Computers Are Your Future © 2005 Prentice-Hall, Inc.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 2 Computers Are Your Future Chapter 9 E-Commerce, Privacy, and Security

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 3 What You Will Learn About Business-to-business and business-to-consumer e-commerce The fastest growing public e-commerce applications The threat to privacy posed by the Internet Technological developments, eroding privacy, and anonymity How attackers and intruders gain entry to computer systems Keeping a computer system safe from unauthorized access and computer viruses How encryption is used to guard privacy of information online The U.S. government’s proposed key recovery plan

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 4 Understanding Electronic Commerce Electronic commerce, or e-commerce, consists of using telecommunications to carry out business. Types of e-commerce:  Business-to-Business (B2B)Business-to-Business (B2B)  Business-to-Consumer (B2C)  Online shopping Online shopping  Online travel reservations Online travel reservations  Online banking Online banking  Online stock trading Online stock trading

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 5 Business-to-Business E-Commerce B2B e-commerce involves one business providing another business with materials and supplies. Businesses lease network capacity from a value-added network (VAN). Standards called electronic data interchange (EDI) specify how companies set up financial transactions. Manufacturer Suppliers Logistics Retailer

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 6 Online shopping is becoming more popular each year. Click-and-brick is the term given to a retail store that also has an online store. The most successful online stores are Amazon.com, Autobytel.com, and eBay. Online Shopping

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 7 Online Travel Reservations Web sites such as CheapTickets.com and Expedia.com offer online travel reservations. Airline flights, hotels, and car rentals can be booked online.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 8 Online Banking Online banking offers customers the ability to access their accounts, balance checkbooks, transfer funds, and pay bills. All information is stored on the bank’s computers which allows access from anywhere. The browser’s secure mode is used to encrypt data.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 9 Online Stock Trading Online stock trading enables investors to buy and sell stocks on the Internet. They account for one out of every six stock trades. They offer a low, usually less than $10, charge per trade.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 10 Privacy in Cyberspace Privacy refers to an individual’s ability to restrict the collection, use, and sale of confidential personal information. The Internet is eroding privacy through the selling of information collected through registration forms on Web sites. Few laws regulate selling personal information. Technology is not only making it easier to invade someone’s privacy, but it is also providing a means to protect against privacy invasion.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 11 Technology and Anonymity Anonymity is the ability to convey a message without disclosing one ’ s identity. It can be abused because it frees people from accountability. Computers and the Internet enable others to collect information in ways that are hidden from the user ’ s view. Information technologies used on the Internet are:  Cookies Cookies  Global Unique Identifiers (GUIDs) Global Unique Identifiers (GUIDs)

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 12 Cookies Cookies are small files that are written to an individual ’ s hard drive whenever a Web site is visited. Legitimate purposes of cookies include recording information for future use. Example: retail sites using “ shopping carts. ” Questionable practices include banner ad companies tracking a user ’ s browsing actions and placing banner ads on Web sites based on those actions.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 13 Example of Cookies

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 14 Global Unique Identifiers (GUIDs) A GUID is a unique identification number generated by hardware or a program. It is used to send user information back to the site that created it.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 15 Protecting Your Privacy Online Browse anonymously by using Web sites such as or Disable cookies on your Web browser. Use free addresses for information placed on Web sites. Don’t divulge personal information to online strangers. Make sure registration forms have a privacy policy statement.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 16 Protecting Your Privacy at Work Laws do not protect employees from being monitored by their employers. Companies are concerned about employees:  Giving trade secrets to competitors  Creating sexual harassment lawsuits by circulating offensive jokes via Three-quarters of large corporations monitor employees ’ phone calls, , Web browsing habits, and computer files.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 17 Protecting Privacy at Work Rules to follow while at work: 1.Do not use the employer ’ s phone for personal calls. 2.Do not use the employer ’ s for personal messages. 3.Assume everything you do at work is being monitored.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 18 Computer Crime and Cybercrime Computer crimes occur when intruders gain unauthorized access to computer systems. Techniques used to gain access:  Password guessing  Shoulder surfing  Packet sniffing  Dumpster diving  Social engineering  Superuser status

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 19 Computer Crime and Cybercrime Techniques used by insiders:  Salami shaving  Data diddling can be forged and the sender’s tracking data can be removed from the message. Security loophole detection programs search for unprotected or poorly protected computer systems.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 20 Computer Viruses Computer viruses are malicious programs that infect a computer system causing various problems with its use. Viruses replicate and attach themselves to programs in the system. There are more than 20,000 different computer viruses with the number growing daily.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 21 How Virus Infections Spread Virus Infections spread by:  Inserting a disk with an infected program and then starting the program  Downloading an infected program from the Internet  Being on a network with an infected computer  Opening an infected attachment

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 22 Types of Viruses File Infectors  Attach themselves to program files  Spread to other programs on the hard drive  Are the most common type of virus Boot Sector Viruses  Attach themselves to the boot sector of a hard drive  Execute each time the computer is started  May lead to the destruction of all data

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 23 Types of Viruses Macro Viruses  Infect the automatic command capabilities of productivity software  Attach themselves to the data files in word processing, spreadsheet, and database programs  Spread when the data files are exchanged between users

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 24 More Rogue Programs Time Bombs  Also called logic bombs  Harmless until a certain event or circumstance activates the program Worms  Resemble a virus  Spread from one computer to another  Control infected computers  Attack other networked computers Trojan Horses  Disguise themselves as useful programs  Contain hidden instructions  May erase data or cause other damage

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 25 Identity Theft Identity theft is one of the fastest growing crimes in the United States and Canada. Identity theft occurs when enough information about an individual is obtained to open a credit card account in their name and charge items to that account. Examples of information needed are name, address, social security number, and other personal information. Laws limit liability to $50 for each fraudulent charge. An individual’s credit report is affected by identity theft.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 26 Meet the Attackers Hackers  Computer hobbyists  Find weaknesses and loopholes in computer systems  Rarely destructive  Adhere to the hacker’s code of ethics Cyber Gangs  Bring crackers together by way of the Internet and meetings Crackers  Also called black hats  Obsessed with entering secure computer systems  Rarely destructive  Leave calling cards on the systems they enter Virus Authors  Usually teenage males  Push the boundaries of antivirus software  Create viruses that are very damaging

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 27 More Attackers Disgruntled Employees  Sabotage their company ’ s computer system  Create security holes called trap doors  May divulge trade secrets or destroy data Swindlers  Use the Internet to scam money from people  Use scams like rip and tear, pumping and dumping, and bogus goods Spies  Participate in corporate espionage  Are hackers or former employees  Involved in industrial espionage in 125 countries Shills  Use Internet auctions  Secret operatives who bid on a seller ’ s item to drive up the bid

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 28 Cyberstalkers and Sexual Predators Cyberstalking is the newest and fastest growing crime. Cyberstalkers and sexual predators use the Internet and other electronic media to harass and threaten people. Most perpetrators are men. Most victims are women. Children are at risk from online sexual predators.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 29 Information Warfare Information warfare is the use of information technologies to corrupt or destroy an enemy's information and industrial infrastructure. An enemy attack would include:  Electronic warfare  Network warfare  Structural sabotage Information terrorism is a mounting threat.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 30 Security Risks Computer security risk is any event, action, or situation that leads to the loss of computer systems or their data. The cost of computer crime:  Staff time – The computer staff stops everything and focuses on the problem  Downtime – The system is shutdown until it ’ s safe to operate again  Fraud and theft – The company pays when computers and parts are missing due to theft  Adverse publicity – Crimes go unreported because of the fear of publicity of the loss

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 31 Security Risks The cost of computer crime continued:  Loss of privacy – Sensitive personal information can end up in the hands of criminals  Risk to public safety – Many government agencies rely on computers to maintain public safety  Denial of service – Internet service becomes overloaded and doesn’t function

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 32 Protecting Your Computer System To protect a computer from power-related problems you should:  Use programs that have an auto save/auto recovery function  Equip the system with an uninterruptible power supply, a battery-powered device that automatically turns on when the power is interrupted

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 33 Controlling Access To control access to a computer:  Use authentication passwords  Use callback systems  Use “know & have” authentication  Tokens – Electronic devices that generate a logon code  Smartcards – Credit card-sized devices with internal memory  Biometric authentication – Voice recognition, retinal scans, thumbprints, and facial recognition

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 34 Using Firewalls Firewalls are programs that are designed to prohibit outside sources from accessing the computer system. A personal firewall is designed to protect home computers from unauthorized access while being connected to the Internet.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 35 Using Antivirus Programs Antivirus programs are called vaccines or virus checkers. They use pattern-matching techniques to examine program files for patterns of virus code. Two drawbacks:  They cannot find viruses not in their database.  They cannot find new viruses that alter themselves to evade detection. Use antivirus programs that offer frequent updates and monitor system functions. Check disks that were used on another system for viruses.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 36 Backing Up Data Back up programs and data regularly. Store backups away from the computer system. Types of backups:  Full backups – Back up everything stored on the computer once a month  Incremental backups – Daily or weekly back up of only those files that have changed since the last back up  Disaster recovery plan – Large organizations should develop a detailed plan for emergencies

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 37 Avoiding Scams Only conduct business with established companies. Read the fine print. Don ’ t provide financial or personal information to anyone. Be skeptical about information received in chat rooms.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 38 Preventing Cyberstalkers Don ’ t share personal information in chat rooms. Be extremely cautious about meeting anyone you ’ ve contacted online. Contact the police if a situation occurs that makes you feel afraid while online.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 39 The Encryption Debate Encryption is the coding and scrambling process by which a message is made unreadable except by the intended recipient. Encryption is needed for electronic commerce. The potential for encryption's misuse troubles law enforcement officials.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 40 Encryption Basics A readable message is called plaintext. An encryption key is a formula used to make plaintext unreadable. The coded message is called ciphertext. An encryption technique called rot-13 is used in chat rooms and Usenet discussions. I LOVE YOU V YBIR LBH

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 41 Encryption Basics Symmetric key encryption are encryption techniques that use the same key to encrypt and decrypt a message. Strong encryption refers to encryption methods that are used by banks and military agencies and are nearly impossible to break.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 42 The Problem of Key Interception Rot-13 is not a secure encryption system. Symmetric key encryption systems are vulnerable to key interception, or having their key stolen.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 43 Public Key Encryption Public key encryption uses two different keys.  Public key is the encryption key.  Private key is the decryption key. They are used in e-commerce transactions. A secure channel for information is provided when the keys are used.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 44 Digital Signatures and Certificates Digital signatures are a technique used to guarantee that a message has not been tampered with. Digital certificates are a technique used to validate one’s identity. Secure Electronic Transactions (SET) are online shopping security standards used to protect merchants and customers from credit card fraud.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 45 Public Key Infrastructure (PKI) A public key infrastructure is a uniform set of encryption standards that specify how public key encryption, digital signatures, and digital certificates should be implemented.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 46 Public Security Issues of Strong Encryption Encryption can be used for illegal as well as legitimate means. Encryption will devastate law enforcement ’ s ability to fight crime. Law enforcement agencies are asking for laws enabling them to eavesdrop on encrypted messages.  Clipper Chip  Key escrow plan  Key recovery

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 47 Chapter 9 Summary Electronic commerce involves: Business-to-business Online shopping Online banking Online stock trading Online travel reservations Sensitive personal information is for sale on the Internet. Web sites collect personal information without informing their visitors. Anonymity is the ability to convey a message without disclosing one’s identity. Cookies provide a way for Web sites to record one’s browsing activities. GUIDs make anonymous usage of the Internet difficult.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 48 Chapter 9 Summary continued Many employers monitor their employees phone calls, , Web browsing habits, and computer files. Most unauthorized computer access goes undetected. The Internet enables intruders to attack computer systems from anywhere in the world. Computer viruses are not limited to program files. Most computer crime is committed by disgruntled employees. Companies suffer huge losses due to computer crime.

Computers Are Your Future Chapter 9 © 2005 Prentice-Hall, IncSlide 49 Chapter 9 Summary continued Computer systems need tighter authentication methods such as callback systems, smartcards, and biometric authentication. To protect your data: Back up data regularly Disable macro features Run antivirus programs regularly Public key encryption uses an encryption key and a decryption key. Security agencies fear that public key encryption will prevent them from detecting illegal activities. The longer the key length, the stronger the encryption. A public key infrastructure is a set of uniform encryption standards.