PowerPoint Presentation to Accompany Chapter 10 Security & Privacy Visualizing TechnologyCopyright...
-
Upload
daniella-melton -
Category
Documents
-
view
215 -
download
0
Transcript of PowerPoint Presentation to Accompany Chapter 10 Security & Privacy Visualizing TechnologyCopyright...
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
PowerPoint Presentation to Accompany
Chapter 10
Security & Privacy
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Objectives
1. Discuss various types of cybercrime.2. Differentiate between different types of
malware.3. Explain how to secure a computer.4. Discuss safe computing practices.5. Discuss laws related to computer security and
privacy.
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Object ive 1 : Overv iewCybercrime: They Are Out to Get You
1. Define cybercrime and discuss how it affects online activity
2. Discuss the various types of cybercrime, including harassment, phishing, pharming, fraud, identity theft, and hacking
Key Terms Computer fraud Cyberbullying Cybercrime Cyberstalking Cyberterrorism
Hacking Hacktivism Identify theft Pharming Phishing
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Cybercrime
Criminal activity on the Internet Personal cybercrime
Harassment Phishing and pharming Fraud Identity theft
Cybercrime against organizations Hacking Cyberterrorism
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Personal CybercrimeHarassment
Cyberbullying Harassment
involving minors
Cyberstalking Harassment
involving adults
Visualizing Technology
Harassers use email, IM, chat, text messages, and social networks
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Personal CybercrimePhishing and Pharming
Phishing Email messages
and IMs Appear to be from
someone with which you do business
Designed to trick you into providing usernames and passwords
Pharming Redirects you to a
phony website even if you type the URL
Hijack company domain
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Personal CybercrimeFraud and Identity Theft
Computer fraud Schemes that
convince you to voluntarily and knowingly give money or property to a person
Identity theft Someone uses your
name, Social Security number, or bank or credit cards for financial gain
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Social Network Attacks
Adware and other malware Suspicious emails and notifications Phishing and "Please send money"
scams Clickjacking Malicious script scams
Visualizing Technology
Social Networking Attacks (Facebook)facebook.com/help/security
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Cybercrime & BusinessHacking
Hacking Unauthorized
access to a computer system or network
Hacktivism Hacking to make a
political statement
White-hat or “sneakers” Prevent future hacking
Black-hat or “cracker” Has malicious intent
Gray-hat Illegal but not malicious
intentVisualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Cybercrime & BusinessCyberterrorism
Unlawful attack against computers or networks To intimidate a government or its people Political or social agenda Attack information systems to cause harm Majority of attacks are unsuccessful and
unreported Potential targets include:
Financial sector Infrastructure:
Communications Utilities
Visualizing Technology
Transportation Hospitals
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
What steps should you take to prevent identity theft? How have you implemented these in your activities? Are there other things you should be doing?
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Steps to prevent identity theft Review monthly statements from your checking and other financial
accounts
Review credit card bills each month
Create online accounts on a computer you trust
Order and review your credit reports from the three credit agencies: TransUnion, Equifax, and Experian
Be sure to shred old bank statements, applications for new credit cards, and other documents that have personal information
Secure your personal information online and offline
Do not carry your Social Security card in your wallet
Be careful about online passwords and change them often
Be vigilant about sharing personal information when opening new accounts online
Students should follow this list with reasoning as to how they have implemented these measures in their daily activities and anything else they might be doing to prevent identity theft. Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Object ive 2 : Overv iewMalware: Pick Your Poison
1. Define the different types of malware 2. Differentiate among the different types of malware
Key Terms Adware Botnet Cookie Denial-of-service attack Keylogger Logic bomb Malware Payload
Rootkit Spam Spyware Time bomb Trojan horse Virus Worm
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Malicious software Includes:
Spam Adware and spyware Viruses Worms Trojan horses Rootkits
Malware
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Spam
Mass, unsolicited email Easy and inexpensive Other forms:
Fax spam IM spam Text spam
Visualizing Technology
Spam in Gmail Account
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Cookies
Small text files Help websites identify you when you
return Useful, yet could collect information
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Adware Pop-ups or banner ads Generate income Use CPU cycles and Internet bandwidth Reduce PC performance
Spyware Malware Secretly gathers personal information Usually installed by accident
Click on a pop-up Install freeware program
Adware and Spyware
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Adware
Generates money Provides users with something free
Visualizing Technology
Spotify
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Needs a host file Program that replicates itself Infects computers May corrupt or delete files May even erase an entire disk May use email program to infect
other computers
Virus
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Bombs
Logic Bomb Behaves like a virus Performs malicious
act Does not replicate Attacks when
certain conditions are met
Time Bomb Trigger is a specific
time or event April Fool’s Day Friday the 13th
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Self-replicating Do not need a host to travel Travel over networks to infect other
machines Conficker worm
First released in 2008 Reemerged in 2010
with new behaviors
Worms
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Trojan Horse
Appears to be legitimate program Malicious Might install:
Adware Toolbar Keylogger
Captures information entered on keyboard
Can open back door
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Rootkit
Set of programs Allows someone to gain control
over system Hides the fact that the computer
has been compromised Almost impossible to detect Masks behavior of other malware
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Botnet
Network of computer zombies or bots Controlled by a master Fake security notifications Launch denial-of-service attacks
Cripples a server or network
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Visit the U.S. Computer Emergency Readiness Team website Select the Guidelines for Publishing Information Online link (http://www.us-cert.gov/ncas/tips/st05-013) and read about it. Write a 2- to 3-paragraph summary of the tip. Which of these suggestions do you follow? Are there any that you disagree with?
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
What guidelines can you follow when publishing information on the Internet?
View the Internet as a novel, not a diary Make sure you are comfortable with anyone seeing the
information you put online. Expect that people you have never met will find your page;
even if you are keeping an online journal or blog, write it with the expectation that it is available for public consumption.
Some sites may use passwords or other security restrictions to protect the information, but these methods are not usually used for most websites.
If you want the information to be private or restricted to a small, select group of people, the Internet is probably not the best forum.
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
What guidelines can you follow when publishing information on the Internet? Be careful what you advertise
In the past, it was difficult to find information about people other than their phone numbers or address. Now, an increasing amount of personal information is available online, especially because people are creating personal web pages with information about themselves.
When deciding how much information to reveal, realize that you are broadcasting it to the world.
Supplying your email address may increase the amount of spam you receive (see Reducing Spam for more information).
Providing details about your hobbies, your job, your family and friends, and your past may give attackers enough information to perform a successful social engineering attack (see Avoiding Social Engineering and Phishing Attacks for more information).
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
What guidelines can you follow when publishing information on the Internet?
Realize that you can't take it back
Once you publish something online, it is available to other people and to search engines.
You can change or remove information after something has been published, but it is possible that someone has already seen the original version.
Even if you try to remove the page(s) from the Internet, someone may have saved a copy of the page or used excerpts in another source.
Some search engines "cache" copies of web pages; these cached copies may be available after a web page has been deleted or altered.
Some web browsers may also maintain a cache of the web pages a user has visited, so the original version may be stored in a temporary file on the user's computer.
Think about these implications before publishing information—once something is out there, you can't guarantee that you can completely remove it.
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Object ive 3 : Overv iewShields Up!
1. Discuss the important steps to keep a system secure
2. List the different software needed to keep your system secure
3. List the different hardware needed to keep your system secure
4. Discuss why it is important to keep the OS up-to-date
Key Terms Antispyware software Antivirus program Firewall NAT
Router Security suite SSID Wireless encryption
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
How to Protect Your ComputerSoftware
Firewall Blocks access to individual machine Included with Windows
Antivirus programs Protect against viruses, Trojans, worms,
spyware Antispyware software
Prevents adware and spyware from installing Security suites
Packages of security software Combination of features
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
How to Protect Your ComputerHardware
Router Connects two or more networks together Acts like firewall
Network address translation (NAT) Security feature of a router Shields devices on private network (home)
from public network (Internet)
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Router setup utility Change the SSID Enable and configure wireless
encryption Adds security to network by encrypting
transmitted data
Wireless Security
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
How to Protect Your ComputerOperating System
Most important piece of security software Keep patched and up-to-date
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Use the Internet to find out what might happen if you use the Windows firewall and another firewall at the same time.
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Firewall ConflictsCan I use more than one firewall on my computer?
Yes, but running more than one firewall program at the same time could cause conflicts. It's best to just use one firewall program.
If I have a router with a built-in firewall, should I also turn on Windows Firewall?
Yes, because router-based firewalls only provide protection from computers on the Internet, not from computers on your home network.
For example, if a mobile computer or guest computer connects to some other network, becomes infected with a computer worm, and then connects to your home network, your router-based firewall won't be able to prevent the spread of the worm.
However, a firewall running on each computer on your network can help control the spread of worms.
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Object ive 4 : Overv iewAn Ounce of Prevention Is Worth a Pound of Cure
1. Discuss why practicing safe computing is critical to protecting your system and your personal information
2. Discuss strong passwords and encryption3. Discuss the importance of an acceptable use policy
Key Terms Acceptable use policy (AUP) Ciphertext Encryption User Account Control (UAC)
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Safe ComputingUser Accounts
User accounts: Standard Administrator Guest
User Account Control notifies you before changes are made to computer Do not turn this feature off Always read message before clicking Yes
Malware tricks users into clicking fake Windows notifications
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Safe ComputingPasswords
At least eight characters At least one number Use special characters Mix uppercase and lowercase letters Use different passwords for different accounts Use difficult passwords for banks and credit cards Change default passwords Change passwords on regular basis Do not use words found in dictionary Do not use personal identifiers Do not write passwords down
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Safe ComputingEncryption
Visualizing Technology
Encryption converts plain text into ciphertext Must have a key to decrypt it
https Padlock
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
File and drive encryption Secure data in files Windows includes Encrypting File
System Enables encryption of individual files
OS X has FileVault Encrypts contents of hard disk
File Encryption
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Safe ComputingAcceptable Use Policies
Common in businesses and schools Rules for computer and network users Depend on:
Type of business Type of information
Force users to practice safe computing
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Visit staysafeonline.org/teach-online-safety/higher-education/and read the Internet Higher Education tips and the STOP.THINK.CONNECT. tips and advice sheet.
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Object ive 5 : Overv iewThe Law Is on Your Side
1. Discuss the responsibility of the Internet Crime Complaint Center (IC3)
2. Discuss current laws in place to protect users on the Internet
Key Term Internet Crime Complaint Center (IC3)
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
No single authority responsible for investigating cybercrime
Internet Crime Complaint Center (IC3) Place for victims to report
cybercrimes ic3.gov Reports processed and forwarded
to appropriate agency Agencies include:
FBI Secret Service Immigration and Customs Postal Inspection Service ATF
Laws, Security, and Privacy
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Computer Fraud and Abuse Act Makes it a crime to access classified information Passed in 1986, amendments between 1988 and
2002 added additional cybercrimes USA Patriot Antiterrorism Legislation (2001) Cyber Security Enhancement Act (2002)
Provisions for fighting cybercrime Convention on Cybercrime Treaty
Drafted by Council of Europe Signed by over 40 countries
Current Laws
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
As of this writing, the Cybersecurity Enhancement Act of 2010 was still being debated. What is the status of this act? Have there been any other cybercrime laws passed since then?
Visualizing Technology
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice HallVisualizing Technology
Cybersecurity Enhancement Act of 2013: https://www.govtrack.us/congress/bills/113/hr756
Referred to a Senate committee on Science, Space, and Technology
Passed House of Representatives
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical,
photocopying, recording, or otherwise, without the prior written permission of the publisher. Printed in the United States of America.
Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall
Visualizing Technology