Chap 7 Fcs 0063
Chap 7 Fcs 0063
ISSUES ON
COMPUTER
1
Computer Crime
Hacker someone who attempts to gain access to computer systems illegally
Originally referred to as someone with a high degree of computer expertise
Social engineering a tongue-in-cheek term for con artist actions
Persuade people to give away password
information
Cracker someone who uses the computer to engage in illegal activity
Computer Crime
Most commonly reported categories
Bomb
Data diddling
Denial of service attacks
Piggybacking
Salami technique
Scavenging
Trapdoor
Trojan horse
Zapping
Bomb
It is a program that runs at a specific date and/or time to cause
unwanted and/or unauthorized functions.
Sometimes planted in commercial software. Shareware is more
prone to having a bomb planted in it
It can effect software or data, and can cause serious damage to a
system. Generally, it will enter a system as hidden content, or
may be installed on the system by someone within a company.
For example, a disgruntled employee may write a program
designed to crash the system one month after he plans to quit the
company. When this date and time arrives, the program then
executes. In other words, the bomb goes off.
Return
Data Diddling
Refers to changing data before or as it enters the system
In other words, information is changed from the way it should be
entered by a person typing in the data, a virus that changes data,
the programmer of the database or application, or anyone else
involved in the process of having information stored in a
computer file.
The culprit can be anyone involved in the process of creating,
recording, encoding, examining, checking, converting, or
transmitting data.
Auditors must verify accuracy of the source data as well as the
processing that occurs
7
Return
Return
Piggybacking
An illicit user rides into the system on the back of an
authorized user
If the user does not exit the system properly, the intruder can
continue where the original user has left off
Return
Salami Technique
An embezzlement technique where small slices of money are funneled into
accounts
Salami techniques involve the theft of small amounts of assets from a large
number of sources without noticeably reducing the whole.
In a banking system, the amount of interest to be credited to an account is
rounded off. Instead of rounding off the number, that fraction of it is credited to
a special account owned by the perpetrator.
Return
10
Scavenging
Searching company trash cans and dumpsters for lists of
information
Thieves will search garbage and recycling bins of individuals
looking for bank account numbers, credit card numbers, etc.
11
Trapdoor
An illicit program left within a completed legitimate program
Allows subsequent unauthorized and unknown entry by the perpetrator
to make changes to the program
12
Trojan Horse
Involves illegal instructions placed in the
middle of a legitimate program
Program does something useful, but the
Trojan horse instructions do something
destructive in the background
It is a program that uses malicious code
masqueraded as a trusted application. The
malicious code can be injected on benign
applications, masqueraded in e-mail links,
or sometimes hidden in JavaScript pages to
make furtive attacks against vulnerable
internet Browsers.
Return
13
Zapping
Refers to a variety of software designed to bypass all
security systems
Return
14
White-Hat Hackers
Hackers that are paid by a company to break into that
companys computer systems
Expose security holes and flaws before criminals find them
Once exposed, flaws can be fixed
15
16
Computer Forensics
Uncovering computer-stored information suitable for use as evidence in
courts of law
Restores files and/or e-mail messages that someone has deleted
Some experts are available for hire, but most are on the staffs of police
departments and law firms
17
Controlling Access
Four means of controlling who has access to the computer
19
Return
20
Return
21
What You Do
Software can verify scanned and online signatures
Return
22
Return
23
24
25
A Consortium
A joint venture among firms to support a complete
computer facility
Used only in the event of a disaster
Hot site a fully equipped computer center
Cold site an empty shell in which a company can install its
own computer system
Return
26
Software Security
Who owns custom-made software?
What prevents a programmer from taking a copy of the program?
Answer is well established
If the programmer is employed by the company, the software belongs to the
company
If the programmer is a consultant, ownership of the software should be
specified in the contract
27
Data Security
Several techniques can be taken to prevent theft or
alteration of data
Secured waste
Internal controls
Auditor checks
Applicant screening
Passwords
Built-in software protection
28
Personal Computer
Security
Physical security of hardware
Secure hardware in place with locks and
cables
Avoid eating, drinking, and smoking around
computers
29
30
Backing Up Files
Back up to tape drive, CD-RW, or DVD-RAM
You can use software that automatically backs up at a certain
type of day
Disk mirroring
Makes second copy of everything you put on disk to another
hard disk
31
Types of Backup
Three types of backup
Full backup copies everything from the hard drive
Differential backup copies all files that have been changed since the last
full backup
Incremental backup copies only those files that have been changed since
either the last full backup or the last incremental backup
Comprehensive backup plan involves periodic full backups, complemented by
more frequent incremental or differential backups
32
Computer Pests
Worm
Virus
33
Worm
A program that transfers itself from computer to computer
Plants itself as a separate file on the target computers disks
Fairly rare
SQL Slammer worm disabled many Web servers in January 2003
Return
34
Virus
A set of illicit instructions that passes itself on
to other files
Transmitting a virus
Can cause tremendous
damage to computer and data files
Can be prevented
Common computer myths
Return
35
Transmitting a Virus
Viral instructions inserted into a game or
file
Typically distributed via the Web or e-mail
Return
36
Return
37
Virus Prevention
Antivirus software
Detects virus signature
Scans hard disk every time you boot the computer
Viruses tend to show up on free software or software downloaded from the
Internet
Use antivirus software to scan files before you load them on your computer
Often distributed as e-mail attachments
Do not open e-mail attachments without scanning them or if you do not
know the person sending the e-mail
Return
38
Virus Myths
You cannot get infected by simply being online
If you download and execute an infected file, you can get infected
Although most e-mail viruses are in attachments that must be opened, it is
possible to get infected by viewing an e-mail
You cannot get infected from data
If graphics files include a viewer, that program could contain a virus
Return
39
Privacy issues
Being monitored
Junk e-mail
40
A Firewall
A combination of hardware and software that sits
between an organizations network and the
Internet
All traffic between the two goes through the
firewall
Protects the organization from unauthorized
access
Can prevent internal users from accessing
inappropriate Internet sites
Return
41
Encryption
Scrambling data so that it can only be read by a computer with the appropriate
key
Encryption key converts the message into an unreadable form
Message can be decrypted only by someone with the proper key
Private key encryption senders and receivers share the same key
Public key encryption encryption software generates the key
Return
42
Being Monitored
Employers can monitor employees e-mail, use of the Internet, and count the
number of keystrokes per minute
Employees are often unaware they are being monitored
Web sites can easily collect information when a user just visits the site
Web sites use cookies to store your preferences
Return
43
Cookies
A small text file stored on your hard drive
File is sent back to the server each time you visit that site
Stores preferences, allowing Web site to be customized
Stores passwords, allowing you to visit multiple pages within the site
without logging in to each one
Tracks surfing habits, targeting you for specific types of advertisements
Return
44
Spamming
Mass advertising via e-mail
Can overflow your e-mail inbox
Bogs down your e-mail server, increasing the cost of e-mail
service
Preventing spam
Return
45
Preventing Spam
Many ways you can minimize junk e-mail
Be careful how you give out your e-mail address
Filtering software allows you to block messages or send them to designated
folders
Dont register at Web sites without a promise the Web site will not sell your
information
NEVER respond to spam
Antispamming legislation is being proposed in many states
Return
46