Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 1- Introduction 1.1 The Birth of Computer Security § Data Security requirements §The Network Criminal §Hackers §Hacker’s Prey §Employee Passwords.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 1- Introduction 1.1 The Birth of Computer Security § Data Security requirements §The Network Criminal §Hackers §Hacker’s Prey §Employee Passwords."— Presentation transcript:

1

2 Chapter 1- Introduction

3 1.1 The Birth of Computer Security § Data Security requirements §The Network Criminal §Hackers §Hacker’s Prey §Employee Passwords

4 1.1.1 Data Security Decentralized networks lend data vulnerable to intentional destruction, alteration, theft, and espionage.

5 1.1.2 The Network Criminal The people who attack the vulnerability of data systems possess significant computer expertise and/or have access to sensitive data.

6 1.1.3 Hackers Most computer system intruders are not teenagers. Instead, most hackers are competitors who are stealing proprietary or sensitive government information.

7 1.1.4 Hackers’ Prey Hackers begin by persuading unsuspecting people to give away their passwords over the phone. Employees should be alerted to such scams.

8 1.1.5 Employee Passwords Employees use passwords to work on computer systems. Employers expect these passwords to be kept secret from others.

9 1.2 Ways to Secure Employee Secrets §Avoid common name §mix-n-match characters §store passwords wisely §change password often §avoid hackers scams

10 1.2.1 Avoid Common Names Common names associated with you are naturally easy for you to remember, but they are easily cracked.

11 1.2.2 Mix-n-Match Characters Make your password a mix of: §letters and numbers §upper and lower case §alphabetic and non- alphabetic characters not2hard JUST4u Han$on

12 1.2.3 Store Passwords Wisely Keep your password in your head or in a safe, not in an obvious location.

13 1.2.4 Change Password Often Changing your password should become a habit so that you lessen the chance of it becoming known to intruders.

14 1.2.5 Avoid Hacker Scams In these scams, the hacker poses as a person to whom you can confide your password. Regardless of the ruse, the wise user will not give their password to anyone.

15 1.3 Ways to Threaten Computer Security §Computer Crime §Credit Card Fraud §Data Communication Fraud §Unauthorized Access §Unlawful copying

16 Computer Crime Computer crime includes: §Credit card fraud §Data communications fraud §Unauthorized access §Unlawful copying

17 Credit Card Fraud Credit card customer numbers pass between public and private networks. Sometimes these numbers are captured by computer criminals and used to commit fraud.

18 Data Communications Fraud This form of fraud involves the interception of network passwords or packets of data passing through networks.

19 Unauthorized Access Hackers try to gain access to confidential employee records, company trade secrets and product pricing structures, and much more.

20 Unlawful Copying This category of computer crime results in major losses for computer vendors.

21 1.4 Compromising Security §Without realizing it, employers and employees can compromise the security of their computer system. §Twelve examples are shown as follows:

22 1.4.1 A Disgruntled or Militant Employee Could… §Sabotage equipment or programs §Hold data or programs hostage

23 1.4.2 A Competitor Could… §Sabotage operations §Engage in espionage §Steal data or programs §Photograph records, documentation, or CRT screen displays

24 1.4.3. A Data Control Worker Could… §Insert data §Delete data §Bypass controls §Sell Information

25 1.4.4. A Clerk/Supervisor Could… §Forge or falsify data §Embezzle funds §Engage in collusion with people inside or outside the company

26 1.4.5. A System User Could… §Sell data to competitors §Obtain unauthorized information

27 1.4.6. An Operator Could… §Copy files §Destroy files

28 1.4.7. A User Requesting Reports Could… §Sell information to competitors §Receive unauthorized information

29 1.4.8. An Engineer Could… §Install “bugs” §Sabotage the system §Access security information

30 1.4.9. A Data Conversion Worker Could §Change codes §Insert data §Delete data

31 1.4.10. A Programmer Could… §Steal programs or data §Embezzle via programming §Bypass controls

32 1.4.11. A Report Distribution Worker Could… §Examine confidential reports §Keep duplicates of reports

33 1.4.12. A Trash Collector Could… §Sell reports or duplicates to competitors

34 1.5 Ways To Prevent Computer Crimes §Detecting §Prosecuting §Security §Authorised Access

35 Detecting Computer Crime Most cases are discovered by accident—by actions having nothing to do with computers. The Computer Fraud and Abuse Act of 1986 has improved awareness of computer- related crimes in USA In Hong Kong, all under Criminal Acts - theft

36 Prosecuting Computer Crime Eighty-five percent of detected computer crime is not reported. Prosecution is further hampered by law enforcement officers, attorneys, and judges who do not fully understand the nature of the violation.

37 Security A system of safeguards is needed to protect a computer system and data from deliberant or accidental damage or access by unauthorized persons.

38 Authorized Access To assure that only the right person is accessing the right computer system, various means have been developed based on: What you do What you do What you are What you are What you have What you have What you know What you know

39 What You Have This means of authentication is based on your having a physical thing. It might be a key, badge, token, or plastic card.

40 What You Know Many systems verify authorized access based on what you know. This might be a password, identification number, or the correct combination of numbers on locks.

41 What You Do This mode of authorized access is based on something you do that is unique such as your signature.

42 What You Are This security system uses biometrics—the science of measuring individual body characteristics. Fingerprints, retinal scans, and hand characteristics are examples of what you are.

43 1.6 Compromised Systems When a computer system has been compromised by a natural or man-made disaster, the resulting problems might include: §Loss of hardware §Loss of software §Loss of data

44 1.6.1 Recovery From Loss of Hardware There are various approaches to restoring computer processing operations: §revert to manual services. §temporarily use a service bureau. §mutual aid from another company. §pre-planned consortium facilities.

45 1.6.2 Recovery From Loss of Software Software security has been an industry concern for years. At risk here is who owns custom-made software.

46 Custom Software Ownership Ownership depends on the programmer’s affiliation with the company whose software has been compromised.

47 Company Ownership of Software If the programmer was employed by the company for whom the software was written, then the company owns the software.

48 Programmer Ownership of Custom Software If the programmer was hired as a consultant, then ownership should have been addressed in the contract between the company and the programmer.

49 1.6.3 Recovery From Loss of Data To prevent theft or alteration of data, security techniques can include: Passwords Passwords Built-in software protection Built-in software protection Backup systems Backup systems Secured waste Secured waste Internal controls Internal controls Auditor checks Auditor checks Applicant screening Applicant screening

50 Secured Waste Discarded printouts, printer ribbons, and the like can be sources of data leaks to unauthorized persons. Paper shredders and locked trash barrels can secure these waste products.

51 Internal Controls These are controls that are planned as part of the computer system. The transaction log is an example. This log records all successful or failed attempts to access certain data.

52 Auditor Checks Auditors not only go over the financial books of a company, but also review computer programs and data. Discrepancies are noted and investigated.

53 Applicant Screening The people who will be working with the computer system should be honest employees. Verifying an applicant’s résumé can weed out dishonest employees before they are hired.

54 Passwords A password is a secret word, number, or combination of the two. It should not be divulged nor should it be so simple as to be easily cracked.

55 Built-in Software Protection Software can be built into operating systems in ways to restrict access to computer systems. This kind of protection matches an authorized user with only the data that user should access.

56 Backup Systems Backing up files on a regular basis is a wise precaution—not only for big business, but for the consumer as well.

57 1.7 Pest Programs §Not all programmers write useful or beneficial programs. §Some programmers write pest programs that can destroy data, or in the least, disrupt computer systems.

58 1.7.1 Why Write Pest Programs? §Pest programs are written to show off programming prowess, revenge, sabotage, intellectual curiosity, or a desire for notoriety. §Pest programs include worms and viruses.

59 Computer Worms A worm is a program that transfers itself from computer to computer over a network. At target computers, the worm creates a separate file for itself.

60 Computer Virus A computer virus is a set of illicit instructions that gets passed on to other programs or documents with which it comes in contact. Viruses can change or delete files, display words, or produce bizarre screen effects.

61 1.7.2 Transmission of Viruses Viruses can be passed on via: §diskettes §a LAN §e-mail attachments §a WAN, including the Internet

62 1.7.3 Virus Vaccines Since viruses are programs written by programmers, it takes another programmer to detect and remove the virus. These anti-virus programs are called vaccines.

63 1.8 Your Personal Data FACT: Computer data about you is bought, sold, and traded every day. FACT: More often than not, the exchange of data about you occurs without your knowledge.

64 Your Personal Privacy The front line of defense in protecting your personal privacy begins with you. All those forms, surveys, credit card transactions, etc. generate a vast amount of data about you.

65 1.9 Network Security One or more of the following may be needed to keep data within a network secure: §Firewalls §Encryption §Surveillance software §Anonymity

66 Firewalls This is a simple method to prevent unauthorized access of a network from the outside.

67 Encryption Encryption is scrambling data into secret codes by using elaborate mathematical functions. Intercepting scrambled data is of no use to computer criminals. hiding data4T*v@5 [8fW

68 Surveillance Software In addition to firewalls and encryption methods, employers might use software that monitors the activity of their workers.

69 Anonymity Network security can also include keeping the e-mail address identity of employees anonymous. This measure reduces junk e-mailings and protects the employee’s identity.

70 1.10 Conclusion §Security and privacy are important issues in the Information Age. §The computer industry as well as private citizens share responsibility in addressing these issues.

71 Reference: Chapter 8 H.L. Capron

Download ppt "Chapter 1- Introduction 1.1 The Birth of Computer Security § Data Security requirements §The Network Criminal §Hackers §Hacker’s Prey §Employee Passwords."

Similar presentations

Chapter 1 - 1 ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.

Chapter ADCS CS262/0898/V1 Chapter 1 An Introduction To Computer Security TOPICS Introduction Threats to Computer Systems –Threats, Vulnerabilities.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
Welcome to CMPE003 Personal Computers: Hardware and Software Dr. Chane Fullmer Fall 2002 UC Santa Cruz.

Welcome to CMPE003 Personal Computers: Hardware and Software Dr. Chane Fullmer Fall 2002 UC Santa Cruz.
Chapter 9 Information Systems Ethics, Computer Crime, and Security.

Chapter 9 Information Systems Ethics, Computer Crime, and Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.

Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.
Computer Security and Risks 11.  2001 Prentice Hall11.2 Chapter Outline On-line Outlaws: Computer Crime Computer Security: Reducing Risks Security, Privacy,

Computer Security and Risks 11.  2001 Prentice Hall11.2 Chapter Outline On-line Outlaws: Computer Crime Computer Security: Reducing Risks Security, Privacy,
Prepared by: Nahed Al-Salah

Prepared by: Nahed Al-Salah
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
1Copyright © Prentice Hall 2000 Security and Privacy Chapter 10 Computers and the Internet.

1Copyright © Prentice Hall 2000 Security and Privacy Chapter 10 Computers and the Internet.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Chapter 9 Information Systems Ethics, Computer Crime, and Security

Chapter 9 Information Systems Ethics, Computer Crime, and Security
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Similar presentations

Ads by Google