chapter 4 computer ethics and security
TRANSCRIPT
4.0 Computer Ethics And Security
Chapter Four
4.1 Computer Ethics 4.1.1 Netiquette
4.1.2 Areas of computer ethics
4.2 Computer Security4.2.1 Computer Security Risks4.2.2 Security Measures
4.1 Computer Ethics4.1.1 Netiquette
Chapter Four
At the end of this topic, students should be able to:
a) Identify the rules of netiquette
– Netiquette, which is short for Internet etiquette.• Netiquette is the code of acceptable
behaviors users should follow while on the Internet; that is, it is the conduct expected of individuals while online.– Good netiquette involves respecting other’s
privacy and not doing anything online that will annoy or frustrate other people
Define Netiquette
3
Netiquette includes rules for all aspects of the Internet ,including; • World Wide Web• E-mail• Instant Messaging• Chat Rooms• File Transfer Protocol• Newsgroups and Message boards.
4
1. In e-mail, chat rooms, and newsgroups:
NETIQUETTE - Golden Rule: Treat others as you would like them to treat you.
Keep messages brief. Use proper grammar, spelling, and punctuation.
Be careful when using sarcasm and humor, as it might be misinterpreted.
Be polite. Avoid offensive language.Read the message before you send it.Be clear. Make sure subject lines (e-mail) or page title
(web page) reflects your contentAvoid sending or posting flames, which are abusive or
insulting messages. Do not participate in flame wars, which are exchanges of
flames.
5
Avoid sending spam, which is the Internet’s version of junk mail. Spam is an unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at once.
Do not use all capital letters, which is the equivalent of SHOUTING!
Clearly identify a spoiler , which is a message that reveals a solution to a game or ending to a movie or program
Use emoticons to express emotion. Popular emoticons include;
:) Smile :| Indifference :o Surprised :( Frown :\ Undecided Use abbreviations and acronyms for phrases: btw - by the way imho - in my humble opinion fyi - for your information ttfn - ta ta for now fwiw - for what it’s worth tyvm - thank you very much
6
2. Read the FAQ (frequently asked questions), if one exists. Many newsgroups and Web pages have an FAQ.
3. Do not assume material is accurate or up-to-date. Be forgiving of other’s mistakes.
4. Never read someone’s private e-mail.
7
At the end of this topic, students should be ableto:
b) Define computer ethics
c) Describe areas of computer ethics
Chapter Four
4.1 Computer Ethics4.1.2 Areas of computer ethics
What to cover?
1.
2.3.4.5.
Information accuracy
Green computing Codes of conduct Information privacyIntellectual property
9
Define computer ethics
• Computer ethics arethe moral guidelinesthat govern the use ofcomputers andinformation systems
Pages 581 – 582
Figure 11-28Discovering Computers : Chapter 11 310
Areas of computer ethics
1.
2.3.4.5.
Information accuracy
Green computing Codes of conduct Information privacyIntellectual property
411
Areas of computer ethics1. Information accuracy
Information Accuracy Concerned with assuring the authenticity and *fidelity of information, and identifying those responsible for informational errors that harm peopleInformation Systems Today (©2006 Prentice Hall)
Not all information on the web is correct
*Fidelity: accuracy; exactnessPages 581 – 582
Figure 11-28Discovering Computers : Chapter 11 512
2. Green Computing
• Green computing involves reducing the electricityand environmental waste while using a computer
Pages 583 – 584
Figure 11-306Discovering Computers : Chapter 11 13
3. Code of conduct
• An IT code of conduct is a written guideline that helpsdetermineunethical
whether a specific computer action is ethical or
Page 583
Figure 11-297Discovering Computers : Chapter 11 14
4. Information privacy
• Information privacy refers to the right ofindividuals and companies to deny or restrict thecollection and use of information about them
Huge databases store data online•• It is important to safeguard your information
Page 584 8Discovering Computers : Chapter 11 15
4. Information privacy
Page 584
Figure 11-31Discovering Computers : Chapter 11 916
4. Information privacy
• When you fill out aform, the merchant thatreceives the formusually enters it into adatabase
Many companies today allow people to specify whether they want their personal information distributed
•
Page 585
Figure 11-32Discovering Computers : Chapter 11 17
4. Information privacy
• A cookie is a small text file that a Web server stores onyour
Webcomputer
• sites use cookies for a variety of reasons:
online
advertisements
Pages 585 – 586 11Discovering Computers : Chapter 11
TargetTrack how often users visit a site
Assist with
shopping
Store users’passwords
Allow forpersonalization
18
4. Information privacy
Page 586
Figure 11-3312Discovering Computers : Chapter 11 19
4. Information privacy
• Spam is an unsolicitede-mail message ornewsgroup posting
E-mail filtering blocks e-mail messages from designated sourcesAnti-spam programs
•
•attempt to removespam before it reachesyour inbox
Page 587
Figure 11-34Discovering Computers : Chapter 11 1320
4. Information privacy
• Phishing is a scam inwhich a perpetrator sendsan official looking e-mailmessage that attempts toobtain your personal andfinancial information
Pharming is a scam where a perpetrator attempts to obtain your personal and financial information via spoofing
•
Pages 587 - 588
Figure 11-35Discovering Computers : Chapter 11 1421
5. Intellectual Property
• Intellectual Property (IP) - unique and original works(i.e ideas,inventions,art,writing,product,logos)
• Intellectual property rights are the rights to whichcreators are entitled for their work
Page 582 15Discovering Computers : Chapter 11 22
Importance of Intellectual PropertyThe importance of Intellectual Property ;●●
to protect the original creation from individuals.
to preserve features and process that make thing work ( inventor willtherefore benefits - get a profit , from their work)
previous CS015 Computer Security Risk slideshow23
Type of Intellectual PropertyA patent is an exclusive right granted for aninvention, which is a product or a process thatprovides a new way of doing something, or offersa new technical solution to a problem.
A trade mark is a sign which distinguishes the goods and services of one trader from those of another. A mark includes words, logos, pictures, names, letters, numbers or a combination of these.
A copyright exclusive rights given to author/artistfor their materials (literary works; musical works;artistic works; films; sound recordings;broadcasts; and derivative works)
http://www.myipo.gov.my/home24
At the end of this topic, students should be ableto:
a) Define computer security risks
c) Identify types computer security risks
Chapter Four
4.2 Computer Security4.2.1 Computer Security Risks
What to cover?
1.
2.3.4.5.6.
Malicious code (virus, worm, Trojan horse)
Unauthorized access
Hardware theft Software theft Information theftSystem failure
and use
1926
Computer Security Risks
• A computer security risk is any event or action that couldcause a loss of or damage to computer hardware,software, data, information, or processing capability
• A cybercrime is an online or Internet-based illegal act
Hackers Crackers Script Kiddies Corporate Spies
UnethicalEmployees Cyberextortionists Cyberterrorists
Pages 556 - 557 20Discovering Computers : Chapter 11 27
Types of Computer Security Risks
1.
2.3.4.5.6.
Malicious code (virus, worm, Trojan horse)
Unauthorized access
Hardware theft Software theft Information theftSystem failure
and use
2128
1. Malicious code
• Every unprotected computer is susceptible to the first typecomputer security risk
Computer viruses, worms, Trojan horses, and rootkits are classified as malware (short for malicious software).
of
•• Malware - program that act without user's knowledge and
deliberately alter the computer's operation.
2229
1. Malicious codeType of Malicious code
ComputerVirus
Affects a computer negatively by altering the way the computer works
Worm Trojan Horse Rootkit
• • Copies itselfrepeatedly,using upresourcesand possiblyshuttingdown the
• A maliciousprogram thathides withinor looks likea legitimateprogram
• Program thathides in acomputerand allowssomeonefrom aremote
computernetwork
or locationtake fullcontrol
to
Page 558 23Discovering Computers : Chapter 11 30
1. Malicious code
• An infected computerfollowing symptoms:
has one or more of the
Operating systemruns much slower
than usual
Available memoryis less thanexpected
Screen displaysunusual message
or image
Files becomecorrupted
Unknownprograms or
filesmysteriously
appear
Music or unusualsound plays
randomly
Programs or filesdo not work
properly
Existing programsand files disappear
Operating systemshuts down
unexpectedly
System propertieschange
Operating systemdoes not start up
Pages 558 - 559 24Discovering Computers : Chapter 11 31
1. Malicious code
Page 559
Figure 11-325Discovering Computers : Chapter 11 32
1. Malicious code
• Users can take severalprecautions to protecttheir home and workcomputers and mobiledevices from thesemalicious infections
Page 560 – 561
Figure 11-7Discovering Computers : Chapter 11 2633
1. Malicious codeOther Types of Malicious code
• A botnet is a group of compromised computers connected to anetwork– A compromised computer is known as a zombie
A denial of service attack (DoS attack) disrupts computer accessInternet services– Distributed DoS (DDoS)
A back door is a program or set of instructions in a program that allow users to bypass security controlsSpoofing is a technique intruders use to make their network or
• to
•
•Internet transmission appear legitimate
Pages 562 - 563 27Discovering Computers : Chapter 11 34
2. Unauthorized Access and Use
Unauthorized access is Unauthorized use is thethe use of a computer
network withoutpermission
or use of a computer or itsdata for unapproved orpossibly illegal activities
Page 564 28Discovering Computers : Chapter 11 35
2. Unauthorized Access and Use
• Organizations takeseveral measures tohelp preventunauthorized accessand use––
Acceptable use policy
Disable file and printer sharingFirewalls–
– Intrusionsoftware
detection
Page 565
Figure 11-10Discovering Computers : Chapter 11 2936
2. Unauthorized Access and Use
• Access controls define who can access acomputer, when they can access it, and whatactions they can take– Two-phase processes
authentication
User name Password PassphraseCAPTCHA
called identification and
––––
Pages 565 – 567
Figure 11-1130Discovering Computers : Chapter 11 37
2. Unauthorized Access and Use
• •A possessed object is anyitem that you must carry togain access to a computer
A biometric deviceauthenticates a person’sidentity by translating apersonal characteristic intoa digital code that iscompared with a digital
or–
computer facilityOften are used in combination with a personal identification number (PIN) code in a computer
Page 568
Figure 11-14Discovering Computers : Chapter 11 3138
2. Unauthorized Access and Use
• Digital forensics is the discovery, collection, andanalysis of evidence found on computersnetworks
and
• Many areas use
Lawenforcement
digital forensics
Criminalprosecutors
Militaryintelligence
Informationsecurity
departments
Insuranceagencies
Page 569 32Discovering Computers :Chapter 11 39
3. Hardware Theft and Vandalism
Hardware vandalismis the act of defacing
or destroyingcomputer
equipment
Hardware theft is theact of stealing
computer equipment
Page 570 33Discovering Computers : Chapter 11 40
3. Hardware Theft and Vandalism
• To help reduce the of chances of theft, companiesand schools use a variety of security measures
Cables to lockequipmentPhysical access controls Alarm systems
Real time locationsystem
Passwords, possessedObjects (i.e: Matric cards) , and biometrics
Page 570
Figure 11-1534Discovering Computers : Chapter 11 41
4. Software Theft
• Software theft occurs when someone:
Steals softwaremedia
Intentionallyerases programs
Illegallyregisters and/oractivates aprogram
Illegally copies aprogram
Page 571 35Discovering Computers : Chapter 11 42
4. Software Theft
• A single-user license agreementfollowing conditions:
typically contains the
Permitted to
•
••
Install the software on one computer
Make one copy of the softwareRemove the software from your computer before giving it away or selling it
Not permitted to
•
•••
Install the software on a network
Give copies to friends or colleagues while continuing to use the softwareExport the softwareRent or lease the software
Page 571 36Discovering Computers : Chapter 11 43
4. Software Theft
• Copying, loaning,borrowing, renting, ordistributing softwarecan be a violation ofcopyright law
Some software requires product activation to function fully
•
Pages 571 – 572
Figure 11-16Discovering Computers : Chapter 11 3744
5. Information Theft
• Information theft occurs when someone steals personalor confidential information
Encryption is a process of converting readable data intounreadable characters to prevent unauthorized access
•
• Decryption is a process of converting from unreadablecharacters into readable form of data
Pages 572 - 573
Figure 11-1738Discovering Computers : Chapter 11 45
5. Information Theft
Page 573
Figure 11-1839Discovering Computers : Chapter 11 46
5. Information Theft
• A digital signature is an encrypted code that aperson, Web site, or organization attaches to anelectronic message to verify the identity of thesender– Often used to ensure that an impostor is not
participating in an Internet transaction
• Web browserstechniques
and Web sites use encryption
Page 574 40Discovering Computers : Chapter 11 47
5. Information Theft
• Popular security techniques include
DigitalCertificate
s
Transport LayerSecurity (TLS)
Secure HTTP VPN
Pages 574 - 575 41Discovering Computers : Chapter 11 48
5. Information Theft
Pages 574 - 575
Figures 11-19 – 11-2042Discovering Computers : Chapter 11 49
6. System Failure
• A system failure is the prolonged malfunctioncomputer
of a
• A variety of factors can leadincluding:
to system failure,
–––
Aging hardware
Natural disastersElectrical power problems
• Noise, undervoltages, and overvoltages–
Page 575
Errors in computer programs
Discovering Computers : Chapter 11
4350
6. System Failure
• Two ways to protect from system failures causedby electrical power variations include surgeprotectors(UPS)
and uninterruptable power supplies
Page 576
Figures 11-21 – 11-2251Discovering Computers : Chapter 11 51
At the end of this topic, students should be ableto:
Identify different ways to overcome security risks
Chapter Four
4.2 Computer Security4.2.2 Security Measures
What to cover?
1.
2.3.4.5.6.7.8.
Data backupCryptographyAnti-virus Anti-spyware FirewallPhysical access controlHuman aspects : awareness,
Related security risks with its measure
4653
Howto safeguards a computerALL OF THE ABOVE ?Common Security Risk ;#1 Internet & Network Attacks#2 Unauthorized Access & Use#3 Theft (Hardware/Software/Information)#4 System Failure
from ..
Chapter 11 - Manage Computing Securely. Safely and Ethically page 57754
1. Data backup
• A backup is a duplicate of a file, program, or diskthat can be used if the original is lost, damaged,or destroyed– To back up a file means to make a copy of it
separate
• Offsite backups are storedsite
in a locationfrom the computer
CloudStorage
Page 577 48Discovering Computers : Chapter 11 55
How to safeguards from a computer system failure?
Chapter 11 - Manage Computing Securely. Safely and Ethically page 57056
● to protect against electrical powervariations, use
■ surge protector (also called surge- protector)
● uses special electrical components to ;○ stabilize current flow, and keep
out overvoltage from reaching computer/electronic equipment.
■ uninterruptable power supply (UPS)● a device that contains surge protection
circuit and a batteries - that provide temporary power during loss of power.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 57157
Howto safeguards a computerfrom ..Hardware,Theft
Software, Information
Chapter 11 - Manage Computing Securely. Safely and Ethically page 57058
2. Cryptography
● to protect information on the Internet andnetworks, organizations and individuals use avariety of encryption techniques.○ encryption - converting readable data (plaintext)
into unreadable characters (ciphertext), preventing unauthorized access.
○ decryption - converting unreadable data(ciphertext) to its original state/data (plaintext)
○ the study of encryption and decryption process (to promote a secure communication) is often known as a cryptography. 5259
How to safeguards a computer from viruses?
Chapter 11 - Manage Computing Securely. Safely and Ethically page 56060
3. Anti virus● by using any antivirus program, user can safeguards a
computer system from viruses and other malware.
Antivirus program - a program that protects computer against viruses by identifying and removing any computer
●
viruses found in memory, onfiles.
storage media or on incoming
● Popular antivirus program ;○○○○○
Kaspersky Anti-Virus
avast! antivirus CA Anti-Virus McAfee VirusScanAVG Anti-Virus
Chapter 11 - Manage Computing Securely. Safely and Ethically page 56061
4. Firewall
• A firewall is hardware and/or software thatprotects a network’s resources from intrusion
Pages 563 - 564
Figure 11-8Discovering Computers : Chapter 11 62
Intrusion detection software
•
•••
Analyzes all network traffic
Assesses system vulnerabilitiesIdentifies any unauthorized intrusionsNotifies network administrators of suspiciouspatterns or system breaches
behavior
Honeypot
• Vulnerable computer that is set up to entice an intruder
tobreak into it
Page 564 56Discovering Computers : Chapter 11 63
4. Firewall
5. Physical access controls
● using physical access controls such as ;
○ locked doors and windowsinstalling alarm systems for additional security.attach physical security devices such as cables that
○ equipment to desk.
●● lock
○ mobile computer to a stationary object.
57Chapter 11 - Manage Computing Securely. Safely and Ethically page 570
64
● to protect software media frombeing stolen owners should keep ..○ original software boxes and media in
secure location (i.e media cabinets with lock).
to protect from software piracy,software manufacturers should ..○ issue users license agreement,
●
■ the right to use the software
● (single user license/end-user license agreement)
Chapter 11 - Manage Computing Securely. Safely and Ethically page 57165
5. Physical access controls
6. Human Aspect : Awareness
● expose employees or staff to computer securitythrough continuously security training, courses.
make a systematic routine check to update (security patches, virus definition,other malicious code) a computer system - early preventing a threat/risks.
●
● proper handling of computer and information
59previous CS015 Computer Security Risk slideshow
66
How to safeguards a computer from Unauthorised access and use
Chapter 11 - Manage Computing Securely. Safely and Ethically page 56567
Safeguards against Unauthorized Access and Use
● organizations should use access control to minimize thechance of a perpetrator intentionally accessing confidentialinformation on a computer.
Access control - a security measure that defines who can access computer, what actions they can take while accessing the computer.Two-phases process in implementing access-control is ;
○ identification ,
●
●
■ process to verifies the validity of a user.
○ authentication■ process to verifies the individual is the person he or she claims to be.
Chapter 11 - Manage Computing Securely. Safely and Ethically page 56568
Safeguards against Unauthorized Access and use
● Identification and Authentication Methods
○ user name○ password
User name or user ID (identification), is a unique combination of characters (alphanumeric) that identifies specific user.
●one
● Password, private combination of characters associatedthe user name that allow access to certain computerresources.
with
Chapter 11 - Manage Computing Securely. Safely and Ethically page 56669
Security Risk Recommended Security Measure/ steps
Malicious code (Virus, Worm, Trojan)
Anti-virusAnti-spywareFirewallHuman aspect awareness
Unauthorized access and use Physical access controlHuman aspect awareness
Hardware theft Physical access awareness
Software theft Physical access awarenessHuman aspect awareness
Information theft CryptographyPhysical access controlAnti- virusAnti-spyware
System failure Data backupSchedule maintenance
Summary of recommended security measure for various security risk
70