Académique Documents
Professionnel Documents
Culture Documents
Objectives
Describe the types of information that must be kept secure and the types of threats against them Describe five methods of keeping a PC safe and secure Discuss the threats and defenses unique to multiuser networks Discuss the threats and defenses unique to wireless networks Describe the threats posed by hackers, viruses, spyware, frauds, and scams, and the methods of defending against them
Succeeding with Technology, Third Edition 2
Chapter Content
Information Security and Vulnerability Machine-Level Security Network Security Wireless Network Security Internet Security
Information Security
Corporate and government networks are under attack, and the Internet is the battlefield Many types of attacks can be made on computer systems
Viruses Identity theft Theft of personal information Unauthorized use of your computer
Information Security
Information Security
Information security
Total information security
Securing all components of the global digital information infrastructure
Cell phones PCs Government and business networks Internet routers Communications satellites
Intellectual property
Product of the mind or intellect over which the owner holds legal entitlement can take many forms, including
Copyrights: protects words, music, and other expressions for the life of the owner plus 70 years Trademarks Trade secrets: protects secrets or proprietary information of individuals and organizations as long as this item is adequately protected Patents: protects an invention by giving the holder a monopoly on the use of the invention for 20 years after it has been applied
Business intelligence
Process of gathering information in the pursuit of business advantage
Competitive intelligence
Concerned with information about competitors
Counterintelligence
Concerned with protecting your own information from access by your competitors
Succeeding with Technology, Third Edition 9
10
11
Software patches
Corrections to software bugs that cause security holes
12
13
Plagiarism
Taking credit for someone elses intellectual property, typically a written idea, by claiming it as your own
14
15
16
Computer forensics
Process of examining computer equipment to determine if it has been used for illegal, unauthorized, or unusual activities
17
18
Machine-Level Security
Common forms of authentication (weakest to strongest)
Something you know
Password or personal identification number (PIN)
19
Machine-Level Security
20
Passwords
Username
Identifies a user to the computer system
Password
A combination of characters known only to the user that is used for authentication
Strongest passwords
Minimum of eight characters in length Do not include any known words or names
Besides choosing strong passwords, you should change your passwords regularly
Succeeding with Technology, Third Edition 21
Passwords
22
Passwords
23
Retinal scanning
Analyzes the pattern of blood vessels at the back of the eye
Fingerprint scan
Increasingly common method for access to secure areas, logging onto computers, and even validating credit
Succeeding with Technology, Third Edition 24
25
Files
Can be encrypted on the fly as they are being saved, and decrypted as they are opened
27
The only method that provides 100% protection against data loss is backing up
28
29
30
Mirroring
Creating a copy of the system or a portion of it
Real-time mirroring
As files are saved, they are automatically updated in the mirrored copy
Succeeding with Technology, Third Edition 31
32
33
Systems Maintenance
System and Software updates
About 9% of data loss is caused by software corruption
Computer housecleaning
Deleting unneeded data files Organizing the remaining data files logically into folders and subfolders Emptying the recycle bin (Windows) or trash can (Mac) Deleting unneeded saved e-mail messages Cleaning out Web cookie and other temporary Web files Uninstalling unneeded software Reorganizing the desktop Organizing Web browser favorites
Succeeding with Technology, Third Edition 34
System Maintenance
Defragmentation utility
Aligns files in adjacent clusters, improving performance Fragmentation: files on your hard drive are scattered about the disk
Windows cleaners
Scan the Windows Registry, correcting incorrect or obsolete information Backup the Registry before cleaning it
35
System Maintenance
36
Network Security
When a computer is connected to a network, security risks increase a hundredfold Connecting to the Internet increases risks a million times As long as there is a network connection, risks increase
37
User permissions
The access privileges afforded to each network user
File ownership
Files and Folders on the system carry information that identifies their creator
Group ownership
Members of the group have access to system files or folders marked for group use
World ownership
Resources are set to be available to everyone on the network
38
39
Interior Threats
Threats from within a private network
Unintentional
Users make mistakes or exceed their authorization
Intentional
Registered users want to do harm or steal information
40
41
42
Information Theft
Identity theft
Many instances of identity and information theft with the assistance of insiders with network access
43
Employers
Not legally responsible for notifying employees of network usage policies
44
45
Wi-Fi networks
The most popular wireless protocol Are popping up in offices, homes, on city streets, in airports, coffee shops, even in McDonalds Every Wi-Fi adapter has a unique MAC address that is usually printed on the adapter
Succeeding with Technology, Third Edition 46
War driving
Driving through neighborhoods with a wireless notebook or handheld computer looking for unsecured Wi-Fi networks No one has ever been convicted of war driving, but the legality is questionable
Succeeding with Technology, Third Edition 47
48
Encrypting data
Wireless encryption protocols are used to prevent attackers from listening in on wireless communications
49
50
Internet Security
When a computer is connected to the Internet it becomes a target to millions of various attacks Computers IP address
Registered and known to others
51
Automated attacks
Viruses, worms, spyware
Succeeding with Technology, Third Edition 52
53
54
55
56
Trojan horses
Appear to be harmless programs When they run, install programs on the computer that can be harmful Backdoor Trojans open ports on the computer for hacker access
Worm
Acts as a free agent, replicating itself numerous times in an effort to overwhelm systems
Succeeding with Technology, Third Edition 57
58
Worms and viruses generally attack Windows platforms, not UNIX/Linux or Mac
Theories
Hackers and virus authors hate Microsoft Hackers and virus authors attack the dominant platform to do the most damage Widows has more holes, making it easier to attack
Succeeding with Technology, Third Edition 59
60
61
62
63
64
Zombie computer
Carries out actions (often malicious) under the remote control of a hacker either directly or through spyware or a virus Join together into zombie networks
Antispyware
Software that searches a computer for spyware and other software that may violate a users privacy, allows the user to remove it, and provides continuing protection against future attacks
65
Phishing scam
Combines both spoofed e-mail and a spoofed Web site in order to trick a person into providing private information
Spear phishing
Private information is used to target a specific person
Pharming
Domain name service server is hijacked and automatically redirects users to spoofed sites in order to steal information
Succeeding with Technology, Third Edition 66
67
Laws have not had much effect Spammers often partner with hackers
Well protected behind zombie networks and virusinfected computers
68
69
70
In some cases, just a nuisance, but they can cause great harm in other cases
Hoax may ask you to delete a virus file that is actually an uninfected, important system file Deleting such a file may make your computer unusable
71
Examine Web addresses to make sure they are legitimate Do not believe virus alerts sent through e-mail unless they come from a reputable source Use spam filters
72
73
Summary
Total information security
Securing all components of the global digital information infrastructure
74
Summary
When a computer is connected to a network
Security risks increase