CS3 - Kurtz  Santa Monica College 

COMPUTING ISSUES

 

Computer Security Risk

Any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.

Cybercrime

On-line or Internet-based illegal acts

Cybercriminals

Hacker

Cracker

Script Kiddie

Corporate Spy

Unethical Employee

Cyberextortionist

Cyberterrorist

Virus

A hidden, damaging program that secretly makes copies of itself and spreads by embedding itself inside other programs.

Worm

Worms copy themselves repeatedly, within computers and across networks.

Worms cause damage by filling disk drives and preventing computers from operating.

Trojan Horse

A Trojan horse looks like a legitimate program.

Triggered by a condition or action.

Often used to steal information.

How Viruses, Worms, and Trojan Horses Spread

When a user opens an infected file

When a user runs an infected program

When a user boots a computer with an infected disk in a drive

When a user connects an unprotected computer to a network

Unauthorized Access

The use of computer or network without permission

Hacker

Someone who tries to access a computer or network without permission


 

 

Access Controls

Security measures that define who can access a computer, when they can access it, and what actions they can take

Identification

Verifies that someone is a valid user

Authentication

Verifies that someone is who they claim to be

More characters in a password increase the number of possible combinations and difficulty of hacking

Access Levels

Data and programs at different levels of sensitivity are protected from use by employees at varying levels

Access records

Logs showing who accessed or tried to access what data and programs

Biometric ID 

Identification via physical attributes such as fingerprints, hand geometry, face recognition, iris recognition, retinal scans, voice verification, and handwritten signatures.

Possessed object

Any item you must carry to gain access to a computer or facility (e.g., ATM card)

Software Piracy 

Making unauthorized copies of programs 
Most programs today are not copy protected 
Software firms offer manuals, warranties, and updates to licensed users, conduct copyright education campaigns, and pursue pirates

Information Theft

Theft of personal or confidential information

Encryption

The process of converting readable data into unreadable characters to prevent unauthorized access.

Requires one or more encryption keys

Digital Signature

An encrypted code attached to a message to verify the identity of the sender


 

 

Digital Certificates

A notice issued by a third party to verify that a user of web site is legitimate

A certificate authority (CA) issues and verifies digital certificates

Secure Sockets Layer

Provides encryption for data passed between a browser and web server

Server must have a digital certificate

40-bit and 128-bit encryption

Secure HTTP

Provides encryption for data passed between a browser and web server

Server and client must have digital certificates

More difficult to use, but more secure

Allows server applications to verify authenticity of clients

Virtual Private Network

VPN

Provides a secure network connection over the Internet

Wireless Security

A Wireless Access Point (WAP) should not broadcast a network name

Wired Equivalent Privacy (WEP) uses a private key to secure data

Wi-Fi Protected Access (WPA) uses more advance encryption than WEP and authenticates users

802.11i provides for more secure standards than WEP or WPA

Intellectual Property Rights

The rights of musicians, artists, authors, and inventors to control the works they create. 
Under most circumstances, you must have a signed release to use a copyright photo or article in another publication

Privacy Rights

What personal information about yourself is available to others and how it may be used 
Federal law has established rules for use of federal databases and the collection and use of personal credit information

Information Privacy Threats

Electronic Profiles

Cookies

Spyware and Adware

Spam

Phishing

Electronic Profiles

Merchants collect information from a variety of sources then sell or combine with data from public sources

Lowers marketing costs but compromises privacy

 

Cookies

A small text file stored on your computer

Allows for storage of individual session parameters, personalization and preferences, passwords, shopping carts, tracking of browsing patterns, targeting of advertising.

Spyware and Adware

Programs secretly placed on a users computer to collect information about the user or to place advertising

Spam

Unsolicited E-mail or Newsgroup postings

Phishing

A scam in which official looking E-mail is sent in an attempt to obtain personal information