Chapter 6 Network and Internet Security and Privacy

Transcription

1 Chapter 6 Network and Internet Security and Privacy Learning Objectives LO6.1: Explain network and Internet security concerns LO6.2: Identify online threats LO6.3: Describe cyberstalking and other personal safety concerns LO6.4: Assess personal computer security LO6.5: Identify privacy concerns LO6.6: Discuss current network and Internet security legislation CMPTR Chapter 6: Network and Internet Security and Privacy 2 1

2 LO6.1: Understanding Security Concerns Computer crime or cybercrime includes any illegal act involving a computer. Cybercrime is a multibillion-dollar business that is often conducted by seasoned criminals. All computer users should be aware of the security concerns surrounding computer network and Internet use, and they should take appropriate precautions. CMPTR Chapter 6: Network and Internet Security and Privacy 3 LO6.1: Understanding Security Concerns Topics Covered: Unauthorized Access and Unauthorized Use Hacking War Driving and Wi-FI Piggybacking Interception of Communications CMPTR Chapter 6: Network and Internet Security and Privacy 4 2

3 Unauthorized Access and Unauthorized Use Unauthorized access occurs whenever an individual gains access to a computer, network, file, or other resource without permission typically by hacking into the resource. Unauthorized use involves using a computer resource for unauthorized activities. To explain acceptable computer use to their employees, students, or other users, many organizations and educational institutions publish guidelines for behavior, often called codes of conduct. CMPTR Chapter 6: Network and Internet Security and Privacy 5 Hacking Hacking refers to the act of breaking into a computer or network. The increased number of systems controlled by computers and connected to the Internet, along with the continually improving abilities of hackers and the increasing availability of sets of tools that allow hackers to access a system, has led to an increased risk of cyberterrorism where terrorists launch attacks via the Internet. CMPTR Chapter 6: Network and Internet Security and Privacy 6 3

4 War Driving and Wi-Fi Piggybacking War driving typically involves driving in a car with a portable computer looking for unsecured Wi-Fi networks to connect to. Wi-Fi piggybacking refers to accessing someone else s unsecured Wi-Fi network from the hacker s current location CMPTR Chapter 6: Network and Internet Security and Privacy 7 Interception of Communications Instead of accessing data stored on a computer via hacking, some criminals gain unauthorized access to data, files, messages, VoIP calls, and other content as it is being sent over the Internet. A new trend is criminals intercepting credit and debit card information during the card verification process; that is, intercepting the data from a card in real time as a purchase is being authorized. CMPTR Chapter 6: Network and Internet Security and Privacy 8 4

5 LO6.2: Online Threats Topics Covered: Botnets Computer Viruses and Other Types of Malware Denial of Service (DoS) Attacks Data, Program, or Web Site Alteration Online Theft, Online Fraud, and Other Dot Cons Theft of Data, Information, and Other Resources Identity Theft, Phishing, and Pharming Protecting Against Identity Theft Online Auction Fraud and Other Internet Scams CMPTR Chapter 6: Network and Internet Security and Privacy 9 Botnets A computer that is controlled by a hacker or other computer criminal is referred to as a bot or zombie computer. A group of bots that are controlled by one individual and can work together in a coordinated fashion is called a botnet. According to the FBI, an estimated one million U.S. computers are currently part of a botnet. CMPTR Chapter 6: Network and Internet Security and Privacy 10 5

6 Computer Viruses and Other Types of Malware Malware is a generic term that refers to any type of malicious software. Virus:a program installed without the user s knowledge and designed to alter the way a computer operates or to cause harm to the computer system. CMPTR Chapter 6: Network and Internet Security and Privacy 11 Computer Viruses and Other Types of Malware CMPTR Chapter 6: Network and Internet Security and Privacy 12 6

7 Computer Viruses and Other Types of Malware Like a computer virus, a computer worm is a malicious program that is typically designed to cause damage. A Trojan horse is a type of malware that masquerades as something else usually an application program. CMPTR Chapter 6: Network and Internet Security and Privacy 13 Computer Viruses and Other Types of Malware CMPTR Chapter 6: Network and Internet Security and Privacy 14 7

8 Denial of Service (DoS) Attacks A denial of service (DoS) attack is an act of sabotage that attempts to flood a network server or Web server with so many requests for action that it shuts down or simply cannot handle legitimate requests any longer, causing legitimate users to be denied service. CMPTR Chapter 6: Network and Internet Security and Privacy 15 Denial of Service (DoS) Attacks DoS attacks today are often directed toward popular sites and typically are carried out via multiple computers. This is known as a distributed denial of service (DDoS) attack. CMPTR Chapter 6: Network and Internet Security and Privacy 16 8

9 Data, Program, or Web Site Alteration Another type of computer sabotage occurs when a hacker breaches a computer system to delete data, change data, modify programs, or otherwise alter the data and programs located there. Data on Web sites can also be altered by hackers. CMPTR Chapter 6: Network and Internet Security and Privacy 17 Online Theft, Online Fraud, and Other Dot Cons The best protection against many dot cons is protecting your identity that is, protecting any identifying information about you that could be used in fraudulent activities. CMPTR Chapter 6: Network and Internet Security and Privacy 18 9

10 Theft of Data, Information, and Other Resources Data theft or information theft is the theft of data or information located on or being sent from a computer. It can be committed by stealing an actual computer, or it can take place over the Internet or a network by an individual gaining unauthorized access to that data by hacking into the computer or by intercepting the data in transit. CMPTR Chapter 6: Network and Internet Security and Privacy 19 Identity Theft, Phishing, and Pharming Identity theft occurs when someone obtains enough information about a person to be able to masquerade as that person usually to buy products or services in that person s name. CMPTR Chapter 6: Network and Internet Security and Privacy 20 10

11 Identity Theft, Phishing, and Pharming Phishingis the use of a spoofed message to trick the recipient into revealing sensitive personal information, such as credit card numbers. More targeted, personalized phishing schemes are known as spear phishing. Pharming is another type of scam that uses spoofed domain names to obtain personal information for use in fraudulent activities. CMPTR Chapter 6: Network and Internet Security and Privacy 21 Identity Theft, Phishing, and Pharming CMPTR Chapter 6: Network and Internet Security and Privacy 22 11

12 Protecting Against Identity Theft In addition to disclosing personal information only when it is necessary and only via secure Web pages, you should use security software and keep it up to date. To avoid phishing schemes, never click a link in an message to go to a secure Web site always type the URL for that site in your browser. To prevent identity theft, protect your Social Security number and give it out only when necessary. CMPTR Chapter 6: Network and Internet Security and Privacy 23 Protecting Against Identity Theft CMPTR Chapter 6: Network and Internet Security and Privacy 24 12

13 Online Auction Fraud and Other Internet Scams Online auction fraud (sometimes called Internet auction fraud) occurs when an online auction buyer pays for merchandise that is never delivered, or that is delivered but it is not as represented. The best protection against many dot cons is common sense. CMPTR Chapter 6: Network and Internet Security and Privacy 25 LO6.3: Cyberstalking and Other Personal Safety Concerns Topics Covered: Cyberbullying and Cyberstalking Online Pornography Protecting Against Personal Safety Concerns CMPTR Chapter 6: Network and Internet Security and Privacy 26 13

14 Cyberbullying and Cyberstalking Two of the most common ways individuals are harassed online are cyberbullyingand cyberstalking. Although there are as yet no specific federal laws against cyberstalking, all states have made it illegal, and some federal laws do apply if the online actions include computer fraud or another type of computer crime, suggest a threat of personal injury, or involve sending obscene messages. CMPTR Chapter 6: Network and Internet Security and Privacy 27 Online Pornography A variety of controversial and potentially objectionable material is available on the Internet. Although there have been attempts to ban this type of material from the Internet, they have not been successful. Because of the strong link experts believe exists between child pornography and child molestation, many experts are very concerned about the amount of child pornography that can be found and distributed via the Internet. CMPTR Chapter 6: Network and Internet Security and Privacy 28 14

15 Protecting Against Personal Safety Concerns To protect yourself against cyberstalking and other types of online harassment: Use gender-neutral, nonprovocative identifying names. Be careful about the types of photos you post of yourself online and do not reveal personal information to people you meet online. Do not respond to any insults or other harassing comments you may receive online. Consider requesting that your personal information be removed from online directories, especially those associated with your address or other online identifiers. CMPTR Chapter 6: Network and Internet Security and Privacy 29 LO6.4: Personal Computer Security Topics Covered: Hardware Loss and Damage System Failure and Other Disasters Protecting Against Hardware Loss, Hardware Damage, and System Failure Firewalls, Encryption, and Virtual Private Networks (VPNs) CMPTR Chapter 6: Network and Internet Security and Privacy 30 15

16 Hardware Loss and Damage Hardware loss can occur when a personal computer, USB flash drive, mobile device, or other piece of hard-ware is stolen or is lost by the owner. One of the most obvious types of hardware loss is hardware theft, which occurs when hardware is stolen from an individual or from a business, school, or other organization. CMPTR Chapter 6: Network and Internet Security and Privacy 31 System Failure and Other Disasters System failureis the complete malfunction of a computer system. System failure can occur because of a hardware problem, software problem, or computer virus. It can also occur because of a natural disaster, sabotage, or a terrorist attack. CMPTR Chapter 6: Network and Internet Security and Privacy 32 16

17 Protecting Against Hardware Loss, Hardware Damage, and System Failure CMPTR Chapter 6: Network and Internet Security and Privacy 33 Protecting Against Hardware Loss, Hardware Damage, and System Failure Full disk encryption (FDE) provides an easy way to protect the data on an entire computer in case it is lost or stolen. A hard drive that uses FDE, which is often referred to as a selfencrypting hard drive, typically needs a username and password or biometric characteristic before the computer containing the drive will boot. CMPTR Chapter 6: Network and Internet Security and Privacy 34 17

18 Protecting Against Hardware Loss, Hardware Damage, and System Failure Passwordsare secret words or character combinations associated with an individual. Create strong passwords: At least 8 characters long Combination of upper and lowercase letters, numbers, and symbols Do not form words found in the dictionary or that match the username that the password is associated with CMPTR Chapter 6: Network and Internet Security and Privacy 35 Protecting Against Hardware Loss, Hardware Damage, and System Failure Proper care of hardware can help prevent serious damage to a computer system: Protective cases Ruggedized devices CMPTR Chapter 6: Network and Internet Security and Privacy 36 18

19 Protecting Against Hardware Loss, Hardware Damage, and System Failure To protect hardware from damage due to power fluctuations, everyone should use a surge suppressor with a computer whenever it is plugged into a power outlet. Users who want their desktop computers to remain powered up when the electricity goes off should use an uninterruptible power supply (UPS). CMPTR Chapter 6: Network and Internet Security and Privacy 37 Protecting Against Hardware Loss, Hardware Damage, and System Failure CMPTR Chapter 6: Network and Internet Security and Privacy 38 19

20 Firewalls, Encryption, and Virtual Private Networks (VPNs) A firewall is a security system that essentially creates a barrier between a computer or network and the Internet in order to protect against unauthorized access. Encryptionis a method of scrambling the contents of an message or a file to make it unreadable if an unauthorized user intercepts it. Secure Web pagesuse encryption to protect information transmitted via that Web page. CMPTR Chapter 6: Network and Internet Security and Privacy 39 Firewalls, Encryption, and Virtual Private Networks (VPNs) Private key encryptionuses a single secret private key to both encrypt and decrypt a file or message being sent over the Internet. Public key encryption, also called asymmetric key encryption, utilizes two encryption keys to encrypt and decrypt documents. While and file encryption can be used to transfer individual messages and files securely over the Internet, a virtual private network (VPN) is designed to be used when a continuous secure channel over the Internet is needed. CMPTR Chapter 6: Network and Internet Security and Privacy 40 20

21 Firewalls, Encryption, and Virtual Private Networks (VPNs) CMPTR Chapter 6: Network and Internet Security and Privacy 41 LO6.5: Understanding Privacy Concerns Privacyis usually defined as the state of being concealed or free from unauthorized intrusion. The term information privacy refers to the rights of individuals and companies to control how information about them is collected and used. Topics Covered: Databases, Electronic Profiling, Spam, and Other Marketing Activities Protecting the Privacy of Personal Information Electronic Surveillance and Monitoring Protecting Personal and Workplace Privacy CMPTR Chapter 6: Network and Internet Security and Privacy 42 21

22 Databases, Electronic Profiling, Spam, and Other Marketing Activities Marketing databases contain marketing and demographic data about people, such as where they live and what products they buy. Information about individuals is also available in government databases. Collecting in-depth information about an individual is known as electronic profiling. CMPTR Chapter 6: Network and Internet Security and Privacy 43 Databases, Electronic Profiling, Spam, and Other Marketing Activities CMPTR Chapter 6: Network and Internet Security and Privacy 44 22

23 Databases, Electronic Profiling, Spam, and Other Marketing Activities Most businesses and Web sites that collect personal information have a privacy policy that discloses how the personal information you provide will be used. CMPTR Chapter 6: Network and Internet Security and Privacy 45 Databases, Electronic Profiling, Spam, and Other Marketing Activities Spam refers to unsolicited sent to a large group of individuals at one time. CMPTR Chapter 6: Network and Internet Security and Privacy 46 23

24 Protecting the Privacy of Personal Information For online shopping, signing up for free offers, message boards, product registration, and other activities that typically lead to junk , use a disposable or throw-away address (a second address obtained from your ISP or a free address from Windows Live Hotmail or Google s Gmail). CMPTR Chapter 6: Network and Internet Security and Privacy 47 Protecting the Privacy of Personal Information CMPTR Chapter 6: Network and Internet Security and Privacy 48 24

25 Electronic Surveillance and Monitoring Computer monitoring software: records keystrokes, log the programs or Web sites accessed, or otherwise monitors someone s computer activity. Video surveillance: the use of video cameras to monitor activities of individuals for work-related or crime-preventions purposes. Employee monitoring: recording or observing the actions of employees while on the job. Presence technology: enables one computing device to locate and identify the current status of another device on the same network. CMPTR Chapter 6: Network and Internet Security and Privacy 49 Protecting Personal and Workplace Privacy There are not many options for protecting yourself against computer monitoring by your employer or the government, or against video surveillance systems. Businesses should take the necessary security measures to ensure that employee activities are not being monitored by a hacker or other unauthorized individual. CMPTR Chapter 6: Network and Internet Security and Privacy 50 25

26 LO6.6: Network and Internet Security Legislation It s difficult for the legal system to keep pace with the rate at which technology changes. The high level of concern regarding computer security and personal privacy has led state and federal legislators to pass a variety of laws since the 1970s. CMPTR Chapter 6: Network and Internet Security and Privacy 51 LO6.6: Network and Internet Security Legislation CMPTR Chapter 6: Network and Internet Security and Privacy 52 26