ISYS123

1
ISYS123

• Security
• Stair Reynolds Chapter 14

2
On-line OutlawsComputer Crime

• Computers are used to break laws as well as
  uphold them

Some will rob you with a six gun, and some with
a fountain pen. Woody Guthrie

• Computer crime involves
• Theft by computer
• Software piracy and intellectual property laws
• Software sabotage
• Hacking and electronic trespassing

3
The Computer Crime Dossier

• Computer crime is defined as any crime
  accomplished through knowledge or use of computer
  technology
• The typical computer criminal is a trusted
  employee with no criminal record

4
The Computer Crime Dossier

• According to the FBI
• Financial losses topped 120 million in 1999
• More than 60 percentof corporate,
  university,and government sitesreport at least
  one break-in per year

5
Cybercrime Doubles in Three Years

• Computer crime in Australia has doubled in
  three years and now outstrips the United States
• The Australian IT, 21 May 2002

6
Reported Cybercrime in Australia
Australian Computer Crime and Security Survey
2002 2002 93 respondents/98
7
Theft by Computer

• Theft is the most common form of computer crime

• Computers are usedto steal
• Money
• Goods
• Information
• Computer resources

8
Software Sabotage
Sabotage of software can include a Trojan horse,
virus, or worm

• Trojan horse performs a useful task while also
  being secretly destructive time bombs are an
  example
• Virus spreads by making copies of itself from
  program to program or disk to disk
• Worm a program that travels independently over
  computer networks, seeking uninfected sites

Often, all of these are referred to as a virus
9
Could I have a Virus?

• Typical symptoms
• Change in file size
• Change in file contents
• Less RAM available
• Unexpected behaviour
• How cant I catch a virus?
• How can I catch a virus?

10
Virus Detection Software

• Virus detection software can find and remove most
  viruses

• These programs need to be frequently revised
• More than 200 new virus appear each month!

11
How does Anti-Virus Software Work?

• Signatures built into the infected file
• The anti-virus trail
• Collect suspicious files
• Identify similar cases
• Work out what the virus does
• Develop disinfection programs
• Add to repertoire

12
Hacking and Electronic Trespassing

• In the late 1970s, hackers were people who
  enjoyed learning the details of computer systems
• Today, hackers (or crackers) refers to people who
  break into computer systems
• Webjackers hijack Web pages and redirect users to
  other sites

13
Hacking and Electronic Trespassing
Electronic trespassing

• Breaking into other computer systems is called
  electronic trespassing
• Electronic crime rings focus on stealing credit
  card numbers and other valuable information

14
Computer Security Reducing Risks

• Computer crime has led to a need to protect
  computer systems
• Computer security attemptsto protect computers
  and the information they contain
• Computer security protectsagainst unwanted
  access,damage, modification, or destruction

15
Computer Security
A variety of security techniques are used to
protect computer systems

• Physical Access Restrictions
• Passwords
• Firewalls, Encryptions, and Audits
• Backups
• Law, Management, and Ethics

16
Physical Access Restrictions

• Physical access restrictions are based on
• Something you have, such as a key, ID card with
  photo, or a smart card
• Something you know, such as a password, an ID
  number, or a piece of personal history
• Something you do, such as your signature or your
  typing speed and error patterns

17
Physical Access Restrictions

• Something about you, such as voice print,
  fingerprints, retinal scans, or other
  measurements of individual body characteristics
  (biometrics)

18
Passwords

• Passwords are the most common tool for
  restricting access to computer system

• Effective passwords are
• Not real words
• Not names
• Changed frequently
• Kept secret
• A mix of alphabet letters and numbers

19
Firewalls, Encryption,and Audits

• These security systems reduce or prohibit the
  interception of messages between computers

• Firewalls are like gateways with a lock
• Codes protect transmitted information and take a
  special key to decode
• Shields are specially developed machines that
  prevent unwanted interception

20
Firewalls

• The computer serves as a firewall by scanning
  every message for security risks before allowing
  it to pass into or out of the LAN

Firewall
21
Encryption

• To make a message secure from outsiders requires
  encryption software
• Encryption software scrambles the sent message
  using a key
• A different key is needed to unscramble the
  received message

22
Encryption
23
Cryptography

• Means of mathematical encoding that converts
  messages into a form that is unreadable
• An effort to maintain confidentiality of data

24
Basic Cryptography
Plain Text
Encryption Algorithm
Key
Cipher Text
Decryption Algorithm
Key
Plain Text
25
Symmetric Key Cryptography

• Same key used for
• Encryption
• Decryption
• Key a secret shared by sender and recipient
• Efficient
• Key distribution problem

26
Public (Asymmetric) Key Cryptography

• There are two keys
• Public key
• Private key
• Public keys are published
• Private keys are kept secret (you keep your own
  private key)
• Solves key distribution problem but less
  efficient than symmetric cryptography

27
Public Key Cryptography

• Example of message encryption
• Adam encrypts the message using Beths public key
• Beth decrypts the message using her private key
• PGP (Pretty Good Privacy) is a popular email
  encryption system
• http//www.pgp.com/products/freeware/default.asp

28
Who Knows The Key

• For symmetric cryptography both participants know
  the key

KAB
KAB
B
A
29
For asymmetric cryptography

• Each secret key is known only by its owner
• The public keys are known by everybody

KPRIV-B KPUB-A KPUB-b
KPRIV-A KPUB-A KPUB-b
A
B
30
Integrity

• Is the message received the one that was sent?
• Checked by
• Do a calculation on message
• Send message and result of calculation
• Recipient redoes calculation
• See if their result matches the one they were
  sent
• Calculation often done using cryptography

31
Digital Signatures

• Part of the point of public key cryptography is
• Tell everyone your public key
• Anyone can encrypt a message to you using that
  key
• But only you can decrypt it (using private key)
• What if you encrypt something using your private
  key?
• Well, anyone could decrypt it, so no privacy

32
But

• if you send the message and the encryption of it
  using your private key
• A recipient would know you must have done the
  encryption, because nobody else could have
• No-one else knows your private key
• This is a digital signature

33
Audit-Control Software

• Audit-control software monitors and records
  computer activity

• Effective audit-control software forces every
  user to leave a trail of electronic footprints

34
Backups, Security

• Without backups, there is no security
• What is a backup?
• What do you call it?
• Where do you put it?
• How often do you do it?

35
Making Backups

• The best and most widely used method to recover
  data is a routine for making regular backups
• Many computer systemsare backed up at theend of
  each work day

36
Human Security Controls

• Security measuresprevent crime, but can also
  pose threats to personal privacy
• Managers must make employees aware of security
  issues and risks

37
Security, Privacy, Freedom, Ethics The
Delicate Balance
In this age of advanced technology, thick walls
and locked doors cannot guard our privacy or
safeguard our personal freedom. Lyndon B.
Johnson
38
Security, Privacy, Freedom, Ethics The
Delicate Balance

• Active badges can simultaneously improve security
  and threaten privacy by

• identifying who enters a door or logs onto
  amachine
• finding an employees location or where theyhave
  been throughout the day

39
Rules of ThumbSafe Computing

• Share with care
• Beware of BBS risks
• Dont pirate software
• Disinfect regularly
• Treat diskettes withcare

• Take your password seriously
• Lock sensitive data
• Use backup systems
• Consider encryptionfor Internet activities
• Prepare for the worst

40
Security and Reliability

• Computer security involves more than protection
  from trespassing, sabotage, and other crimes
• Software errors and hardware glitches account for
  some of the most important security issues, such
  as
• Bugs and Breakdowns
• Computers at War

41
Bugs and Breakdowns

• Software bugs do more damage than viruses and
  computer burglars combined.

• Facts about software engineering
• It is impossible to eliminate all bugs.
• Even programs that appear to work can contain
  dangerous bugs.
• The bigger the system,the bigger the problem.

42
Bugs and Breakdowns

• Computer breakdowns pose a risk to the public and
  the incidence doubles every two years.
• Hardware problemsare rare whencompared
  withsoftware failures

43
Computers at War

• Smart weapons are missiles that use computerized
  guidance systems to locate their targets.
• An autonomous system is a complex system that can
  assume almost complete responsibility for a task
  without human input.