chapter 11 computer crime and information security l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Chapter 11 Computer Crime and Information Security PowerPoint Presentation
Download Presentation
Chapter 11 Computer Crime and Information Security

Loading in 2 Seconds...

play fullscreen
1 / 61

Chapter 11 Computer Crime and Information Security - PowerPoint PPT Presentation


  • 256 Views
  • Uploaded on

Please discontinue use of cell phone and turn off ringer Chapter 11 Computer Crime and Information Security Information Security and Vulnerability Machine-Level Security Network Security Wireless Network Security Internet Security Information Security Overview

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Chapter 11 Computer Crime and Information Security' - albert


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
chapter 11 computer crime and information security

Please discontinue use of cell phone and turn off ringer

Chapter 11Computer Crime and Information Security

Information Security and Vulnerability

Machine-Level Security

Network Security

Wireless Network Security

Internet Security

information security overview
Information Security Overview
  • All computer systems are vulnerable to attack.
  • Most are already infected and/or compromised, including PCs used by most students in this class.
  • It is only going to get worse.

Two-thirds of Internet experts expect a devastating attack on the Internet between now and 2015.

  • For more info…
  • www.mcafee.com/us/threat_center
  • www.cert.org
  • http://www.microsoft.com/athome/security
total information security
Total Information Security
  • Total Information Security involves securing all components of the global digital information infrastructure.
    • Personal Computers
    • Business Computer Systems
    • Government Systems
    • International Systems
  • Participation by EVERYONE is important and difficult to gain!

See what the White House has to say on the subject at http://www.whitehouse.gov/pcipb/

total information security4
Total Information Security

`

`

`

  • To achieve total information security, we must examine security in layers.
  • Users are at the heart of total information security.
  • Risks increase with each expanding layer.

`

User

Machine

Network

The Internet

11 1 information security and vulnerability

11.1 Information Security and Vulnerability

What is at stake and what are the threats?

Key Terms

  • Information Security
  • Identity Theft
  • Intellectual Property
  • Intellectual Property Rights
  • Cyberterrorism
  • Security Holes
  • Software Patches
  • Piracy
  • Plagiarism
  • Hacker
  • Computer Forensics
at stake personal private information

Depending on the circumstance, private information may include your:

  • Name
  • Photo
  • Phone number
  • Address
  • Birthday
  • Social Security Number
  • Bank Account Number
  • Credit Card Number
  • College Transcripts
  • Financial Status
  • Medical Records
  • Religious affiliation
  • Political affiliation

All too common headlines…

“Hackers attacked computer servers of a California university and may have gained access to the personal information of 59,000 people affiliated with the school…”

At stake:Personal Private Information
  • What would concern you most if a person who wished to do you harm had full control of your PC?
  • What personal information do you consider private?
identity theft
Identity Theft
  • Identity theft is the criminal act of using stolen information about a person to assume that person’s identity, typically for financial gain.

Source: http://www.consumer.gov/sentinel/trends.htm

at stake intellectual property
At stake:Intellectual Property
  • Intellectual property refers to a product of the mind or intellect over which the owner holds legal entitlement.
  • Intellectual property rights concern the legal ownership and use of intellectual property such as software, music, movies, data, and information.
  • Intellectual property is legally protected through copyright, trademark, trade secret, and patent
at stake organizational information

Biggest security threats to businesses in order of frequency:

  • Virus
  • Insider abuse of Internet access
  • Laptop theft
  • Unauthorized access byinsiders
  • Denial-of-service attacks
  • System penetration
  • Theft of proprietary info
  • Sabotage
  • Financial fraud
  • Telecommunications fraud
  • Active wiretap
At stake:Organizational Information
  • For many businesses, the information it processes and stores is highly valuable and key to its success.
    • Business intelligences is the process of gathering and analyzing information in the pursuit of business advantage.
    • Competitive intelligence is concerned with gathering information about competitors.
    • Counterintelligence is concerned with protecting one’s own information from access by the competition.
at stake national and global security

Washington, June 8, 2006 – Over the last two years, Abu Musab al-Zarqawi established the Web as a powerful tool of the global jihad, mobilizing computer-savvy allies who inspired extremists in Iraq and beyond with lurid video clips of the bombings and beheadings his group carried out.

At stake:National and Global Security

Food for thought…

The Internet is a powerful tool both for those who wish to build bridges between distant cultures and those that wish to tear them down.

  • Cyberterrorism is a form of terrorism that uses attacks over the Internet to intimidate and harm a population.

China Hacking: http://abcnews.go.com/TheLaw/story?id=3966047

http://www.cio-today.com/story.xhtml?story_id=022000RB46F8&nl=5

http://arstechnica.com/news.ars/post/20070914-chinese-government-at-the-center-of-five-cyber-attack-claims.html

The Cyber Cold War

http://www.reuters.com/article/technologyNews/idUSL2932083320071129?feedType=RSS&feedName=technologyNews

threat software and network vulnerabilities

All too common headlines…

“Microsoft warned on Tuesday of seven newly found flaws in its software that could allow an attacker to steal data and take over a personal computer running the Windows operating system…”

Threat:Software and Network Vulnerabilities

Food for thought…

Perfect software would be impossible to hack.

  • Security holes are software bugs that allow violations of information security.
  • Software patches are corrections to the software bugs that cause security holes.

Microsoft’s Trustworthy Computing

threat pirates and plagiarists
Threat:Pirates and Plagiarists
  • Food for thought…
  • The annual cost of piracy in is estimated to be:
  • $4.2 billion for the music industry
  • $6.1 billion for the motion picture industry
  • $33 billionfor the software industry
  • Piracy involves the illegal copying, use, and distribution of digital intellectual property such as software, music, and movies.
  • Plagiarism involves taking credit for someone else’s intellectual property, typically a written idea, by claiming it as your own.
the problem with pirating mp3 music files

When consumers become distributors

Traditional Music Distribution

ARTIST

ARTIST

$

1

6

$

$

$

$

5

2

$

$

1

2

3

3

4

5

4

Consumers

6

The problem with pirating MP3 music files
a complex problem

OnlineStore

$

1

6

$

$

$

5

2

$

$

3

4

Consumers

A Complex Problem

Record

Label

Artist

one possible evolution

Artist

$

1

6

$

$

$

5

2

$

$

3

4

Consumers

One Possible Evolution

http://www.radiohead.com

http://theymightbegiants.com

http://www.bigego.com

threat hackers crackers intruders and attackers

HackersOn Planet Earth

Threat:Hackers, Crackers, Intruders, and Attackers
  • The termshacker, cracker, intruder, and attacker are all used to label an individual who subverts computer security without authorization.
  • There are all types of hackers, not all are considered to behave unethically.

http://www.2600.com

http://www.2600.com/meetings/

Computer forensics is the process of examining computing equipment to determine if it has been used for illegal unauthorized or unusual activities.

review

Review

Securing all components of the global digital information infrastructure is referred to as ________________.

Credit card companies interested in protecting customers from _______________ watch for purchases that are out of the ordinary and notify the customer to confirm that the purchase was not made by a thief.

Music, software, designs, artwork, and literature are all forms of _____________ that are typically protected by copyright or trademark.

Hackers make use of _________________ to gain illegal access to computer systems.

If you purchase and download an MP3 song from Amazon.com, then email the MP3 file to a friend you are ________________.

11 2 machine level security

Key Terms

  • Username
  • Password
  • Biometrics
  • Encryption

11.2 Machine-Level Security

Considerations for computers as stand-alone entities

protecting a stand alone pc
Protecting a Stand-alone PC
  • Computers not connected to a network can only be attacked through physical presence.
  • Keeping the PC in a locked room would be the first method of protection.
  • The next method involves positively identifying the person accessing the machine through authentication.
    • Something you know (i.e. password)
    • Something you have (i.e. card-swipe)
    • Something about you (i.e. fingerprint)
passwords
Passwords
  • A username identifies the user to the computer system.
  • A password is a combination of characters known only to the user and used for authentication.
  • For a password to be effective it should be:
    • strong by including words that are unrelated to your interests, and include upper and lowercase letters, numbers, and symbols
    • unique – don’t use the same password for your bank account as you do for your email account
    • changed regularly – change your password twice a year
id devices and biometrics
ID Devices and Biometrics
  • Security ID cards and tokens, “something you have” authentication, are used in some corporations to protect access to restricted areas and computer systems.
  • Biometrics is the science and technology of authentication by scanning and measuring a person’s unique physical features such as fingerprints, retinal patterns, and facial characteristics.

More about tokens:

http://en.wikipedia.org/wiki/Security-Token

http://www.opticom.lv/en/products/security/authentication/rsa123/rsa1/

Check out Face Recognition

encryption
Encryption
  • Encryption is a security technique that uses high-level mathematical functions and computer algorithms to encode data so that it is unintelligible to all but the intended recipient.
  • Data stored on a PC can be encrypted and set so that a second password is required to decrypt it.

Demo: Encrypting a PPT file (tools > options > security)

More on Encryption: http://en.wikipedia.org/wiki/Encryption

backing up data and systems
Backing Up Data and Systems

Food for thought…

A recent study showed that only 57% of computer users back up stored data including digital photos, personal documents, work documents, music, and financial records.

DO YOU BACKUP?

HAVE YOU LOST DATA DUE TO HARDWARE FAILURE?

  • The most common cause of data loss is hardware failure.
  • The best protection against such loss is to follow regular backup procedures.
  • Available backup services include:
    • System utilities that back up selected files to compressed archives stored on secondary storage media or another computer on the network.
    • Mirroring which saves files to two locations to create exact duplicates.
    • Apple Time Capsule
    • Internet services that perform scheduled, automated uploads of your valuable files to servers for safe keeping (www.remotedatabackups.com).
review27

Review

Which of the following is NOT a safe password practice

select a strong password

change your password regularly

use the same password for different accounts

don’t write your password down

London’s Heathrow airport has implemented ____________ through the use of a retinal scanner that checks the identity of workers as they clock into work.

Through the use of _____________ files can be rendered unreadable while stored or in transit over a network.

The one action that can save your data from being destroyed by hackers, viruses, system and hardware crashes, and spyware is _______________.

user permissions
User Permissions

SystemAdministrator

  • User Permissions refers to the access privileges afforded to each network user in terms of who is able to read, write, and execute a file, folder, or drive.

5

2

4

1

6

3

  • Files and folders are assigned user and group ownership.

User 1

User 2

user permissions30

Mac OS X

Windows XP (home)

UNIX

User Permissions
  • Different operating systems have differing ways of handling user permissions.
interior threats
Interior Threats
  • Interior threats refer to dangers to network resources from legitimate users. They include:
    • Threats to System Health and Stability
    • Information Theft
  • Safeguards include a the use of security and usage policies.

FSU Network Usage Policies: http://www.vpfa.fsu.edu/policies/bmanual/itpolicy.html

wireless fidelity wi fi
Wireless Fidelity (Wi-fi)
  • Wi-fi is the widely used wireless networking standard that makes use of access points to connect devices to networks.

Newly purchased access points typically have no security features enabled making it easy for any wireless device to connect.

AccessPoint

Network line

More on Wi-fi in CH5

threats to wireless networks

Z

Wireless Access Point / Router

Wireless Access Point / Router

To Cable Co.

Cable Modem

Cable Modem

Threats to Wireless Networks
  • Neighbors
  • Internet Hackers

The Internet

threats to wireless networks35

Z

Wireless Access Point / Router

Wireless Access Point / Router

To Cable Co.

Cable Modem

Cable Modem

Threats to Wireless Networks
  • Neighbors
  • Internet Hackers
  • Passers by
    • www.wardriving.com

The Internet

securing a wireless network
Securing a Wireless Network
  • An Access Point can be configured, and security features enabled, through a simple Web interface using a computer connected to the access point.
securing a wireless network38
Securing a Wireless Network
  • Use the Access Points configuration utility to:
    • Disable the Access Point’s broadcasting to make the access point invisible to the general public.
    • Change the Access Point’s password from the default.
    • Set the Access Point to only allow certain computers (MAC addresses) to connect.
    • Encrypt data being sent over the network with WEP or WPA.
  • Use Internet security software and practices discussed in the next section.
11 5 internet security

Key Terms

  • Spyware
  • Zombie Computer
  • Antispyware
  • Internet Fraud
  • Phishing
  • Virus Hoax
  • Firewall
  • Virus
  • Worm
  • Antivirus Software

11.5 Internet Security

hacking tools and methods
Hacking Tools and Methods
  • Key-logging software
  • Packet-sniffing software
  • Port scanning software
  • Social engineering
why do hackers hack
Why Do Hackers Hack?
  • As a hobby and challenge
  • To inflict malicious vandalism
  • To gain a platform for anonymous attacks
    • Distributed Denial-of-service DDoS Attacks
  • To steal valuable information and services
  • To Spy on someone

“Hackers have turned toward more criminal and lucrative areas of directingattacks to specific individuals or organizations, often financially, competitively, politically or socially motivated.” http://www.physorg.com/news5580.html

defending against hackers

Firewall software from McAfee and Symantec are considered to be more robust than Windows Firewall. This McAfee screen shot shows several attacks on this PC over the course of one day.

Defending Against Hackers
  • A firewall is network hardware and software that examines all incoming data packets and filters out ones that are potentially dangerous.
    • All Windows users should protect their network connection with a firewall. ~demo
viruses and worms
Viruses and Worms
  • A virus is a program that attaches itself to a file, spreads to other files, and delivers a destructive action called a payload.
    • There are many types of viruses
  • A worm does not attach itself to other files but rather acts as a free agent, replicating itself numerous times in an effort to overwhelm systems.
    • Worms and viruses are often spread through the Web, email, chat, and file-sharing networks

Viruses and worms are considered malicious software, or malware, Check out the latest malware at http://www.mcafee.com/us/threat_center

viruses and worms44
Viruses and Worms

Yeah right! This didn’t come from Microsoft. The attachment is not a patch, nor an innocent text file (as it appears) but an executable file containing a virus.

slide45

WEB PAGE

EMAIL

Web Server

Shared

Network

PortableDevice

P2PFILE-SHARINGNETWORK

P2P NETWORK

INSTANT MESSAGE

defending against viruses and worms

Knowledge and caution play a big part in protecting PCs against viruses and worms:

  • Don’t open e-mail or IM attachments that come from friends or strangers unless they are expected and inspected by antivirus software.
  • Keep up with software patches for your operating system, your Web browser, your e-mail and IM software.
  • Use caution when exploring Web sites created and maintained by unknown parties.
  • Avoid software from unknown sources.
  • Stay away from file-sharing networks; they do not protect users from dangerous files that are being swapped
Defending Against Viruses and Worms
  • Antivirus software, also known as virus scan software, uses several techniques to find viruses on a computer system, remove them if possible, and keep additional viruses from infecting the system.
spyware adware and zombies
Spyware, Adware, and Zombies
  • Spyware is software installed on a computer without the user’s knowledge to either monitor the user or allow an outside party to control the computer.

The Internet service provider Earthlink said it uncovered an average of 28 spyware programs on each of its member’s PCs that were scanned

Adware is spyware that displays advertisements.

zombies
Zombies
  • A computer that carries out actions (often malicious) under the remote control of a hacker either directly or through spyware or a virus is called a zombie computer.

Experts say hundreds of thousands of computers are added to the ranks of zombies each week.

zombies49
Zombies
  • Zombie computers can join together to form zombie networks (botnet). Zombie networks apply the power of multiple PCs to overwhelm Web sites with distributed denial-of-service attacks, to crack complicated security codes, or to generate huge batches of spam.

It has been estimated that 80 to 90 percent of spam originates from zombie computers.

Storm worm botnet for rent

defending against spyware
Defending Against Spyware
  • Antispyware is software that searches a computer for spyware and other software that may violate a user’s privacy, allows the user to remove it, and provides continuing protection against future attacks.
scams spam fraud and hoaxes52
Scams, Spam, Fraud, and Hoaxes
  • Internet fraud is the crime of deliberately deceiving a person over the Internet in order to damage them and to obtain property or services from him or her unjustly.
  • A phishing scam combines both spoofed e-mail and a spoofed Web site in order to trick a person into providing private information.

Spoofing is the act of assuming the identity of another person or organization typically through email or on the Web.

classic phishing
Classic Phishing
  • Is this email from customer.service@citibank.com legitimate?

If you clicked the link it would take you to a spoofed Citibank Webpage that looks like the real thing, and ask you to supply personal information like your username and password.

Holding the mouse pointer over the link in the original email shows that it really links to http://24.27.89.64:87 most likely a hacker’s Website.

scams spam fraud and hoaxes54
Scams, Spam, Fraud, and Hoaxes
  • Spam is the unsolicited junk mail that makes up more than 60 percent of today’s email.
  • A virus hoax is an email that warns of a virus that doesn’t exist.
scams spam fraud and hoaxes55
Scams, Spam, Fraud, and Hoaxes
  • The email that has gotten thousands of Windows users to trash their own systems…

The objective of this e-mail is to warn all Hotmail users about a new virus that is spreading by MSN Messenger. The name of this virus is jdbgmgr.exe and it is sent automatically by the Messenger and by the address book too. The virus is not detected by McAfee or Norton and it stays quiet for 14 days before damaging the system.

The virus can be cleaned before it deletes the files from your system. In order to eliminate it, it is just necessary to do the following steps:

1. Go to Start, click "Search"

2.- In the "Files or Folders option" write the name jdbgmgr.exe

3.- Be sure that you are searching in the drive "C"

4.- Click "find now"

5.- If the virus is there (it has a little bear-like icon with the name of jdbgmgr.exe DO NOT OPEN IT FOR ANY REASON

6.- Right click and delete it (it will go to the Recycle bin)

7.- Go to the recycle bin and delete it or empty the recycle bin.

IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT CAN CAUSE ANY DAMAGE.

scams spam fraud and hoaxes56

Think again!

Scams, Spam, Fraud, and Hoaxes
  • The email that has gotten thousands of Windows users to trash their own systems…

Do the search. Oh no! I’ve got the Teddy Bear virus! Better delete it!

That file with the silly little Teddy bear icon is actually a necessary system file in Windows!

For more on this topic check out www.vmyths.com

defending against scams spam fraud and hoaxes
Defending Against Scams, Spam, Fraud, and Hoaxes
  • To avoid phishing scams, do not click links received in email.
  • Exam Web addresses closely to make sure that they are legitimate.
  • Submit form data only from Web pages that have a secure connection (https://)
  • Do not believe any virus warning unless it comes from a verifiable source.
  • Use common sense and be wary of offers too good to be true.
windows security suites
Windows Security Suites
  • www.windowsonecare.com
  • www.mcafee.com
  • www.symantec.com

Another option…

Security experts at Sophos recommend that home Windows users switch to Macs. From the 2006 Sophos Security Threat Management Report: “The vast majority of malware continues to be written for Windows…It seems likely that Macs will continue to be the safer place for computer users for some time to come - something that home users may wish to consider if they're deliberating about the next computer they should purchase."

review60

By default, Wi-fi access points are set up with what level of security enabled?

  • Which of the following is NOT necessary to keep a Windows PC safe from attack:
    • Use a Firewall
    • Use Antivirus and Antispyware software
    • Use a pop-up blocker and spam filter
    • Install Windows updates
  • Most PCs have ____________ installed working secretly in the background, without the user’s knowledge, sending spam and carrying out other hacker activities.
  • Many of today’s most notorious cybercrimes are carried out by __________ computers working together in a botnet.
  • If you receive an email from a financial institution requesting that you “click the link” to access your account and check your account information, it is probably part of _______________.

Review