beekman5 std ppt_12
DESCRIPTION
TRANSCRIPT
Chapter 12
Computer Security and Risks
2002 Prentice Hall 2
Topics
“Computers are power, and direct contact with power can bring out the best or worst in a person.”
Former computer criminal turned corporate programmer
On-line Outlaws: Computer Crime
Computer Security: Reducing Risks
Security, Privacy, Freedom, and Ethics: The Delicate Balance
Security and Reliability
2002 Prentice Hall 3
On-line Outlaws:Computer Crime
Computers are used to break laws as well as uphold them
Computer crime involves: Theft by computer Software piracy
and intellectual property laws
Software sabotage
Hacking and electronic trespassing
2002 Prentice Hall 4
The Computer Crime Dossier
Computer crime is defined as any crime accomplished through knowledge or use of computer technology
The typical computer criminal is a trusted employee with no criminal record
2002 Prentice Hall 5
The Computer Crime Dossier
According to the FBI: Financial losses topped
$120 million in 1999
More than 60 percentof corporate, university,and government sitesreport at least one break-in per year
2002 Prentice Hall 6
Theft by Computer
Theft is the most common form of computer crime
Computers are usedto steal: Money Goods Information Computer resources
2002 Prentice Hall 7
Software Piracy and Intellectual Property Laws
Software piracy is the illegal duplication of copyrighted software
Intellectual property includes the results of intellectual activities in the arts, sciences, and industry
2002 Prentice Hall 8
Software Piracy and Intellectual Property Laws
Property laws: Inventions are patented Trade secrets are covered by contract law The expression of intellectual property can be
copyrighted
Look-and-feel lawsuits can result from mimicking intellectual property
2002 Prentice Hall 9
Software Sabotage
Trojan horse - performs a useful task while also being secretly destructive; time bombs are an example
Virus - spreads by making copies of itself from program to program or disk to disk
Worm - a program that travels independently over computer networks, seeking uninfected sites
Sabotage of software can include:
These are referred to as a virus.
2002 Prentice Hall 10
Software Sabotage
How software sabotage works:
2002 Prentice Hall 11
Software Sabotage
Virus detection software locates and removes viruses
• These programs need to be frequently revised
• More than 200 new virus appear each month!
2002 Prentice Hall 12
Hacking and Electronic Trespassing
Hackers are people who enjoyed learning the details of computer systems
Hackers (or crackers) refers to people who break into computer systems
Webjackers hijack Web pages and redirect users to other sites
Denial of Service (DOS) attacks bombards servers and web sites with traffic that shuts down the network
2002 Prentice Hall 13
Hacking and Electronic Trespassing
Breaking into other computer systems is called electronic trespassing
Electronic crime rings focus on stealing credit card numbers and other valuable information
Cliff Stoll discovered an international computer espionage ring because of a .75 cent accounting error.
2002 Prentice Hall 14
Computer Security: Reducing Risks
Computer crime has led to a need to protect computer systems
Computer security attempts to protect computers and the information they contain
Computer security protects against unwanted access, damage, modification, or destruction
2002 Prentice Hall 15
Computer Security: Reducing Risks
Physical Access Restrictions Passwords Firewalls, Encryptions, and Audits Backups Law, Management, and Ethics
A variety of security techniques are used to protect computer systems
2002 Prentice Hall 16
Physical Access Restrictions
Physical access restrictions are based on:
Something you have, such as a key, ID card with photo, or a smart card
Something you know, such as a password, an ID number, or a piece of personal history
Something you do, such as your signature or your typing speed and error patterns
2002 Prentice Hall 17
Physical Access Restrictions
Something about you, such as voice print, fingerprints, retinal scans, or other measurements of individual body characteristics (biometrics)
2002 Prentice Hall 18
Passwords
Passwords are the most common tool for restricting access to computer system
Effective passwords are: Not real words Not names Changed frequently Kept secret A mix of alphabet letters and numbers
2002 Prentice Hall 19
Firewalls, Encryption,and Audits
These security systems reduce or prohibit the interception of messages between computers:
Firewalls are like gateways with a lock Codes protect transmitted information and take a
special key to decode Shields are specially developed machines that prevent
unwanted interception
2002 Prentice Hall 20
Firewalls
The computer serves as a firewall by scanning every message for security risks before allowing it to pass into or out of the LAN
2002 Prentice Hall 21
Encryption
To make a message secure from outsiders requires encryption software
Encryption software scrambles the sent message using a key
A different key is needed to unscramble the received message
2002 Prentice Hall 22
Encryption
2002 Prentice Hall 23
Audit-Control Software
Audit-control software monitors and records computer activity
Effective audit-control software forces every user to leave a trail of electronic footprints
2002 Prentice Hall 24
Backups and Other Precautions
The best and most widely used method to recover data is a routine for making regular backups
Many computer systemsare backed up at theend of each work day
2002 Prentice Hall 25
Human Security Controls:Laws, Management, and Ethics
Security measuresprevent crime, but can also pose threats to personal privacy
Managers must make employees aware of security issues and risks
2002 Prentice Hall 26
Security, Privacy, Freedom, & Ethics: The Delicate Balance
Active badges can simultaneously improve security and threaten privacy by:
identifying who enters a door or logs onto amachine
finding an employee’s location or where theyhave been throughout the day
“In this age of advanced technology, thick walls and locked doors cannot guard our privacy or safeguard our personal freedom.”
Lyndon B. Johnson
2002 Prentice Hall 27
Rules of Thumb:Safe Computing
Share with care
Beware of BBS risks
Don’t pirate software
Disinfect regularly
Treat diskettes withcare
Take your password seriously
Lock sensitive data
Use backup systems
Consider encryptionfor Internet activities
Prepare for the worst
2002 Prentice Hall 28
Security and Reliability
Computer security involves more than protection from trespassing, sabotage, and other crimes
Software errors and hardware glitches account for some of the most important security issues, such as: Bugs and Breakdowns Computers at War
2002 Prentice Hall 29
Bugs and Breakdowns
Software bugs do more damage than viruses and computer burglars combined.
Facts about software engineering: It is impossible to eliminate all bugs.
Even programs that appear to work can contain dangerous bugs.
The bigger the system,the bigger the problem.
2002 Prentice Hall 30
Bugs and Breakdowns
Computer breakdowns pose a risk to the public and the incidence doubles every two years.
Hardware problems are rare when compared withsoftware failures
2002 Prentice Hall 31
Computers at War
Smart weapons are missiles that use computerized guidance systems to locate their targets.
An autonomous system is a complex system that can assume almost complete responsibility for a task without human input.
2002 Prentice Hall 32
Warfare in the Digital Domain
The front lines of the future may in cyberspace
By attacking computer networks an enemy could conceivably cripple:
telecommunications systems power grids banking and financial systems hospitals and medical systems water and gas supplies oil pipelines emergency government services