Computer Security and Privacy Chapter 5

Plymouth State University Computer Benefits Allow us to accomplish many tasks Provide us with lots of information Store and retrieve information for us Allow us to browse the Web Make businesses and individuals more efficient Plymouth State University

WHY BE CONCERNED ABOUT COMPUTER SECURITY? Theft or damage of hardware Losing data (companies and individuals) Buying pirated or digitally counterfeited products online. Plymouth State University

Potential Hardware Problems Hardware loss (hardware theft or lost hardware) Hardware damage ( both intentional and unintentional System failure Hardware problem Natural or man- made disaster. Plymouth State University

Computer Concerns and Protection Hackers Viruses & Worms Firewalls

Cyberthreats Hackers Crackers People who gain unauthorized access to computers or networks, often for fun or to see if they can (not good) Crackers Malicious hackers who break into computers for malicious purposes

Threats to Computers: Theft Hardware Software Information Malice & destruction Theft of PDAs, cell phones, etc. as well as computers A computer crime can be of two types: (1) It can be an illegal act perpetrated against computers or telecommunications, or (2) it can be the use of computers or telecommunications to accomplish an illegal act. Hardware – shoplifting or stealing equipment parts from a computer lab Software – illegally copying software; The Software Publishers Association has a toll free number for reporting illegal copying, Time & services – operating sideline businesses at work, using employer’s time to play games, online shopping, etc. Information – stealing and selling private and personal information Malice & destruction - vandalism 11/2/00 Plymouth State University

Security Security is extremely important in today’s network environment Hackers can be a serious problem for both corporate and private computers Physical and software security are used

Threats to Computers: Natural & Other Hazards Natural hazards Terrorism Natural hazards Floods Fires Earthquakes Tornadoes Hurricanes Blizzards 11/2/00 Plymouth State University

Security: Safeguarding Computers Disaster-recovery plans A method of restoring information-processing operations that have been halted by destruction or accident Reinforced by 2001 World Trade Center attack Reinforced by company data losses incurred during 2005 Hurricane Katrina Plans range in price and complexity from Backing up data from disk to tape, CD, or zip disk, with a UPS Automatically storing data redundantly in two places Having an off-site computerized data storage center with independent power supply Having a complete “hot” redundant data center that can instantly be used if there is a disaster More $$$ 11/2/00 Plymouth State University

Protecting Your Computer Safeguards Use antivirus software, and keep it current Install a firewall to filter out undesirable traffic Install antispyware software Encrypt financial and personal records Back up your data, so if your PC is attacked and must be reformatted, you can restore your data

Plymouth State University Preventing Data Loss Backup files often! External hard drive Plymouth State University

Software Security IDs and Passwords Assigned to users, must be protected Need to use password that is not obvious Should be changed periodically Some systems force users to change them

Plymouth State University Protecting Computers Door locks Equipment locks Tracking software Ruggedized devices Surge supressors Uninterruptable Power Supply Plymouth State University

Plymouth State University Precautions To protect against hardware theft, door and equipment locks can be used. To protect against accidental hardware damage, surge suppressors, uninterruptible power supplies ( UPSs) should be used. Storage media care, and precautions against excess dust, heat, and static electricity. Plymouth State University

Plymouth State University Protection Ruggedized devices can be used when necessary. To protect against data loss, backups are essential for both individuals and businesses Disaster recovery plan for natural and man- made disasters. Plymouth State University

Plymouth State University Encryption Encryption can be used to protect individual files and the content of data stored on a storage medium. Full disk encryption ( FDE) and self- encrypting hard drives can be used to encrypt all the content located on a hard drive automatically. Plymouth State University

Protecting Data Encryption Scrambles data before storing The process of altering readable data into unreadable form to prevent unauthorized access Scrambles data before storing Uses encryption key

SOFTWARE PIRACY AND DIGITAL COUNTERFEITING Software piracy ( the unauthorized copying of a computer program) Piracy costs manufacturers billions of dollars each year, and some of these costs are passed on to law-abiding consumers. Various tools, such as holograms, and software activation procedures, can be used to prevent software piracy. Plymouth State University

Plymouth State University Counterfeiting Money Making fake copies of currency and other resources are illegal in the United States. The government has various methods in place to prevent digital counterfeiting of currency, such as using features like security threads and watermarks. Plymouth State University

Intellectual Property Software Copyright Publisher owns software User is granted a license to use it No copies to be made Used on one computer Not recognized by all countries Software Piracy

How is computer software protected by law? Computer software is protected by copyright law and international copyright treaties as well as other intellectual property laws and treaties. Copyright law and other intellectual property laws in many countries protect the rights of a software owner by granting to the owner a number of exclusive rights, including the right to reproduce or "copy" the software..

Software Piracy Illegal copying of Software Illegal Distribution of Software Illegal Use of Software

Why should I be concerned about Software Piracy? Software piracy harms all software companies and ultimately you, the end user. Piracy results in higher prices for duly licensed users, reduced levels of support, and delays in the funding and development of new products, causing the overall selection and quality of software to suffer.

Plymouth State College Privacy Privacy – the right to not reveal information Most Web sites specify their privacy policy Cookies Plymouth State College

Plymouth State University DATABASES Information in marketing databases is frequently sold to companies and other organizations Information in some government data-bases is available to the public. Some public information can be retrieved from databases via the Web. Plymouth State University

Plymouth State University Electronic Profiling Electronic profiling is the collection of diverse information about an individual. Consider whether or not the Web site is requesting too much personal information, Only provide the required data. Do not provide personal details in chat rooms and personal Web sites. Plymouth State University

Data Gathering Combining data from many sources Procedure Data sources Data fusion & cleansing

Data Storage

Plymouth State University Privacy Policies An organization’s privacy policy addresses how any personal information submitted to that company will be used. Before providing any personal information via a Web page, it is a good idea to review the Web site’s privacy policy to see if the information will be shared with other organizations. Plymouth State University

Plymouth State University E-mail Address Protecting your E-mail address is one of the best ways to avoid spam. A throw-away E-mail address can be used for any activities that may result in spam Your permanent personal E-mail address can then be reserved for communications that should not result in spam. Plymouth State University

WHY BE CONCERNED ABOUT INFORMATION PRIVACY? Privacy issues affect the lives of everyone. Information privacy refers to the rights of individuals and companies to control how information about them is collected and used. Privacy of Web site activities and E-mail messages High number of security breaches on systems that contain personal information. Plymouth State University

Disposing of Old Hardware Individuals and businesses should be cautious when disposing of old hardware, such as hard drives and CDs, that contain sensitive data. Minimally, hard drives to be reused should be wiped clean CDs, DVDs, and other media to be disposed of should be shredded. Many copying machines contain copies of scanned documents on an internal hard drive. Plymouth State University

ELECTRONIC SURVEILLANCE AND MONITORING Computer monitoring software that can record an individual’s computer use Video surveillance in public locations. Monitoring telephone calls Individual’s location using a smart ID card customers safe. For the highest level of privacy while at the workplace, employees should perform only work-related activities on the job. Plymouth State University

COMPUTER SECURITY AND PRIVACY LEGISLATION Legislating these issues is difficult due to ongoing changes in technology, jurisdictional issues, and varying opinions. Some legislation related to computer security has been enacted; new legislation is being considered on a regular basis. Do-not-call list Plymouth State University

Inaccurate Digital Data Photographs may not be authentic Photographs may be deliberately misleading 1994 Time magazine photo of O.J. Simpson was digitally darkened to make him appear sinister Could this have biased potential jury members? Dirty data – mistaken identity Identity theft 11/2/00 Plymouth State University

Plymouth State University Ethics Privacy Security Social Security Number Credit Card Numbers Misuse of data Identity Theft Plymouth State University

Plymouth State University Exam in Two Weeks Chapters 3, 4, 5, 6 Lectures from Weeks 6, 7, 8, 9 Plymouth State University