chapter 4 computer ethics and security

4.0 Computer Ethics And Security

Chapter Four

4.1 Computer Ethics 4.1.1 Netiquette

4.1.2 Areas of computer ethics

4.2 Computer Security4.2.1 Computer Security Risks4.2.2 Security Measures

4.1 Computer Ethics4.1.1 Netiquette

Chapter Four

At the end of this topic, students should be able to:

a) Identify the rules of netiquette

– Netiquette, which is short for Internet etiquette.• Netiquette is the code of acceptable

behaviors users should follow while on the Internet; that is, it is the conduct expected of individuals while online.– Good netiquette involves respecting other’s

privacy and not doing anything online that will annoy or frustrate other people

Define Netiquette

3

Netiquette includes rules for all aspects of the Internet ,including; • World Wide Web• E-mail• Instant Messaging• Chat Rooms• File Transfer Protocol• Newsgroups and Message boards.

4

1. In e-mail, chat rooms, and newsgroups:

NETIQUETTE - Golden Rule: Treat others as you would like them to treat you.

Keep messages brief. Use proper grammar, spelling, and punctuation.

Be careful when using sarcasm and humor, as it might be misinterpreted.

Be polite. Avoid offensive language.Read the message before you send it.Be clear. Make sure subject lines (e-mail) or page title

(web page) reflects your contentAvoid sending or posting flames, which are abusive or

insulting messages. Do not participate in flame wars, which are exchanges of

flames.

5

Avoid sending spam, which is the Internet’s version of junk mail. Spam is an unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at once.

Do not use all capital letters, which is the equivalent of SHOUTING!

Clearly identify a spoiler , which is a message that reveals a solution to a game or ending to a movie or program

Use emoticons to express emotion. Popular emoticons include;

:) Smile :| Indifference :o Surprised :( Frown :\ Undecided Use abbreviations and acronyms for phrases: btw - by the way imho - in my humble opinion fyi - for your information ttfn - ta ta for now fwiw - for what it’s worth tyvm - thank you very much

6

2. Read the FAQ (frequently asked questions), if one exists. Many newsgroups and Web pages have an FAQ.

3. Do not assume material is accurate or up-to-date. Be forgiving of other’s mistakes.

4. Never read someone’s private e-mail.

7

At the end of this topic, students should be ableto:

b) Define computer ethics

c) Describe areas of computer ethics

Chapter Four

4.1 Computer Ethics4.1.2 Areas of computer ethics

What to cover?

1.

2.3.4.5.

Information accuracy

Green computing Codes of conduct Information privacyIntellectual property

9

Define computer ethics

• Computer ethics arethe moral guidelinesthat govern the use ofcomputers andinformation systems

Pages 581 – 582

Figure 11-28Discovering Computers : Chapter 11 310

Areas of computer ethics

1.

2.3.4.5.

Information accuracy

Green computing Codes of conduct Information privacyIntellectual property

411

Areas of computer ethics1. Information accuracy

Information Accuracy Concerned with assuring the authenticity and *fidelity of information, and identifying those responsible for informational errors that harm peopleInformation Systems Today (©2006 Prentice Hall)

Not all information on the web is correct

*Fidelity: accuracy; exactnessPages 581 – 582


2. Green Computing

• Green computing involves reducing the electricityand environmental waste while using a computer

Pages 583 – 584


3. Code of conduct

• An IT code of conduct is a written guideline that helpsdetermineunethical

whether a specific computer action is ethical or

Page 583


4. Information privacy

• Information privacy refers to the right ofindividuals and companies to deny or restrict thecollection and use of information about them

Huge databases store data online•• It is important to safeguard your information

Page 584 8Discovering Computers : Chapter 11 15


Page 584



• When you fill out aform, the merchant thatreceives the formusually enters it into adatabase

Many companies today allow people to specify whether they want their personal information distributed

•

Page 585



• A cookie is a small text file that a Web server stores onyour

Webcomputer

• sites use cookies for a variety of reasons:

online

advertisements

Pages 585 – 586 11Discovering Computers : Chapter 11

TargetTrack how often users visit a site

Assist with

shopping

Store users’passwords

Allow forpersonalization

18


Page 586



• Spam is an unsolicitede-mail message ornewsgroup posting

E-mail filtering blocks e-mail messages from designated sourcesAnti-spam programs

•

•attempt to removespam before it reachesyour inbox

Page 587



• Phishing is a scam inwhich a perpetrator sendsan official looking e-mailmessage that attempts toobtain your personal andfinancial information

Pharming is a scam where a perpetrator attempts to obtain your personal and financial information via spoofing

•

Pages 587 - 588


5. Intellectual Property

• Intellectual Property (IP) - unique and original works(i.e ideas,inventions,art,writing,product,logos)

• Intellectual property rights are the rights to whichcreators are entitled for their work


Importance of Intellectual PropertyThe importance of Intellectual Property ;●●

to protect the original creation from individuals.

to preserve features and process that make thing work ( inventor willtherefore benefits - get a profit , from their work)

previous CS015 Computer Security Risk slideshow23

Type of Intellectual PropertyA patent is an exclusive right granted for aninvention, which is a product or a process thatprovides a new way of doing something, or offersa new technical solution to a problem.

A trade mark is a sign which distinguishes the goods and services of one trader from those of another. A mark includes words, logos, pictures, names, letters, numbers or a combination of these.

A copyright exclusive rights given to author/artistfor their materials (literary works; musical works;artistic works; films; sound recordings;broadcasts; and derivative works)

http://www.myipo.gov.my/home24

http://www.myipo.gov.my/home



















a) Define computer security risks

c) Identify types computer security risks

Chapter Four

4.2 Computer Security4.2.1 Computer Security Risks

What to cover?

1.

2.3.4.5.6.

Malicious code (virus, worm, Trojan horse)

Unauthorized access

Hardware theft Software theft Information theftSystem failure

and use

1926

Computer Security Risks

• A computer security risk is any event or action that couldcause a loss of or damage to computer hardware,software, data, information, or processing capability

• A cybercrime is an online or Internet-based illegal act

Hackers Crackers Script Kiddies Corporate Spies

UnethicalEmployees Cyberextortionists Cyberterrorists

Pages 556 - 557 20Discovering Computers : Chapter 11 27

Types of Computer Security Risks

1.

2.3.4.5.6.

Malicious code (virus, worm, Trojan horse)

Unauthorized access

Hardware theft Software theft Information theftSystem failure

and use

2128

1. Malicious code

• Every unprotected computer is susceptible to the first typecomputer security risk

Computer viruses, worms, Trojan horses, and rootkits are classified as malware (short for malicious software).

of

•• Malware - program that act without user's knowledge and

deliberately alter the computer's operation.

2229

1. Malicious codeType of Malicious code

ComputerVirus

Affects a computer negatively by altering the way the computer works

Worm Trojan Horse Rootkit

• • Copies itselfrepeatedly,using upresourcesand possiblyshuttingdown the

• A maliciousprogram thathides withinor looks likea legitimateprogram

• Program thathides in acomputerand allowssomeonefrom aremote

computernetwork

or locationtake fullcontrol

to


1. Malicious code

• An infected computerfollowing symptoms:

has one or more of the

Operating systemruns much slower

than usual

Available memoryis less thanexpected

Screen displaysunusual message

or image

Files becomecorrupted

Unknownprograms or

filesmysteriously

appear

Music or unusualsound plays

randomly

Programs or filesdo not work

properly

Existing programsand files disappear

Operating systemshuts down

unexpectedly

System propertieschange

Operating systemdoes not start up


1. Malicious code

Page 559


1. Malicious code

• Users can take severalprecautions to protecttheir home and workcomputers and mobiledevices from thesemalicious infections

Page 560 – 561


1. Malicious codeOther Types of Malicious code

• A botnet is a group of compromised computers connected to anetwork– A compromised computer is known as a zombie

A denial of service attack (DoS attack) disrupts computer accessInternet services– Distributed DoS (DDoS)

A back door is a program or set of instructions in a program that allow users to bypass security controlsSpoofing is a technique intruders use to make their network or

• to

•

•Internet transmission appear legitimate


2. Unauthorized Access and Use

Unauthorized access is Unauthorized use is thethe use of a computer

network withoutpermission

or use of a computer or itsdata for unapproved orpossibly illegal activities



• Organizations takeseveral measures tohelp preventunauthorized accessand use––

Acceptable use policy

Disable file and printer sharingFirewalls–

– Intrusionsoftware

detection

Page 565



• Access controls define who can access acomputer, when they can access it, and whatactions they can take– Two-phase processes

authentication

User name Password PassphraseCAPTCHA

called identification and

––––

Pages 565 – 567



• •A possessed object is anyitem that you must carry togain access to a computer

A biometric deviceauthenticates a person’sidentity by translating apersonal characteristic intoa digital code that iscompared with a digital

or–

computer facilityOften are used in combination with a personal identification number (PIN) code in a computer

Page 568



• Digital forensics is the discovery, collection, andanalysis of evidence found on computersnetworks

and

• Many areas use

Lawenforcement

digital forensics

Criminalprosecutors

Militaryintelligence

Informationsecurity

departments

Insuranceagencies

Page 569 32Discovering Computers :Chapter 11 39

3. Hardware Theft and Vandalism

Hardware vandalismis the act of defacing

or destroyingcomputer

equipment

Hardware theft is theact of stealing

computer equipment


3. Hardware Theft and Vandalism

• To help reduce the of chances of theft, companiesand schools use a variety of security measures

Cables to lockequipmentPhysical access controls Alarm systems

Real time locationsystem

Passwords, possessedObjects (i.e: Matric cards) , and biometrics

Page 570


4. Software Theft

• Software theft occurs when someone:

Steals softwaremedia

Intentionallyerases programs

Illegallyregisters and/oractivates aprogram

Illegally copies aprogram


4. Software Theft

• A single-user license agreementfollowing conditions:

typically contains the

Permitted to

•

••

Install the software on one computer

Make one copy of the softwareRemove the software from your computer before giving it away or selling it

Not permitted to

•

•••

Install the software on a network

Give copies to friends or colleagues while continuing to use the softwareExport the softwareRent or lease the software


4. Software Theft

• Copying, loaning,borrowing, renting, ordistributing softwarecan be a violation ofcopyright law

Some software requires product activation to function fully

•

Pages 571 – 572


5. Information Theft

• Information theft occurs when someone steals personalor confidential information

Encryption is a process of converting readable data intounreadable characters to prevent unauthorized access

•

• Decryption is a process of converting from unreadablecharacters into readable form of data

Pages 572 - 573



Page 573



• A digital signature is an encrypted code that aperson, Web site, or organization attaches to anelectronic message to verify the identity of thesender– Often used to ensure that an impostor is not

participating in an Internet transaction

• Web browserstechniques

and Web sites use encryption



• Popular security techniques include

DigitalCertificate

s

Transport LayerSecurity (TLS)

Secure HTTP VPN



Pages 574 - 575

Figures 11-19 – 11-2042Discovering Computers : Chapter 11 49

6. System Failure

• A system failure is the prolonged malfunctioncomputer

of a

• A variety of factors can leadincluding:

to system failure,

–––

Aging hardware

Natural disastersElectrical power problems

• Noise, undervoltages, and overvoltages–

Page 575

Errors in computer programs

Discovering Computers : Chapter 11

4350

6. System Failure

• Two ways to protect from system failures causedby electrical power variations include surgeprotectors(UPS)

and uninterruptable power supplies

Page 576

Figures 11-21 – 11-2251Discovering Computers : Chapter 11 51


Identify different ways to overcome security risks

Chapter Four

4.2 Computer Security4.2.2 Security Measures

What to cover?

1.

2.3.4.5.6.7.8.

Data backupCryptographyAnti-virus Anti-spyware FirewallPhysical access controlHuman aspects : awareness,

Related security risks with its measure

4653

Howto safeguards a computerALL OF THE ABOVE ?Common Security Risk ;#1 Internet & Network Attacks#2 Unauthorized Access & Use#3 Theft (Hardware/Software/Information)#4 System Failure

from ..

Chapter 11 - Manage Computing Securely. Safely and Ethically page 57754

1. Data backup

• A backup is a duplicate of a file, program, or diskthat can be used if the original is lost, damaged,or destroyed– To back up a file means to make a copy of it

separate

• Offsite backups are storedsite

in a locationfrom the computer

CloudStorage


How to safeguards from a computer system failure?


● to protect against electrical powervariations, use

■ surge protector (also called surge- protector)

● uses special electrical components to ;○ stabilize current flow, and keep

out overvoltage from reaching computer/electronic equipment.

■ uninterruptable power supply (UPS)● a device that contains surge protection

circuit and a batteries - that provide temporary power during loss of power.


Howto safeguards a computerfrom ..Hardware,Theft

Software, Information


2. Cryptography

● to protect information on the Internet andnetworks, organizations and individuals use avariety of encryption techniques.○ encryption - converting readable data (plaintext)

into unreadable characters (ciphertext), preventing unauthorized access.

○ decryption - converting unreadable data(ciphertext) to its original state/data (plaintext)

○ the study of encryption and decryption process (to promote a secure communication) is often known as a cryptography. 5259

How to safeguards a computer from viruses?


3. Anti virus● by using any antivirus program, user can safeguards a

computer system from viruses and other malware.

Antivirus program - a program that protects computer against viruses by identifying and removing any computer

●

viruses found in memory, onfiles.

storage media or on incoming

● Popular antivirus program ;○○○○○

Kaspersky Anti-Virus

avast! antivirus CA Anti-Virus McAfee VirusScanAVG Anti-Virus


4. Firewall

• A firewall is hardware and/or software thatprotects a network’s resources from intrusion

Pages 563 - 564


Intrusion detection software

•

•••

Analyzes all network traffic

Assesses system vulnerabilitiesIdentifies any unauthorized intrusionsNotifies network administrators of suspiciouspatterns or system breaches

behavior

Honeypot

• Vulnerable computer that is set up to entice an intruder

tobreak into it


4. Firewall

5. Physical access controls

● using physical access controls such as ;

○ locked doors and windowsinstalling alarm systems for additional security.attach physical security devices such as cables that

○ equipment to desk.

●● lock

○ mobile computer to a stationary object.

57Chapter 11 - Manage Computing Securely. Safely and Ethically page 570

64

● to protect software media frombeing stolen owners should keep ..○ original software boxes and media in

secure location (i.e media cabinets with lock).

to protect from software piracy,software manufacturers should ..○ issue users license agreement,

●

■ the right to use the software

● (single user license/end-user license agreement)


5. Physical access controls

6. Human Aspect : Awareness

● expose employees or staff to computer securitythrough continuously security training, courses.

make a systematic routine check to update (security patches, virus definition,other malicious code) a computer system - early preventing a threat/risks.

●

● proper handling of computer and information

59previous CS015 Computer Security Risk slideshow

66

How to safeguards a computer from Unauthorised access and use


Safeguards against Unauthorized Access and Use

● organizations should use access control to minimize thechance of a perpetrator intentionally accessing confidentialinformation on a computer.

Access control - a security measure that defines who can access computer, what actions they can take while accessing the computer.Two-phases process in implementing access-control is ;

○ identification ,

●

●

■ process to verifies the validity of a user.

○ authentication■ process to verifies the individual is the person he or she claims to be.


Safeguards against Unauthorized Access and use

● Identification and Authentication Methods

○ user name○ password

User name or user ID (identification), is a unique combination of characters (alphanumeric) that identifies specific user.

●one

● Password, private combination of characters associatedthe user name that allow access to certain computerresources.

with


Security Risk Recommended Security Measure/ steps

Malicious code (Virus, Worm, Trojan)

Anti-virusAnti-spywareFirewallHuman aspect awareness

Unauthorized access and use Physical access controlHuman aspect awareness

Hardware theft Physical access awareness

Software theft Physical access awarenessHuman aspect awareness

Information theft CryptographyPhysical access controlAnti- virusAnti-spyware

System failure Data backupSchedule maintenance

Summary of recommended security measure for various security risk

70

chapter 4 computer ethics and security

Education