Discovering Computers Technology in a World of Computers, Mobile Devices, and the Internet ine AyD Chapter 5 Digital Safety and SecurityInternet and Network Attacks —— * Abotnet is a group of compromised computers or mobile devices connected to a network — Acompromised computer or device is known as a zombie * Adenial of service attack (DoS attack) disrupts computer access to Internet services — Distributed DoS (DDoS) * Aback door is a program or set of instructions in a program that allow users to bypass security controls * Spoofing is a technique intruders use to make their network or Internet transmission appear legitimateInternet and Network Attacks * A firewall is hardware and/or software that protects a network’s resources from intrusion Pages 208 - 209 Fgures.aUnauthorized Access and Use ee Unauthorized access is the use of a computer or Unauthorized use is the use of a computer or its network without permission data for unapproved or Flees] NAIC Lee i) Page 230 Copyright © Cengage Learning = aUnauthorized Access and Use ——————— * Organizations take several measures to help prevent unauthorized access and use — Acceptable use policy — Disable file and printer sharing Page 210 Biases Copyright © Cengage Learning Alrights reserve.Unauthorized Access and Use ——— * Access controls define who can access a computer, device, or network; when they can access it; and what actions they can take while accessing it * The computer, device, or network should maintain an audit trail that records in a file both successful and unsuccessful access attempts — User name citi — Password a a — Passphrase Pesowore =— — — CAPTCHA lal Pages 213-212 Copyright © Cengage Learirg. Alright reserved Figure 5-6Unauthorized Access and Use ——————— * Apossessed object is any * Abiometric device item that you must carry to authenticates a person’s gain access to a computer identity by translating a or computer facility personal characteristic into — Often are used in a digital code that is combination with a PIN compared with a digital (personal identification code in a computer number) a Copyright® Cengage Learirg, Alright eservedUnauthorized Access and Use — izle} ix-leroy-4ar idol a) system Fingerprint ire lg Hand Voice F4fol alin Nila s(e 8) Eda) system Starla lacs ik verification recognition system NS (laa) Popes 213-234 (Copyright © Cengage Learning. All rights reserves. Figures 5-85-10Unauthorized Access and Use — * Digital forensics is the discovery, collection, and analysis of evidence found on computers and networks * Many areas use digital forensics re orm) WEG Pieces peeled intelligence N iN NSN Tm tel Eoetiog Ca Sc Eula NS Page 214 ‘Copyright © Cengage Learirg. Alright reserved.Software Theft —— * Software theft occurs when someone: Steals software Intentionally Titel] erases programs efecto kd 6 and/or activates Illegally copies a a program Dee ken Page 235 Copyright © Cengoge Learning Al rights reservedSoftware Theft ———— * Many manufacturers incorporate an activation process into their programs to ensure the software is not installed on more computers than legally licensed During the product activation, which is conducted either online or by phone, users provide the software product’s identification number to associate the software with the computer or mobile device on which the software is installed Page 235 Copyright © Cengoge Learning Al rights reserve, |Software Theft ——— * Asingle-user license agreement typically contains the following conditions: ‘Typical Conditions of a Single-User License Agreement Youcan «Install the softvare on ony one computer. (Sore license agreements allow uses to install the software on one desktop and one laptop) ‘+ Make one copy ofthe software 252 Backup. * Give o el the software to another individual, but onl if the software Is removed from the user's computer fist. You cannot «Install the software on a network, such as a school computer lab. * Give copes to fiends and colleagues, while continuing to use the software « Export the software ‘ Rent o lease the software, Pages 215-216 Copyright © Cengage Learning. Al rights reserved Figure 13‘ormation Theft * Information theft occurs when someone steals personal or confidential information * Encryption is a process of converting data that is readable by humans into encoded characters to prevent unauthorized access ‘Name Plaintext —Ciphertext Explanation Tianspestion Switch the order of characters SOFTWARE ——_OSTEAWER Acjcent characters swapoed Substitution Replace character with other INFORMATION WLOIDXQUL Each ete eplaced wth another characes Cepanson Insert characters between existing USER ysvever Leer nseted ae each characte sharaces Compaction Remove characters and sore pcTATON ——ACITIN ery thir lee removed (8, 0) Pages 216-217 AOA re, nl‘An Example of Public Key Encryption step steps TWesene cate emer ‘fe eer cise et ‘wbeemsles oe cver eect nesae ‘080% sours ace Copyright © Cengage Learning. Al rights reserved.Information Theft ——————— * A digital signature is an encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the sender — Often used to ensure that an impostor is not participating in an Internet transaction * Adigital certificate is a notice that guarantees a user or a website is legitimate * Awebsite that uses encryption techniques to secure its data is known as a secure sitetion Theft rr ——— Page 218 Figure S:13 ty woe. amazon.com gj buy/shipaddvess MG Choose your shipping options Shipping Details: DBROTH (2m mor) Choose a 9 speed: @ Standard (3-5 business days) © Two-Day Shipping (2 business days) Capytight © Cengage Learning Al ight reservedHardware Theft, Vandalism, and Failure —— . Hardware vandalism Hardware theft is : : . is the act of defacing the act of stealing . a on or destroying digital digital equipment . equipmentHardware Theft, Vandalism, and Failure — * To help reduce the of chances of theft, companies and schools use a variety of security measures Hardware Theft and Vandalism Safeguards ‘Physical access controls (ie, locked doors and windows) ‘© Alarm system + Physical security devices (.e, cables and locks) + Device-tracking app Hordware Failure Safeguards * Surge protector * Uninterruptible power supply (UPS ‘© Duplicate components or duplicate computers ‘* Fault-tolerant computer Page 218 Copyright © Cengage Learning. Allright reserved FewestUp — The Ultimate Safeguard ———— * Abackup is a duplicate of a file, program, or media that can be used if the original is lost, damaged, or destroyed —To back up a file means to make a copy of it * Off-site backups are stored ina location separate from the computer or mobile device site (olor Te) StorageUltimate Safeguard * Three-generation backup policy = = Continuous data protection ae uLO ae Type of Backup Description ‘Advantages Disadvantages Full backup Copies al ofthe files on media in__Fastestecvery method. lf Longest backup time. the computer ae saved Diferennal Copies oly he fles that have fast bach method. Requires Recovers time-consuming becuse the backup changed since the est ull backup minimal storage space to backup. ls fll backp pus he ferential backup are needed. Incremental Copies oly he iles hat have ‘Fastest backup metho. Requires Recovers mos ire conuingbease the backup changed sce the at ul or minima troge space to backup. ful bakp anda incerta aus incemental badap Only mest ecent changes saved. sce he stl bap ae reeded Selective backup Users choose which fiers and files Fast backup method. Provides Dif o manage inva le backups. 19 indude i a backp eat xb. Least manageable ofall the backup ethos. Continuous dota Al data is backed up whenever a The only rea-tme backup. Very Ver expensive and requires @ great ount protection (COP) change is made fast recovery of data of strane. ———— HWireless Security * Wireless access poses additional security risks * Some intruders intercept and monitor communications as they transmit through the air * Others connect toa network through an unsecured wireless access point (WAP) or combination router/WAPEthics and Society ————— * Computer ethics are the moral guidelines that govern the use of computers, mobile devices, and information systems * Information accuracy is a concern — Not all information on the web is correctEthics and Society ——————— * Intellectual property refers to unique and original works such as ideas, inventions, art, writings, processes, company and product names, and logos * Intellectual property rights are the rights to which creators are entitled to their work * Acopyright protects any tangible form of expression * Digital rights management (DRM) is a strategy designed to prevent illegal distribution of movies, music, and other digital contentine whether a specification is /unethical or allowed/not allowed ‘Sample I¥ Code of Conduct | Tecnology may not be ued to harm ote people 2 Employes may ot mee in bres ies. 3. Emplyeesmay se chao ony for purses ia ich theyhave been athe 4 Tecnology may nt be used a tal. 5, Teeologymay not be sed to bear fe wines 6 Employees may ot copy owe softwere iMepaly 7. Employes may not use ches technology resouces without authorzatin 8 Employers may not use ates imlecual proper) aster own 9 Employes shal conser thesoal inact of progr and systems they dean. 10. Employes alas should se eran ay that demonstrates cons deratin and respect fr flew Puan Copyright © Cengoge Learning. Al rents reserved. conduct is a written guideline that helpsEthics and Society ———— * Green computing involves reducing the electricity and environmental waste while using computers, mobile devices, and related technologies Green Competing Tipe 1. Conserve Energy x a: Use computes ad devices that comply with the ENERGY STAR program, ». Do not leave a compute or device running overnight. Tum ofthe mantr, printer, and other devies when not in use. 2. Reduce Environmental Waste 2. Use paperless methods to communicate. wr ferencng and ValP for meetings ps2 caer || Figure 5-20Information Privacy ——— ¢ Information privacy refers to the right of individuals and companies to deny or restrict the collection and use of information about them * Huge databases store data online * It is important to safeguard your information1 ry resort on exe, nay, ad epson os. 2. Dom prey phone rumba Sea Seay rn oy pss es 2. Haan ed reps ore are. {yuna att hawt Boe yur nae fom 9309 erences on 5. e aie jo phe nae on area est cee 6 Aakers to wt decd unt phone rub Sd ‘Seay rane’ ar res kes ante te bol our pasa oes 1 Paras goat th ash ae an re oes. 8. cd secig db and bert 9. mers tpn queso eu my nat tno bee ‘essa te rtmsin (Copyright © Cengage Learning. AI rights reserved. 10-Hlom ema you oo nat fen be os pes oman 1 Ress n mina, brennan is. 12. Oana est eat ana etm eh a ether ct ‘epg oem gut byron ae asin ade a 08 13. Ret ey you medial mcs ne trom te ia iomesrties! 14. nee anew amon you onde owes crea Shaneon ‘Scena ip aa 16 Cee er ose Fie boars 17 Setup eel aan Ue hina aes br recht om, 18 To en stain nyt ere recon 19. penal eva 2. gp eat Sng go Pe aga pM 21, Det spa rayon, 2 Sutnewe rrp trough an anna wee‘Copyright © Cengage Leorning Allright reserved.Information Privacy ———— * Acookie is a small text file that a web server stores on your computer * Websites use cookies for a variety of reasons: Store user Saal names and/or online passwords shopping Allow for personalization Bic lonantey yy folie) Vets advertisements WS eS Page 228 Copyright © Cengoge Learning Alright reserved,step ion When you ener the adress fa west ina brows, the brome trees your ard dk ora coke esacited wih the wedi nw omahasteaks com’ 9) Step3 the net dows not cv cookie ivomation and sexpecg it, the webste creates an ideriation bet fo you nits database and sends that ruber step2 okie information to our brome The omer nun ats» cote Herons coke, flbacad on at nmbe ad oe cae on it sed inate he coke feo the webs enero. rr omahaseks com = a BH ur hard dk The weiter can pate norton inthe coke Fie whenever you ces the websiteInformation Privacy VW— * Phishing is a scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and/or financial information * With clickjacking, an object that can be clicked on a website contains a malicious programInformation Privacy ——$s * Spyware is a program placed on a computer or mobile device without the user’s knowledge that secretly collects information about the user and then communicates the information it collects to some outside source while the user is online * Adware is a program that displays an online advertisement in a banner or pop-up window on webpages, email messages, or other Internet servicesInformation Privacy ————— * Social engineering is defined as gaining unauthorized access to or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of othersInformation Privacy ————————— * The concern about privacy has led to the enactment of federal and state laws regarding the storage and disclosure of personal data — See Table 5-4 on page 233 for a listing of major U.S. government laws concerning privacyEmployee monitoring involves the use of computers, mobile devices, or cameras to observe, record, and review an employee’s use of a technology, including communications such as email messages, keyboard activity (used to measure productivity), and websites visited Many programs exist that easily allow employers to monitor employees. Further, it is legal for employers to use these programs Ser. Hestricts access to ified websites Copyright © Cengage Learning. Al rights reserves.Summary Page 235 Cee eee) ith Internet and network ks, unauthorized access and Pee See Pere eats eet nn eee een Ro CEU) ee ve) oe ie various ways to protect the ee ELg privacy of personal information eee a