Post on 22-Dec-2015
transcript
Computer Security and Privacy
Chapter 5
Computer Benefits
• Allow us to accomplish many tasks• Provide us with lots of information• Store and retrieve information for us• Allow us to browse the Web• Make businesses and individuals more efficient
Plymouth State University
WHY BE CONCERNED ABOUT COMPUTER SECURITY?
• Theft or damage of hardware
• Losing data (companies and individuals)
• Buying pirated or digitally counterfeited products online.
Plymouth State University
Potential Hardware Problems
• Hardware loss (hardware theft or lost hardware)
• Hardware damage ( both intentional and unintentional
• System failure – Hardware problem– Natural or man- made disaster.
Plymouth State University
Computer Concerns and Protection
• Hackers
• Viruses & Worms
• Firewalls
Cyberthreats
• Hackers– People who gain unauthorized access to computers or
networks, often for fun or to see if they can (not good)
• Crackers– Malicious hackers who break into computers for malicious
purposes
11/2/00 Plymouth State University 7
Threats to Computers: Theft
• Hardware
• Software
• Information
• Malice & destruction
• Theft of PDAs, cell phones, etc. as well as computers
Security
• Security is extremely important in today’s network environment
• Hackers can be a serious problem for both corporate and private computers
• Physical and software security are used
11/2/00 Plymouth State University 9
Threats to Computers:Natural & Other Hazards
• Natural hazards• Terrorism
11/2/00 Plymouth State University 10
Security: Safeguarding Computers
• Disaster-recovery plans– A method of restoring information-processing
operations that have been halted by destruction or accident
• Reinforced by 2001 World Trade Center attack• Reinforced by company data losses incurred during 2005
Hurricane Katrina
– Plans range in price and complexity from• Backing up data from disk to tape, CD, or zip disk, with a UPS• Automatically storing data redundantly in two places• Having an off-site computerized data storage center with
independent power supply• Having a complete “hot” redundant data center that can instantly
be used if there is a disasterMore $$$
Protecting Your Computer
• Safeguards– Use antivirus software, and keep it current– Install a firewall to filter out undesirable traffic– Install antispyware software– Encrypt financial and personal records – Back up your data, so if your PC is attacked and
must be reformatted, you can restore your data
Preventing Data Loss
• Backup files often!
• External hard drive
Plymouth State University
Software Security
• IDs and Passwords– Assigned to users, must be protected– Need to use password that is not obvious– Should be changed periodically
• Some systems force users to change them
Protecting Computers
• Door locks
• Equipment locks
• Tracking software
• Ruggedized devices
• Surge supressors
• Uninterruptable Power Supply
Plymouth State University
Precautions
• To protect against hardware theft, door and equipment locks can be used.
• To protect against accidental hardware damage, surge suppressors, uninterruptible power supplies ( UPSs) should be used.
• Storage media care, and precautions against excess dust, heat, and static electricity.
Plymouth State University
Protection
• Ruggedized devices can be used when necessary.
• To protect against data loss, backups are essential for both individuals and businesses
• Disaster recovery plan for natural and man- made disasters.
Plymouth State University
Encryption
• Encryption can be used to protect individual files and the content of data stored on a storage medium.
• Full disk encryption ( FDE) and self- encrypting hard drives can be used to encrypt all the content located on a hard drive automatically.
Plymouth State University
Protecting Data
• Encryption– The process of altering readable data into
unreadable form to prevent unauthorized access
• Scrambles data before storing• Uses encryption key
SOFTWARE PIRACY AND DIGITAL COUNTERFEITING
• Software piracy ( the unauthorized copying of a computer program)
• Piracy costs manufacturers billions of dollars each year, and some of these costs are passed on to law-abiding consumers.
• Various tools, such as holograms, and software activation procedures, can be used to prevent software piracy.
Plymouth State University
Counterfeiting Money
• Making fake copies of currency and other resources are illegal in the United States.
• The government has various methods in place to prevent digital counterfeiting of currency, such as using features like security threads and watermarks.
Plymouth State University
Intellectual Property
• Software Copyright– Publisher owns software– User is granted a license to use it– No copies to be made– Used on one computer
• Not recognized by all countries
• Software Piracy
How is computer software protected by law?
• Computer software is protected by copyright law and international copyright treaties as well as other intellectual property laws and treaties. Copyright law and other intellectual property laws in many countries protect the rights of a software owner by granting to the owner a number of exclusive rights, including the right to reproduce or "copy" the software..
Software Piracy
• Illegal copying of Software
• Illegal Distribution of Software
• Illegal Use of Software
Why should I be concerned about Software Piracy?
• Software piracy harms all software companies and ultimately you, the end user. Piracy results in higher prices for duly licensed users, reduced levels of support, and delays in the funding and development of new products, causing the overall selection and quality of software to suffer.
Plymouth State College
Privacy
• Privacy – the right to not reveal information
• Most Web sites specify their privacy policy
• Cookies
DATABASES
• Information in marketing databases is frequently sold to companies and other organizations
• Information in some government data-bases is available to the public.
• Some public information can be retrieved from databases via the Web.
Plymouth State University
Electronic Profiling
• Electronic profiling is the collection of diverse information about an individual.
• Consider whether or not the Web site is requesting too much personal information,
• Only provide the required data.
• Do not provide personal details in chat rooms and personal Web sites.
Plymouth State University
Data Gathering
• Combining data from many sources
• Procedure– Data sources– Data fusion & cleansing
Data Storage
Privacy Policies
• An organization’s privacy policy addresses how any personal information submitted to that company will be used.
• Before providing any personal information via a Web page, it is a good idea to review the Web site’s privacy policy to see if the information will be shared with other organizations.
Plymouth State University
E-mail Address
• Protecting your E-mail address is one of the best ways to avoid spam.
• A throw-away E-mail address can be used for any activities that may result in spam
• Your permanent personal E-mail address can then be reserved for communications that should not result in spam.
Plymouth State University
WHY BE CONCERNED ABOUT INFORMATION PRIVACY?
• Privacy issues affect the lives of everyone.
• Information privacy refers to the rights of individuals and companies to control how information about them is collected and used.
• Privacy of Web site activities and E-mail messages
• High number of security breaches on systems that contain personal information.
Plymouth State University
Disposing of Old Hardware
• Individuals and businesses should be cautious when disposing of old hardware, such as hard drives and CDs, that contain sensitive data.
• Minimally, hard drives to be reused should be wiped clean
• CDs, DVDs, and other media to be disposed of should be shredded.
• Many copying machines contain copies of scanned documents on an internal hard drive.
Plymouth State University
ELECTRONIC SURVEILLANCE AND MONITORING
• Computer monitoring software that can record an individual’s computer use
• Video surveillance in public locations. • Monitoring telephone calls• Individual’s location using a smart ID card
customers safe. • For the highest level of privacy while at the
workplace, employees should perform only work-related activities on the job.
Plymouth State University
COMPUTER SECURITY AND PRIVACY LEGISLATION
• Legislating these issues is difficult due to ongoing changes in technology, jurisdictional issues, and varying opinions.
• Some legislation related to computer security has been enacted; new legislation is being considered on a regular basis.
• Do-not-call list
Plymouth State University
11/2/00 Plymouth State University 36
Inaccurate Digital Data
– Photographs may not be authentic– Photographs may be deliberately misleading
• 1994 Time magazine photo of O.J. Simpson was digitally darkened to make him appear sinister
– Could this have biased potential jury members?
– Dirty data – mistaken identity– Identity theft
Plymouth State University
Ethics• Privacy
• Security
• Social Security Number
• Credit Card Numbers
• Misuse of data
• Identity Theft
Plymouth State University
Exam in Two Weeks
Chapters 3, 4, 5, 6Lectures from Weeks 6, 7, 8, 9