chapter 7: computer and network security · •security patches: code updates to remove security...
TRANSCRIPT
![Page 1: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/1.jpg)
Ethics for the Information Age
Fifth Edition
by
Michael J. Quinn
Chapter 7:
Computer and Network
Security
![Page 2: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/2.jpg)
1-2
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-2
Chapter Overview
• Introduction
• Hacking
• Malware
• Cyber crime and cyber attacks
• Online voting
![Page 3: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/3.jpg)
1-3
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-3
7.1 Introduction
• Computers getting faster and less expensive
• Utility of networked computers increasing
– Shopping and banking
– Managing personal information
– Controlling industrial processes
• Increasing use of computers growing
importance of computer security
![Page 4: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/4.jpg)
1-4
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
7.2 Hacking
1-4
![Page 5: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/5.jpg)
1-5
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Hackers, Past and Present
• Original meaning of hacker: explorer, risk taker,
system innovator
– MIT’s Tech Model Railroad Club in 1950s
• Modern meaning of hacker: someone who gains
unauthorized access to computers and computer
networks
1-5
![Page 6: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/6.jpg)
1-6
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Computer Fraud and Abuse Act
• Criminalizes wide variety of hacker-related
activities– Transmitting code that damages a computer
– Accessing any Internet-connected computer without authorization
– Transmitting classified government information
– Trafficking in computer passwords
– Computer fraud
• Maximum penalty: 20 years in prison and
$250,000 fine
1-6
![Page 7: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/7.jpg)
1-7
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Sidejacking
• Sidejacking: hijacking of an open Web session
by capturing a user’s cookie
• Sidejacking possible on unencrypted wireless
networks because many sites send cookies “in
the clear”
• Internet security community complained about
sidejacking vulnerability for years, but
ecommerce sites did not change practices
1-7
![Page 8: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/8.jpg)
1-8
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
7.3 Malware
1-8
![Page 9: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/9.jpg)
1-9
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-9
Viruses
• Virus: Piece of self-replicating code embedded within another program (host)
• Viruses associated with program files
– Hard disks, floppy disks, CD-ROMS
– Email attachments
• How viruses spread
– Diskettes or CDs
– Files downloaded from Internet
![Page 10: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/10.jpg)
1-10
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
How a Virus Replicates
1-10
![Page 11: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/11.jpg)
1-11
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Email Attachment with Possible Virus
1-11
![Page 12: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/12.jpg)
1-12
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
How an Email Virus Spreads
1-12
![Page 13: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/13.jpg)
1-13
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-13
Antivirus Software Packages
• Allow computer users to detect and
destroy viruses
• Must be kept up-to-date to be most
effective
• Many people do not keep their antivirus
software packages up-to-date
• Consumers need to beware of fake
antivirus applications
![Page 14: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/14.jpg)
1-14
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-14
Worm
• Self-contained program
• Spreads through a computer network
• Exploits security holes in networked
computers
![Page 15: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/15.jpg)
1-15
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
How a Worm Spreads
1-15
![Page 16: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/16.jpg)
1-16
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Trojan Horses
1-16
![Page 17: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/17.jpg)
1-17
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-17
![Page 18: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/18.jpg)
1-18
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-18
Trojan Horses and Backdoor Trojans
• Trojan horse: Program with benign
capability that masks a sinister purpose
• Backdoor Trojan: Trojan horse that gives
attack access to victim’s computer
![Page 19: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/19.jpg)
1-19
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Spyware and Adware
• Spyware: Program that communicates over an Internet
connection without user’s knowledge or consent
– Monitor Web surfing
– Log keystrokes
– Take snapshots of computer screen
– Send reports back to host computer
• Adware: Type of spyware that displays pop-up
advertisements related to user’s activity
• Backdoor Trojans often used to deliver spyware and
adware
1-19
![Page 20: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/20.jpg)
1-20
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-20
Defensive Measures
• Security patches: Code updates to remove
security vulnerabilities
• Anti-malware tools: Software to scan hard drives,
detect files that contain viruses or spyware, and
delete these files
• Firewall: A software application installed on a
single computer that can selectively block
network traffic to and from that computer
![Page 21: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/21.jpg)
1-21
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-21
![Page 22: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/22.jpg)
1-22
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
7.4 Cyber Crime and Cyber Attacks
1-22
![Page 23: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/23.jpg)
1-23
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley 1-23
Phishing and Spear-phishing
• Phishing: Large-scale effort to gain sensitive information from gullible computer users– At least 67,000 phishing attacks globally in second half of 2010
– New development: phishing attacks on Chinese e-commerce sites
• Spear-phishing: Variant of phishing in which email addresses chosen selectively to target particular group of recipients
![Page 24: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/24.jpg)
1-24
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Denial-of-service and Distributed
Denial-of-service Attacks
• Denial-of-service attack: Intentional action
designed to prevent legitimate users from
making use of a computer service
• Aim of a DoS attack is not to steal information
but to disrupt a server’s ability to respond to its
clients
• Distributed denial-of-service attack: DoS attack
launched from many computers, such as a
botnet
1-24
![Page 25: Chapter 7: Computer and Network Security · •Security patches: Code updates to remove security vulnerabilities •Anti-malware tools: Software to scan hard drives, detect files](https://reader030.vdocuments.net/reader030/viewer/2022040216/5f241716744ffa072c2e9e62/html5/thumbnails/25.jpg)
1-25
Copyright © 2013 Pearson Education, Inc. Publishing as Pearson Addison-Wesley
Cyber Crime
• Criminal organizations making significant
amounts of money form malware
1-25