Understanding the Need for Security Measures Chapter 10 Understanding the Need for Security Measures

Basic Security Concepts Threats Anything that can harm a computer Security attempts to neutralize threats Types of threats Threat to the user Threat to hardware Threat to data

Basic Security Concepts Countermeasures Steps taken to block a threat Protect the data from theft Protect the system from invasion Teaching tip It is important to note that no countermeasure is 100% effective all of the time. For proof, discuss an instance of a locked car being stolen. A truly dedicated attacker will eventually break through any security.

Threats to Users Identity Theft Impersonation private information/Fraud: Attempting to deceive someone by pretending that you are another person. Methods of stealing information Shoulder surfing (watching s/o enter personal identification) Snagging (listening through a telephone extension using a wiretap while victim gives credit card info) Dumpster diving (stealing mail containing personal information) Social engineering (tricking victims into providing critical information under pretext of s/th legitimate) High-tech methods (using internet connection in order to steal info) Shoulder surfing (watching s/o enter personal identification) Snagging (listening through a telephone extension using a wiretap while victim gives credit card info) Dumpster diving (stealing mail containing personal information) Social engineering (tricking victims into providing critical information under pretext of s/th legitimate) High-tech methods (using internet connection in order to steal info)

Threats to Users Loss of privacy Purchases are stored in a database Data is sold to other companies Public records on the Internet E.g. facebook *None of these techniques are illegal to many countries

Threats to Users Cookies Spyware Files delivered from a web site Cookies log user online activity history and passwords Spyware Software downloaded to a computer Designed to record personal information Typically undesired software Hides from users Several programs exist to eliminate Teaching tip Cookies are named after the ‘magic cookie’.

Threats to Users Web bugs Spam Small programs embedded in gif images Companies use to track usage Blocked by spyware detecting programs Spam Unsolicited commercial email Networks and PCs need a spam blocker Stop spam before reaching the inbox Spammers acquire addresses using many methods Teaching tip More information regarding web bugs can be found at en.wikipedia.org/wiki/Web_bug.

Affect the operation or reliability of your computer system Threats to Hardware Affect the operation or reliability of your computer system Power-related threats Power fluctuations Blackout Countermeasures UPS – Uninterruptible power supplies Teaching tip Visit www.apc.com for information regarding UPS solutions. Larger installations use generators to protect networks. Hospitals, grocery stores and insurance companies may all use generators. Quite often the power solution is a combination of battery and generator. The batteries run long enough for the generators to start and stabilize. Then the batteries stop and the generators provide power to the facility.

Threats to Hardware Theft and vandalism Thieves steal the entire computer Accidental or intentional damage Countermeasures Keep the PC in a secure area Lock the computer to a desk Do not eat near the computer Security watchdog Handle equipment with care Vandalism: the crime of intentionally damaging property belonging to other people

Threats to Hardware Natural disasters Disasters differ by location Typically result in total loss Disaster planning Plan for recovery List potential disasters Practice all plans Discussion point In 2004 Hurricane Ivan caused massive damage to Florida and several other states. Network administrations in Florida are used to planning for hurricanes. However, computers in Southeastern Pennsylvania suffered massive loss of data due to Ivan. How culpable are the administrators in PA who did not plan for Ivan?

List potential disasters Threats to Hardware List potential disasters Earthquake Flood Discussion point In 2004 Hurricane Ivan caused massive damage to Florida and several other states. Network administrations in Florida are used to planning for hurricanes. However, computers in Southeastern Pennsylvania suffered massive loss of data due to Ivan. How culpable are the administrators in PA who did not plan for Ivan? Fire

Threats to Data The most serious threat Data is the reason for computers Data is very difficult to replace Sometimes worth than a company itself

Threats to Data Viruses Software that distributes and installs itself Countermeasures Anti-virus software Popup blockers Do not open unknown email Teaching tip For information on specific viruses visit securityresponse.Symantec.com/. Detailed information regarding the protection from viruses, see the Computing keynote at the end of the chapter.

Threats to Data Trojan horses Cybercrime Program that poses as beneficial software User willingly installs the software Countermeasures Anti-virus software Spyware blocker Cybercrime Using a computer in an illegal act E.g. Fraud – the crime of obtaining money by deceiving people Teaching tip Ad Aware is sold by LavaSoft. The homepage is www.lavasoftusa.com/software/adaware/. Spybot is a product of Patrick M. Kolla. The true website is www.safer-networking.org/en/index.html.

Threats to Data Internet fraud Most common cybercrime Fraudulent website (dishonest and illegal website) Have names similar to genuine websites

Threats to Data Hacking Using a computer to enter another network Hacker vs. Cracker Possible damages: Steal confidential info Destroy an organization data Change original form of data

Threats to Data Cyber terrorism Attacks made at a nation data Threat first realized in 1996 Organizations combat cyber terrorism Computer Emergency Response Team (CERT) Department of Homeland Security

THE END