PowerPoint Presentation to Accompany Chapter 10 Security & Privacy Visualizing TechnologyCopyright...

Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall

PowerPoint Presentation to Accompany

Chapter 10

Security & Privacy

Visualizing Technology


Objectives

1. Discuss various types of cybercrime.2. Differentiate between different types of

malware.3. Explain how to secure a computer.4. Discuss safe computing practices.5. Discuss laws related to computer security and

privacy.



Object ive 1 : Overv iewCybercrime: They Are Out to Get You

1. Define cybercrime and discuss how it affects online activity

2. Discuss the various types of cybercrime, including harassment, phishing, pharming, fraud, identity theft, and hacking

Key Terms Computer fraud Cyberbullying Cybercrime Cyberstalking Cyberterrorism

Hacking Hacktivism Identify theft Pharming Phishing



Cybercrime

Criminal activity on the Internet Personal cybercrime

Harassment Phishing and pharming Fraud Identity theft

Cybercrime against organizations Hacking Cyberterrorism



Personal CybercrimeHarassment

Cyberbullying Harassment

involving minors

Cyberstalking Harassment

involving adults


Harassers use email, IM, chat, text messages, and social networks


Personal CybercrimePhishing and Pharming

Phishing Email messages

and IMs Appear to be from

someone with which you do business

Designed to trick you into providing usernames and passwords

Pharming Redirects you to a

phony website even if you type the URL

Hijack company domain



Personal CybercrimeFraud and Identity Theft

Computer fraud Schemes that

convince you to voluntarily and knowingly give money or property to a person

Identity theft Someone uses your

name, Social Security number, or bank or credit cards for financial gain



Social Network Attacks

Adware and other malware Suspicious emails and notifications Phishing and "Please send money"

scams Clickjacking Malicious script scams


Social Networking Attacks (Facebook)facebook.com/help/security

http://facebook.com/help/security


Cybercrime & BusinessHacking

Hacking Unauthorized

access to a computer system or network

Hacktivism Hacking to make a

political statement

White-hat or “sneakers” Prevent future hacking

Black-hat or “cracker” Has malicious intent

Gray-hat Illegal but not malicious

intentVisualizing Technology


Cybercrime & BusinessCyberterrorism

Unlawful attack against computers or networks To intimidate a government or its people Political or social agenda Attack information systems to cause harm Majority of attacks are unsuccessful and

unreported Potential targets include:

Financial sector Infrastructure:

Communications Utilities


Transportation Hospitals


What steps should you take to prevent identity theft? How have you implemented these in your activities? Are there other things you should be doing?



Steps to prevent identity theft Review monthly statements from your checking and other financial

accounts

Review credit card bills each month

Create online accounts on a computer you trust

Order and review your credit reports from the three credit agencies: TransUnion, Equifax, and Experian

Be sure to shred old bank statements, applications for new credit cards, and other documents that have personal information

Secure your personal information online and offline

Do not carry your Social Security card in your wallet

Be careful about online passwords and change them often

Be vigilant about sharing personal information when opening new accounts online

Students should follow this list with reasoning as to how they have implemented these measures in their daily activities and anything else they might be doing to prevent identity theft. Visualizing Technology


Object ive 2 : Overv iewMalware: Pick Your Poison

1. Define the different types of malware 2. Differentiate among the different types of malware

Key Terms Adware Botnet Cookie Denial-of-service attack Keylogger Logic bomb Malware Payload

Rootkit Spam Spyware Time bomb Trojan horse Virus Worm



Malicious software Includes:

Spam Adware and spyware Viruses Worms Trojan horses Rootkits

Malware



Spam

Mass, unsolicited email Easy and inexpensive Other forms:

Fax spam IM spam Text spam


Spam in Gmail Account


Cookies

Small text files Help websites identify you when you

return Useful, yet could collect information



Adware Pop-ups or banner ads Generate income Use CPU cycles and Internet bandwidth Reduce PC performance

Spyware Malware Secretly gathers personal information Usually installed by accident

Click on a pop-up Install freeware program

Adware and Spyware



Adware

Generates money Provides users with something free


Spotify


Needs a host file Program that replicates itself Infects computers May corrupt or delete files May even erase an entire disk May use email program to infect

other computers

Virus



Bombs

Logic Bomb Behaves like a virus Performs malicious

act Does not replicate Attacks when

certain conditions are met

Time Bomb Trigger is a specific

time or event April Fool’s Day Friday the 13th



Self-replicating Do not need a host to travel Travel over networks to infect other

machines Conficker worm

First released in 2008 Reemerged in 2010

with new behaviors

Worms



Trojan Horse

Appears to be legitimate program Malicious Might install:

Adware Toolbar Keylogger

Captures information entered on keyboard

Can open back door



Rootkit

Set of programs Allows someone to gain control

over system Hides the fact that the computer

has been compromised Almost impossible to detect Masks behavior of other malware



Botnet

Network of computer zombies or bots Controlled by a master Fake security notifications Launch denial-of-service attacks

Cripples a server or network



Visit the U.S. Computer Emergency Readiness Team website Select the Guidelines for Publishing Information Online link (http://www.us-cert.gov/ncas/tips/st05-013) and read about it. Write a 2- to 3-paragraph summary of the tip. Which of these suggestions do you follow? Are there any that you disagree with?


http://www.us-cert.gov/ncas/tips/st05-013

http://www.us-cert.gov/ncas/tips/st05-013


What guidelines can you follow when publishing information on the Internet?

View the Internet as a novel, not a diary Make sure you are comfortable with anyone seeing the

information you put online. Expect that people you have never met will find your page;

even if you are keeping an online journal or blog, write it with the expectation that it is available for public consumption.

Some sites may use passwords or other security restrictions to protect the information, but these methods are not usually used for most websites.

If you want the information to be private or restricted to a small, select group of people, the Internet is probably not the best forum.



What guidelines can you follow when publishing information on the Internet? Be careful what you advertise

In the past, it was difficult to find information about people other than their phone numbers or address. Now, an increasing amount of personal information is available online, especially because people are creating personal web pages with information about themselves.

When deciding how much information to reveal, realize that you are broadcasting it to the world.

Supplying your email address may increase the amount of spam you receive (see Reducing Spam for more information).

Providing details about your hobbies, your job, your family and friends, and your past may give attackers enough information to perform a successful social engineering attack (see Avoiding Social Engineering and Phishing Attacks for more information).


http://www.us-cert.gov/ncas/tips/ST04-007.html

http://www.us-cert.gov/ncas/tips/ST04-014.html


What guidelines can you follow when publishing information on the Internet?

Realize that you can't take it back

Once you publish something online, it is available to other people and to search engines.

You can change or remove information after something has been published, but it is possible that someone has already seen the original version.

Even if you try to remove the page(s) from the Internet, someone may have saved a copy of the page or used excerpts in another source.

Some search engines "cache" copies of web pages; these cached copies may be available after a web page has been deleted or altered.

Some web browsers may also maintain a cache of the web pages a user has visited, so the original version may be stored in a temporary file on the user's computer.

Think about these implications before publishing information—once something is out there, you can't guarantee that you can completely remove it.



Object ive 3 : Overv iewShields Up!

1. Discuss the important steps to keep a system secure

2. List the different software needed to keep your system secure

3. List the different hardware needed to keep your system secure

4. Discuss why it is important to keep the OS up-to-date

Key Terms Antispyware software Antivirus program Firewall NAT

Router Security suite SSID Wireless encryption



How to Protect Your ComputerSoftware

Firewall Blocks access to individual machine Included with Windows

Antivirus programs Protect against viruses, Trojans, worms,

spyware Antispyware software

Prevents adware and spyware from installing Security suites

Packages of security software Combination of features



How to Protect Your ComputerHardware

Router Connects two or more networks together Acts like firewall

Network address translation (NAT) Security feature of a router Shields devices on private network (home)

from public network (Internet)



Router setup utility Change the SSID Enable and configure wireless

encryption Adds security to network by encrypting

transmitted data

Wireless Security



How to Protect Your ComputerOperating System

Most important piece of security software Keep patched and up-to-date



Use the Internet to find out what might happen if you use the Windows firewall and another firewall at the same time.



Firewall ConflictsCan I use more than one firewall on my computer?

Yes, but running more than one firewall program at the same time could cause conflicts. It's best to just use one firewall program.

If I have a router with a built-in firewall, should I also turn on Windows Firewall?

Yes, because router-based firewalls only provide protection from computers on the Internet, not from computers on your home network.

For example, if a mobile computer or guest computer connects to some other network, becomes infected with a computer worm, and then connects to your home network, your router-based firewall won't be able to prevent the spread of the worm.

However, a firewall running on each computer on your network can help control the spread of worms.



Object ive 4 : Overv iewAn Ounce of Prevention Is Worth a Pound of Cure

1. Discuss why practicing safe computing is critical to protecting your system and your personal information

2. Discuss strong passwords and encryption3. Discuss the importance of an acceptable use policy

Key Terms Acceptable use policy (AUP) Ciphertext Encryption User Account Control (UAC)



Safe ComputingUser Accounts

User accounts: Standard Administrator Guest

User Account Control notifies you before changes are made to computer Do not turn this feature off Always read message before clicking Yes

Malware tricks users into clicking fake Windows notifications



Safe ComputingPasswords

At least eight characters At least one number Use special characters Mix uppercase and lowercase letters Use different passwords for different accounts Use difficult passwords for banks and credit cards Change default passwords Change passwords on regular basis Do not use words found in dictionary Do not use personal identifiers Do not write passwords down



Safe ComputingEncryption


Encryption converts plain text into ciphertext Must have a key to decrypt it

https Padlock


File and drive encryption Secure data in files Windows includes Encrypting File

System Enables encryption of individual files

OS X has FileVault Encrypts contents of hard disk

File Encryption



Safe ComputingAcceptable Use Policies

Common in businesses and schools Rules for computer and network users Depend on:

Type of business Type of information

Force users to practice safe computing



Visit staysafeonline.org/teach-online-safety/higher-education/and read the Internet Higher Education tips and the STOP.THINK.CONNECT. tips and advice sheet.


http://staysafeonline.org/teach-online-safety/higher-education/

http://staysafeonline.org/teach-online-safety/higher-education/


Object ive 5 : Overv iewThe Law Is on Your Side

1. Discuss the responsibility of the Internet Crime Complaint Center (IC3)

2. Discuss current laws in place to protect users on the Internet

Key Term Internet Crime Complaint Center (IC3)



No single authority responsible for investigating cybercrime

Internet Crime Complaint Center (IC3) Place for victims to report

cybercrimes ic3.gov Reports processed and forwarded

to appropriate agency Agencies include:

FBI Secret Service Immigration and Customs Postal Inspection Service ATF

Laws, Security, and Privacy


http://ic3.gov/


Computer Fraud and Abuse Act Makes it a crime to access classified information Passed in 1986, amendments between 1988 and

2002 added additional cybercrimes USA Patriot Antiterrorism Legislation (2001) Cyber Security Enhancement Act (2002)

Provisions for fighting cybercrime Convention on Cybercrime Treaty

Drafted by Council of Europe Signed by over 40 countries

Current Laws



As of this writing, the Cybersecurity Enhancement Act of 2010 was still being debated. What is the status of this act? Have there been any other cybercrime laws passed since then?


Copyright © 2014 Pearson Education, Inc. Publishing as Prentice HallVisualizing Technology

Cybersecurity Enhancement Act of 2013: https://www.govtrack.us/congress/bills/113/hr756

Referred to a Senate committee on Science, Space, and Technology

Passed House of Representatives

https://www.govtrack.us/congress/bills/113/hr756

https://www.govtrack.us/congress/bills/113/hr756


All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,

photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America.



PowerPoint Presentation to Accompany Chapter 10 Security & Privacy Visualizing TechnologyCopyright...

Documents

Transcript of PowerPoint Presentation to Accompany Chapter 10 Security & Privacy Visualizing TechnologyCopyright...