Chapter 6 Network and Internet Security and Privacy. Why be concerned about Internet security?. The Computer Fraud and Abuse Act of 1986 is the main law protecting against computer crimes. The USA PATRIOT Act increased the scope and penalties of computer fraud:
The Computer Fraud and Abuse Act of 1986 is the main law protecting against
computer crimes. The USA PATRIOT Act increased
the scope and penalties of computer fraud:
to 10 years (from 5) for a first offense and
20 years (from 10) for a second offense;
cause damage generally, not intend to cause
damage or other specified harm over the $5,000 statutory damage threshold;
Gaining access to a computer, network, or system without authorization.
Businesses, schools, and organizations have codes of conduct outlining
acceptable computer use.
Theft of Data
Data theft or information theft is the theft of data or information located on or being sent from a computer.
Interception of Communications
Instead of accessing data stored on a computer via hacking, some criminals gain
unauthorized access to data, files, email messages, VoIP calls, and other content
as it is being sent over the Internet.
A new trend is criminals intercepting credit and
debit card information during the card verification
process; that is, intercepting the data from a card
in real time as a purchase is being authorized.
Many home users have wireless (WiFi) networks.
Many people do not have security implemented
and neighbors or someone driving down the street
could access their network and use their Internet
Malicious destruction to a computer or data. This could be performed
physically or electronically. A disgruntled employee could destroy
a network server or backup tapes. Data or programs could be
altered. Web sites could be defaced.
Denial of Service
A denial of service (DoS) attack is an act of sabotage that attempts to flood a network server or Web server with so many requests for action that it shuts down or simply cannot handle legitimate requests any longer, causing legitimate users to be denied service.
This occurs when someone obtains enough information about a person (e.g. name, birth date, SS#, address, credit card#, mother’s maiden name) to be able to masquerade as that person. The thief could get a driver’s license and credit cards under your name.
Writing a computer program that transfers small
amounts of money (e.g. a few cents) from each
transaction to a secret account. This is usually
performed by someone within a company.
e.g. the movie Office Space
Online Auction Fraud
Purchase items on eBay and never receive them. Craigslist also has many scams.
PhishingThe use of a spoofed e-mail to gain credit card numbers, usernames and passwords, or other personal info. The user is often redirected to a fraudulent (spoofed) web site.
Spoofed or FraudulentWeb Sites (dot cons)Many phishing scams use spoofedweb sites. The user will type in hisusername/password which is storedon the server.
Trojan Horseis a virus that is disguised as a legitimate program. They are downloaded from the Internet and executed by the user. For example: a game. A regular virus attaches itself to a legitimate program and executes when you run the program.
Worm is a type of virus that replicates itself over the network or Internet without user intervention, as opposed to being attached to a file that is downloaded. Without a firewall, your computer could get a worm when you connect to the Internet.
E-mail Hoaxes/Chain LettersE-mails chain letters are usually an unreliable source of news. You can go to snopes.com to verify the content of an e-mail, as well as other rumors.
Subject: Make A Wish Foundation (fwd) A plea from a sick little girl Little Kimberly Anne is dying of a horrible tropical disease. Her goal, before she passes into the Great Beyond, is to collect as many free America Online disks as she can, to make the Guiness Book of Records. Her project is being sponsored by the Wish-Upon-a-Star Foundation, which specializes in fulfilling the final wishes of such sick little girls. So, next time you get an unwanted AOL disk in the mail, don't throw it away! Think of the sparkle it will bring to the eye of a dying child. Write on the package: [Address deleted to prevent this hoax from continuing.] Please copy this message and circulate it to your friends, neighbors, and ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ co-workers. Only you can child's wish reality! God bless you from the Wish-Upon-a-Star Foundation!</h3>
Email EncryptionE-mail is currently the popular form of business communication. E-mail (SMTP) messages are not encrypted when being sent over the Internet. Some companies will have encryption for internal e-mails. Some devices such as Blackberries offer encryption for messages to other Blackberry users.Web Site EncryptionWeb sites which are encrypteduse public/private key encryption.These web sites use the https://The web browser will also displaya lock. If you click on the area tothe left of the https, you can seethe security certificate. The website is also verified as authenticby a 3rd party such as VeriSign.
Be careful installing web browser plug-ins – this is a popular way to trick you into installing malware. The safest way to install a plug-in is to go to the site that makes the software rather than the site that tries to install it for you. Here are some popular browser plug-ins.
Be careful when you install legitimate software because the installation program often tries to install extra unneeded software.
Java – from www.sun.com
Flash – from www.adobe.com
Acrobat Reader – from www.adobe.com
Shockwave – from www.adobe.com
Quicktime – from www.apple.com
RealPlayer – from www.realaudio.com
Windows Media Player – from www.microsoft.com
My recommendation: DON’T install them. If you REALLY want it, research it first.
To protect hardware from damage due to power fluctuations, everyone should use a surge suppressor with a computer whenever it is plugged into a power outlet.
Users who want their desktop computers to remain powered up when the electricity goes off should use an uninterruptible power supply (UPS).
- prevents unauthorized
access and piggybacking
- provides encryption
Wired Equivalent Privacy
WiFi Protected Access
What is your primary defense against hardware loss, damage, or system failure? Backups!!!!!!!!!!!