Wednesday 19 October 2016

Chapter 11

Chapter 11
Manage Computing Securely, Safely and Ethically


Computer security risk- any event or action that could cause a loss of or damage to computer hardware, software, data, information and processing capability.
Type of computer security risk:
Cybercrime- an online or internet-based illegal act.
For example:

  1. Hackers- where a person's computer is broken into so that any personal or sensitive information could be obtained. But there are ethical hackers (provide benefit) and unethical hackers (steal information).
  2. Crackers- where a computer program's license or password is bypassed.
  3. Script kiddies- where a person uses existing scripts or code to hack into a computer.
  4. Corporate spies- a covert gaining competitor's information.
  5. Unethical employees- employee who obtain company's information and sell it.
  6. Cyberextortionists- crime involving attack or threat of attack with purpose to get money out of it.
  7. Cyberterrorists- act of internet terrorism in terrorists activities, including acts of deliberate, large scale disruption of computer networks by the means of tools such as computer viruses.
Internet and Network Attacks

Information transmitted over networks has a higher degree of security risk than information kept on an organization’s premises. An online security service is a Web site that evaluates your computer to check for Internet and e-mail vulnerabilities
Types of internet and network attacks:
1) Computer virus- affects a computer negatively by damaging computer system and hardware.
2) Worm- replicate itself and will take up hard disk space and internet bandwidth.
3) Trojan horse- hides itself and looks like a legitimate program that will steal information.
4) Rootkit- hides in a computer and allows someone from remote location to take full control.

-An infected computer has one or more of the following symptoms:
  • Operating system runs much slower than usual.
  • Available memory is less than expected.
  • Files become corrupted.
  • system properties change.
  • Music or unusual sound plays randomly.
  • Operating system shuts down unexpectedly.
  • Programs or files do not work properly.
  • Operating system does not start up.
-A botnet is a group of compromised computers connected to a network. A compromised computer is know as a zombie.
-A denial of service attacks (Dos attack) disrupts computer access to internet services.
-A back door is a program or set of instructions in a program that allow users to bypass security controls.
-Spoofing is a technique intruders use to make their network or internet transmission appear legitimate.
-A firewall is hardware and/or software that protects a network’s resources from intrusion
-Intrusion detect
ion software:-
  • Analyzes all network traffic
  • Assesses system vulnerabilities
  • Identifies any unauthorized intrusions
  • Notifies network administrators of suspicious behavior patterns or system breaches.
-Honeypot;-
Vulnerable computer that is set up to entice an intruder to break into it. 
Unauthorized Access and Use:-

-Unauthorized access is the use of a computer or network without permission
-Unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities.
-Organizations take several measure to help prevent unauthorized access and use
Acceptable use policy
Disable file and printer sharing
Firewalls
Intrusion detection software
-Access controls define who can access a computer, when they can access it and what actions they can take

Two-phase processes called identification and authentication
  • User name
  • Password
  • Passphrase
  • CAPTCHA
-A bio-metric device authenticates a person’s identity by translating a personal characteristic into a digital code that is compared with a digital code in a computer
-Digital forensics is the discovery , collection, and analysis of evidence found on computer and network. many areas use digital forensics such as 
  • Law enforcement
  • Criminal prosecutors
  • Military intelligence
  • Insurance agencies
  • Information security departments
Hardware Theft and Vandalism:

-Hardware theft is the act of stealing computer equipment

-Hardware vandalism is the act of defacing or destroying computer equipment.
To help reduce the of change of theft, companies and schools use a variety of security measures
  • Physical access controls
  • Alarm system
  • Cables to lock equipment
  • Real time location system
  • Password, possessed objects, and bio-metrics
-Software theft occurs when someone; -
  • Steals software media.
  • Intentionally erases programs.
  • illegally copies a program.
  • illegally registers and/or activates a program.
Software Theft: -
-A single-user license agreement typically contains the following conditions 
permitted to
  • install the software on one computer
  • Make one copy of the software
  • Remove the software from your computer before giving it away or selling it
Not permitted to
  • install the software on a network
  • Give copies to friends or colleagues while continuing to use the software 
  • Export the software 
  • Rent or lease the software
Copying, loaning, borrowing, renting, or distributing software can be a violation of copyright law where some software requires product activation to function fully.
-Information theft occurs when someone steals personal or confidential information .

-Encryption is a process of converting readable data into unreadable characters to prevent unauthorized access.

-A digital signature is an encrypted code that a person, website, or organization attaches to an electronic message to verify the identity of the sender.
popular security techniques include:-
  • Digital certificates
  • Transport layer security (TLS)
  • Secure HTTP
  • VPN

-A system failure is the prolonged malfunction of a computer. A variety of factors can lead to system failure including:-
  • Aging hardware
  • Natural disasters
  • Electrical power problems such as noise, under-voltages and over-voltages
  • Errors in computer programs.
Two ways to protect from system failures caused by electrical power variations include surge protectors and uninterruptable power supplies (UPS).
-A backup is a duplicate of a file, program, or disk that can be used if the original is lost, damaged. or destroyed. To back up a file means to make a copy of it. Offsite backups are stored in a location separate form the computer site such as cloud storage.

Ethics and Society:-
The bets way to prevent security risk is to have ethics and society.
-Computer ethics are the moral guidelines that govern the use of computer and information systems.
-Intellectual property rights are the rights to which creators are entitled for their work. A copyright protects any tangible form of expression.
-IT code of conduct is a written guideline that helps determine whether a specific computer action is ethical or unethical. The IT code of conduct:- 
  1. Computers may not be used to harm other people.
  1. Employees may not interfere with others computer work.
  1. Employees may not meddle in others computer files.
  1. Computers may not be used to steal.
  1. Computers may not be used to bear false witness.
  1. Employees may not copy or use software illegally.
  1. Employees may not use others computer resource without authorization.
  1. Employees may not use others intellectual property as their own.
  1. Employees shall consider the social impact of programs and system they design.
  1. Employees always should use computers in a way that demonstrates consideration and respect for fellow humans.


Green computing involve reducing the electricity and environmental waste while using a computer.
Green computing suggestions:
1) Use computers and devices that comply with the Energy Star program.
2) Turn off computers when not in use.
3) Use LCD monitor instead of CRT monitor.
4) Turn on power save mode.
5) Use paperless method to communicate.
6) Recycle paper.
7) Buy recycled paper.
8) Recycle toner cartridges.
9) Recycle old computers, printers and other devices.
10) Telecommute to save gas.
11) Use video conferencing and VoIP for meetings.

Information privacy- refers to the right of individuals and companies to deny or restrict the collection and use of information about them.
Examples on how to safeguard personal information:
1) Fill only necessary information on any form.
2) Avoid shopping club and buyer cards.
3) Ask before giving personal information to any merchants.
4) Install a cookie manager to filter cookies.
5) Turn off file and printer sharing on internet connection.
6) Install a personal firewall.
7) Inform merchant not to distribute your personal information.
8) Clear history file frequently on browser.
9) Do not reply to spam for any reason.
10) Surf the web anonymously.

Cookie- a small text file that a web server stores on your computer. It allows personalisation, store users' passwords, assist with online shopping, track how often users visit a site and target advertisement.

Spam is an unsolicited e-mail message or newsgroup posting.
E-mail filtering blocks e-mail messages from designated sources.
Anti-spam programs attempt to remove spam before it reaches your inbox.
Phishing is a scam where an official looking e-mail message that attempts to obtain your personal and financial information.
Pharming is a scam where spoofing is used as an attempt to obtain your personal and financial information.
Content filtering is the process of restricting access to certain material on the web.
Web filtering software restricts access to specified websites. 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)