CSC1100 - Chapter09 - Computer Security, Ethics and Privacy

Discovering Computers 2008
1
Chapter 9Chapter 9Chapter 9Chapter 9
Computer Security,Computer Security,Computer Security,Computer Security,
Ethics and PrivacyEthics and PrivacyEthics and PrivacyEthics and Privacy

2
Chapter 10 ObjectivesChapter 10 ObjectivesChapter 10 ObjectivesChapter 10 Objectives
Describe the types of computer security risksDescribe the types of computer security risks
Identify ways to safeguard against
computer viruses, worms, Trojan horses,
botnets, denial of service attacks, back
doors, and spoofing
Identify ways to safeguard against
computer viruses, worms, Trojan horses,
botnets, denial of service attacks, back
doors, and spoofing
Discuss techniques to prevent unauthorizedDiscuss techniques to prevent unauthorized
Discuss the types of devices available that
protect computers from system failure
Discuss the types of devices available that
protect computers from system failure
Explain the options available for backing up
computer resources
Explain the options available for backing up
computer resources
Identify risks and safeguards associated with
wireless communications
Identify risks and safeguards associated with
wireless communications
Discuss techniques to prevent unauthorized
computer access and use
Discuss techniques to prevent unauthorized
computer access and use
Identify safeguards against hardware theft
and vandalism
Identify safeguards against hardware theft
and vandalism
Explain the ways software manufacturers
protect against software piracy
Explain the ways software manufacturers
protect against software piracy
Define encryption and explain why it is
necessary
Define encryption and explain why it is
necessary
Recognize issues related to information
accuracy, rights, and conduct
Recognize issues related to information
accuracy, rights, and conduct
Discuss issues surrounding information
privacy
Discuss issues surrounding information
privacy
Discuss ways to prevent health-related
disorders and injuries due to computer use
Discuss ways to prevent health-related
disorders and injuries due to computer use

3
Computer Security RisksComputer Security RisksComputer Security RisksComputer Security Risks
What is a computer security risk?
Event or action that causes loss of or damage to
computer system

4
Internet and Network AttacksInternet and Network AttacksInternet and Network AttacksInternet and Network Attacks
What are viruses, worms, and Trojan horses?
VirusVirus is a
potentially
damaging
computer
program
WormWorm copies
itself repeatedly,
using up
resources
and possibly
Trojan horseTrojan horse
hides within
or looks like
legitimate
program until
PayloadPayload
(destructive
event) that is
delivered when
you open file, runprogram
and possibly
shutting down
computer or
network
program until
triggered
you open file, run
infected program,
or boot computer
with infected disk
in disk drive
Can
spread
and
damage
files
Does not
replicate
itself on
other
computers

5
How can a virus spread through an e-mail message?
Step 1. Unscrupulous
programmers create a virus
program. They hide the
virus in a Word document
and attach the Word
document to an e-mail
message.
Step 2. They use
the Internet to send
the e-mail message
to thousands of
users around the
world.
Step 3b. Other users do not
recognize the name of the
sender of the e-mail message.
These users do not open the
e-mail message. Instead they
delete the e-mail message.
These users’ computers are not
infected with the virus.
Step 3a. Some
users open the
attachment and
their computers
become infected
with the virus.

6
How can you protect your system from a macro virus?
Set macro security level in applications that allow you
to write macros
Set security level so that
warning displays that
document containsdocument contains
macro
Macros are instructions
saved in an application,
such as word processing
or spreadsheet program

7
What is an antivirus program?
Identifies and removes
computer viruses
Most also protect against
worms and Trojan
horseshorses

8
What is a virus signature?
Specific pattern of virus code
Also called virus definition
Antivirus programs
look for virus
signaturessignatures

9
How does an antivirus
program inoculate a
program file?
RecordsRecords
informationinformation
about program suchabout program such
as file size andas file size and
creationcreation
datedate
UsesUses
Keeps file
in separate
area of hard disk
datedate
AttemptsAttempts
to removeto remove
any detectedany detected
virusvirus
to detect ifto detect if
virus tampersvirus tampers
with filewith file
QuarantinesQuarantines
infectedinfected
files that itfiles that it
cannotcannot
removeremove

10
What are some tips for preventing virus, worm, and Trojan
horse infections?
Never start a
computer with
removable media
Never open an
e-mail attachment
unless you are
expecting it and
Install an antivirus
program on all of
your computers
Check all
downloaded
programs for
viruses, worms,
or Trojan horses
Install a personal
firewall program
If the antivirus
program flags an e-
mail attachment as
infected, delete the
attachment
immediately
removable media
inserted
expecting it and
it is from a trusted
source
your computers

11
What are a denial of service attack, back door and
spoofing?
A denial of service (DOS) attack is an
assault which disrupts computer access
to an Internet service such as the Web or e-mail
A back door is a program or set of instructions
in a program that allow users to bypass
security controls when accessing a computer
resource
Spoofing is a technique intruders use to make
their network or Internet transmission
appear legitimate to a victim computer or
network (email spoofing)

12
What is a firewall?
Security system consisting of hardware and/or
software that prevents unauthorized intrusion

13
What is a personal firewall?
Program that protects personal computer and its data
from unauthorized intrusions
Monitors transmissions to and from computer
Informs you of attempted intrusion

14
Unauthorized Access and UseUnauthorized Access and UseUnauthorized Access and UseUnauthorized Access and Use
How can companies protect against hackers?
Intrusion detection softwareIntrusion detection software
analyzes network traffic, assessesanalyzes network traffic, assesses
system vulnerabilities, and identifiessystem vulnerabilities, and identifies
intrusions and suspicious behaviorintrusions and suspicious behavior
Access controlAccess control defines whodefines who
can access computer andcan access computer and
what actions they can takewhat actions they can take
Audit trailAudit trail records accessrecords access
attemptsattempts –– successful &successful &
unsuccessful attemptsunsuccessful attempts

15
What are other ways to protect your personal computer?
Disable file and
printer sharing on
Internet connection

16
What is a user name?
Unique combination of characters that identifies user
Password is private
combination of
characters associated
with the user namewith the user name
that allows access
to computer
resources

17
How can you make your password more secure?
Longer passwords provide greater security

18
What is a possessed object?
Item that you must carry to gain access to
computer or facility
Often used with
numeric password
called personalcalled personal
identification
number (PIN)

19
What is a biometric device?
Authenticates person’s
identity using personal
characteristic
Fingerprint, hand geometry,
voice, signature, and irisvoice, signature, and iris

20
Hardware Theft and VandalismHardware Theft and VandalismHardware Theft and VandalismHardware Theft and Vandalism
What are hardware theft and hardware vandalism?
Hardware theft is act of stealing
computer equipment
Cables sometimes used to lock
equipment
Some notebook computers use
passwords, possessed objects, andpasswords, possessed objects, and
biometrics as security methods
For PDAs and smart phones, you
can password-protect the device
Hardware vandalism is act of
defacing or destroying computer
equipment

21
Software TheftSoftware TheftSoftware TheftSoftware Theft
What is software theft?
Act of stealing orAct of stealing or
illegally stealingillegally stealing
software, copyingsoftware, copying
software orsoftware or
SoftwareSoftware piracypiracy
is illegalis illegal
duplicationduplication
of copyrightedof copyrighted
intentionallyintentionally
erasingerasing
programsprograms
softwaresoftware

22
What is a license agreement?
Right to use software
Single-user license agreement allows user to install software
on one computer, make backup copy, and sell software after
removing from computer

23
What are some other safeguards against software theft?
Product activationProduct activation allows user to inputallows user to input
product identification number online or byproduct identification number online or by
phone and receive unique installationphone and receive unique installation
identification numberidentification number
Business Software Alliance (BSA)Business Software Alliance (BSA) promotespromotes
better understanding of software piracybetter understanding of software piracy
problemsproblems

24
Information TheftInformation TheftInformation TheftInformation Theft
What is encryption?
Safeguards against information theft
Process of converting plaintext (readable data) into ciphertext
(unreadable characters)
Encryption key (formula) often uses more than one method
To read the data, the recipient must decrypt, or decipher, the data

25
Secure siteSecure site
is Web site that uses encryption
How do Web browsers provide secure data transmission?
Many Web browsers is Web site that uses encryption
to secure data
Many Web browsers
use encryption

26
What is a certificate authority (CA)?
Authorized person
or company that
issues and verifies
digital certificates
Users apply forUsers apply for
digital certificate
from CA

27
What is Secure Sockets Layer (SSL)?
Provides encryption of all data that passes between
client and Internet server
Web addresses beginning
with “https” indicate
secure connectionssecure connections
Both client & server must
have digital certificate
Available in both 40-bit
and 128-bit encryption

28
What is Secure HTTP (S-HTTP)?
Allows users to choose an encryption scheme for data
that passes between a client & a server
More difficult than SSL but more secure
Used by applications that need authenticity verification
of client – e.g. online bankingof client – e.g. online banking

29
What is Virtual Private Network (VPN)?
Mobile users today often access their company
network through VPN
For mobile users to connect to a main office using a
standard Internet connection
Provides a secure connection to company networkProvides a secure connection to company network
server, as if the user has a private line

30
System FailureSystem FailureSystem FailureSystem Failure
What is a system failure?
Can cause loss of hardware,Can cause loss of hardware,
software, or datasoftware, or data
Prolonged malfunctionProlonged malfunction
of computerof computer
Undervoltage—drop
in electrical supply
Overvoltage or
power surge—
significant increase
in electrical power
Noise—unwanted
electrical signal
Caused by aging hardware,Caused by aging hardware,
natural disasters, or electricalnatural disasters, or electrical
power disturbancespower disturbances

31
System FailureSystem FailureSystem FailureSystem Failure
What is a surge protector?
Protects computer and
equipment from electrical power
disturbances
Uninterruptible power supply
(UPS) is surge protector that(UPS) is surge protector that
provides power during power loss

32
Backing UpBacking UpBacking UpBacking Up ———— The Ultimate SafeguardThe Ultimate SafeguardThe Ultimate SafeguardThe Ultimate Safeguard
What is a backup?
Duplicate of file, program, or disk
Full backupFull backup
all files in
Full backupFull backup
all files in
Selective backupSelective backup
select which files
Selective backupSelective backup
select which files
ThreeThree--generationgeneration
backupbackup
preserves
ThreeThree--generationgeneration
backupbackup
preservesall files in
computer
all files in
computer
select which files
to back up
select which files
to back up
preserves
three copies of
important files
preserves
three copies of
important files
In case of system failure or corrupted files,
restorerestore files by copying to original location

33
Wireless SecurityWireless SecurityWireless SecurityWireless Security
How can I ensure my wireless communication is
secure?
Secure your wireless access point (WAP)
WAP should not broadcast your network name
Wireless security standards:
Enable Wired Equivalent PrivacyEnable Wired Equivalent Privacy
Wi-Fi Protected Access (WPA)
802.11i

34
Ethics and SocietyEthics and SocietyEthics and SocietyEthics and Society
What are computer ethics?
Software theftSoftware theft Information accuracyInformation accuracy
Unauthorized use of
computers and
networks
Unauthorized use of
computers and
networks
Moral guidelines that govern use of computers and information systemsMoral guidelines that govern use of computers and information systems
Information privacyInformation privacy
Intellectual property
rights—rights to which
creators are entitled for
their work
Intellectual property
rights—rights to which
creators are entitled for
their work
Codes of conductCodes of conduct
networksnetworks

35
Ethics and SocietyEthics and SocietyEthics and SocietyEthics and Society
What is an IT code of conduct?
Written guideline
that helps
determine whether
computer action is
ethicalethical
Employers can
distribute to
employees

36
Information PrivacyInformation PrivacyInformation PrivacyInformation Privacy
What is information privacy?
Difficult to maintain today
Right of individuals and
companies to deny or restrict
collection and use of information
about them
Legal for employers to use
monitoring software programs
Difficult to maintain today
because data is stored online
Employee monitoring is using
computers to observe employee
computer use

37
What are some ways to safeguard personal information?
Fill in only necessary information
on rebate, warranty, and
registration forms
Avoid shopping club
and buyers cards
Install a cookie manager
to filter cookies
Clear your history file when
you are finished browsing
Set up a free e-mail account;
Sign up for e-mail
filtering through your
Internet service provider or
use an antispam program,
such as Brightmail
Inform merchants that you
do not want them to distribute
your personal information
Limit the amount of information
you provide to Web sites; fill
in only required information
Set up a free e-mail account;
use this e-mail address for
merchant forms
Turn off file and print sharing
on your Internet connection
Install a personal firewall
Do not reply to spam
for any reason
Surf the Web anonymously
with a program such as
Freedom Web Secure or
through an anonymous
Web site such as
Anonymizer.com

38
What is an electronic profile?
Data collected when you fill out form on Web
Merchants sell
your electronic
profile
Often you canOften you can
specify whether
you want
personal
information
distributed

39
What is a cookie?
Set browser to
accept cookies,
prompt you to
accept cookies,
or disable
Some Web sites
sell or trade
information
stored in your
Small file on
your computer
that contains
data about you
User
preferences
or disable
cookies
stored in your
cookies
data about you
Interests
and
browsing
habits
How
regularly
you visit
Web sites

40
How do cookies work?

41
What are spyware, adware, and spam?
Spyware is program
placed on computer
without user’s
knowledge
Adware is a programAdware is a program
that displays online
advertisements
Spam is unsolicited
e-mail message sent
to many recipients

42
How can you control spam?
Collects spam in
central location
that you can
view any time
Service that
blocks e-mail
messages from
designated
EE--mail filteringmail filtering
view any time
designated
sources
Sometimes
removes valid
e-mail messages
Attempts to
remove spam
AntiAnti--spam programspam program

43
What is phishing?
Scam in which a perpetrator
sends an official lookingsends an official looking
e-mail that attempts
to obtain your personal and
financial information

44
What privacy laws have been enacted?

45
What privacy laws have been enacted? (cont’d)

46
What is content filtering?
Process of restricting access to certain material
Internet Content Rating
Association (ICRA)
provides rating system
of Web contentof Web content
Web filtering software
restricts access to
specified sites

47
What is computer forensics?
Also called digital forensics, network forensics, or
cyberforensics
Discovery, collection, and analysis of evidence
found on computers and networks
Computer forensic analysts must have knowledgeComputer forensic analysts must have knowledge
of the law, technical experience, communication
skills, and willingness to learn

48
Computer vision syndromeComputer vision syndrome
(CVS)(CVS) ——eye and visioneye and vision
problemsproblems
Computer vision syndromeComputer vision syndrome
(CVS)(CVS) ——eye and visioneye and vision
problemsproblems
Health Concerns of Computer UseHealth Concerns of Computer UseHealth Concerns of Computer UseHealth Concerns of Computer Use
What are some health concerns of computer use?
Carpal tunnel syndrome (CTS)Carpal tunnel syndrome (CTS)
——inflammation of nerve thatinflammation of nerve that
connects forearm to palmconnects forearm to palm
Carpal tunnel syndrome (CTS)Carpal tunnel syndrome (CTS)
——inflammation of nerve thatinflammation of nerve that
connects forearm to palmconnects forearm to palm
Repetitive strain injury (RSI)Repetitive strain injury (RSI)Repetitive strain injury (RSI)Repetitive strain injury (RSI)
Computer addictionComputer addiction —— whenwhen
computer consumes entirecomputer consumes entire
social lifesocial life
Computer addictionComputer addiction —— whenwhen
computer consumes entirecomputer consumes entire
social lifesocial life
TendonitisTendonitis —— inflammation ofinflammation of
tendon due to repeated motiontendon due to repeated motion
TendonitisTendonitis —— inflammation ofinflammation of
tendon due to repeated motiontendon due to repeated motion
connects forearm to palmconnects forearm to palmconnects forearm to palmconnects forearm to palm

49
What precautions can prevent tendonitis or carpal
tunnel syndrome?
Spread fingers apart for several seconds while keeping
wrists straight
Gently push back fingers and
then thumbthen thumb
Dangle arms
loosely at sides and
then shake arms
and hands

50
How can you ease eyestrain
when working at the computer?

51
What is ergonomics?
Applied science devoted to comfort, efficiency, and
safety in workplace
keyboard
height: 23”
to 28”
elbows at 90°
and arms and
hands parallel
to floor
feet flat on floor
adjustable
height chair
with 4 or 5
legs for
stability
adjustable
seat

52
What is green computing?
Reducing electricity and environmental waste while
using computer

53
Summary of Computer Security, Ethics and PrivacySummary of Computer Security, Ethics and PrivacySummary of Computer Security, Ethics and PrivacySummary of Computer Security, Ethics and Privacy
Potential computer risksPotential computer risks
Safeguards that schools,
business, and individuals can
implement to minimize these risks
Safeguards that schools,
business, and individuals can
implement to minimize these risks
Ethical issues surrounding information
accuracy, intellectual property rights, codes
of conduct, and information privacy
Ethical issues surrounding information
accuracy, intellectual property rights, codes
of conduct, and information privacy
implement to minimize these risksimplement to minimize these risks
Wireless security risks and safeguardsWireless security risks and safeguards
Computer-related health issues,
their preventions, and ways to
keep the environment healthy
Computer-related health issues,
their preventions, and ways to
keep the environment healthy
Chapter 8 Complete

CSC1100 - Chapter09 - Computer Security, Ethics and Privacy

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (14)

Similar to CSC1100 - Chapter09 - Computer Security, Ethics and Privacy

Similar to CSC1100 - Chapter09 - Computer Security, Ethics and Privacy (20)

More from Yhal Htet Aung

More from Yhal Htet Aung (20)

Recently uploaded

Recently uploaded (20)

CSC1100 - Chapter09 - Computer Security, Ethics and Privacy