Computer Crime & Security
Download
Report
Transcript Computer Crime & Security
Computer Crime & Security
Hackers & Crackers & Worms!
Oh my!!
What’s at Risk
Personal Information
Intellectual Property
Business Information
National Security
Personal Information
Identity Theft
Contact the fraud departments of any one of the
three consumer reporting companies
Close the accounts that you know or believe have
been tampered with or opened fraudulently.
File a report with your local police or the police in the
community where the identity theft took place
File your complaint with the FTC
Intellectual Property
Copyright
Trademark
Protects unique symbol or words used by a business to identify a
product or service
Trade Secret
Protects words, music, and other expressions for life of copyright
holder plus 70 years
Protects secrets or proprietary information
Patent
Protects an invention by giving the patent holder monopoly on
invention for 20 years after patent application has been applied.
Business Information
Business Intelligence
Competitor Intelligence
Business intelligence about the competitor.
Counter Intelligence
Collecting & analyzing information in pursuit of the
business advantage.
Protecting your own information from access by a
competitor.
Customers’ Information
National Security
Cyber terrorism
Acts of terrorism over the Internet which intimidate or harm a
population
United States Computer Emergency
Readiness Team – US CERT
National Strategy to Secure cyberspace
Prevent cyberattacks on America’s critical infrastructures
Reduce national vulnerability to cyberattacks
Minimize damage and recovery time from cyberattacks
http://www.us-cert.gov/
Current US Privacy Laws
Consumer Internet Privacy Protection Act
of 1997
The Children’s Online Privacy Protection
Act of 2000
Information Protection & Security Act of
2005
Notification of Risk of Personal Data Act
2003
Current US Privacy Laws
Identity Theft Protection Act of 2005
Health Insurance Portability &
Accountability Act (HIPAA) of 1996
Sarbanes-Oxley Act (“Sarbox”) of 2002
Gramm-Leach-Bliley Act (GBLA) of 1999
Source of Security Threats
Software/Network Vulnerabilities
User Negligence & Theft
Pirates & Plagiarism
Hackers & Crackers
Internal Threats
Software/Network Vulnerabilities
Security Holes
Vulnerability of a program or a system
Data compromise
Unauthorized software installation
Software Patches
Fixes to the software
Announces the problem
User Negligence & Theft
Data-entry errors
Errors in programs
Improper set-up or installation
Mishandling of output
Inadequate planning for equipment
malfunctions
Inadequate planning for environment
Pirates & Plagiarism
Piracy
Illegal copying, use, and distribution of digital
intellectual property
Warez - Commercial programs made available
to the public illegally
Plagiarism
Taking credit for someone else’s inellectual
property
Hackers & Crackers
Hacker
Cracker
Slang term for computer enthusiast
May be complementary or derogatory
Goal is to gain knowledge
Someone who breaks into a computer system for malicious
purposes
Computer Forensics
The application of scientifically proven methods to gather,
process, interpret, and to use digital evidence to provide a
conclusive description of cyber crime activities.
Internal Threats
Threat to System Health & Stability
Software
Data
Information Theft
Most information theft internal
Most not reported
Accidental unauthorized access
Types of Threats
Networks
Wireless Networks
Internet Threats
Malware
Scams, Hoaxes, Spam, & Fraud
Network Threats
Users
Permissions
File Ownership
Software
Data
Unauthorized use of resources
Wireless Network Threats
Signals are broadcast
War driving
War walking
Piggybacking
Internet Threats
Methods
Key-logging software
Packet-sniffing software
Port-scanning software
Social engineering
Denial of Service
Distributed Denial of Service
Internet Threats
Purpose
Hobby or challenge
Vandalism
Gain a platform for an attack
Steal information or services
Spying
Malware
Viruses
Worms
Trojan Horses
Spyware/Adware
Zombies & Botnets
Computer Viruses
Self-replicating
Self-executing
Delivers a payload
Attaches itself to an existing file
Types of Viruses
Boot Virus
Direct Action Virus
Directory Virus
Encrypted Virus
File Virus
Logic Bomb
Macro Virus
Types of Viruses
Multipartite Virus
Overwrite Virus
Polymorphic Virus
Resident Virus
Time Bomb
Stealth Virus
Worms
Operate on a computer network
Uses network to send copies of itself
Does not attach itself to an existing file
Exploits network security flaws
Types of Worms
E-mail Worms
Instant Messaging Worms
IRC Worms
File-sharing Networks Worms
Internet Worms
Trojan Horse
Disguised as non-harmful software
Non-self replicating
Types of Trojan Horses
Legitimate program corrupted by malicious
code insertion
Stand alone program masquerading as
something else, i.e. a game or image file
Spyware & Adware
Spyware
Collects information
Sends information over the Internet
Can take control of computer
Adware
Automatically pops-up with advertising
material
Zombies & Botnets
Zombie
Compromised computer attached to the
Internet
Performs malicious behavior under remote
control
May be used for Ddos or Spam
Botnet
Collection of robot computers running
autonomously
Phishing, Spam, & Hoaxes
Phishing & Pharming
Spam
http://video.google.com/videoplay?docid=562
7694446211716271
Hoaxes & Urban Legends
http://www.snopes.com
Securing Systems
Passwords
Firewalls
ID Devices & Biometrics
Data Encryption
Systems Maintenance
Wireless Security
Passwords
Secret authentication
Control access
Short enough to be memorized
Good Passwords
Do use a password with mixed-case alphabetic
characters.
Do use a password with nonalphabetic characters.
Do use a password that is easy to remember.
Do use a password that you can type quickly.
Firewalls
Hardware or Software
Port Protection
Packet Filter
Network Layer
Application Layer
Proxy Server
ID Devices & Biometrics
ID Devices
Hardware for authentication
Biometrics
Measure of unique physical characteristic for
authentication
Data Encryption
Obscuring Information
Cipher
Encryption Software
Systems Maintenance
Anti-virus software
Back-up system and data
Software updates
Delete temporary files
Wireless Security
Disable SSID
Passwords
Discrimination
Data Encryption