Download UC11.Chapter.09

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
Document related concepts

Wireless security wikipedia , lookup

Malware wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Hacker wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
11th Edition
TODAY AND TOMORROW
9

CHAPTER
Chapter 9
Network and Internet
Security
Understanding Computers, 11th Edition
1
Learning Objectives




Explain why computer users should be concerned
about network and Internet security.
List several examples of unauthorized access,
unauthorized use, and computer sabotage.
Explain what risks access control systems, firewalls,
antivirus software, and encryption protect against.
Discuss online theft, identity theft, Internet scams,
spoofing, phishing, and other types of dot cons.
Chapter 9
Computers, 11th Edition
Understanding
2
Learning Objectives, Cont’d




Detail steps an individual can take to protect against
online theft, identity theft, Internet scams, spoofing,
phishing, and other types of dot cons.
Identify personal safety risks associated with Internet
use.
List steps individuals can take when using the
Internet to safeguard their personal safety.
Name several laws related to network and Internet
security.
Chapter 9
Computers, 11th Edition
Understanding
3
Overview

This chapter covers:
 Security concerns stemming from the use of
computer networks
 Safeguards and precautions that can be taken
to reduce the risk of problems related to these
security concerns
 Personal safety issues related to the Internet
 Legislation related to network and Internet
security
Chapter 9
Computers, 11th Edition
Understanding
4
Why Be Concerned about Network
and Internet Security?
Security concerns related to computer networks and
the Internet abound
 Computer crime: illegal act involving a computer,
including
 Breaking through the security of a network
 Theft of financial assets
 Manipulating data for personal advantage
 Act of sabotage (releasing a computer virus,
shutting down a Web server)
 All computer users should be aware of security
that can be taken
Chapter 9 issues and precautions
Understanding
Computers, 11th Edition
5

Unauthorized Access, Unauthorized
Use, and Computer Sabotage

Unauthorized access: gaining access to a
computer, network, file, or other resource without
permission; can be committed by
 Insiders
 Outsiders

Unauthorized use: using a computer resource for
unapproved activities
Code of conduct: rules for behavior, typically by a
Chapter 9 business or school Understanding
Computers, 11th Edition
6

Chapter 9
Computers, 11th Edition
Understanding
7
Hacking

Hacking: using a computer to break into another
computer system; the person doing the hacking is
a hacker
 To steal information
 To sabotage a system
 To hijack PCs to generate spam or host Web
sites
 Social hacking
 Authorized hacking
Wi-Fi Hacking: gaining access to a computer via a
wireless—such as a Wi-Fi (802.11)—network
are not secured
Chapter 9  Many Wi-Fi networks
Understanding
Computers, 11th Edition
8

Hacking

War Driving: driving around an area with a Wi-Fienabled computer or mobile device to find a Wi-Fi
network to use without authorization
Chapter 9
Computers, 11th Edition
Understanding
9
Interception of Communications




To gain access to data stored on a computer, some
criminals attempt to hack directly into that computer
It is also possible to gain unauthorized access to
content as they are being sent over the Internet
The increased use of wireless networks has opened
up new opportunities for data interception
Once intercepted, the content can be read, altered, or
otherwise used for unintended purposes
Chapter 9
Computers, 11th Edition
Understanding
10
Computer Sabotage

Computer sabotage: act of malicious destruction to a
computer or computer resource
Malware: any type of malicious software
 Computer virus: malicious program embedded in a
file that is designed to cause harm to the computer
system
 Computer worm: malicious program designed to
spread rapidly by sending copies of itself to other
computers.
 Trojan horse: malicious program that masquerades as
Chapter 9
something else Understanding
Computers, 11th Edition
11

Chapter 9
Computers, 11th Edition
Understanding
12
Computer Sabotage, Cont’d

Denial of service (DoS) attack: act of sabotage that
floods a Web server with so much activity that it is
unable to function
Chapter 9
Computers, 11th Edition
Understanding
13
Computer Sabotage

Data or program alteration: a hacker breaches a
computer system in order to delete data, change
data, modify programs, perform cybervandalism, etc.
Chapter 9
Computers, 11th Edition
Understanding
14
Protecting Against Unauthorized Access,
Unauthorized Use, & Computer Sabotage

A number of security risks can be reduced by:
 Carefully controlling access to an organization’s
facilities and computer network
 Using appropriate security software

Reward programs may help reduce computer crime
 Microsoft’s multimillion-dollar reward fund for
individuals who supply information is leading to
the arrest of virus writers
Chapter 9
Computers, 11th Edition
Understanding
15
Access Control Systems



Access control systems: used to control access to
facilities, computer networks
 Identification systems: verify that the person trying
to access the facility or system is an authorized
user
 Authentication systems: determine if the person is
who he or she claims to be
Critical to protect data in company databases
New PCI standards by credit card companies may
help improve business security procedures
Chapter 9
Computers, 11th Edition
Understanding
16
Access Control Systems, Cont’d
Types of access control systems
 Possessed knowledge access systems—use
information that only an individual should know
 Passwords (should be strong passwords and
changed frequently)
 Usernames
 PINs
 Can be used in conjunction with other access
systems for two-factor authentication
 Disadvantage: can be used by an unauthorized
individual
Chapter 9
Understanding
Computers, 11th Edition
17

Access Control Systems, Cont’d

Types of access control systems, cont’d
 Possessed object access systems—
use physical objects that an individual
has in his or her possession
 Magnetic cards
 Smart cards
 Encoded badges
 USB security tokens
 Disadvantage: can be used by an
unauthorized individual
Chapter 9
Computers, 11th Edition
Understanding
18
Access Control Systems, Cont’d

Types of access control systems, cont’d
 Biometric access systems—use one unique
physical characteristic of an individual
 Fingerprint
 Hand geometry
 Face
 Iris
 Advantage: can only be used by the authorized
individual
Chapter 9
Computers, 11th Edition
Understanding
19
Chapter 9
Computers, 11th Edition
Understanding
20
Chapter 9
Computers, 11th Edition
Understanding
21
Access Control Systems, Cont’d

Wireless network access considerations
 In general, less secure than wired networks
 Network owners should:
 Enable Wi-Fi security procedures (WEP is less
secure than WPA)
 Turn on encryption
 Not broadcast the network name
 Change the default network administrator
password
Chapter 9
Computers, 11th Edition
Understanding
22
Chapter 9
Computers, 11th Edition
Understanding
23
Firewalls and Antivirus Software

Firewall: security system that provides a protective
boundary between a computer or network and the
outside world
 Work by closing down all external communications
port addresses
 Blocks access to the PC from outside hackers
 Blocks access to the Internet from programs on
the user’s PC unless authorized by the user
 Important for home PCs that have a direct Internet
connection as well as for businesses
Chapter 9
Computers, 11th Edition
Understanding
24
Chapter 9
Computers, 11th Edition
Understanding
25
Firewalls and Antivirus Software,
Cont’d
Antivirus software: used to detect and eliminate
computer viruses and other types of malware
 Should be set up to run continuously to check
incoming e-mail messages, instant messages, and
downloaded files
 Should be set up to scan the entire PC regularly
 Needs to be updated regularly since new malware
is introduced at all times
 Best to have the program automatically download
new virus definitions on a regular basis
 Some programs also scan for other threats, such
as spyware
Chapter 9
Understanding
Computers, 11th Edition
26

Chapter 9
Computers, 11th Edition
Understanding
27
Chapter 9
Computers, 11th Edition
Understanding
28
Encryption and Other Security Tools

Encryption: method of scrambling e-mail or files to
make them unreadable

Secure Web servers: use encryption to protect
information transmitted via their Web pages
 Most common is SSL
 Look for a locked padlock on the status bar and
https:// in the URL
 Only transmit credit card numbers and other
sensitive data via a secure Web server
Chapter 9
Computers, 11th Edition
Understanding
29
Chapter 9
Computers, 11th Edition
Understanding
30
Encryption and Other Security Tools,
Cont’d

E-mail and file encryption: to protect e-mail
messages and files while in transit
 Encrypted documents are unreadable until they
are decrypted
 Often implemented using a third-party encryption
program, such as Pretty Good Privacy (PGP)
 Most common types of encryption
 Usually uses keys (essentially passwords)
 Various strengths available; stronger encryption
uses larger keys and is more difficult to crack
Chapter 9
Computers, 11th Edition
Understanding
31
Encryption and Other Security Tools,
Cont’d
Private key encryption: uses a single key
 Most often used to encrypt files on a PC
 If used to send files to others, the recipient needs to
be told the key
 Public key encryption: uses two keys
 Public key: can be given to anyone; used to encrypt
messages to be sent to that person
 Private key: only known by the individual; used to
decrypt messages sent that are encrypted with the
individual’s public key
 Key pairs can be obtained through a Certificate
Chapter 9
Understanding
Authority
Computers, 11th Edition
32

Chapter 9
Computers, 11th Edition
Understanding
33
Encryption and Other Security Tools,
Cont’d

Virtual private networks (VPNs): path over the
Internet that provides authorized users a secure
means of accessing a private network
 Much less expensive than a private secure
network since uses the Internet
 Used to provide secure access to a company
system by individuals located outside the office
Chapter 9
Computers, 11th Edition
Understanding
34
Take Caution with Employees
A significant number of security breaches (~50%) are
committed by insiders
 Taking caution with employees can help avoid security
problems
 Screen potential new hires carefully
 Watch for disgruntled employees and exemployees
 Develop policies and controls
 Ask business partners to review their security to
avoid attacks coming from someone located at that
organization
Chapter 9
Understanding
Computers, 11th Edition
35

Online Theft, Fraud, and Other Dot
Cons
Dot con: A fraud or scam carried out through the
Internet
 Data theft or information theft can be committed by
 Stealing an actual PC
 A hacker gaining unauthorized access
 Includes personal data, proprietary corporate
information, and money
 Identity theft: using someone else’s identity to
purchase goods or services, obtain new credit cards
or bank loans, or illegally masquerade as that
individual
consuming to recover from
Chapter 9  Expensive and time
Understanding
Computers, 11th Edition
36

Chapter 9
Computers, 11th Edition
Understanding
37
Online Theft, Fraud, and Other Dot
Cons, Cont’d
Online auction fraud: when an item purchased
through an online auction is never delivered, or the
item is not as specified by the seller
 Internet offer scams: a wide range of scams offered
through Web sites or unsolicited e-mails
 Spoofing: making it appear that an e-mail or a Web
site originates from somewhere other than where it
really does
 Phishing: use of spoofed e-mail messages to gain
credit card numbers and other personal data; after
victim clicks a link in the message, they transmit
information to the thief
Chapter 9
Understanding
Computers, 11th Edition
38

Chapter 9
Computers, 11th Edition
Understanding
39
Online Theft, Fraud, and Other Dot
Cons, Cont’d
Spyware: program installed without the user’s
knowledge that secretly collects information and
sends it to an outside party via the Internet
 Can be installed with another program (particular
freeware programs)
 Can be installed by clicking a link in a phishing email message
 Can be installed by visiting a Web site
 Security risk if transmits personal data that can be
used in identity theft or other illegal activities
a PC or make it malfunction
Chapter 9  Can also slow down
Understanding
Computers, 11th Edition
40

Protecting Against Online Theft,
Fraud, and Other Dot Cons
Protecting against identity theft
 Do not give out personal information (Social
Security number, mother’s maiden name, etc.)
unless absolutely necessary
 Never give out sensitive information over the
phone or by e-mail
 Shred documents containing sensitive data, credit
card offers, etc.
 Don’t place sensitive outgoing mail in your mailbox
 Watch your bills and credit report to detect identity
theft early
Chapter 9
Understanding
Computers, 11th Edition
41

Protecting Against Online Theft,
Fraud, and Other Dot Cons, Cont’d
Protecting against other dot cons
 Use common sense
 Check online auction seller’s feedback before
bidding
 Pay for online purchases via a credit card so
transactions can be disputed if needed
 Never respond to e-mail request for updated credit
card information
 Never click a link in an unsolicited e-mail
 Keep your browser and operating system up to
date
Chapter 9
Understanding
Computers, 11th Edition
42

Chapter 9
Computers, 11th Edition
Understanding
43
Protecting Against Online Theft,
Fraud, and Other Dot Cons, Cont’d
Protecting against spyware
 Check Web
sites that list
known spyware
programs
before
downloading a
program
 Run
antispyware
programs
regularly
Chapter 9
Understanding
Computers, 11th Edition

44
Protecting Against Online Theft,
Fraud, and Other Dot Cons, Cont’d
Digital signature: unique digital code that can be
attached to an e-mail message or document
 Can be used to verify the identity of the sender
 Can be used to guarantee the message or file has
not been changed
 Uses public key encryption
 Document is signed with the sender’s private
key; they key and the document create a
unique digital signature
 Signature is verified using the sender’s public
key
Chapter 9
Understanding
Computers, 11th Edition
45

Protecting Against Online Theft,
Fraud, and Other Dot Cons, Cont’d

Digital certificate: group of electronic data that can
be used to verify the identity of a person or
organization
 Obtained from a Certificate Authority
 Typically contains identity information about the
person or organization and a pair of keys to be
used with encryption and digital signatures
 Are also used with secure Web sites to guarantee
that the site is secure and actually belongs to the
stated individual or organization
Chapter 9
Computers, 11th Edition
Understanding
46
certificate
Chapter 9
Computers, 11th Edition
Understanding
47
Personal Safety Issues
Cyberstalking: repeated threats or harassing
behavior via e-mail or another Internet
communications method
 Can include:
 Sending harassing e-mail messages to the
victim
 Sending unwanted files to the victim
 Posting inappropriate messages about the
victim
 Signing the victim up for offensive materal
 Publicizing the
victim’s contact information
Chapter 9
Understanding
Computers, 11th Edition
48

Personal Safety Issues

Online pornography
 Concern for parents and schools
 Difficult to stop due to constitutional rights
 Online pornography involving minors is illegal
 Link between online pornography and child
molestation
 Internet can make it easier to arrange dangerous
meetings between predators and children
Chapter 9
Computers, 11th Edition
Understanding
49
Protecting Against Cyberstalking and
Other Personal Safety Concerns
Safety tips for adults
 Be cautious in chat rooms, discussion groups
 Use gender-neutral, nonprovocative names
 Do not reveal personal information
 Do not respond to insults or harassing comments
 Safety tips for children
 Parents should monitor Internet activities
 Have children use a PC in a family room
 They should be told which activities are allowed
 Instruct them to tell a parent of a request for personal
information or a personal
meeting
Chapter 9
Understanding
Computers, 11th Edition
50

Network and Internet Security
Legislation




It is difficult for the legal system to keep pace with
the rate at which technology changes
There are domestic and international jurisdictional
issues
Computer crime legislation continues to be
proposed and computer crimes are being
prosecuted
Computer Fraud and Abuse Act is the main piece
of legislation related to computer crimes
Chapter 9
Computers, 11th Edition
Understanding
51
Summary
Why Be Concerned about Network and Internet Security?
 Unauthorized Access, Unauthorized Use, and Computer
Sabotage
 Protecting Against Unauthorized Access, Unauthorized
Use, and Computer Sabotage
 Online Theft, Fraud, and Other Dot Cons
 Protecting Against Online Theft, Fraud, and Other Dot
Cons
 Personal Safety Issues
 Protecting Against Cyberstalking and Other Personal
Safety Concerns
Chapter 9
Understanding
 Network and Internet Security Legislation
Computers, 11th Edition
52

Related documents
The priorities of China`s Development in the Period of 11th Five
The priorities of China`s Development in the Period of 11th Five
Post Germany ww1 Article 231 War Guilt Clause
Post Germany ww1 Article 231 War Guilt Clause
climate action march & civil society summit
climate action march & civil society summit
1st Special Education School of Xanthi
1st Special Education School of Xanthi
infrastructure
infrastructure
Chinese Context and the Monitoring and Evaluation
Chinese Context and the Monitoring and Evaluation
Bonding and Nomenclature
Bonding and Nomenclature
Data Mining, Cookies, and Identity Theft
Data Mining, Cookies, and Identity Theft
Social Construction of Reality
Social Construction of Reality
the holocaust and the attack on america
the holocaust and the attack on america