1. •Living in a Digital
World
•Discovering
Computers 2010
2. Why Be Concerned about Network and
Internet Security?
A computer system consists not only of software,
hardware, data/information, and procedures, but also of
people- the users of the computer system.
People can use computer system for both good and bad
purposes. Some people use computers for evil activities.
A computer crime is generally defined as one that uses
computers and software for illegal purposes.
Any illegal act involving a computer generally is
referred to as a computer crime.
Computer crime encompasses a broad range of
potentially illegal activities.
3.
4. Perpetrators of Cyber Crime
Perpetrators of cybercrime and other
intrusions fall into seven basic categories:
hacker
cracker
script kiddies
corporate spy
unethical employee
cyberextortionist
cyberterrorist
5. Hackers and Crackers
Hackers
A hacker is a person who breaks into computers and computer
networks, either for profit or motivated by the challenge
Hackers do not use the system to steal money or property but they
did create fictitious accounts changed some data files.
Some people engage in hacking purely for the challenge codes.
Others do it to steal computer time, to peek at confidential
information, or to cause damage.
White hat is a term often used to describe ethical hackers that stay
entirely within the law.
They never access a system or network illegally, and they work
tirelessly to expose holes in systems with the ultimate goal of fixing
flaws and improving security.
White hats may be security professionals, hired by companies to
audit network security or test software.
6. Hackers and Crackers
Crackers
Cracking is the act of breaking into other computer systems.
This can be done with malicious intent, for financial profit, or for
fun.
The opposite of the white hat, a black hat or cracker breaks into
systems illegality for personal gain, vandalism (damage), or bragging
rights.
A cracker is a one who uses their proficiency for personal gains
outside of the law. EX: stealing data, changing bank accounts,
distributing viruses, acts of sabotage and mischief on the internet,
and have cost companies millions of dollars. etc.
7. 7Chapter 9 Understanding Computers, 11th Edition
Hacking
Hacking: using a computer to break
into another computer system; the
person doing the hacking is a hacker
To steal information
To sabotage a system
To hijack PCs to generate spam or host
Web sites
Social hacking
Authorized hacking
8. Script kiddie
A script kiddie has the same intent as a
cracker but does not have the technical
skills and knowledge.
Script kiddies often use prewritten
hacking and cracking programs to break
into computers.
9. Cyberextortionist
A cyberextortionist is someone who
uses e-mail as a vehicle for extortion.
These perpetrators send an organization a
threatening e-mail message indicating
they will expose confidential information,
exploit a security flaw, or launch an attack
that will compromise the organization’s
network — if they are not paid a sum of
money.
10. Cyberterrorist
A cyberterrorist is someone who uses the Internet or
network to destroy or damage computers for political
reasons.
The cyberterrorist might target the nation’s air traffic
control system, electricity-generating companies, or a
telecommunications infrastructure.
The term, cyberwarfare, describes an attack whose
goal ranges from disabling a government’s computer
network to crippl a country. Cyberterrorism and
cyberwarfare usually require a team of highly skilled
people.
11.
12.
13.
14. Introduction
Computer viruses and crimes have become
today’s headline news
With the increasing use of the Internet, it has
become easier for virus to spread
Virus show us loopholes in software
Most virus are targeted at the MS Windows OS
15. First Computer Virus
The first virus was made in Lahore,
Pakistan, 1986
Two programmers named Basit and
Amjad Farooq Alvi
Called Brain Virus
16. Computer Virus
A virus is a program that "infects" an executable file. After
infection, the executable file functions in a different way than
before: maybe only displaying a benign message on the monitor,
maybe deleting some or all files on the user's hard drive, maybe
altering data files.
There are two key features of a computer virus:
The ability to propagate by attaching itself to executable files (e.g.,
application programs, OS, scripts, boot sector of a hard disk or
floppy disk, etc.) Running the executable file may make new copies
of the virus.
The virus causes harm only after it has infected an executable file
and the executable file is run.
Viruses spread from one computer to another through removable
disks like USB, network computers & internet.
If a Virus is found on one computer of the network, then it can
easily infect whole network.
17. Background
There are estimated 30,000 computer
viruses in existence
Over 300 new ones are created each
month
First virus was created to show loopholes
in software
19. Symptoms of Virus Attack
Computer runs slower then usual
Computer no longer boots up
Screen sometimes flicker
PC speaker beeps periodically
System crashes for no reason
Files/directories sometimes disappear
Denial of Service (DoS)
20. Virus through the Internet
Today almost 87% of all viruses are spread
through the internet (source: ZDNet)
Transmission time to a new host is relatively
low, on the order of hours to days
“Latent virus”
21. Classifying Virus - General
Virus Information
Discovery Date:
Origin:
Length:
Type:
SubType:
Risk Assessment:
Category:
23. •Worms
•A worm is a program that copies itself.
•The distinction between a virus and worm, is that a virus never
copies itself – a virus is copied only when the infected executable file
is run.
•In the pure, original form, a worm neither deleted nor changed files
on the victim's computer — the worm simply made multiple copies
of itself and sent those copies from the victim's computer, thus
clogging(jam) disk drives and the Internet with multiple copies of
the worm. Releasing such a worm into the Internet will slow the
legitimate traffic on the Internet, as continuously increasing
amounts of traffic are mere copies of the worm.
•A classic example of a worm is the ILOVEYOU virus.
24. Worms
Spread over network connection
Worms replicate
First worm released on the Internet was called
Morris worm, it was released on Nov 2, 1988.
26. The TROJAN HORSE Virus
•The Trojan virus once on your computer,
doesn't reproduce, but instead makes your
computer susceptible to malicious intruders by
allowing them to access and read your files.
Making this type of virus extremely dangerous to
your computer's security and your personal
privacy. Therefore, you should avoid
downloading programs or files from sites if
you're not 100 percent positive of what the file
or program does.
27. Macro
A macro virus is programmed as a macro
embedded in a document. Many applications,
such as Microsoft Word and Excel, support
macro languages.
Once a macro virus gets on to your computer,
every document you produce will become
infected.
This type of virus is relatively new and may slip
by your antivirus software if you don't have the
most recent version installed on your computer.
28. Boot Sector viruses:
A boot sector virus infects diskettes and hard drives. All disks and
hard drives contain smaller sections called sectors. The first sector
is called the boot.
The boot carries the Master Boot Record (MBR). MBR functions to
read and load the operating system. So, if a virus infects the boot
or MBR of a disk, such as a floppy disk, your hard drive can become
infected, if you re-boot your computer while the infected disk is in
the drive.
Once your hard drive is infected all diskettes that you use in your
computer will be infected. Boot sector viruses often spread to other
computers by the use of shared infected disks and pirated software
applications.
The best way to disinfect your computer of the boot sector virus is
by using antivirus software.
29. Logic & Time Bombs
Logic bombs are programs which start executing malicious
program when user performs any specific action in the
computer. For Example: In one case, a programmer inserted a
logic bomb into a company’s system; that would destroy
company’s whole system, if his name was removed from it.
Their objective is to destroy data on the computer once certain
conditions have been met. Logic bombs go undetected until
launched, and the results can be destructive.
A time bomb refers to a computer program that has been written
so that it will stop functioning after a predetermined date or it
will trigger criminal activity at a specified date. For Example:
Time bombs are commonly used in shareware (trial) software
when the manufacturer of the software does not want the trial
version being used after the fix time.
30. Data Diddling or
Data Manipulation
Data diddling or manipulation is the way
in which important data can be
manipulated and changed. A person can
edit the business information of a
company or personal information of some
other person to harm them. Data diddlers
are often found changing grades in the
university records, falsifying input records
on bank transactions etc.
31. Data Stealing
This is the type of crime in which the
private information is stolen using illegal
ways. For Example: Mostly credit cards
information is theft by black hats.
Passwords can also be stolen through
different hacking techniques.
32. Software Piracy
The unauthorized copying & use of any proprietary
software is called Piracy.
Most retail programs are licensed for use at just one
computer site or for use by only one user at any time.
By buying the software, you become a licensed user
rather than an owner.
You are allowed to make copies of the program for
backup purposes, but it is against the law to give copies
to friends and colleagues.
33. Software Theft
Software theft occurs when someone:
Discovering Computers 2010: Living in a
Digital World Chapter 11
33Page 571
Steals software
media
Intentionally
erases
programs
Illegally copies
a program
Illegally
registers and/or
activates a
program
34. Software Theft
A single-user license agreement typically contains
the following conditions:
Discovering Computers 2010: Living in a
Digital World Chapter 11
34Page 571
Permitted toPermitted to
• Install the software on one computer
• Make one copy of the software
• Remove the software from your computer before giving it away or selling it
Not permitted toNot permitted to
• Install the software on a network
• Give copies to friends or colleagues while continuing to use the software
• Export the software
• Rent or lease the software
35. Software Theft
Copying, loaning,
borrowing, renting, or
distributing software
can be a violation of
copyright law
Some software
requires product
activation to
function fully
Discovering Computers 2010: Living in a
Digital World Chapter 11
35Pages 571 – 572
Figure 11-16
Click to view Web Link,
click Chapter 11, Click Web
Link from left navigation,
then click Business Software
Alliance below Chapter 11
36. Hardware Theft and
Vandalism
Hardware theft is
the act of stealing
computer equipment
Hardware
vandalism is the act
of defacing or
destroying computer
equipment
Discovering Computers 2010: Living in a
Digital World Chapter 11
36Page 570
37. Hardware Theft and
Vandalism
To help reduce the of chances of theft,
companies and schools use a variety of
security measures
Discovering Computers 2010: Living in a
Digital World Chapter 11
37Page 570
Figure 11-15
Physical
access
controls
Alarm
systems
Cables to lock
equipment
Real time location
system
Passwords, possessed
objects, and biometrics
38. Information Theft
Information theft occurs when someone
steals personal or confidential information
Encryption is a process of converting
readable data into unreadable characters to
prevent unauthorized access
Discovering Computers 2010: Living in a
Digital World Chapter 11
38Pages 572 - 573
Figure 11-17
40. Information Theft
A digital signature is an encrypted code
that a person, Web site, or organization
attaches to an electronic message to verify
the identity of the sender
Often used to ensure that an impostor is not
participating in an Internet transaction
Web browsers and Web sites use encryption
techniques
Discovering Computers 2010: Living in a
Digital World Chapter 11
40Page 574
41. System Failure
A system failure is the prolonged
malfunction(breakdown, fault) of a computer
A variety of factors can lead to system failure,
including:
Aging hardware
Natural disasters
Electrical power problems
Noise, undervoltages, and overvoltages
Errors in computer programs
Discovering Computers 2010: Living in a
Digital World Chapter 11
41Page 575
42. Backing Up – The Ultimate
Safeguard
A backup is a duplicate of a file, program, or
disk that can be used if the original is lost,
damaged, or destroyed
To back up a file means to make a copy of it
Offsite backups are stored in a location
separate from the computer site
Discovering Computers 2010: Living in a
Digital World Chapter 11
42Page 577
•Cloud
Storage
43. Backing Up – The Ultimate
Safeguard
Two categories of
backups:
Full backup
Selective backup
Three-generation
backup policy
Discovering Computers 2010: Living in a
Digital World Chapter 11
43Page 577
Grandparent
Parent
Child
44. •44
Protecting Against Unauthorized Access,
Use, and Computer Sabotage
Antivirus software: Used to detect and eliminate
computer viruses and other types of malware
Should be set up to run continuously to check incoming e-mail
messages, instant messages, and downloaded files
Should be set up to scan the entire PC regularly
Needs to be updated regularly since new malware is introduced
at all times
Best to have the program automatically download new virus
definitions on a regular basis
Some programs also scan for other threats, such as spyware,
bots, possible phishing schemes, etc.
45. 45
Protecting Against Unauthorized Access,
Use, and Computer Sabotage
Firewall: Security system that provides a protective
boundary between a computer or network and the
outside world
Works by closing down all external communications port
addresses
Blocks access to the PC from outside crackers
Blocks access to the Internet from programs on the user’s
PC unless authorized by the user
Important for home PCs that have a direct Internet
connection as well as for businesses
Intrusion protection system (IPS) software is related
Monitors and analyzes traffic allowed by the firewall to try and
detect possible attacks
46. 46
Chapter 9
Understanding
Computers, 11th Edition
Encryption and Other
Security Tools
Encryption: method of scrambling e-mail or
files to make them unreadable
Secure Web servers: use encryption to
protect information transmitted via their Web
pages
Most common is SSL
Look for a locked padlock on the status bar and
https:// in the URL
Only transmit credit card numbers and other
sensitive data via a secure Web server
48. Protect Password
Use information that only an individual
should know
Usernames
PINs
Passwords
Should be strong passwords and changed
frequently
50. Techniques Used for
Computer Security
By taking the following precautionary steps, we can
protect our computers from viruses and their affects.
Avoid downloading unnecessary files from unknown
Internet websites.
Always scan downloaded contents & files before using
(opening) them.
Don't open emails or attachments from unknown
senders.
Use strong hard-to-guess passwords or pass-
phrases. Do not use words that are commonly used.
Remember that password cracking tools exist.
51. Techniques Used for
Computer Security
If your computer is on a network, make sure that you
have a good, fully functional and updated antivirus &
firewall software installed on your computer.
Always scan all removable disks or drives (like USBs,
CDs etc) through antivirus software before using (open)
it.
Use anti-virus software and firewalls - keep them up to
date.
Back-up your computer data on disks or CDs often.
Don't share access to your computers with strangers.
Disconnect from the Internet when not in use
Encrypt document method of scrambling e-mail or files
to make them unreadable
52. Ethics and Society
Computer ethics
are the moral
guidelines that govern
the use of computers
and information
systems
Information accuracy
is a concern
Not all information on
the Web is correct
Discovering Computers 2010: Living in a
Digital World Chapter 11
52Pages 581 – 582
Figure 11-28
53. Ethics and Society
Intellectual property rights are the rights to which
creators are entitled for their work
• A copyright protects any tangible form of expression
An IT code of conduct is a written guideline that
helps determine whether a specific computer action is
ethical or unethical
Discovering Computers 2010: Living in a
Digital World Chapter 11
53Page 582
Click to view Web Link,
click Chapter 11, Click Web
Link from left navigation,
then click Digital Rights
Management
below Chapter 11