trash can
(Mac)
 Deleting unneeded saved e-mail messages
Succeeding with Technology
26
Network Security - Multiuser System
Considerations



Multiuser system
 Computer system where multiple users share
access to resources such as file systems
User permissions
 The access privileges afforded to each network user
File ownership
 Files and Folders on the system must carry
information that identifies their creator
Succeeding with Technology
27
Succeeding with Technology
28
Succeeding with Technology
29
Interior Threats



Threats from within a private network
Problems that occur on networks
 Stem from allowing network users to introduce
software and data files from outside the network
Many instances of identity theft
 Occur with the assistance of insiders with corporate
network access
Succeeding with Technology
30
Security and Usage Policies

Security and network usage policy
 Document, agreement, or contract that
Defines acceptable and unacceptable uses of
computer and network resources
Typically warn against using the network for illegal
activities



Employers
 Not legally responsible for notifying employees of
network usage policies
Succeeding with Technology
31
Succeeding with Technology
32
Wireless Network Security


Wireless networks
 Provide wonderful convenience
 Have security risks
Wi-Fi networks
 The most popular wireless protocol
 Are popping up in offices, homes, on city streets, in
airports, coffee shops, even in McDonalds
Succeeding with Technology
33
Succeeding with Technology
34
Threats to Wireless Networks


Access point
 Sends and receives signals to and from computers
on the wireless local area network or WLAN
 By default, are set to broadcast their presence
War driving
 Driving through neighborhoods with a wireless
notebook or handheld computer looking for
unsecured Wi-Fi networks
Succeeding with Technology
35
Succeeding with Technology
36
Securing a Wireless Network




Options within the configuration software
 Allow you to disable the access point’s broadcasting
of the network ID, the SSID
Change password used to connect to access point
Access point can be set to only allow certain
computers to connect
Popular wireless encryption protocols
 Wired Equivalent Privacy (WEP)
 Wi-Fi Protected Access (WPA)
Succeeding with Technology
37
Internet Security



When a computer is connected to the Internet
 It becomes a target to millions of various attack
Computer’s IP address
 Registered and known to others
Attacks against Internet-connected computers
 Can come in the form of direct attacks or
 Through viruses, worms, or spyware
Succeeding with Technology
38
Succeeding with Technology
39
Hackers on the Internet

Methods of Attack
 Key-logging
 packet-sniffing
 Port-scanning
 Social engineering
 Dumpster diving
Succeeding with Technology
40
Succeeding with Technology
41
Viruses and Worms



Virus
 Program that attaches itself to a file
 Spreads to other files, and delivers a destructive
action called a payload
Trojan horses
 Appear to be harmless programs
 When they run, install programs on the computer
that can be harmful
Worm
 Acts as a free agent, replicating itself numerous
times in an effort to overwhelm systems
Succeeding with Technology
42
Succeeding with Technology
43
Spyware, Adware, and Zombies



Spyware
 Software installed on a computer without user’s
knowledge
Zombie computer
 Carries out actions (often malicious) under the
remote control of a hacker
Antispyware
 Software that searches a computer for spyware and
other software that may violate a user’s privacy
Succeeding with Technology
44
Succeeding with Technology
45
Scams, Spam, Fraud, and Hoaxes


Internet fraud
 Deliberately deceiving a person over the Internet in
order to damage them
Phishing scam
 Combines both spoofed e-mail and a spoofed Web
site in order to


Trick a person into providing private information
Virus hoax
 E-mail that warns of a virus that does not exist
Succeeding with Technology
46
Scams, Spam, Fraud, and Hoaxes
(continued)


Spam
 Unsolicited junk mail
Solutions to spam
 Bayesian filters
 “Trusted sender” technology
 Reputation systems
 Interfaces for client-side tools
Succeeding with Technology
47
Succeeding with Technology
48
Summary


Total information security
 Securing all components of the global digital
information infrastructure
Fundamental security implemented at
 The individual machine level
 The point of entry to computers, computer networks,
and the Internet
Succeeding with Technology
49
Summary (continued)



When a computer is connected to a network
 Security risks increase
With wireless technologies
 Attacker no longer has to establish a wired
connection to a network
Attacks against Internet-connected computers may
come in the form of
 Direct attacks by hackers (system penetration) or
 Through viruses, worms, or spyware
Succeeding with Technology
50