Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Information security wikipedia , lookup
Trusted Computing wikipedia , lookup
Unix security wikipedia , lookup
Next-Generation Secure Computing Base wikipedia , lookup
Mobile security wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Wireless security wikipedia , lookup
Computer security wikipedia , lookup
Chapter 11: Computer Crime and Information Security Succeeding with Technology: Second Edition Objectives Describe the types of information that must be kept secure and the types of threats against them Describe five methods of keeping a PC safe and secure Discuss the threats and defenses unique to multiuser networks Succeeding with Technology 2 Objectives (continued) Discuss the threats and defenses unique to wireless networks Describe the threats posed by hackers, viruses, spyware, frauds, and scams, and the methods of defending against them Succeeding with Technology 3 Information Security and Vulnerability – What is at Stake? Identity theft The criminal act of using stolen information about a person to assume that person’s identity Intellectual property Product of the mind or intellect over which the owner holds legal entitlement Intellectual property rights Ownership and use of intellectual property such as software, music, movies, data, and information Succeeding with Technology 4 Succeeding with Technology 5 Succeeding with Technology 6 Succeeding with Technology 7 What is at Stake? (continued) Security threats to businesses Virus Insider abuse of Internet access Laptop theft Unauthorized access by insiders Denial-of-service attacks System penetration Theft of proprietary information Sabotage Succeeding with Technology 8 What is at Stake? (continued) Business intelligence Process of gathering and analyzing information in the pursuit of business advantage Competitive intelligence Form of business intelligence concerned with information about competitors Counterintelligence Concerned with protecting your own information from access by your competitors Succeeding with Technology 9 Succeeding with Technology 10 Threats to Information Security Security vulnerabilities or security holes Software bugs that allow violations of information security Software patches Corrections to software bugs that cause security holes Piracy The illegal copying, use, and distribution of digital intellectual property Plagiarism Taking credit for someone else’s intellectual property Succeeding with Technology 11 Succeeding with Technology 12 Succeeding with Technology 13 Threats to Information Security (continued) Hackers, crackers, intruders, and attackers Black-hat hacker White-hat hacker Gray-hat hacker Script kiddie Succeeding with Technology 14 Succeeding with Technology 15 Machine Level Security Common forms of authentication Something you know Password or personal identification number (PIN) Something you have ID cards, smartcards, badges, keys, Something about you Unique physical characteristics such as fingerprints Succeeding with Technology 16 Succeeding with Technology 17 Passwords Username Identifies a user to the computer system Password A combination of characters known only to the user that is used for authentication Strongest passwords Minimum of eight characters in length Do not include any known words or names Succeeding with Technology 18 Succeeding with Technology 19 Succeeding with Technology 20 ID Devices and Biometrics Biometrics The science and technology of authentication by scanning and measuring a person’s unique physical features Facial pattern recognition Uses mathematical technique to measure the distances between 128 points on the face Retinal scanning Analyzes the pattern of blood vessels at the back of the eye Succeeding with Technology 21 Succeeding with Technology 22 Encrypting Stored Data Encryption Uses high-level mathematical functions and computer algorithms to encode data Files Can be encrypted “on the fly” as they are being saved, and decrypted as they are opened Encryption and decryption Tend to slow down computer slightly when opening and saving files Succeeding with Technology 23 Backing Up Data and Systems Backup software typically provides the following options Select the files and folders you wish to back up. Choose the location to store the archive file. Choose whether to back up all files (a full backup), or Just those that have changed since the last backup (an incremental backup) Succeeding with Technology 24 Succeeding with Technology 25 System Maintenance Computer housecleaning Organizing the data files and software on your computer Housecleaning activities can include Deleting unneeded data files Organizing the remaining data files logically into folders and subfolders Emptying the recycle bin (Windows) or trash can (Mac) Deleting unneeded saved e-mail messages Succeeding with Technology 26 Network Security - Multiuser System Considerations Multiuser system Computer system where multiple users share access to resources such as file systems User permissions The access privileges afforded to each network user File ownership Files and Folders on the system must carry information that identifies their creator Succeeding with Technology 27 Succeeding with Technology 28 Succeeding with Technology 29 Interior Threats Threats from within a private network Problems that occur on networks Stem from allowing network users to introduce software and data files from outside the network Many instances of identity theft Occur with the assistance of insiders with corporate network access Succeeding with Technology 30 Security and Usage Policies Security and network usage policy Document, agreement, or contract that Defines acceptable and unacceptable uses of computer and network resources Typically warn against using the network for illegal activities Employers Not legally responsible for notifying employees of network usage policies Succeeding with Technology 31 Succeeding with Technology 32 Wireless Network Security Wireless networks Provide wonderful convenience Have security risks Wi-Fi networks The most popular wireless protocol Are popping up in offices, homes, on city streets, in airports, coffee shops, even in McDonalds Succeeding with Technology 33 Succeeding with Technology 34 Threats to Wireless Networks Access point Sends and receives signals to and from computers on the wireless local area network or WLAN By default, are set to broadcast their presence War driving Driving through neighborhoods with a wireless notebook or handheld computer looking for unsecured Wi-Fi networks Succeeding with Technology 35 Succeeding with Technology 36 Securing a Wireless Network Options within the configuration software Allow you to disable the access point’s broadcasting of the network ID, the SSID Change password used to connect to access point Access point can be set to only allow certain computers to connect Popular wireless encryption protocols Wired Equivalent Privacy (WEP) Wi-Fi Protected Access (WPA) Succeeding with Technology 37 Internet Security When a computer is connected to the Internet It becomes a target to millions of various attack Computer’s IP address Registered and known to others Attacks against Internet-connected computers Can come in the form of direct attacks or Through viruses, worms, or spyware Succeeding with Technology 38 Succeeding with Technology 39 Hackers on the Internet Methods of Attack Key-logging packet-sniffing Port-scanning Social engineering Dumpster diving Succeeding with Technology 40 Succeeding with Technology 41 Viruses and Worms Virus Program that attaches itself to a file Spreads to other files, and delivers a destructive action called a payload Trojan horses Appear to be harmless programs When they run, install programs on the computer that can be harmful Worm Acts as a free agent, replicating itself numerous times in an effort to overwhelm systems Succeeding with Technology 42 Succeeding with Technology 43 Spyware, Adware, and Zombies Spyware Software installed on a computer without user’s knowledge Zombie computer Carries out actions (often malicious) under the remote control of a hacker Antispyware Software that searches a computer for spyware and other software that may violate a user’s privacy Succeeding with Technology 44 Succeeding with Technology 45 Scams, Spam, Fraud, and Hoaxes Internet fraud Deliberately deceiving a person over the Internet in order to damage them Phishing scam Combines both spoofed e-mail and a spoofed Web site in order to Trick a person into providing private information Virus hoax E-mail that warns of a virus that does not exist Succeeding with Technology 46 Scams, Spam, Fraud, and Hoaxes (continued) Spam Unsolicited junk mail Solutions to spam Bayesian filters “Trusted sender” technology Reputation systems Interfaces for client-side tools Succeeding with Technology 47 Succeeding with Technology 48 Summary Total information security Securing all components of the global digital information infrastructure Fundamental security implemented at The individual machine level The point of entry to computers, computer networks, and the Internet Succeeding with Technology 49 Summary (continued) When a computer is connected to a network Security risks increase With wireless technologies Attacker no longer has to establish a wired connection to a network Attacks against Internet-connected computers may come in the form of Direct attacks by hackers (system penetration) or Through viruses, worms, or spyware Succeeding with Technology 50