CSC 101 – INTRODUCTION

TO COMPUTING
Lecture 10 (Morley Ch 9)
 Outline
 Basic Security Concepts
 Threats to User
 Identity Theft
 Loss of Privacy
 Online Spying Tools
 Online Theft
 Online Fraud, & Other Dot Cons
 Threats to Hardware
 Power Related Threats
 Hardware Loss
 Hardware Damage
 System Failure,
 Unauthorized Access & Unauthorized Use
 Natural Disasters
 Threats to Data
 Malware
 Virus & Malicious Program,
 Cybercrime, Cyber-Terrorism,
 Counter Measures
2
 Identity Theft

 Impersonation by private information to

obtain documents and credit in your name
 Thief can ‘become’ the victim
 Reported incidents rising
 Methods of stealing information
 Shoulder surfing
 Snagging
 Dumpster diving
 Social engineering
 High-tech methods
 Loss of privacy

 Personal information is stored electronically

 Purchases are stored in a database
 Data is sold to other companies
 Public records on the Internet
 Internet use is monitored and logged
 monitoring activity can be carried out on your
computer or a connected server
 Data about when you visited, what you looked
at, and how long you stayed is used by most
commercial Web sites “online profiling”
 None of these techniques are illegal
 Online Spying

 Software downloaded to a computer

 Designed to record personal information
 can track a computer user's activities and
report them to someone else
 Typically undesired software
 Hides from users
 Several programs exist to eliminate
 Another common term for spyware is
adware,
 Internet advertising is a common source of
spyware
 Cookies

 Cookies are named after the ‘magic cookie’

 a small text file that a Web server asks your
browser to place on your computer
 Cookie contains information that identifies
your computer (its IP address), you (your user
name or e-mail address), and information
about your visit to the Web site..
 Files delivered from a web site
 Originally improved a site’s function
 Cookies now track history and passwords
 Browsers include cookie blocking tools
 Web bugs
 Small GIF format image file embedded in web page or HTML
format e-mail
 Behind the tiny image lies code that functions in much the
same way as a cookie, allowing the bug’s creator to track
many of your online activities.
 A bug can record
 what Web pages you view
 keywords you type into a search engine
 personal information you enter in a form on a Web page, and other
data.
 Because Web bugs are hidden, they are considered by
many to be eavesdropping devices
 Gets around cookie blocking tools
 Companies use to track usage
 Blocked with spyware killers
 Spam

 is Internet “ junk mail.”

 Unsolicited commercial email (UCE)
 Almost all spam is commercial advertising
 Networks and PCs need a spam blocker
 Stop spam before reaching the inbox
 Spammers acquire addresses using many
methods
 Purchasing lists of e-mail addresses through
brokers.
 "Harvesting" e-mail addresses from the Internet.
 Generating random strings of characters in an
attempt to match legitimate addresses
 Online Theft, Online Fraud,
and Other Dot Cons
• Dot Con
– A fraud or scam carried out through the Internet
– The Internet Crime Complaint Center received and
processed more than 24,000 complaints per month in
2012
• Data or Information Theft
– Theft of data or information located on or being sent from
a computer
– Can occur in several ways
• Stealing an actual computer or mobile device
• A hacker gaining unauthorized access

9
 Online Theft, Online Fraud,
and Other Dot Cons
• Identity Theft
– Using someone else’s identity to purchase goods or
services, obtain new credit cards or bank loans, or illegally
masquerade as that individual
– Information obtained via documents, stolen information,
spyware, etc.
– Expensive and time consuming to recover from
– Millions of Americans have their identity stolen each
year

10
Online Theft, Online Fraud,
and Other Dot Cons

11
 Online Theft, Online Fraud,
and Other Dot Cons
• Phishing
– Use of spoofed e-mail messages to gain credit card
numbers and other personal data
• Spear Phishing
– A personalized phishing scheme targeted to specific
individuals
• Social Media Hacks
– The act of accessing someone else’s social media
account to make changes to the content or to perform
an activity as that individual

12
Online Theft, Online Fraud,
and Other Dot Cons

13
 Online Theft, Online Fraud,
and Other Dot Cons
• Pharming
– The use of spoofed domain names to obtain personal
information
– DNS servers are hacked to route requests for legitimate
Web pages to spoofed Web pages (DNS poisoning)
• Drive-by Pharming
– Hacker changes the victims designated DNS server to the
pharmer’s DNS server

14
 Online Theft, Online Fraud,
and Other Dot Cons
• Online Auction Fraud
– Occurs when an item purchased through an online auction
is never delivered or the item is not as specified
– Illegal, but as with other types of online fraud, prosecution
is difficult
• Other Internet Scams
– Loan and pyramid scams
– Work-at-home cons
– Nigerian letter fraud scheme
– Fake job site postings

15
 Threats to Hardware

 Affect the operation or reliability

 Power-related threats
 Power fluctuations
 Power spikes or browns out
 Power loss
 Can result in loss of data
 Countermeasures
 Surge suppressors
 Line conditioners
 Uninterruptible power supplies
 Generators
 Threats to Hardware

 Theft and vandalism

 Thieves steal the entire computer
 Accidental or intentional damage
 Countermeasures
 Keep the PC in a secure area
 Lock the computer to a desk
 Do not eat near the computer
 Watch equipment
 Chase away loiterers
 Handle equipment with care
 Unauthorized Access and
Unauthorized Use
• Unauthorized Access
– Gaining access to a computer, network, file, or other
resource without permission
• Unauthorized Use
– Using a computer resource for unapproved activities
• Both can be committed by insiders and outsiders
• Codes of Conduct
– Used to specify rules for behavior, typically by a
business or school

18
 Unauthorized Access and
Unauthorized Use
• Hacking
– Using a computer to break into another computer
system
• A serious threat for individuals, businesses, and
the country (national security), i.e.,
cyberterrorism
• Often performed via wireless networks today
– Many wireless networks are left unsecured
• War Driving
– Driving around an area to find a Wi-Fi network to
access and use without authorization

19
 Unauthorized Access and
Unauthorized Use
– Wi-Fi Piggybacking
• Accessing an unsecured Wi-Fi network from the
hacker’s current location without
authorization
• Interception of Communications
– Unsecured messages, files, logon information, etc., can be
intercepted using software designed for that
purpose
– New trend: intercept credit and debit card information
during the card verification process
• Packetsniffing software

20
 Protecting Against Unauthorized
Access and Unauthorized Use
• Access Control Systems
– Used to control access to facilities, computer
networks, company databases, and Web site
accounts
– Identification Systems
• Verify that the person trying to access the
facility or system is an authorized user
– Authentication Systems
• Determine if the person is who he or she claims
to be

21
 Protecting Against Unauthorized
Access and Unauthorized Use
• Possessed Knowledge Access Systems
– Use information that only the authorized user should know
• Typically passwords
• Passwords should be strong and changed frequently
• Typically used in conjunction with usernames
– Disadvantages
• Passwords can be forgotten
• If known, password can be used by someone who is not
an authorized user

22
 Protecting Against
Unauthorized Access and
Unauthorized Use

23
 Protecting Against
Unauthorized Access and
Unauthorized
– Cognitive Authentication Systems Use
• Use information the individual knows or can easily
remember (birthplace, pet names, etc.)
• Used in many password recovery systems
• Two-Factor Authentication
– Using two different methods to authenticate users
• Typically possessed knowledge (password) with
either
– Biometric Feature – something you are
– Possessed Object – something you have
• Hard token – physical object used
• Soft token – supplies a one-time password (OTP)
24
 Protecting Against
Unauthorized Access and
Unauthorized Use

25
 Protecting Against
Unauthorized Access and
• Unauthorized Use
Controlling Access to Wireless Networks
– In general, Wi-Fi is less secure than wired networks
– Security is usually off by default; wireless networks should
be secured
– Wireless network owners should:
• Change the router’s default password
• Enable encryption (WPA2 is more secure than WPA)
• Enable other security features as needed
– Can hide network name (SSID)

26
 Protecting Against
Unauthorized Access and
Unauthorized Use

27
 How It Works
Box
Securing a Wireless Home
Router
– Use router’s
configuration
screen
– Be sure to change the
access password
– Enter the SSID name, select
the security mode, and
type a secure passphrase
– Can use MAC filtering

28
 Protecting Against Unauthorized
Access and Unauthorized Use
• Firewalls
– A collection of hardware and/or software intended to
protect a computer or computer network from
unauthorized access
– Typically two-way, so they check all incoming (from the
Internet) and outgoing (to the Internet) traffic
– Important for home computers that have a direct Internet
connection, as well as for businesses
– Work by closing down external communications ports

29
 Protecting Against
Unauthorized Access and
Unauthorized Use

30
 Protecting Against
Unauthorized Access and
• Unauthorized Use
Intrusion Prevention System (IPS) Software
– Monitors traffic to try and detect possible attacks
– If an attack is discovered, IPS software can immediately
block it
• Encryption
– Method of
scrambling
contents of
e-mail or
files to
make
them
unreadable 31
 Threats to Hardware

 Natural disasters
 Disasters differ by location
 Typically result in total loss
 Disaster planning
 Be aware that a disaster could strike
 Anticipate it when conditions are right
 Plan for recovery
 List potential disasters
 Plan for all eventualities
 Practice all plans
Examples of Natural Disaster
 Threats to Data
• Data, Program, or Web Site Alteration
– Sabotage occurs when a hacker breaches a computer
system in order to delete/change data or modify programs
– Student changing grades
– Employee performing vengeful acts, such as
deleting or changing corporate data
– Data on Web sites can also be altered
• Hacking into and changing social networking account
contents (Facebook pages, Twitter tweets, etc.)
• Altering legitimate site to perform malware attacks

34
 Threats to Data: Malware
• Mobile Malware
– Can infect smartphones, media tablets, printers, etc.
– Smartphones with Bluetooth are particularly vulnerable to
attack
– Mobile threats are expected to continue to increase
• Denial of Service (DoS) Attacks
– Act of sabotage that attempts to flood a network server or
Web server with so much activity that it is unable to
function
– Distributed DoS Attacks target popular Web sites and use
multiple computers

35
Threats to Data: Malware

36
 Threats to Data: Virus
• Computer Viruses
– A software program installed without the user’s
knowledge and designed to alter the way a computer
operates or to cause harm to the computer system
– Often embedded in downloaded programs and e-mail
messages (games, videos, music files)
• Computer Worm
– Malicious program designed to spread rapidly by sending
copies of itself to other computers via a network
– Typically sent as an e-mail attachment

37
Threats to Data: Virus

38
Malware, Virus and Malicious Programs

 Malware describes viruses, worms, Trojan

horse attack applets, and attack scripts.
 These virulent programs represent the most
common threat to your information
 Viruses
 Pieces of a computer program (code) that attach
themselves to host programs.
 Software that distributes and installs itself
 Ranges from annoying to catastrophic
 Countermeasures
 Anti-virus software
 Popup blockers
 Do not open unknown email
 Categories of Viruses
 Bimodal, Bipartite, or Multipartite Viruses
 can infect both files and the boot sector of a disk
 Time bomb
 hides on the victim's disk and waits until a specific date
(or date and time) before running
 Logic bomb
 may be activated by a date, a change to a file, or a
particular action taken by a user or a program
 Stealth Viruses
 take up residence in the computer's memory, making
them hard to detect
 can conceal changes they make to other files, hiding the
damage from the user and the operating system
 Categories of Viruses

 Boot Sector Viruses

 regarded as one of the most hostile types of virus
 infects the boot sector of a hard or floppy disk
 This area of the disk stores essential files the
computer accesses during startup.
 moves the boot sector's data to a different part
of the disk.
 When the computer is started, the virus copies
itself into memory where it can hide and infect
other disks
 allows the actual boot sector data to be read as
though a normal start-up were occurring
 Categories of Viruses

 Cluster Viruses
 makes changes to a disk's file system
 If any program is run from the infected disk, the
program causes the virus to run as well
 creates the illusion that the virus has infected
every program on the disk
 E-mail viruses
 transmitted via email messages sent across
private networks or the Internet
 Some e-mail viruses are transmitted as an
infected attachment—a document file or
program that is attached to the message
 Categories of Viruses
 File-Infecting Viruses
 infects program files on a disk (such as .exe
or .com files)
 When an infected program is launched, the virus's
code is also executed
 Macro virus
 designed to infect a specific type of document file,
such as Microsoft Word or Excel files
 can do various levels of damage to data
from corrupting documents to deleting data
 Polymorphic, Self-Garbling, Self-Encrypting,
or Self-Changing Viruses
 can change itself each time it is copied, making it
 Threats to Data: Malicious
Program
• Trojan Horse
– Malicious program that masquerades
as something else
– Usually appears to be a game or
utility program
– Cannot replicate themselves; must
be downloaded and installed
– Rogue antivirus programs (scareware)
are common today
– Ransomware

44
 CyberCrime
• Computer Crime (cybercrime)
– Any illegal act involving a computer, including:
• Theft of financial assets
• Manipulating data for personal advantage
• Act of sabotage (releasing a computer virus, shutting
down a Web server)
• Phishing and Internet scams
• All computer users should be aware of security concerns and
the precautions that can be taken

45
 Categories of Cybercrime
 Cyberextortionist is someone who uses e-mail as a vehicle for
extortion
 send an organization a threatening e-mail message indicating they will
 expose confidential information, exploit a security flaw, or launch an attack that
will compromise the organization’s network — if they are not paid a sum of
money
 Cyber terrorist is someone who uses the Internet or network to
destroy or damage computers for political reasons
 might target the nation’s air traffic control system, electricity-generating
companies, or a telecommunications infrastructure
 Cyber warfare, describes an attack whose goal ranges from disabling a
government’s computer network to crippling a country
 Cyber Bullying
 Children or teenagers bullying other children or teenagers via the Internet
 Cyber Stalking
 Repeated threats or harassing behavior between adults carried
out via e-mail or another Internet communication method
 Protecting Against Online
Theft, Online Fraud, and
• Other Dot Cons
Protecting Against Data and Information Theft
– Businesses should use good security measures
– Individuals should not give out personal information
(Social Security number, mother’s maiden name,
etc.) unless absolutely necessary
• Protecting Against Identity Theft, Phishing, and Pharming
– Shred documents containing sensitive data, credit card
offers, etc.
– Order a full credit history on yourself a few times a
year to check for accounts listed in your name
– Don’t place sensitive outgoing mail in your mailbox

47
 Protecting Against Online
Theft, Online Fraud, and
Other Dot Cons
– Watch bills and credit report to detect
identity theft early
– Never click a link in an e-mail message to
go to a secure Web site—always type the
URL in the browser instead
– Antiphishing Tools
• Antiphishing tools built into Web browsers can help
warn you of potential phishing sites
• Some secure sites use additional layers of security to
protect against identity thieves
• Some banks and other financial institutions add an
48

 Protecting Against Online
Theft, Online Fraud, and
• Digital Certificate
Other Dot Cons
– Group of electronic data that can be used to verify the
identity of a person or organization
– Obtained from Certificate Authorities
– Typically contains identity information about the person or
organization, an expiration date, and a pair of keys to be
used with encryption and digital signatures
– Are also used with secure Web sites to guarantee that the
site is secure and actually belongs to the stated individual
or organization
• Can be SSL or EV SSL

49
 Protecting Against Online
Theft, Online Fraud, and
Other Dot Cons
• Digital signatures
– Unique digital codes that can be attached to an e-mail
message or document
– Can be used to verify the identity of the sender
– Can be used to guarantee the message or file has not been
changed since it was signed
– Uses public key encryption
• Document is signed with the sender’s private key
• The key and the document create a unique digital
signature
• Signature is verified using the sender’s public
key

50
Protecting Against Online
Theft, Online Fraud, and
Other Dot Cons

51
 Protecting Against Online
Theft, Online Fraud, and
• Other Dot Cons
Protecting Against Online Auction Fraud and Other Internet
Scams
– Use common sense
– Check online auction seller’s feedback before bidding
– Pay for online purchases via a credit card so transactions
can be disputed if needed
– Use an online payment system
– Take advantage of buyer protection
– Use an escrow service for high-priced items

52
 Summary
 Basic Security Concepts
 Threats to User
 Identity Theft
 Loss of Privacy
 Online Spying Tools
 Online Theft
 Online Fraud & Other Dot Cons
 Threats to Hardware
 Power Related Threats
 Hardware Loss
 Hardware Damage
 System Failure,
 Unauthorized Access & Unauthorized Use
 Natural Disasters
 Threats to Data
 Malware
 Virus & Malicious Program,
 Cybercrime, Cyber-Terrorism,
 Counter Measures
53