Chapter 11 : Manage Computing Securely, Safely And Ethically

Computer Security Risks

• A computer security risk is any event or action that could cause a loss of or damage to computer hardware,software,data,information,or processing capability.
• A cybercrime is an online or Internet-based illegal act
1. Hackers
2. Crackers
3. Script Kiddlies
4. Corporate Spies
5. Unethical Employees
6. Cyberextorrtionists
7. Cyberterrorists

Internet and Network Attacks

1. Information transmitted over networks has a higher degree of security risk than information kept on an organization's premises.
2. An online security service is a Web site that evaluates your computer to check for Internet and e-mail vulnerabilities.
3. Computer Virus

• Affects a computer negatively by altering the way the computer works

       4. Worm

• Copies itself repeatedly,using up resources and possibly shutting down the computer or network.

       5. Trojan Horse

• A malicious program that hides within or looks like a legitimate program

       6. Rootkit

• Program that hides in a computer and allows someone from a remote location to take full control.

       7. An infected computer has one or more of the following symptoms:

• Operating system runs much slower than usual
• Available memory is less than expected 
• File become corrupted
• Screen displays unusual message or image
• Music or unusual sound plays randomly
• Existing programs and files disappear
• Programs or files do not work properly
• Unknown programs or files mystereriously appear
• System properties change
• Operating system does not start up
• Operating system shuts down unexpectedly

       8. Users can take several precautions to protect their home and work computers and mobile devices from               these malicious infections.
     
       9. A botnet is a group of compromised computers connected to a network.

• A compromised computer is known as a zombie.

      10. A denial of service attack (DoS attack) disrupts computer access to Internet services.

• Distributed DoS (DDoS)

      11. A back door is a program or set of instructions in a program that allow users to bypass security                        controls.
      
      12. Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate.
     
      13. A firewall is hardware and/or software that protects a network's resources from intrusion.
      
      14. Intrusion detection software

• Analyzes all network traffic
• Assesses system vulnerabilities
• Identifies any unauthorized intrusions
• Notifies network administrators of suspicious behavior patterns or system breaches.

      15. Honeypot

• Vulnerable computer that is set up to entice an intruder to break into it.

 Unauthorized Access and Use

• Unauthorized access is the use of a computer or network without permission.
• Unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities.
• Organizations take several measures to help prevent unauthorized access and use
1. Acceptable use policy
2. Disable file and printer sharing
3. Firewalls
4. Intrusion detection software
• Access controls define who can access a computer,when they can access it,and what actions they can take
1. Two-phase processes called identification and authentication
2. User name
3. Password
4. Passphrase
5. CAPTCHA
• A possessed object is any item that you must carry to gain access to a computer or computer facility.
• Often are used in combination with a personal identification number(PIN)
• A biometric devices authenticates a person's identify by  translating a personal characteristic into a digital code that is compared with a digital code in a computer.
• Digital forensics is the discovery,collection,and analysis of evidence found on computers an network.
• Many areas use digital forensics
1. Law enforcement
2. Criminal prosecutors
3. Military intelligence
4. Insurance agencies
5. Information security department

Hardware Theft and Vandalism :

• Hardware theft is the act of stealing computer equipment.
• Hardware vandalism is the act of defacing or destroying computer equipment.
• To help reduce the of chances of theft,companies and schools use a variety of security measures
• Physical access controls :
1. Alarm systems
2. Cables to lock equipment
3. Real time location system
4. Passwords,possessed objects,and biometrics

Software Theft

• Software theft occurs when someone:
1. Steals software media 
2. Intentionally erases programs
3. Illegally copies a program
4. Illegally registers and/or activates a program
• A single-user license agreement typically contains the following conditions:
• Permitted to：
1. Install the software on one computer
2. Make one copy of the software
3. Remove the software from your computer before giving it away or selling it
• Not permitted to:
1. Install the software on a network
2. Give copies to friends or colleagues while continuing to use the software
3. Export the software
4. Rent or lease the software
• Copying,loaning,borrowing,renting,or distributing software can be a violation of copyright law.
• Some software requires product activation to function fully.

Information Theft

• Information theft occurs when someone steals personal or confidential information.
• Encryption is a process of converting readable data into unreadable characters to prevent unauthorized access.

An example of Public Key Encryption :

1. Step 1: The sender creates a document to be e-mailed to the receiver.
2. Step 2: The sender uses the receiver's public key to encrypt a message.
3. Step 3: The receiver uses his of her private key to decrypt the message.
4. Step 4: The receiver can read or print the decrypted message.

• A digital signature is an encrypted code that a person,Web site,or organization attaches to an electronic message to verify the identity of the sender.
• Often used to ensure that an impostor is not participating in an Internet transaction.
• Web browsers and Web sites use encryption techniques.
• Popular security techniques include
1. Digital certificates
2. Transport Layer Security(TLS)
3. Secure HTTP
4. VPN

System Failure

• A system failure is the prolonged malfunction of a computer.
• A variety of factors can lead to system failure,including:
1. Aging hardware
2. Natural disasters
3. Electrical power problems
4. Noise,undervoltages,and overvoltages
5. Errors in computer programs
• Two ways to protect from system failures caused by electrical power variations include surge protectors and uninterruptable power supplies (UPS) .

Backing Up-The Ultimate Safeguard

1. A backup is a duplicate of a file,program,or disk that can be used if the original is lost,damaged, or destroyed.
• to back up a file means to make a copy of it
2. Offsite backups are stored in a location separated from the computer site.
3. Two categories of backups:

• Full backup
• Selective backup

      4. Three-generation backup policy

• Grandparent
• Parent
• Child

Wireless Security

1. Wireless access poses additional security risks

• About 80 percent of wireless networks have no security protection.

1. War driving allows individuals to detect wireless network while driving a vehicle through the area.
2. In additional to using firewalls,some safeguards improve security of wireless networks:

• A wireless access point should not broadcast an SSID.
• Change the default SSID
• Configure a WAP so that only certain devices can access it
  Use WPA or WPA2 security standards

Ethics and Society

• Computer ethics are the moral guidelines that govern the use of computers and information systems.
• Information accuracy is a concern
• Not all information on the Web is correct
• Intellectual property rights are the rights to which creators are entitled for their work.
• An IT code of conduct is a written guideline that helps determine whether a specific computer action is ethical or unethical. 
• Green computing involves reducing the electricity and environmental waste while using a computer.
• Information privacy refers to the right of individuals and companies to deny or restrict the collection and use of information about them.
• Huge databases store data online.
• It is important to safeguard your information
• When you fill out a form,the merchant that receives the form usually enters it into a database.
• Many companies today allow people to specify whether they want their personal information distributed.
• A cookie is a small text file that a Web server stores on your computer.
• Web sites use cookies for a variety of reasons:
1. Allow for personalization
2. Store user's passwords
3. Assist with online shopping
4. Track how often users visit a site
5. Target advertisements
• Spam is an unsolicited e-mail message or newsgroup posting.
• E-mail filtering blocks e-mail messages from designated sources.
• Anti-spam programs attempt remove spam before it reaches your inbox.
• Phishing is a scam in which a perpetrator sends an official looking e-mail message that attempts to obtain your personal and financial information.
• Pharming is a scam where a perpetrator attempts to obtain your personal and financial information via spoofing.
• Social engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of trust and naivety.
• Employee monitoring involves the use of computers to observe,record,and review an employee's use of a computer.
• Content filtering is the process of restricting access to certain material on the Web.
• Many businesses use content filtering.
• Internet Content Rating Association (ICRA).
• Web filtering software restricts access to specified Web sites.