Class 7 LBSC 690 Information Technology Security.

Slides:

Advertisements

Similar presentations

Unit 1 Living in the Digital WorldChapter 1 Lets Communicate Internet Safety.

Advertisements

4 Information Security.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Acceptable Use Policy –The Acceptable Use Policy defines the rules of the machine and internet connection you are on. –Specific policies differ by machine.

Week 13 LBSC 690 Information Technology Social Issues.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

Chapter 9: Privacy, Crime, and Security

Security+ Guide to Network Security Fundamentals

James Tam Computer Security Concepts covered Malicious computer programs Malicious computer use Security measures.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Class 7 LBSC 690 Information Technology Social Issues & Control of Information.

Web Security A how to guide on Keeping your Website Safe. By: Robert Black.

1 McGraw-Hill/Irwin Copyright © 2004, The McGraw-Hill Companies, Inc. All rights reserved. Ethical Challenges Ethics Principles of right and wrong that.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Lecture 11 Reliability and Security in IT infrastructure.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Discovering Computers 2010

Internet safety By Lydia Snowden.

Lecture # 34 Privacy and Security. Passwords Spam Scams Viruses and Worms (Malware) Intellectual Property and Copyright Cookies Encryption Back-Ups.

Chapter 11 Security and Privacy: Computers and the Internet.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

ISNE101 Dr. Ken Cosh Week 14. This Week  Challenges (still) facing Modern IS  Reliability  Security.

IT security Sherana Kousar 11a/ib1  A virus is a file written with the intention of doing harm, or for criminal activity  Example of viruses are: 

BUSINESS B1 Information Security.

Staying Safe Online Keep your Information Secure.

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

Chapter 8 Safeguarding the Internet. Firewalls Firewalls: hardware & software that are built using routers, servers and other software A point between.

 A viruses is a program that can harm or track your computer. E.g. browser hijacker.  When a viruses accesses the computer it can accesses the HDD and.

INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.

CHAPTER 7: PRIVACY, CRIME, AND SECURITY. Privacy in Cyberspace  Privacy: an individual’s ability to restrict or eliminate the collection, use and sale.

Session 7 LBSC 690 Information Technology Security.

Ethics and Computer Invaders. What are ‘Ethics’? Personal code of conduct accepted by society Using technology appropriately.

Types of Electronic Infection

Ethics in Computers. Top 12 Ways to Protect Your Online Privacy 1) Do not reveal personal information inadvertently 2) Turn on cookie notices in your.

Protecting Students on the School Computer Network Enfield High School.

Digital Citizen Project Xiomara Hernandez. Topics Defined Netiquette on Social Media Sites Copyright and Fair Use Plagiarism Safety on the Internet Safety.

Prepared by Natalie Rose1 Managing Information Resources, Control and Security Lecture 9.

Educational Computing David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 204 Spring 2009.

Security CS Introduction to Operating Systems.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

Chap1: Is there a Security Problem in Computing?.

 Carla Bates Technology and Education ED 505.  Social Media Sites are interactive webpages, blogs, and other user created sites that all others to create,

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Computer Security By Duncan Hall.

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Security and Ethics Safeguards and Codes of Conduct.

Virus Assignment JESS D. How viruses affect people and businesses  What is a virus? A computer virus is a code or a program that is loaded onto your.

Woodland Hills School District Computer Network Acceptable Use Policy.

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

Any criminal action perpetrated primarily through the use of a computer.

Digital Footprints Cyberbullying Passwords The Digital Community Staying Safe Online

Information Systems Design and Development Security Precautions Computing Science.

Cyber crimes is the most popular news we come across daily In good olden days there were no development in the usage of computers as we have now As.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

Chapter 40 Internet Security.

CHAPTER FOUR OVERVIEW SECTION ETHICS

How to build a good reputation online

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Lesson 2- Protecting Yourself Online

– Communication Technology in a Changing World

CHAPTER FOUR OVERVIEW SECTION ETHICS

Lesson 2- Protecting Yourself Online

Privacy, Security, and Ethics

Presentation transcript:

Class 7 LBSC 690 Information Technology Security

Agenda Questions Computing as a social process Complex systems

Limiting the Use of Computing/IT Variety of justifications –Parental control Web browsing software, time limits –Intellectual property protection Copyright, trade secrets –National security Classified material –Censorship

Techniques for Limiting Use Access control –Effective multilevel security is hard to achieve Copy protection –Hardware and software Licensing –Shrink-wrap, Shareware, GNU Public license Digital watermarks –Provide a basis for prosecution

Anonymity Serves several purposes –Sensitive issues on discussion groups –Brainstorming –Whistleblowers –Marketing (“Spam”) Common techniques –Anonymous r ers –Pseudonyms

Nettiquite Mailing lists and USENET News –“Emily Postnews” on comp.announce.newusers Some simple guidelines –Send private replies unless a public one is needed –Limit business uses to appropriate venues –Don’t send unsubscribe requests to the list –Read the FAQ before asking one –Avoid things that start “flames” unless you intend to

Computing/IT as a Social Process Programs must implement social norms –Ownership –Identity –Integrity –Privacy Two basic techniques are used –Authentication –Encryption

Ownership Who has the right to use a computer? Who establishes this policy? How? –What equity considerations are raised? Can someone else deny access? –Denial of service attacks How can denial of service be prevented? –Who can gain access and what can they do?

Identity Establishing identity permits access control What is identity in cyberspace? –Attribution When is it desirable? –Impersonation How can it be prevented? Forgery is really easy –Just set up your mailer with bogus name and

Authentication Used to establish identity Two types –Physical (Keys, badges, cardkeys, thumbprints) –Electronic (Passwords, digital signatures) Protected with social structures –Report lost keys –Don’t tell anyone your password Password sniffers will eventually find it

Good Passwords Long enough not to be guessed –Programs can try every combination of 4 letters Not in the dictionary –Programs can try every word in a dictionary –And every date, and every proper name,... –And even every pair of words Mix upper case, lower case, numbers, etc. Change it often and use one for each account

Integrity How do you know what’s there is correct? –Attribution is invalid if the contents can change Access control would be one solution –No system with people has perfect access control Risks digest provides plenty of examples! Encryption offers an alternative

Privacy What privacy rights do computer users have? –On ? –When using computers at work? At school? –What about your home computer? What about data about you? –In government computers? –Collected by companies and organizations? Does obscurity offer any privacy?

Encryption Separate keys for writing and reading –Pretty Good Privacy (PGP) is one “standard” Identity –“Digital signature” from a private write key Integrity –Public read key will decode only one write key Privacy –Either write key or read key can be kept secret

Cookies Web servers know a little about you –Machine, prior URL, browser, From this they can guess a little more –Path you followed, who is on that machine Cookies allow them to remember things –They send you a string and your browser stores it –If they ask for the string, your browser provides it –The string can represent identity and/or information

Access Control Issues Protect system administrator access –Greater potential for damaging acts –What about nefarious system administrators? Trojan horses –Intentionally undocumented access techniques Firewalls –Prevent unfamiliar packets from passing through –Makes it harder for hackers to hurt your system

Denial of Service Attacks Viruses –Platform dependent –Typically binary Virus checkers –Need frequent updates Flooding –The Internet worm –Chain letters

Policy Solutions Five guidelines –Establish policies –Authenticate –Authorize –Audit –Supervise CSC Acceptable Use Policy

Crisis Management Computer Emergency Response Team –Issues advisories about known problems –Need to make sure these reach the right people Information Warfare –We depend on our information infrastructure –How can we prevent attacks against it? Hacking is individual, this would be organized –Policy for this is still being worked out

Complex System Issues Critical system availability –Who needs warfare - we do it to ourselves! Understandability –Why can’t we predict what systems will do? Nature of bugs –Why can’t we get rid of them? Audit-ability –How can we learn to do better in the future?

Midterm Structure One hour and 15 minutes Approximately 4 questions –Each may have multiple parts Open Book (Oakman only) –You may hand write anything in your Oakman –No extra pages of notes The software you may use will be specified You may bring a calculator

Midterm Advice The only goal is to get points! –Spend each minute in the best place Develop a strategy for each question type –Guessing CAN hurt on multiple choice –Don’t write a page when a sentence will do Study concepts, not details –Grading rewards conceptual understanding –Don’t expect a clone of the sample exams

Questions ????????????