IT_Chapter_14A

Basic Security Concepts

• Threats

– Anything that can harm a computer

– Vulnerabilities are weaknesses in security

– Security attempts to neutralize threats

• Degrees of harm

– Level of potential damage

– Include all parts of system

• Potential data loss

• Loss of privacy

• Inability to use hardware

• Inability to use software

• Countermeasures

– Steps taken to block a threat

– Protect the data from theft

– Protect the system from theft

Threats To Users

• Identity Theft

– Impersonation by private information

• Thief can ‘become’ the victim

– Reported incidents rising

– Methods of stealing information

• Shoulder surfing

• Snagging

• Dumpster diving

• Social engineering

• High-tech methods

• Loss of privacy

– Personal information is stored electronically

– Purchases are stored in a database

• Data is sold to other companies

– Public records on the Internet

– Internet use is monitored and logged

– None of these techniques are illegal

• Cookies

– Files delivered from a web site

– Originally improved a site’s function

– Cookies now track history and passwords

– Browsers include cookie blocking tools

• Spyware

– Software downloaded to a computer

– Designed to record personal information

– Typically undesired software

– Hides from users

– Several programs exist to eliminate

• Web bugs

– Small programs embedded in gif images

– Gets around cookie blocking tools

– Companies use to track usage

– Blocked with spyware killers

• Spam

– Unsolicited commercial email

– Networks and PCs need a spam blocker

• Stop spam before reaching the inbox

– Spammers acquire addresses using many methods

– CAN-SPAM Act passed in 2003

Threats to Hardware

• Affect the operation or reliability

• Power-related threats

– Power fluctuations

• Power spikes or browns out

– Power loss

– Countermeasures

• Surge suppressors

• Line conditioners

• Uninterruptible power supplies

• Generators

• Theft and vandalism

– Thieves steal the entire computer

– Accidental or intentional damage

– Countermeasures

• Keep the PC in a secure area

• Lock the computer to a desk

• Do not eat near the computer

• Watch equipment

• Chase away loiterers

• Handle equipment with care

• Natural disasters

– Disasters differ by location

– Typically result in total loss

– Disaster planning

• Plan for recovery

• List potential disasters

• Plan for all eventualities

• Practice all plans

Threats to Data

• The most serious threat

– Data is the reason for computers

– Data is very difficult to replace

– Protection is difficult

• Data is intangible

• Viruses

– Software that distributes and installs itself

– Ranges from annoying to catastrophic

– Countermeasures

• Anti-virus software

• Popup blockers

• Do not open unknown email

• Trojan horses

– Program that poses as beneficial software

– User willingly installs the software

– Countermeasures

• Anti-virus software

• Spyware blocker

• Cybercrime

– Using a computer in an illegal act

– Fraud and theft are common acts

• Internet fraud

– Most common cybercrime

– Fraudulent website

– Have names similar to legitimate sites

• Hacking

– Using a computer to enter another network

– Cost users $1.3 trillion in 2003

– Hackers motivation

• Recreational hacking

• Financial hackers

• Grudge hacking

– Hacking methods

• Sniffing

• Social engineering

• Spoofing

• Distributed denial of service attack

– Attempt to stop a public server

– Hackers plant the code on computers

– Code is simultaneously launched

– Too many requests stops the server

• Cyber terrorism

– Attacks made at a nations information

– Targets include power plants

– Threat first realized in 1996

– Organizations combat cyber terrorism

• Computer Emergency Response Team (CERT)

• Department of Homeland Security