Chapter 7

ISSUES ON
COMPUTER
1

Security and Privacy

Security data stored on computer must be kept safe
Privacy private data must be kept from prying eyes

Computer Crime
Hacker someone who attempts to gain access to computer systems illegally
Originally referred to as someone with a high degree of computer expertise
Social engineering a tongue-in-cheek term for con artist actions
Persuade people to give away password
information
Cracker someone who uses the computer to engage in illegal activity

Computer Crime
Most commonly reported categories

Credit card fraud

Data communications fraud
Unauthorized access to computer files
Unlawful copying of copyrighted software

Methods Computer Criminals Use

Bomb
Data diddling
Denial of service attacks
Piggybacking
Salami technique

Scavenging
Trapdoor
Trojan horse
Zapping

Bomb
It is a program that runs at a specific date and/or time to cause
unwanted and/or unauthorized functions.
Sometimes planted in commercial software. Shareware is more
prone to having a bomb planted in it
It can effect software or data, and can cause serious damage to a
system. Generally, it will enter a system as hidden content, or
may be installed on the system by someone within a company.
For example, a disgruntled employee may write a program
designed to crash the system one month after he plans to quit the
company. When this date and time arrives, the program then
executes. In other words, the bomb goes off.
Return

Data Diddling
Refers to changing data before or as it enters the system
In other words, information is changed from the way it should be
entered by a person typing in the data, a virus that changes data,
the programmer of the database or application, or anyone else
involved in the process of having information stored in a
computer file.
The culprit can be anyone involved in the process of creating,
recording, encoding, examining, checking, converting, or
transmitting data.
Auditors must verify accuracy of the source data as well as the
processing that occurs
7
Return

Denial of Service Attack

Hackers bombard a site with more requests than it can
possibly handle
Prevents legitimate users from accessing the site
Hackers can cause attacks to come from many different sites
simultaneously

Return

Piggybacking
An illicit user rides into the system on the back of an
authorized user
If the user does not exit the system properly, the intruder can
continue where the original user has left off

Always log out of any system you log into

Return

Salami Technique
An embezzlement technique where small slices of money are funneled into
accounts
Salami techniques involve the theft of small amounts of assets from a large
number of sources without noticeably reducing the whole.
In a banking system, the amount of interest to be credited to an account is
rounded off. Instead of rounding off the number, that fraction of it is credited to
a special account owned by the perpetrator.

Return

10

Scavenging
Searching company trash cans and dumpsters for lists of
information
Thieves will search garbage and recycling bins of individuals
looking for bank account numbers, credit card numbers, etc.

Shred documents that contain personal information

Return

11

Trapdoor
An illicit program left within a completed legitimate program
Allows subsequent unauthorized and unknown entry by the perpetrator
to make changes to the program

It is a computer codes that give programmers alternative access to a

system in case of emergencies.
But in the hands of a disgruntled employee or cybercrook they
make a computer system vulnerable to undetected intrusions at a
later time.
Trapdoors are but one means that a former "trusted insider" can use
to bypass a former client or employer's computer-system security.
Return

12

Trojan Horse
Involves illegal instructions placed in the
middle of a legitimate program
Program does something useful, but the
Trojan horse instructions do something
destructive in the background
It is a program that uses malicious code
masqueraded as a trusted application. The
malicious code can be injected on benign
applications, masqueraded in e-mail links,
or sometimes hidden in JavaScript pages to
make furtive attacks against vulnerable
internet Browsers.

Some common symptoms:

Wallpaper and other background settings
auto-changing
Mouse pointer disappears
Programs auto-loading and unloading
Strange window warnings, messages and
question boxes, and options being
displayed constantly
e-mail client auto sending messages to all
on the user's contacts list
Windows auto closing
System auto rebooting
Internet accounts information changing
High internet bandwidth being used
without user action
Computer's high resources consumption
(computer slows down)
Ctrl + Alt + Del stops working

Return

13

Zapping
Refers to a variety of software designed to bypass all
security systems

Return

14

White-Hat Hackers
Hackers that are paid by a company to break into that
companys computer systems
Expose security holes and flaws before criminals find them
Once exposed, flaws can be fixed

15

Discovery and Prosecution

Crimes are often undetected
When they are detected, they are often not reported
Prosecution is difficult
Law enforcement agencies and prosecutors are ill-equipped to handle
computer crime
Judges and juries often dont understand computer crime
Congress passed the Computer Fraud and Abuse Act to increase awareness of
computer crime

16

Computer Forensics
Uncovering computer-stored information suitable for use as evidence in
courts of law
Restores files and/or e-mail messages that someone has deleted
Some experts are available for hire, but most are on the staffs of police
departments and law firms

17

Security: Playing It Safe

Security a system of safeguards
Protects system and data from deliberate or accidental
damage
Protects system and data from unauthorized access

Controlling Access
Four means of controlling who has access to the computer

What you have

What you know
What you do
What you are

19

What You Have

Requires you to have some device to gain access to the computer
Badge, key, or card to give you physical access to the computer room or a
locked terminal
Debit card with a magnetic strip gives you access to your bank account at
an ATM
Active badge broadcasts your location by sending out radio signals

Return

20

What You Know

Requires you to know something to gain access
Password and login name give you access to computer system
Cipher locks on doors require you to know the combination to
get in

Return

21

What You Do
Software can verify scanned and online signatures

Return

22

What You Are

Uses biometrics the science of measuring body
characteristics
Uses fingerprinting, voice pattern, retinal
scan, etc. to identify a person
Can combine fingerprinting and reading a smart
card to authenticate

Return

23

Security measures that can be implemented to prevent unauthorized users/access.

Uses biometrics
the science of measuring body characteristics
Uses fingerprinting, voice pattern, retinal scan, etc. to identify a person
Everyone in the world has their unique identity which is cannot same with
other people even they are twin couple.
Can combine fingerprinting and reading a smart card to authenticate
Usually apply in industrial field especially for the secrete program or
product in laboratory
Password and login name give you access to computer system
The use of password and login must match to allow user to access the
systems
Securing door access
Cipher locks on doors require you to know the combination to get in

24

A Disaster Recovery Plan

A method of restoring computer processing operations and data files in the
event of major destruction
Several approaches
Manual services
Buying time at a service bureau
Consortium
Plan should include priorities for restoring programs, plans for notifying
employees, and procedures for handling data in a different environment

25

A Consortium
A joint venture among firms to support a complete
computer facility
Used only in the event of a disaster
Hot site a fully equipped computer center
Cold site an empty shell in which a company can install its
own computer system
Return

26

Software Security
Who owns custom-made software?
What prevents a programmer from taking a copy of the program?
Answer is well established
If the programmer is employed by the company, the software belongs to the
company
If the programmer is a consultant, ownership of the software should be
specified in the contract

27

Data Security
Several techniques can be taken to prevent theft or
alteration of data

Secured waste
Internal controls
Auditor checks
Applicant screening
Passwords
Built-in software protection

28

Personal Computer
Security
Physical security of hardware
Secure hardware in place with locks and
cables
Avoid eating, drinking, and smoking around
computers

29

Protecting Disk Data

Use a surge protector to prevent electrical
problems from affecting data files
Uninterruptible power supply includes battery
backup
Provides battery power in the event power is
lost
Allows users to save work and close files
properly
Back up files regularly

30

Backing Up Files
Back up to tape drive, CD-RW, or DVD-RAM
You can use software that automatically backs up at a certain
type of day

Disk mirroring
Makes second copy of everything you put on disk to another
hard disk

31

Types of Backup
Three types of backup
Full backup copies everything from the hard drive
Differential backup copies all files that have been changed since the last
full backup
Incremental backup copies only those files that have been changed since
either the last full backup or the last incremental backup
Comprehensive backup plan involves periodic full backups, complemented by
more frequent incremental or differential backups

32

Computer Pests
Worm
Virus

33

Worm
A program that transfers itself from computer to computer
Plants itself as a separate file on the target computers disks
Fairly rare
SQL Slammer worm disabled many Web servers in January 2003

Return

34

Virus
A set of illicit instructions that passes itself on
to other files
Transmitting a virus
Can cause tremendous
damage to computer and data files
Can be prevented
Common computer myths

Return

35

Transmitting a Virus
Viral instructions inserted into a game or
file
Typically distributed via the Web or e-mail

Users download the file onto their

computers
Every time the user opens that file, virus
is loaded into memory
As other files are loaded into memory, they
become infected

Return

36

Damage from Viruses

Some are benign, but many cause serious damage
Some attach themselves to operating systems, where they can affect how
the computer works
Some delete data files or attempt to reformat your hard disk
Macro virus uses a programs own programming language to distribute
itself
Organizations and individuals spend billions of dollars defending computers
against viruses

Return

37

Virus Prevention
Antivirus software
Detects virus signature
Scans hard disk every time you boot the computer
Viruses tend to show up on free software or software downloaded from the
Internet
Use antivirus software to scan files before you load them on your computer
Often distributed as e-mail attachments
Do not open e-mail attachments without scanning them or if you do not
know the person sending the e-mail

Return

38

Virus Myths
You cannot get infected by simply being online
If you download and execute an infected file, you can get infected
Although most e-mail viruses are in attachments that must be opened, it is
possible to get infected by viewing an e-mail
You cannot get infected from data
If graphics files include a viewer, that program could contain a virus

Return

39

Security and Privacy

Problems
on
the
Internet
With so many people on the Internet, how do you keep data
secure?
Several approaches
Using a firewall
Encryption

Privacy issues
Being monitored
Junk e-mail

40

A Firewall
A combination of hardware and software that sits
between an organizations network and the
Internet
All traffic between the two goes through the
firewall
Protects the organization from unauthorized
access
Can prevent internal users from accessing
inappropriate Internet sites

Return

41

Encryption
Scrambling data so that it can only be read by a computer with the appropriate
key
Encryption key converts the message into an unreadable form
Message can be decrypted only by someone with the proper key
Private key encryption senders and receivers share the same key
Public key encryption encryption software generates the key

Return

42

Being Monitored
Employers can monitor employees e-mail, use of the Internet, and count the
number of keystrokes per minute
Employees are often unaware they are being monitored
Web sites can easily collect information when a user just visits the site
Web sites use cookies to store your preferences

Return

43

Cookies
A small text file stored on your hard drive
File is sent back to the server each time you visit that site
Stores preferences, allowing Web site to be customized
Stores passwords, allowing you to visit multiple pages within the site
without logging in to each one
Tracks surfing habits, targeting you for specific types of advertisements

Return

44

Spamming
Mass advertising via e-mail
Can overflow your e-mail inbox
Bogs down your e-mail server, increasing the cost of e-mail
service

Preventing spam

Return

45

Preventing Spam
Many ways you can minimize junk e-mail
Be careful how you give out your e-mail address
Filtering software allows you to block messages or send them to designated
folders
Dont register at Web sites without a promise the Web site will not sell your
information
NEVER respond to spam
Antispamming legislation is being proposed in many states

Return

46