COMPUTER SECURITY AND SAFETY, ○​ Available memory is less than

ETHICS, AND PRIVACY expected

○​ Files become corrupted
Computer Security Risks ○​ Screen displays unusual
●​ A computer security risk is any event message or image
or action that could cause a loss of or ○​ Music or unusual sound plays
damage to computer hardware, software, randomly
data, information, or processing ○​ Existing programs and files
capability disappear
●​ A cybercrime is an online or ○​ Programs or files do not work
Internet-based illegal act properly
○​ Unknown programs or files
mysteriously appear
○​ System properties change
○​ Operating system does not start
up
○​ Operating system shuts down
unexpectedly

How a virus can spread through an e-mail

message?
Internet and Network Attacks
●​ Information transmitted over networks Step 1: Unscrupulous programmers create a
has a higher degree of security risk than virus program that deletes all files. They hide the
information kept on an organization’s virus in a word processing document and attach
premises the document to an e-mail message

1.​ Computer Virus - Affects a computer Step 2: They send the e-mail message to
negatively by altering the way the thousands of users around the world
computer works
2.​ Worm - Copies itself repeatedly, using Step 3a: Some users open the attachment and
up resources and possibly shutting down their computers become infected with virus
the computer or network
3.​ Trojan Horse - A malicious program Step 3b: Others do not recognize the name of the
that hides within or looks like a sender of the e-mail message. These users do not
legitimate program open the e-mail message — instead they
4.​ Rootkit - Program that hides in a immediately delete the e-mail message and
computer and allows someone from a continue using their computers. These users’
remote location to take full control computers are not infected with the virus

●​ An infected computer has one or more ●​ Users can take several precautions to
of the following symptoms: protect their home and work computers
○​ Operating system runs much and mobile devices from these malicious
slower than usual infections
 – Two-phase processes called identification and
authentication
– User name
– Password
– CAPTCHA

●​ A possessed object is any item that you

must carry to gain access to a computer
or computer facility
●​ A botnet is a group of compromised – Often are used in combination with a personal
computers connected to a network identification number (PIN)
– A compromised computer is known as a
zombie ●​ A biometric device authenticates a
●​ A denial of service attack (DoS person’s identity by translating a
attack) disrupts computer access to personal characteristic into a digital
Internet services code that is compared with a digital
●​ A back door is a program or set of code in a computer
instructions in a program that allow ●​ Digital forensics is the discovery,
users to bypass security controls collection, and analysis of evidence
●​ Spoofing is a technique intruders use to found on computers and networks
make their network or Internet ●​ Many areas use digital forensics:
transmission appear legitimate ○​ Law enforcement
●​ A firewall is hardware and/or software ○​ Criminal prosecutors
that protects a network’s resources from ○​ Military intelligence
intrusion ○​ Insurance agencies
●​ Intrusion detection software ○​ Information security
○​ Analyzes all network traffic departments
○​ Assesses system vulnerabilities
○​ Identifies any unauthorized Hardware Theft and Vandalism
intrusions ●​ Hardware theft is the act of stealing
○​ Notifies network administrators computer equipment while hardware
of suspicious behavior patterns vandalism is the act of defacing or
or security breaches destroying computer equipment
●​ To help the reduce of chances of theft,
Unauthorized Access and Use companies and schools use a variety of
●​ Unauthorized access is the use of a security measures:
computer or network without permission ○​ Physical access controls
while unauthorized use is the use of a ○​ Alarm systems
computer or its data for unapproved or ○​ Cables to lock equipment
possibly illegal activities ○​ Real time location system
●​ Access controls define who can access a ○​ Passwords, possessed objects,
computer, when they can access it, and and biometrics
what actions they can take
 Software Theft ●​ A digital signature is an encrypted code
●​ Software theft occurs when someone: that a person, Web site, or organization
○​ Steals software media attaches to an electronic message to
○​ Intentionally erases programs verify the identity of the sender
○​ Illegally copies a program ●​ A digital certificate is a notice that
○​ Illegally registers and/or guarantees a user or a Web site is
activates a program legitimate
– Issued by a certificate authority
●​ A single-user license agreement
typically contains the following
conditions:

Permitted to: Not permitted to:

●​ Install the ●​ Install the

software on one software on a
computer network
●​ Make one copy ●​ Give copies to
of the software friends or
●​ Remove the colleagues while
software from continuing to use System Failure
your computer the software ●​ A system failure is the
before giving it ●​ Export the prolonged malfunction of a
away or selling software computer
it ●​ Rent or lease the ●​ A variety of factors can lead to
software system failure, including:
○​ Aging hardware
●​ Copying, loaning, borrowing, renting, or ○​ Natural disasters
distributing software can be a violation ○​ Electrical power
of copyright law problems
●​ Some software requires product ○​ Errors in computer
activation to function fully programs
●​ Two ways to protect from
Information Theft system failures caused by
●​ Information theft occurs when electrical power variations
someone steals personal or confidential include surge protectors and
information uninterruptable power
●​ Encryption is a process of converting supplies (UPS)
readable data into unreadable characters
to prevent unauthorized access Backing Up – The Ultimate Safeguard
●​ A backup is a duplicate of a file,
program, or disk that can be used if the
original is lost, damaged, or destroyed
– To back up a file means to make a copy of it
 ●​ Offsite backups are stored in a location
separate from the computer site
●​ Two categories of backups:
1.​ Full backup
2.​ Selective backup

●​ Three-generation backup policy

●​ Ergonomics is an applied science

devoted to incorporating comfort,
Wireless Security efficiency, and safety into the design of
●​ Wireless access poses additional items in the workplace
security risks protection ●​ Computer addiction occurs when the
– About 80 percent of wireless networks have no computer consumes someone’s entire
security social life
●​ War driving allows individuals to detect ●​ Symptoms of users include
wireless networks while driving a ○​ Craves computer time
vehicle through the area ○​ Overjoyed when at the
computer
❖​ A wireless access point should not ○​ Unable to stop computer
broadcast a network name activity
❖​ Change the default network name ○​ Irritable when not at the
❖​ Configure a WAP so that only certain computer
devices can access it ○​ Neglects family and friends
❖​ Use WPA or WPA2 security standards ○​ Problems at work or school

Health Concerns of Computer Use Ethics and Society

●​ The widespread use of computers has ●​ Computer ethics are the moral
led to health concerns guidelines that govern the use of
– Repetitive strain injury (RSI) computers and information systems
• Tendonitis ●​ Information accuracy is a concern
• Carpal tunnel syndrome (CTS) – Not all information on the Web is correct
– Computer vision syndrome (CVS)
●​ Intellectual property rights are the
rights to which creators are entitled for
their work
●​ A copyright protects any tangible form
 of expression
●​ Digital rights management is a
strategy designed to prevent illegal
distribution of movies, music, and other
digital content
●​ Green computing involves reducing the
electricity and environmental waste
while using a computer
– ENERGY STAR program

●​ Information privacy refers to the right

of individuals and companies to deny or
restrict the collection and use of
information about them
●​ Huge databases store data online
●​ It is important to safeguard your
information
 ●​ When you fill out a form, the merchant ●​ Employee monitoring involves the use
that receives the form usually enters it of computers to observe, record, and
into a database review an employee’s use of a computer
●​ Many companies today allow people to ●​ Content filtering is the process of
specify whether they want their personal restricting access to certain material on
information distributed the Web
●​ A cookie is a small text file that a Web ●​ Many businesses use content filtering
server stores on your computer ●​ Web filtering software restricts access
●​ Web sites use cookies for a variety of to specified Web sites
reasons:
○​ Allow for personalization Summary
○​ Store users’ passwords ●​ Potential computer risks and the
○​ Assist with online shopping safeguards
○​ Track how often users visit a ●​ Wireless security risks and safeguards
site ●​ Computer-related health issues and
○​ Target advertisements preventions
●​ Ethical issues surrounding information
●​ Spam is an unsolicited e-mail message accuracy, intellectual property rights,
or newsgroup posting green computing, and information
●​ E-mail filtering blocks e-mail messages privacy
from designated sources
●​ Anti-spam programs attempt to
remove spam before it reaches your
inbox
●​ Phishing is a scam in which a
perpetrator sends an official looking
e-mail message that attempts to obtain
your personal and financial information
●​ Pharming is a scam where a perpetrator
attempts to obtain your personal and
financial information via spoofing
●​ The concern about privacy has led to the
enactment of federal and state laws
regarding the storage and disclosure of
personal data
– See Figure 10-25 on page 406 for a listing of
major U.S. government laws concerning privacy

●​ Social engineering is defined as gaining

unauthorized access or obtaining
confidential information by taking
advantage of trust and naivety
COMPUTER SECURITY RISKS 6.​ Cyberextortionist - someone who uses
●​ A computer security risk is any event e-mail as a vehicle for extortion. These
or action that could cause a loss of or perpetrators send an organization a
damage to computer hardware, software, threatening e-mail message indicating
data, information, or processing they will expose confidential
capability. information, exploit a security flaw, or
●​ While some breaches to computer launch an attack
security are accidental, many are 7.​ Cyberterrorist - someone who uses the
intentional. Internet or network to destroy or
●​ An intentional breach of computer damage computers for political reasons
security often involves a deliberate act
that is against the law. INTERNET AND NETWORK ATTACKS
●​ Any illegal act involving a computer ●​ A computer virus is a potentially
generally is referred to as a computer damaging computer program that
crime. affects, or infects, a computer negatively
●​ The term cybercrime refers to online or by altering the way the computer works
Internet-based illegal acts. Software without the user's knowledge or
used by cybercriminals sometimes is permission
called crimeware.
●​ Perpetrators of cybercrime and other 1.​ Worm - is a program that copies itself
intrusions fall into seven basic repeatedly, for example in memory or on
categories: network, using up resources and
possibly shutting down the computer or
1.​ Hacker - refers to someone who network.
accesses a computer or network 2.​ Trojan Horse - (named after the Greek
illegally. myth) is a program that hides within or
2.​ Cracker - someone who accesses a looks like a legitimate program.
computer or network illegally but has 3.​ Rootkit - is a program that hides in a
the intent of destroying data, stealing computer and allows someone from a
information, or other malicious action remote location to take full control of
3.​ Script Kiddie - has the same intent as a the computer.
cracker but does not have the technical
skills and knowledge. BOTNETS
4.​ Corporate spies - have excellent ●​ A botnet is a group of compromised
computer and networking skills and are computers connected to a network such
hired to break into a specific computer as the Internet that are used as part of a
and steal its proprietary data and network that attacks other networks,
information, or to help identify security usually for nefarious purposes.
risks in their own organization. ●​ A bot is a program that performs a
5.​ Unethical employees - may break into repetitive task on a network.
their employers' computers for a variety Cybercriminals install malicious bots on
of reasons. unprotected computers to create a
botnet.
DENIAL OF SERVICE ATTACKS data such as payroll or personnel
●​ A denial of service attack, or DoS records.
attack, is an assault whose purpose is to
disrupt computer access to an Internet Proxy Server
service such as the Web or e-mail. ●​ A proxy server is a server outside the
●​ A more devastating type of DoS attack organization's network that controls
is the DDoS (distributed DoS) attack, which communications pass into the
in which a zombie army is used to attack organization's network.
computers or computer networks. ●​ Intrusion Detection Software
automatically analyses all network
BACK DOORS traffic, assesses system vulnerabilities,
●​ A back door is a program or set of identifies any unauthorized intrusions,
instructions in a program that allow and notifies network administrators of
users to bypass security controls when suspicious behaviour patterns or system
accessing a program, computer, or breaches.
network Once perpetrators gain access
to unsecure computers, they often install Honeypots
a back door or modify an existing ●​ Some organizations use honey pots so
program to include a back door, which that they can analyse an attack being
allows them to continue to access the perpetrated.
computer remotely without the user's ●​ A honey pot is a vulnerable computer
knowledge. that is set up to entice an intruder to
break into it.
SPOOFING
●​ Spoofing is a technique intruders use to ➢​ Do not start a computer with removable
make their network or Internet media inserted in the drives or plugged
transmission appear legitimate to a in the ports.
victim computer or network. ➢​ Never open an e-mail attachment unless
○​ E-mail spoofing you are expecting the attachment and it
○​ IP spoofing is from a trusted source.
➢​ Some viruses are hidden in macros,
SAFEGUARDS AGAINST BOTNETS, which are instructions saved in software
DOS/DDO ATTACKS, BACK DOORS, AND such as a word processing or
SPOOFING spreadsheet program.
➢​ Users should install an antivirus
Firewalls program and update it frequently.
●​ A firewall is hardware and/or software
that Protects a network's resources from UNAUTHORIZED ACCESS AND USE
intrusion by users on another network ●​ Unauthorized access is the use of a
such as the Internet. computer or network without
●​ Organizations use firewalls to protect permission. Unauthorized use is the use
network resources from outsiders and to of a computer or its data for unapproved
restrict employees' access to sensitive or possibly illegal activities.
IDENTIFYING AND AUTHENTICATING SAFEGUARDS AGAINST HARDWARE
USERS THEFT AND VANDALISM
●​ Identification verifies that an individual ●​ Physical access controls, such as locked
is a valid user. doors and windows, usually are
●​ Authentication verifies that the adequate to protect the equipment.
individual is the person he or she claims ●​ Some businesses use a real time location
to be. system (RTLS) to track and identify the
●​ Three methods of identification and location of high-risk or high-value
authentication include user names and items. One implementation of RTLS
passwords, possessed objects (badges, places RFID tags in items to be tracked.
cards, smart cards,and keys, PIN), and
biometric devices. SOFTWARE THEFT
●​ Software theft occurs when someone
DIGITAL FORENSICS (1) steals software media,
●​ Digital forensics, also called computer (2) intentionally erases programs,
forensics, network forensics, or (3) illegally copies a program, or
cyberforensics, is the discovery, (4) illegally registers and/or activates a
collection, and analysis of evidence program(key gen).
found on computers and networks.
●​ Digital forensics involves the SAFEGUARDS AGAINST SOFTWARE
examination of computer media, THEFT
programs, data and log files on ●​ To protect themselves from software
computers,servers, and networks. Many piracy, software manufacturers issue
areas use digital forensics, including law users license agreements.
enforcement, criminal prosecutors, ●​ A license agreement is the right to use
military intelligence, insurance agencies, the software. All computer users should
and information security departments in back up their files and disks regularly, in
the private sector. the event of theft.

HARDWARE THEFT AND VANDALISM INFORMATION THEFT

●​ Hardware theft is the act of stealing ●​ Information theft occurs when
computer equipment. someone steals personal or confidential
●​ Hardware vandalism is the act of information. If stolen, the loss of
defacing or destroying computer information can cause as much damage
equipment. Hardware vandalism takes as (if not more than) hardware or
many forms, from someone cutting a software theft.
computer cable to individuals breaking
into a business or school computer lab SAFEGUARDS AGAINST INFORMATION
and aimlessly smashing computers. THEFT
●​ Encryption is a process of converting
readable data into unreadable characters
to prevent unauthorized access. You
treat encrypted data just like any other
data. That is, you can store it or send it
 in an e-mail message. To read the data, SSID (service set identifier). Wi-Fi
the recipient must decrypt, or decipher, Protected Access (WPA) is a security
it into a readable form. Standard An 802.11i network,
●​ A digital signature is an encrypted code sometimes called WPA2, the most
that a person, Web site, or organization recent network security standard
attaches to an electronic message to
verify the identity of the message ETHICS AND SOCIETY
sender. ●​ Computer ethics are the moral
●​ A digital certificate is a notice that guidelines that govern the use of
guarantees a user or a Web site is computers and information systems.
legitimate. E-commerce applications ●​ Seven frequently discussed areas of
commonly use digital certificates. computer theft ethics are unauthorized
●​ Web browsers, such as Internet use of computers and networks,
Explorer, often display a warning software (piracy), information accuracy,
message if a Web site does not have a intellectual property rights, codes of
valid digital certificate. conduct, information privacy, and green
●​ Transport Layer Security (TLS), a computing.
successor to Secure Sockets Layer
(SSL), provides encryption of all data Information Accuracy
that passes between a client and an ●​ Information accuracy today is a concern
Internet server. because many users access information
●​ Secure HTTP (S-HTTP) allows users maintained by other people or
to choose an encryption scheme for data companies, such as on the Internet.
that passes between a client and a server.
With S-HTTP, the client and server both Intellectual Property Rights
must have digital certificates. ●​ Intellectual property (IP) refers to
●​ VPN unique and original works such as ideas,
inventions, art, writings, processes,
SYSTEM FAILURE company and product names, and logos.
●​ A system failure is the prolonged Intellectual property rights are the rights
malfunction of a computer. System to which creators are entitled for their
failure also can cause loss of hardware, work.
software, data, or information.
●​ A variety of causes can lead to system Copyright
failure. These include aging hardware; ●​ gives authors and artists exclusive rights
natural disasters such as fires, floods, or to duplicate, publish, and sell their
hurricanes; random events such as materials.
electrical power problems; and even
errors in computer programs. Codes of Conduct
●​ Recognizing that individuals need
WIRELESS SECURITY specific standards for the ethical use of
●​ A wireless access point (WAP) should computers, a number of
be configured so that it does not computer-related organizations have
broadcast a network name, known as an
 established IT (information technology) opportunity, to advertising offensive
codes of conduct. material.
●​ An IT code of conduct is a written ●​ An alternative to e-mail filtering is to
guideline that helps determine whether a purchase an anti-spam program that
specific computer action is ethical or attempts to remove spam before it
unethical. reaches your inbox.

Green Computing Privacy Laws

●​ Green computing involves reducing the ●​ The concern about privacy has led to the
electricity and environmental waste enactment of federal and state laws
while using a computer. People use, and regarding the storage and disclosure of
often waste, resources such as electricity personal data.
and paper while using a computer.
Social Engineering
Information Privacy ●​ Social engineering is defined as gaining
●​ refers to the right of individuals and unauthorized access or obtaining
companies to deny or restrict the confidential information by taking
collection and use of information about advantage of the trusting human nature
them. of some victims and the naivety of
others.
Electronic Profiles
●​ When you fill out a form such as a Phishing
magazine subscription, product warranty ●​ Phishing is a scam in which a person
registration card, or contest entry form, sends an official looking e-mail message
the merchant that receives the form that attempts to obtain your personal and
usually enters it into database. financial information.

Cookies Spyware
●​ E-commerce and other Web applications ●​ is a program placed on a computer
often rely on cookies to identify users without the user's knowledge that
and customize Web pages. secretly collects information about the
●​ A cookie is a small text file that a Web user. spyware is a program placed on a
server stores on your computer. Cookie computer without the user's knowledge
files typically contain data about you, that secretly collects information about
such as your user name or viewing the user.
preferences.
Adware
Spam ●​ is a program that displays an online
●​ Spam is an unsolicited e-mail message advertisement in a banner or pop-up
or newsgroup posting sent to many window on Web pages, e-mail
recipients or news groups at once. messages, or other Internet services.
●​ Spam is Internet junk mail The content
of spam ranges from selling a product or
service, to promoting a business
Employee Monitoring
●​ Employee monitoring involves the use
of computers to observe, record, and
review an employee's use of a computer,
including communications such as
e-mail messages, keyboard activity
(used to measure productivity), and Web
sites visited.

Content Filtering
●​ Content filtering is the process of
restricting access to certain material on
the Web. Content filtering opponents
argue that banning any materials
violates constitutional guarantees of free
speech and personal rights.