Computer Crime and Information Security

Chapter 11: Computer Crime and Information Security
Objectives
Describe the types of information that must be kept secure and the types of threats against them Describe five methods of keeping a PC safe and secure Discuss the threats and defenses unique to multiuser networks Discuss the threats and defenses unique to wireless networks Describe the threats posed by hackers, viruses, spyware, frauds, and scams, and the methods of defending against them
Succeeding with Technology, Third Edition 2
Chapter Content
Information Security and Vulnerability Machine-Level Security Network Security Wireless Network Security Internet Security
Succeeding with Technology, Third Edition
Information Security
Corporate and government networks are under attack, and the Internet is the battlefield Many types of attacks can be made on computer systems
Viruses Identity theft Theft of personal information Unauthorized use of your computer
Information security involves

Confidentiality, integrity, availability
Information security
Total information security
Securing all components of the global digital information infrastructure
Cell phones PCs Government and business networks Internet routers Communications satellites
Information Security and Vulnerability

Identity theft
The criminal act of using stolen information about a person to assume that persons identity
Intellectual property
Product of the mind or intellect over which the owner holds legal entitlement can take many forms, including
Copyrights: protects words, music, and other expressions for the life of the owner plus 70 years Trademarks Trade secrets: protects secrets or proprietary information of individuals and organizations as long as this item is adequately protected Patents: protects an invention by giving the holder a monopoly on the use of the invention for 20 years after it has been applied
Intellectual property rights

Ownership and use of intellectual property such as software, music, movies, data, and information

Organizational information
Compromised information can lead to
Loss of market share Business failure
Business intelligence
Process of gathering information in the pursuit of business advantage
Competitive intelligence
Concerned with information about competitors
Counterintelligence
Concerned with protecting your own information from access by your competitors

Businesses are targets of most attacks (most to least)
Virus Insider abuse of Internet access Laptop theft Unauthorized access by insiders Denial-of-service attacks System penetration Theft of property information Sabotage Financial fraud Telecommunications fraud Eavesdropping Active wiretap
10
National and Global Security

Cyberterrorism
Uses attacks over the Internet to intimidate or harm a population
United States Computer Emergency Readiness Team (US-CERT)

Monitors the security of US networks and the Internet Responds to attacks
National Strategy to Secure Cyberspace

Prevent cyberattacks against US infrastructure Reduce national vulnerability to cyberattack Minimize damage and recovery time
11
Threats to Information Security: Software and Network Vulnerabilities

Security vulnerabilities or security holes
Software bugs that allow violations of information security
Software patches
Corrections to software bugs that cause security holes
12
Threats to Information Security: User Negligence
13
Threats to Information Security: Pirates and Plagiarists

Piracy
The illegal copying, use, and distribution of digital intellectual property such as software, music, and movies
Plagiarism
Taking credit for someone elses intellectual property, typically a written idea, by claiming it as your own
14
15
16
Threats to Information Security: Hackers, Crackers, Intruders, and Attackers

System penetration
Someone subverting the security of a system without authorization
Hackers, crackers, intruders, and attackers

an individual who subverts computer security without authorization
White-hat hacker Black-hat hacker Gray-hat hacker Script kiddie
Computer forensics
Process of examining computer equipment to determine if it has been used for illegal, unauthorized, or unusual activities
17
Threats to Information Security: Hackers, Crackers, Intruders, and Attackers
18
Machine-Level Security
Common forms of authentication (weakest to strongest)
Something you know
Password or personal identification number (PIN)
Something you have

ID cards, smartcards, badges, keys,
Something about you

Unique physical characteristics such as fingerprints
19
Machine-Level Security
20
Passwords
Username
Identifies a user to the computer system
Password
A combination of characters known only to the user that is used for authentication
Strongest passwords
Minimum of eight characters in length Do not include any known words or names
Besides choosing strong passwords, you should change your passwords regularly
Passwords
22
Passwords
23
ID Devices and Biometrics

Biometrics
The science and technology of authentication by scanning and measuring a persons unique physical features
Facial pattern recognition

Uses mathematical technique to measure the distances between 128 points on the face
Retinal scanning
Analyzes the pattern of blood vessels at the back of the eye
Fingerprint scan
Increasingly common method for access to secure areas, logging onto computers, and even validating credit
ID Devices and Biometrics
25
Encrypting Stored Data

Encryption
Uses high-level mathematical functions and computer algorithms to encode data
Files
Can be encrypted on the fly as they are being saved, and decrypted as they are opened
Encryption and decryption

Tend to slow down computer slightly when opening and saving files
Encrypting Stored Data
27
Backing Up Data Systems

Common causes of data loss
Hardware failure Human error Software corruption Viruses Natural disasters
The only method that provides 100% protection against data loss is backing up
28
System Backup and Restore

Operating systems and security software provide ways to create rescue disks
A CD or floppy disk created while system is operational and backs up important system files
Systems Restore utility

System can be taken back in time to a point when the computer was not experiencing problems
29
System Backup and Restore
30
Backing up Data Files

Backup software typically provides the following options
Select the files and folders you wish to back up Choose the location to store the archive file Choose whether to back up all files (a full backup), orjust those that have changed since the last backup (an incremental backup)
Mirroring
Creating a copy of the system or a portion of it
Real-time mirroring
As files are saved, they are automatically updated in the mirrored copy
Remote Data Backup

Internet-based backup services
Pay service which backs up your computer whenever it is connected to the Internet Allows you to back up at a location away from your computer
32
Remote Data Backup
33
Systems Maintenance
System and Software updates
About 9% of data loss is caused by software corruption
Computer housecleaning
Deleting unneeded data files Organizing the remaining data files logically into folders and subfolders Emptying the recycle bin (Windows) or trash can (Mac) Deleting unneeded saved e-mail messages Cleaning out Web cookie and other temporary Web files Uninstalling unneeded software Reorganizing the desktop Organizing Web browser favorites
System Maintenance
Defragmentation utility
Aligns files in adjacent clusters, improving performance Fragmentation: files on your hard drive are scattered about the disk
Windows cleaners
Scan the Windows Registry, correcting incorrect or obsolete information Backup the Registry before cleaning it
35
System Maintenance
36
Network Security
When a computer is connected to a network, security risks increase a hundredfold Connecting to the Internet increases risks a million times As long as there is a network connection, risks increase
37
Multiuser System Considerations

Multiuser system
Multiple users share access to resources such as file systems
User permissions
The access privileges afforded to each network user
File ownership
Files and Folders on the system carry information that identifies their creator
Group ownership
Members of the group have access to system files or folders marked for group use
World ownership
Resources are set to be available to everyone on the network
38
Multiuser System Considerations
39
Interior Threats
Threats from within a private network
Unintentional
Users make mistakes or exceed their authorization
Intentional
Registered users want to do harm or steal information
40
Threats to System Health and Stability

On most business networks
Users may not install software without authorization
Security at the cost of convenience

Some software is unstable and dangerous Software from outside the system could contain
Viruses Spyware
41
Threats to System Health and Stability
42
Information Theft
Identity theft
Many instances of identity and information theft with the assistance of insiders with network access
Businesses are taking action against this

Restricting access to physical locations, databases, systems PCs with no external drives or USB ports Analysts suggest banning iPods from the workplace
43
Security and Usage Policies

Security and network usage policy
Document, agreement, or contract
Defines acceptable and unacceptable uses of computer and network resources
Typically warn against using the network for illegal activities
Employers
Not legally responsible for notifying employees of network usage policies
44
Security and Usage Policies
45
Wireless Network Security

Wireless networks
Provide wonderful convenience Have security risks
Wi-Fi networks
The most popular wireless protocol Are popping up in offices, homes, on city streets, in airports, coffee shops, even in McDonalds Every Wi-Fi adapter has a unique MAC address that is usually printed on the adapter
Threats to Wireless Networks

Access point
Sends and receives signals to and from computers on the wireless local area network or WLAN By default, are set to broadcast their presence
War driving
Driving through neighborhoods with a wireless notebook or handheld computer looking for unsecured Wi-Fi networks No one has ever been convicted of war driving, but the legality is questionable
Threats to Wireless Networks
48
Securing a Wireless Network

Access points provide security settings for
Making the network invisible
Disable broadcast of the network ID, the SSID
Keeping unwanted computers off the network

Change the password used to connect to the access point Set the access point to only allow certain computers to connect
Encrypting data
Wireless encryption protocols are used to prevent attackers from listening in on wireless communications
49
Securing a Wireless Network
50
Internet Security
When a computer is connected to the Internet it becomes a target to millions of various attacks Computers IP address
Registered and known to others
Attacks against Internet-connected computers

Direct attacks Viruses, worms, or spyware
51
Hackers on the Internet

Methods of Attack
Key-logging Packet-sniffing Port-scanning Social engineering: exploits the natural human tendency to trust others to acquire private information Dumpster diving
Automated attacks
Viruses, worms, spyware
Hackers on the Internet
53
Motivation and Goals for Attacks

Common motivations
Hobby and challenge Malicious vandalism Gaining a platform for anonymous attacks
Distributed-denial-of-service attacks Numerous computers used to make requests of a server in order to overwhelm it
Theft of information or services Spying
54
Defending Against Hackers

Firewall
Hardware or software that examines all incoming packets and filters out those which may be harmful
Encrypting confidential data
55
Motivation and Goals for Attacks
56
Viruses and Worms

Virus
Program that attaches itself to a file Spreads to other files, and delivers a destructive action called a payload
Trojan horses
Appear to be harmless programs When they run, install programs on the computer that can be harmful Backdoor Trojans open ports on the computer for hacker access
Worm
Acts as a free agent, replicating itself numerous times in an effort to overwhelm systems
Viruses and Worms
58
How Viruses and Worms Spread

Worms and viruses can infect your PC from many sources
P2P networks E-mail Web scripts Instant messaging Downloaded software or files
Worms and viruses generally attack Windows platforms, not UNIX/Linux or Mac
Theories
Hackers and virus authors hate Microsoft Hackers and virus authors attack the dominant platform to do the most damage Widows has more holes, making it easier to attack
60
61
Defending Against Viruses and Worms

Antivirus software uses several techniques to:
Find viruses on a system Remove them if possible Keep additional viruses from infecting the system
62

Keys to protecting PCs
Dont open e-mails or IM attachments unless they are expected and have been inspected by antivirus software Keep up with software patches for your system Use caution when exploring Web sites Avoid software from untrusted sources Stay away from file-sharing networks
63
64
Spyware, Adware, and Zombies

Spyware
Software installed on a computer without users knowledge Monitors the user, or gives control of the computer to an outside party
Zombie computer
Carries out actions (often malicious) under the remote control of a hacker either directly or through spyware or a virus Join together into zombie networks
Antispyware
Software that searches a computer for spyware and other software that may violate a users privacy, allows the user to remove it, and provides continuing protection against future attacks
65
Scams, Spam, Fraud, and Hoaxes

Internet fraud
Deliberately deceiving a person over the Internet in order to damage them and to unjustly obtain property or services from the victim
Phishing scam
Combines both spoofed e-mail and a spoofed Web site in order to trick a person into providing private information
Spear phishing
Private information is used to target a specific person
Pharming
Domain name service server is hijacked and automatically redirects users to spoofed sites in order to steal information
67

Spam
Unsolicited junk mail that makes up more than 60% of todays e-mail
Laws have not had much effect Spammers often partner with hackers
Well protected behind zombie networks and virusinfected computers
68
69

Spam solutions
Bayesian filters Simple authentication software Trusted sender technology Reputation systems Interfaces for client-side tools to allow end users to report spam
70

Virus hoaxes
E-mail that warns of a virus that doesnt exist
In some cases, just a nuisance, but they can cause great harm in other cases
Hoax may ask you to delete a virus file that is actually an uninfected, important system file Deleting such a file may make your computer unusable
71

Defending against scams, spam, fraud, and hoaxes
Awareness and common sense Do not click links sent by e-mail
Type URLs directly into the browser
Examine Web addresses to make sure they are legitimate Do not believe virus alerts sent through e-mail unless they come from a reputable source Use spam filters
72
73
Summary
Total information security
Securing all components of the global digital information infrastructure
Fundamental security implemented at

The individual machine level The point of entry to computers, computer networks, and the Internet
74
Summary
When a computer is connected to a network
Security risks increase
With wireless technologies

Attacker no longer has to establish a wired connection to a network
Attacks against Internet-connected computers may come in the form of:

Direct attacks by hackers (system penetration) Through viruses, worms, or spyware Frauds and scams

Computer Crime and Information Security

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Computer Crime and Information Security

Transféré par

Droits d'auteur :

Formats disponibles

Chapter 11: Computer Crime and Information Security

Succeeding with Technology, Third Edition

Information security involves

Succeeding with Technology, Third Edition

Succeeding with Technology, Third Edition

Succeeding with Technology, Third Edition

Information Security and Vulnerability

Intellectual property rights

Succeeding with Technology, Third Edition

Information Security and Vulnerability

Information Security and Vulnerability

Succeeding with Technology, Third Edition

National and Global Security

United States Computer Emergency Readiness Team (US-CERT)

National Strategy to Secure Cyberspace

Succeeding with Technology, Third Edition

Threats to Information Security: Software and Network Vulnerabilities

Succeeding with Technology, Third Edition

Threats to Information Security: User Negligence

Succeeding with Technology, Third Edition

Threats to Information Security: Pirates and Plagiarists

Succeeding with Technology, Third Edition

Threats to Information Security: Pirates and Plagiarists

Succeeding with Technology, Third Edition

Threats to Information Security: Pirates and Plagiarists

Succeeding with Technology, Third Edition

Threats to Information Security: Hackers, Crackers, Intruders, and Attackers

Hackers, crackers, intruders, and attackers

Succeeding with Technology, Third Edition

Threats to Information Security: Hackers, Crackers, Intruders, and Attackers

Succeeding with Technology, Third Edition

Something you have

Something about you

Succeeding with Technology, Third Edition

Succeeding with Technology, Third Edition

Succeeding with Technology, Third Edition

Succeeding with Technology, Third Edition

ID Devices and Biometrics

Facial pattern recognition

ID Devices and Biometrics

Succeeding with Technology, Third Edition

Encrypting Stored Data

Encryption and decryption

Encrypting Stored Data

Succeeding with Technology, Third Edition

Backing Up Data Systems

Succeeding with Technology, Third Edition

System Backup and Restore

Systems Restore utility

Succeeding with Technology, Third Edition

System Backup and Restore

Succeeding with Technology, Third Edition

Backing up Data Files

Remote Data Backup

Succeeding with Technology, Third Edition

Remote Data Backup

Succeeding with Technology, Third Edition

Succeeding with Technology, Third Edition

Succeeding with Technology, Third Edition

Succeeding with Technology, Third Edition

Multiuser System Considerations

Succeeding with Technology, Third Edition

Multiuser System Considerations