why be concerned about internet security n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Why be concerned about Internet security? PowerPoint Presentation
Download Presentation
Why be concerned about Internet security?

Loading in 2 Seconds...

play fullscreen
1 / 21

Why be concerned about Internet security? - PowerPoint PPT Presentation


  • 362 Views
  • Uploaded on

Chapter 6 Network and Internet Security and Privacy. Why be concerned about Internet security?. The Computer Fraud and Abuse Act of 1986 is the main law protecting against computer crimes. The USA PATRIOT Act increased the scope and penalties of computer fraud:

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Why be concerned about Internet security?' - halima


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide2

The Computer Fraud and Abuse Act of 1986 is the main law protecting against

computer crimes. The USA PATRIOT Act increased

the scope and penalties of computer fraud:

  • raising the maximum penalty for violations

to 10 years (from 5) for a first offense and

20 years (from 10) for a second offense;

  • ensuring that violators only need to intend to

cause damage generally, not intend to cause

damage or other specified harm over the $5,000 statutory damage threshold;

  • allowing aggregation of damages to different computers over a year to reach the $5,000 threshold;
  • enhancing punishment for violations involving any (not just $5,000) damage to a government computer involved in criminal justice or the military;
  • including damage to foreign computers involved in US interstate commerce;
  • including state law offenses as priors for sentencing; and
  • expanding the definition of loss to expressly include time spent investigating and responding for damage assessment and for restoration.
slide3

Unauthorized Access (hacking)

Gaining access to a computer, network, or system without authorization.

Businesses, schools, and organizations have codes of conduct outlining

acceptable computer use.

Theft of Data

Data theft or information theft is the theft of data or information located on or being sent from a computer.

Interception of Communications

Instead of accessing data stored on a computer via hacking, some criminals gain

unauthorized access to data, files, email messages, VoIP calls, and other content

as it is being sent over the Internet.

A new trend is criminals intercepting credit and

debit card information during the card verification

process; that is, intercepting the data from a card

in real time as a purchase is being authorized.

slide4

Botnets and Zombie Computers

  • A computer that is controlled by a hacker or other computer criminal is referred to as a bot or zombie computer.
  • A group of bots that are controlled by one individual and can work together in a coordinated fashion is called a botnet.
  • According to the FBI, an estimated one million U.S. computers are currently part of a botnet.

WiFi Piggybacking

Many home users have wireless (WiFi) networks.

Many people do not have security implemented

and neighbors or someone driving down the street

could access their network and use their Internet

access.

slide5

Computer/Data Sabotage

Malicious destruction to a computer or data. This could be performed

physically or electronically. A disgruntled employee could destroy

a network server or backup tapes. Data or programs could be

altered. Web sites could be defaced.

Denial of Service

A denial of service (DoS) attack is an act of sabotage that attempts to flood a network server or Web server with so many requests for action that it shuts down or simply cannot handle legitimate requests any longer, causing legitimate users to be denied service.

slide6

Identity Theft

This occurs when someone obtains enough information about a person (e.g. name, birth date, SS#, address, credit card#, mother’s maiden name) to be able to masquerade as that person. The thief could get a driver’s license and credit cards under your name.

Salami Shaving/Slicing

Writing a computer program that transfers small

amounts of money (e.g. a few cents) from each

transaction to a secret account. This is usually

performed by someone within a company.

e.g. the movie Office Space

Online Auction Fraud

Purchase items on eBay and never receive them. Craigslist also has many scams.

slide7

PhishingThe use of a spoofed e-mail to gain credit card numbers, usernames and passwords, or other personal info. The user is often redirected to a fraudulent (spoofed) web site.

slide8

Spoofed or FraudulentWeb Sites (dot cons)Many phishing scams use spoofedweb sites. The user will type in hisusername/password which is storedon the server.

  • In addition to disclosing personal information only when it is necessary and only via secure Web pages, you should use security software and keep it up to date.
  • To avoid phishing schemes, never click a link in an email message to go to a secure Web site—always type the URL for that site in your browser.
slide9
Malware – Malicious programs installed without your knowledge. This includes adware, spyware, and viruses. The best defense is anti-virus software and good practices.
  • Adware
  • Software that delivers advertisements to
  • your desktop. It could be installed without
  • your knowledge, or built in to legitimate apps.
  • Spyware
  • Software that secretly gathers information
  • about the user and transmits it on the
  • Internet. It could be marketing information transmitted to advertisers or it could be more malicious and transmit your keystrokes (e.g. usernames and passwords) to someone on the internet.
  • Viruses
  • A program that is installed without the permission or knowledge of the user. It will affect the computer’s operation in some manner. Viruses are attached to legitimate executable files and can replicate themselves to other files when you execute them. It is common to get a virus from executable files downloaded from the Internet, or from executable files attached to e-mails and instant messages.
slide10

A couple types of viruses:

Trojan Horseis a virus that is disguised as a legitimate program. They are downloaded from the Internet and executed by the user. For example: a game. A regular virus attaches itself to a legitimate program and executes when you run the program.

Worm is a type of virus that replicates itself over the network or Internet without user intervention, as opposed to being attached to a file that is downloaded. Without a firewall, your computer could get a worm when you connect to the Internet.

slide11

E-mail Hoaxes/Chain LettersE-mails chain letters are usually an unreliable source of news. You can go to snopes.com to verify the content of an e-mail, as well as other rumors.

  • >>> TO: MASSAOL@aol.com >>> FROM: GatesBeta@microsoft.com >>> ATTACH: Tracklog@microsoft.com/Track883432/~TraceActive/On.html >>> Hello Everyone, >>> And thank you for signing up for my Beta Email Tracking >>> Application or (BETA) for short. My name is Bill Gates. >>> Here at Microsoft we have just compiled an >>> e-mail tracing program that tracks everyone to whom this message >>> is forwarded to. It does this through an unique IP (Internet Protocol) >>> address log book database. We are experimenting with >>> this and need your help. Forward this to everyone you know >>> and if it reaches 1000 people everyone on the list will >>> receive $1000 and a copy of Windows98 at my expense. >>> Enjoy. >>> Note: Duplicate entries will not be counted. You will be >>> notified by email with further instructions once this email >>> has reached 1000 people. Windows98 will not be shipped >>> unitl it has been released to the generalpublic. >>> Your friend, >>> Bill Gates & The Microsoft Development Team.

Subject: Make A Wish Foundation (fwd) A plea from a sick little girl Little Kimberly Anne is dying of a horrible tropical disease. Her goal, before she passes into the Great Beyond, is to collect as many free America Online disks as she can, to make the Guiness Book of Records. Her project is being sponsored by the Wish-Upon-a-Star Foundation, which specializes in fulfilling the final wishes of such sick little girls. So, next time you get an unwanted AOL disk in the mail, don't throw it away! Think of the sparkle it will bring to the eye of a dying child. Write on the package: [Address deleted to prevent this hoax from continuing.] Please copy this message and circulate it to your friends, neighbors, and ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ co-workers. Only you can child's wish reality! God bless you from the Wish-Upon-a-Star Foundation!</h3>

slide12

Email EncryptionE-mail is currently the popular form of business communication. E-mail (SMTP) messages are not encrypted when being sent over the Internet. Some companies will have encryption for internal e-mails. Some devices such as Blackberries offer encryption for messages to other Blackberry users.Web Site EncryptionWeb sites which are encrypteduse public/private key encryption.These web sites use the https://The web browser will also displaya lock. If you click on the area tothe left of the https, you can seethe security certificate. The website is also verified as authenticby a 3rd party such as VeriSign.

slide14

Which one of these software programs is from a well-known company?

Since a program can affect your computer the same way a drug can affect your body, who do you trust to install a program on your computer?

slide15

Be careful installing web browser plug-ins – this is a popular way to trick you into installing malware. The safest way to install a plug-in is to go to the site that makes the software rather than the site that tries to install it for you. Here are some popular browser plug-ins.

Be careful when you install legitimate software because the installation program often tries to install extra unneeded software.

Java – from www.sun.com

Flash – from www.adobe.com

Acrobat Reader – from www.adobe.com

Shockwave – from www.adobe.com

Quicktime – from www.apple.com

RealPlayer – from www.realaudio.com

Windows Media Player – from www.microsoft.com

slide16

Most add-on toolbars contain adware and/or spyware

My recommendation: DON’T install them. If you REALLY want it, research it first.

slide17

To protect hardware from damage due to power fluctuations, everyone should use a surge suppressor with a computer whenever it is plugged into a power outlet.

Users who want their desktop computers to remain powered up when the electricity goes off should use an uninterruptible power supply (UPS).

slide19

WiFi Security

- prevents unauthorized

access and piggybacking

- provides encryption

WEP(least secure)

Wired Equivalent Privacy

WPA(more secure)

WiFi Protected Access

firewalls
Firewalls
  • Firewalls block unrequested Internet traffic to your computer.
  • Windows includes the Windows Firewall (software firewall)
  • Many home DSL/Cable routers include a firewall (hardware firewall)
slide21

What is your primary defense against hardware loss, damage, or system failure? Backups!!!!!!!!!!!

  • Securing Backup MediaThe media used to store backups (tapes, CD-R, DVD-R) needs to be secure. Fireproof safes provide some protection. Off-site storage of backups adds considerable protection of media. Data storage companies store backup media at secure remote locations. Disaster Recovery PlanSpells out what an organization will do to prepare for and recover from a disruptive event.Q: What data do YOU have that should be backed up?Q: How do YOU backup your data?