Lecture 16 / Chapter 12

COSC1300/ITSC 1401/BCIS 1405

11/8/2004

General Items:

Tests?
Lab?
Need to come to class
Have a quiz / no books / use notes
Challenge / 80 /
Talk to me!

Reading Materials:

Miscellaneous:

F.Farahmand

1 / 12

File: lec12chap11f04.doc

Lecture 16 / Chapter 12

COSC1300/ITSC 1401/BCIS 1405

11/8/2004

The Internet
Wide open to everyone with no central authority
Carries many important information (private and proprietary)
Potential risks:
- Interceptions
- Attacking sources

Security and Privacy

- What are they and why do we need them?
- What are the security risks and safeguards:
o Hardware
o Software
o Cybercrime Online or Internet based illegal acts
o Access to unauthorized information
What are the most common things to be stolen in
our society?

Computer Security Risks

- Defined as any action or event that can cause loss or damage to HW, SW,
Data, Information, or processing ability
- Examples of computer security risks:
o Malicious-logic programs programs that act without the users
knowledge
- Computer virus, worm, Trojan horse
o Access Control
o Theft: HW, SW, Information, Data, etc.

Computer Viruses and other malicious-logic programs

- A piece of code (software) that affects normal computer operation
F.Farahmand

2 / 12

File: lec12chap11f04.doc

Lecture 16 / Chapter 12

COSC1300/ITSC 1401/BCIS 1405

11/8/2004

o Could be harmless and just for fun! altering the normal operation
of the computer
o Damaging the operating system (boot code)
o Damaging other existing programs
- Examples:
o Some are only a particular malicious logic
- Worms: Blaster, Sobig
o Some are all three types:
- Melissa
- Activation methods:
o Opening infected files, running an infected file, starting the
computer with an infected floppy
o Some viruses are harmless or even cute!
o There are more than 80,000 known viruses (last 20 years)
o A list of viruses are available on web pages: http://www.cert.org
Why would anyone want to spend time to write a
computer virus???

Three basic virus types:

- Boot sector virus: executes when a software boots up
o Dont use floppies to boot up your system!
- File virus: Attached to a program file and it is activated when the program
is run
- Macro virus: Uses a macro language of an application (spread sheet)
- They can be activated immediately or after some times

F.Farahmand

3 / 12

File: lec12chap11f04.doc

Lecture 16 / Chapter 12

COSC1300/ITSC 1401/BCIS 1405

11/8/2004

Malicious-logic program types

- Virus: A hidden program that spreads itself throughout the computer or
from one system to another
o Damages files, system software, operating system
- Worm: Copies itself repeatedly in memory or hard drive and eventually
fills it; such as Code Red
- Trojan horse: Hides inside a legitimate program
o Does not replicate itself
o Often attached to email files
- Typical impacts include
o Abnormal display
o Loss of memory
o File corruptions
o Altering system property

Ways to protect computers against viruses:

- Use virus detector programs:
o Norton AntiVirus
o McAfee VirusScan
- Keep these programs up-to-date
- Basic operations:
o Detecting viruses based on their heading, file size, creation date
o They remove or quarantine the infected files
- Some viruses are not detectable:
o Stealth Virus (no change in file size)
o Polymorphic Virus (changes its program code!)
- Detecting virus hoax! Chain letters!
F.Farahmand

4 / 12

File: lec12chap11f04.doc

Lecture 16 / Chapter 12

COSC1300/ITSC 1401/BCIS 1405

11/8/2004

Unauthorized access (computer risks)

- Use of computer or network without permission
o Hacker? Cracker?
o Steal information or they simply leave a message! I was here!
- Preventing unauthorized access:
o Access control: security measure to control who can access the
system
o A two-phase process:
Identification: Valid user
Authentication: verifies you are who you say you are!
There are four methods:
Access Control

Identification

User name
/Password

Processed
Object

Authentication

Biometric

Call back
systems

o
o Password: 6 characters; how many combinations? (2 Billions)
How long does it take you to figure it out? (700 years!)
o Possessed objects: Pin number, Card (ATM card), external devices
o Biometric devices: Authenticates persons identity by verifying
personal characteristics
fingerprint scanner
TruePrint Technology looking at live-tissues (more
accurate fingerprinting scheme Offered by Authen
Tech
F.Farahmand

5 / 12

File: lec12chap11f04.doc

Lecture 16 / Chapter 12

COSC1300/ITSC 1401/BCIS 1405

11/8/2004

Brain Fingerprinting! picking your brain for what you

now or can remember!
hand geometry system
voice recognition
face recognition
Iris recognition system (tiny blood vessels in your eyes)
o Callback system
Is there a full proof computer security system?
Other computer security risks:
- Hardware theft: stealing computer equipments
o How can you protect your laptop? Any idea?
- Software theft:
o Software piracy: unauthorized and illegal duplication
o Many require license for operating the software
o $11 billion loss each year! -> Jail time and hefty fines!
- Information theft:
o Stealing personal identifications and information
o One of the most common things to be stolen!
o Means of protection:
Encryption techniques
o Encryption (scrambling) : process of converting readable data into
unrecognizable data
Need to know how to decrypt
Clipper chip tamper-resistance personal computer
processor (except for the government!)
encryption mechanism
Yet, the custody of the private key!
o Allowing intercepting private communications by
government organizations
F.Farahmand

6 / 12

File: lec12chap11f04.doc

Lecture 16 / Chapter 12

COSC1300/ITSC 1401/BCIS 1405

11/8/2004

Freedom Privacy and Security tool (leaves no ID!- no way

of tracking)
o There are two basic types of encryptions:
Private key encryption: Both the sender and the receiver
have the secret code to decrypt the data. The most popular
key encryption is the data encryption standard (DES)
Public key encryption: Uses public and private key

F.Farahmand

7 / 12

File: lec12chap11f04.doc

Lecture 16 / Chapter 12

COSC1300/ITSC 1401/BCIS 1405

11/8/2004

Computer safeguards:
- System failure protection: prolonged malfunction of a computer resulting
in loss of data, information, hardware damage, etc.
o Electrical disturbances in a single or network of computers
o Includes:
Noise: unwanted signal disturbing the normal operation. Not a
risk to the hardware.
Undervoltage: When voltage level drops (blackout complete
power failure)
Overvoltage: Excessive power increase (spike momentary
overvoltage) - Use surge protector.
- System backup: duplicating files.
o Backup media can be Zip disks, CD-RW, DVD-RW
o Three basic types:
Full: complete backup
Differential: Copying only files which have changed since the
last full backup
Incremental: Copying the most recent files which have
changed
- Disaster recovery plan: A written plan describing how to restore
computer operations in case of emergency failure. Contains four major
components:
o Emergency plan: describes immediate actions after the disaster
o Backup plan: How the computer uses backup files
o Recovery plan: Actions taken to restore full information processing
operation
o Test plan: simulating various levels of emergency cases
- Developing computer security plan: A written document summarizing all
computer safeguards to protect companys information assets

F.Farahmand

8 / 12

File: lec12chap11f04.doc

Lecture 16 / Chapter 12

COSC1300/ITSC 1401/BCIS 1405

11/8/2004

Internet and network security

- Creating higher degree of security risks
- Some basic problems with the Internet: No central administrator,
everyone can have access to the information on the Internet
- So what are these security risks?
o Denial of service attacks: a user is denied access to network
services (Web page)
o Securing Internet transactions
Using public and private keys;
Encryptions Secure site use security protocols: HTTPS
o Firewalls: Security system consisting or hardware or software that
prevents unauthorized access to the network
o Firewalls can be implemented in different ways:
Using a Proxy server: a server controlling all communications
Personal firewall: a software program detecting unauthorized
access to a personal computer on the network
o Audit trails
Uses a log to know who has been attempting to access
o Intrusion detection
Check the strange behavior of incoming messages and notify
the administrator
o Securing email messages: we can secure email using encryption
programs
Pretty Good Privacy (PGP) download for free:
http://www.pgpi.org/

F.Farahmand

9 / 12

File: lec12chap11f04.doc

Lecture 16 / Chapter 12

COSC1300/ITSC 1401/BCIS 1405

11/8/2004

Information privacy
- Refers to the right of individuals and companies to deny or restrict the
collection and use of information about them data privacy
- Similar technologies are used for web-casting and advertising:
o Cookies: A small file that the web server store on your computer
You can avoid it by changing your computer security level
Delete the ones you dont want: search for COOKIES!
Remember some of the files are hidden: Open a folder ->
Tools -> Folder Options -> Viewing -> Hidden files
o Spam: Unsolicited e-mail message
Use email filtering http://www.cloudmark.com
o Spyware: collects information on your PC without your
knowledge.
It communicates these information with an outside source
Examples: Adware or Web bug (browsing habits!)
A software that is free may contain one of these utilities
- Privacy laws: Laws regarding storing and disclosure of personal data
o There is a long list of ACTs passed by the congress
Video Privacy Protection Act (forbids retailer from revealing
or selling video-rental without the consumer consent or court
order
Cable Communications Policy Act (regulating the disclosure
of TV subscriber record)
Then came the PATRIOT ACT The law enforcement have
the right to monitor peoples activities
- Keyboard tracking
- Tracking your cell phones, emails, web activities
- Book records
o What is the problem?
We still dont know what to do with the telemarketers
F.Farahmand

10 / 12

File: lec12chap11f04.doc

Lecture 16 / Chapter 12

COSC1300/ITSC 1401/BCIS 1405

11/8/2004

Cookies and Spam are considered as freedom of expression

What to do in libraries: Add web filter software or not?
- Rating system specific users with passwords cannot
access certain materials
- Simply block everyone!
Stop companies from selling your private information to
others
o Monitoring Employees
73 percent of companies search and/or read employee files,
emails, voice mail, web connections, etc.
Computer Vision Lab in Florida is developing a visual
tracking device to follow employees around the office:
- You can tell if someone is just drinking coffee all the
time and not working,"

F.Farahmand

11 / 12

File: lec12chap11f04.doc

Lecture 16 / Chapter 12

COSC1300/ITSC 1401/BCIS 1405

11/8/2004

Computers and heals risks

Repetitive Strain Injury Injury or disorder of the muscles, nerves,

joints, and tendons
o Largest job-related injury in the United States
o Examples:
Tendonitis: inflammation of a tendon due to repeated motion
or stress on the tendon
Carpal Tunnel Syndrome: Inflammation of nerves connected
to the forearm to the pals of the wrist
Computer vision syndrome: Having sore, tired, burning,
itching eyes
Computer addiction! Dont chat too much!
Green Computing:
o Energy Star: Guide lines for reducing the electricity and
environmental waste while using computers
Recycling problem: 500 million computers are estimated to be
obsolete by 2007!
We MUST reduce wasting resources!

F.Farahmand

12 / 12

File: lec12chap11f04.doc