Data Security and Privacy

1
Data Security and Privacy
2
Agenda

• Review reading material
• Group exercise
• Quiz
• Grade quiz

3
Objectives

• Describe the types of information that must be
  kept secure and the types of threats against them
• Describe some methods of keeping a PC safe and
  secure
• Describe the threats posed by hackers, viruses,
  spyware, frauds, and scams, and the methods of
  defending against them

4
Data Security

• Dont buy a computer
• If you buy a computer, dont turn it on.
• Jeff Richards Laws of Data Security

5
What is at Stake?

• Identity theft
• The criminal act of using stolen information
  about a person to assume that persons identity
• Intellectual property
• Product of the mind or intellect over which the
  owner holds legal entitlement
• Intellectual property rights
• Ownership and use of intellectual property such
  as software, music, movies, data, and information

6
(No Transcript)
7
(No Transcript)
8
What is at Stake?

• Security threats to businesses
• Virus
• Insider abuse of Internet access
• Laptop theft
• Unauthorized access by insiders
• Denial-of-service attacks
• System penetration
• Theft of proprietary information
• Sabotage

9
What is at Stake?

• Business intelligence
• Process of gathering and analyzing information in
  the pursuit of business advantage
• Competitive intelligence
• Form of business intelligence concerned with
  information about competitors
• Counterintelligence
• Concerned with protecting your own information
  from access by your competitors

10
Threats to Information Security

• Security vulnerabilities or security holes
• Software bugs that allow violations of
  information security
• Software patches
• Corrections to software bugs that cause security
  holes
• Piracy
• The illegal copying, use, and distribution of
  digital intellectual property
• Plagiarism
• Taking credit for someone elses intellectual
  property

11
(No Transcript)
12
Threats to Information Security

• Hackers, crackers, intruders, and attackers
• Black-hat hacker
• White-hat hacker
• Gray-hat hacker
• Script kiddie

13
Machine Level Security

• Common forms of authentication
• Something you know
• Password or personal identification number (PIN)
• Something you have
• ID cards, smartcards, badges, keys,
• Something about you
• Unique physical characteristics such as
  fingerprints

14
(No Transcript)
15
Passwords

• Username
• Identifies a user to the computer system
• Password
• A combination of characters known only to the
  user that is used for authentication
• Strongest passwords
• Minimum of eight characters in length
• Do not include any known words or names

16
(No Transcript)
17
(No Transcript)
18
ID Devices and Biometrics

• Biometrics
• The science and technology of authentication by
  scanning and measuring a persons unique physical
  features
• Facial pattern recognition
• Uses mathematical technique to measure the
  distances between 128 points on the face
• Retinal scanning
• Analyzes the pattern of blood vessels at the back
  of the eye

19
(No Transcript)
20
Encrypting Stored Data

• Encryption
• Uses high-level mathematical functions and
  computer algorithms to encode data
• Files
• Can be encrypted on the fly as they are being
  saved, and decrypted as they are opened
• Encryption and decryption
• Tend to slow down computer slightly when opening
  and saving files

21
Internet Security

• When a computer is connected to the Internet
• It becomes a target to millions of various attack
• Computers IP address
• Registered and known to others
• Attacks against Internet-connected computers
• Can come in the form of direct attacks or
• Through viruses, worms, or spyware

22
Hackers on the Internet

• Methods of Attack
• Key-logging
• packet-sniffing
• Port-scanning
• Social engineering
• Dumpster diving

23
(No Transcript)
24
Viruses and Worms

• Virus
• Program that attaches itself to a file
• Spreads to other files, and delivers a
  destructive action called a payload
• Trojan horses
• Appear to be harmless programs
• When they run, install programs on the computer
  that can be harmful
• Worm
• Acts as a free agent, replicating itself numerous
  times in an effort to overwhelm systems

25
(No Transcript)
26
Spyware, Adware, and Zombies

• Spyware
• Software installed on a computer without users
  knowledge
• Zombie computer
• Carries out actions (often malicious) under the
  remote control of a hacker
• Antispyware
• Software that searches a computer for spyware and
  other software that may violate a users privacy

27
Spyware and Adware

• Often bundled with free downloads
• Can be a nuisance but can also steal information
• Be careful about what you download
• Install at least one spyware tool
• Ad-aware (www.lavasoftusa.com/aaw.html)
• WebWasher (www.webwasher.com)
• Spybot Search and Destroy (http//www.safer-networ
  king.org)

28
Pop-up Ads

• Annoying
• Can have inappropriate ads
• Upgrade to WinXP SP2
• Install toolbars (Google, Mozilla)

29
(No Transcript)
30
Phishing and Spoofing

• Phishing sending an e-mail directing the user to
  update personal information (linked to a false
  website)
• Spoofing forging and e-mail header (asking you
  to reply with private information)

31
Example Phishing Spoofing
To update your Amazon account information click
on the following link Where it says it will
send you http//www.amazon.com/exec/obidos/a
ccount-access-login/ref/indexgt Where it sends
you http//193.254.213.45/exec/varzea/regis
ter/login/
32
Pharming and Evil Twins

• Evil twins wireless networks that pretend to
  offer Wi-Fi connectionsactually steal passwords
  or credit card information
• Pharming redirect to an imposter webpageeven
  when correct one is typedpoisoning ISPs

33
Denial-of-Service Attack

• Caused by
• A person sending an Internet site thousands of
  access attempts
• Result of attack
• Internet site is overwhelmed
• No one can gain access to the Web site
• Delay-of-service
• Web site is very slow to respond

34
Privacy Issues

• Privacy
• Data on individuals can be collected, stored, and
  used without knowledge or consent
• Employee monitoring
• Collecting data on what employees do at work
• E-mail
• Raises issues about work privacy

35
Spam

• Spam and e-mail problems
• As many as half of all e-mail can be considered
  spam
• Antispam software packages include McAffee
  SpamKiller and Symantec Brightmail Antispam

36
Privacy

• Spyware
• Ad-aware (www.lavasoftusa.com/aaw.html)
• WebWasher (www.webwasher.com)
• Spybot Search and Destroy (http//www.safer-networ
  king.org)
• Email
• Employers (or university) can monitor
• Treat like a post card
• More information at www.wired.com/news/privacy/

37
Patches

• Set it to update automatically
• Can seriously reduce viral vulnerability
• Blaster example

38
Firewalls

• Prevent unauthorized access to or from a private
  network.
• Hardwarepacket filtering
• Softwareapplication level filtering
• Proxy Serverhides IP addresses

39
(No Transcript)
40
(No Transcript)
41
(No Transcript)
42
(No Transcript)
43
(No Transcript)
44
Scenario 1

• You receive an email from your mom. The text
  says Here is the information you requested and
  there is a word document attached. Do you open
  it?

45
Scenario 2

• You buy a new computer at CompUSA. What do you
  need to do to keep it safe from attacks?

46
Scenario 3

• You have a great iTunes collection. Your
  roommates friend wants to load his iPod too.
  What do you think?

47
Scenario 4

• You receive an email from PayPal asking you to
  update your personal information. What do you
  do?