chapter 8: computer security and privacy. 2 learning objectives explain why all computer users...
TRANSCRIPT
2
Learning Objectives Explain why all computer users should be
concerned about computer security. List some risks associated with hardware loss,
damage, and system failure, and understand ways to safeguard a PC against these risks.
Define software piracy and digital counterfeiting and explain how they may be prevented.
Explain what information privacy is and why computer users should be concerned about it.
3
Learning Objectives Describe some privacy concerns regarding
databases, electronic profiling, spam, and telemarketing, and identify ways individuals can protect their privacy.
Discuss several types of electronic surveillance and monitoring and list ways individuals can protect their privacy.
Discuss the status of security and privacy legislation.
4
Overview This chapter covers:
Why computer security is important Security concerns related to hardware loss and
damage and precautions that can be taken Security concerns on Internet and Network attacks
and precautions that can be taken A discussion of software piracy and digital
counterfeiting and steps to reduce the occurrence of them
Why information privacy is important Possible risks for personal privacy violations and
precautions to safeguard one’s privacy Discussion of legislation related to computer security
and privacy
5
Why Be Concerned About Computer Security?
There are a number of security concerns related to computers that users should be aware of, including: Having a PC stolen
Internet and Network Attacks
Losing important data
Losing contact lists
Pirated or counterfeited products
6
Hardware Loss, Damage, and System Failure
Hardware loss: Can occur when a portable PC, USB flash drive, mobile device, or other piece of hardware is stolen or lost by the owner
Hardware theft: One of the most obvious types of hardware loss Occurs when hardware is stolen from an individual or an
organization Hardware can be stolen from homes, businesses, cars, airports,
hotels, etc. Often for the value of the hardware, but increasingly for the
information that might be contained on the hardware C level attacks are growing
7
Hardware Loss, Damage, and System Failure
Hardware damage: Can be accidental or intentional
System failure: The complete malfunction of a computer system Can be due to a hardware problem, software
problem, or computer virus Can be due to a natural disaster or planned
attack
8
Protecting Against Hardware Loss, Damage, and System Failure
Use door and computer equipment locks Cable locks Security slots
9
Protecting Against Hardware Loss, Damage, and System Failure
Use encryption to protect data Increasingly used with USB flash drives,
notebook PCs, hard drives, etc. Full disk encryption (FDE): Everything on
storage medium is encrypted Self-encrypting hard drive: A hard drive using
FDE
10
Protecting Against Hardware Loss, Damage, and System Failure
Computer tracking software: Used to find a PC after it is lost or stolen Sends out identifying data via the Internet Law enforcement can use this data to recover the PC Most often used with PCs but also available for other
devices Kill switch: Software used to destroy sensitive data
on a stolen or lost PC Other precautions:
Alarm software, tamper evident labels, etc. Common sense
12
Protecting Against Hardware Loss, Damage, and System Failure
Proper hardware care: Needed to prevent damage Ruggedized PCs: Designed for more abuse than
conventional hardware
13
Protecting Against Hardware Loss, Damage, and System Failure
Surge suppressor: Protects hardware from damage due to electrical fluctuations
Uninterruptible power supply (UPS): Provides continuous power to a computer system for a period of time after the power goes off
14
Protecting Against Hardware Loss, Damage, and System Failure
Also: Watch dust, moisture,
static, heat, etc. Avoid head crash Stop USB devices
before removing Use screen protectors,
jewel cases, etc.
15
Protecting Against Hardware Loss, Damage, and System Failure
Backup and disaster recovery plans: Both businesses and individuals should use
appropriate backup procedures Continuous data protection (CDP): Enables data
backups to be made on a continual basis Backup media needs to be secured
Data storage companies store backup media at secure remote locations
Online backup is another possibility Disaster-recovery plan: Spells out what an
organization will do to prepare for and recover from a disruptive event
Hot sites
INTERNET & NETWORK ATTACKS Computer Viruses, worms and Trojan Horses Are classified as malware (malicious
software) Computer virus- potentially damaging
computer program that affects or infects a computer negatively by altering the way computer works without the user knowledge or permission. Once the virus infects the computer it can spread throughout and damage files, system software
INTERNET & NETWORK ATTACKS A worm - is a program that copies itself
repeatedly, for example in memory or on a network using up resources and possibly shutting down the computer or network
A Trojan Horse – is a program that hides within looks like legitimate program. A certain condition or action usually triggers the Trojan horse. A Trojan horse does not replicate itself to other computers
INTERNET & NETWORK ATTACKS Computer infected has one or more
following symptoms: Screen displays unusual message or image Music or unusual sound plays randomly Available memory is less than expected Existing programs and files disappear Files become corrupted Programs or files do not work properly Unknown programs or files mysteriously
appear System properties change
INTERNET & NETWORK ATTACKS Malware deliver their payload on a
computer in four basic ways: Opens an infected files Runs an infected program Boots the computer with infected removable
media inserted in a drive or plugged in a port Connects an unprotected computer to a
network
INTERNET & NETWORK ATTACKS Tips for preventing virus, worm and Trojan
horse (malware) infections: Never start a computer with removable media
inserted in the drives or plugged in the ports unless the media are uninfected
Never open an email attachment unless you are expecting it and it is from a trusted source. Turn off message preview
Set the macro security in programs so you can enable or disable macros. Enable macros only if the document is from a trusted source and you are expecting it
Install an antivirus program on all of your computers. Update the software regularly. Obtain updates to the virus signature files on a regular basis
Check all downloaded programs for viruses, worms, or Trojan horses. This malware often is placed in seemingly innocent programs, so it will affect a large number of users
If the antivirus program flags an e-mail attachment as infected, delete the attachment immediately
Before using any removable media, use the antivirus scan program to check the media for infection. Incorporate this procedure even for shrink-wrapped software from major developers. Some commercial software has been infected and distributed to unsuspecting users this way
Install a personal firewall program.
Tips for preventing virus, worm and Trojan horse (malware) infections:
22
Software Piracy and Digital Counterfeiting
Software piracy: Unauthorized copying of a computer program Widespread, global problem Occurs when:
Individuals make illegal copies of software to give to friends
Businesses or individuals install software on more than the number of computers allowed according to the end-user license agreement (EULA)
Sellers install unlicensed copies on PCs sold to consumers Large-scale operations in which programs and packaging
are illegally duplicated and sold as supposedly legitimate products
24
Software Piracy and Digital Counterfeiting
Digital counterfeiting: The use of computers to make illegal copies of currency, checks, collectibles, and other items Often scanned and printed or color-copied
25
Protection Against Software Piracy and Digital Counterfeiting
Protection against software piracy: Educating businesses and consumers Strengthening antipiracy laws Holograms: Printed text or images attached to
a product that change their appearance when the product is tilted
Mandatory product registration/activation Watching online auction sites/lawsuits
26
Protection Against Software Piracy and Digital Counterfeiting
Protecting against digital counterfeiting New currency designs
Microprinting, watermarks, security thread, etc. Special paper is used with U.S. currency
Identifying technology included in digital imaging hardware
Digital watermarks: Subtle alteration to a digital item that is not noticeable but that can be retrieved to identify the owner of the item
Also can use: Holograms, RFID tags, and other hard-to-reproduce
content
28
Why Be Concerned AboutInformation Privacy?
Privacy: State of being concealed or free from unauthorized intrusion
Information privacy: Rights of individuals and companies to control how information about them is collected and used
Computers add additional privacy challenges Many data breaches recently due to lost or stolen hardware,
carelessness with documents containing sensitive data, database breaches, etc.
Businesses need to be concerned with the expense, damage to reputation, and possible lawsuits
Web activity and e-mail privacy was discussed in Chapter 8; other privacy concerns are discussed next
29
Databases, Electronic Profiling, Spam, and Other Marketing Activities
Marketing database: Collection of data about people, used for marketing purposes Data obtained through online and offline purchases,
public information, etc. Beginning to be used in conjunction with Web activities
Government database: Collection of data about people, collected and maintained by the government Tax information, Social Security earnings, personal
health records, marriage and divorce information Some information is confidential, other is public
31
Databases, Electronic Profiling, Spam, and Other Marketing Activities
Electronic profiling Using electronic means to collect a variety of in-depth
information about an individual
32
Databases, Electronic Profiling, Spam, and Other Marketing Activities
Privacy policy: Discloses how information you provide will be used Included on many Web sites
33
Spam and Other Marketing Activities Spam: Unsolicited, bulk e-mail sent over the Internet
Often involves health-related products, fraudulent business opportunities, pornography, etc.
Ads from companies a person has done business with are also considered to be spam by many
Appearing via instant messaging (spim) Also delivered via mobile
phones and fax machines Spam legislation enacted
some regulations regarding spam
Other annoyances Pop-up ads Pop-under ads Telemarketing
34
Protecting the Privacy of Personal Information
Safeguard your e-mail address Use a throw-away e-mail address (an extra e-mail address that
you can use for activities that might result in spam) Get a second e-mail address from your ISP or from Hotmail,
Yahoo! Mail, or Gmail Can stop using it
and get a new one when needed
35
Protecting the Privacy of Personal Information
Be cautious of revealing personal information Read a Web site’s privacy
policy Can use privacy software,
such as the free Privacy Bird program
Do not supply personal information to people in chat rooms
36
Protecting the Privacy of Personal Information
Avoid putting too many personal details on your Web site
Be wary of sites offering prizes in exchange for personal information
Can use an anonymous Web browsing service, such as Anonymizer
Supply only the required information in registration forms
Delete your browsing history and e-mail settings when using a public computer
38
Protecting the Privacy of Personal Information
Use an e-mail filter to automatically route possible spam into a special folder to deal with later
39
Protecting the Privacy of Personal Information
Can opt out from marketing activities Some privacy groups want individuals to have to opt in
to activities instead Do Not Call Registry: Can reduce calls from
telemarketers Do Not E-Mail Registry: May be a possibility for the
future, but more difficult to implement Web servers holding sensitive data should be secured
Only enter personal information on Web sites using secure servers
Automatic encryption systems for e-mail can help sensitive data from accidentally being revealed
40
Protecting the Privacy of Personal Information
Properly dispose of hardware and outdated data Wipe (not just delete) data on
hard drives before disposing of a computer or hard drive
Storage media containing sensitive data should be shredded
Businesses should have a media sanitation/data destruction policy
41
Electronic Surveillance and Monitoring
Computer monitoring software: Used to record an individual’s computer usage either by capturing images of the screen or by recording the actual keystrokes used Can be used in homes by adults to monitor computer usage of
children or spouse Can be used in businesses to monitor employee computer
usage Keystroke-logging programs: Used to capture keystrokes
Can be used by hacker to capture usernames, passwords, and other sensitive information entered into a PC
Used by the government in criminal investigations
43
Electronic Surveillance and Monitoring
Video surveillance: The use of video cameras to monitor activities of individuals Used to monitor employees Used in public locations for crime-prevention
purposes Stores and other businesses Public streets Subways, airports, etc.
Can be used with face recognition software Privacy issues also involved with the use of
camera phones
45
Electronic Surveillance and Monitoring
Employee monitoring: Observing or reviewing employees’ actions while they are on the job
Can monitor computer usage Can monitor physical location
Video cameras GPS capabilities built into cars or mobile phones Proximity cards
Can also be used to access facility, computer, etc.
Businesses should notify
employees
46
Electronic Surveillance and Monitoring
Presence technology: Enables one computing device to locate and identify the current status of another device on the same network Instant messaging, mobile phones, etc. Can be used to locate coworkers or by customers May also be used
for marketing activities in the future
47
Protecting Personal andWorkspace Privacy
Can use antispyware software to detect if someone is monitoring your computer usage
Employers have a responsibility to keep employee and customer information private and secured
Employees should be familiar with their company’s employee policy and avoid personal activities at work
48
Computer Security andPrivacy Legislation
Difficult for legal system to keep pace with technology
Difficult to balance freedom of speech with privacy
50
Summary Why Be Concerned About Computer Security Hardware Loss, Damage, and System Failure Software Piracy and Digital Counterfeiting Why Be Concerned About Information Privacy Databases, Electronic Profiling, Spam, and Other
Marketing Activities Electronic Surveillance and Monitoring Computer Security and Privacy Legislation