1 / 50

Chapter 11: Computer Crime and Information Security

Chapter 11: Computer Crime and Information Security. Succeeding with Technology: Second Edition. Objectives. Describe the types of information that must be kept secure and the types of threats against them Describe five methods of keeping a PC safe and secure

fsavoie
Download Presentation

Chapter 11: Computer Crime and Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 11: Computer Crime and Information Security Succeeding with Technology: Second Edition

  2. Objectives • Describe the types of information that must be kept secure and the types of threats against them • Describe five methods of keeping a PC safe and secure • Discuss the threats and defenses unique to multiuser networks Succeeding with Technology

  3. Objectives (continued) • Discuss the threats and defenses unique to wireless networks • Describe the threats posed by hackers, viruses, spyware, frauds, and scams, and the methods of defending against them Succeeding with Technology

  4. Information Security and Vulnerability – What is at Stake? • Identity theft • The criminal act of using stolen information about a person to assume that person’s identity • Intellectual property • Product of the mind or intellect over which the owner holds legal entitlement • Intellectual property rights • Ownership and use of intellectual property such as software, music, movies, data, and information Succeeding with Technology

  5. Succeeding with Technology

  6. Succeeding with Technology

  7. Succeeding with Technology

  8. What is at Stake? (continued) • Security threats to businesses • Virus • Insider abuse of Internet access • Laptop theft • Unauthorized access by insiders • Denial-of-service attacks • System penetration • Theft of proprietary information • Sabotage Succeeding with Technology

  9. What is at Stake? (continued) • Business intelligence • Process of gathering and analyzing information in the pursuit of business advantage • Competitive intelligence • Form of business intelligence concerned with information about competitors • Counterintelligence • Concerned with protecting your own information from access by your competitors Succeeding with Technology

  10. Succeeding with Technology

  11. Threats to Information Security • Security vulnerabilities or security holes • Software bugs that allow violations of information security • Software patches • Corrections to software bugs that cause security holes • Piracy • The illegal copying, use, and distribution of digital intellectual property • Plagiarism • Taking credit for someone else’s intellectual property Succeeding with Technology

  12. Succeeding with Technology

  13. Succeeding with Technology

  14. Threats to Information Security (continued) • Hackers, crackers, intruders, and attackers • Black-hat hacker • White-hat hacker • Gray-hat hacker • Script kiddie Succeeding with Technology

  15. Succeeding with Technology

  16. Machine Level Security • Common forms of authentication • Something you know • Password or personal identification number (PIN) • Something you have • ID cards, smartcards, badges, keys, • Something about you • Unique physical characteristics such as fingerprints Succeeding with Technology

  17. Succeeding with Technology

  18. Passwords • Username • Identifies a user to the computer system • Password • A combination of characters known only to the user that is used for authentication • Strongest passwords • Minimum of eight characters in length • Do not include any known words or names Succeeding with Technology

  19. Succeeding with Technology

  20. Succeeding with Technology

  21. ID Devices and Biometrics • Biometrics • The science and technology of authentication by scanning and measuring a person’s unique physical features • Facial pattern recognition • Uses mathematical technique to measure the distances between 128 points on the face • Retinal scanning • Analyzes the pattern of blood vessels at the back of the eye Succeeding with Technology

  22. Succeeding with Technology

  23. Encrypting Stored Data • Encryption • Uses high-level mathematical functions and computer algorithms to encode data • Files • Can be encrypted “on the fly” as they are being saved, and decrypted as they are opened • Encryption and decryption • Tend to slow down computer slightly when opening and saving files Succeeding with Technology

  24. Backing Up Data and Systems • Backup software typically provides the following options • Select the files and folders you wish to back up. • Choose the location to store the archive file. • Choose whether to back up all files (a full backup), or • Just those that have changed since the last backup (an incremental backup) Succeeding with Technology

  25. Succeeding with Technology

  26. System Maintenance • Computer housecleaning • Organizing the data files and software on your computer • Housecleaning activities can include • Deleting unneeded data files • Organizing the remaining data files logically into folders and subfolders • Emptying the recycle bin (Windows) or trash can (Mac) • Deleting unneeded saved e-mail messages Succeeding with Technology

  27. Network Security - Multiuser System Considerations • Multiuser system • Computer system where multiple users share access to resources such as file systems • User permissions • The access privileges afforded to each network user • File ownership • Files and Folders on the system must carry information that identifies their creator Succeeding with Technology

  28. Succeeding with Technology

  29. Succeeding with Technology

  30. Interior Threats • Threats from within a private network • Problems that occur on networks • Stem from allowing network users to introduce software and data files from outside the network • Many instances of identity theft • Occur with the assistance of insiders with corporate network access Succeeding with Technology

  31. Security and Usage Policies • Security and network usage policy • Document, agreement, or contract that • Defines acceptable and unacceptable uses of computer and network resources • Typically warn against using the network for illegal activities • Employers • Not legally responsible for notifying employees of network usage policies Succeeding with Technology

  32. Succeeding with Technology

  33. Wireless Network Security • Wireless networks • Provide wonderful convenience • Have security risks • Wi-Fi networks • The most popular wireless protocol • Are popping up in offices, homes, on city streets, in airports, coffee shops, even in McDonalds Succeeding with Technology

  34. Succeeding with Technology

  35. Threats to Wireless Networks • Access point • Sends and receives signals to and from computers on the wireless local area network or WLAN • By default, are set to broadcast their presence • War driving • Driving through neighborhoods with a wireless notebook or handheld computer looking for unsecured Wi-Fi networks Succeeding with Technology

  36. Succeeding with Technology

  37. Securing a Wireless Network • Options within the configuration software • Allow you to disable the access point’s broadcasting of the network ID, the SSID • Change password used to connect to access point • Access point can be set to only allow certain computers to connect • Popular wireless encryption protocols • Wired Equivalent Privacy (WEP) • Wi-Fi Protected Access (WPA) Succeeding with Technology

  38. Internet Security • When a computer is connected to the Internet • It becomes a target to millions of various attack • Computer’s IP address • Registered and known to others • Attacks against Internet-connected computers • Can come in the form of direct attacks or • Through viruses, worms, or spyware Succeeding with Technology

  39. Succeeding with Technology

  40. Hackers on the Internet • Methods of Attack • Key-logging • packet-sniffing • Port-scanning • Social engineering • Dumpster diving Succeeding with Technology

  41. Succeeding with Technology

  42. Viruses and Worms • Virus • Program that attaches itself to a file • Spreads to other files, and delivers a destructive action called a payload • Trojan horses • Appear to be harmless programs • When they run, install programs on the computer that can be harmful • Worm • Acts as a free agent, replicating itself numerous times in an effort to overwhelm systems Succeeding with Technology

  43. Succeeding with Technology

  44. Spyware, Adware, and Zombies • Spyware • Software installed on a computer without user’s knowledge • Zombie computer • Carries out actions (often malicious) under the remote control of a hacker • Antispyware • Software that searches a computer for spyware and other software that may violate a user’s privacy Succeeding with Technology

  45. Succeeding with Technology

  46. Scams, Spam, Fraud, and Hoaxes • Internet fraud • Deliberately deceiving a person over the Internet in order to damage them • Phishingscam • Combines both spoofed e-mail and a spoofed Web site in order to • Trick a person into providing private information • Virus hoax • E-mail that warns of a virus that does not exist Succeeding with Technology

  47. Scams, Spam, Fraud, and Hoaxes (continued) • Spam • Unsolicited junk mail • Solutions to spam • Bayesian filters • “Trusted sender” technology • Reputation systems • Interfaces for client-side tools Succeeding with Technology

  48. Succeeding with Technology

  49. Summary • Total information security • Securing all components of the global digital information infrastructure • Fundamental security implemented at • The individual machine level • The point of entry to computers, computer networks, and the Internet Succeeding with Technology

  50. Summary (continued) • When a computer is connected to a network • Security risks increase • With wireless technologies • Attacker no longer has to establish a wired connection to a network • Attacks against Internet-connected computers may come in the form of • Direct attacks by hackers (system penetration) or • Through viruses, worms, or spyware Succeeding with Technology

More Related