Multimedia Application Production
Download
Report
Transcript Multimedia Application Production
Chapter 11: Computer
Crime and Information
Security
Succeeding with Technology:
Second Edition
Objectives
Describe the types of information that must be kept
secure and the types of threats against them
Describe five methods of keeping a PC safe and
secure
Discuss the threats and defenses unique to
multiuser networks
Succeeding with Technology
2
Objectives (continued)
Discuss the threats and defenses unique to wireless
networks
Describe the threats posed by hackers, viruses,
spyware, frauds, and scams, and the methods of
defending against them
Succeeding with Technology
3
Information Security and
Vulnerability – What is at Stake?
Identity theft
The criminal act of using stolen information about a
person to assume that person’s identity
Intellectual property
Product of the mind or intellect over which the
owner holds legal entitlement
Intellectual property rights
Ownership and use of intellectual property such as
software, music, movies, data, and information
Succeeding with Technology
4
Succeeding with Technology
5
Succeeding with Technology
6
Succeeding with Technology
7
What is at Stake? (continued)
Security threats to businesses
Virus
Insider abuse of Internet access
Laptop theft
Unauthorized access by insiders
Denial-of-service attacks
System penetration
Theft of proprietary information
Sabotage
Succeeding with Technology
8
What is at Stake? (continued)
Business intelligence
Process of gathering and analyzing information in
the pursuit of business advantage
Competitive intelligence
Form of business intelligence concerned with
information about competitors
Counterintelligence
Concerned with protecting your own information
from access by your competitors
Succeeding with Technology
9
Succeeding with Technology
10
Threats to Information Security
Security vulnerabilities or security holes
Software bugs that allow violations of information
security
Software patches
Corrections to software bugs that cause security
holes
Piracy
The illegal copying, use, and distribution of digital
intellectual property
Plagiarism
Taking credit for someone else’s intellectual property
Succeeding with Technology
11
Succeeding with Technology
12
Succeeding with Technology
13
Threats to Information Security
(continued)
Hackers, crackers, intruders, and attackers
Black-hat hacker
White-hat hacker
Gray-hat hacker
Script kiddie
Succeeding with Technology
14
Succeeding with Technology
15
Machine Level Security
Common forms of authentication
Something you know
Password or personal identification number (PIN)
Something you have
ID cards, smartcards, badges, keys,
Something about you
Unique physical characteristics such as fingerprints
Succeeding with Technology
16
Succeeding with Technology
17
Passwords
Username
Identifies a user to the computer system
Password
A combination of characters known only to the user
that is used for authentication
Strongest passwords
Minimum of eight characters in length
Do not include any known words or names
Succeeding with Technology
18
Succeeding with Technology
19
Succeeding with Technology
20
ID Devices and Biometrics
Biometrics
The science and technology of authentication by
scanning and measuring a person’s unique physical
features
Facial pattern recognition
Uses mathematical technique to measure the
distances between 128 points on the face
Retinal scanning
Analyzes the pattern of blood vessels at the back of
the eye
Succeeding with Technology
21
Succeeding with Technology
22
Encrypting Stored Data
Encryption
Uses high-level mathematical functions and
computer algorithms to encode data
Files
Can be encrypted “on the fly” as they are being
saved, and decrypted as they are opened
Encryption and decryption
Tend to slow down computer slightly when opening
and saving files
Succeeding with Technology
23
Backing Up Data and Systems
Backup software typically provides the following
options
Select the files and folders you wish to back up.
Choose the location to store the archive file.
Choose whether to back up all files (a full backup),
or
Just those that have changed since the last backup
(an incremental backup)
Succeeding with Technology
24
Succeeding with Technology
25
System Maintenance
Computer housecleaning
Organizing the data files and software on your
computer
Housecleaning activities can include
Deleting unneeded data files
Organizing the remaining data files logically into
folders and subfolders
Emptying the recycle bin (Windows) or trash can
(Mac)
Deleting unneeded saved e-mail messages
Succeeding with Technology
26
Network Security - Multiuser System
Considerations
Multiuser system
Computer system where multiple users share
access to resources such as file systems
User permissions
The access privileges afforded to each network user
File ownership
Files and Folders on the system must carry
information that identifies their creator
Succeeding with Technology
27
Succeeding with Technology
28
Succeeding with Technology
29
Interior Threats
Threats from within a private network
Problems that occur on networks
Stem from allowing network users to introduce
software and data files from outside the network
Many instances of identity theft
Occur with the assistance of insiders with corporate
network access
Succeeding with Technology
30
Security and Usage Policies
Security and network usage policy
Document, agreement, or contract that
Defines acceptable and unacceptable uses of
computer and network resources
Typically warn against using the network for illegal
activities
Employers
Not legally responsible for notifying employees of
network usage policies
Succeeding with Technology
31
Succeeding with Technology
32
Wireless Network Security
Wireless networks
Provide wonderful convenience
Have security risks
Wi-Fi networks
The most popular wireless protocol
Are popping up in offices, homes, on city streets, in
airports, coffee shops, even in McDonalds
Succeeding with Technology
33
Succeeding with Technology
34
Threats to Wireless Networks
Access point
Sends and receives signals to and from computers
on the wireless local area network or WLAN
By default, are set to broadcast their presence
War driving
Driving through neighborhoods with a wireless
notebook or handheld computer looking for
unsecured Wi-Fi networks
Succeeding with Technology
35
Succeeding with Technology
36
Securing a Wireless Network
Options within the configuration software
Allow you to disable the access point’s broadcasting
of the network ID, the SSID
Change password used to connect to access point
Access point can be set to only allow certain
computers to connect
Popular wireless encryption protocols
Wired Equivalent Privacy (WEP)
Wi-Fi Protected Access (WPA)
Succeeding with Technology
37
Internet Security
When a computer is connected to the Internet
It becomes a target to millions of various attack
Computer’s IP address
Registered and known to others
Attacks against Internet-connected computers
Can come in the form of direct attacks or
Through viruses, worms, or spyware
Succeeding with Technology
38
Succeeding with Technology
39
Hackers on the Internet
Methods of Attack
Key-logging
packet-sniffing
Port-scanning
Social engineering
Dumpster diving
Succeeding with Technology
40
Succeeding with Technology
41
Viruses and Worms
Virus
Program that attaches itself to a file
Spreads to other files, and delivers a destructive
action called a payload
Trojan horses
Appear to be harmless programs
When they run, install programs on the computer
that can be harmful
Worm
Acts as a free agent, replicating itself numerous
times in an effort to overwhelm systems
Succeeding with Technology
42
Succeeding with Technology
43
Spyware, Adware, and Zombies
Spyware
Software installed on a computer without user’s
knowledge
Zombie computer
Carries out actions (often malicious) under the
remote control of a hacker
Antispyware
Software that searches a computer for spyware and
other software that may violate a user’s privacy
Succeeding with Technology
44
Succeeding with Technology
45
Scams, Spam, Fraud, and Hoaxes
Internet fraud
Deliberately deceiving a person over the Internet in
order to damage them
Phishing scam
Combines both spoofed e-mail and a spoofed Web
site in order to
Trick a person into providing private information
Virus hoax
E-mail that warns of a virus that does not exist
Succeeding with Technology
46
Scams, Spam, Fraud, and Hoaxes
(continued)
Spam
Unsolicited junk mail
Solutions to spam
Bayesian filters
“Trusted sender” technology
Reputation systems
Interfaces for client-side tools
Succeeding with Technology
47
Succeeding with Technology
48
Summary
Total information security
Securing all components of the global digital
information infrastructure
Fundamental security implemented at
The individual machine level
The point of entry to computers, computer networks,
and the Internet
Succeeding with Technology
49
Summary (continued)
When a computer is connected to a network
Security risks increase
With wireless technologies
Attacker no longer has to establish a wired
connection to a network
Attacks against Internet-connected computers may
come in the form of
Direct attacks by hackers (system penetration) or
Through viruses, worms, or spyware
Succeeding with Technology
50