Chapter 6 Network and Internet Security and Privacy

Similar documents
Chapter 4 Network and Internet Security

Chapter 9 Security and Privacy

CHAPTER 8 SECURING INFORMATION SYSTEMS

Discovering Computers Living in a Digital World

Chapter 10: Security and Ethical Challenges of E-Business

Securing Information Systems

Online Threats. This include human using them!

Securing Information Systems

Securing Information Systems

IS Today: Managing in a Digital World 9/17/12

Cleveland State University General Policy for University Information and Technology Resources

ELECTRONIC BANKING & ONLINE AUTHENTICATION

Personal Cybersecurity

Securing Information Systems

INTERNET SAFETY IS IMPORTANT

Acceptable Use Policy

BEST PRACTICES FOR PERSONAL Security

Employee Security Awareness Training

Introduction to Information Security Dr. Rick Jerz

ECDL / ICDL IT Security. Syllabus Version 2.0

SECURE USE OF IT Syllabus Version 2.0

The Tension. Security vs. ease of use: the more security measures added, the more difficult a site is to use, and the slower it becomes

IT ACCEPTABLE USE POLICY

716 West Ave Austin, TX USA

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Chapter 12. Information Security Management

Online Fraud and Identity Theft Guide. A Guide to Protecting Your Identity and Accounts

Jacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope

State of New Mexico Public School Facilities Authority Information Technology (IT) Acceptable Use Policy

Identity Theft, Fraud & You. PrePare. Protect. Prevent.

II.C.4. Policy: Southeastern Technical College Computer Use

Security Awareness. Presented by OSU Institute of Technology

Securing Information Systems

Unit 2 Essentials of cyber security

3.5 SECURITY. How can you reduce the risk of getting a virus?

Who We Are! Natalie Timpone

Acceptable Use Policy

Acceptable Use Policy

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

Certified Cyber Security Analyst VS-1160

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

Cyber Security Practice Questions. Varying Difficulty

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

4 Information Security

Acceptable Use Policy

Management of IT Infrastructure Security by Establishing Separate Functional Area with Spiral Security Model

Accounting Information Systems

Review Ch. 3 Connecting to the World s Information. 2010, 2006 South-Western, Cengage Learning

Communication and Usage of Internet and Policy

Online Security and Safety Protect Your Computer - and Yourself!

Securing Information Systems Barbarians at the Gateway

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

Red Flag Regulations

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

A practical guide to IT security

SUMMARIES OF INTERACTIVE MULTIMEDIA

Lesson-1 Computer Security

Morley Chapter 04: Network and Internet Security

PROTECTING YOUR BUSINESS ASSETS

DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY

PCI Compliance. What is it? Who uses it? Why is it important?

commtech Online Holiday Shopping Tips A Guide Presented by: CommTech Industries

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

CHAPTER 3. Information Systems: Ethics, Privacy, and Security

Computer Security. Assoc. Prof. Pannipa Phaiboonnimit. Adapted for English Section by Kittipitch Kuptavanich and Prakarn Unachak

Web Cash Fraud Prevention Best Practices

How to Build a Culture of Security

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

COMMON WAYS IDENTITY THEFT CAN HAPPEN:

TERMS OF USE Terms You Your CMT Underlying Agreement CMT Network Subscribers Services Workforce User Authorization to Access and Use Services.

MULTIPLE CHOICE. Choose the one alternative that best completes the statement or answers the question.

Why you MUST protect your customer data

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Best Practices Guide to Electronic Banking

Name of Policy: Computer Use Policy

Technology in Action

God is in the Small Stuff and it all matters. .In the Small Stuff. Security and Ethical Challenges. Introduction to Information Systems Chapter 11

Securing Information Systems

Protecting Your Business From Hackers

Protect Yourself From. Identify Theft

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

13. Acceptable Use Policy

Safety and Security. April 2015

Ethics and Information Security. 10 주차 - 경영정보론 Spring 2014

Whitepaper on AuthShield Two Factor Authentication with SAP

Information Privacy and Security Training 2016 for Instructors and Students. Authored by: Office of HIPAA Administration

Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright Chapter 12 1

HIPAA UPDATE. Michael L. Brody, DPM

Securing Information Systems

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

Discussion Ppt To work on completing questions you need your book and exercise copies

Information Privacy and Security Training Authored by: Office of HIPAA Administration

Security Awareness Company Policies and Processes. For Biscuitville, Inc. with operations in North Carolina and Virginia

A Review Paper on Network Security Attacks and Defences

UNIQUE IAS ACADEMY-COMPUTER QUIZ-15

Technology in Action 12/11/2014. Cybercrime and Identity Theft (cont.) Cybercrime and Identity Theft (cont.) Chapter Topics

FAQ: Privacy, Security, and Data Protection at Libraries

FAQ. Usually appear to be sent from official address

Security and Privacy. Xin Liu Computer Science University of California, Davis. Introduction 1-1

Main area: Security Additional areas: Digital Access, Information Literacy, Privacy and Reputation

Transcription:

Chapter 6 Network and Internet Security and Privacy Learning Objectives LO6.1: Explain network and Internet security concerns LO6.2: Identify online threats LO6.3: Describe cyberstalking and other personal safety concerns LO6.4: Assess personal computer security LO6.5: Identify privacy concerns LO6.6: Discuss current network and Internet security legislation CMPTR Chapter 6: Network and Internet Security and Privacy 2 1

LO6.1: Understanding Security Concerns Computer crime or cybercrime includes any illegal act involving a computer. Cybercrime is a multibillion-dollar business that is often conducted by seasoned criminals. All computer users should be aware of the security concerns surrounding computer network and Internet use, and they should take appropriate precautions. CMPTR Chapter 6: Network and Internet Security and Privacy 3 LO6.1: Understanding Security Concerns Topics Covered: Unauthorized Access and Unauthorized Use Hacking War Driving and Wi-FI Piggybacking Interception of Communications CMPTR Chapter 6: Network and Internet Security and Privacy 4 2

Unauthorized Access and Unauthorized Use Unauthorized access occurs whenever an individual gains access to a computer, network, file, or other resource without permission typically by hacking into the resource. Unauthorized use involves using a computer resource for unauthorized activities. To explain acceptable computer use to their employees, students, or other users, many organizations and educational institutions publish guidelines for behavior, often called codes of conduct. CMPTR Chapter 6: Network and Internet Security and Privacy 5 Hacking Hacking refers to the act of breaking into a computer or network. The increased number of systems controlled by computers and connected to the Internet, along with the continually improving abilities of hackers and the increasing availability of sets of tools that allow hackers to access a system, has led to an increased risk of cyberterrorism where terrorists launch attacks via the Internet. CMPTR Chapter 6: Network and Internet Security and Privacy 6 3

War Driving and Wi-Fi Piggybacking War driving typically involves driving in a car with a portable computer looking for unsecured Wi-Fi networks to connect to. Wi-Fi piggybacking refers to accessing someone else s unsecured Wi-Fi network from the hacker s current location CMPTR Chapter 6: Network and Internet Security and Privacy 7 Interception of Communications Instead of accessing data stored on a computer via hacking, some criminals gain unauthorized access to data, files, email messages, VoIP calls, and other content as it is being sent over the Internet. A new trend is criminals intercepting credit and debit card information during the card verification process; that is, intercepting the data from a card in real time as a purchase is being authorized. CMPTR Chapter 6: Network and Internet Security and Privacy 8 4

LO6.2: Online Threats Topics Covered: Botnets Computer Viruses and Other Types of Malware Denial of Service (DoS) Attacks Data, Program, or Web Site Alteration Online Theft, Online Fraud, and Other Dot Cons Theft of Data, Information, and Other Resources Identity Theft, Phishing, and Pharming Protecting Against Identity Theft Online Auction Fraud and Other Internet Scams CMPTR Chapter 6: Network and Internet Security and Privacy 9 Botnets A computer that is controlled by a hacker or other computer criminal is referred to as a bot or zombie computer. A group of bots that are controlled by one individual and can work together in a coordinated fashion is called a botnet. According to the FBI, an estimated one million U.S. computers are currently part of a botnet. CMPTR Chapter 6: Network and Internet Security and Privacy 10 5

Computer Viruses and Other Types of Malware Malware is a generic term that refers to any type of malicious software. Virus:a program installed without the user s knowledge and designed to alter the way a computer operates or to cause harm to the computer system. CMPTR Chapter 6: Network and Internet Security and Privacy 11 Computer Viruses and Other Types of Malware CMPTR Chapter 6: Network and Internet Security and Privacy 12 6

Computer Viruses and Other Types of Malware Like a computer virus, a computer worm is a malicious program that is typically designed to cause damage. A Trojan horse is a type of malware that masquerades as something else usually an application program. CMPTR Chapter 6: Network and Internet Security and Privacy 13 Computer Viruses and Other Types of Malware CMPTR Chapter 6: Network and Internet Security and Privacy 14 7

Denial of Service (DoS) Attacks A denial of service (DoS) attack is an act of sabotage that attempts to flood a network server or Web server with so many requests for action that it shuts down or simply cannot handle legitimate requests any longer, causing legitimate users to be denied service. CMPTR Chapter 6: Network and Internet Security and Privacy 15 Denial of Service (DoS) Attacks DoS attacks today are often directed toward popular sites and typically are carried out via multiple computers. This is known as a distributed denial of service (DDoS) attack. CMPTR Chapter 6: Network and Internet Security and Privacy 16 8

Data, Program, or Web Site Alteration Another type of computer sabotage occurs when a hacker breaches a computer system to delete data, change data, modify programs, or otherwise alter the data and programs located there. Data on Web sites can also be altered by hackers. CMPTR Chapter 6: Network and Internet Security and Privacy 17 Online Theft, Online Fraud, and Other Dot Cons The best protection against many dot cons is protecting your identity that is, protecting any identifying information about you that could be used in fraudulent activities. CMPTR Chapter 6: Network and Internet Security and Privacy 18 9

Theft of Data, Information, and Other Resources Data theft or information theft is the theft of data or information located on or being sent from a computer. It can be committed by stealing an actual computer, or it can take place over the Internet or a network by an individual gaining unauthorized access to that data by hacking into the computer or by intercepting the data in transit. CMPTR Chapter 6: Network and Internet Security and Privacy 19 Identity Theft, Phishing, and Pharming Identity theft occurs when someone obtains enough information about a person to be able to masquerade as that person usually to buy products or services in that person s name. CMPTR Chapter 6: Network and Internet Security and Privacy 20 10

Identity Theft, Phishing, and Pharming Phishingis the use of a spoofed email message to trick the recipient into revealing sensitive personal information, such as credit card numbers. More targeted, personalized phishing schemes are known as spear phishing. Pharming is another type of scam that uses spoofed domain names to obtain personal information for use in fraudulent activities. CMPTR Chapter 6: Network and Internet Security and Privacy 21 Identity Theft, Phishing, and Pharming CMPTR Chapter 6: Network and Internet Security and Privacy 22 11

Protecting Against Identity Theft In addition to disclosing personal information only when it is necessary and only via secure Web pages, you should use security software and keep it up to date. To avoid phishing schemes, never click a link in an email message to go to a secure Web site always type the URL for that site in your browser. To prevent identity theft, protect your Social Security number and give it out only when necessary. CMPTR Chapter 6: Network and Internet Security and Privacy 23 Protecting Against Identity Theft CMPTR Chapter 6: Network and Internet Security and Privacy 24 12

Online Auction Fraud and Other Internet Scams Online auction fraud (sometimes called Internet auction fraud) occurs when an online auction buyer pays for merchandise that is never delivered, or that is delivered but it is not as represented. The best protection against many dot cons is common sense. CMPTR Chapter 6: Network and Internet Security and Privacy 25 LO6.3: Cyberstalking and Other Personal Safety Concerns Topics Covered: Cyberbullying and Cyberstalking Online Pornography Protecting Against Personal Safety Concerns CMPTR Chapter 6: Network and Internet Security and Privacy 26 13

Cyberbullying and Cyberstalking Two of the most common ways individuals are harassed online are cyberbullyingand cyberstalking. Although there are as yet no specific federal laws against cyberstalking, all states have made it illegal, and some federal laws do apply if the online actions include computer fraud or another type of computer crime, suggest a threat of personal injury, or involve sending obscene email messages. CMPTR Chapter 6: Network and Internet Security and Privacy 27 Online Pornography A variety of controversial and potentially objectionable material is available on the Internet. Although there have been attempts to ban this type of material from the Internet, they have not been successful. Because of the strong link experts believe exists between child pornography and child molestation, many experts are very concerned about the amount of child pornography that can be found and distributed via the Internet. CMPTR Chapter 6: Network and Internet Security and Privacy 28 14

Protecting Against Personal Safety Concerns To protect yourself against cyberstalking and other types of online harassment: Use gender-neutral, nonprovocative identifying names. Be careful about the types of photos you post of yourself online and do not reveal personal information to people you meet online. Do not respond to any insults or other harassing comments you may receive online. Consider requesting that your personal information be removed from online directories, especially those associated with your email address or other online identifiers. CMPTR Chapter 6: Network and Internet Security and Privacy 29 LO6.4: Personal Computer Security Topics Covered: Hardware Loss and Damage System Failure and Other Disasters Protecting Against Hardware Loss, Hardware Damage, and System Failure Firewalls, Encryption, and Virtual Private Networks (VPNs) CMPTR Chapter 6: Network and Internet Security and Privacy 30 15

Hardware Loss and Damage Hardware loss can occur when a personal computer, USB flash drive, mobile device, or other piece of hard-ware is stolen or is lost by the owner. One of the most obvious types of hardware loss is hardware theft, which occurs when hardware is stolen from an individual or from a business, school, or other organization. CMPTR Chapter 6: Network and Internet Security and Privacy 31 System Failure and Other Disasters System failureis the complete malfunction of a computer system. System failure can occur because of a hardware problem, software problem, or computer virus. It can also occur because of a natural disaster, sabotage, or a terrorist attack. CMPTR Chapter 6: Network and Internet Security and Privacy 32 16

Protecting Against Hardware Loss, Hardware Damage, and System Failure CMPTR Chapter 6: Network and Internet Security and Privacy 33 Protecting Against Hardware Loss, Hardware Damage, and System Failure Full disk encryption (FDE) provides an easy way to protect the data on an entire computer in case it is lost or stolen. A hard drive that uses FDE, which is often referred to as a selfencrypting hard drive, typically needs a username and password or biometric characteristic before the computer containing the drive will boot. CMPTR Chapter 6: Network and Internet Security and Privacy 34 17

Protecting Against Hardware Loss, Hardware Damage, and System Failure Passwordsare secret words or character combinations associated with an individual. Create strong passwords: At least 8 characters long Combination of upper and lowercase letters, numbers, and symbols Do not form words found in the dictionary or that match the username that the password is associated with CMPTR Chapter 6: Network and Internet Security and Privacy 35 Protecting Against Hardware Loss, Hardware Damage, and System Failure Proper care of hardware can help prevent serious damage to a computer system: Protective cases Ruggedized devices CMPTR Chapter 6: Network and Internet Security and Privacy 36 18

Protecting Against Hardware Loss, Hardware Damage, and System Failure To protect hardware from damage due to power fluctuations, everyone should use a surge suppressor with a computer whenever it is plugged into a power outlet. Users who want their desktop computers to remain powered up when the electricity goes off should use an uninterruptible power supply (UPS). CMPTR Chapter 6: Network and Internet Security and Privacy 37 Protecting Against Hardware Loss, Hardware Damage, and System Failure CMPTR Chapter 6: Network and Internet Security and Privacy 38 19

Firewalls, Encryption, and Virtual Private Networks (VPNs) A firewall is a security system that essentially creates a barrier between a computer or network and the Internet in order to protect against unauthorized access. Encryptionis a method of scrambling the contents of an email message or a file to make it unreadable if an unauthorized user intercepts it. Secure Web pagesuse encryption to protect information transmitted via that Web page. CMPTR Chapter 6: Network and Internet Security and Privacy 39 Firewalls, Encryption, and Virtual Private Networks (VPNs) Private key encryptionuses a single secret private key to both encrypt and decrypt a file or message being sent over the Internet. Public key encryption, also called asymmetric key encryption, utilizes two encryption keys to encrypt and decrypt documents. While email and file encryption can be used to transfer individual messages and files securely over the Internet, a virtual private network (VPN) is designed to be used when a continuous secure channel over the Internet is needed. CMPTR Chapter 6: Network and Internet Security and Privacy 40 20

Firewalls, Encryption, and Virtual Private Networks (VPNs) CMPTR Chapter 6: Network and Internet Security and Privacy 41 LO6.5: Understanding Privacy Concerns Privacyis usually defined as the state of being concealed or free from unauthorized intrusion. The term information privacy refers to the rights of individuals and companies to control how information about them is collected and used. Topics Covered: Databases, Electronic Profiling, Spam, and Other Marketing Activities Protecting the Privacy of Personal Information Electronic Surveillance and Monitoring Protecting Personal and Workplace Privacy CMPTR Chapter 6: Network and Internet Security and Privacy 42 21

Databases, Electronic Profiling, Spam, and Other Marketing Activities Marketing databases contain marketing and demographic data about people, such as where they live and what products they buy. Information about individuals is also available in government databases. Collecting in-depth information about an individual is known as electronic profiling. CMPTR Chapter 6: Network and Internet Security and Privacy 43 Databases, Electronic Profiling, Spam, and Other Marketing Activities CMPTR Chapter 6: Network and Internet Security and Privacy 44 22

Databases, Electronic Profiling, Spam, and Other Marketing Activities Most businesses and Web sites that collect personal information have a privacy policy that discloses how the personal information you provide will be used. CMPTR Chapter 6: Network and Internet Security and Privacy 45 Databases, Electronic Profiling, Spam, and Other Marketing Activities Spam refers to unsolicited email sent to a large group of individuals at one time. CMPTR Chapter 6: Network and Internet Security and Privacy 46 23

Protecting the Privacy of Personal Information For online shopping, signing up for free offers, message boards, product registration, and other activities that typically lead to junk email, use a disposable or throw-away email address (a second address obtained from your ISP or a free email address from Windows Live Hotmail or Google s Gmail). CMPTR Chapter 6: Network and Internet Security and Privacy 47 Protecting the Privacy of Personal Information CMPTR Chapter 6: Network and Internet Security and Privacy 48 24

Electronic Surveillance and Monitoring Computer monitoring software: records keystrokes, log the programs or Web sites accessed, or otherwise monitors someone s computer activity. Video surveillance: the use of video cameras to monitor activities of individuals for work-related or crime-preventions purposes. Employee monitoring: recording or observing the actions of employees while on the job. Presence technology: enables one computing device to locate and identify the current status of another device on the same network. CMPTR Chapter 6: Network and Internet Security and Privacy 49 Protecting Personal and Workplace Privacy There are not many options for protecting yourself against computer monitoring by your employer or the government, or against video surveillance systems. Businesses should take the necessary security measures to ensure that employee activities are not being monitored by a hacker or other unauthorized individual. CMPTR Chapter 6: Network and Internet Security and Privacy 50 25

LO6.6: Network and Internet Security Legislation It s difficult for the legal system to keep pace with the rate at which technology changes. The high level of concern regarding computer security and personal privacy has led state and federal legislators to pass a variety of laws since the 1970s. CMPTR Chapter 6: Network and Internet Security and Privacy 51 LO6.6: Network and Internet Security Legislation CMPTR Chapter 6: Network and Internet Security and Privacy 52 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback