Chapter Nine (Part 2)

Objectives Overview Describe various types of network attacks, and identify ways to safeguard against these attacks, including firewalls and intrusion detection software Discuss techniques to prevent unauthorized computer access and use Identify safeguards against hardware theft and vandalism Identify risks and safeguards associated with wireless communications Discuss ways to prevent health-related disorders and injuries due to computer use Discuss issues surrounding information privacy See Page 381 for Detailed Objectives Discovering Computers Fundamentals, 2011 Edition Chapter 10

Computer Security Risks A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability. Security Risk Pages 382 - 383 Figure 10-1 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Internet and Network Attacks An infected computer has one or more of the following symptoms: Operating system runs much slower than usual Available memory is less than expected Files become corrupted Screen displays unusual message or image Music or unusual sound plays randomly Existing programs and files disappear Programs or files do not work properly Unknown programs or files mysteriously appear System properties change Operating system does not start up Operating system shuts down unexpectedly Page 384 Discovering Computers Fundamentals, 2011 Edition Chapter 10

How a Virus Can Spread through an E-mail Message?? Virus hide in document & attach trough e-mail. Send e-mail to thousand of user around the world. Didn’t open the email message by non recognize sender but immediately delete. No infected by virus. Infected with virus if open the attachment document. Page 385 Figure 10-2 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Internet and Network Attacks Pages 385 – 387 Figure 10-4 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Internet and Network Attacks Antivirus Program Page 386 Figure 10-3 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Denials of Service Attacks - DoS Attacks Internet and Network Attacks a group of compromised computers connected to a network (Internet) are used to attack others network. A compromise computers, known as a zombie (computer is being control by an outsider.) Botnets the purpose is to disrupt computer access to an Internet service (eg: Web/e-mail) The victim effected; network slow down, unresponsive or unavailable, blocking from accessing the network. Denials of Service Attacks - DoS Attacks a program or set of instructions in a program that allow users to bypass security controls. (Eg : accessing a program, computing or network) can modify an existing program include a back door to access the computer remotely without knowing by owner. Back Doors a technique intruders use to make their network or Internet transmission appear legitimate to victim computer or network. (Eg E-mail or IP Spoofing) Perpetrator will send spam, virus hoaxes or phishing scams and interact user uses the phony website (fake e.banking) Spoofing

Internet and Network Attacks A firewall is hardware and/or software that protects a network’s resources from intrusion Click to view Web Link, click Chapter 10, Click Web Link from left navigation, then click Firewalls below Chapter 10 Pages 388 - 389 Figure 10-5 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Internet and Network Attacks Intrusion detection software Analyzes all network traffic Assesses system vulnerabilities (weakness) Identifies any unauthorized intrusions Notifies network administrators of suspicious behavior patterns or security breaches Page 389 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Discovering Computers Fundamentals, 2011 Edition Chapter 10 Exercise 1 Match the term with their definition? 1 The technique intruders use to make their network or Internet transmission appear to a victim computer or network. Classified of program that act without user’s knowledge to alter computer operations like virus, worm, Trojan horses and rootkits. The hardware and/or software that protects a network’s resources from intrusion. Whose purposely is to disrupt computer access to an Internet service. Spoofing Phishing 2 Firewall Malware DoS Attacks Spoofing 3 Malware Firewall 4 DoS Attacks Discovering Computers Fundamentals, 2011 Edition Chapter 10

Unauthorized Access and Use Unauthorized access is the use of a computer or network without permission Unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities Page 389 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Unauthorized Access and Use Access controls define who can access a computer, when they can access it, and what actions they can take Username & Password Possessed Objects Biometric Devices Two-Phase Process Identification Authentication Three method of Identification & Authentication Pages 389 - 390 Figure 10-6 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Unauthorized Access and Use Method of Identification & Authentication Username & Password Username is a unique combination of characters and password is a private combination of characters. Some website use Completely Automated Public to Computers and Humans Apart (CAPTCHA) program to verifies user input. Possessed Object Any item that you must carry to gain access to a computer or computer facility. Example : cards (bank card), ID cards and keys (PIN). Personal Identification Number (PIN) provide an additional level of security. Biometric Device Authenticates a person’s identity by translating a personal characteristic into a digital code that is compared with a digital code in a computer. Example : fingerprint, hand geometry, face recognition, voice verification, signature, iris recognition and retinal scanners. Discovering Computers Fundamentals, 2011 Edition Chapter 10

Unauthorized Access and Use Digital forensics is the discovery, collection, and analysis of evidence found on computers and networks Many areas use digital forensics Law enforcement Criminal prosecutors Military intelligence Insurance agencies Information security departments Page 392 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Exercise 2 T / F For each of the following statements, answer T for TRUE or F for FALSE. 1 Unauthorized access is the use of a computer or its data for unapproved or illegal activities. 2 ATM card is one of possessed object that allows access to your bank account. 3 Many system implement access controls using a phase process called identification or authentication. 4 Digital forensics involves the examination of computer media, programs, data and log files on component, server and network. 5 A CAPTCHA display a series of distorted characters and requires the user to enter the characters and this is one of identification technique.

Hardware Theft and Vandalism Hardware theft is the act of stealing computer equipment Hardware vandalism is the act of defacing or destroying computer equipment Page 393 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Hardware Theft and Vandalism To help the reduce of chances of theft, companies and schools use a variety of security measures Physical access controls Alarm systems Cables to lock equipment Real time location system (RTLS) Passwords, possessed objects, and biometrics Click to view Web Link, click Chapter 10, Click Web Link from left navigation, then click RTLS below Chapter 10 Page 393 Figure 10-9 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Wireless Security Wireless access poses additional security risks About 80 percent of wireless networks have no security protection War driving allows individuals to detect wireless networks while driving a vehicle through the area A wireless access point should not broadcast a network name Change the default network name Configure a WAP so that only certain devices can access it Use WPA or WPA2 security standards Page 397 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Health Concerns of Computer Use The widespread use of computers has led to health concerns Repetitive strain injury (RSI) Tendonitis - Pain with movement of muscles and tendons Carpal tunnel syndrome (CTS) - numbness Computer vision syndrome (CVS) blur, headache etc Page 398 Figure 10-15 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Health Concerns of Computer Use Page 398 Figure 10-16 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Health Concerns of Computer Use Ergonomics is an applied science devoted to incorporating comfort, efficiency, and safety into the design of items in the workplace Page 399 Figure 10-17 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Health Concerns of Computer Use Computer addiction occurs when the computer consumes someone’s entire social life Symptoms of users include: Craves computer time Overjoy when at the computer Unable to stop computer activity Irritable when not at the computer Neglects family and friends Problems at work or school Page 399 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Discovering Computers Fundamentals, 2011 Edition Chapter 10 Ethics and Society Computer ethics are the moral guidelines that govern the use of computers and information systems Information accuracy is a concern Not all information on the Web is correct Page 399 – 401 Figure 10-19 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Discovering Computers Fundamentals, 2011 Edition Chapter 10 Ethics and Society Spam is an unsolicited e-mail message or newsgroup posting E-mail filtering blocks e-mail messages from designated sources Anti-spam programs attempt to remove spam before it reaches your inbox Pages 404 - 405 Figure 10-23 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Discovering Computers Fundamentals, 2011 Edition Chapter 10 Ethics and Society Phishing is a scam in which a perpetrator sends an official looking e-mail message that attempts to obtain your personal and financial information Pharming is a scam where a perpetrator attempts to obtain your personal and financial information via spoofing Page 405 Figure 10-24 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Discovering Computers Fundamentals, 2011 Edition Chapter 10 Ethics and Society Privacy Law - The concern about privacy has led to the enactment of federal and state laws regarding the storage and disclosure of personal data See Figure 10-25 on page 406 for a listing of major U.S. government laws concerning privacy. Page 406 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Discovering Computers Fundamentals, 2011 Edition Chapter 10 Ethics and Society Social engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of trust and naivety Employee monitoring involves the use of computers to observe, record, and review an employee’s use of a computer Pages 405 - 407 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Discovering Computers Fundamentals, 2011 Edition Chapter 10 Ethics and Society Content filtering is the process of restricting access to certain material on the Web Many businesses use content filtering Web filtering software restricts access to specified Web sites Page 407 Figure 10-26 Discovering Computers Fundamentals, 2011 Edition Chapter 10

Objectives Overview Describe various types of network attacks, and identify ways to safeguard against these attacks, including firewalls and intrusion detection software Discuss techniques to prevent unauthorized computer access and use Identify safeguards against hardware theft and vandalism Identify risks and safeguards associated with wireless communications Discuss ways to prevent health-related disorders and injuries due to computer use Discuss issues surrounding information privacy See Page 381 for Detailed Objectives Discovering Computers Fundamentals, 2011 Edition Chapter 10

Chapter Nine Chapter 9 Complete