Chapter 11: Computer Crime and Information Security - PowerPoint PPT Presentation

About This Presentation
Title:

Chapter 11: Computer Crime and Information Security

Description:

Chapter 11: Computer Crime and Information Security Succeeding with Technology: Second Edition Objectives Describe the types of information that must be kept secure ... – PowerPoint PPT presentation

Number of Views:841
Avg rating:3.0/5.0
Slides: 51
Provided by: doctordDy
Category:

less

Transcript and Presenter's Notes

Title: Chapter 11: Computer Crime and Information Security


1
Chapter 11 Computer Crime and Information
Security
  • Succeeding with Technology Second Edition

2
Objectives
  • Describe the types of information that must be
    kept secure and the types of threats against them
  • Describe five methods of keeping a PC safe and
    secure
  • Discuss the threats and defenses unique to
    multiuser networks

3
Objectives (continued)
  • Discuss the threats and defenses unique to
    wireless networks
  • Describe the threats posed by hackers, viruses,
    spyware, frauds, and scams, and the methods of
    defending against them

4
Information Security and Vulnerability What is
at Stake?
  • Identity theft
  • The criminal act of using stolen information
    about a person to assume that persons identity
  • Intellectual property
  • Product of the mind or intellect over which the
    owner holds legal entitlement
  • Intellectual property rights
  • Ownership and use of intellectual property such
    as software, music, movies, data, and information

5
(No Transcript)
6
(No Transcript)
7
(No Transcript)
8
What is at Stake? (continued)
  • Security threats to businesses
  • Virus
  • Insider abuse of Internet access
  • Laptop theft
  • Unauthorized access by insiders
  • Denial-of-service attacks
  • System penetration
  • Theft of proprietary information
  • Sabotage

9
What is at Stake? (continued)
  • Business intelligence
  • Process of gathering and analyzing information in
    the pursuit of business advantage
  • Competitive intelligence
  • Form of business intelligence concerned with
    information about competitors
  • Counterintelligence
  • Concerned with protecting your own information
    from access by your competitors

10
(No Transcript)
11
Threats to Information Security
  • Security vulnerabilities or security holes
  • Software bugs that allow violations of
    information security
  • Software patches
  • Corrections to software bugs that cause security
    holes
  • Piracy
  • The illegal copying, use, and distribution of
    digital intellectual property
  • Plagiarism
  • Taking credit for someone elses intellectual
    property

12
(No Transcript)
13
(No Transcript)
14
Threats to Information Security (continued)
  • Hackers, crackers, intruders, and attackers
  • Black-hat hacker
  • White-hat hacker
  • Gray-hat hacker
  • Script kiddie

15
(No Transcript)
16
Machine Level Security
  • Common forms of authentication
  • Something you know
  • Password or personal identification number (PIN)
  • Something you have
  • ID cards, smartcards, badges, keys,
  • Something about you
  • Unique physical characteristics such as
    fingerprints

17
(No Transcript)
18
Passwords
  • Username
  • Identifies a user to the computer system
  • Password
  • A combination of characters known only to the
    user that is used for authentication
  • Strongest passwords
  • Minimum of eight characters in length
  • Do not include any known words or names

19
(No Transcript)
20
(No Transcript)
21
ID Devices and Biometrics
  • Biometrics
  • The science and technology of authentication by
    scanning and measuring a persons unique physical
    features
  • Facial pattern recognition
  • Uses mathematical technique to measure the
    distances between 128 points on the face
  • Retinal scanning
  • Analyzes the pattern of blood vessels at the back
    of the eye

22
(No Transcript)
23
Encrypting Stored Data
  • Encryption
  • Uses high-level mathematical functions and
    computer algorithms to encode data
  • Files
  • Can be encrypted on the fly as they are being
    saved, and decrypted as they are opened
  • Encryption and decryption
  • Tend to slow down computer slightly when opening
    and saving files

24
Backing Up Data and Systems
  • Backup software typically provides the following
    options
  • Select the files and folders you wish to back up.
  • Choose the location to store the archive file.
  • Choose whether to back up all files (a full
    backup), or
  • Just those that have changed since the last
    backup (an incremental backup)

25
(No Transcript)
26
System Maintenance
  • Computer housecleaning
  • Organizing the data files and software on your
    computer
  • Housecleaning activities can include
  • Deleting unneeded data files
  • Organizing the remaining data files logically
    into folders and subfolders
  • Emptying the recycle bin (Windows) or trash can
    (Mac)
  • Deleting unneeded saved e-mail messages

27
Network Security - Multiuser System
Considerations
  • Multiuser system
  • Computer system where multiple users share access
    to resources such as file systems
  • User permissions
  • The access privileges afforded to each network
    user
  • File ownership
  • Files and Folders on the system must carry
    information that identifies their creator

28
(No Transcript)
29
(No Transcript)
30
Interior Threats
  • Threats from within a private network
  • Problems that occur on networks
  • Stem from allowing network users to introduce
    software and data files from outside the network
  • Many instances of identity theft
  • Occur with the assistance of insiders with
    corporate network access

31
Security and Usage Policies
  • Security and network usage policy
  • Document, agreement, or contract that
  • Defines acceptable and unacceptable uses of
    computer and network resources
  • Typically warn against using the network for
    illegal activities
  • Employers
  • Not legally responsible for notifying employees
    of network usage policies

32
(No Transcript)
33
Wireless Network Security
  • Wireless networks
  • Provide wonderful convenience
  • Have security risks
  • Wi-Fi networks
  • The most popular wireless protocol
  • Are popping up in offices, homes, on city
    streets, in airports, coffee shops, even in
    McDonalds

34
(No Transcript)
35
Threats to Wireless Networks
  • Access point
  • Sends and receives signals to and from computers
    on the wireless local area network or WLAN
  • By default, are set to broadcast their presence
  • War driving
  • Driving through neighborhoods with a wireless
    notebook or handheld computer looking for
    unsecured Wi-Fi networks

36
(No Transcript)
37
Securing a Wireless Network
  • Options within the configuration software
  • Allow you to disable the access points
    broadcasting of the network ID, the SSID
  • Change password used to connect to access point
  • Access point can be set to only allow certain
    computers to connect
  • Popular wireless encryption protocols
  • Wired Equivalent Privacy (WEP)
  • Wi-Fi Protected Access (WPA)

38
Internet Security
  • When a computer is connected to the Internet
  • It becomes a target to millions of various attack
  • Computers IP address
  • Registered and known to others
  • Attacks against Internet-connected computers
  • Can come in the form of direct attacks or
  • Through viruses, worms, or spyware

39
(No Transcript)
40
Hackers on the Internet
  • Methods of Attack
  • Key-logging
  • packet-sniffing
  • Port-scanning
  • Social engineering
  • Dumpster diving

41
(No Transcript)
42
Viruses and Worms
  • Virus
  • Program that attaches itself to a file
  • Spreads to other files, and delivers a
    destructive action called a payload
  • Trojan horses
  • Appear to be harmless programs
  • When they run, install programs on the computer
    that can be harmful
  • Worm
  • Acts as a free agent, replicating itself numerous
    times in an effort to overwhelm systems

43
(No Transcript)
44
Spyware, Adware, and Zombies
  • Spyware
  • Software installed on a computer without users
    knowledge
  • Zombie computer
  • Carries out actions (often malicious) under the
    remote control of a hacker
  • Antispyware
  • Software that searches a computer for spyware and
    other software that may violate a users privacy

45
(No Transcript)
46
Scams, Spam, Fraud, and Hoaxes
  • Internet fraud
  • Deliberately deceiving a person over the Internet
    in order to damage them
  • Phishing scam
  • Combines both spoofed e-mail and a spoofed Web
    site in order to
  • Trick a person into providing private information
  • Virus hoax
  • E-mail that warns of a virus that does not exist

47
Scams, Spam, Fraud, and Hoaxes (continued)
  • Spam
  • Unsolicited junk mail
  • Solutions to spam
  • Bayesian filters
  • Trusted sender technology
  • Reputation systems
  • Interfaces for client-side tools

48
(No Transcript)
49
Summary
  • Total information security
  • Securing all components of the global digital
    information infrastructure
  • Fundamental security implemented at
  • The individual machine level
  • The point of entry to computers, computer
    networks, and the Internet

50
Summary (continued)
  • When a computer is connected to a network
  • Security risks increase
  • With wireless technologies
  • Attacker no longer has to establish a wired
    connection to a network
  • Attacks against Internet-connected computers may
    come in the form of
  • Direct attacks by hackers (system penetration) or
  • Through viruses, worms, or spyware
Write a Comment
User Comments (0)
About PowerShow.com