Date post: | 20-Jan-2016 |
Category: |
Documents |
Upload: | jerome-cummings |
View: | 219 times |
Download: | 0 times |
Prentice Hall, 2003 1
Chapter 9
Law, Ethics, andCyber Crime
Prentice Hall, 2003 2
Learning Objectives
Describe the difference between legal and ethical issuesUnderstand the difficulties of protecting privacy in ECDiscuss issues of intellectual property rights in ECUnderstand the conflict between free speech and censorship on the Internet
Prentice Hall, 2003 3
Learning Objectives (cont.)
Document the rapid rise in computer and network security attacksUnderstand the factors contributing to the rise of EC security breachesDescribe the key security issues facing EC sitesDiscuss some of the major types of cyber attacks against EC sitesDescribe some of the technologies used to secure EC sites
Prentice Hall, 2003 4
MP3, Napster, andIntellectual Property Rights
The ProblemMP3.com enabled users to listen to music from any computer with an Internet connection without paying royaltiesNapster supported the free distribution of music and other digitized content among millions utilizing peer-to-peer (P2P) technologyThese services could not be ignored because they could result in the destruction of millions of jobs and revenue
Prentice Hall, 2003 5
MP3, Napster, andIntellectual Property Rights (cont.)
The SolutionEmusic.com filed a copyright infringement lawsuit against MP3.com
Copyright laws and copyright cases have been in existence for years but:
Were not written for digital content
Financial gain loophole was not closed
Prentice Hall, 2003 6
MP3, Napster, andIntellectual Property Rights (cont.)
The ResultsAll commerce involves a number of legal, ethical, and regulatory issues
EC adds a number of questions about what constitutes illegal behavior versus unethical, intrusive, or undesirable behavior
Prentice Hall, 2003 7
Legal Issues vs. Ethical Issues
Ethics—the branch of philosophy that deals with what is considered to be right and wrong
Businesspeople engaging in e-commerce need guidelines as to what behaviors are reasonable under any given set of circumstancesWhat is unethical in one culture may be perfectly acceptable in another
Prentice Hall, 2003 8
Privacy
Privacy—the right to be left alone and the right to be free of unreasonable personal intrusions
Two rules have been followed fairly closely in court decisions:1. The right of privacy is not absolute.
Privacy must be balanced against the needs of society
2. The public ’s right to know is superior to the individual’s right of privacy
Prentice Hall, 2003 9
Privacy Advocates Take On DoubleClick
DoubleClick is one of the leading providers of online advertising
DoubleClick uses cookies to personalize ads based on consumers’ interests
In January 1999, DoubleClick bought catalog marketer Abacus Direct and announced plans to merge Abacus’s off-line database with their online data
Prentice Hall, 2003 10
Privacy Advocates Take On DoubleClick (cont.)
Several class action lawsuits were brought against DoubleClick, claiming that the company was “tracking Internet users and obtaining personal and financial information with-out the individual’s knowledge
In violation of the state’s Consumer Protection Act and asked it to stop placing cookies on consumers’ computers without their permission
In January 2001, the FTC ruled that DoubleClick had not violated FTC policies
Prentice Hall, 2003 11
Privacy Advocates Take On DoubleClick (cont.)
DoubleClick agreed to enhance its privacy measures and to pay legal fees and costs up to $18 million
Key provision of the settlement requires DoubleClick to “obtain permission from
consumers before combining any personally identifiable data with Web surfing history”
Prentice Hall, 2003 12
Web-Site Self-Registration
Registration questionnaires50% disclose personal information on a Web site for the chance to win a sweepstakes
Uses of the private information collected:For planning the business
May be sold to a third party
Must not be used in an inappropriate manner
Prentice Hall, 2003 13
Cookies
Cookie—a small piece of data that is passed back and forth between a Web site and an end user’s browser as the user navigates the site; enables sites to keep track of users’ activities without asking for identification
Cookies can be used to invade an individual ’s privacyPersonal information collected via cookies has the potential to be used in illegal and unethical ways
Prentice Hall, 2003 14
Cookies (cont.)
Solutions to unwanted cookiesUsers can delete cookie files stored in their computerUse of anti-cookie softwarePassport—a Microsoft component that lets consumers permanently enter a profile of information along with a password and use this information and password repeatedly to access services at multiple sites
Prentice Hall, 2003 15
Protection of Privacy
Notice/awarenessChoice/consentAccess/participationIntegrity/securityEnforcement/redress
Supported in the U.S. by the Federal Internet Privacy Protection ActSupported in the European Union by EU Data Protection Directive
Prentice Hall, 2003 16
Intellectual Property Rights
Intellectual property (IP)—creations of the mind, such as inventions, literary and artistic works, and symbols, names, images, and designs used in commerce
© ®
Prentice Hall, 2003 17
Intellectual Property Rights (cont.)
Copyright—an exclusive grant from the government that allows the owner to reproduce a work, in whole or in part, and to distribute, perform, or display it to the public in any form or manner, including the Internet
Digital watermarks—unique identifiers imbedded in digital content that make it possible to identify pirated works
Prentice Hall, 2003 18
Intellectual Property Rights (cont.)
Trademarks—a symbol used by businesses to identify their goods and services; government registration of the trademark confers exclusive legal right to its use
Gives exclusive rights to:Use trademark on goods and services registered to that signTake legal action to prevent anyone from using trademark without consent
Patent—a document that grants the holder exclusive rights on an invention for a fixed number of years
Prentice Hall, 2003 19
Free Speech and Censorship on the Internet
The issue of censorship is one of the most important to Web surfers
“Most citizens are implacably opposed to censorship in any form — except censorship of whatever they personally happen to find offensive.”Citizen action groups desiring to protect every ounce of their freedom to speakChildren ’s Online Protection Act (COPA)Governments protective of their role in society
Prentice Hall, 2003 20
Controlling Spamming
Spamming—the practice of indiscriminately broadcasting messages over the Internet (e.g., junk mail)
Spam comprised 25 to 50% of all e-mail Slows the internet in general; sometimes Shuts ISPs down completelyElectronic Mailbox Protection ActISPs are required to offer spam-blocking softwareRecipients of spam have the right to request termination of future spam from the same sender and to bring civil action if necessary
Prentice Hall, 2003 21
Cyber Crime
FraudIntentional deceit or trickery, often with the aim of financial gain
Cyber attackAn electronic attack, either criminal trespass over the Internet (cyber intrusion) or unauthorized access that results in damaged files, pro-grams, or hardware (cyber vandalism)
Prentice Hall, 2003 22
The Players: Hackers, Crackers, and Other Attackers
HackersOriginal hackers created the Unix operating system and helped build the Internet, Usenet, and World Wide Web; and, used their skills to test the strength and integrity of computer systemsOver time, the term hacker came to be applied to rogue programmers who illegally break into computers and networks
Prentice Hall, 2003 23
The Players: Hackers, Crackers, and Other Attackers (cont.)
CrackersPeople who engage in unlawful or damaging hacking short for “criminal hackers”
Other attackers“Script kiddies” are ego-driven, unskilled crackers who use information and software (scripts) that they download from the Internet to inflict damage on targeted sites
Prentice Hall, 2003 24
Internet Security
Cyber attacks are on the riseInternet connections are increasingly a point of attackThe variety of attacks is on the riseWhy now?
Because that’s where the money and information is!
Prentice Hall, 2003 25
Internet Security (cont.)
Factors have contributed to the rise in cyber attacks:
Security and ease of use are antithetical to one anotherSecurity takes a back seat to market pressuresSecurity of an EC site depends on the security of the Internet as a wholeSecurity vulnerabilities are mushroomingSecurity is compromised by common applications
Prentice Hall, 2003 26
Basic Security Issues
From the user ’s perspective:How can the user be sure that the Web server is owned and operated by a legitimate company?How does the user know that the Web page and form do not contain some malicious or dangerous code or content?How does the user know that the Web server will not distribute the information the user provides to some other party?
Prentice Hall, 2003 27
Basic Security Issues (cont.)
From the company ’s perspective:How does the company know the user will not attempt to break into the Web server or alter the pages and content at the site?How does the company know that the user will not try to disrupt the server so that it is not available to others?
Prentice Hall, 2003 28
Basic Security Issues (cont.)
From both parties ’perspectives:How do they know that the network connection is free from eavesdropping by a third party “listening in ”on the line?
How do they know that the information sent back and forth between the server and the user ’s browser has not been altered?
Prentice Hall, 2003 29
Basic Security Issues (cont.)
AuthorizationThe process that ensures that a person has the right to access certain resources
AuthenticationThe process by which one entity verifies that another entity is who they claim to be by checking credentials of some sort
Prentice Hall, 2003 30
Basic Security Issues (cont.)
AuditingThe process of collecting information about attempts to access particular resources, use particular privileges, or perform other security actions
Confidentiality (privacy)Integrity
As applied to data, the ability to protect data from being altered or destroyed in an unauthorized or accidental manner
Prentice Hall, 2003 31
Basic Security Issues (cont.)
IntegrityAs applied to data, the ability to protect data from being altered or destroyed in an unauthorized or accidental manner
AvailabilityNonrepudiation
The ability to limit parties from refuting that a legitimate transaction took place, usually by means of a signature
Prentice Hall, 2003 32
Exhibit 9.2General Security Issues at E-Commerce Sites
Prentice Hall, 2003 33
Types of Cyber Attacks
Technical attackAn attack perpetrated using software and systems knowledge or expertise
Nontechnical attackAn attack in which a perpetrator uses chicanery or other form of persuasion to trick people into revealing sensitive information or performing actions that compromise the security of a network
Prentice Hall, 2003 34
Types of Cyber Attacks (cont.)
Common vulnerabilities and exposures (CVEs)
Publicly known computer security risks or problems; these are collected, enumerated, and shared by a board of security-related organizations (cve.mitre.org)
Denial-of-service (DoS) attackAn attack on a Web site in which an attacker uses specialized software to send a flood of data packets to the target computer with the aim of overloading its resources
Prentice Hall, 2003 35
Types of Cyber Attacks (cont.)
Distributed denial of service (DDoS) attackA denial-of-service attack in which the attacker gains illegal administrative access to as many computers on the Internet as possible and uses these multiple computers to send a flood of data packets to the target computer
MalwareA generic term for malicious software
Prentice Hall, 2003 36
Exhibit 9.3Using Zombies in a DDoS Attack
Prentice Hall, 2003 37
Types of Cyber Attacks (cont.)
Virus A piece of software code that inserts itself into a host, including the operating systems, to propagate; it cannot run independently but requires that its host program be run to activate it
Worm A software program that runs independently, consuming the resources of its host from within in order to maintain itself and propagating a complete working version of itself onto another machine
Prentice Hall, 2003 38
Types of Cyber Attacks (cont.)
Trojan horseA program that appears to have a useful function but that contains a hidden function that presents a security risk
Two of the better-known Trojan horses “Back Orifice ”and “NetBus”
Self-contained and self-installing utilities that can be used to remotely control and monitor the victim ’s computer over a network (execute commands, list files, upload and download files on the victim’s computer)
Prentice Hall, 2003 39
Trojan Horse Attack on Bugtraq List
BugTraq—a full disclosure moderated mailing list for the detailed discussion and announcement of computer security vulnerabilities:
What they areHow to exploit themHow to fix them
Prentice Hall, 2003 40
Trojan Horse Attack on Bugtraq List (cont.)
SecurityFocus.com experts have been fooled
Sent the code containing a Trojan horse to its 37,000 BugTrac subscribersNetwork Associates server found itself under attackThe way the list is moderated did not change
Prentice Hall, 2003 41
Security Technologies
Internet and EC security is a thriving business
Firewalls and Access ControlOne major impediments to EC is the concern about the security of internal networksSidestep the issue by letting third parties host their Web sitesPrimary means of access control is password
Prentice Hall, 2003 42
Security Technologies (cont.)
FirewallA network node consisting of both hardware and software that isolates a private network from a public network
Intrusion detection system (IDS)A special category of software that can monitor activity across a network or on a host computer, watch for suspicious activity, and take automated action based on what it sees
Prentice Hall, 2003 43
Security Technologies (cont.)
Security risk managementA systematic process for determining the likelihood of various security attacks and for identifying the actions needed to prevent or mitigate those attacks
AssessmentPlanningImplementationMonitoring
Prentice Hall, 2003 44
Managerial Issues
How can the global nature of EC impact business operations?What sorts of legal and ethical issues should be of major concern to an EC enterprise?What are the business consequences of poor security?
Prentice Hall, 2003 45
Managerial Issues (cont.)
Are we safe if there are few visitors to our EC site?Is technology the key to EC security?Where are the security threats likely to come from?
Prentice Hall, 2003 46
Summary
Describe the differences between legal and ethical issues in ECUnderstand the difficulties of protecting privacy in ECDiscuss the issues of intellectual property rights in EC.proven to be particularlyUnderstand the conflict between free speech and censorship on the Internet
Prentice Hall, 2003 47
Summary (cont.)
Document the rapid rise in computer and network security attacksUnderstand the factors contributing to the rise of EC security breachesDescribe the key security issues facing EC sitesDiscuss some of the major types of cyber attacks against EC sitesDescribe some of the technologies used to secure EC sites