Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Computers:Computers:Tools for an Information AgeTools for an Information Age
Chapter 10Chapter 10Security and Privacy:Security and Privacy:
Computers and the InternetComputers and the Internet
22 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
ObjectivesObjectives
Explain the different types of computer crime Explain the different types of computer crime and the difficulties of discovery and prosecutionand the difficulties of discovery and prosecutionDescribe the aspects of securing corporate data, Describe the aspects of securing corporate data, including software and data security, disaster including software and data security, disaster recovery plans, and security legislationrecovery plans, and security legislationDescribe in general terms how viruses work, the Describe in general terms how viruses work, the damage they can cause, and procedures used damage they can cause, and procedures used to prevent this damageto prevent this damageExplain the threats to personal privacy posed by Explain the threats to personal privacy posed by computers and the Internet. Describe actions computers and the Internet. Describe actions you can take to maximize your privacyyou can take to maximize your privacy
33 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Security and PrivacySecurity and Privacy
Security – data stored on computer must Security – data stored on computer must be kept safebe kept safe
Privacy – private data must be kept from Privacy – private data must be kept from prying eyesprying eyes
44 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Computer CrimeComputer Crime
Hacker – someone who attempts to gain Hacker – someone who attempts to gain access to computer systems illegallyaccess to computer systems illegally Originally referred to as someone with a high Originally referred to as someone with a high
degree of computer expertisedegree of computer expertise Social engineering – a tongue-in-cheek term Social engineering – a tongue-in-cheek term
for con artist actionsfor con artist actions Persuade people to give away password Persuade people to give away password
informationinformation
Cracker – someone who uses the Cracker – someone who uses the computer to engage in illegal activitycomputer to engage in illegal activity
55 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Computer CrimeComputer Crime
Most commonly reported categoriesMost commonly reported categories Credit card fraudCredit card fraud Data communications fraudData communications fraud Unauthorized access to computer filesUnauthorized access to computer files Unlawful copying of copyrighted softwareUnlawful copying of copyrighted software
66 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Methods Computer Criminals UseMethods Computer Criminals Use
BombBomb
Data diddlingData diddling
Denial of service attacDenial of service attacksks
PiggybackingPiggybacking
Salami techniqueSalami technique
ScavengingScavenging
TrapdoorTrapdoor
Trojan horseTrojan horse
ZappingZapping
1616 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
White-Hat HackersWhite-Hat Hackers
Hackers that are paid by a company to Hackers that are paid by a company to break into that company’s computer break into that company’s computer systemssystems Expose security holes and flaws before Expose security holes and flaws before
criminals find themcriminals find them Once exposed, flaws can be fixedOnce exposed, flaws can be fixed
1717 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Discovery and ProsecutionDiscovery and Prosecution
Crimes are often undetectedCrimes are often undetected When they are detected, they are often not reportedWhen they are detected, they are often not reported
Prosecution is difficultProsecution is difficult Law enforcement agencies and prosecutors are ill-Law enforcement agencies and prosecutors are ill-
equipped to handle computer crimeequipped to handle computer crime Judges and juries often don’t understand computer Judges and juries often don’t understand computer
crimecrime
Congress passed the Computer Fraud and Congress passed the Computer Fraud and Abuse Act to increase awareness of computer Abuse Act to increase awareness of computer crimecrime
1818 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Computer ForensicsComputer Forensics
Uncovering computer-stored information Uncovering computer-stored information suitable for use as evidence in courts of lawsuitable for use as evidence in courts of law Restores files and/or e-mail messages that Restores files and/or e-mail messages that
someone has deletedsomeone has deleted
Some experts are available for hire, but most Some experts are available for hire, but most are on the staffs of police departments and are on the staffs of police departments and law firmslaw firms
1919 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Security: Playing It SafeSecurity: Playing It Safe
Security – a system of safeguardsSecurity – a system of safeguards Protects system and data from deliberate or Protects system and data from deliberate or
accidental damageaccidental damage Protects system and data from unauthorized Protects system and data from unauthorized
accessaccess
2020 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Controlling AccessControlling Access
Four means of controlling who has access Four means of controlling who has access to the computerto the computer What you haveWhat you have What you knowWhat you know What you doWhat you do What you areWhat you are
2525 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
A Disaster Recovery PlanA Disaster Recovery Plan
A method of restoring computer processing A method of restoring computer processing operations and data files in the event of major operations and data files in the event of major destructiondestructionSeveral approachesSeveral approaches Manual servicesManual services Buying time at a service bureauBuying time at a service bureau ConsortiumConsortium
Plan should include priorities for restoring Plan should include priorities for restoring programs, plans for notifying employees, and programs, plans for notifying employees, and procedures for handling data in a different procedures for handling data in a different environmentenvironment
2727 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Software SecuritySoftware Security
Who owns custom-made software?Who owns custom-made software?What prevents a programmer from taking What prevents a programmer from taking a copy of the program?a copy of the program?Answer is well establishedAnswer is well established If the programmer is employed by the If the programmer is employed by the
company, the software belongs to the company, the software belongs to the companycompany
If the programmer is a consultant, ownership If the programmer is a consultant, ownership of the software should be specified in the of the software should be specified in the contractcontract
2828 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Data SecurityData Security
Several techniques can be taken to Several techniques can be taken to prevent theft or alteration of dataprevent theft or alteration of data Secured wasteSecured waste Internal controlsInternal controls Auditor checksAuditor checks Applicant screeningApplicant screening PasswordsPasswords Built-in software protectionBuilt-in software protection
2929 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Personal Computer SecurityPersonal Computer Security
Physical security of hardwarePhysical security of hardware Secure hardware in place with Secure hardware in place with
locks and cableslocks and cables Avoid eating, drinking, and Avoid eating, drinking, and
smoking around computerssmoking around computers
3030 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Protecting Disk DataProtecting Disk Data
Use a surge protector to Use a surge protector to prevent electrical problems prevent electrical problems from affecting data filesfrom affecting data filesUninterruptible power Uninterruptible power supply includes battery supply includes battery backupbackup Provides battery power in the Provides battery power in the
event power is lostevent power is lost Allows users to save work and Allows users to save work and
close files properlyclose files properly
Back up files regularlyBack up files regularly
3131 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Backing Up FilesBacking Up Files
Back up to tape drive, CD-RW, or DVD-Back up to tape drive, CD-RW, or DVD-RAMRAM You can use software that automatically You can use software that automatically
backs up at a certain type of daybacks up at a certain type of day
Disk mirroringDisk mirroring Makes second copy of everything you put on Makes second copy of everything you put on
disk to another hard diskdisk to another hard disk
3232 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Types of BackupTypes of Backup
Three types of backupThree types of backup Full backup – copies everything from the hard driveFull backup – copies everything from the hard drive Differential backup – copies all files that have been Differential backup – copies all files that have been
changed since the last full backupchanged since the last full backup Incremental backup – copies only those files that Incremental backup – copies only those files that
have been changed since either the last full backup or have been changed since either the last full backup or the last incremental backupthe last incremental backup
Comprehensive backup plan involves periodic Comprehensive backup plan involves periodic full backups, complemented by more frequent full backups, complemented by more frequent incremental or differential backupsincremental or differential backups
3333 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Computer PestsComputer Pests
WormWorm
Virus Virus
4040 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Protecting Your PrivacyProtecting Your Privacy
Data you give to organizations is often Data you give to organizations is often sold or rented to other organizationssold or rented to other organizations Massive databases make it easy and Massive databases make it easy and
inexpensive to learn almost anything about inexpensive to learn almost anything about anybodyanybody
Legislation exists to protect your privacyLegislation exists to protect your privacy
4141 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Privacy LegislationPrivacy Legislation
Fair Credit Reporting ActFair Credit Reporting Act
Freedom of Information ActFreedom of Information Act
Federal Privacy ActFederal Privacy Act
Video Privacy Protection ActVideo Privacy Protection Act
Computer Matching and Privacy ProtectioComputer Matching and Privacy Protection Actn Act
Health Insurance Portability and Health Insurance Portability and Accountability ActAccountability Act
4848 Copyright © 2003 by Prentice HallCopyright © 2003 by Prentice Hall
Security and Privacy Problems on Security and Privacy Problems on the Internetthe Internet
With so many people on the Internet, how With so many people on the Internet, how do you keep data secure?do you keep data secure?
Several approachesSeveral approaches Using a firewallUsing a firewall EncryptionEncryption
Privacy issuesPrivacy issues Being monitoredBeing monitored Junk e-mailJunk e-mail