1J. M. Kizza - Ethical And Social Issues Module 13: Ethical, Privacy, and Security Issues in the Online Social Network Ecosystems Introduction Introduction.

Slides:

Advertisements

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Advertisements

Computer Security Computer Security is defined as:

Lecture 1: Overview modified from slides of Lawrie Brown.

EEC 688/788 Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Fundamentals of Computer Security Geetika Sharma Fall 2008.

Chapter 1 – Introduction

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

IS Network and Telecommunications Risks

1 An Overview of Computer Security computer security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Department Of Computer Engineering

NETWORKING COMPONENTS Zach Avis. Hub A hub is a low cost way to connect two computers. A hub can also act as a repeater. When a signal comes from one.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Chapter 10: Authentication Guide to Computer Network Security.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.

NW Security and Firewalls Network Security

Shared success Outline What is network security? Why do we need security? Who is vulnerable? Common security attacks and countermeasures. How to secure.

ISEC0511 Programming for Information System Security

Cryptography and Network Security

What is FORENSICS? Why do we need Network Forensics?

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Communications and Networks Chapter 8. 2 Introduction We live in a truly connected society. Increased connectivity potentially means increased productivity,

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Software Security Testing Vinay Srinivasan cell:

Chapter 8 Technology and Auditing Systems: Hardware and Software Defenses.

Today’s Lecture Covers < Chapter 6 - IS Security

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Protecting Students on the School Computer Network Enfield High School.

Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.

Network security Network security. Look at the surroundings before you leap.

1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Information Security What is Information Security?

Enforcing Cyber security in Mobile Applications – Public Sector Use Case SAPHINA MCHOME, VIOLA RUKIZA TANZANIA REVENUE AUTHORITY INFORMATION AND COMMUNICATION.

Educational Computing David Goldschmidt, Ph.D. Computer Science The College of Saint Rose CIS 204 Spring 2009.

Data Communications and Networks Chapter 10 – Network Hardware and Software ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Components of wireless LAN & Its connection to the Internet

Module 11: Designing Security for Network Perimeters.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

NETWORKING COMPONENTS BY: TRAVIS MARSHALL. HUBS A hub is a device within a network that has multiple Ethernet ports that devices can plug into. The hub.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.

Module 2: Designing Network Security

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

Networking Components

E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.

ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Keimyung University 1 Network Control Hong Taek Ju College of Information and Communication Keimyung University Tel:

Pertemuan 9 Cyberspace & Cyber ethics – Social Network MK Etika Profesi.

Advanced System Security Dr. Wayne Summers Department of Computer Science Columbus State University

Introduction to Information Security Module 1. Objectives Definitions of information technology and information security Fundamental Security Concepts.

By: Brett Belin. Used to be only tackled by highly trained professionals As the internet grew, more and more people became familiar with securing a network.

Intro to MIS – MGS351 Network Basics

Secure Software Confidentiality Integrity Data Security Authentication

INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.

Security in Networking

IS4550 Security Policies and Implementation

Home Internet Vulnerabilities

IS4680 Security Auditing for Compliance

Security in SDR & cognitive radio

Mohammad Alauthman Computer Security Mohammad Alauthman

Presentation transcript:

1J. M. Kizza - Ethical And Social Issues Module 13: Ethical, Privacy, and Security Issues in the Online Social Network Ecosystems Introduction Introduction Introduction to Computer Networks Introduction to Computer Networks Social Networks Social Networks Online Social Networks(OSNs) Online Social Networks(OSNs) Ethical and Privacy Issues in Online Social Networks Ethical and Privacy Issues in Online Social Networks Security and Crimes in Online Social Networks Security and Crimes in Online Social Networks Proven Security Protocols and Best Practices in Online Social Networks Proven Security Protocols and Best Practices in Online Social Networks

2J. M. Kizza - Ethical And Social Issues Introduction to Computer Networks A computer network is a distributed system consisting of loosely coupled computing elements and other devices A computer network is a distributed system consisting of loosely coupled computing elements and other devices communicate through a wired or wireless medium. communicate through a wired or wireless medium. Communication is based on a set of communicating rules called protocols. Communication is based on a set of communicating rules called protocols. The hardware components of a computer network consist of a collection of nodes that include: The hardware components of a computer network consist of a collection of nodes that include: Hosts – as end systems, Hosts – as end systems, intermediate switching elements like hubs, bridges, routers, and gateways. intermediate switching elements like hubs, bridges, routers, and gateways.

3J. M. Kizza - Ethical And Social Issues Two common network configuration models - the centralized and distributed Two common network configuration models - the centralized and distributed Computer networks- centralized or distributed, come in different sizes depending on the number of computers and other devices the network has. Computer networks- centralized or distributed, come in different sizes depending on the number of computers and other devices the network has. The number of devices, computers or otherwise, in a network and the geographical area covered by the network determine the network type: The number of devices, computers or otherwise, in a network and the geographical area covered by the network determine the network type: Local Area Network (LAN) Local Area Network (LAN) Wide Area Networks (WANs) Wide Area Networks (WANs) Metropolitan Area Networks (MANs) Metropolitan Area Networks (MANs)

4J. M. Kizza - Ethical And Social Issues Online Crimes An online crime is a crime like any other crime, except it involves a connected computing system either as an object of a crime, an instrument used to commit a crime or a repository of evidence related to a crime. An online crime is a crime like any other crime, except it involves a connected computing system either as an object of a crime, an instrument used to commit a crime or a repository of evidence related to a crime. The International Convention of Cyber Crimes and the European Convention on Cyber Crimes both list the following crimes as online crime [1]: The International Convention of Cyber Crimes and the European Convention on Cyber Crimes both list the following crimes as online crime [1]: Unlawful access to information Unlawful access to information Illegal interception of information Illegal interception of information Unlawful use of telecommunication equipment. Unlawful use of telecommunication equipment. Forgery with use of computer measures Forgery with use of computer measures Intrusions of the Public Switched and Packet Network Intrusions of the Public Switched and Packet Network Network integrity violations Network integrity violations Privacy violations Privacy violations Industrial espionage Industrial espionage Pirated computer software Pirated computer software Fraud using a computing system Fraud using a computing system Internet/ abuse Internet/ abuse Using computers or computer technology to commit murder, terrorism, pornography, and hacking. Using computers or computer technology to commit murder, terrorism, pornography, and hacking.

5J. M. Kizza - Ethical And Social Issues Ways to Perpetuate Online Crimes System penetration - a process of gaining unauthorized access to a protected system’s resources, the system may be automated or not. System penetration - a process of gaining unauthorized access to a protected system’s resources, the system may be automated or not. Distributed Denial of Service (DDoS) - an interruption of service of the target system – when it is made either unavailable to users through disabling or destruction of it. Distributed Denial of Service (DDoS) - an interruption of service of the target system – when it is made either unavailable to users through disabling or destruction of it. Category include: Category include: IP-spoofing IP-spoofing SYN-Flooding: SYN-Flooding: Smurf attack Smurf attack Buffer Overflow Buffer Overflow Ping of Death Ping of Death Land.c attack Land.c attack Teardrop.c Teardrop.c Sequence Number Sniffing Sequence Number Sniffing

6J. M. Kizza - Ethical And Social Issues Defense Against Online Crimes Prevention – one of the oldest and probably the best defence mechanism against online crimes. Must include the following: Prevention – one of the oldest and probably the best defence mechanism against online crimes. Must include the following: A security policy A security policy Risk management Risk management Vulnerability assessment Vulnerability assessment Use of strong cryptographic algorithms Use of strong cryptographic algorithms Penetration testing Penetration testing Regular audits Regular audits Use of proven security protocols Use of proven security protocols Legislation Legislation Self-regulation Self-regulation Mass education Mass education

7J. M. Kizza - Ethical And Social Issues Proven Security Protocols and Best Practices There are hundreds of security protocols and best practices in use today There are hundreds of security protocols and best practices in use today The problem for security professional is to find the best The problem for security professional is to find the best Major categories are: Major categories are:

8J. M. Kizza - Ethical And Social Issues Authentication - a process of validating the identity of someone or something. Authentication - a process of validating the identity of someone or something. uses information provided to the authenticator to determine whether someone or something is in fact who or what it is declared to be. uses information provided to the authenticator to determine whether someone or something is in fact who or what it is declared to be. requires one to present credentials or items of value to the authenticating agent in order to prove the claim of who one really is. requires one to present credentials or items of value to the authenticating agent in order to prove the claim of who one really is. items of value or credential are based on: something you know, something you have, or something you are: items of value or credential are based on: something you know, something you have, or something you are: Something you know: may be something you mentally possess like a password, a secret word known by the user and the authenticator. This technique of authentication is cheap but has weaknesses like memory lapses. Something you know: may be something you mentally possess like a password, a secret word known by the user and the authenticator. This technique of authentication is cheap but has weaknesses like memory lapses.

9J. M. Kizza - Ethical And Social Issues Something you have:, may be any form of issued or acquired self identification such as SecurID, Activcard, or any other forms of cards and tags. This authentication technique is slightly safer. Something you have:, may be any form of issued or acquired self identification such as SecurID, Activcard, or any other forms of cards and tags. This authentication technique is slightly safer. Something you are: These are individual physical characteristic such as voice, fingerprint, iris pattern and other biometrics. Biometric authentication as we are going to see in Chapter 14 are the safest form of authentication. Something you are: These are individual physical characteristic such as voice, fingerprint, iris pattern and other biometrics. Biometric authentication as we are going to see in Chapter 14 are the safest form of authentication. Authentication methods include: Authentication methods include: password password public-key public-key anonymous anonymous certificate-based certificate-based

10J. M. Kizza - Ethical And Social Issues Access Control - a process of determining how access to the system’s potential resources can be provided to each of the system users. Access Control - a process of determining how access to the system’s potential resources can be provided to each of the system users. Several control techniques and technologies have been developed to deal with this problem; they include: Access Control Matrix, Capability Tables, Access Control Lists, Role-Based Access Control, Rule-Based Access Control, Restricted Interfaces, Content-Dependent Access Control and biometrics. Several control techniques and technologies have been developed to deal with this problem; they include: Access Control Matrix, Capability Tables, Access Control Lists, Role-Based Access Control, Rule-Based Access Control, Restricted Interfaces, Content-Dependent Access Control and biometrics. Legislation - process of enacting laws intended to curb the growth of these crimes. Legislation - process of enacting laws intended to curb the growth of these crimes. Sometimes enforceable laws can be productive. Sometimes enforceable laws can be productive. Self-regulation - individuals finding ways to regulate objectionable material from reaching the children. This has become the cornerstone of efforts to stop the growing rate of online crimes. Self-regulation - individuals finding ways to regulate objectionable material from reaching the children. This has become the cornerstone of efforts to stop the growing rate of online crimes.

11J. M. Kizza - Ethical And Social Issues Detection - mechanisms for preventing online crimes through 24-hour monitoring systems that continuously capture, analyze, and report on the daily happenings in and around the network. Detection - mechanisms for preventing online crimes through 24-hour monitoring systems that continuously capture, analyze, and report on the daily happenings in and around the network. Recovery - a process that consists of two sub processes: Recovery - a process that consists of two sub processes: Analysis involving taking as much data as possible gathered during the last intrusion and analysing it for patterns that can be used in future for a response, for detection in future, and for prevention. Analysis involving taking as much data as possible gathered during the last intrusion and analysing it for patterns that can be used in future for a response, for detection in future, and for prevention. Recovery requiring the use of all available resources to mitigate the problem in progress, recover whatever can be recovered and build new data in place of or to replace the destroyed data. Recovery requiring the use of all available resources to mitigate the problem in progress, recover whatever can be recovered and build new data in place of or to replace the destroyed data.