Call Girls Chickpet ☎ 7737669865☎ Book Your One night Stand (Bangalore)
Lec12chap11f04
1. Lecture 16 / Chapter 12 COSC1300/ITSC 1401/BCIS 1405 11/8/2004
F.Farahmand 1 / 12 File: lec12chap11f04.doc
General Items:
• Tests?
• Lab?
• Need to come to class
• Have a quiz / no books / use notes
• Challenge / 80 /
• Talk to me!
Reading Materials:
•
Miscellaneous:
2. Lecture 16 / Chapter 12 COSC1300/ITSC 1401/BCIS 1405 11/8/2004
F.Farahmand 2 / 12 File: lec12chap11f04.doc
The Internet
• Wide open to everyone with no central authority
• Carries many important information (private and proprietary)
• Potential risks:
- Interceptions
- Attacking sources
Security and Privacy
- What are they and why do we need them?
- What are the security risks and safeguards:
o Hardware
o Software
o Cybercrime – Online or Internet based illegal acts
o Access to unauthorized information
Computer Security Risks
-Defined as any action or event that can cause loss or damage to HW, SW,
Data, Information, or processing ability
- Examples of computer security risks:
o Malicious-logic programs – programs that act without the user’s
knowledge
- Computer virus, worm, Trojan horse
o Access Control
o Theft: HW, SW, Information, Data, etc.
Computer Viruses and other malicious-logic programs
- A piece of code (software) that affects normal computer operation
What are the most common things to be stolen in
our society?
3. Lecture 16 / Chapter 12 COSC1300/ITSC 1401/BCIS 1405 11/8/2004
F.Farahmand 3 / 12 File: lec12chap11f04.doc
o Could be harmless and just for fun! – altering the normal operation
of the computer
o Damaging the operating system (boot code)
o Damaging other existing programs
- Examples:
o Some are only a particular malicious logic
- Worms: Blaster, Sobig
o Some are all three types:
- Melissa
- Activation methods:
o Opening infected files, running an infected file, starting the
computer with an infected floppy
o Some viruses are harmless or even cute!
o There are more than 80,000 known viruses (last 20 years)
o A list of viruses are available on web pages: http://www.cert.org
Three basic virus types:
- Boot sector virus: executes when a software boots up
o Don’t use floppies to boot up your system!
- File virus: Attached to a program file and it is activated when the program
is run
- Macro virus: Uses a macro language of an application (spread sheet)
- They can be activated immediately or after some times
Why would anyone want to spend time to write a
computer virus???
4. Lecture 16 / Chapter 12 COSC1300/ITSC 1401/BCIS 1405 11/8/2004
F.Farahmand 4 / 12 File: lec12chap11f04.doc
Malicious-logic program types
- Virus: A hidden program that spreads itself throughout the computer or
from one system to another
o Damages files, system software, operating system
- Worm: Copies itself repeatedly in memory or hard drive and eventually
fills it; such as Code Red
- Trojan horse: Hides inside a legitimate program
o Does not replicate itself
o Often attached to email files
- Typical impacts include
o Abnormal display
o Loss of memory
o File corruptions
o Altering system property
Ways to protect computers against viruses:
- Use virus detector programs:
o Norton AntiVirus
o McAfee VirusScan
- Keep these programs up-to-date
- Basic operations:
o Detecting viruses based on their heading, file size, creation date
o They remove or quarantine the infected files
- Some viruses are not detectable:
o Stealth Virus (no change in file size)
o Polymorphic Virus (changes its program code!)
- Detecting virus hoax! – Chain letters!
5. Lecture 16 / Chapter 12 COSC1300/ITSC 1401/BCIS 1405 11/8/2004
F.Farahmand 5 / 12 File: lec12chap11f04.doc
Unauthorized access (computer risks)
- Use of computer or network without permission
o Hacker? Cracker?
o Steal information or they simply leave a message! I was here!
- Preventing unauthorized access:
o Access control: security measure to control who can access the
system
o A two-phase process:
Identification: Valid user
Authentication: verifies you are who you say you are!
There are four methods:
o
o Password: 6 characters; how many combinations? (2 Billions)
How long does it take you to figure it out? (700 years!)
o Possessed objects: Pin number, Card (ATM card), external devices
o Biometric devices: Authenticates person’s identity by verifying
personal characteristics
fingerprint scanner
• TruePrint Technology – looking at live-tissues (more
accurate fingerprinting scheme – Offered by Authen
Tech
Access Control
User name
/Password
Processed
Object
Biometric Call back
systems
Identification Authentication
6. Lecture 16 / Chapter 12 COSC1300/ITSC 1401/BCIS 1405 11/8/2004
F.Farahmand 6 / 12 File: lec12chap11f04.doc
• Brain Fingerprinting! –picking your brain for what you
now or can remember!
hand geometry system
voice recognition
face recognition
Iris recognition system (tiny blood vessels in your eyes)
o Callback system
Other computer security risks:
- Hardware theft: stealing computer equipments
o How can you protect your laptop? Any idea?
- Software theft:
o Software piracy: unauthorized and illegal duplication
o Many require license for operating the software
o $11 billion loss each year! -> Jail time and hefty fines!
- Information theft:
o Stealing personal identifications and information
o One of the most common things to be stolen!
o Means of protection:
Encryption techniques
o Encryption (scrambling) : process of converting readable data into
unrecognizable data
Need to know how to decrypt
Clipper chip – tamper-resistance personal computer
processor (except for the government!)
• encryption mechanism
• Yet, the custody of the private key!
o Allowing intercepting private communications by
government organizations
Is there a full proof computer security system?
7. Lecture 16 / Chapter 12 COSC1300/ITSC 1401/BCIS 1405 11/8/2004
F.Farahmand 7 / 12 File: lec12chap11f04.doc
Freedom Privacy and Security tool (leaves no ID!- no way
of tracking)
o There are two basic types of encryptions:
Private key encryption: Both the sender and the receiver
have the secret code to decrypt the data. The most popular
key encryption is the data encryption standard (DES)
Public key encryption: Uses public and private key
8. Lecture 16 / Chapter 12 COSC1300/ITSC 1401/BCIS 1405 11/8/2004
F.Farahmand 8 / 12 File: lec12chap11f04.doc
Computer safeguards:
- System failure protection: prolonged malfunction of a computer resulting
in loss of data, information, hardware damage, etc.
o Electrical disturbances in a single or network of computers
o Includes:
Noise: unwanted signal disturbing the normal operation. Not a
risk to the hardware.
Undervoltage: When voltage level drops (blackout – complete
power failure)
Overvoltage: Excessive power increase (spike – momentary
overvoltage) - Use surge protector.
- System backup: duplicating files.
o Backup media can be Zip disks, CD-RW, DVD-RW
o Three basic types:
Full: complete backup
Differential: Copying only files which have changed since the
last full backup
Incremental: Copying the most recent files which have
changed
- Disaster recovery plan: A written plan describing how to restore
computer operations in case of emergency failure. Contains four major
components:
o Emergency plan: describes immediate actions after the disaster
o Backup plan: How the computer uses backup files
o Recovery plan: Actions taken to restore full information processing
operation
o Test plan: simulating various levels of emergency cases
- Developing computer security plan: A written document summarizing all
computer safeguards to protect company’s information assets
9. Lecture 16 / Chapter 12 COSC1300/ITSC 1401/BCIS 1405 11/8/2004
F.Farahmand 9 / 12 File: lec12chap11f04.doc
Internet and network security
- Creating higher degree of security risks
- Some basic problems with the Internet: No central administrator,
everyone can have access to the information on the Internet
- So what are these security risks?
o Denial of service attacks: a user is denied access to network
services (Web page)
o Securing Internet transactions
Using public and private keys;
Encryptions – Secure site use security protocols: HTTPS
o Firewalls: Security system consisting or hardware or software that
prevents unauthorized access to the network
o Firewalls can be implemented in different ways:
Using a Proxy server: a server controlling all communications
Personal firewall: a software program detecting unauthorized
access to a personal computer on the network
o Audit trails
Uses a log to know who has been attempting to access
o Intrusion detection
Check the strange behavior of incoming messages and notify
the administrator
o Securing email messages: we can secure email using encryption
programs
Pretty Good Privacy (PGP) – download for free:
http://www.pgpi.org/
10. Lecture 16 / Chapter 12 COSC1300/ITSC 1401/BCIS 1405 11/8/2004
F.Farahmand 10 / 12 File: lec12chap11f04.doc
Information privacy
- Refers to the right of individuals and companies to deny or restrict the
collection and use of information about them – data privacy
- Similar technologies are used for web-casting and advertising:
o Cookies: A small file that the web server store on your computer
You can avoid it by changing your computer security level
Delete the ones you don’t want: search for COOKIES!
Remember some of the files are hidden: Open a folder ->
Tools -> Folder Options -> Viewing -> Hidden files
o Spam: Unsolicited e-mail message
Use email filtering http://www.cloudmark.com
o Spyware: collects information on your PC without your
knowledge.
It communicates these information with an outside source
Examples: Adware or Web bug (browsing habits!)
A software that is free may contain one of these utilities
- Privacy laws: Laws regarding storing and disclosure of personal data
o There is a long list of ACTs passed by the congress
Video Privacy Protection Act (forbids retailer from revealing
or selling video-rental without the consumer consent or court
order
Cable Communications Policy Act (regulating the disclosure
of TV subscriber record)
Then came the PATRIOT ACT – The law enforcement have
the right to monitor people’s activities
- Keyboard tracking
- Tracking your cell phones, emails, web activities
- Book records
o What is the problem?
We still don’t know what to do with the telemarketers
11. Lecture 16 / Chapter 12 COSC1300/ITSC 1401/BCIS 1405 11/8/2004
F.Farahmand 11 / 12 File: lec12chap11f04.doc
Cookies and Spam are considered as freedom of expression
What to do in libraries: Add web filter software or not?
- Rating system – specific users with passwords cannot
access certain materials
- Simply block everyone!
Stop companies from selling your private information to
others
o Monitoring Employees
73 percent of companies search and/or read employee files,
emails, voice mail, web connections, etc.
Computer Vision Lab in Florida is developing a visual
tracking device to follow employees around the office:
- “You can tell if someone is just drinking coffee all the
time and not working,"
12. Lecture 16 / Chapter 12 COSC1300/ITSC 1401/BCIS 1405 11/8/2004
F.Farahmand 12 / 12 File: lec12chap11f04.doc
Computers and heals risks
• Repetitive Strain Injury – Injury or disorder of the muscles, nerves,
joints, and tendons
o Largest job-related injury in the United States
o Examples:
Tendonitis: inflammation of a tendon due to repeated motion
or stress on the tendon
Carpal Tunnel Syndrome: Inflammation of nerves connected
to the forearm to the pals of the wrist
Computer vision syndrome: Having sore, tired, burning,
itching eyes
Computer addiction! Don’t chat too much!
• Green Computing:
o Energy Star: Guide lines for reducing the electricity and
environmental waste while using computers
Recycling problem: 500 million computers are estimated to be
obsolete by 2007!
We MUST reduce wasting resources!