Security, Privacy, and Ethics ITSC 1401, Intro to Computers Instructor: Glenda H. Easter.

Security, Privacy, and EthicsSecurity, Privacy, and Ethics

ITSC 1401, Intro to Computers

Instructor: Glenda H. Easter

Security, Privacy and Ethics, Chp. 14 2

ObjectivesObjectives

Identify the various types of security risks that can threaten computers

Describe ways to safeguard a computerDescribe how a computer virus works and

the steps individuals can be take to prevent viruses

Explain why computer backup is important and how it is accomplished


Objectives (Continued)Objectives (Continued)

Discuss the steps in a disaster recovery plan

Examine the issues relating to information privacy

Discuss ethical issues with respect to the information age

Identify and explain Internet-related security and privacy issues


Computer Security: Risks and Computer Security: Risks and SafeguardsSafeguards

Computer security risk: any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability


How is a Computer Virus How is a Computer Virus Created?Created?

A virus is a segment of program code that can do such things as alter programs or destroy data.

Many viruses can copy themselves onto programs, thereby spreading their damaging effects.


Computer VirusesComputer Viruses

Worm

Trojan horse

Time bomb

Logic bomb

file infectors

boot sector viruses

vaccine



Viruses may be caused by disgruntled employees.

Individuals of all levels of age and skill can be responsible for creating and distributing a virus.

Many times, if a programmer leaves a company under unpleasant conditions, he or she may infect the system with a virus.



Virus programs migrate through networks and operating systems.– A variant of the virus is the worm, a program

that fills a computer system with self-replicating information, clogging the system so that the operations are slowed and eventually stopped.

– A worm often corrupts data and causes irreparable damage.



A worm may be distributed at Christmas with the banner, “Peace on Earth” along with a picture of Earth turning.

A worm is designed to takecontrol of a system temporarily.

Viruses can find their way into microcomputers through copied floppy disks or programs downloaded from the Internet.



Trojan House– Disguised as a useful program but contains

hidden instructions to perform a malicious task.– Sometimes it is disguised as a game or a utility

program.– When users start to “run” the game, the Trojan

horse may erase the data on the hard disk or cause other unrecoverable damage.



Time Bombs are logic bombs.– They sit harmlessly on the system until certain

events or dates cause the program to become active.

– An example is the Michelangelo Virus.– It contained a batch file that was activated on

March 6th (the artist’s birthday) to destroy the contents of any hard drive that it is hidden on.


Time Bomb VirusesTime Bomb Viruses



Boot Sector Virus– It will load every time the computer is booted

and can make the data stored on the disk inaccessible.

Good Time VirusMicrosoft Viruses (protect your PC from

various strains of the Microsoft Virus that are infiltrated through macros.)


Microsoft Computer VirusesMicrosoft Computer VirusesProtect Your DataProtect Your Data

You can take steps to protect your system from some of the viruses introduced through Microsoft Products. Viruses are activated through various macros.

To protect your system when running a Microsoft product, follow these steps:– Access the Tools menu– Options– General Tab– Click Macro Virus Protection


How Do Viruses Spread?How Do Viruses Spread?

A piece of software that has a virus attached to it is called host program.

Usually the virus spreads when users share the host program.

If the host program is copied, the virus also is copied.

It infects the software with which it comes into contact.


When Does a Virus Attack?When Does a Virus Attack?

A virus usually is activated as soon as a program or file is used or at the specific times or dates determined by the person who wrote the virus code.

When the predetermined time or date registers on the internal clock of the computer, the virus attacks.

Often the virus code will display a message letting you know that the virus has done its damage.


Why Are Viruses Not Detected Why Are Viruses Not Detected Immediately?Immediately?

People who copy and keep the host program are unaware that the virus exists, because the virus is designed to hide from computer users for weeks or even months.


Computer Viruses (New Virus Computer Viruses (New Virus Programs Found Every Day)Programs Found Every Day)


Word Macro Virus Appears on Word Macro Virus Appears on the 6the 6thth or 8 or 8thth Of the Month Of the Month


Tips For Preventing Virus Tips For Preventing Virus InfectionsInfections


Virus Detection and RemovalVirus Detection and Removal


Virus Detection and RemovalVirus Detection and RemovalVirus Detection and RemovalVirus Detection and Removal

Antivirus program (Protects a computer against viruses by identifying and removing any computer viruses found in memory, on storage media, or on incoming memory.)

Virus signature (Looking for specific patterns of known virus code).



Polymorphic virus (Modifies its program code each time it attaches itself to another program or file.)

Inoculating files (the antivirus program records information such as the file size and file creation date in a separate inoculation file.)

Stealth virus (Can infect a program file, but still report the size and creation date of the original, uninfected program.)



Quarantine files (The antivirus program places the infected file in a separate area of your computer until you can remove the virus.)

Rescue disk (A disk that contains uninfected copy of key operating system commands and startup information that enables the computer to restart correctly.)


Unauthorized AccessUnauthorized Access

HackerCracker

legal? illegal?legal? illegal?


Computer CriminalsComputer Criminals

Computer criminals are one concern of computer security.

A computer crime is an illegal act in which the perpetrator uses special knowledge of computer technology.


Computer CriminalsComputer Criminals

Computer criminals are of four types: employees, outside users, hackers, and crackers.

Computer theft can be in the form of stealing hardware, software, data, or computer time.


Hardware Theft Prevented by Hardware Theft Prevented by Use of Locked CablesUse of Locked Cables


Types of Computer CriminalsTypes of Computer Criminals

Employees - May try to steal equipment, software, electronic funds, proprietary information, or computer time.

Outside Users - Users such as suppliers or clients may obtain confidential passwords or other ways to access a company's computer system.


Types of Computer CriminalsTypes of Computer Criminals

Hackers are people who gain unauthorized access to a computer system for fun or challenge.

Crackers are people who gain unauthorized access to a computer system for malicious purposes. They may intend to steal technical information or introduce a destructive computer program into the system.


Unauthorized AccessUnauthorized Access

A computer hobbyist is someone who enjoys pushing his or her computer skills to the limit. Sometimes this means trying to get past the security precautions that prevent unauthorized access to computer systems. Unauthorized computer access is a crime.


Selecting the Correct PasswordSelecting the Correct Password

Mix initials and dates together.Add one or more numbers at the beginning,

middle, or end of a word.Make the password at least eight characters (if

supported by software).Add letters to or subtract letters from an existing

word.Choose words from other languages. Join two words together.


Selecting PasswordsSelecting Passwords

When creating a password, try not to use a name or real words. They are too easy to figure out.

There are programs used by hackers that randomly check words against words in the dictionary.

If you use words, insert numbers in those words.




Network ControlNetwork Control

Passwords -- Beware!– Many systems ship with a “public access”

account activated that enables access with an easy-to-guess password or no password at all.

– The intent is to allow a certain type of access that users do find convenient.


Hand Geometry SystemsHand Geometry Systems


Retinal ScannerRetinal Scanner

Identifies by reading the tiny blood vessel patterns in the back of the eye.


Computer Security: Risks and Computer Security: Risks and SafeguardsSafeguardsComputer Security: Risks and Computer Security: Risks and SafeguardsSafeguards

Unauthorized Access and Use– User identification and passwords– Possessed objects– Biometric devices

• Fingerprint or thumbprint scanners• Hand geometry systems• Retinal scanners• Face recognition system

– Callback system


Callback SystemCallback System

With a callback system, you can connect to a computer only after the computer calls you back at a previously established telephone number.

This can authenticate remove users.To initiate the callback system, you call the

computer and enter a user ID and password.


Software PiracySoftware Piracy

Public DomainSharewareCopyrighted SoftwareSite License


Software PiracySoftware Piracy

This is the most pressing ethical issue for computer users--the duplication or copying of computer programs.

Some programs are offered free to anyone. This software is said to be public domain, and you can legally copy public domain software.


Software Piracy (Continued)Software Piracy (Continued)

There is also shareware. – This software has been copyrighted, and the

creator offers it to anyone to copy and try out. – In return, the creator asks the user to register

and pay for the software if he or she continues to use it, usually at a very inexpensive cost.



Most software is copyrighted software. This means it is legally protected against copying or being used without playing for it.



Software piracy involves making illegal copies of copyrighted software. Such piracy is a felony offense.

Most software companies don’t object to your making a backup copy of their software. It is designed to be copied or installed on your hard disk for your use. You can usually copy it to your desktop and your laptop.



Organizations with multiple computers can buy software for the computers at a reduced price per unit. This agreement is called a site license. It is a contract with the software publisher; and the contract allows multiple copies of software to be made for use in the organization.


End-User License Agreement When End-User License Agreement When Downloading from the InternetDownloading from the Internet



Software Theft– Software piracy– Software license– Site license– Network site license– Business Software Alliance (BSA)


Information About Software Piracy Information About Software Piracy from the Business Software Alliancefrom the Business Software Alliance


Safety PrecautionsSafety Precautions

Principle aspects of computer security include:– Encrypting messages– Restricting access– Anticipating disasters– Backing up data and security for

microcomputers.


Access Control and Access Control and Restricting AccessRestricting Access

Most systems require a password. Make it difficult to break into your system by coming up with an unusual password.

Many methods are used to identify users including biometric systems which uses machines to recognize an individual’s body characteristics such as fingerprint, signature, voice or photo.



Information Theft– Encryption

• Plaintext (Readable data)

• Ciphertext (Encrypted data)

• Simple encryption methods





Data encryption standard (DES) – The most popular private key encryption system.


RSA Technology (A Powerful Public Key RSA Technology (A Powerful Public Key Encryption Technology Used to Encrypt Encryption Technology Used to Encrypt Data Transmitted Over the Internet)Data Transmitted Over the Internet)



System Failure– Noise– Undervoltage– Overvoltage (power surge)

• Spike

– Surge protector


Natural DisastersAccess Control

Computer SecurityComputer Security

UPS

passwords

active badges



Disaster Recovery Plan– Emergency plan– Backup plan– Recovery plan– Test plan


Natural DisastersNatural Disasters

Natural Hazards– To prevent loss or damage to computers from natural

forces such as fires, floods, wind, hurricanes, tornadoes, and earthquakes, users should make backup of programs and data and keep them in safe locations away from the computer systems.

Civil Strive and Terrorism– Acts of sabotage are possible anytime and anywhere in

the world.


Natural Disasters (Continued)Natural Disasters (Continued)

Technological Failures– Electrical disturbances may affect the power

supply and cause a voltage surge or spike. – Protect your data by using a surge protector and

making backup copies of important materials.

Human Errors– Human errors occur when information is being

input or programmed into a system.


Anticipate DisastersAnticipate Disasters

Areas of recognized security risks are:– Physical security– Data security– Disaster Recovery Plan

• Special emergency facilities that are fully equipped computer centers are known as “hot sites”.

• Those emergency facilities that are empty shells and in need of hardware installations are called “cold sites.”


Safety PrecautionsSafety Precautions

Back up your data.Maintain security for microcomputers.

– Avoid extreme conditions in the elements.

– Guard the computer with safety devices.

– Guard the programs and data.

Individuals must take measures to protect and provide computer security.– Security, has become a growing field in the computer

industry.


Circuits Inside a Surge Circuits Inside a Surge ProtectorProtector


Uninterruptible Power Supply Uninterruptible Power Supply (UPS)(UPS)

Batteries used to provide electricity for a limited amount of time.


Data Backups– Incremental Backups

– Full Backups

– Disaster Recovery Plan

Network Controls– Callback Systems

– Firewalls

Computer SecurityComputer Security


Backup ProceduresBackup Procedures


Monthly Backup StrategyMonthly Backup Strategy



Developing a Computer Security Plan– Identify all information assets– Identify all security risks– Identify safeguards for the risks– International Computer Security Association

(ICSA)




Wire Tapping/Data Wire Tapping/Data EncryptionEncryption

Clipper Chip


Wiretapping and Data Wiretapping and Data EncryptionEncryption

Analog telephone conversations can be easily monitored.

Digital communications are more difficult to wiretap because the data stream must be converted to something understandable and possibly decrypted.


The Clipper ChipThe Clipper Chip

The FBI and the U. S. Department of Justice are asking telephone companies to make the Clipper Chip a standard.

The chip would automatically encrypt all data received or sent over digital communication lines.

Because digital data can be encrypted, the government is asking for a standard encryption scheme called the Clipper Chip.


The Clipper Chip (Continued)The Clipper Chip (Continued)

This chip would enable governmental agencies to eavesdrop--despite the use of encryption.

Certain governmental agencies, such as the IRS, will be the first to be required to use the chip.

Fiber optic cable cannot be wiretapped at all. At repeater boxes at periodical intervals are the only points at which it can be tapped.


Information PrivacyInformation PrivacyInformation PrivacyInformation Privacy

Unauthorized Collection and Use of Information– Safeguarding personal information


Network ControlNetwork Control

A firewall is a software designed to protect files and data from unauthorized access.

Firewalls are usually used to protect local area networks from unauthorized access through the Internet.

Access to personal information may be provided with the use of a gateway.


The Right to The Right to Computer PrivacyComputer Privacy

… the rights of persons to control the distribution of information about themselves

personalprivacy

public domain


Credit ReportingCredit Reporting

Fair Credit Reporting Act of 1970 errors



The law is supposed to protect you, but does it really?– The Fair Credit Reporting Act of 1970 was

intended to keep inaccuracies out of credit bureau files.

– Credit bureaus are barred from sharing credit information with anyone but authorized customers.



Anyone with a “legitimate business need” can gain access to your credit history, including:– Those considering giving you credit.

– Landlords

– Insurance companies

– Employers and potential employers

– Companies with which you have a credit account, for account monitoring purposes.



Customers have a right to review and correct their records.

Sometimes credit agencies share information with those whom they believe have a legitimate business need.

Make sure the credit information that is currently held on you is correct.


How Do I Know What They How Do I Know What They Have On Me?Have On Me?

There are three agencies that maintain credit records. Contact one or all three of them for your credit information.– Equivax at 1-800-685-1111– Experian at 1-800 397-3742 (formerly TRW) – Trans Union at 1-800-888-4213


What All Can Be Included in What All Can Be Included in This Credit Report?This Credit Report?

Your credit report contains– Your name– Your social security number and employment

information– Your legal record may be part of your credit

report, including liens, bankruptcy and other matters of public record which are of financial nature.


What All Can Be Included in What All Can Be Included in This Credit Report?This Credit Report?

Your credit report contains (Continued):– Who has requested credit information on you

in the past six months.– Other names and addresses on file for credit

holder.


Your Right To PrivacyYour Right To Privacy

A number of privacy laws addressing computer concerns have been passed in the United States since 1970. Some of these deal with:– Dissemination of credit reports– Access to information– Penalties for computer fraud or abuse.


What Are Your Rights?What Are Your Rights?

Nongovernmental organizations are often not subject to current laws, but some follow a code of ethics.

The rights of persons to control the distribution of information about themselves is considered a right of privacy.

Let’s visit, www.privacyrights.org


HTTP://www.Privacyrights.orgHTTP://www.Privacyrights.org


Privacy Rights ClearinghousePrivacy Rights ClearinghousePrivacy PolicyPrivacy Policy


Information PrivacyInformation Privacy



Unauthorized Collection and Use of Information– Safeguarding personal information

– U.S. government laws• Electronic Communications Privacy Act (ECPA)

(1986)

• Computer Matching and Privacy Protection Act (1988)

• Computer Fraud and Abuse Acts (1984, 1994)

• Fair Credit Reporting Act (1970)


Laws to Protect Your PrivacyLaws to Protect Your Privacy


Fair Reporting Act--1970Freedom of Information Act--1970 Privacy Act--1974 Right to Financial Privacy--1979 Computer Fraud and Abuse--1986 Computer Matching and Privacy Act--1988

United States Privacy LegislationUnited States Privacy Legislation


LegislationLegislation

Privacy deals with the collection and use of data about individuals.

Accuracy deals with the responsibility of those who collect data to ensure that the data is correct.

Property deals with concerns about who owns data and rights to software.

Access deals with the responsibility of those who control data and who is able to use it.



Fair Credit Reporting Act of 1970– Intended to keep inaccuracies out of credit bureau files.

There are many problems with this law.Freedom of Information Act of 1970

– Gives you the right to look at personal data stored on federal government databases.

Privacy Act of 1974– Prohibits federal information collected for one purpose

from being used for a different purpose.



Right to Financial Privacy Act of 1979– Sets strict procedures that federal agencies must follow

when seeking to examine customer records in banks. Computer Fraud and Abuse Act of 1986

– Prosecution of unauthorized access to computers and databases.

Electronic Communications Privacy Act of 1986– Protects the privacy of users on public e-mail systems.



Video Privacy Protection Act of 1988– Prevents retailers from selling or disclosing

video-rental records without customer consent or court order. This does not apply to important files such as medical and insurance.

Computer Matching and Privacy Protection Act of 1988– Sets procedures for computer matching of

federal data.



Employee Monitoring– Use of computers to observe, record, and

review an individual’s use of a computer– Electronic Communications Privacy Act– Privacy for Consumers and Workers Act


EthicsEthics

Ethics is the branch of philosophy that deals with the determination of what is right or wrong, good or bad.

To behave ethically is to live one's life in accordance with a set of ethical principles, which are based, ultimately on moral values.


Ethics (Continued)Ethics (Continued)

Ethics is also defined as standards of moral conduct.

Computer Ethics are defined as guidelines for morally acceptable use of computers in our society.

Ethics is doing the right thing. Right -vs- Wrong; Good - versus - Bad.


Electronic Mail PrivacyElectronic Mail Privacy

e-mail is not private

cyberporn


Electronic Mail PrivacyElectronic Mail Privacy

There is controversy as to whether or not employers have a right to read their employees’ e-mail.– It is currently legal for employers to search

employees’ electronic mail and/or computer files.Censoring content is a difficult issue; however,

if a user makes repeated inappropriate abusive messages to random users, Internet providers will remove a user’s account.


Where Do You Stand on These Issues?Where Do You Stand on These Issues?


Ethics and Information AgeEthics and Information AgeEthics and Information AgeEthics and Information Age

Information Accuracy– Who is responsible for accuracy of data?– Digitally altered photograph


Digitally Altered PhotographDigitally Altered Photograph

Michael Jordan (born 1963) meets Albert Einstein (who died in 1955.)



Internet Security and Internet Security and Privacy IssuesPrivacy IssuesInternet Security and Internet Security and Privacy IssuesPrivacy Issues

Internet Security and Privacy– Web browser security and privacy– Pagejacking (Redirecting an unsuspecting user

to another Web site totally unrelated to the topic. They often mousetrap you where you cannot click the Back button to exit.)


Internet Encryption– Newer versions of Web browsers use

encryption– Secure Sockets Layer (SSL)– Web secure pages begin with https protocol

instead of http protocol.



Web Secure Pages Begin with Web Secure Pages Begin with https Protocolhttps Protocol


Internet Encryption– Newer versions of Web browsers use

encryption– Secure Sockets Layer (SSL)



Electronic Funds Electronic Funds TransferTransfer

outgoing

incoming

accessibility?TRW


Electronic Funds Transfer (EFT)Electronic Funds Transfer (EFT)

The ability to monitor every purchase would give law enforcement a great advantage.

Knowledge about every purchase being so readily available could and would lead to abuse of such a system.

The IRS could track taxable income or expenditures more easily. Full knowledge of one’s personal finances would be available to unscrupulous employees.


Digital Signatures or Digital Digital Signatures or Digital CashCash


Objectionable Materials on the Internet– Constitutional issues– Communications Decency Act (1996)– Rating systems– Censorware– Internet filtering



Public and Private NetworksPublic and Private Networks

Platform for Internet Content Selection

Filtering Software



Inappropriate material is circulating via the Internet. The most volatile issue is pornography. This is now called cyberporn.

Most service providers such as American Online, CompuServe and Prodigy have established guidelines for their users and have a means to enforce those limits.

Individuals need to protect their children from this material by denying access to their home.



The Internet was designed to have no single authority and has no capability for enforcing rules or standards.

One way to avoid problem sites on the Internet is through the use of a tool called PICS, Platform for Internet Content Selection. This is a voluntary rating system that is widely endorsed by companies contributing to the Internet.


Filtering SoftwareFiltering Software

There are also tools that can be used to filter out pornography. – This filtering software is

available at many software outlets. Some of those packages include• Cyber Patrol •CYBERsitter.


To Specify a Rating Level for To Specify a Rating Level for Material Unsuitable for MinorsMaterial Unsuitable for Minors

Recreational Software Advisory Council

Date post:	12-Jan-2016
Category:	Documents
Upload:	jason-fisher
View:	220 times
Download:	4 times

Security, Privacy, and Ethics ITSC 1401, Intro to Computers Instructor: Glenda H. Easter.

Documents