Chapter 11 Computer Security, Ethics and Privacy

Chapter 11 Objectives
Describe the types of computer security risks Discuss the types of devices available that protect computers from system failure

Identify ways to safeguard against computer viruses, worms, Trojan horses, denial of service attacks, back doors, and spoofing
Discuss techniques to prevent unauthorized computer access and use Identify safeguards against hardware theft and vandalism Explain the ways software manufacturers protect against software piracy Define encryption and explain why it is necessary

Explain the options available for backing up computer resources

Identify risks and safeguards associated with wireless communications Recognize issues related to information accuracy, rights, and conduct Discuss issues surrounding information privacy Discuss ways to prevent health-related disorders and injuries due to computer use

Next

Computer Security Risks

What is a computer security risk?

Action that causes loss of or damage to computer system

Click to view Web Link, click Chapter 11, Click Web Link from left navigation, then click Computer Emergency Response Team Coordination Center below Chapter 11 p. 556 - 558 Fig. 11-1
Next

Computer Viruses, Worms, and Trojan Horses

What are viruses, worms, and Trojan horses?
Virus is a potentially damaging computer program Worm copies itself repeatedly, using up resources and possibly shutting down computer or network Trojan horse hides within or looks like legitimate program until triggered Does not replicate itself on other computers Payload (destructive event) that is delivered when you open file, run infected program, or boot computer with infected disk in disk drive

Can spread and damage files

p. 558

Next

Computer Viruses, Worms, and Trojan Horses

How can a virus spread through an e-mail message?
Step 1. Unscrupulous Step 2. They use

programmers create a virus program. They hide the virus in a Word document and attach the Word document to an e-mail message.

the Internet to send the e-mail message to thousands of users around the world.

Step 3b. Other users do not Step 3a. Some

users open the attachment and their computers become infected with the virus.

recognize the name of the sender of the e-mail message. These users do not open the e-mail message. Instead they delete the e-mail message. These users computers are not infected with the virus.

p. 559 Fig. 11-2

Next

Computer Viruses, Worms, and Trojan Horses

How can you protect your system from a macro virus?

Set macro security level in applications that allow you to write macros At medium security level, warning displays that document contains macro
Macros are instructions saved in an application, such as word processing or spreadsheet program

p. 560 Fig. 11-3

Next

Computer Viruses, Worms, and Trojan Horses

What is an antivirus program?

Identifies and removes computer viruses Most also protect against worms and Trojan horses

p. 560 - 561 Fig. 11-4

Next

Computer Viruses, Worms, and Trojan Horses

What is a virus signature?

Specific pattern of virus code

Also called virus definition

Antivirus programs look for virus signatures

p. 561 Fig. 11-5

Next

Computer Viruses, Worms, and Trojan Horses

How does an antivirus program inoculate a program file?
Records information about program such as file size and creation Uses date Attempts information to remove to detect if any detected virus tampers virus with file Quarantines infected files that it Keeps file cannot in separate remove
area of hard disk
p. 561
Next

Computer Viruses, Worms, and Trojan Horses

What are some tips for preventing virus, worm, and Trojan horse infections?
Set the macro security in programs so you can enable or disable macros If the antivirus program flags an e-mail attachment as infected, delete the attachment immediately
Click to view Web Link, click Chapter 11, Click Web Link from left navigation, then click Virus Hoaxes below Chapter 11

Install an antivirus program on all of your computers

Never open an e-mail attachment unless you are expecting it and it is from a trusted source

Check all downloaded programs for viruses, worms, or Trojan horses

Install a personal firewall program

p. 562

Next

Computer Viruses, Worms, and Trojan Horses

What is a denial of service attack and back door?
A denial of service attack is an assault which disrupts computer access to an Internet service such as the Web or e-mail

A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a computer resource

p. 562

Next

Computer Viruses, Worms, and Trojan Horses

What is spoofing?
Makes a network or Internet Transmission appear legitimate

IP spoofing occurs when an intruder computer fools a network into believing its IP address is from a trusted source
Perpetrators of IP spoofing trick their victims into interacting with a phony Web site

p. 563

Next

Computer Viruses, Worms, and Trojan Horses

What is a firewall?

Security system consisting of hardware and/or software that prevents unauthorized intrusion

p. 563 Fig. 11-7

Next

Computer Viruses, Worms, and Trojan Horses

What is a personal firewall utility?

Program that protects personal computer and its data from unauthorized intrusions Monitors transmissions to and from computer Informs you of attempted intrusion

Click to view Web Link, click Chapter 11, Click Web Link from left navigation, then click Personal Firewall Software below Chapter 11

p. 564 Fig. 11-8

Next

Unauthorized Access and Use

How can companies protect against hackers?
Intrusion detection software analyzes network traffic, assesses system vulnerabilities, and identifies intrusions and suspicious behavior Access control defines who can access computer and what actions they can take

Audit trail records access attempts

p. 564 - 565

Next

Video: Honeynet Project Founder Lance Spitzer

The Honeynet tracks hackers and exposes their techniques

low quality
(click to start)

high quality
(click to start)

Next

Unauthorized Access and Use

What are other ways to protect your personal computer?

Disable file and printer sharing on Internet connection

File and printer sharing turned off

p. 565 Fig. 11-9

Next

Unauthorized Access and Use

What is a user name?

Unique combination of characters that identifies user Password is private combination of characters associated with the user name that allows access to computer resources

p. 566 Fig. 11-10

Next

Unauthorized Access and Use

How can you make your password more secure?

Longer passwords provide greater security

p. 567 Fig. 11-11

Next

Unauthorized Access and Use

What is a possessed object?

Item that you must carry to gain access to computer or facility Often used with numeric password called personal identification number (PIN)

p. 567 Fig. 11-12

Next

Unauthorized Access and Use

What is a biometric device?

Authenticates persons identity using personal characteristic

Fingerprint, hand geometry, voice, signature, and iris

p. 567 - 568 Fig. 11-13

Next

Video: ID Security
Smile, Big Brother wants your iris scan

low quality
(click to start)

high quality
(click to start)

Next

Hardware Theft and Vandalism

What are hardware theft and hardware vandalism?

Hardware theft is act of stealing computer equipment

Cables sometimes used to lock equipment Some notebook computers use passwords, possessed objects, and biometrics as security methods For PDAs, you can passwordprotect the device

Hardware vandalism is act of defacing or destroying computer equipment

p. 569 - 570 Fig. 11-14

Next

Software Theft
What is software theft?
Act of stealing or illegally copying software or intentionally erasing programs Software piracy is illegal duplication of copyrighted software

Click to view Web Link, click Chapter 11, Click Web Link from left navigation, then click Software Piracy below Chapter 11

p. 570

Next

Software Theft
What is a license agreement?

Right to use software Single-user license agreement allows user to install software on one computer, make backup copy, and sell software after removing from computer

p. 570 Fig. 11-15

Next

Software Theft
What are some other safeguards against software theft?
Product activation allows user to input product identification number online or by phone and receive unique installation identification number

Business Software Alliance (BSA) promotes better understanding of software piracy problems

Click to view Web Link, click Chapter 11, Click Web Link from left navigation, then click Business Software Alliance below Chapter 11 p. 571

Next

Information Theft
What is encryption?

Safeguards against information theft Process of converting plaintext (readable data) into ciphertext (unreadable characters) Encryption key (formula) often uses more than one method To read the data, the recipient must decrypt, or decipher, the data

Click to view Web Link, click Chapter 11, Click Web Link from left navigation, then click Encryption below Chapter 11

p. 571 - 572 Fig. 11-16

Next

Information Theft
How can I encrypt the contents of files and folders in WindowsXP?

p. 573 Fig. 11-17

Next

Internet Security Risks

How do Web browsers provide secure data transmission?

Many Web browsers use encryption

Secure site is Web site that uses encryption to secure data

Digital certificate is notice that guarantees Web site is legitimate

p. 573

Next

Internet Security Risks

What is a certificate authority (CA)?

Authorized person or company that issues and verifies digital certificates Users apply for digital certificate from CA

p. 573 Fig. 11-18

Next

Internet Security Risks

What is Secure Sockets Layer (SSL)?

Provides encryption of all data that passes between client and Internet server
Web addresses beginning with https indicate secure connections

p. 574 Fig. 11-19

Next

System Failure
What is a system failure?

Prolonged malfunction of computer

Can cause loss of hardware, software, or data

Caused by aging hardware, natural disasters, or electrical power disturbances

Noiseunwanted electrical signal
Undervoltagedrop in electrical supply
p. 574
Next

Overvoltage or power surge significant increase in electrical power

System Failure
What is a surge protector?

Protects computer and equipment from electrical power disturbances Uninterruptible power supply (UPS) is surge protector that provides power during power loss

Click to view Web Link, click Chapter 11, Click Web Link from left navigation, then click Uninterruptible Power Supply below Chapter 11

p. 574 - 575 Figs. 11-2011-21

Next

Backing Up The Ultimate Safeguard

What is a backup?
Duplicate of file, program, or disk
Three-generation backup preserves three copies of important files

Full backup all files in computer

Selective backup select which files to back up

In case of system failure or corrupted files, restore files by copying to original location

p. 576

Next

Wireless Security
How can I ensure my wireless communication is secure?

Secure your wireless access point (WAP) WAP should not broadcast your network name Enable Wired Equivalent Privacy or Wi-Fi Protected Access (WPA)

p. 576 - 577 Fig. 11-22

Next

Ethics and Society

What are computer ethics?
Moral guidelines that govern use of computers and information systems
Unauthorized use of computers and networks

Software theft

Information accuracy

Intellectual property rightsrights to which creators are entitled for their work

Codes of conduct

Click to view Web Link, click Chapter 11, Click Web Link from left navigation, then click Digital Rights Management below Chapter 11 p. 578 - 579

Information privacy

Next

Ethics and Society

What is an IT code of conduct?

Written guideline that helps determine whether computer action is ethical Employers can distribute to employees

p. 580 Fig. 11-25

Next

Information Privacy
What is information privacy?
Right of individuals and companies to deny or restrict collection and use of information about them Difficult to maintain today because data is stored online Employee monitoring is using computers to observe employee computer use
Legal for employers to use monitoring software programs

p. 580 and 586

Next

Information Privacy
What are some ways to safeguard personal information?
Fill in only necessary information on rebate, warranty, and registration forms Install a cookie manager to filter cookies Clear your history file when you are finished browsing Set up a free e-mail account; use this e-mail address for merchant forms Sign up for e-mail filtering through your Internet service provider or use an antispam program, such as Brightmail

Avoid shopping club and buyers cards

Do not reply to spam for any reason

Inform merchants that you do not want them to distribute your personal information

Turn off file and print sharing on your Internet connection Limit the amount of information you provide to Web sites; fill in only required information

Install a personal firewall

Surf the Web anonymously with a program such as Freedom Web Secure or through an anonymous Web site such as Anonymizer.com

p. 581

Next

Information Privacy
What is an electronic profile?

Data collected when you fill out form on Web Merchants sell your electronic profile Often you can specify whether you want personal information distributed

p. 581 - 582 Fig. 11-27

Next

Information Privacy
What is a cookie?
Some Web sites sell or trade information stored in your cookies

User preferences

Small file on your computer that contains data about you

Set browser to accept cookies, prompt you to accept cookies, or disable cookies

How regularly you visit Web sites

Interests and browsing habits

Click to view Web Link, click Chapter 11, Click Web Link from left navigation, then click Cookies below Chapter 11

p. 582

Next

Information Privacy
How do cookies work?

p. 583 Fig. 11-28

Next

Information Privacy
What are spyware, adware, and spam?

Spyware is program placed on computer without users knowledge Adware is a program that displays online advertisements Spam is unsolicited e-mail message sent to many recipients

p. 583 - 584 Fig. 11-29

Next

Information Privacy
How can you control spam?
E-mail filtering
Collects spam in central location that you can view any time

Service that blocks e-mail messages from designated sources

Anti-spam program
Attempts to remove spam
Sometimes removes valid e-mail messages

p. 584

Next

Information Privacy
What is phishing?

Scam in which a perpetrator sends an official looking e-mail that attempts to obtain your personal and financial information

p. 584

Next

Information Privacy
What privacy laws have been enacted?

p. 585 Fig. 11-30

Next

Information Privacy
What privacy laws have been enacted? (contd)

p. 585 Fig. 11-30

Next

Information Privacy
What is content filtering?

Process of restricting access to certain material Internet Content Rating Association (ICRA) provides rating system of Web content Web filtering software restricts access to specified sites

p. 586 - 587 Fig. 11-31

Next

Information Privacy
What is computer forensics?

Also called digital forensics, network forensics, or cyberforensics Discovery, collection, and analysis of evidence found on computers and networks Computer forensic analysts must have knowledge of the law, technical experience, communication skills, and willingness to learn

Click to view Web Link, click Chapter 11, Click Web Link from left navigation, then click Computer Forensics below Chapter 11 p. 587

Next

Health Concerns of Computer Use

What are some health concerns of computer use?
Computer vision syndrome (CVS)eye and vision problems

Carpal tunnel syndrome (CTS)inflammation of nerve that connects forearm to palm

Repetitive strain injury (RSI)

Tendonitisinflammation of tendon due to repeated motion

Computer addictionwhen computer consumes entire social life

p. 587 - 588

Next

Health Concerns of Computer Use

What precautions can prevent tendonitis or carpal tunnel syndrome?

Spread fingers apart for several seconds while keeping wrists straight Gently push back fingers and then thumb Dangle arms loosely at sides and then shake arms and hands

p. 588 Fig. 11-32

Next

Health Concerns of Computer Use

How can you ease eyestrain when working at the computer?

p. 588 Fig. 11-33

Next

Health Concerns of Computer Use

What is ergonomics?

Applied science devoted to comfort, efficiency, and safety in workplace

keyboard height: 23 to 28 elbows at 90 and arms and hands parallel to floor

adjustable backrest

adjustable seat adjustable height chair with 5 legs for stability

p. 589 Fig. 11-34

feet flat on floor

Next

Health Concerns of Computer Use

What is green computing?

Reducing electricity and environmental waste while using computer

Click to view Web Link, click Chapter 11, Click Web Link from left navigation, then click Green Computing below Chapter 11 p. 590 Fig. 11-35

Next

Summary of Computer Security, Ethics and Privacy

Potential computer risks Ethical issues surrounding information accuracy, intellectual property rights, codes of conduct, and information privacy

Safeguards that schools, business, and individuals can implement to minimize these risks
Computer-related health issues, their preventions, and ways to keep the environment healthy Wireless security risks and safeguards

Chapter 11 Complete