Chapter 12 - Computers & Society: Security & Privacy

Computer Security: Risks and Safeguards

What is a computer security risk?

°     Any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability

°     May be accidental or planned

°     Intentional breach of computer security often involves a deliberate act that is against the law

What is a computer virus?

°     A potentially damaging computer program that affects, or infects, your computer negatively by altering the way the computer works without your knowledge or permission

°     A segment of program code from some outside source that implants itself in a computer

°     Once in the computer it can spread throughout and may damage your files and operating system

What are the ways viruses can be activated?

°    Opening an infected file

°    Running an infected program

°    Booting the computer with an infected floppy disk in the disk drive

What is the most common way computers become infected with a virus?

°    Through e-mail attachments

What is the source of a virus?

°    Written by a programmer, known as a virus author

°    Some write viruses as a challenge

°    Others write viruses to cause destruction

What are signs of a virus infection?

What are the three main types of virus?

How do viruses activate?

What is a malicious-logic program?

°    A program that acts without a user’s knowledge

°    Deliberately alters the computer's operations

°    Also called malware

°    Several types

    virus

    worm

    Trojan horse

How can you reduce infection risk from a boot sector virus?

°    Never start your computer with a floppy disk in drive A – unless you are certain the disk is an uninfected boot disk

°    All floppy disks contain a boot sector

How can you protect your system from a macro virus?

°    You can set a macro’s security level in all applications that allow you to write macros

°    At the medium security level, a warning displays when you attempt to open a document that contains a macro

How can you safeguard your computer from virus attacks?

°    Install an antivirus program and upgrade it frequently

°    An antivirus program identifies and removes any computer viruses found in memory, on storage media, or on incoming files

°    Most antivirus programs also protect against worms and Trojan horses

 

Company on the Cutting Edge

Network Associates

°    Developer of McAfee VirusScan and Firewall

°    VirusScan named the top antivirus program by the University of Hamburg’s Virus Test Center and by the West Coast Labs for Secure Computing

 

Computer Security: Risks and Safeguards

What does an antivirus program do?

°    Detects and identifies viruses

°    Inoculates existing program files

°    Removes or quarantines viruses

°    Creates a rescue disk

How does an antivirus program scan for a virus?

°    Scans for programs that attempt to modify the boot program, the operating system, and other programs that normally are read from but not modified

°    Many also scan

    Files you download from the Web

    E-mail attachments

    Files you open

    All removable media

What is a virus signature?

°    A known specific pattern of virus code

°    Also called a virus definition

°    Antivirus software uses signature files to identify viruses

°    You should update the signature files to include patterns for newly discovered viruses

°    Many antivirus programs contain an auto-update feature

How does an antivirus program inoculate a program file?

°    The antivirus program records information about the files in a separate inoculation file

     File size

     File creation date

°    The antivirus program uses this information to detect if a virus tampers with the inoculated program file

What two types of virus are more difficult to detect?

What does an antivirus program do once it detects a virus?

°    Removes the virus if possible

°    Quarantines the infected file

    Quarantine: a separate area of a hard disk that holds the infected file until you can remove its virus

What is a rescue disk?

°    A removable disk that contains an uninfected copy of key operating system commands and startup information

°    Also called an emergency disk

°    Enables the computer to restart correctly

°    Created by most antivirus programs

°    Upon startup the rescue disk finds and removes the boot sector virus

What should you do if a virus infects your system?

°    Remove the virus

°    If you share data with other users, such as e-mail attachments, floppy disks, or Zip® disks, then inform those  users of your virus infection

How can you stay informed about viruses?

°    Several Web sites publish a list of virus alerts and virus hoaxes

What are tips for preventing virus infections?

 

Technology Trailblazer

Clifford Stoll

°     Provokes people to think about
how they use computer
technology

°     Wrote The Cuckoo’s Egg in 1989
about his investigation that
uncovered a computer spy ring

°     Highly critical of the benefits
computers and the Internet
presumably provide

     Questions why computers
are so bland looking

     Why hardware has such a short useful life

     Proclaims that schools should spend money on teachers, librarians, and books rather than on technology because computers isolate and weaken people

 

Computer Security: Risks and Safeguards

What is unauthorized access and unauthorized use?

°    Unauthorized access is the use of a computer or network without permission

°    Unauthorized use is the use of a computer or
its data for
unapproved or
possibly
illegal
activities

How can unauthorized access and use be prevented?

°    Access control

    A security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer

°    Two-phase process of access control

    Identification verifies that you are a valid user

    Authentication verifies that you are who you claim to be

°    Four methods exist

What is a user name?

°    A unique combination of characters that identifies one specific user

°    Also called a
user ID

°    A password is a
secret
combination of
characters
associated with
the user name
that allows
access to certain
computer
resources

How can you make your password more secure?

°    Longer passwords provide greater security than shorter ones

How should you select a user name and password?

°    Avoid obvious passwords, such as your initials or birthday

°    You may need to follow software program guidelines

°    You may need to enter one of several pieces of personal information

°    Select a password that is easy for you to remember

What is a possessed object?

°     Any item that you must carry to gain access to a computer or computer facility

     Badges

     Cards

     Keys

°     Often used in combination with a personal identification number (PIN)

     A numeric password, either assigned by a company or selected by you

What is a biometric device?

°    Authenticates a person’s identity by verifying personal characteristics

°    Grants access to programs, systems, or rooms using computer analysis of some biometric identifier

°    Translates a person’s characteristics into a digital code that is compared to a digital code stored in the computer

What is a fingerprint scanner?

°    Captures curves and indentations of a fingerprint

°    Some predict this will become the home user’s authentication device for e-commerce transactions

°    Some newer keyboards and notebook computers have a fingerprint scanner built into them

°    Some cost less than $100

What is a hand geometry system?

°    Measures the shape and size of a person’s hand

°    Typically used as a time and attendance device by large companies

°    Costs more than $1,000

What is a face recognition system?

°     Captures a live face image and compares it to a stored image to determine if the person is a legitimate user

°     Used by some notebook computers to safeguard the computer

°     Can recognize people with or without glasses, makeup, or jewelry, and with new hairstyles

What are two other verification systems?

What is an iris verification system?

°    Reads patterns in the tiny blood vessels in the back of the eye

°    Very expensive

°    Used by government security organizations, the military, and financial institutions that deal with highly sensitive data

What is a callback system?

°    An access control
method that some systems utilize to authenticate
remote users

°    You can connect to a computer only after
the computer calls you back at a previously established telephone number

°    Works best for users who regularly work at the same remote location

What is an audit trail?

°    Records in a file both successful and unsuccessful access attempts

°    Also called a log

°    Companies should investigate unsuccessful access attempts immediately

°    Should review successful access for irregularities

    Use of computer after normal working hours

    Use from remote computers

What is hardware theft and vandalism?

°    Theft is the act of stealing computer equipment

°    Vandalism is the act of defacing or destroying computer equipment

°    Prevent with physical access controls

     Locked doors and windows

     Alarm systems

°    Physical security devices

     Cables that lock the equipment to a desk, cabinet, or floor

What precautions can prevent theft of mobile equipment?

°    Common sense

°    Constant awareness of risk

°    Never leave a notebook computer unattended in  a public place

°    May use a physical device to temporarily lock a mobile computer to a desk or table

What is software theft?

°    Can range from someone physically stealing media that contains software to intentional piracy of software

°    Software piracy is the unauthorized and illegal duplication of copyrighted software

What is a software license agreement?

°    The right to use a piece of software

°    Provides specific conditions for use of the software, which the user must accept before using the software

What is a single-user license agreement?

°    The most common type of license included with software packages purchased by individual users

°    Also called an end-user license agreement (EULA)

°    Includes many conditions that specify a user’s responsibility

What is the Business Software Alliance (BSA)?

°    Organization formed to promote a better understanding of software piracy problems and to take legal action

°    Operates a Web site and antipiracy hotlines

What is a site license?

°    Gives the buyer the right to install the software on multiple computers at a single site

°    Usually costs significantly less than purchasing individual copies of software for each computer

What is information theft?

°    Occurs when someone steals personal or confidential information

°    Often linked to other types of computer crime

°    Several methods used to protect against information theft

What is encryption?

°    The process of converting readable data into unreadable characters to prevent unauthorized access

°    Encrypted data can be stored or sent as an
e-mail message

°    To read the data, the recipient must decrypt it

°    An encryption key is the formula that the recipient of the data uses to decrypt ciphertext

What are some data encryption methods?

°    An encryption key (formula) often uses more than one of these methods

How do organizations encrypt data?

°    Most organizations use available software packages for encryption

°    Others develop their own encryption programs

What are two basic types of encryption?

How does public key encryption work?

What are some public key encryption technologies?

What are two government proposals for monitoring encrypted messages?

°    The United States government has proposed several ideas for developing a standard for voice and data encryption

°    Purpose is to enable government agencies, such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) to monitor private communications

What is a system failure?

°    The prolonged malfunction of a computer

°    Can cause the loss of hardware, software, data, or information

What is electrical power variation?

°    One of the more common causes of system failure

°    Can cause loss of data or loss of equipment

°    A single power disturbance can damage multiple systems on a network

°    Includes noise, undervoltages, and overvoltages

What is a surge protector?

°    Also called a surge suppressor

°    Uses special electrical components to smooth out minor noise, provide a stable current flow, and keep
an overvoltage from reaching the
computer and other electronic
equipment

°    Not 100 percent effective

°    Amount of protection
is proportional to its
cost

What are standards for surge suppressors?

°    Should meet the safety specification for surge suppression products

°    Called the Underwriters Laboratories (UL) 1449 standard

°    Allows no more than 500 maximum volts to pass through it

°    Should have a Joule rating of at least 200

What is an uninterruptible power supply (UPS)?

°    A device that contains surge protection circuits and one or more batteries that can provide power during a temporary or permanent loss of power

°    A standby UPS switches to battery power when a problem occurs in the power line

     Also called an offline UPS

°    Online UPS always runs off the battery

     Provides continuous protection

What is a backup?

°    A duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed

°    To back up a file means to make a copy of it

°    You restore the files by copying the backed up files to their original location on the computer

°    Keep backup copies in a fireproof and heatproof safe or vault, or offsite

What are the three types of backups?

How do the types of backup compare?

What are backup procedures?

°    Specify a regular plan of copying and storing important data and program files

°    Procedures  for a business should be stated clearly, documented in writing, and followed consistently

What is a three-generation backup policy?

°    Preserves three copies of important files

What are methods of creating backups?

What is a disaster recovery plan?

°    A written plan describing the steps a company would take to restore computer operations in the event of a disaster

°    Contains four major components

What is an emergency plan?

°    Specifies the steps to be taken immediately after a disaster strikes

°    Usually is organized by type of disaster

°    All plans should contain four important pieces of information

What is the backup plan?

°    Specifies how a company uses backup files and equipment to resume information processing

°    Should specify the location of an alternate computer facility in the event the company's normal location is destroyed or unusable

°    Should identify three items

Where should an alternate computer facility be located?

°    Close enough to be convenient

°    Far enough away to prevent a single disaster destroying both the main and alternate computer facilities

What is a recovery plan and a test plan?

What is a computer security plan?

°    An overall plan that summarizes in writing all of the safeguards that are in place to protect a company’s information assets

°    Evaluate the plan annually or when there are major changes in information assets

What services can help with security plans?

°    The International Computer Security Association (ICSA) can assist companies and individuals who need help with computer security plans

 

Internet and Network Security

Why is Internet and network security important?

°    Information transmitted over networks has a higher degree of security risk

°    Employs many security techniques discussed thus far

How do Web browsers provide secure data transmission?

°    Many Web browsers use encryption

°    A Web site that uses encryption techniques to secure its data is known as a secure site

°    Secure sites use digital certificates along with
a security protocol

What is a certificate authority (CA)?

°    Also called an issuing authority (IA)

°    An authorized
company or
person that
issues and
verifies digital
certificates

 

Company on the Cutting Edge

°    One of the world’s premier Internet security technology companies

°    Operations in more than 33 countries

°    Develops antivirus and risk management software

°    Develops mobile code
protection and e-mail and
Internet content filtering
programs

°    Protects 60 million users

 

Internet and Network Security

What is Secure Sockets Layer (SSL)?

°    Provides private-key encryption of all data that passes between a
client and
a server

°    Requires the
client has a
digital
certificate

°    Web pages
that use SSL
typically
begin with
https

What are other secure encryption techniques?

What is Pretty Good Privacy (PGP)?

°    One of the most popular e-mail digital encryption programs

°    Freeware for personal, non-commercial users

°    Uses a public-key encryption scheme

What is a digital signature?

°    Also called a digital ID

°    An encrypted code that a person, Web site, or company attaches to an electronic message to verify the identity of the message sender

°    The code usually consists of the user's name and a hash of all or part of the message

°    Helps to prevent e-mail forgery and verify that the contents of a message has not changed

What is a firewall?

°    A security system consisting of hardware and/or software that prevents unauthorized access to data and information on a network

°    Many large companies route all communications through a proxy server to implement a firewall

°    Firewalls use a variety of screening techniques

    Check domain name or IP address

    Require digital signatures

What is a personal firewall?

°    A software program that detects and protects your personal computer
and its data from
unauthorized
intrusions

°    Constantly
monitors all
transmissions to
and from your
computer

°    Informs you of any
attempted intrusions

What are some popular personal firewall products?

What is another way to protect your personal computer?

°    Disable File and Print Sharing on your Internet connection

 

Technology Trailblazer

Donn Parker

°    One of the world’s leading authorities on cybercrime

°    Parker’s Peer Principle: Share information about the vulnerability of attacks, develop security methods, ad then apply and practice these models

°    Wrote six books on computer security

°    Has participated in more than 250 security reviews for major corporations

 

Information Privacy

What is information privacy?

°    Refers to the right  of individuals and companies to deny or restrict the collection and use of information about them

°    More difficult to maintain today because huge databases store this data in online databases

What are ways to safeguard personal information?

What is an electronic profile?

°    A collection of data about an individual

°    Includes very personal details such as your age, address, telephone number, spending habits, marital status, number of dependents and so on

How can you protect your personal information?

°    Specify whether you will allow companies to distribute your personal information

What is a cookie?

°    A small file that a Web server stores on your computer

°    Typically contains data about you

°    A Web site can read data only from its own cookie file

°    Some Web sites sell or trade information stored in your cookie to advertisers

How can cookies track user preferences?

How can you set your browser to control cookies?

°    You can set your browser to accept cookies automatically, prompt you if you wish to accept a cookie, or disable cookie use

°    Many Web sites do not allow you to access features if you disable cookie use

What is a cookie manager?

°    A software program that selectively blocks cookies

What is spyware?

°    A program placed on a computer without the user's knowledge that secretly collects information about the user

°    Can enter your computer as a virus or as a result of installing a new program

°    Communicates information it collects to some outside source while you are online

What is spam?

°    An unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at once

°    Internet junk mail

How can you control spam?

What privacy laws have been enacted?

°    There are many federal and state laws regarding the storage and disclosure of personal data

What laws deal specifically with computers?

What is employee monitoring?

°    Involves the use of computers to observe, record, and review an individual's use of a computer

°    Includes communications such as e-mail, keyboard activity, and Web sites visited

°    It is legal for employers to use monitoring software programs

What is one of the most controversial issues surrounding the Internet?

°    The availability of objectionable material such as racist literature and obscene pictures

°    Some believe objectionable material should be banned

°    Others believe objectionable material should be filtered;
that is, restricted
and made
unavailable to
minors

 

What is a rating system?

°    A rating system similar to those used for movies and videos is established for Web sites

°    If content goes
beyond the
rating limits
set in the Web
browser
software, a
user cannot
access the
Web site

What is filtering software?

°    Also called an Internet filtering program

°    Software that can restrict access to specified Web sites

°    Some filter sites that use specific words

°    Others allow you to filter e-mail messages and chat rooms

 

Summary of Computers and Society: Security and Privacy

°   Computer security: risks and safeguards

°   Internet and network security

°   Information privacy

Chapter 12 Complete