CS105 Introduction to Computers and Their   Applications

Spring  2006

 

Chapter 11
Home Up Required Texts Grading Makeup Policy Incomplete Policy Withdrawal Policy Course Goals Study Tips Academic Honesty Classroom Civility Halbert Schedule Mason Schedule Zaccagni Schedule Online Homework Instructions Review Questions Contacts Westside Labs Internet

 

 

 

chapter Eleven:  Computers and Society, Security, Privacy, and Ethics

 

COMPUTER SECURITY RISKS                         

 

computer security risk.  = an event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability

 

computer crime =

 

cybercrime =

 

Risks to computer security:

System failure

Viruses

Worms

Trojan horses

Unauthorized access and use

Hardware theft

Information theft ( stolen identity)

Software theft (illegal copying) 

 

 

COMPUTER VIRUSES, WORMS, AND TROJAN HORSES             

 

All =  malicious-logic programs that act without a user’s knowledge and  alter a computer’s operations;

 

Virus = alters the way the computer works, without the user’s knowledge

 

Worm = copies itself repeatedly, using up memory space or slowing down a network

           

Trojan horse = malicious program within a legitimate program

 

payload =

 

symptoms of a computer infected by a virus, worm, or Trojan horse:

1.      screen displays unusual message or image

2.      music or unusual sound plays randomly

3.      available memory is less than expected existing programs and files disappear

4.      files become corrupted

5.      programs or files do not work properly

6.      unknown programs or files mysteriously appear

7.      system properties change

 

Three ways in which viruses deliver their payloads

1.

2.  

3.  

 

Other triggers =  logic bombs

= deliver their payloads when a computer user performs a specific action.

 

 time bombs = deliver their payloads on a certain date.

 

 

One of the most frequent ways a malicious program is delivered

                                                                                                 = e-mail message               

 

Safeguards against computer viruses, worms, and Trojan horses

 

No methods guarantee a computer or network is safe from malicious-logic programs.

 

Precautions that can be taken to reduce the risk of virus infection:

 

1.  do not boot the computer with a disk in the A: drive

2.  only open email from a trusted source

            trusted source = company or person you believe will not send you a virus-infected file knowingly.

3.  turn off the message preview function for email programs

4.  set the macro security level to medium            

5. install an anti virus program and update it frequently

6.  If the anti-virus program flags an email attachment as infected, delete the email immediately

7.  scan all portable disks for viruses (floppies, zip disks, etc)

8.  Create a recovery disk and write protect it

                        9. Install a firewall

                        10.  Make backup copies of your important files

 

 

antivirus program                                                 

=  scans for programs that attempt to modify the boot program, the O/S; automatically scan files downloaded from the Web, email attachments, opened files and other type of removable media inserted into the computer such as floppy disks and Zip disks.

 

 

How anti-virus programs find a virus:

virus signature, or virus definition                                            

 

New viruses appearing all the time, so update virus signature files regularly.

 

polymorphic virus = modifies its program code each time it attaches itself to another program, is difficult to detect by its virus signature.

 

How to inoculate a program file                                    

To inoculate a program file, the antivirus program records information such as the file size and file creation date in a separate inoculation file.  It then can use this information to detect if a virus tampers with the inoculated file

 

Some sophisticated viruses circumvent inoculation.

                                    stealth virus infects a program file but reports the size as the same

 

            Most antivirus programs have utilities that create a

recovery disk, or rescue disk                            

 

= removable disk that contains an uninfected copy of key operating system commands and startup information that enables the computer to restart correctly.

 

virus hoax

Virus hoaxes and false virus alerts can present a serious problem

Visit reputable web sites that list current and new viruses.

 

 

UNAUTHORIZED ACCESS AND USE                          

 

unauthorized access = use of a computer or network without permission

 

cracker = person who tries to access a computer or network illegally

 

hacker = originally a complimentary word for a computer enthusiast.  Now it has a derogatory connotation with the same definition as cracker.

 

unauthorized use = use of a computer or its data for unapproved or  illegal activities.

 

85% of companies say their networks have been hacked.

 

Use of computers by employees for personal reasons = unauthorized use

 

 

10 general safeguards for computing:

 

1.      Use antivirus software and update it frequently.

2.      Do not allow online merchants to store your credit-card information.

3.      Use a hard-to-guess password and change it frequently.

4.      Use different passwords for different Web sites and applications.

5.      Use up-to-date versions of Web browser and e-mail software.

6.      Send credit-card numbers only to secure sites.

7.      Confirm the site you are doing business with.

8.      Use a security program that gives you control over cookies.

9.      Install firewall software to screen traffic if you use DSL or a cable modem.

10.  Do not open e-mail attachments unless you know the attachment’s source.

 

 

Safeguards against unauthorized access and use

 

1.  Companies should have an acceptable use policy (AUP).

 

2.      Firewalls

 

3.  Intrusion Detection Software

 

4.  Access Controls

 

5.  Audit Trails

            User names and passwords

Possessed object (PIN)

Biometric devices

Callback system

 

 

1. Firewalls   =hardware and/or software that prevents unauthorized access to data, information, and storage media on a network

 

2.  Intrusion detection software              =used by large companies

 

 

honeypot = safely separated decoy data for hackers

When the network is invaded, the attack is recorded and analyzed, and the results are posted at the project’s Web site, thus providing vital security information for network administrators.

The Honeynet Project also develops detection systems that can help predict, and prevent, hacker attacks.

In addition to its technical work, the Honeynet Project attempts to learn more about the psychology of hackers.

The project’s findings were detailed in a book entitled, Know Your Enemy.

 

3.  Access controls

= defines who may and may not access certain data on the network

= what actions can be taken by each person who has access

 

 

4.  Audit trails  (log)                                   

 

records who accessed the data and when.

 

Identification and authentication

 

Identification = valid user

 

Authentication = user is who he or she claims to be

 

1.      User names and passwords

2.      Possessed object (PIN)

3.      Biometric devices

4.      Callback system

 

1.  User names and passwords                         

 

Make passwords more secure.  Do not use:

 

                        Your name in any form

                        name of a family member

                        All digits or all the same letter

A word contained in an English or foreign language dictionary

NEVER TELL ANYONE ELSE WHAT YOUR PASSWORD IS.

 

2.  Possessed objects                  

 

=item you carry with you to gain access

            e.g. badge, card, smart card, keys, ATM card

 

personal identification number (PIN) = personal number

 

 

3.  Biometric devices                     

 

e.g. fingerprint, iris pattern, hand geometry, face recognition, voice verification, signature verification

           

4.  Callback system                       

 

You must be at an authorized phone location


 

HARDWARE THEFT AND VANDALISM                      

 

hardware theft = stealing computer equipment

 

hardware vandalism = defacing or destroying computer equipment

 

 

Safeguards Against Hardware Theft And Vandalism 

Restricted access (locked doors and windows)

Alarm systems

Cables

Locking devices for hard disk, other drives

 

 

SOFTWARE THEFT                      

 

=software is stolen, or intentionally erased, or illegally copied

 

software piracy = illegal duplication of copyrighted software

 

= expensive problem for the software industry.

            Estimates = costs the industry more than 35 percent of its business annually.

 

Safeguards Against Software Theft

 

1.  license agreement                               

 

single-user license agreement end-user license agreement (EULA).

Install on one computer

Make one copy as backup

Give or sell only after removing from first source

 

Business Software Alliance (BSA).           

Formed to prevent piracy

The BSA has enforcement agencies in 65 countries.

 

 

2.  product activation  = links particular computer to particular software

 

 

INFORMATION THEFT                 

 

=stealing personal or confidential information

 

In top 10 security threats facing business

 

identification theft.

 

“ Phishing” = thieves asking for personal or financial information

 

1.  Never respond to an email asking for personal identification

2.  If you doubt a massage’s authenticity, verify it by contacting the institution itself

3. Avoid spoofed sites by entering web address into the browser, don’t just click on link in message

4. Give an incorrect password first.  A phishing site will accept it.  A legitimate one won’t.

5.  Check the secure site logo (closed lock or key). Click on that and make sure the certificate matches the site name

6.  Forward fraudulent spam to Federal Trade Commission

                        spam@uce.gov

 

 

Safeguards against information theft

 

encryption                           

 

Decrypt = receiving computer deciphers code with key. .

plaintext = orginal readable text

ciphertext = encrypted text

encryption key = formula for encryption and decryption.

 

 

virtual private network (VPN) = mobile users have a secure connection to company

 

 

SYSTEM FAILURE                        

 

= prolonged malfunction of a computer

= can cause loss of hardware, software, data, or information

Causes:

Aging hardware,

natural disasters (fire, flood, hurricane)

Electrical power problems

The power supply  = important when purchasing a PC

Can cause loss of data or equipment

If networked, power disturbance can damage multiple systems

Types of electrical problems:

 

Noise = unwanted signal mixed with normal voltage

                        Fluorescent lights, radios, TVs, or internal components

Undervoltage = when electrical supply drops

Brownout = prolonged undervoltage

Blackout = complete power failure

 

overvoltage (or power surge) = increase of power

spike = high voltage for a thousandth of a second ( lightning)

 

 

Safeguards Against System Failure

 

surge protector (or surge suppressor)                                 

 

=smooths out minor noise

provides stable current flow

keeps overvoltage from reaching computer

 

If computer is hooked to network or Internet, also need protection for:

Modem and phone lines

DSL lines

Internet cable lines

Network lines

 

uninterruptible power supply (UPS)           additional electrical protection       

 

Goes between computer and power source

 

 

fault-tolerant computer = duplicate components so no data can be lost

 

Businesses that use fault-tolerant computers:  airlines reservations, ATM, etc

 

 

BACKING UP – THE ULTIMATE SAFEGUARD                     

 

Backup =

 

Restore =

 

Media used to store backups:       1

2

3

 

 

 

INTERNET (and other large networks) SECURITY RISKS  

Information transmitted over networks has a higher degree of security risk.

 

10 steps to better network security:

 

  1. Keep passwords confidential (do not post them in a public place).

  2. Shred sensitive material before disposing of it.

  3. Employ physical security measures that grant access only to authorized people.

  4. Perform background checks on personnel.

  5. Configure firewalls and other security software correctly.

  6. Change the default passwords set by operating systems manufacturers.

  7. Do not allow dial-up modems at employees’ desks.

  8. Keep servers and other valuable computers behind locked doors.

  9. Review security logs and host-monitoring programs daily.

  10. Train employees in procedures that might keep intruders out.

 

1.  Denial Of Service Attacks

2.  Securing Internet Transactions

          a. Digital certificates: certificate of authority

          b. Secure Sockets Layer

          c. Secure HTTP

          d. Secure Electronics Transactions

3.  Securing Email Messages

          a. Digital Signature

 

1.  Denial of service attacks                    

 

denial of service attack (or DoS attack) =

 

DD0S = distributed Denial of Service attack

                       

Zombie =

 

2.  Securing Internet transactions                     

 

secure site  = digital certificates along with security protocols, such as Secure Sockets Layer and Secure HTTP

 

a.  encryption =

 

b.  digital certificate =

 

c.    Secure Sockets Layer

 

d.  Secure HTTP  (S-HTTP).

 

e.  Secure Electronics Transactions

3.  Securing e-mail messages                 

 

Pretty Good Privacy (PGP) = free software for encryption

 

digital signature =

 

 

 

 

ETHICS AND SOCIETY                                        

 

computer ethics =

 

6 frequently discussed areas of computer ethics.

1.  unauthorized use of computers and networks 

2.  software theft (piracy)

3. 

4. 

5. 

6. 

 

 

3.  Information accuracy  (first 2 already discussed)

 

Decisions and actions are based on the accuracy of information.

Just because something is on the web does not mean that it is accurate.

Concerns about the ethics of using computers to alter output.

 

 

4.  Intellectual property rights

ideas

inventions writings

art

processes

company and product names

logos

 

copyright = authors/artists exclusive rights to duplicate, publish and sell materials    software piracy (illegal copies of copyrighted programs) goes here

a.  should you be able to download contents of web site, change it, and re-post it as your own?

b. Does a teacher have the right to print material from the Web and distribute it to all members of the class?

c.  Is it OK to publish photos or pages from a book on the web site if you are not the author?

d.  Is it OK to put the lyrics of a song on the Internet if you did not write the lyrics?

e.  Is it ok to post term papers on the web?

 

spoofing = in order to prevent copyright infringement.

 

5.  Codes of Conduct                    

 

IT code of conduct = guidelines for acceptable information technology behavior

 

 

 

INFORMATION PRIVACY                                    

 

Right of individuals and companies to deny or restrict  collection and use of information

 

1.  Electronic Profiles

2. Cookies

3.  Spyware

4.  Spam

          Email filtering

5.  Privacy Laws

6.  Employee Monitoring

7.  Content Filtering

          Web filtering software

 

 

 

Ways to safeguard personal data                                 

1. Fill in only necessary info on warranty and rebate

2. Avoid shopping club and buyers cards

3.  inform merchants that you do not want personal info distributed

4.  limit the amount of info you give to web sites

5.  install a cookie manager

6.  clear your history file when you’re done

7.  set up a free email account

8.  turn off file and print sharing

9. install a personal firewall

10.  sign up for email filtering through ISP or use antispam software

11.  do not open or reply to spam for any reason

12.  surf the web anonymously with a program like Freedom Web Secure or through an anonymous site like Anonymizer.com

 

 

 

 

1.  Electronic profiles                     40

 

                 Read the privacy statements that come to you and keep a copy of what you choose

 

2.  Cookies              

 

= small text file that contains information about you or your preferences

Review purposes for which cookies are used.

 

Types of cookie managers                     

 

session cookie = shopping site webpages that keep track of purchases

 

 

Examples of information that a cookie can collect from a user includes the

            computer’s IP address;

login name and password;

e-mail address;

the computer’s operating system and platform;

the type of and version number of the user’s browser;

 the date,

time, and

length of time the host system was accessed; and

the pages visited while the user was online.

 

 

3.  Spyware                   

 

= program placed on user’s computer without the user’s knowledge that secretly collects information about the user.

 

To remove spyware you need to purchase a special program.

 

Web bug = can be a dot no bigger than one square pixel on a Web page, can be programmed to track Web use.

 

4.  Spam        = unsolicited email message or newsgroup posting

 

Controlling Spam              

 

 

5.  Privacy laws                  

 

Federal laws dealing specifically with computers:

Electronic Communications Privacy Act (ECPA)

Computer Matching and Privacy Protection Act

Computer Fraud and Abuse Acts

Fair Credit Reporting Act.

 

 

6.  Employee monitoring                          

 

7.  Content filtering =                                

 

There is no censorship on the Internet.

 

 

 

HEALTH CONCERNS OF COMPUTER USE  

 

Computers and health risks

 

musculoskeletal disorder (MSD), also called repetitive strain injury (RSI).

 

tendonitis and carpal tunnel syndrome (CTS).                      

 

computer vision syndrome (CVS).

 

Ergonomics and workplace design                               

 

Computer addiction                      

 

Green computing   

 

 

Brief Outline          Chapter 11:  Computers and Society, Security Privacy and Ethics

 

COMPUTER SECURITY RISKS

 

COMPUTER  MALICIOUS LOGIC PROGRAMS

            Safeguards

            Viruses

Worms

Trojan Horses

 

UNAUTHORIZED ACCESS AND USE

Safeguards Against Unauthorized Access And Use

Firewalls

Intrusion Detection Software

Access Controls And Audit Trails

 

HARDWARE THEFT AND VANDALISM

Safeguards Against Hardware Theft And Vandalism

 

 

SOFTWARE THEFT

Safeguards Against Software Theft

 

INFORMATION THEFT

Safeguards Against Information Theft

 

 

SYSTEM FAILURE

Safeguards Against System Failure

 

BACKING UP-THE ULTIMATE SAFEGUARD

 

INTERNET SECURITY RISKS

Denial Of Service Attacks

Securing Internet Transactions

Securing Email Messages

 

ETHICS AND SOCIETY

Information Accuracy

Intellectual Property Rights

Codes of Conduct

 

INFORMATION PRIVACY

Electronic Profiles

Cookies

Spyware

Spam

Privacy Laws

Employee Monitoring

Content Filtering

 

HEALTH CONCERNS OF COMPUTER USE

Computers And Health Risks

Ergonomics And Workplace Design

Computer Addiction

Green Computing

 

CHAPTER SUMMARY