1 Copyright © 2003 Prentice Hall, IncSlides created by Bob Koziel

Copyright © 2003 Prentice Hall, Inc 2 Chapter 11 Computer Crime and Security COMPUTERS IN YOUR FUTURE 2004 COMPUTERS IN YOUR FUTURE 2004 by Bryan Pfaffenberger and Bill Daley Chapter 11 Computer Crime and Security What You Will Learn NEXT SLIDE How attackers and intruders gain entry into computer systems to harm or destroy data Ways you can help system administrators keep computer systems safe from unauthorized users and viruses People who are most likely to attack or harm computer systems and their motives Types of losses caused by computer system intrusions and attacks The tools and techniques used to defend computer systems against intruders and attackers

Copyright © 2003 Prentice Hall, Inc 3 NEXT SLIDE Scope of the Problem Computer security risk– Any event, action, or situation that leads to the loss of computer systems or data. Computer crime– Actions that violate state or Federal laws. Cybercrime– Crimes carried out over the Internet.

Copyright © 2003 Prentice Hall, Inc 4 NEXT SLIDE Computer Crime and Cybercrime Computer crimes occur when intruders gain unauthorized access to computer systems. Techniques used to gain access are:  Password guessing  Shoulder surfing  Packet sniffing  Dumpster diving  Social engineering  Superuser status  SATAN Techniques used by insiders are:  Salami shaving  Data diddling

Copyright © 2003 Prentice Hall, Inc 5 NEXT SLIDE Computer Viruses Computer viruses are malicious programs that infect a computer system causing various problems with its use. They replicate and attach themselves to programs in the system. There are more than 20,000 different computer viruses.

Copyright © 2003 Prentice Hall, Inc 6 NEXT SLIDE How Virus Infections Spread Virus Infections spread by: Inserting a disk with an infected program and then starting the program. Downloading an infected program from the Internet. Being on a network with an infected computer. Opening an infected attachment.

Copyright © 2003 Prentice Hall, Inc 7 NEXT SLIDE Types of Viruses File Infectors Attach themselves to program files. Spread to other programs on the hard drive. Are the most common type of virus. Boot Sector Viruses Attach themselves to the boot sector of a hard drive. Execute each time the computer is started. May lead to the destruction of all data. Macro Viruses Infect the automatic command capabilities of productivity software. Attach themselves to the data files in word processing, spreadsheet, and database programs. Spread when the data files are exchanged between users.

Copyright © 2003 Prentice Hall, Inc 8 NEXT SLIDE More Rogue Programs Time Bombs Are also called logic bombs. Are harmless until a certain event or circumstance activates the program. Worms Resemble a virus. Spread from one computer to another. Control infected computers. Attack other networked computers. Trojan Horses Disguise themselves as useful programs. Contain hidden instructions. May erase data or cause other damage.

Copyright © 2003 Prentice Hall, Inc 9 NEXT SLIDE Meet the Attackers Hackers Are computer hobbyists. Try to find weaknesses and loopholes in computer systems. Are rarely destructive. Adhere to the hacker’s code of ethics. Cyber Gangs Bring crackers together by way of the Internet and meetings. Crackers Are also called black hats. Are obsessed with entering secure computer systems. Are rarely destructive. Leave calling cards on the systems they enter. Virus Authors Are usually teenage males. Want to push the boundaries of antivirus software. Can create viruses that are very damaging.

Copyright © 2003 Prentice Hall, Inc 10 NEXT SLIDE More Attackers Disgruntled Employees Sabotage their company’s computer system. Create security holes called trap doors. Can divulge trade secrets or destroy data. Swindlers Use the Internet to scam money from people. Use , chat rooms, and Web sites to scam the public. Use scams like rip and tear, pumping and dumping and bogus goods. Spies Participate in corporate espionage. Are hackers or former employees. Are involved in industrial espionage in 125 countries. Shills Use Internet auctions. Are secret operatives who bid on a seller’s item to drive up the bid.

Copyright © 2003 Prentice Hall, Inc 11 NEXT SLIDE Cyberstalkers and Sexual Predators Cyberstalking is the newest and fastest growing crime. Cyberstalkers and sexual predators use the Internet and other electronic media to harass and threaten people. Most perpetrators are men. Most victims are women. Children are at risk from online sexual predators.

Copyright © 2003 Prentice Hall, Inc 12 Information Warfare Information warfare is the use of information technologies to corrupt or destroy an enemy's information and industrial infrastructure. An enemy attack would include:  Electronic warfare  Network warfare  Structural sabotage Information terrorism is a mounting threat. NEXT SLIDE

Copyright © 2003 Prentice Hall, Inc 13 NEXT SLIDE Cost of Computer Crime A. Staff time– The computer staff stops everything and focuses on the problem. B. Downtime– The system is shutdown until it’s safe to operate again. C. Replacing equipment– The company pays when computers and parts are missing due to theft. D. Adverse publicity– Crimes go unreported because of the fear of publicity of the loss. E. Loss of privacy– Sensitive personal information can end up in the hands of criminals. F. Risk to public safety– Many government agencies rely on computers to maintain public safety. G. Denial of service– Internet service becomes overloaded and doesn’t function.

Copyright © 2003 Prentice Hall, Inc 14 NEXT SLIDE Protecting Computers from Power-Related Problems To protect a computer from power-related problems you should: Use programs that have an auto save/auto recovery function. Equip the system with an uninterruptible power supply, a battery-powered device that automatically turns on when the power is interrupted.

Copyright © 2003 Prentice Hall, Inc 15 NEXT SLIDE Controlling Access To control access to a computer: Choose authentication passwords that have at least eight letters, mix upper and lower case letters, and include numbers. Use callback systems that grant or deny access to the computer based on the information a caller gives. Use “know & have” authentication where users have various ways of accessing a system.  Tokens– Electronic devices that generate a logon code.  Digital certificates– Resemble computer ID cards.  Smartcards– Credit card-sized devices with internal memory.  Biometric authentication– Voice recognition, retinal scans, thumbprints, and facial recognition.

Copyright © 2003 Prentice Hall, Inc 16 NEXT SLIDE Personal Firewalls Personal Firewalls are programs that are designed to prohibit outside sources from accessing the computer system. A personal firewall is designed to protect home computers from unauthorized access while being connected to the Internet.

Copyright © 2003 Prentice Hall, Inc 17 NEXT SLIDE Using Encryption Encryption programs make information unreadable if it is stolen. For online shopping, update your Web browser to use 128-bit encryption.

Copyright © 2003 Prentice Hall, Inc 18 NEXT SLIDE Using Antivirus Programs Antivirus programs are called vaccines or virus checkers. They use pattern-matching techniques to examine program files for patterns of virus code. Two drawbacks:  They cannot find viruses not in their database.  They cannot find new viruses that alter themselves to evade detection. Use antivirus programs that offer frequent updates and monitor system functions. Check disks that were used on another system for viruses.

Copyright © 2003 Prentice Hall, Inc 19 NEXT SLIDE Backing Up Data Back up programs and data regularly. Store backups away from the computer system. Types of backups:  Full backups– Back up everything stored on the computer once a month.  Incremental backups– Back up only those files that have changed since the last back up. Back up daily or weekly. Disaster recovery plan– Large organizations should develop a detailed plan for emergencies.

Copyright © 2003 Prentice Hall, Inc 20 NEXT SLIDE Avoiding Scams Only conduct business with established companies. Read the fine print. Don’t provide financial or personal information to anyone. Be skeptical about information received in chat rooms.

Copyright © 2003 Prentice Hall, Inc 21 NEXT SLIDE Preventing Cyberstalkers Don’t share personal information in chat rooms. Be extremely cautious about meeting anyone you’ve contacted online. Contact the police if a situation occurs that makes you feel afraid while online.

Copyright © 2003 Prentice Hall, Inc 22 NEXT SLIDE Chapter 11 Summary 1.Most unauthorized computer access goes undetected. 2.The Internet enables intruders to attack computer systems from anywhere in the world. 3.Computer viruses are not limited to program files. 4.Most computer crime is committed by disgruntled employees. 5.Companies suffer huge losses due to computer crime. 1.Most unauthorized computer access goes undetected. 2.The Internet enables intruders to attack computer systems from anywhere in the world. 3.Computer viruses are not limited to program files. 4.Most computer crime is committed by disgruntled employees. 5.Companies suffer huge losses due to computer crime.

Copyright © 2003 Prentice Hall, Inc 23 Chapter 11 Summary cont. 6.Computer systems need tighter authentication methods such as callback systems, smartcards, and biometric authentication. 7.To protect your data: A.Back up data regularly. B.Disable macro features. C.Run antivirus programs regularly. 6.Computer systems need tighter authentication methods such as callback systems, smartcards, and biometric authentication. 7.To protect your data: A.Back up data regularly. B.Disable macro features. C.Run antivirus programs regularly.

Copyright © 2003 Prentice Hall, Inc 24 THE END