Chapter
12 - Computers & Society: Security & Privacy
Computer Security: Risks and
Safeguards
What is a computer security risk?
° Any event or action that could cause a loss of or
damage to computer hardware, software, data, information, or processing
capability
° May be accidental or planned
° Intentional breach of computer security often involves
a deliberate act that is against the law
What is a computer virus?
° A potentially damaging computer program that affects,
or infects, your computer negatively by altering the way the computer works
without your knowledge or permission
° A segment of program code from some outside source
that implants itself in a computer
° Once in the computer it can spread throughout and may
damage your files and operating system
What are the ways viruses can be
activated?
° Opening an infected file
° Running an infected program
° Booting the computer with an infected floppy disk in
the disk drive
What is the most common way
computers become infected with a virus?
° Through e-mail attachments
What is the source of a virus?
° Written by a programmer, known as a virus author
° Some write viruses as a challenge
° Others write viruses to cause destruction
What are signs of a virus
infection?
What are the three main types of
virus?
How do viruses activate?
What is a malicious-logic program?
° A program that acts without a user’s knowledge
° Deliberately alters the computer's operations
° Also called malware
° Several types
• virus
• worm
• Trojan horse
How can you reduce infection risk
from a boot sector virus?
° Never start your computer with a floppy disk in drive
A – unless you are certain the disk is an uninfected boot disk
° All floppy disks contain a boot sector
How can you protect your system
from a macro virus?
° You can set a macro’s security level in all
applications that allow you to write macros
° At the medium security level, a warning displays when
you attempt to open a document that contains a macro
How can you safeguard your computer
from virus attacks?
° Install an antivirus program
and upgrade it frequently
° An antivirus program
identifies and removes any computer viruses found in memory, on storage media,
or on incoming files
° Most antivirus programs also
protect against worms and Trojan horses
Company on the Cutting Edge
Network
Associates
° Developer of McAfee VirusScan
and Firewall
° VirusScan named the top antivirus
program by the University of Hamburg’s Virus Test Center and by the West Coast
Labs for Secure Computing
Computer Security: Risks and
Safeguards
What does an antivirus
program do?
° Detects and identifies viruses
° Inoculates existing program files
° Removes or quarantines viruses
° Creates a rescue disk
How
does an antivirus program scan for a virus?
° Scans for programs that attempt to modify the boot
program, the operating system, and other programs that normally are read from
but not modified
° Many also scan
• Files you download from the Web
• E-mail attachments
• Files you open
• All removable media
What is a virus signature?
° A known specific pattern of virus code
° Also called a virus definition
° Antivirus software uses signature files to identify
viruses
° You should update the signature files to include
patterns for newly discovered viruses
° Many antivirus programs contain
an auto-update feature
How does an antivirus
program inoculate a program file?
° The antivirus program
records information about the files in a separate inoculation file
• File size
• File creation date
° The antivirus program uses
this information to detect if a virus tampers with the inoculated program file
What
two types of virus are more difficult to detect?
What does an antivirus
program do once it detects a virus?
° Removes the virus if possible
° Quarantines the infected file
• Quarantine: a separate area of a hard disk that holds
the infected file until you can remove its virus
What is a rescue disk?
° A removable disk that contains an uninfected copy of
key operating system commands and startup information
° Also called an emergency disk
° Enables the computer to restart correctly
° Created by most antivirus
programs
° Upon startup the rescue disk finds and removes the
boot sector virus
What should you do if a virus
infects your system?
° Remove the virus
° If you share data with other users, such as e-mail
attachments, floppy disks, or Zip® disks, then inform those users of your
virus infection
How can you stay informed about
viruses?
° Several Web sites publish a list of virus alerts and
virus hoaxes
What are tips for preventing virus
infections?
Technology Trailblazer
Clifford Stoll
° Provokes people to think about
how they use computer
technology
° Wrote The Cuckoo’s Egg in 1989
about his investigation that
uncovered a computer spy ring
° Highly critical of the benefits
computers and the Internet
presumably provide
• Questions why computers
are so bland looking
• Why hardware has such a short useful life
• Proclaims that schools should spend money on teachers,
librarians, and books rather than on technology because computers isolate and
weaken people
Computer Security: Risks and
Safeguards
What is unauthorized access and
unauthorized use?
° Unauthorized access is the use of a computer or
network without permission
° Unauthorized use is the use of a computer or
its data for
unapproved or
possibly
illegal
activities
How can unauthorized access and use
be prevented?
° Access control
• A security measure that defines who can access a
computer, when they can access it, and what actions they can take while
accessing the computer
° Two-phase process of access control
• Identification verifies that you are a valid user
• Authentication verifies that you are who you claim to
be
° Four methods exist
What is a user name?
° A unique combination of characters that identifies one
specific user
° Also called a
user ID
° A password is a
secret
combination of
characters
associated with
the user name
that allows
access to certain
computer
resources
How can you make your password more
secure?
° Longer passwords provide greater security than shorter
ones
How should you select a user name
and password?
° Avoid obvious passwords, such as your initials or
birthday
° You may need to follow software program guidelines
° You may need to enter one of several pieces of
personal information
° Select a password that is easy for you to remember
What is a possessed object?
° Any item that you must carry to gain access to a
computer or computer facility
• Badges
• Cards
• Keys
° Often used in combination with a personal
identification number (PIN)
• A numeric password, either assigned by a company or
selected by you
What is a biometric device?
° Authenticates a person’s identity by verifying
personal characteristics
° Grants access to programs, systems, or rooms using
computer analysis of some biometric identifier
° Translates a person’s characteristics into a digital
code that is compared to a digital code stored in the computer
What is a fingerprint scanner?
° Captures curves and indentations of a fingerprint
° Some predict this will become the home user’s
authentication device for e-commerce transactions
° Some newer keyboards and notebook computers have a
fingerprint scanner built into them
° Some cost less than $100
What is a hand geometry system?
° Measures the shape and size of a person’s hand
° Typically used as a time and attendance device by
large companies
° Costs more than $1,000
What is a face recognition system?
° Captures a live face image and compares it to a stored
image to determine if the person is a legitimate user
° Used by some notebook computers to safeguard the
computer
° Can recognize people with or without glasses, makeup,
or jewelry, and with new hairstyles
What are two other verification
systems?
What is an iris verification
system?
° Reads patterns in the tiny blood vessels in the back
of the eye
° Very expensive
° Used by government security organizations, the military,
and financial institutions that deal with highly sensitive data
What is a callback system?
° An access control
method that some systems utilize to authenticate
remote users
° You can connect to a computer only after
the computer calls you back at a previously established telephone number
° Works best for users who regularly work at the same
remote location
What is an audit trail?
° Records in a file both successful and unsuccessful
access attempts
° Also called a log
° Companies should investigate unsuccessful access
attempts immediately
° Should review successful access for irregularities
• Use of computer after normal working hours
• Use from remote computers
What is hardware theft and
vandalism?
° Theft is the act of stealing computer equipment
° Vandalism is the act of defacing or destroying
computer equipment
° Prevent with physical access controls
• Locked doors and windows
• Alarm systems
° Physical security devices
• Cables that lock the equipment to a desk, cabinet, or
floor
What precautions can prevent theft
of mobile equipment?
° Common sense
° Constant awareness of risk
° Never leave a notebook computer unattended in a public place
° May use a physical device to temporarily lock a mobile
computer to a desk or table
What is software theft?
° Can range from someone physically stealing media that
contains software to intentional piracy of software
° Software piracy is the unauthorized and illegal
duplication of copyrighted software
What is a software license
agreement?
° The right to use a piece of software
° Provides specific conditions for use of the software,
which the user must accept before using the software
What is a single-user license
agreement?
° The most common type of license included with software
packages purchased by individual users
° Also called an end-user license agreement (EULA)
° Includes many conditions that specify a user’s responsibility
What
is the Business Software Alliance (BSA)?
° Organization formed to promote a better understanding
of software piracy problems and to take legal action
° Operates a Web site and antipiracy
hotlines
What is a site license?
° Gives the buyer the right to install the software on
multiple computers at a single site
° Usually costs significantly less than purchasing
individual copies of software for each computer
What is information theft?
° Occurs when someone steals personal or confidential
information
° Often linked to other types of computer crime
° Several methods used to protect against information
theft
What is encryption?
° The process of converting readable data into
unreadable characters to prevent unauthorized access
° Encrypted data can be stored or sent as an
e-mail message
° To read the data, the recipient must decrypt it
° An encryption key is the formula that the recipient of
the data uses to decrypt ciphertext
What are some data encryption
methods?
° An encryption key (formula) often uses more than one
of these methods
How do organizations encrypt data?
° Most organizations use available software packages for
encryption
° Others develop their own encryption programs
What are two basic types of
encryption?
How does public key encryption
work?
What
are some public key encryption technologies?
What are two government proposals
for monitoring encrypted messages?
° The United States government has proposed several
ideas for developing a standard for voice and data encryption
° Purpose is to enable government agencies, such as the
National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) to
monitor private communications
What is a system failure?
° The prolonged malfunction of a computer
° Can cause the loss of hardware, software, data, or
information
What is electrical power variation?
° One of the more common causes of system failure
° Can cause loss of data or loss of equipment
° A single power disturbance can damage multiple systems
on a network
° Includes noise, undervoltages,
and overvoltages
What is a surge protector?
° Also called a surge suppressor
° Uses special electrical components to smooth out minor
noise, provide a stable current flow, and keep
an overvoltage from reaching the
computer and other electronic
equipment
° Not 100 percent effective
° Amount of protection
is proportional to its
cost
What are standards for surge
suppressors?
° Should meet the safety specification for surge
suppression products
° Called the Underwriters Laboratories (UL) 1449
standard
° Allows no more than 500 maximum volts to pass through
it
° Should have a Joule rating of at least 200
What
is an uninterruptible power supply (UPS)?
° A device that contains surge protection circuits and
one or more batteries that can provide power during a temporary or permanent
loss of power
° A standby UPS switches to battery power when a problem
occurs in the power line
• Also called an offline UPS
° Online UPS always runs off the battery
• Provides continuous protection
What is a backup?
° A duplicate of a file, program, or disk that can be
used if the original is lost, damaged, or destroyed
° To back up a file means to make a copy of it
° You restore the files by copying the backed up files
to their original location on the computer
° Keep backup copies in a fireproof and heatproof safe
or vault, or offsite
What are the three types of
backups?
How do the types of backup compare?
What are backup procedures?
° Specify a regular plan of copying and storing
important data and program files
° Procedures for
a business should be stated clearly, documented in writing, and followed
consistently
What is a three-generation backup
policy?
° Preserves three copies of important files
What are methods of creating
backups?
What is a disaster recovery plan?
° A written plan describing the steps a company would
take to restore computer operations in the event of a disaster
° Contains four major components
What is an emergency plan?
° Specifies the steps to be taken immediately after a
disaster strikes
° Usually is organized by type of disaster
° All plans should contain four important pieces of
information
What is the backup plan?
° Specifies how a company uses backup files and
equipment to resume information processing
° Should specify the location of an alternate computer
facility in the event the company's normal location is destroyed or unusable
° Should identify three items
Where should an alternate computer
facility be located?
° Close enough to be convenient
° Far enough away to prevent a single disaster
destroying both the main and alternate computer facilities
What is a
recovery plan and a test plan?
What is a computer security plan?
° An overall plan that summarizes in writing all of the
safeguards that are in place to protect a company’s information assets
° Evaluate the plan annually or when there are major
changes in information assets
What
services can help with security plans?
° The International Computer Security Association (ICSA)
can assist companies and individuals who need help with computer security plans
Internet and Network Security
Why is Internet and network
security important?
° Information transmitted over networks has a higher
degree of security risk
° Employs many security techniques discussed thus far
How do Web browsers provide secure
data transmission?
° Many Web browsers use encryption
° A Web site that uses encryption techniques to secure
its data is known as a secure site
° Secure sites use digital certificates along with
a security protocol
What is a certificate authority
(CA)?
° Also called an issuing authority (IA)
° An authorized
company or
person that
issues and
verifies digital
certificates
Company on the Cutting Edge
° One of the world’s premier Internet security
technology companies
° Operations in more than 33 countries
° Develops antivirus and risk
management software
° Develops mobile code
protection and e-mail and
Internet content filtering
programs
° Protects 60 million users
Internet and Network Security
What is Secure Sockets Layer (SSL)?
° Provides private-key encryption of all data that
passes between a
client and
a server
° Requires the
client has a
digital
certificate
° Web pages
that use SSL
typically
begin with
https
What are other secure encryption
techniques?
What is Pretty Good Privacy (PGP)?
° One of the most popular e-mail digital encryption
programs
° Freeware for personal, non-commercial users
° Uses a public-key encryption scheme
What is a digital signature?
° Also called a digital ID
° An encrypted code that a person, Web site, or company
attaches to an electronic message to verify the identity of the message sender
° The code usually consists of the user's name and a
hash of all or part of the message
° Helps to prevent e-mail forgery and verify that the
contents of a message has not changed
What is a firewall?
° A security system consisting of hardware and/or
software that prevents unauthorized access to data and information on a network
° Many large companies route all communications through
a proxy server to implement a firewall
° Firewalls use a variety of screening techniques
• Check domain name or IP address
• Require digital signatures
What is a personal firewall?
° A software program that detects and protects your
personal computer
and its data from
unauthorized
intrusions
° Constantly
monitors all
transmissions to
and from your
computer
° Informs you of any
attempted intrusions
What are some popular personal
firewall products?
What is another way to protect your
personal computer?
° Disable File and Print Sharing on your Internet
connection
Technology Trailblazer
Donn
Parker
° One of the world’s leading authorities on cybercrime
° Parker’s Peer Principle: Share information about the
vulnerability of attacks, develop security methods, ad then apply and practice
these models
° Wrote six books on computer security
° Has participated in more than 250 security reviews for
major corporations
Information Privacy
What is information privacy?
° Refers to the right of individuals and companies to deny
or restrict the collection and use of information about them
° More difficult to maintain today because huge
databases store this data in online databases
What
are ways to safeguard personal information?
What is an electronic profile?
° A collection of data about an individual
° Includes very personal details such as your age,
address, telephone number, spending habits, marital status, number of
dependents and so on
How
can you protect your personal information?
° Specify whether you will allow companies to distribute
your personal information
What is a cookie?
° A small file that a Web server stores on your
computer
° Typically contains data about you
° A Web site can read data only from its own cookie file
° Some Web sites sell or trade information stored in
your cookie to advertisers
How can cookies track user
preferences?
How can you set your browser to
control cookies?
° You can set your browser to accept cookies
automatically, prompt you if you wish to accept a cookie, or disable cookie use
° Many Web sites do not allow you to access features if
you disable cookie use
What is a cookie manager?
° A software program that selectively blocks cookies
What is spyware?
° A program placed on a computer without the user's
knowledge that secretly collects information about the user
° Can enter your computer as a virus or as a result of
installing a new program
° Communicates information it collects to some outside
source while you are online
What is spam?
° An unsolicited e-mail message or newsgroup posting
sent to many recipients or newsgroups at once
° Internet junk mail
How can you control spam?
What privacy laws have been
enacted?
° There are many federal and state laws regarding the
storage and disclosure of personal data
What
laws deal specifically with computers?
What is employee monitoring?
° Involves the use of computers to observe, record, and
review an individual's use of a computer
° Includes communications such as e-mail, keyboard
activity, and Web sites visited
° It is legal for employers to use monitoring software
programs
What
is one of the most controversial issues surrounding the Internet?
° The availability of objectionable material such as
racist literature and obscene pictures
° Some believe objectionable material should be banned
° Others believe objectionable material should be
filtered;
that is, restricted
and made
unavailable to
minors
What is a rating system?
° A rating system similar to those used for movies and
videos is established for Web sites
° If content goes
beyond the
rating limits
set in the Web
browser
software, a
user cannot
access the
Web site
What is filtering software?
° Also called an Internet filtering program
° Software that can restrict access to specified Web
sites
° Some filter sites that use specific words
° Others allow you to filter e-mail messages and chat
rooms
Summary of Computers and Society:
Security and Privacy
° Computer security: risks and safeguards
° Internet and network security
° Information privacy
Chapter 12 Complete