Chapter 13A

Understanding the Need

for Security Measures

McGraw-Hill Technology

Copyright 2006 by The McGraw-Hill Companies, Inc. All

Basic Security Concepts

Threats
Anything that can harm a computer
Vulnerabilities are weaknesses in security
Security attempts to neutralize threats
Burglar, a virus, an earthquake, or a simple
user error

14A-2

Basic Security Concepts

Degrees of harm
Level of potential damage
Include all parts of system

14A-3

Potential data loss

Loss of privacy
Inability to use hardware
Inability to use software

Basic Security Concepts

Countermeasures
Steps taken to block a threat
Protect the data from theft
Protect the system from theft

14A-4

Threats To Users
Identity Theft
Occurs when someone Impersonates you
by using your private information.
Thief can become the victim

Reported incidents rising

Methods of stealing information

14A-5

Shoulder surfing (ATM)

Snagging (listening)
Dumpster diving (delete)
Social engineering(website)
High-tech methods(trojan horses

Threats To Users
Loss of privacy
Personal information is stored electronically
Purchases are stored in a database
Data is sold to other companies

Public records on the Internet

Criminal records
Background Information

14A-6

Threats to Users
Cookies
A cookies is a small text file that a web
server asks your browser to place on your
computer.
The cookie might list the last time you
visited the site, which pages you
downloaded, and how long you were at the
site before leaving.

14A-7

Threats to Users
Spyware
When you install and register a program, it
may ask you to fill out a form. The program
then sends the information to the
developer, who stores it in a database.

14A-8

Threats to Users
Web bugs
A web bug is a small GIF-format image file
that can be embedded in a web page or an
MTML-format e-mail message.
A web bug can be as small as a single pixel
in size and can easily be hidden any where
in an MTML document
Like cookies bugs creator track many of
your online activities.

14A-9

Threats to Users
Spam
Spam is internet junk mail or unsolicited
commercial email
Almost all spam is commercial advertising
Networks and PCs need a spam blocker
Stop spam before reaching the inbox

Spammers acquire addresses using many

methods
CAN-SPAM Act passed in 2003
14A-10

Threats to Hardware
Affect the operation or reliability
Power-related threats
Power fluctuations
Power spikes or browns out

Power loss or power failure

Countermeasures

14A-11

Surge suppressors (voltage spikes)

Line conditioners (voltage drops, noise)
Uninterruptible power supplies (UPS)
Generators

Threats to Hardware
Theft and vandalism
Thieves steal the entire computer
Accidental or intentional damage
Countermeasures

14A-12

Keep the PC in a secure area

Lock the computer to a desk
Do not eat near the computer
Watch equipment
Handle equipment with care

Threats to Hardware
Natural disasters
Disasters differ by location
Typically result in total loss
Earthquakes, hurricanes
Disaster planning

14A-13

Plan for recovery

List potential disasters
Plan for all eventualities
Practice all plans

Threats to Data
Viruses
Software that distributes and installs itself
Viruses are pieces of a computer program
that attach themselves to host programs.
Countermeasures
Anti-virus software
Popup blockers
Do not open unknown email

14A-14

Threats to Data
Trojan horses
Program that poses as beneficial software
User willingly installs the software
Countermeasures
Anti-virus software
Spyware blocker

14A-15

Threats to Data
Cybercrime
Using a computer in an illegal act
Fraud and theft are common acts

14A-16

Threats to Data
Internet fraud
Most common cybercrime
Fraudulent website
Have names similar to legitimate sites

14A-17

Threats to Data
Hacking
Using a computer to enter another network
Cost users $1.3 trillion in 2003
Hackers motivation
Recreational hacking
Financial hackers
Grudge hacking

Hacking methods

14A-18

Sniffing
Social engineering
Spoofing

Threats to Data
Distributed denial of service attack
Attempt to stop a public server
Hackers plant the code on computers
Code is simultaneously launched
Too many requests stops the server

14A-19

Threats to Data
Cyber terrorism
Attacks made at a nations information
Targets include power plants
Threat first realized in 1996
Organizations combat cyber terrorism
Computer Emergency Response Team (CERT)
Department of Homeland Security

14A-20

Chapter 13A

End of Chapter

McGraw-Hill Technology

Copyright 2006 by The McGraw-Hill Companies, Inc. All