Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Ethics for the Information Age Fourth Edition by Michael J. Quinn Chapter.

Published byJade Teresa Skinner Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Ethics for the Information Age Fourth Edition by Michael J. Quinn Chapter."— Presentation transcript:

1 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Ethics for the Information Age Fourth Edition by Michael J. Quinn Chapter 6: Computer and Network Security

2 1-2 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-2 Chapter Overview Introduction Viruses, worms, and Trojan horses Phreaks and hackers Denial-of-service attacks Online voting

3 1-3 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-3 6.1 Introduction Computers getting faster and less expensive Utility of computers increasing –Email –Web surfing –Shopping –Managing personal information Increasing use of computers  growing importance of computer security

4 1-4 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6.2 Viruses, Worms, and Trojan Horses 1-4

5 1-5 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-5 Viruses Virus: piece of self-replicating code embedded within another program (host) Viruses associated with program files –Hard disks, floppy disks, CD-ROMS –Email attachments How viruses spread –Diskettes or CDs –Email –Files downloaded from Internet

6 1-6 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley How a Virus Replicates 1-6

7 1-7 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Email Attachment with Possible Virus 1-7

8 1-8 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley How an Email Virus Spreads 1-8

9 1-9 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-9 History of Viruses Well-known viruses –Brain –Michelangelo –Melissa –Love Bug Viruses today –Good news: Commercial antivirus software –Bad news: Few people keep up-to-date

10 1-10 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-10 Worms Worm –Self-contained program –Spreads through a computer network –Exploits security holes in networked computers Famous worms –WANK –Code Red –Sapphire (Slammer) –Blaster –Sasser

11 1-11 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley How a Worm Spreads 1-11

12 1-12 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Three Kinds of Buffer Overflow Attack 1-12

13 1-13 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Conficker (Downadup) Worm Appeared on Windows computers in November 2008 Uses a buffer overflow attack to spread to new computers Particularly difficult to eradicate Rate of new infections roughly the same as rate of eradications 1-13

14 1-14 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-14 The Internet Worm Robert Tappan Morris, Jr. –Graduate student at Cornell –Released worm onto Internet from MIT computer Effect of worm –Spread to 6,000 Unix computers –Infected computers kept crashing or became unresponsive –Took a day for fixes to be published Impact on Morris –Suspended from Cornell –3 years’ probation + 400 hours community service –$150,000 in legal fees and fines

15 1-15 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-15 Ethical Evaluation Kantian evaluation –Morris used others by gaining access to their computers without permission Social contract theory evaluation –Morris violated property rights of organizations Utilitarian evaluation –Benefits: Organizations learned of security flaws –Harms: Time spent by those fighting worm, unavailable computers, disrupted network traffic, Morris’s punishments Morris was wrong to have released the Internet worm

16 1-16 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-16 Trojan Horses Trojan horse: program with benign capability that masks a sinister purpose Remote access Trojan: Trojan horse that gives attack access to victim’s computer –Back Orifice –SubSeven RAT servers often found within files downloaded from erotica/porn Usenet sites

17 1-17 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-17 Bot Networks Bot: A software program that responds to commands from a program on another computer Some bots support legitimate activities –Internet Relay Chat –Multiplayer Internet games Other bots support illegitimate activities –Distributing spam –Collecting person information for ID theft –Distributed denial-of-service attacks

18 1-18 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-18 Defensive Measures System administrators play key role Authorization: determining that a user has permission to perform a particular action Authentication: determining that people are who they claim to be Firewall: a computer monitoring packets entering and leaving a local area network

19 1-19 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6.3 Phreaks and Hackers 1-19

20 1-20 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-20 Hackers (original meaning) Original meaning –Explorer –Risk-taker –Technical virtuoso Hacker ethic –Hands-on imperative –Free exchange of information –Mistrust of authority –Value skill above all else –Optimistic view of technology

21 1-21 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-21 Hackers (evolved meaning) Meaning of “hacker” changed –Movie WarGames –Teenagers accessing corporate or government computers Dumpster diving Social engineering –Malicious acts Destroying databases Stealing confidential personal information

22 1-22 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-22 Phone Phreaking Phone phreak: someone who manipulates phone system to make free calls Most popular methods –Steal long-distance telephone access codes –Guess long-distance telephone access codes –Use a “blue box” to get free access to long- distance lines Access codes posted on “pirate boards”

23 1-23 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-23 The Cuckoo’s Egg Clifford Stoll: system administrator at Lawrence Berkeley Laboratory Tracked accounting error, discovered unauthorized user Hacker was accessing military computers FBI, CIA, NSA, AFOSI, DIA joined search Trail led to group of West German hackers

24 1-24 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-24 Legion of Doom Elite group of hackers/phreaks recruited by “Lex Luthor” LOD member Robert Riggs copied E911 Document from a Bell South Computer Craig Neidorf published edited E911 Document in his BBS magazine, Phrack

25 1-25 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-25 U.S. v. Riggs Riggs and Neidorf arrested –Charged with wire fraud –Interstate transportation of stolen property valued at $79,449 –Computer fraud Riggs pleaded guilty to wire fraud; went to federal prison Neidorf pleaded not guilty –Defense showed similar info being sold for < $25 –Prosecution moved to dismiss charges

26 1-26 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-26 Steve Jackson Games Steve Jackson Games (SJG) published role- playing games and operated BBS Loyd Blankenship –Key SJG employee –LOD member –Published E911 document on his own BBS Secret Service raided SJG and seized computers, looking for copy of E911 Document Led to creation of Electronic Frontier Foundation EFF backed successful SJG lawsuit of Secret Service

27 1-27 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-27 Retrospective Parallels between hackers and those who download MP3 files –Establishment overvalues intellectual property –Use of technology as a “joy ride” –Breaking certain laws considered not that big a deal Parallels between response of Secret Service and response of RIAA –Cyberspace is real –Those who break the law can be identified –Illegal actions can have severe consequences

28 1-28 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-28 Penalties for Hacking Examples of illegal activities –Accessing without authorization any Internet computer –Transmitting a virus or worm –Trafficking in computer passwords –Intercepting a telephone conversation, email, or any other data transmission –Accessing stored email messages without authorization –Adopting another identity to carry out an illegal activity Maximum penalty: 20 years in prison + $250,000 fine

29 1-29 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-29 6.4 Denial-of-Service Attacks Denial-of-service attack: an intentional action designed to prevent legitimate users from making use of a computer service Goal of attack: disrupt a server’s ability to respond to its clients About 4,000 Web sites attacked each week Asymmetrical attack that may prove popular with terrorists

30 1-30 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-30 Attacks that Consume Scarce Resources SYN flood attack Smurf attack Fill target computer’s hard disk –Email bombing –Worm –Break-in followed by file copying

31 1-31 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley How a SYN Flood Attack Works 1-31

32 1-32 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley How a Smurf Attack Works 1-32

33 1-33 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-33 Defensive Measures Physical security of server Benchmarking Disk quota systems Disabling unused network services Turning off routers’ amplifier network capability

34 1-34 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-34 Distributed Denial-of-Service Attacks Attacker gains access to thousands of computers Launches simultaneous attack on target servers Defensive measures –Secure computers to prevent hijackings –Check for forged IP addresses

35 1-35 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley The Rise and Fall of Blue Security Part I: The Rise Blue Security: An Israeli company selling a spam deterrence system Blue Frog bot would automatically respond to each spam message with an opt-out message Spammers started receiving hundreds of thousands of opt-out messages, disrupting their operations 6 of 10 of world’s top spammers agreed to stop sending spam to users of Blue Frog 1-35

36 1-36 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley The Rise and Fall of Blue Security Part II: The Fall One spammer (PharmaMaster) started sending Blue Frog users 10-20 times more spam PharmaMaster then launched DDoS attacks on Blue Security and its business customers Blue Security could not protect its customers from DDoS attacks and virus-laced emails Blue Security reluctantly terminated its anti-spam activities 1-36

37 1-37 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Fourth of July Attacks 4 th of July weekend in 2009: DDoS attack on governmental agencies and commercial Web sites in United States and South Korea Attack may have been launched by North Korea in retaliation for United Nations sanctions 1-37

38 1-38 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Attacks on Twitter and Other Social Networking Sites Massive DDoS attack made Twitter service unavailable for several hours on August 6, 2009 Three other sites attacked at same time: Facebook, LiveJournal, and Google All sites used by a political blogger from the Republic of Georgia Attacks occurred on first anniversary of war between Georgia and Russia over South Ossetia 1-38

39 1-39 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-39 SATAN Security Administrator Tool for Analyzing Networks (SATAN) Allows administrators to test their systems Could be used to probe other computers Critics worried SATAN would turn unskilled teenagers into hackers That never happened

40 1-40 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 6.5 Online Voting 1-40

41 1-41 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-41 Motivation for Online Voting 2000 U.S. Presidential election closely contested Florida pivotal state Most Florida counties used keypunch voting machines Two voting irregularities traced to these machines –Hanging chad –“Butterfly ballot” in Palm Beach County

42 1-42 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley The Infamous “Butterfly Ballot” 1-42 AP/Wideworld Photos

43 1-43 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-43 Benefits of Online Voting More people would vote Votes would be counted more quickly No ambiguity with electronic votes Cost less money Eliminate ballot box tampering Software can prevent accidental over-voting Software can prevent under-voting

44 1-44 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-44 Risks of Online Voting Gives unfair advantage to those with home computers More difficult to preserve voter privacy More opportunities for vote selling Obvious target for a DDoS attack Security of election depends on security of home computers Susceptible to vote-changing virus or RAT Susceptible to phony vote servers No paper copies of ballots for auditing or recounts

45 1-45 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-45 Utilitarian Analysis Suppose online voting replaced traditional voting Benefit: Time savings –Assume 50% of adults actually vote –Suppose voter saves 1 hour by voting online –Average pay in U.S. is $18.00 / hour –Time savings worth $9 per adult American Harm of DDoS attack difficult to determine –What is probability of a DDoS attack? –What is the probability an attack would succeed? –What is the probability a successful attack would change the outcome of the election?

46 1-46 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-46 Kantian Analysis The will of each voter should be reflected in that voter’s ballot The integrity of each ballot is paramount Ability to do a recount necessary to guarantee integrity of each ballot There should be a paper record of every vote Eliminating paper records to save time and/or money is wrong

47 1-47 Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-47 Conclusions Existing systems are highly localized Widespread tainting more possible with online system No paper records with online system Evidence of tampering with online elections Relying on security of home computers means system vulnerable to fraud Strong case for not allowing online voting

Download ppt "Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Ethics for the Information Age Fourth Edition by Michael J. Quinn Chapter."

Similar presentations

Shelby County Technology Scope and Sequence 6-8 #8: AUP Computer Fraud Copyright Violations Penalties Nancy Law Columbiana Middle School.

Shelby County Technology Scope and Sequence 6-8 #8: AUP Computer Fraud Copyright Violations Penalties Nancy Law Columbiana Middle School.
Good or Bad?.  One of the closest contests in US history  Florida was the pivotal state  Neither Democrat Al Gore nor Republican George W. Bush had.

Good or Bad?.  One of the closest contests in US history  Florida was the pivotal state  Neither Democrat Al Gore nor Republican George W. Bush had.
Chapter 6 Computer and Network Security. Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Slide 4- 2 Chapter Overview Introduction.

Chapter 6 Computer and Network Security. Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Slide 4- 2 Chapter Overview Introduction.
Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.

Computer Viruses and Worms* *Referred to slides by Dragan Lojpur, Zhu Fang at Florida State University.
 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.

 Someone who exercises playful ingenuity  Misusers of the internet who try to obtain or corrupt information; people who try to prevent it.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.

CHAPTER 2 KNOW YOUR VILLAINS. Who writes it: Malware writers vary in age, income level, location, social/peer interaction, education level, likes, dislikes.
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?

1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Computer Crime Computer and Network Security. Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Slide 4- 2 Identity Theft.

Computer Crime Computer and Network Security. Copyright © 2006 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Slide 4- 2 Identity Theft.
The History of Hacking By: Monica Flores.

The History of Hacking By: Monica Flores.
Hectic Ethics Computer Applications Mrs. Wohleb. Objectives Students will be able to: Describe ethical considerations resulting from technological advances.

Hectic Ethics Computer Applications Mrs. Wohleb. Objectives Students will be able to: Describe ethical considerations resulting from technological advances.
Chapter 7: Computer and Network Security

Chapter 7: Computer and Network Security
Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 6: Computer and Network Security Ethics for the Information Age Forth.

Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 6: Computer and Network Security Ethics for the Information Age Forth.
Computers in Society Week 8: Computer Security and Hacking.

Computers in Society Week 8: Computer Security and Hacking.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.

Similar presentations

Ads by Google