Security and Privacy: Computers and the Internet CIS 105 Revised October 2004
Objectives <ul><li>Explain the different types of computer crime and the difficulties of discovery and prosecution </li></...
Computer Crime <ul><li>Most commonly reported categories </li></ul><ul><ul><li>Credit card fraud </li></ul></ul><ul><ul><l...
What’s at Stake? <ul><li>Consumption of Staff Time </li></ul><ul><li>Downtime </li></ul><ul><li>Fraud and Theft </li></ul>...
Methods Computer Criminals Use <ul><li>Bomb </li></ul><ul><li>Data diddling </li></ul><ul><li>Denial of service attacks </...
Computer Crime and Cybercrime: Tools and Techniques <ul><li>Tricks for Obtaining Passwords </li></ul><ul><ul><li>Password ...
Meet the Attackers <ul><li>Spies </li></ul><ul><li>Swindlers </li></ul><ul><li>Shills </li></ul><ul><li>Cyberstalkers and ...
Playing it Safe: A System of Safeguards <ul><li>Protects system and data from deliberate or accidental damage </li></ul><u...
Discovery and Prosecution <ul><li>Crimes are often undetected </li></ul><ul><ul><li>When they are detected, they are often...
Computer Forensics <ul><li>Uncovering computer-stored information suitable for use as evidence in courts of law </li></ul>...
Controlling Access <ul><li>Four means of controlling who has access to the computer </li></ul><ul><ul><li>What you  have <...
A Disaster Recovery Plan <ul><li>A method of restoring computer processing operations and data files in the event of major...
Software Security <ul><li>Who owns custom-made software? </li></ul><ul><li>What prevents a programmer from taking a copy o...
Data Security <ul><li>Several techniques can be taken to prevent theft or alteration of data </li></ul><ul><ul><li>Secured...
Personal Computer Security <ul><li>Physical security of hardware </li></ul><ul><ul><li>Secure hardware in place with locks...
Protecting Disk Data <ul><li>Use a surge protector to prevent electrical problems from affecting data files </li></ul><ul>...
 
Preventing Virus Infections <ul><li>Install antivirus program on all computers; update </li></ul><ul><li>Write-protect res...
A Firewall <ul><li>A combination of hardware and software that sits between an organization’s network and the Internet </l...
Encryption <ul><li>Scrambling data so that it can only be read by a computer with the appropriate key </li></ul><ul><ul><l...
Being Monitored <ul><li>Employers can monitor employees’  e-mail, use of the Internet, and count the number of keystrokes ...
Cookies <ul><li>A small text file stored on your hard drive </li></ul><ul><li>File is sent back to the server each time yo...
Spamming <ul><li>Mass advertising via e-mail </li></ul><ul><ul><li>Can overflow your e-mail inbox </li></ul></ul><ul><ul><...
Worst Practices <ul><li>Email forwarding </li></ul><ul><li>Auto reply </li></ul><ul><li>HTML email </li></ul><ul><li>Insta...
Recovery & Security <ul><li>Backup systems </li></ul><ul><li>Disaster Recovery Plan  </li></ul><ul><ul><li>Emergency -- Ba...
Backing Up Files <ul><li>Back up to tape drive, CD-RW, or DVD-RAM </li></ul><ul><ul><li>You can use software that automati...
Types of Backup <ul><li>Three types of backup </li></ul><ul><ul><li>Full backup – copies everything from the hard drive </...
Backup Methods
Your Turn!  How Would You Handle It? Security risks <ul><li>Safeguarding a computer </li></ul>Computer viruses <ul><li>Com...
If asked, can you…. <ul><li>Explain the different types of computer crime and the difficulties of discovery and prosecutio...
Sources <ul><li>Capron; Computers: Tools for An Information Age, 8 th  Ed. 2003 </li></ul><ul><li>Pfaffenberger; Computers...
Upcoming SlideShare
Loading in …5
×

3e - Computer Crime

2,345 views

Published on

Published in: Technology
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total views
2,345
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
132
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

3e - Computer Crime

  1. 1. Security and Privacy: Computers and the Internet CIS 105 Revised October 2004
  2. 2. Objectives <ul><li>Explain the different types of computer crime and the difficulties of discovery and prosecution </li></ul><ul><li>Describe the aspects of securing corporate data, including software and data security, disaster recovery plans, and security legislation </li></ul><ul><li>Describe in general terms how viruses work, the damage they can cause, and procedures used to prevent this damage </li></ul><ul><li>Explain the threats to personal privacy posed by computers and the Internet. Describe actions you can take to maximize your privacy </li></ul>
  3. 3. Computer Crime <ul><li>Most commonly reported categories </li></ul><ul><ul><li>Credit card fraud </li></ul></ul><ul><ul><li>Data communications fraud </li></ul></ul><ul><ul><li>Unauthorized access to computer files </li></ul></ul><ul><ul><li>Unlawful copying of copyrighted software </li></ul></ul>
  4. 4. What’s at Stake? <ul><li>Consumption of Staff Time </li></ul><ul><li>Downtime </li></ul><ul><li>Fraud and Theft </li></ul><ul><li>Adverse Publicity </li></ul><ul><li>Vandalism </li></ul><ul><li>Character Assassination </li></ul><ul><li>Loss of Privacy </li></ul><ul><li>Risks to Public Safety </li></ul><ul><li>Denial of Service (DoS) </li></ul>
  5. 5. Methods Computer Criminals Use <ul><li>Bomb </li></ul><ul><li>Data diddling </li></ul><ul><li>Denial of service attacks </li></ul><ul><li>Piggybacking </li></ul><ul><li>Salami technique </li></ul><ul><li>Scavenging </li></ul><ul><li>Trapdoor </li></ul><ul><li>Trojan horse </li></ul><ul><li>Zapping </li></ul>
  6. 6. Computer Crime and Cybercrime: Tools and Techniques <ul><li>Tricks for Obtaining Passwords </li></ul><ul><ul><li>Password Guessing </li></ul></ul><ul><ul><li>Shoulder Surfing </li></ul></ul><ul><ul><li>Packet Sniffers </li></ul></ul><ul><ul><li>Dumpster Diving </li></ul></ul><ul><ul><li>Social Engineering </li></ul></ul><ul><ul><li>Superuser Status </li></ul></ul><ul><ul><li>Forgery </li></ul></ul><ul><ul><li>Security Loophole Detection Programs </li></ul></ul><ul><ul><li>Computer Viruses </li></ul></ul><ul><ul><li>More Rogue Programs (time bomb, worm, trojan horse) </li></ul></ul>
  7. 7. Meet the Attackers <ul><li>Spies </li></ul><ul><li>Swindlers </li></ul><ul><li>Shills </li></ul><ul><li>Cyberstalkers and Sexual Predators </li></ul><ul><li>Information Warfare </li></ul>
  8. 8. Playing it Safe: A System of Safeguards <ul><li>Protects system and data from deliberate or accidental damage </li></ul><ul><ul><li>Protecting Computers from Power-Related Problems </li></ul></ul><ul><ul><li>Backing up Data </li></ul></ul><ul><li>Protects system and data from unauthorized access </li></ul><ul><ul><li>Controlling Access </li></ul></ul><ul><ul><li>Using Firewalls </li></ul></ul><ul><ul><li>Using Encryption </li></ul></ul><ul><ul><li>Using Antivirus Programs </li></ul></ul><ul><ul><li>Avoiding Scams </li></ul></ul><ul><ul><li>Preventing Cyberstalkers </li></ul></ul><ul><ul><li>Possessed Objects (PIN) Biometrics Devices </li></ul></ul><ul><ul><li>Callback Systems </li></ul></ul><ul><ul><li>Audit Trail </li></ul></ul><ul><li>Pop-Up Stoppers </li></ul><ul><li>Spy-Bots </li></ul>
  9. 9. Discovery and Prosecution <ul><li>Crimes are often undetected </li></ul><ul><ul><li>When they are detected, they are often not reported </li></ul></ul><ul><li>Prosecution is difficult </li></ul><ul><ul><li>Law enforcement agencies and prosecutors are ill-equipped to handle computer crime </li></ul></ul><ul><ul><li>Judges and juries often don’t understand computer crime </li></ul></ul><ul><li>Congress passed the Computer Fraud and Abuse Act to increase awareness of computer crime </li></ul>
  10. 10. Computer Forensics <ul><li>Uncovering computer-stored information suitable for use as evidence in courts of law </li></ul><ul><ul><li>Restores files and/or e-mail messages that someone has deleted </li></ul></ul><ul><li>Some experts are available for hire, but most are on the staffs of police departments and law firms </li></ul>
  11. 11. Controlling Access <ul><li>Four means of controlling who has access to the computer </li></ul><ul><ul><li>What you have </li></ul></ul><ul><ul><ul><li>Badge, key, or card to give you physical access to the computer room or a locked terminal </li></ul></ul></ul><ul><ul><li>What you know </li></ul></ul><ul><ul><ul><li>Password, key code </li></ul></ul></ul><ul><ul><li>What you do </li></ul></ul><ul><ul><ul><li>Software </li></ul></ul></ul><ul><ul><li>What you are </li></ul></ul><ul><ul><ul><li>Biometrics </li></ul></ul></ul>
  12. 12. A Disaster Recovery Plan <ul><li>A method of restoring computer processing operations and data files in the event of major destruction </li></ul><ul><li>Several approaches </li></ul><ul><ul><li>Manual services </li></ul></ul><ul><ul><li>Buying time at a service bureau </li></ul></ul><ul><ul><li>Consortium </li></ul></ul><ul><li>Plan should include priorities for restoring programs, plans for notifying employees, and procedures for handling data in a different environment </li></ul>
  13. 13. Software Security <ul><li>Who owns custom-made software? </li></ul><ul><li>What prevents a programmer from taking a copy of the program? </li></ul><ul><li>Answer is well established </li></ul><ul><ul><li>If the programmer is employed by the company, the software belongs to the company </li></ul></ul><ul><ul><li>If the programmer is a consultant, ownership of the software should be specified in the contract </li></ul></ul>
  14. 14. Data Security <ul><li>Several techniques can be taken to prevent theft or alteration of data </li></ul><ul><ul><li>Secured waste </li></ul></ul><ul><ul><li>Internal controls </li></ul></ul><ul><ul><li>Auditor checks </li></ul></ul><ul><ul><li>Applicant screening </li></ul></ul><ul><ul><li>Passwords </li></ul></ul><ul><ul><li>Built-in software protection </li></ul></ul>
  15. 15. Personal Computer Security <ul><li>Physical security of hardware </li></ul><ul><ul><li>Secure hardware in place with locks and cables </li></ul></ul><ul><ul><li>Avoid eating, drinking, and smoking around computers </li></ul></ul>
  16. 16. Protecting Disk Data <ul><li>Use a surge protector to prevent electrical problems from affecting data files </li></ul><ul><li>Uninterruptible power supply includes battery backup </li></ul><ul><ul><li>Provides battery power in the event power is lost </li></ul></ul><ul><ul><li>Allows users to save work and close files properly </li></ul></ul><ul><li>Back up files regularly </li></ul>
  17. 18. Preventing Virus Infections <ul><li>Install antivirus program on all computers; update </li></ul><ul><li>Write-protect rescue disk </li></ul><ul><li>Never start computer with floppy disk in drive A: </li></ul><ul><li>Scan floppy disk before using it </li></ul><ul><li>Check all download programs for virus (download directory) </li></ul><ul><li>Back up files regularly; scan back-up program prior to backing up. Ensure virus free. </li></ul>
  18. 19. A Firewall <ul><li>A combination of hardware and software that sits between an organization’s network and the Internet </li></ul><ul><ul><li>All traffic between the two goes through the firewall </li></ul></ul><ul><ul><li>Protects the organization from unauthorized access </li></ul></ul><ul><ul><li>Can prevent internal users from accessing inappropriate Internet sites </li></ul></ul>
  19. 20. Encryption <ul><li>Scrambling data so that it can only be read by a computer with the appropriate key </li></ul><ul><ul><li>Encryption key converts the message into an unreadable form </li></ul></ul><ul><ul><li>Message can be decrypted only by someone with the proper key </li></ul></ul><ul><li>Private key encryption – senders and receivers share the same key </li></ul><ul><li>Public key encryption – encryption software generates the key </li></ul>
  20. 21. Being Monitored <ul><li>Employers can monitor employees’ e-mail, use of the Internet, and count the number of keystrokes per minute </li></ul><ul><ul><li>Employees are often unaware they are being monitored </li></ul></ul><ul><li>Web sites can easily collect information when a user just visits the site </li></ul><ul><ul><li>Web sites use cookies to store your preferences </li></ul></ul>
  21. 22. Cookies <ul><li>A small text file stored on your hard drive </li></ul><ul><li>File is sent back to the server each time you visit that site </li></ul><ul><ul><li>Stores preferences, allowing Web site to be customized </li></ul></ul><ul><ul><li>Stores passwords, allowing you to visit multiple pages within the site without logging in to each one </li></ul></ul><ul><ul><li>Tracks surfing habits, targeting you for specific types of advertisements </li></ul></ul>
  22. 23. Spamming <ul><li>Mass advertising via e-mail </li></ul><ul><ul><li>Can overflow your e-mail inbox </li></ul></ul><ul><ul><li>Bogs down your e-mail server, increasing the cost of e-mail service </li></ul></ul><ul><li>Preventing spam </li></ul>
  23. 24. Worst Practices <ul><li>Email forwarding </li></ul><ul><li>Auto reply </li></ul><ul><li>HTML email </li></ul><ul><li>Instant Messaging </li></ul><ul><li>Peer to Peer Networking (P2P) </li></ul><ul><li>Software Downloads </li></ul><ul><li>Unauthorized Users </li></ul><ul><li>Public Networks/Wireless Networks </li></ul>
  24. 25. Recovery & Security <ul><li>Backup systems </li></ul><ul><li>Disaster Recovery Plan </li></ul><ul><ul><li>Emergency -- Backup – Recovery – Test </li></ul></ul><ul><ul><li>Computer Security Plan </li></ul></ul>
  25. 26. Backing Up Files <ul><li>Back up to tape drive, CD-RW, or DVD-RAM </li></ul><ul><ul><li>You can use software that automatically backs up at a certain type of day </li></ul></ul><ul><li>Disk mirroring </li></ul><ul><ul><li>Makes second copy of everything you put on disk to another hard disk </li></ul></ul>
  26. 27. Types of Backup <ul><li>Three types of backup </li></ul><ul><ul><li>Full backup – copies everything from the hard drive </li></ul></ul><ul><ul><li>Differential backup – copies all files that have been changed since the last full backup </li></ul></ul><ul><ul><li>Incremental backup – copies only those files that have been changed since either the last full backup or the last incremental backup </li></ul></ul><ul><li>Comprehensive backup plan involves periodic full backups, complemented by more frequent incremental or differential backups </li></ul>
  27. 28. Backup Methods
  28. 29. Your Turn! How Would You Handle It? Security risks <ul><li>Safeguarding a computer </li></ul>Computer viruses <ul><li>Computer backups </li></ul>Disaster recovery Security/privacy issues
  29. 30. If asked, can you…. <ul><li>Explain the different types of computer crime and the difficulties of discovery and prosecution </li></ul><ul><li>Describe the aspects of securing corporate data, including software and data security, disaster recovery plans, and security legislation </li></ul><ul><li>Describe in general terms how viruses work, the damage they can cause, and procedures used to prevent this damage </li></ul><ul><li>Explain the threats to personal privacy posed by computers and the Internet. Describe actions you can take to maximize your privacy </li></ul>
  30. 31. Sources <ul><li>Capron; Computers: Tools for An Information Age, 8 th Ed. 2003 </li></ul><ul><li>Pfaffenberger; Computers in Your Future 2003 </li></ul><ul><li>Microsoft Clipart </li></ul>

×