McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved.

McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved.
 Chapter 14A

Understanding the Need

McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved.
 Basic Security Concepts
• Threats
– Anything that can harm a computer
– Vulnerabilities are weaknesses in security
– Security attempts to neutralize threats

14A-3
 Basic Security Concepts
• Degrees of harm
– Level of potential damage
– Include all parts of system
• Potential data loss
• Loss of privacy
• Inability to use hardware
• Inability to use software

14A-4
 Basic Security Concepts
• Countermeasures
– Steps taken to block a threat
– Protect the data from theft
– Protect the system from theft

14A-5
 Threats To Users
• Identity Theft
– Impersonation by private information
• Thief can ‘become’ the victim
– Reported incidents rising
– Methods of stealing information
• Shoulder surfing
• Snagging
• Dumpster diving
• Social engineering
• High-tech methods

14A-6
 Threats To Users
• Loss of privacy
– Personal information is stored electronically
– Purchases are stored in a database
• Data is sold to other companies
– Public records on the Internet
– Internet use is monitored and logged
– None of these techniques are illegal

14A-7
 Threats to Users
• Cookies
– Files delivered from a web site
– Originally improved a site’s function
– Cookies now track history and passwords
– Browsers include cookie blocking tools

14A-8
 Threats to Users
• Spyware
– Software downloaded to a computer
– Designed to record personal information
– Typically undesired software
– Hides from users
– Several programs exist to eliminate

14A-9
 Threats to Users
• Web bugs
– Small programs embedded in gif images
– Gets around cookie blocking tools
– Companies use to track usage
– Blocked with spyware killers

14A-10
 Threats to Users
• Spam
– Unsolicited commercial email
– Networks and PCs need a spam blocker
• Stop spam before reaching the inbox
– Spammers acquire addresses using many
methods
– CAN-SPAM Act passed in 2003

14A-11
 Threats to Hardware
• Affect the operation or reliability
• Power-related threats
– Power fluctuations
• Power spikes or browns out
– Power loss
– Countermeasures
• Surge suppressors
• Line conditioners
• Uninterruptible power supplies
• Generators

14A-12
 Threats to Hardware
• Theft and vandalism
– Thieves steal the entire computer
– Accidental or intentional damage
– Countermeasures
• Keep the PC in a secure area
• Lock the computer to a desk
• Do not eat near the computer
• Watch equipment
• Chase away loiterers
• Handle equipment with care

14A-13
 Threats to Hardware
• Natural disasters
– Disasters differ by location
– Typically result in total loss
– Disaster planning
• Plan for recovery
• List potential disasters
• Plan for all eventualities
• Practice all plans

14A-14
 Threats to Data
• The most serious threat
– Data is the reason for computers
– Data is very difficult to replace
– Protection is difficult
• Data is intangible

14A-15
 Threats to Data
• Viruses
– Software that distributes and installs itself
– Ranges from annoying to catastrophic
– Countermeasures
• Anti-virus software
• Popup blockers
• Do not open unknown email

14A-16
 Threats to Data
• Trojan horses
– Program that poses as beneficial software
– User willingly installs the software
– Countermeasures
• Anti-virus software
• Spyware blocker

14A-17
 Threats to Data
• Cybercrime
– Using a computer in an illegal act
– Fraud and theft are common acts

14A-18
 Threats to Data
• Internet fraud
– Most common cybercrime
– Fraudulent website
– Have names similar to legitimate sites

14A-19
 Threats to Data
• Hacking
– Using a computer to enter another network
– Cost users $1.3 trillion in 2003
– Hackers motivation
• Recreational hacking
• Financial hackers
• Grudge hacking
– Hacking methods
• Sniffing
• Social engineering
• Spoofing
14A-20
 Threats to Data
• Distributed denial of service attack
– Attempt to stop a public server
– Hackers plant the code on computers
– Code is simultaneously launched
– Too many requests stops the server

14A-21
 Threats to Data
• Cyber terrorism
– Attacks made at a nations information
– Targets include power plants
– Threat first realized in 1996
– Organizations combat cyber terrorism
• Computer Emergency Response Team (CERT)
• Department of Homeland Security

14A-22
 Chapter 14A

End of Chapter

McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved.