© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Chapter 6BChapter 6B

Computer Security and Online Computer Security and Online PrivacyPrivacy

22

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Learning ObjectivesLearning Objectives6.46.4 Define the terms Define the terms threat, vulnerabilitythreat, vulnerability and and

countermeasurecountermeasure in the context of computer in the context of computer securitysecurity6.5 6.5 Identify the kinds of threats that can damage Identify the kinds of threats that can damage

computer hardware and ways to prevent that computer hardware and ways to prevent that damagedamage

6.6 6.6 Summarize types of threats to your computer Summarize types of threats to your computer data and ways to protect against those data and ways to protect against those

threatsthreats6.76.7 Define Define identity theftidentity theft, and explain ways that it , and explain ways that it

can be avoidedcan be avoided

33

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Basic Security ConceptsBasic Security Concepts• ThreatThreat:: Anything that can cause harm Anything that can cause harm• VulnerabilityVulnerability:: A weakness A weakness• CountermeasureCountermeasure:: Any step taken to ward off a threat Any step taken to ward off a threat

– Shielding the user from personal harmShielding the user from personal harm– Safeguarding the computer from physical hazardsSafeguarding the computer from physical hazards

44

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Power ProblemsPower Problems• Power problems:Power problems:

– PowerPower fluctuationsfluctuations: strength of : strength of electrical service rises or fallselectrical service rises or falls

– PowerPower failurefailure : power is lost : power is lost altogetheraltogether

• How they arise:How they arise:– Electrical stormsElectrical storms– Disturbances from Disturbances from

high-demand equipmenthigh-demand equipment– Old wiringOld wiring

55

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Power ProblemsPower Problems• Countermeasures:Countermeasures:

– SurgeSurge suppressorsuppressor: : guards appliances against large power guards appliances against large power spikes, or surgesspikes, or surges

• Doesn’t protect against reduced or total loss of powerDoesn’t protect against reduced or total loss of power• Widely available at electronics and hardware storesWidely available at electronics and hardware stores

– Uninterruptible power supply (UPS)Uninterruptible power supply (UPS): : hardware that functions as a battery hardware that functions as a battery backup by delivering a consistent backup by delivering a consistent supply of powersupply of power

66

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Theft and AccidentsTheft and Accidents• Theft:Theft:

– Can result in total loss of the systemCan result in total loss of the system– CountermeasuresCountermeasures

• Keep the system in a secure areaKeep the system in a secure area• Use special locks that attach the equipment to a deskUse special locks that attach the equipment to a desk

• Accidents:Accidents:– Keyboards are especially vulnerable to damage from Keyboards are especially vulnerable to damage from

spilled liquidsspilled liquids– Sometimes powering down the computer immediately can Sometimes powering down the computer immediately can

save itsave it

77

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Handling and StoringHandling and Storing• Handling storage media:Handling storage media:

– CDs and DVDsCDs and DVDs• Keep them in jewel cases, storage sleeves, or bindersKeep them in jewel cases, storage sleeves, or binders

– USB flash drivesUSB flash drives• Attach them to something easy to spotAttach them to something easy to spot

• Storing computer hardwareStoring computer hardware– Store so the hardware will stay dry and dust-feeStore so the hardware will stay dry and dust-fee– Keep away from large electrical equipmentKeep away from large electrical equipment

88

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Keeping Your Computer CleanKeeping Your Computer Clean• Liquids:Liquids:

– Keep liquids away Keep liquids away – Hardware gets wet, immediately turn it off or unplug itHardware gets wet, immediately turn it off or unplug it

• Dust:Dust:– Remove dust from the system unit a few times a yearRemove dust from the system unit a few times a year– Gently dust flat-panel monitors with a microfiber clothGently dust flat-panel monitors with a microfiber cloth

• Heat:Heat:– If a fan is broken, shut down your system before it If a fan is broken, shut down your system before it

overheatsoverheats

99

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

MalwareMalware• VirusVirus:: software that is attached to a host software that is attached to a host

– Has the ability to Has the ability to replicatereplicate (copy) itself from one computer (copy) itself from one computer to anotherto another

• WormWorm: : software that self-replicates and is a fully software that self-replicates and is a fully contained programcontained program

• TrojanTrojan horsehorse : software that : software that cannot self-replicate and cannot self-replicate and must rely on other methods must rely on other methods for deliveryfor delivery

1010

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

MalwareMalware• Malware goals:Malware goals:

– Steal informationSteal information– Destroy dataDestroy data– HijackHijack computers, or control over the computers’ functionscomputers, or control over the computers’ functions

• Common malware behaviors:Common malware behaviors:– Displaying unwanted advertising Displaying unwanted advertising ((adwareadware))– Reporting the computer’s activity Reporting the computer’s activity ((spywarespyware))– Allows the computer to get hijackedAllows the computer to get hijacked

• Infected computers are called Infected computers are called zombieszombies• BotnetsBotnets: : Massive networks of zombiesMassive networks of zombies

1111

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Protecting Against MalwareProtecting Against Malware• Avoid visiting sites where malware Avoid visiting sites where malware

is typically hostedis typically hosted• Be careful on social networking Be careful on social networking

sites sites • Use anti-malware software Use anti-malware software

– Antivirus scanningAntivirus scanning– Spyware detection and removalSpyware detection and removal– Firewall softwareFirewall software

• Recovery from a malware attackRecovery from a malware attack– Run a cleanup utilityRun a cleanup utility

1212

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Cyberterrorism and CybercrimesCyberterrorism and Cybercrimes• CyberterrorismCyberterrorism: attacking a nation’s critical : attacking a nation’s critical

infrastructure systems through the technology the infrastructure systems through the technology the nation usesnation uses

• CybercrimeCybercrime: : the use of a computer to carry out any the use of a computer to carry out any conventional criminal actconventional criminal act

• HackerHacker: : Someone who intrudes into another Someone who intrudes into another computer or system to perform an illegal act computer or system to perform an illegal act

1313

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Ways Hackers Gain AccessWays Hackers Gain Access• Exploiting a system vulnerabilityExploiting a system vulnerability• Obtaining passwords or other access information Obtaining passwords or other access information

– SniffingSniffing: : Ways that hackers steal or guess passwordsWays that hackers steal or guess passwords• PasswordPassword sharingsharing: : form of sniffing where a victim discloses form of sniffing where a victim discloses

his/her password to a hackerhis/her password to a hacker• PasswordPassword guessingguessing:: form of sniffing where the hacker tries to form of sniffing where the hacker tries to

guess a user’s passwordguess a user’s password• PasswordPassword capturecapture:: form of sniffing where passwords are detected form of sniffing where passwords are detected

as they are entered by a user as they are entered by a user – Social engineering: the practice of gaining a person’s Social engineering: the practice of gaining a person’s

confidence through misrepresentation or fraudconfidence through misrepresentation or fraud

1414

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Restricting Access to DataRestricting Access to Data• Set up operating system “accounts” on a shared PCSet up operating system “accounts” on a shared PC• Lock files with a passwordLock files with a password• Turn off the sharing of entire disks or individual files Turn off the sharing of entire disks or individual files

or foldersor folders• You can encrypt data so no one else can use it via a You can encrypt data so no one else can use it via a

network connectionnetwork connection• Set up a password-protected screen saverSet up a password-protected screen saver

1515

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Firewall and Back-upsFirewall and Back-ups• Firewall:Firewall:

– Prohibits unauthorized access to your computer via the Prohibits unauthorized access to your computer via the InternetInternet

– Important for computers with an Important for computers with an always-onalways-on connectionconnection (a (a connection that is always active)connection that is always active)

• Backing up dataBacking up data– Backing up protects against hardware damage and Backing up protects against hardware damage and

accidental deletionsaccidental deletions– Ways to backup are utility programs or cloud-based Ways to backup are utility programs or cloud-based

storagestorage

1616

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Identity TheftIdentity Theft• IdentityIdentity thefttheft: : stealing personal data to impersonate stealing personal data to impersonate

someone elsesomeone else• Methods:Methods:

– ShoulderShoulder surfingsurfing: : Watching someone enter personal Watching someone enter personal identification informationidentification information

– SnaggingSnagging: : Listening in while the victim gives out personal Listening in while the victim gives out personal informationinformation

– DumpsterDumpster divingdiving: : Going through garbage/trash to find Going through garbage/trash to find personal informationpersonal information

1717

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Protecting Your PrivacyProtecting Your Privacy• Data miningData mining: : process in which companies sift process in which companies sift

through data to spot patterns in customer behaviorthrough data to spot patterns in customer behavior• Some personal information is available from Some personal information is available from

commercial public-record servicescommercial public-record services– Public recordsPublic records: : Records that are available Records that are available

to anyone who wants to view themto anyone who wants to view them• Consumers have rights to control Consumers have rights to control

access to information about themaccess to information about them

1818

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Online Spying ToolsOnline Spying Tools• Cookies: small text files created by a Web serverCookies: small text files created by a Web server

– Normally, they have a legitimate purposeNormally, they have a legitimate purpose– However, they can be a privacy threatHowever, they can be a privacy threat

• Web bugsWeb bugs: : small image files that can small image files that can be embedded in a Web page or an be embedded in a Web page or an HTML-format e-mail messageHTML-format e-mail message

• Spyware: normally a hacker’s toolSpyware: normally a hacker’s tool– However, can be used legitimately by some programsHowever, can be used legitimately by some programs

1919

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Spam, Phishing and SpoofingSpam, Phishing and Spoofing• Spam:Spam:

– How did they get your e-mail?How did they get your e-mail?• PhishingPhishing: Using e-mail to trick : Using e-mail to trick

recipients into revealing recipients into revealing personal information on a personal information on a malicious web sitemalicious web site

• SpoofingSpoofing: : An attempt to deceive An attempt to deceive a computer user or system by a computer user or system by providing false information providing false information

2020

© 2013 by the McGraw-Hill Companies, Inc. All rights reserved.

Managing Cookies and SpamManaging Cookies and Spam• Use browser settings for managing different cookiesUse browser settings for managing different cookies

– session cookiessession cookies: last only for the current browser session: last only for the current browser session– first-party cookiesfirst-party cookies: : placed by the Web site you are visiting placed by the Web site you are visiting– persistent cookiespersistent cookies: stay on your system after you finish : stay on your system after you finish

browsingbrowsing– third-party cookiesthird-party cookies: provided by an advertiser on the site : provided by an advertiser on the site

you are viewingyou are viewing• Pop-up blocker settingsPop-up blocker settings• Controlling SPAM: ISP and user actionsControlling SPAM: ISP and user actions

– Spam filteringSpam filtering: : sends e-mail identified as spam sends e-mail identified as spam into a Junk Mail folderinto a Junk Mail folder