Computers Tools for an Information Age Chapter 10 Security and Privacy Computers and the Internet Objectives Explain the different types of computer crime and the difficulties of discovery and prosecution Describe the aspects of securing corporate data including software and data security disaster recovery plans and security legislation Describe in general terms how viruses work the damage they can cause and procedures used to prevent this damage Explain the threats to personal privacy posed by computers and the Internet Describe actions you can take to maximize your privacy 2 Security and Privacy Security data stored on computer must be kept safe Privacy private data must be kept from prying eyes 3 Computer Crime Hacker someone who attempts to gain access to computer systems illegally Originally referred to as someone with a high degree of computer expertise Social engineering a tongue in cheek term for con artist actions Persuade people to give away password information Cracker someone who uses the computer to engage in illegal activity 4 Computer Crime Most commonly reported categories Credit card fraud Data communications fraud Unauthorized access to computer files Unlawful copying of copyrighted software 5 Methods Computer Criminals Use Bomb Data diddling Denial of service attacks Piggybacking Salami technique Scavenging Trapdoor Trojan horse Zapping 6 Bomb Causes a program to trigger damage under certain conditions Usually set to go off at a later date Sometimes planted in commercial software Shareware is more prone to having a bomb planted in it 7 Data Diddling Refers to changing data before or as it enters the system Auditors must verify accuracy of the source data as well as the processing that occurs 8 Denial of Service Attack Hackers bombard a site with more requests than it can possibly handle Prevents legitimate users from accessing the site Hackers can cause attacks to come from many different sites simultaneously 9 Piggybacking An illicit user rides into the system on the back of an authorized user If the user does not exit the system properly the intruder can continue where the original user has left off Always log out of any system you log into 10 Salami Technique An embezzlement technique where small slices of money are funneled into accounts 11 Scavenging Searching company trash cans and dumpsters for lists of information Thieves will search garbage and recycling bins of individuals looking for bank account numbers credit card numbers etc Shred documents that contain personal information 12 Trapdoor An illicit program left within a completed legitimate program Allows subsequent unauthorized and unknown entry by the perpetrator to make changes to the program 13 Trojan Horse Involves illegal instructions placed in the middle of a legitimate program Program does something useful but the Trojan horse instructions do something destructive in the background 14 Zapping Refers to a variety of software designed to bypass all security systems 15 White Hat Hackers Hackers that are paid by a company to break into that company s computer systems Expose security holes and flaws before criminals find them Once exposed flaws can be fixed 16 Discovery and Prosecution Crimes are often undetected Prosecution is difficult When they are detected they are often not reported Law enforcement agencies and prosecutors are illequipped to handle computer crime Judges and juries often don t understand computer crime Congress passed the Computer Fraud and Abuse Act to increase awareness of computer crime 17 Computer Forensics Uncovering computer stored information suitable for use as evidence in courts of law Restores files and or e mail messages that someone has deleted Some experts are available for hire but most are on the staffs of police departments and law firms 18 Security Playing It Safe Security a system of safeguards Protects system and data from deliberate or accidental damage Protects system and data from unauthorized access 19 Controlling Access Four means of controlling who has access to the computer What you have What you know What you do What you are 20 What You Have Requires you to have some device to gain access to the computer Badge key or card to give you physical access to the computer room or a locked terminal Debit card with a magnetic strip gives you access to your bank account at an ATM Active badge broadcasts your location by sending out radio signals 21 What You Know Requires you to know something to gain access Password and login name give you access to computer system Cipher locks on doors require you to know the combination to get in 22 What You Do Software can verify scanned and online signatures 23 What You Are Uses biometrics the science of measuring body characteristics Uses fingerprinting voice pattern retinal scan etc to identify a person Can combine fingerprinting and reading a smart card to authenticate 24 A Disaster Recovery Plan A method of restoring computer processing operations and data files in the event of major destruction Several approaches Manual services Buying time at a service bureau Consortium Plan should include priorities for restoring programs plans for notifying employees and procedures for handling data in a different environment 25 A Consortium A joint venture among firms to support a complete computer facility Used only in the event of a disaster Hot site a fully equipped computer center Cold site an empty shell in which a company can install its own computer system 26 Software Security Who owns custom made software What prevents a programmer from taking a copy of the program Answer is well established If the programmer is employed by the company the software belongs to the company If the programmer is a consultant ownership of the software should be specified in the contract 27 Data Security Several techniques can be taken to prevent theft or alteration of data Secured waste Internal controls Auditor checks Applicant screening Passwords Built in software protection 28 Personal Computer Security Physical security of hardware Secure hardware in place with locks and cables Avoid eating drinking and smoking around computers 29 Protecting Disk Data Use a surge protector to prevent electrical problems from affecting data files Uninterruptible power supply includes battery backup Provides battery power in the event power is lost Allows users to save work and close files properly Back up files regularly 30 Backing Up Files Back up to