Lecture 8

Chapter 8
Network & Internet Security
 Why Be Concerned About Network and Internet
Security?

• Computer Crime (cybercrime)

– Any illegal act involving a computer, including:
• Theft of financial assets
• Manipulating data for personal advantage
• Act of sabotage (releasing a computer virus, shutting
down a Web server)
• Phishing and Internet scams
• All computer users should be
aware of security concerns and
the precautions that can be taken
 Unauthorized Access and Unauthorized Use

• Unauthorized Access
– Gaining access to a computer, network, file, or
other
resource without permission
• Unauthorized Use
– Using a computer resource for unapproved activi-
ties
• Both can be committed by insiders and outsiders
• Codes of Conduct
– Used to specify rules for behavior, typically by a
business or school
 Unauthorized Access and Unauthorized Use

• Hacking
– Using a computer to break into another computer
system
• A serious threat for individuals, businesses, and
the country (national security), i.e., cyberterrorism
• Often performed via wireless networks today
– Many wireless networks are left unsecured
• War Driving
– Driving around an area to find a Wi-Fi network to
access and use without authorization
 Unauthorized Access and Unauthorized Use

– Wi-Fi Piggybacking
• Accessing an unsecured Wi-Fi network
• Interception of Communications
– Unsecured messages, files, logon information, etc., can
be
intercepted using software designed for that purpose
– New trend: intercept credit and debit card informa-
tion during the card verification process
• Packetsniffing software
 How It Works Box

Securing a Wireless
Home Router
– Use router’s config-
uration screen
– Be sure to change
the
access password
– Enter the SSID name, se-
lect the security mode, and
type a secure pass-
phrase
– Can use MAC filtering
 Protecting Against Unauthorized Access and
Unauthorized Use

• Firewalls
– A collection of hardware and/or software intended
to protect a computer or computer network from
unauthorized access
– Typically two-way, so they check all incoming (from
the
Internet) and outgoing (to the Internet) traffic
– Important for home computers that have a direct Inter-
net connection, as well as for businesses
– Work by closing down external communications ports
 Protecting Against Unauthorized Access and
Unauthorized Use

• Intrusion Prevention System (IPS) Software

– Monitors traffic to try and detect possible attacks
– If an attack is discovered, IPS software can immediately
block it
• Encryption
– Method of scrambling contents of e-mail or files to
make
them unreadable if intercepted
– Secure Web pages use encryption
• SSL and EV SSL
 Protecting Against Unauthorized Access and
Unauthorized Use

– Private Key Encryption (symmetric key encryption)

• Uses a single key
• Most often used to encrypt files on a computer
• If used to send files to others, the recipient and
sender must agree on the private key to be used
– Public Key Encryption (asymmetric key encryption)
• Uses two keys (a private key and a public key)
to encrypt and decrypt documents
• Public key can be given to anyone
• Key pairs are obtained through a Certificate
Authority
 Protecting Against Unauthorized Access and
Unauthorized Use

• Virtual Private Networks (VPNs)

– A private secure path over the Internet
– Allows authorized users to securely access a private
network via the Internet
– Much less expensive than a private secure network
– Can provide a secure environment over a large
geographical area
– Typically used by businesses to remotely access corporate
networks via the Internet
– Personal VPNs can be used by individuals to surf safely at
a wireless hotspot
 Computer Sabotage

• Malware
– Any type of malicious software
– Written to perform destructive acts (damaging pro-
grams,
deleting files, erasing drives, etc.)
• Logic bomb
• Time bomb
– Writing malware is considered unethical; distributing
is illegal
 Computer Sabotage

• Computer Viruses
– A software program installed without the user’s
knowledge and designed to alter the way a com-
puter operates or to cause harm to the computer
system
– Often embedded in downloaded programs and e-
mail
messages (games, videos, music files)
• Computer Worm
– Malicious program designed to spread rapidly by
sending
copies of itself to other computers via a network
– Typically sent as an e-mail attachment
Computer Sabotage
 Computer Sabotage

• Trojan Horse
– Malicious program that masquerades
as something else
– Usually appears to be a game
or utility program
– Cannot replicate themselves;
must be
downloaded
and installed
– Rogue antivirus programs (scare-
ware) are common today
– Ransomware
 Computer Sabotage

• Mobile Malware
– Can infect smartphones, media tablets, printers, etc.
– Smartphones with Bluetooth are particularly vulnerable
to
attack
– Mobile threats are expected to continue to increase
• Denial of Service (DoS) Attacks
– Act of sabotage that attempts to flood a network server
or Web server with so much activity that it is unable to
function
– Distributed DoS Attacks target popular Web sites and
use multiple computers
Computer Sabotage
 Computer Sabotage

• Data, Program, or Web Site Alteration

– Sabotage occurs when a hacker breaches a computer
system in order to delete/change data or modify pro-
grams
– Student changing grades
– Employee performing vengeful acts, such as
deleting or changing corporate data
– Data on Web sites can also be altered
• Hacking into and changing social networking account
contents (Facebook pages, Twitter tweets, etc.)
• Altering legitimate site to perform malware attacks
 Protecting Against Computer Sabotage

• Security Software
– Typically a suite of programs used to protect your
computer against a variety of threats
– Antivirus Software
• Used to detect and eliminate computer viruses and
other types of malware
• Should be set up to run continuously to check incom-
ing e-mail messages, instant messages, Web page con-
tent, and downloaded files
• Quarantines any suspicious content as it arrives
• Should be set to perform regular system scans
 Protecting Against Computer Sabotage

– Keep your security software up to date as new malware

is introduced all the time
– ISPs and Web mail providers today also offer some
malware protection to their subscribers
• Other Security Precautions
– Control access to computers and networks
– Intrusion protection systems can help businesses de-
tect and protect against denial of service (DoS) attacks
Protecting Against Computer Sabotage
 Trend Box

Beyond Fingerprint Readers—Digital Tattoos and More

– Facial gestures can be used to unlock a phone by smiling
or
winking at it
• Some include Liveness Check
– Future alternatives for logging individuals on to devices or
secure Web sites
• Digital tattoos are
stamped onto
skin
• Authentication
pills
are swallowed
 Technology and You Box

Online Financial Alerts

– Can get e-mail or text alerts
for account activity
– Can help identify unauthorized
activity quickly
– Online money management
aggregator services can be
used to view the status of
multiple accounts (credit
cards, bank accounts, etc.)
• Can set up alerts
 Protecting Against Online Theft, Online Fraud,
and Other Dot Cons
• Digital Certificate
– Group of electronic data that can be used to verify the
identity of a person or organization
– Obtained from Certificate Authorities
– Typically contains identity information about the person
or organization, an expiration date, and a pair of keys to
be used with encryption and digital signatures
– Are also used with secure Web sites to guarantee that
the site is secure and actually belongs to the stated indi-
vidual or organization
• Can be SSL or EV SSL
 Protecting Against Online Theft, Online Fraud,
and Other Dot Cons

• Digital signatures
– Unique digital codes that can be attached to an e-mail
message or document
– Can be used to verify the identity of the sender
– Can be used to guarantee the message or file has not
been changed since it was signed
– Uses public key encryption
• Document is signed with sender’s private key
• The key and the document create a unique di-
gital signature
• Signature is verified using the sender’s public key
Protecting Against Online Theft, Online Fraud,
and Other Dot Cons
 Personal Safety Issues

• Cyberbullying
– Children or teenagers bullying other children or
teenagers
via the Internet
• E-mails
• Social networking sites
• Blogs
– Common today--estimated to af-
fect 50% of all US teenagers
 Personal Safety Issues

• Cyberstalking
– Repeated threats or harassing behavior between adults
carried out via e-mail or another Internet communica-
tion method
– Although there are no specific federal laws against
cyberstalking, all states have made it illegal
• Online Pornography
– Attempts to ban this type of material from the Internet
have not been successful
– Online pornography involving minors is illegal
Thank you