ADM 316 Computers and Information Processing Workshop 5

Devotion / Prayer

Chapter 10 Computer Security and Risks

A computer is a tool.

Computer Crime Computer crime is any crime accomplished through knowledge or use of computer technology. Most computer crimes are committed by company insiders and are typically covered up or not reported to authorities to avoid embarrassment.

Computer crime is any crime accomplished through knowledge or use of computer technology.

Most computer crimes are committed by company insiders and are typically covered up or not reported to authorities to avoid embarrassment.

Computer Crime

Computers are used to steal: Money Goods Information Computer resources

Money

Goods

Information

Computer resources

Online Fraud The use of deception to get individuals to reveal sensitive information (social engineering) Online auctions Sweepstakes / bank scams Phishing / spoofing

The use of deception to get individuals to reveal sensitive information (social engineering)

Online auctions

Sweepstakes / bank scams

Phishing / spoofing

Protecting Yourself from Identity Theft Make all your online purchases using a separate credit card with a low credit limit for your online transactions. Make sure a secure, encrypted Web site is managing your transaction. Don’t disclose personal information over the phone. Shred sensitive information.

Make all your online purchases using a separate credit card with a low credit limit for your online transactions.

Make sure a secure, encrypted Web site is managing your transaction.

Don’t disclose personal information over the phone.

Shred sensitive information.

Malware Virus: spreads by making copies of itself from program to program or disk to disk, requires user intervention to spread Trojan horse: performs a useful task while also being secretly destructive (Michaelangelo) Worm: program that travels independently over computer networks, seeking uninfected sites (ILOVEYOU, Anna, Blaster, Sobig.F, MyDoom)

Virus: spreads by making copies of itself from program to program or disk to disk, requires user intervention to spread

Trojan horse: performs a useful task while also being secretly destructive (Michaelangelo)

Worm: program that travels independently over computer networks, seeking uninfected sites (ILOVEYOU, Anna, Blaster, Sobig.F, MyDoom)

Effects of Malware Proliferation through address lists Modification or removal of startup files Modification or removal of data or application files Generation of denial-of-service attacks

Proliferation through address lists

Modification or removal of startup files

Modification or removal of data or application files

Generation of denial-of-service attacks

Spyware Collects information from computer users (such as keystrokes, screenshots, history) without their knowledge or consent Other names: adware, crapware, spybots Sometimes from legitimate sources (Microsoft reporting, software updates, manufacturer sales pitches)

Collects information from computer users (such as keystrokes, screenshots, history) without their knowledge or consent

Other names: adware, crapware, spybots

Sometimes from legitimate sources (Microsoft reporting, software updates, manufacturer sales pitches)

Effects of Spyware Unwanted advertising Unwanted toolbars Unwanted pop-ups Unwanted browser changes (home page, favorites) Unwanted interruptions Unwanted redirections Drains CPU usage / performance

Unwanted advertising

Unwanted toolbars

Unwanted pop-ups

Unwanted browser changes (home page, favorites)

Unwanted interruptions

Unwanted redirections

Drains CPU usage / performance

Effects of Malware

Reducing Risks Restrict physical access (keys, biometrics, special facilities) Restrict logical access (passwords, CAPTCHA, user accounts) Fortify the architecture (firewalls, encryption, UPS) Maintain “clean” facilities (anti-virus software, auditing)

Restrict physical access (keys, biometrics, special facilities)

Restrict logical access (passwords, CAPTCHA, user accounts)

Fortify the architecture (firewalls, encryption, UPS)

Maintain “clean” facilities (anti-virus software, auditing)