Presentation Packages
Download
Report
Transcript Presentation Packages
Chapter 11
Security and Privacy: Computers
and the Internet
Why are security and privacy
issues?
networking has made data and
information easier to access
data and information must be protected
from
– destruction
– accidental damage
– theft
– espionage
– unauthorized access
Computer Crime
most frequently reported computer crimes
–
–
–
–
credit card fraud
data communications fraud
unauthorized access to computer files
unlawful copying of copyrighted software
People
hackers - people who attempt to gain
access to computer systems illegally
electronic pickpockets - people who use
computers to illegally transfer money,
goods, or other valuables
white-hat hackers - professionals hired
to try to break into a system before
someone else does
“Bad Guy” Tricks
Some methods commonly used by computer
criminals
– bomb - program designed to trigger damage under
certain conditions
– data diddling - changing data before or after it is
entered
– denial of service attacks - bombarding a site with
requests for service
– piggybacking - accessing a system through
someone else, may occur if the authorized user
did not exit properly
More tricks
– salami techniques - embezzlement technique that
transfers small “slices” of money
– scavenging - looking through garbage for useful
information
– trapdoor - an unauthorized means of entry into a
legitimate program
– Trojan horse - potentially harmful instructions
hidden inside an otherwise useful program
– zapping - software designed to bypass security
systems
Discovery and Prosecution
discovery of computer crimes is often difficult
many businesses do not report crimes for
fear of bad publicity
complexities of computer-related fraud often
not fully understood by
–
–
–
–
law enforcement
prosecutors
judges
juries
Computer Fraud and Abuse Act (1986)
– attempt to define computer crime at national level
Computer Forensics
computer forensics - uncovering
computer-stored information to be used in
court
– used in both civil and criminal cases
– relatively new field
– each examination is unique
Security measures
authorized access - badges, passwords,
biometrics
disaster recovery plan
software security - who do programs belong
to?
data security - secure waste, internal controls,
audit checks, passwords, etc.
personal computer security - surge protectors
backup files
Viruses
virus - program designed to “infect” a
computer
– damage may include changed or deleted files,
bizarre screen effects, sabotage entire computer
system
worm - program designed to transfer itself
over a network
retrovirus - program designed to attack
antivirus software
vaccine (antivirus) - program designed to
detect and neutralize or remove viruses
Transmitting Viruses
programs downloaded from the Internet
diskettes
attachments to e-mail
program with the virus must be
executed to activate the virus
Privacy
privacy - the right to control information
about oneself
greatly compromised by giant
databases and the sharing and sale of
information
Privacy Legislation
Fair Credit Reporting Act of 1970
– can access and challenge credit records
Freedom of Information Act of 1970
– allows access to information gathered by
federal agencies
Federal Privacy Act of 1974
– no secret personal files maintained by
federal government agencies and
contractors
Privacy Legislation
Video Privacy Protection Act of 1988
– prevents retailers from disclosing a
person’s video rental records without a
court order
Computer Matching and Privacy
Protection Act of 1988
– prevents the government from comparing
certain records to find a match
– much of matching is still unregulated
Network Security and Privacy
firewall - software designed to protect a
network from unauthorized access from
the outside world
encryption - scrambling of messages to
protect privacy, can be decrypted by
receiver using a “key”
– public key encryption allows individuals to
provide a public key for encryption then
use a private key to decrypt messages
Electronic Monitoring
many businesses monitor employee
computer use
– check current screen display
– check e-mail
– count keystrokes per minute
many Web sites collect information about
about visitors
– cookies - files that store information about you,
sent to the Web server by browser when a site is
visited (browser can be set to refuse them)
Junk E-mail
spamming - sending out mass e-mail
messages for advertising purposes
flaming - responding in anger to e-mail
filter software - program that screens
incoming e-mail
Who should access the Internet?
the Internet provides a wide variety of useful
resources for adults and children
many sites are designed for an adult
audience
– blocking software attempts to stop users from
accessing inappropriate sites
– hard to keep list of sites to avoid up-to-date
Children’s Online Privacy Protection Act
(2000) - requires Web sites that target
children under the age of 13 to post their
privacy policy and obtain parental consent