Security and Privacy

Computers and the Internet

 Aspects to be Covered
• Types of computer crime and the difficulties of
discovery.
• Security measures for corporate data
• Understanding virus.
• Privacy threats in computer and the internet.
 Computer Crime

• Stealing and using or selling of data:

Company data
Personal information in a company files
• Employees and individuals need to recognize
the possible danger from computer systems
and protect their assets.
 What we Need to do to Protect Data

Keep data secure Keep data private

• Destruction • Salaries
• Accidental damage • Medical information
• Theft • Social security numbers
• Bank balances
 Ways to Secure Data
• Locked servers
• Removable hard drives that are locked when
not in use
• Hard disk drives requiring special tools for
detachment
• Physical cages around computers that prohibit
access
• Put password to files
 Computer Hackers
• Computer professionals hired to illicitly gain
entry into a system
Reveal weak points
Testing
May not alert its own employees of the testing
 What Systems Have Been Invaded?

• Corporate networks
Over half largest corporations were invaded
Competitors?
• Government networks
Dept of Defense attacked more than 200,000
times per year
Computer attack abilities of other nations?
• Web sites
How Can Systems be Easily Compromised?

• Social engineering
Con artist – persuade others to give away their
passwords over the phone
• Electronic pickpockets
Use computers to transfer or change assets to
their advantage
Frequently Reported Crimes (1/2)
• Credit-card fraud
Numbers captured and used fraudulently
• Data communications fraud
Piggyback on someone else’s network
Office network for personal purposes
Computer-directed diversion of funds
• Unauthorized access to computer files
Accessing confidential employee records
Theft of trade secrets and product pricing
Frequently Reported Crimes (2/2)
• Unlawful copying of copyrighted software
Casual sharing of copyrighted software
• Data diddling
Changing data before or as it enters the system
• Denial of service attack (DOS)
Hackers bombard a site with more request for
service than it can possible handle
Prevents legitimate users from accessing the site
Appearance of requests coming from many
different sites simultaneously
 Possible Solutions
• Discovery
Difficult
85% of computer crimes are never reported
• Prosecution
Legal representatives lack technical knowledge to
understand the crime
 Discovery and Prosecution
• Computer Forensics
Uncovering computer-stored information suitable
for legal use
 Computer Security
• System of safeguards designed to protect
a computer system and data from
deliberate or accidental damage

• Natural disasters • Theft

• Fire • Theft or
destruction of data
• Accidents
• Hackers
• Vandalism
 Identification and Access
• Provide access to authorized individuals only
• Uses one of more of the following systems
What you have
What you know
What you do
Who you are
 What You Have
• Key
• Badge
• Token
• Plastic card – magnetized strip
• Active badge – signals wearer’s location using
infrared signals
 What You Know
• Password
• Identification number
• Combination
 What You Do
• Verify signature – software verifies scanned
and online signatures
 Who You Are
• Biometrics – science of measuring individual
body characteristics
• Fingerprints
• Voice pattern
• Retina of the eye
• Entire face
 Other Mechanisms
• Auditor checks
 Who has accessed data during periods when that data is
not usually used?
 Off-the-shelf software to access the validity and accuracy of
the system’s operations and output
• Applicant screening
 Verify the facts on a resume
 Background checks
• Built-in software protection
 Record unauthorized access attempts
 User profile
 Internet Security

Firewall
Dedicated computer
that governs interaction
between internal
network and the
Internet
Encryption
Data Encryption
Standard (DES)
 Personal Computer Security
• Physical security with locks and cables
• Surge protector
• Uninterruptible power supply (UPS)
• Backup files regularly and systematically
 Disaster Recovery
• Hardware loss
Can be replaced
Temporarily diminished processing ability
• Software loss
Industry standard – make backups of program files
 Disaster Recovery
• Data loss
Reassemble records
Customer information
Accounting data
Design information
Major costs and time
 Computer Recovery
• Restoring computer processing operations and
data files if operations are halted or files are
damaged by major destruction
 How to Plan a Recovery?
• Priorities for programs
• Plans for notifying employees
• List of needed equipment and where it is
located
• Alternative computing facilities
• Procedures for handling input and output data
• Emergency Drills
 Backup

“If you are not backing up your files regularly,

you deserve to lose them.”

Average user experiences loss once a year

 What Can Cause Data Loss?
• Incorrect software use
• Input data incorrectly
• Software may harm data
• Hard disk malfunctions
• Accidentally delete files
• Virus infection
 Question
• Mention different ways you use to backup
your files?
Which way do you prefer and why?
COMPUTER VIRUSES
 Malicious / Malware Code
• Refers to any program or set of program
instruction that is designed to enter in a
computer and disrupt its normal operations.
• These includes viruses, trojan horses and
worms.
• Normally created by hackers or crackers.
 Computer viruses
• Is a set of program instruction that attaches
itself to a file, reproduces itself and spreads to
other files.
• Can do the following:
– Corrupt file
– Destroys data
– Display irritating message
– Disrupt computer operations
 Computer Virus
• Can spread from one computer to another,
but only replicate themselves in the host
computer.
• How do viruses spread from one computer to
another?
Normally infects the executable files, i.e., with
extensions and remain in the RAM wait to infect
the next file to be executed or accessed.
 Time and logic bombs viruses
• Viruses that deliver their payload on specific
date are referred as time bombs viruses. e.g.,
Michelangelo virus is designed to damage
hard disk on 6th March (his birthday)
• Viruses that deliver their payloads in response
to some other systems event are referred as
logic bombs viruses
 Computer virus conti…
• Computer viruses can mainly be grouped in to three
parts namely file virus, boot sector virus and macro
virus
• File virus: infects application programs
• Boot sector virus: infects the system files your
computer uses every time you turn it on
• Macro virus: infects a set of instruction called macro,
small program that usually contain legitimate
instruction to automate document or worksheet
production
 Trojan horse and worms
Learning Activity: What are trojan horse and
worms ? Differentiate them from viruses.
 Antivirus
• Is a set of utility programs that looks for and
eradicates viruses, Trojan horses and worms.
• Runs on different computer as well as servers.
• Popular antivirus includes McAfee, Kaspersky,
Norton etc
 How does it work
• Virus attach itself to the existing program.
• Original length of the program increase
(examine the length of program and record,
change in length of a program in any
computing indicates there is a virus)

Early technique….
 How does it work..
Overcoming Early Technique
• Viruses attach themselves to the unused portion
of program hence no changing of length
• Antivirus developers designed software that
examined the bytes in unaffected program and
calculates a checksum (a no. that is calculated by
combining the binary values of all bytes in a file)
and record it. It is compared later with another
checksum calculated when the program is ran
 Antivirus

Modern Technique
• Viruses, Trojan horses and worms are no
longer limited to program files
• The use of virus signature to search for viruses
• Virus signature is a section of a virus program,
such as a unique series of instructions that can
be used to identify a known virus much as
fingerprint identifies individual.
 Privacy
• How do they get your data?

• Loans • Insurance claim

• Charge accounts
• Orders via mail
• •
Magazine subscriptions
• Tax forms
• Applications for schools,
jobs, clubs
• Hospital stay
• Sending checks
Fund-raisers
• Advertisers
• Warranties
• Military draft registration
• Court petition
 Monitoring by Website
• Records:
City
Site you just left
Everything you do while on the site
Hardware and software you use
Click stream
Series of clicks that link from site to site
History of what the user chooses to view
• Cookie
Stores information about you
Software available to manage cookies
 Question
• What can you do to enhance the privacy of
your data?