Chapter 12

Computer Security and Risks

2002 Prentice Hall 2

Topics

“Computers are power, and direct contact with power can bring out the best or worst in a person.”

Former computer criminal turned corporate programmer

On-line Outlaws: Computer Crime

Computer Security: Reducing Risks

Security, Privacy, Freedom, and Ethics: The Delicate Balance

Security and Reliability

2002 Prentice Hall 3

On-line Outlaws:Computer Crime

Computers are used to break laws as well as uphold them

Computer crime involves: Theft by computer Software piracy

and intellectual property laws

Software sabotage

Hacking and electronic trespassing

2002 Prentice Hall 4

The Computer Crime Dossier

Computer crime is defined as any crime accomplished through knowledge or use of computer technology

The typical computer criminal is a trusted employee with no criminal record

2002 Prentice Hall 5

The Computer Crime Dossier

According to the FBI: Financial losses topped

$120 million in 1999

More than 60 percentof corporate, university,and government sitesreport at least one break-in per year

2002 Prentice Hall 6

Theft by Computer

Theft is the most common form of computer crime

Computers are usedto steal: Money Goods Information Computer resources

2002 Prentice Hall 7

Software Piracy and Intellectual Property Laws

Software piracy is the illegal duplication of copyrighted software

Intellectual property includes the results of intellectual activities in the arts, sciences, and industry

2002 Prentice Hall 8

Software Piracy and Intellectual Property Laws

Property laws: Inventions are patented Trade secrets are covered by contract law The expression of intellectual property can be

copyrighted

Look-and-feel lawsuits can result from mimicking intellectual property

2002 Prentice Hall 9

Software Sabotage

Trojan horse - performs a useful task while also being secretly destructive; time bombs are an example

Virus - spreads by making copies of itself from program to program or disk to disk

Worm - a program that travels independently over computer networks, seeking uninfected sites

Sabotage of software can include:

These are referred to as a virus.

2002 Prentice Hall 10

Software Sabotage

How software sabotage works:

2002 Prentice Hall 11

Software Sabotage

Virus detection software locates and removes viruses

• These programs need to be frequently revised

• More than 200 new virus appear each month!

2002 Prentice Hall 12

Hacking and Electronic Trespassing

Hackers are people who enjoyed learning the details of computer systems

Hackers (or crackers) refers to people who break into computer systems

Webjackers hijack Web pages and redirect users to other sites

Denial of Service (DOS) attacks bombards servers and web sites with traffic that shuts down the network

2002 Prentice Hall 13

Hacking and Electronic Trespassing

Breaking into other computer systems is called electronic trespassing

Electronic crime rings focus on stealing credit card numbers and other valuable information

Cliff Stoll discovered an international computer espionage ring because of a .75 cent accounting error.

2002 Prentice Hall 14

Computer Security: Reducing Risks

Computer crime has led to a need to protect computer systems

Computer security attempts to protect computers and the information they contain

Computer security protects against unwanted access, damage, modification, or destruction

2002 Prentice Hall 15

Computer Security: Reducing Risks

Physical Access Restrictions Passwords Firewalls, Encryptions, and Audits Backups Law, Management, and Ethics

A variety of security techniques are used to protect computer systems

2002 Prentice Hall 16

Physical Access Restrictions

Physical access restrictions are based on:

Something you have, such as a key, ID card with photo, or a smart card

Something you know, such as a password, an ID number, or a piece of personal history

Something you do, such as your signature or your typing speed and error patterns

2002 Prentice Hall 17

Physical Access Restrictions

Something about you, such as voice print, fingerprints, retinal scans, or other measurements of individual body characteristics (biometrics)

2002 Prentice Hall 18

Passwords

Passwords are the most common tool for restricting access to computer system

Effective passwords are: Not real words Not names Changed frequently Kept secret A mix of alphabet letters and numbers

2002 Prentice Hall 19

Firewalls, Encryption,and Audits

These security systems reduce or prohibit the interception of messages between computers:

Firewalls are like gateways with a lock Codes protect transmitted information and take a

special key to decode Shields are specially developed machines that prevent

unwanted interception

2002 Prentice Hall 20

Firewalls

The computer serves as a firewall by scanning every message for security risks before allowing it to pass into or out of the LAN

2002 Prentice Hall 21

Encryption

To make a message secure from outsiders requires encryption software

Encryption software scrambles the sent message using a key

A different key is needed to unscramble the received message

2002 Prentice Hall 22

Encryption

2002 Prentice Hall 23

Audit-Control Software

Audit-control software monitors and records computer activity

Effective audit-control software forces every user to leave a trail of electronic footprints

2002 Prentice Hall 24

Backups and Other Precautions

The best and most widely used method to recover data is a routine for making regular backups

Many computer systemsare backed up at theend of each work day

2002 Prentice Hall 25

Human Security Controls:Laws, Management, and Ethics

Security measuresprevent crime, but can also pose threats to personal privacy

Managers must make employees aware of security issues and risks

2002 Prentice Hall 26

Security, Privacy, Freedom, & Ethics: The Delicate Balance

Active badges can simultaneously improve security and threaten privacy by:

identifying who enters a door or logs onto amachine

finding an employee’s location or where theyhave been throughout the day

“In this age of advanced technology, thick walls and locked doors cannot guard our privacy or safeguard our personal freedom.”

Lyndon B. Johnson

2002 Prentice Hall 27

Rules of Thumb:Safe Computing

Share with care

Beware of BBS risks

Don’t pirate software

Disinfect regularly

Treat diskettes withcare

Take your password seriously

Lock sensitive data

Use backup systems

Consider encryptionfor Internet activities

Prepare for the worst

2002 Prentice Hall 28

Security and Reliability

Computer security involves more than protection from trespassing, sabotage, and other crimes

Software errors and hardware glitches account for some of the most important security issues, such as: Bugs and Breakdowns Computers at War

2002 Prentice Hall 29

Bugs and Breakdowns

Software bugs do more damage than viruses and computer burglars combined.

Facts about software engineering: It is impossible to eliminate all bugs.

Even programs that appear to work can contain dangerous bugs.

The bigger the system,the bigger the problem.

2002 Prentice Hall 30

Bugs and Breakdowns

Computer breakdowns pose a risk to the public and the incidence doubles every two years.

Hardware problems are rare when compared withsoftware failures

2002 Prentice Hall 31

Computers at War

Smart weapons are missiles that use computerized guidance systems to locate their targets.

An autonomous system is a complex system that can assume almost complete responsibility for a task without human input.

2002 Prentice Hall 32

Warfare in the Digital Domain

The front lines of the future may in cyberspace

By attacking computer networks an enemy could conceivably cripple:

telecommunications systems power grids banking and financial systems hospitals and medical systems water and gas supplies oil pipelines emergency government services