Computer Crime & Security Hackers & Crackers & Worms! Oh my!!
What’s at Risk Personal Information Personal Information Intellectual Property Intellectual Property Business Information Business Information National Security National Security
Personal Information Identity Theft Identity Theft Contact the fraud departments of any one of the three consumer reporting companies Contact the fraud departments of any one of the three consumer reporting companies Close the accounts that you know or believe have been tampered with or opened fraudulently. Close the accounts that you know or believe have been tampered with or opened fraudulently. File a report with your local police or the police in the community where the identity theft took place File a report with your local police or the police in the community where the identity theft took place File your complaint with the FTC File your complaint with the FTC
Intellectual Property Copyright Copyright Protects words, music, and other expressions for life of copyright holder plus 70 years Protects words, music, and other expressions for life of copyright holder plus 70 years Trademark Trademark Protects unique symbol or words used by a business to identify a product or service Protects unique symbol or words used by a business to identify a product or service Trade Secret Trade Secret Protects secrets or proprietary information Protects secrets or proprietary information Patent Patent Protects an invention by giving the patent holder monopoly on invention for 20 years after patent application has been applied. Protects an invention by giving the patent holder monopoly on invention for 20 years after patent application has been applied.
Business Information Business Intelligence Business Intelligence Collecting & analyzing information in pursuit of the business advantage. Collecting & analyzing information in pursuit of the business advantage. Competitor Intelligence Competitor Intelligence Business intelligence about the competitor. Business intelligence about the competitor. Counter Intelligence Counter Intelligence Protecting your own information from access by a competitor. Protecting your own information from access by a competitor. Customers’ Information Customers’ Information
National Security Cyber terrorism Cyber terrorism Acts of terrorism over the Internet which intimidate or harm a population Acts of terrorism over the Internet which intimidate or harm a population United States Computer Emergency Readiness Team – US CERT United States Computer Emergency Readiness Team – US CERT National Strategy to Secure cyberspace National Strategy to Secure cyberspace Prevent cyberattacks on America’s critical infrastructures Prevent cyberattacks on America’s critical infrastructures Reduce national vulnerability to cyberattacks Reduce national vulnerability to cyberattacks Minimize damage and recovery time from cyberattacks Minimize damage and recovery time from cyberattacks
Current US Privacy Laws Consumer Internet Privacy Protection Act of 1997 Consumer Internet Privacy Protection Act of 1997 The Children’s Online Privacy Protection Act of 2000 The Children’s Online Privacy Protection Act of 2000 Information Protection & Security Act of 2005 Information Protection & Security Act of 2005 Notification of Risk of Personal Data Act 2003 Notification of Risk of Personal Data Act 2003
Current US Privacy Laws Identity Theft Protection Act of 2005 Identity Theft Protection Act of 2005 Health Insurance Portability & Accountability Act (HIPAA) of 1996 Health Insurance Portability & Accountability Act (HIPAA) of 1996 Sarbanes-Oxley Act (“Sarbox”) of 2002 Sarbanes-Oxley Act (“Sarbox”) of 2002 Gramm-Leach-Bliley Act (GBLA) of 1999 Gramm-Leach-Bliley Act (GBLA) of 1999
Source of Security Threats Software/Network Vulnerabilities Software/Network Vulnerabilities User Negligence & Theft User Negligence & Theft Pirates & Plagiarism Pirates & Plagiarism Hackers & Crackers Hackers & Crackers Internal Threats Internal Threats
Software/Network Vulnerabilities Security Holes Security Holes Vulnerability of a program or a system Vulnerability of a program or a system Data compromise Data compromise Unauthorized software installation Unauthorized software installation Software Patches Software Patches Fixes to the software Fixes to the software Announces the problem Announces the problem
User Negligence & Theft Data-entry errors Data-entry errors Errors in programs Errors in programs Improper set-up or installation Improper set-up or installation Mishandling of output Mishandling of output Inadequate planning for equipment malfunctions Inadequate planning for equipment malfunctions Inadequate planning for environment Inadequate planning for environment
Pirates & Plagiarism Piracy Piracy Illegal copying, use, and distribution of digital intellectual property Illegal copying, use, and distribution of digital intellectual property Warez - Commercial programs made available to the public illegally Warez - Commercial programs made available to the public illegally Plagiarism Plagiarism Taking credit for someone else’s inellectual property Taking credit for someone else’s inellectual property
Hackers & Crackers Hacker Hacker Slang term for computer enthusiast Slang term for computer enthusiast May be complementary or derogatory May be complementary or derogatory Goal is to gain knowledge Goal is to gain knowledge Cracker Cracker Someone who breaks into a computer system for malicious purposes Someone who breaks into a computer system for malicious purposes Computer Forensics Computer Forensics The application of scientifically proven methods to gather, process, interpret, and to use digital evidence to provide a conclusive description of cyber crime activities. The application of scientifically proven methods to gather, process, interpret, and to use digital evidence to provide a conclusive description of cyber crime activities.
Internal Threats Threat to System Health & Stability Threat to System Health & Stability Software Software Data Data Information Theft Information Theft Most information theft internal Most information theft internal Most not reported Most not reported Accidental unauthorized access Accidental unauthorized access
Types of Threats Networks Networks Wireless Networks Wireless Networks Internet Threats Internet Threats Malware Malware Scams, Hoaxes, Spam, & Fraud Scams, Hoaxes, Spam, & Fraud
Network Threats Users Users Permissions Permissions File Ownership File Ownership Software Software Data Data Unauthorized use of resources Unauthorized use of resources
Wireless Network Threats Signals are broadcast Signals are broadcast War driving War driving War walking War walking Piggybacking Piggybacking
Internet Threats Methods Methods Key-logging software Key-logging software Packet-sniffing software Packet-sniffing software Port-scanning software Port-scanning software Social engineering Social engineering Denial of Service Denial of Service Distributed Denial of Service Distributed Denial of Service
Internet Threats Purpose Purpose Hobby or challenge Hobby or challenge Vandalism Vandalism Gain a platform for an attack Gain a platform for an attack Steal information or services Steal information or services Spying Spying
Malware Viruses Viruses Worms Worms Trojan Horses Trojan Horses Spyware/Adware Spyware/Adware Zombies & Botnets Zombies & Botnets
Computer Viruses Self-replicating Self-replicating Self-executing Self-executing Delivers a payload Delivers a payload Attaches itself to an existing file Attaches itself to an existing file
Types of Viruses Boot Virus Boot Virus Direct Action Virus Direct Action Virus Directory Virus Directory Virus Encrypted Virus Encrypted Virus File Virus File Virus Logic Bomb Logic Bomb Macro Virus Macro Virus
Types of Viruses Multipartite Virus Multipartite Virus Overwrite Virus Overwrite Virus Polymorphic Virus Polymorphic Virus Resident Virus Resident Virus Time Bomb Time Bomb Stealth Virus Stealth Virus
Worms Operate on a computer network Operate on a computer network Uses network to send copies of itself Uses network to send copies of itself Does not attach itself to an existing file Does not attach itself to an existing file Exploits network security flaws Exploits network security flaws
Types of Worms Worms Worms Instant Messaging Worms Instant Messaging Worms IRC Worms IRC Worms File-sharing Networks Worms File-sharing Networks Worms Internet Worms Internet Worms
Trojan Horse Disguised as non-harmful software Disguised as non-harmful software Non-self replicating Non-self replicating Types of Trojan Horses Types of Trojan Horses Legitimate program corrupted by malicious code insertion Legitimate program corrupted by malicious code insertion Stand alone program masquerading as something else, i.e. a game or image file Stand alone program masquerading as something else, i.e. a game or image file
Spyware & Adware Spyware Spyware Collects information Collects information Sends information over the Internet Sends information over the Internet Can take control of computer Can take control of computer Adware Adware Automatically pops-up with advertising material Automatically pops-up with advertising material
Zombies & Botnets Zombie Zombie Compromised computer attached to the Internet Compromised computer attached to the Internet Performs malicious behavior under remote control Performs malicious behavior under remote control May be used for Ddos or Spam May be used for Ddos or Spam Botnet Botnet Collection of robot computers running autonomously Collection of robot computers running autonomously
Phishing, Spam, & Hoaxes Phishing & Pharming Phishing & Pharming Spam Spam Hoaxes & Urban Legends Hoaxes & Urban Legends
Securing Systems Passwords Passwords Firewalls Firewalls ID Devices & Biometrics ID Devices & Biometrics Data Encryption Data Encryption Systems Maintenance Systems Maintenance Wireless Security Wireless Security
Passwords Secret authentication Secret authentication Control access Control access Short enough to be memorized Short enough to be memorized Good Passwords Good Passwords Do use a password with mixed-case alphabetic characters. Do use a password with mixed-case alphabetic characters. Do use a password with nonalphabetic characters. Do use a password with nonalphabetic characters. Do use a password that is easy to remember. Do use a password that is easy to remember. Do use a password that you can type quickly. Do use a password that you can type quickly.
Firewalls Hardware or Software Hardware or Software Port Protection Port Protection Packet Filter Packet Filter Network Layer Network Layer Application Layer Application Layer Proxy Server Proxy Server
ID Devices & Biometrics ID Devices ID Devices Hardware for authentication Hardware for authentication Biometrics Biometrics Measure of unique physical characteristic for authentication Measure of unique physical characteristic for authentication
Data Encryption Obscuring Information Obscuring Information Cipher Cipher Encryption Software Encryption Software
Systems Maintenance Anti-virus software Anti-virus software Back-up system and data Back-up system and data Software updates Software updates Delete temporary files Delete temporary files
Wireless Security Disable SSID Disable SSID Passwords Passwords Discrimination Discrimination Data Encryption Data Encryption