Chapter 9 - Security & Ethics

by CHOY WAN LING
Tags: TIS

Security

  • Threats to computer security include criminals, computer crimes, and other hazards

 

Computer criminal – engage in illegal action using computer technology 

  • Employees – may be trying to steal hardware, software and proprietary information 
  • Outside users – could obtain confidential passwords which include employees and clients or suppliers having access to a company’s computer system
  • “Hackers” and “crackers” – Their motives are malicious and can be very destructive and costly. Hackers gain unauthorized access to computer systems “for fun”, crackers create and share programs designed to gain unauthorized access to computer systems. 
  • Carders – criminals who specialize in stealing, trading, and using stolen credit cards over the Internet
  • Organized crime – tracking illegal enterprises, forgery, counterfeiting
  • Terrorists – could potentially crash satellites and wage economic warfare by disrupting navigation and communication systems

 

Computer crime – uses special knowledge of computer technology to engage in illegal action

Creation of malicious programs – malicious software (malware)

 

Computer Crimes

Descriptions

Viruses 

 

 

  • migrate through networks and operating systems
  • attach themselves to different programs and databases
  • can damage system components by alter or delete files

 

Worms – a special type of virus

 

 
  • Doesn’t attach to a program
  • Fills the computer with self-replicating information or can be a carrier of a more traditional virus

 

Trojan horse 

 
  • carriers of viruses (like worms)
  • programs that are disguised as something else -  appear as free computer games.

 

Zombies 

 
  • computers infected by a virus, worm, or Trojan horse that allows them to be remotely controlled for malicious purposes
  • botnet / robot network (a collection of Zombie computers)
  • Malicious activities include password cracking or sending junk email.

 

Denial of service attacks 

 
  • flooding a computer or network with requests for information and data for try to slow down or stop a computer system or network (target : ISPs)

 

Social networking risks

 

 

  • steal personal identities by using the Information posted by others

 

 

Cyber-bullying 

 

 

 
  • send or post content intended to hurt or embarrass someone by use of the Internet, cell phones or other devices 
  • sending repeated unwanted emails
  • ganging up on victims in electronic forums
  • posting false statements designed to injure the reputation of another
  • maliciously disclosing personal data about a person that could lead to harm to that person
  • sending any type of communication that is threatening or harassing

 

Rogue Wi-Fi Hotspots

 
  • capture any information sent by the users and legitimate sites including usernames and passwords by imitate free Wi-Fi networks

 

Theft

 
  • hardware, software, data, computer time, confidential information

 

 

Data manipulation 

 
  • finding entry into someone’s computer network and leaving a prankster’s message

 

 

Internet Scams - Phising

internet scam.jpg.1

 

Computer Fraud and Abuse Act – law states that it’s a crime for an unauthorized person to view, copy or damage data using any computer across state lines

 

Hazard

Natural Hazards – fire, floods, hurricanes, tornadoes, earthquakes

Civil strife and terrorism – wars, riots, terrorist activities

Technological failures - voltage surge or spike, hard disk crash

Human errors – data entry errors, programmer errors, filename errors

 

Protect Computer Security

- protecting information, hardware, and software from unauthorized use, damage from intrusions, sabotage, and natural disasters

 

Restricting access

 

 

1.     Biometric Scanning

a.      Fingerprint scan

b.     Iris (eye) scan

 

2.     Passwords

a.      Change passwords when people leave a company

b.     Dictionary attack – attempt to gain unauthorized access to a user’s account by using software to try thousands of common words sequentially

 

3.     Firewalls – a security buffer between a corporation’s private network and all external networks

 

Encryption

·       coding messages to prevent people from reading your messages

·       file encryption, email encryption, web site encryption

·       Virtual private networks (VPNs)

·       Wireless network encryption (WEP, WPA, and WPA2)

 

Anticipating disasters

 

·       Physical security - protecting hardware  

·       Data security– protecting software and data from unauthorized tampering or damage

·       Disaster recovery plan

-        continue operating until normal computer operations can be restored

-        hot sites - can create special emergency facilities which are fully equipped backup computer centers

-        cold sites - hardware must be installed to be utilized

 

Preventing data loss

·       Use physical backups – off-site storage using tapes or disks in case of loss of equipment

 

 

https://www.youtube.com/watch?v=zL_HAmWQTgA


Ethics

- Standards of moral conduct / guidelines for the morally acceptable use of computers

 

  • Copyright

- Gives content creators the right to control the use and distribution of their work for paintings, books, music, films, video games

 

  • Software piracy - Unauthorized copying and distribution

- Digital Millennium Copyright Act - the right of the owner to make a backup copy

- Digital rights management (DRM) - prevents copyright violations

 

  • Plagiarism

 - without refer to the original person's permission and use the other person’s work and ideas as your own

 

Updated on 16 December 2018, 1:00 PM; 528 page visits from 8 December 2018 to 27 April 2024