Computers:Tools for an Information AgeObjectivesSecurity and PrivacyComputer CrimeComputer CrimeMethods Computer Criminals UseBombData DiddlingDenial of Service AttackPiggybackingSalami TechniqueScavengingTrapdoorTrojan HorseZappingWhite-Hat HackersDiscovery and ProsecutionComputer ForensicsSecurity: Playing It SafeControlling AccessWhat You HaveWhat You KnowWhat You DoWhat You AreA Disaster Recovery PlanA ConsortiumSoftware SecurityData SecurityPersonal Computer SecurityProtecting Disk DataBacking Up FilesTypes of BackupComputer PestsWormVirusTransmitting a VirusDamage from VirusesVirus PreventionVirus MythsPrivacyPrivacy: How Did They Get My Data?Privacy: How Did They Get My Data?Protecting Your PrivacyPrivacy LegislationFair Credit Reporting ActFreedom of Information ActFederal Privacy ActVideo Privacy Protection ActComputer Matching and Privacy Protection ActHealth Insurance Portability and Accountability ActSecurity and Privacy Problems on the InternetA FirewallEncryptionBeing MonitoredCookiesSpammingPreventing SpamComputers:Tools for an Information AgeChapter 10Security and Privacy:Computers and the Internet2Objectives Explain the different types of computer crime and the difficulties of discovery and prosecution Describe the aspects of securing corporate data, including software and data security, disaster recovery plans, and security legislation Describe in general terms how viruses work, the damage they can cause, and procedures used to prevent this damage Explain the threats to personal privacy posed by computers and the Internet. Describe actions you can take to maximize your privacy3Security and Privacy Security – data stored on computer must be kept safe Privacy – private data must be kept from prying eyes4Computer Crime Hacker – someone who attempts to gain access to computer systems illegally Originally referred to as someone with a high degree of computer expertise Social engineering – a tongue-in-cheek term for con artist actions Persuade people to give away password information Cracker – someone who uses the computer to engage in illegal activity5Computer Crime Most commonly reported categories Credit card fraud Data communications fraud Unauthorized access to computer files Unlawful copying of copyrighted software6Methods Computer Criminals Use Bomb Data diddling Denial of service attacks Piggybacking Salami technique Scavenging Trapdoor Trojan horse Zapping7Bomb Causes a program to trigger damage under certain conditions Usually set to go off at a later date Sometimes planted in commercial software Shareware is more prone to having a bomb planted in it8Data Diddling Refers to changing data before or as it enters the system Auditors must verify accuracy of the source data as well as the processing that occurs9Denial of Service Attack Hackers bombard a site with more requests than it can possibly handle Prevents legitimate users from accessing the site Hackers can cause attacks to come from many different sites simultaneously10Piggybacking An illicit user “rides” into the system on the back of an authorized user If the user does not exit the system properly, the intruder can continue where the original user has left off Always log out of any system you log into11Salami Technique An embezzlement technique where small “slices” of money are funneled into accounts12Scavenging Searching company trash cans and dumpsters for lists of information Thieves will search garbage and recycling bins of individuals looking for bank account numbers, credit card numbers, etc. Shred documents that contain personal information13Trapdoor An illicit program left within a completed legitimate program Allows subsequent unauthorized and unknown entry by the perpetrator to make changes to the program14Trojan Horse Involves illegal instructions placed in the middle of a legitimate program Program does something useful, but the Trojan horse instructions do something destructive in the background15Zapping Refers to a variety of software designed to bypass all security systems16White-Hat Hackers Hackers that are paid by a company to break into that company’s computer systems Expose security holes and flaws before criminals find them Once exposed, flaws can be fixed17Discovery and Prosecution Crimes are often undetected When they are detected, they are often not reported Prosecution is difficult Law enforcement agencies and prosecutors are ill-equipped to handle computer crime Judges and juries often don’t understand computer crime Congress passed the Computer Fraud and Abuse Act to increase awareness of computer crime18Computer Forensics Uncovering computer-stored information suitable for use as evidence in courts of law Restores files and/or e-mail messages that someone has deleted Some experts are available for hire, but most are on the staffs of police departments and law firms19Security: Playing It Safe Security – a system of safeguards Protects system and data from deliberate or accidental damage Protects system and data from unauthorized access20Controlling Access Four means of controlling who has access to the computer What you have What you know What you do What you are21What You Have Requires you to have some device to gain access to the computer Badge, key, or card to give you physical access to the computer room or a locked terminal Debit card with a magnetic strip gives you access to your bank account at an ATM Active badge broadcasts your location by sending out radio signals22What You Know Requires you to know something to gain access Password and login name give you access to computer system Cipher locks on doors require you to know the combination to get in23What You Do Software can verify scanned and online signatures24What You Are Uses biometrics – the science of measuring body characteristics Uses fingerprinting, voice pattern, retinal scan, etc. to identify a person Can combine fingerprinting and reading a smart card to authenticate25A Disaster Recovery Plan A method of restoring computer processing operations and data files in the event of major destruction Several approaches Manual services Buying time at a service bureau Consortium Plan should include priorities for restoring programs, plans for