mudji rachmat ramelan [email protected]. education formal mba, on information technology, 2005...
TRANSCRIPT
Mudji Rachmat [email protected]
EDUCATIONFormal
MBA, on Information Technology, 2005 Meinders Business School, Oklahoma City University, Oklahoma.
B.Sc. Management. 1998. Marketing Management FE-UNILA
Non FormalMCP (Microsoft Certified Professionals) on Windows
2000 Server and Windows 2000 Professional, Dbase III+ Programming, Paradox Programming, Novell Operating System, CCNA, Oracle 8, Sun Thin Client
Diving Certificate Scuba Diver 3 1 Star Diver CMAS / POSSI
Short Course in internet Technology Prince of Songkha University, Phuket Thailand
Short Course Training on Information Technology Develop ment at Kunsan Vocational Training Institute, South Korea
Short course for INHERENT administrator, ITB, Bandung
Pengalaman(1999 – now) Lecturer at Management Department, FE UNILA(1996) Network Administrator Buletin Board Service - UNILA(1999) TA at Medical Faculty, Sriwijaya University Palembang(1997-2000) Administrator Project for UNILA–LAMPUNG node
on with AI3 (Asia Internet Initiatives Interconnection)(1999–2000) Network Design Team for (SIAKAD) UNILA(1997–2002) IT Procurement Unit LPIU-DUE Project UNILA(1996 – 2002) Network Design Team and IU UNILA BACKBONE (2002 ) Procurement Unit for TPSDP–UNILA cooperation with
BINUS (Bina Nusantara), GUNADARMA, BUMIGORA University.
Task Force Inherent K2 Universitas Lampung 2006Procurement IMHERE Project UNILA 2007 – 2008PIC INHERENT Local Node UNILA 2006 - nowKoordinator BBS-Unilanet Pusat Pelayanan Internet PUSKOM
UNILA – July 2006 - now
CoursesSistem Informasi ManajemenE-CommerceTeknologi InformasiPengantar Aplikasi KomputerPemasaran International
ActivitiesInternet and Intranet
History and FunctionEmail dan internet Browsing (if possible)Transfer File and File SavingVirus
MISPREDICTIONS BY IT INDUSTRY LEADERSThis “telephone” has too many shortcomings to be seriously considered as a means of communication. The device is inherently of no value to us. -Western Union internal memo, 1876
I think there is a world market for maybe five computers.
There is no reason anyone would want a computer in their home.
640K ought to be enough for anybody.
Dell has a great business model, but that dog won’t scale.
-Thomas Watson, chairman of IBM, 1943
But what [is a microchip] good for?-Engineer at the Advanced Computing Systems Division of IBM, 1968
-Ken Olson, president, chairman, and founder of Digital Equipment Corp., 1977
-Attributed to Bill Gates, chairman of Microsoft, 1981
-John Shoemaker, head of Sun’s server division, 2000
Internet and IntranetInternet
International network of network that are commercial (private) and publicly owned, connecting thousands of different network from more 200 countries around the world. (Managing digital Firm Page 17, K.C Laudon)
Internet and IntranetIntranet
An internal network based on internet and World Wide Web Standards (Managing digital Firm Page 24, K.C Laudon)
ExtranetPrivate Intranet that is accessible to
authorized outsiders. (Managing digital Firm Page 24, K.C Laudon)
Internet MapInternet map:
http://www.caida.org/tools/visualization/mapnet/Backbones/
Internet History1836 Telegraph, Patented.1858-1866 Transatlantic cable. Europe and US1876 Telephone by Alexander Graham Bell1957 Sputnik launch (USSR), Advanced Research
Projects Agency (ARPA) Inside US DoD1962 - 1968 Packet-switching (PS) networks initiate as
foundation of data transfer in internet 1969 the birth of ARPANET by DoD 1971 ARPANET expanded to 15 nodes (23 host), email
were introduce1972 the first public demonstration of ARPANET
connecting 40 host, Telnet were introduce
Internet History (con’t)1973
The first International connection of ARPANET to University College of London (England) and Royal Radar Establishment (Norway)
Ethernet and FTP (file transfer protocol) format were initiate, the idea of internet emerged.
1974 TCP (Transmission Control Program) used as
standard in ARPANET networkTelenet, commercial version of ARPANET launched.
1976 Networking networks expanding.UUCP (Unix-to-Unix CoPy) created by AT&T Bell Labs
and distributed together with UNIXUNIX as operating system still used until now.
Internet History (con’t)1977
E-mail become more popularInternet became reality with 100 connected host. THEORYNET became the fist network that provide
email to more than 100 researcher.Email format and specifications became standardPublic demonstration of ARPANET/Packet Radio Net/
SATNET Internet protocols through gateways. 1979
News Groups introducedUSENET created with UUCP and still used until todayARPA created Internet Configuration Control Board.
Internet History (con’t)1981
Various private and commercial network started to combine and connected.
BITNET ("Because It's Time NETwork”) started as first cooperative network at City University (New York) with first connection to Yale University
1982 TCP/IP (Transmission Control Protocol (TCP) dan
Internet Protocol (IP) ), became future data communication standard.
1983 Internet became bigger and bigger Name server created, host naming with alphabet
characters started.Internet Activities Board (IAB) created replacing
ICCB Berkeley Labs launch UNIX 4.2BSD with TCP/IP
Internet History (con’t)1984
Host connected reach 1000 hostsDomain Name Server (DNS) implemented, host
naming become less complicated 123.456.789.10 = www.myuniversity.mydept.mynetwork.mycountry (www.unila.ac.id).
1986 Internet power become reality with 5000 host
connected and 241 news groups.Network News Transfer Protocol (NNTP) created.
1987 Internet commercialization, host number increased
to 28.000
UUNET established provided commercial UUCP and Usenet access.
Internet History (con’t)1988
Introduction of Internet Relay Chat (IRC) 1989
Host increase to 100,000 hosts.The first relay between commercial email and
internet Internet Engineering Task Force (IETF) and
Internet Research Task Force (IRTF) established under IAB
1990 Host increase to 300,000 Hosts and 1,000 News
groups ARPANET existence decreaseThe World (world.std.com) the first company that
provide internet service through dial up
Internet History (con’t)1991
Friendly User Interface ke WWW created.Gopher created by Paul Lindner and Mark P.
McCahill from university of Minnesota. World-Wide Web (WWW) standard established by
CERN; Tim Berners-Lee1992
Multimedia change the face of internetHost number increase to 1 million, News groups
reach 4,000
Established of Internet Society (ISOC)The first MBONE audio multicast (March) dan video
multicast (November). "Surfing the Internet" introduced by by Jean Armour
Polly.
Internet History (con’t)1993
WWW revolution, 2 Million hosts and 600 WWW sites. Business and Media really take notice of the Internet. White house and United Nations on-line. Mosaic popularity in internet as front end for WWW
evolved to Netscape the most popular WWW browser at that time.
1994 Internet commercialization started, 3 million host10.000
www sites and 10.00 newsgroupARPANET/Internet 25th year anniversary.Local community started to connect directly to internet,
US senate start to give information server access. Internet Became life standard, the first Cyberbank opened
Internet History (con’t)1995
6.5 Million Hosts, 100,000 WWW Sites. dial-up systems (by Compuserve, America Online,
Prodigy) selling internet accessDomain name registration is not free any more. Search Engine technology introduced.
1996 Microsoft entering internet business, 12.8 Million hosts
and 0.5 million WWW sites.
Telephone Technology through internet (VO-IP) became threat to telecommunication industry, they plead to US senate to banned this technology. (US Senate only banned this technology only for 1 year)
WWW wars between netscape dan microsoft started.
September 2002The Internet Reached TwoImportant Milestones:
200,000,000 IP Hosts> 840,000,000 Users
Internet Growth Trends2005
The sky is the limitsUse search engine to find more information
Domain Name INTERNET naming based on TCP/IP protocol
IP (Internet Protocol) Based on 4 column between 0 and 255 and each
column separated by dot. xxx.xxx.xxx.xxx 167.205.136.1 35.8.7.92 This technology called IPv4 (Internet Protocol
Version 4)
Domain Name IP address management in the world being
distributed and manage by InterNIC where it will distributed to ISP (Internet Service Provider),
ISP will distributed to its user and customer. DNS (domain name system) used to give
flexibility to translate ip address number to non number identification.167.205.136.1 = www.unila.ac.id208.150.216.210 = www.kompas.com
Domain Name DNS concepts can be describe as
maiser.unila.ac.id 1 . 2 . 3 . 4
4 = country code.id = Indonesia.uk = United Kingdom
([email protected]).us = United States ([email protected]).jp = Japan ([email protected]).au = Australia ([email protected]).sg = Singapore ([email protected])
Domain Name maiser.unila.ac.id 1 . 2 . 3 . 4
.ac / the third column = institution type.ac. = Academic ([email protected]).edu.= Education ([email protected]).mil.= militer ([email protected]).com/co.= commercial ([email protected]).gov/go. = government ([email protected]).org / or = organization ([email protected]).net. = Internet Service Provider
([email protected]).tv. = televisionWeb = web provide company Sch = school
Domain Name maiser.unila.ac.id 1 . 2 . 3 . 4
.unila / 2nd column = institution name .itb.= Institut Teknologi Bandung ([email protected]).ui. = Universitas Indonesia ([email protected]).bppt. = BPPT ([email protected]).ptme = PT. Metrodata Elektronik ([email protected]).republika = Koran Republika ([email protected])
Maiser. / 1st column = machine/host name/sub [email protected] maiser = komputer mail [email protected] cnrg = computer network research
[email protected] xxx = komputer xxx
EmailFormat email
[email protected]@[email protected]@unila.ac.id
Email readerPine (unix
environment)Outlook (windows environment)Netscape Messengger (windows environment)Eudora (windows environment)Pegasus (dos/windows
environment)dll
Main component of email (HEADER)From (sender)To (receiver)CC (carbon copy / tembusan)BCC (blind carbon copy / tembusan)Subject (isi subyek dari email)ATTACHMENT (sisipan file)
gTLD Entity Notes.aero air-transport
industryMust verify eligibility for registration; only those in various categories of air-travel-related entities may register.
.asia Asia-Pacific region This is a TLD for companies, organizations, and individuals based in the region of Asia, Australia, and the Pacific.
.biz business This is an open TLD; any person or entity is permitted to register; however, registrations may be challenged later if they are not by commercial entities in accordance with the domain's charter.
.cat Catalan This is a TLD for websites in the Catalan language or related to Catalan culture.
.com commercial This is an open TLD; any person or entity is permitted to register.
.coop cooperatives The .coop TLD is limited to cooperatives as defined by the Rochdale Principles.
.edu educational The .edu TLD is limited to accredited postsecondary institutions (nearly all 2 and 4-year colleges and universities in the U.S. and increasingly overseas, e.g., Australia and China).
.gov U.S. governmental The .gov TLD is limited to U.S. governmental entities and agencies (mostly but not exclusively federal).
.info information This is an open TLD; any person or entity is permitted to register.
gTLD Entity Notes.int international
organizationsThe .int TLD is strictly limited to organizations, offices, and programs which are endorsed by a treaty between two or more nations.
.jobs companies The .jobs TLD is designed to be added after the names of established companies with jobs to advertise. At this time, owners of a "company.jobs" domain are not permitted to post jobs of third party employers.
.mil U.S. military The .mil TLD is limited to use by the U.S. military.
.mobi mobile devices Must be used for mobile-compatible sites in accordance with standards.
.museum museums Must be verified as a legitimate museum.
.name individuals, by name
This is an open TLD; any person or entity is permitted to register; however, registrations may be challenged later if they are not by individuals (or the owners of fictional characters) in accordance with the domain's charter.
gTLD Entity Notes.net network This is an open TLD; any person or entity is permitted to
register..org organization This is an open TLD; any person or entity is permitted to
register..pro professions Currently, .pro is reserved for licensed or certified lawyers,
accountants, physicians and engineers in France, Canada, UK and the U.S. A professional seeking to register a .pro domain must provide their registrar with the appropriate credentials.
.tel Internet communication services
.travel travel and tourism industry related sites
Must be verified as a legitimate travel-related entity.
Other top domain name trends 1 Tuvalu and the Federated States of Micronesia, small island-states in the
Pacific, have partnered with VeriSign and FSM Telecommunications respectively, to sell domain names using the .tv and .fm TLDs to television and radio stations.
.ad is a ccTLD for Andorra, but has recently been increasingly used by advertising agencies or classified advertising.
.am is a ccTLD for Armenia, but is often used for AM radio stations, or for domain hacks (such as .i.am)
.dj is a ccTLD for Djibouti but is used for CD merchants and disc jockeys. .je is a ccTLD for Jersey but is often used as a diminutive in Dutch (e.g.
"huis.je"), as "you" ("zoek.je" = "search ye!"), or as "I" in French (e.g. "moi.je") .la is a ccTLD for Laos but is marketed as the TLD for Los Angeles.
.li is a ccTLD for Liechtenstein but is marketed as the TLD for Long Island. .lv is a ccTLD for Latvia but is also used to abbreviate Las Vegas or less
frequently, love. .ly is a ccTLD for Libya but is also used for words ending with suffix "ly".
Other top domain name trends 2 .sc is a ccTLD for Seychelles but is often used as .Source .sh is a ccTLD for Saint Helena, but is also sometimes used for entities
connected to the German Bundesland of Schleswig-Holstein. .si is a ccTLD for Slovenia, but is also used by Hispanic sites as "yes" ("sí").
Mexican mayor candidate Jorge Arana, for example, had his web site registered as http://www.jorgearana.si (i.e. "Jorge Arana, sí", meaning Jorge Arana, yes").
.sr is a ccTLD for Suriname but is marketed as being for "seniors". .st is a ccTLD for São Tomé and Príncipe but is being marketed worldwide as
an abbreviation for various things including "street". .tk is a ccTLD for Tokelau but is bought by someone and given away at
dot.tk page .tm is a ccTLD for Turkmenistan but it can be used as "Trade Mark" .to is a ccTLD for Tonga but is often used as the English word "to", like "go.to";
also is marketed as the TLD for Toronto. .tv is a ccTLD for Tuvalu but it is used for the television ("TV") / entertainment
industry purposes. .vg is a ccTLD for British Virgin Islands but is sometimes used to abbreviate
Video games
Other top domain name trends 3 .vu is a ccTLD for Vanuatu but means "seen" in French as well as an
abbreviation for the English language word "view". .ws is a ccTLD for Samoa (earlier Western Samoa), but is marketed
as .Website .md is a ccTLD for Moldova, but is marketed to the medical industry
(as in "medical domain" or "medical doctor"). .me is a ccTLD for Montenegro, and is recently opened to
individuals. .ms is a ccTLD for Montserrat, but is also used by Microsoft for such
projects as popfly.ms. .mu is a ccTLD for Mauritius, but is used within the music industry. .ni is a ccTLD for Nicaragua, but is occasionally adopted by
companies from Northern Ireland, particularly to distinguish from the more usual
.uk within all parts of the United Kingdom .nu is a ccTLD for Niue but marketed as resembling "new" in
English and "now" in Scandinavian/Dutch. Also meaning "nude" in French/Portuguese.
.pr is a ccTLD for Puerto Rico, but can be used in the meaning of "Public Relations"
Internet Value
Business Use of the Internet
Internet connectivityBroadband
Speedy (Indonesia)Cox.net (US)
Dial UpTelkomnet Instant
(Indonesia_Netzero (US)
Wireless Lan2.4 Ghz5.x Ghz
Fiber OpticMobile
Telkomsel FlashIndosatVirgin MobileAT&T
PRICING !!!!
38
Metcalfe’s LawThe usefulness, or utility, of a network equals
the square of the number of usersThe more users on a network, the more useful
it becomesUntil critical mass is reached, a change in
technology only affects the technologyOnce critical mass is attained, social, political,
and economic systems changeExample: The Internet is growing
exponentially. We can expect more value, for less cost, virtually every time we log on.
Broadband Internet Trend South Korea (95%) Singapore (88%) Netherlands (85%) Denmark (82%) Taiwan (81%) Hong Kong (81%) Israel (77%) Switzerland (76%) Canada (76%)
Norway (75%) Australia (72%) Finland (69%) France (68%) United Kingdom (67%) United Arab Emirates
(65%) Japan (64%) Sweden (63%) Estonia (62%) Belgium (62%) USA (60%)
Source : http://arstechnica.com/tech-policy/news/2009/06/us-20th-in-broadband-penetration-trails-s-korea-estonia.ars
Internet Population (in million)
Internet Growth Trends1977: 111 hosts on Internet1981: 213 hosts1983: 562 hosts1984: 1,000 hosts1986: 5,000 hosts1987: 10,000 hosts1989: 100,000 hosts1992: 1,000,000 hosts2001: 150 – 175 million hosts2002: over 200 million hostsBy 2010, about 80% of the planet will be on
the Internet
Internet Applicationhttp://docs.google.comhttp://maps.google.com/http://www.google.com/trendshttp://www.google.com/analytics/Zinio.comwww.netflix.comhttp://books.google.com/http://translate.google.comhttp://www4.passur.com/jfk.htmlhttp://radar.weather.govhttp://www.news9.com/global/Category.asp?
c=118562http://www.internetworldstats.com/stats.htm
E-Commerce Matrix
E-commerce sites componentShopping cart Website
http://ecommerce.networksolutions.com/ http://www.fortune3.com http://store.resellfortune.com/ http://www.activecheckout.com/
Security http://www.verisign.com
Payment http://www.daopay.com http://www.plimus.com/ http://www.onebip.com
E-commerce sites www.nike.com http://www.thaigem.com
Waseda University e-gov rank
Waseda University e-gov rank
E-govhttp://www.gov.tw/ (Taiwan)http://www.gov.sg/ (Singapore)http://www.ecitizen.gov.sg/ (Singopore)http://www.usa.gov/ (USA)http://www.bantul.go.idhttp://www.agamkab.go.id/http://www.kotabekasi.go.id/
INHERENT?Indonesia Higher Education Network Pertama kalinya Indonesia mempunyai
jaringan riset dan pendidikanAgustus 2006Jaringan sejenis di negara lain
Singapore : SINGAREN (www.singaren.net.sg) Australia : AARNET (www.aarnet.edu.au)China : CERNET (www.cernet.edu.cn) USA : ABILENE (abilene.internet2.edu) Europe : GEANT (www.geant.net) Asia : TEIN2 (www.tein2.net)
Tingkatan jaringan (network)• ADVANCE NETWORK
– Stm 1 : 155 Mbps– UI, ITB, UGM, UNDIP, UNIBRAW, ITS
• MEDIUM NETWORK– 4E1: 8 Mbps– USU, UNAND, UNUD, UNHAS, UNSRAT, UNSRI,
UNSYIAH, UNRI, UNTIRTA, UNJA, UNIB, UNILA, UNDANA, UNRAM, UNHALU, UNMUL, UNTAN, UNPAR, UNLAM, UNTAD, UNG
• BASIC NETWORK– 1E1 : 2 Mbps– UNCEN, UNIPA, UNPATI, UNKHAIR
• REDUNDANT LINK– 1 Mbps :– UNSRAT-UNMUL ; UNTAN-UNSYIAH; UNIB-UNRAM;
UNDANA-UNHALU
Jejaring Pendidikan NasionalJejaring Pendidikan Nasional(JARDIKNAS)(JARDIKNAS)Sekitar Juli 2006Kategori dan Fungsi utama JARDIKNAS :
JARDIKNAS Kantor Dinas/Institusi Transaksi data online SIM Pendidikan
JARDIKNAS Perguruan Tinggi Riset dan Pengembangan IPTEKS
JARDIKNAS Sekolah Akses Informasi dan E-Learning
JARDIKNAS Guru dan Siswa Akses Informasi dan Interaksi Komunitas
Media Koneksi dan Network JardiknasZona
Teknologi
Zona Perguruan
Tinggi
Zona Kantor Dinas/Institusi
Zona SekolahZona Guru dan Siswa
Media Akses
Serat Optik dan Satelit
Serat Optik, Wireline dan Satelit
Wireless dan Wireline
Seluler dan Wireline
Kapasitas Jaringan (Bandwidth)
2 Mbps s/d 155 Mbps
256 Kbps s/d 2 Mbps
64 Kbps s/d 1 Mbps.
32 Kbps s/d 384 Kbps
Teknologi Jaringan
STM-1, VSAT IP Dedicated atau Leased Line
MPLS, VPN IP, dan VSAT
ADSL dan Wireless 2.4 Ghz
ADSL, 3G/UMTS, GPRS, CDMA, Dialup
Node Tersambung JARDIKNAS akhir 2007 (Keynote Speech, By, H. E. Prof. Dr. Bambang Sudibyo, MBA., Minister of National Education, Republic of Indonesia, In Microsoft Government Leader Forum (MGLF), Asia Pacific 2008, Jakarta, 8 May 2008)
Sampai akhir 2007 865 nodes (OfficeNet)10.000 nodes (SchoolNet)83 perguruan tinggi negeri200 perguruan tinggi swasta 36 unit belajar jarak jauh Universitas
Terbuka
Jardiknas Lampung
INHERENT 2009
Unila-Unja-Unsri
Jaringan FO Unila
Pemanfaatan INHERENTVideo ConferenceVOIPIPv6PJJ PGSD / LPTKPeningkatan Content PembelajaranGrid Computing
Beberapa Situs Content INHERENT1. inherent.unsil.ac.id 8.
inherent.brawijaya.ac.id
15. www.inherent.ui.edu
2. inherent.ugm.ac.id 9. inherent.ipb.ac.id 16. inherent.usm.ac.id
3. inherent.stta.ac.id 10. inherent.unimal.ac.id 17. inherent.uniku.ac.id
4. inherent.wijayakusumasby.ac.id
11. inherent.uns.ac.id 18. inherent.itn.ac.id:81
5. inherent.uwiga.ac.id 12. inherent.stsi-bdg.ac.id 19. inherent.unnes.ac.id
6. inherent.uii.ac.id 13. inherent.unila.ac.id 20. inherent.usu.ac.id
7. inherent.gunadarma.ac.id 14. inherent.uwiga.ac.id 21. inherent.unimmer.ac.id
Biaya INHERENT - JARDIKNAS2006
INHERENT 33.702.749.722,00JARDIKNAS 35.028.065.000,00
Total 68.730.814.722,002007
INHERENT ……….?JARDIKNAS ……..?
Total ……..?
E-learningImplemented on
Garuda, bank mandiri, BII, BNI, Telkom, FIF, SQP Indonesia, Citibank, IBM Indonesia
BNINovember 2006 18.431 employee, on October 2007
16.733 employee already use E-learning programThe number will be higher than stated mostly because
one employee can attend several modules repeatedlyCourseware (Content) 8.1 M Rp.
69 course 269 module, 167 hours
Efficiency approx. 64 M Rp. On transportation, pocket money, consumption and accommodation
E-learning case studiesBII
Employee CompetencyBII Portal Corporate University (open source) as knowledge
management systemCMS (content management system based)LMS (learning management system) implementation (open
source)0.1% development cost from total training budget’Upgrading hardware performance, creating teaching moduleCreated module (mandate module for employee)
Know your customer – anti money laundering Operational risk management Product knowledge and service quality
Target 70 hours on e-learningTarget to cover 6.305 employee estimateTraditional methods can only covering 2.000 employee a yearWith e-learning all 6.305 employee can be covered in one
year85% cost reduction
E-learning case studiesFIF (Federal International Finance)
Traditional methods every fresh employee must take Basic mentality
module Target for 2.500 employee at a 650 M Rp. 6 days training
New Methods Converting traditional training to e-learning 3 days 2.500 employee at approx. 185 M Rp. Efficiency at 72%
Internet SecurityComputer crime includes
Unauthorized use, access, modification, or destruction of hardware, software, data, or network resources
The unauthorized release of informationThe unauthorized copying of softwareDenying an end user access to his/her own
hardware, software, data, or network resourcesUsing or conspiring to use computer or
network resources illegally to obtain information or tangible property
Cybercrime Protection Measures
HackingHacking is
The obsessive use of computersThe unauthorized access and use of networked
computer systemsElectronic Breaking and Entering
Hacking into a computer system and reading files, but neither stealing nor damaging anything
CrackerA malicious or criminal hacker who maintains
knowledge of the vulnerabilities found for private advantage
Common Hacking TacticsDenial of Service
Hammering a website’s equipment with too many requests for information
Clogging the system, slowing performance, or crashing the site
ScansWidespread probes of the Internet to determine types of
computers, services, and connectionsLooking for weaknesses
SnifferPrograms that search individual packets of data as they
pass through the InternetCapturing passwords or entire contents
SpoofingFaking an e-mail address or Web page to trick users into
passing along critical information like passwords or credit card numbers
Common Hacking TacticsTrojan House
A program that, unknown to the user, contains instructions that exploit a known vulnerability in some software
Back DoorsA hidden point of entry to be used in case the original entry
point is detected or blockedMalicious Applets
Tiny Java programs that misuse your computer’s resources, modify files on the hard disk, send fake email, or steal passwords
War DialingPrograms that automatically dial thousands of telephone
numbers in search of a way in through a modem connectionLogic Bombs
An instruction in a computer program that triggers a malicious act
Common Hacking Tactics
Buffer OverflowCrashing or gaining control of a computer by sending
too much data to buffer memoryPassword Crackers
Software that can guess passwordsSocial Engineering
Gaining access to computer systems by talking unsuspecting company employees out of valuable information, such as passwords
Dumpster DivingSifting through a company’s garbage to find information
to help break into their computers
Cyber TheftMany computer crimes involve the theft of
moneyThe majority are “inside jobs” that involve
unauthorized network entry and alternation of computer databases to cover the tracks of the employees involved
Many attacks occur through the InternetMost companies don’t reveal that they have
been targets or victims of cybercrime
Unauthorized Use at WorkUnauthorized use of computer systems and
networks is time and resource theftDoing private consultingDoing personal financesPlaying video gamesUnauthorized use of the Internet or company
networksSniffers
Used to monitor network traffic or capacityFind evidence of improper use
Internet Abuses in the WorkplaceGeneral email abusesUnauthorized usage and accessCopyright infringement/plagiarismNewsgroup postingsTransmission of confidential dataPornographyHackingNon-work-related download/uploadLeisure use of the InternetUse of external ISPsMoonlighting
Chapter 13 Security and Ethical Challenges 73
Software PiracySoftware Piracy
Unauthorized copying of computer programsLicensing
Purchasing software is really a payment for a license for fair use
Site license allows a certain number of copies
Chapter 13 Security and Ethical Challenges 74
A third of the software industry’s revenues are lost to
piracy
Theft of Intellectual PropertyIntellectual Property
Copyrighted materialIncludes such things as music, videos, images,
articles, books, and softwareCopyright Infringement is Illegal
Peer-to-peer networking techniques have made it easy to trade pirated intellectual property
Publishers Offer Inexpensive Online MusicIllegal downloading of music and video is
down and continues to drop
Chapter 13 Security and Ethical Challenges 75
Viruses and WormsA virus is a program that cannot work without
being inserted into another programA worm can run unaided
These programs copy annoying or destructive routines into networked computersCopy routines spread the virus
Commonly transmitted throughThe Internet and online servicesEmail and file attachmentsDisks from contaminated computersShareware
Chapter 13 Security and Ethical Challenges 76
Top Five Virus Families of all Time My Doom, 2004
Spread via email and over Kazaa file-sharing network Installs a back door on infected computers Infected email poses as returned message or one that
can’t be opened correctly, urging recipient to click on attachment
Opens up TCP ports that stay open even after termination of the worm
Upon execution, a copy of Notepad is opened, filled with nonsense characters
Netsky, 2004 Mass-mailing worm that spreads by emailing itself to all
email addresses found on infected computers Tries to spread via peer-to-peer file sharing by copying
itself into the shared folder It renames itself to pose as one of 26 other common files
along the way
Top Five Virus Families of all TimeSoBig, 2004
Mass-mailing email worm that arrives asan attachment Examples: Movie_0074.mpg.pif, Document003.pif
Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for email addresses to which it can send itself
Also attempts to download updates for itselfKlez, 2002
A mass-mailing email worm that arrives with a randomly named attachment
Exploits a known vulnerability in MS Outlook to auto-execute on unpatched clients
Tries to disable virus scanners and then copy itself to all local and networked drives with a random file name
Deletes all files on the infected machine and any mapped network drives on the 13th of all even-numbered months
Top Five Virus Families of all TimeSasser, 2004
Exploits a Microsoft vulnerability to spread from computer to computer with no user intervention
Spawns multiple threads that scan local subnets for vulnerabilities
The Cost of Viruses, Trojans, WormsCost of the top five virus families
Nearly 115 million computers in 200 countries were infected in 2004
Up to 11 million computers are believed to be permanently infected
In 2004, total economic damage from virus proliferation was $166 to $202 billion
Average damage per computer is between $277 and $366
Adware and SpywareAdware
Software that purports to serve a useful purpose, and often does
Allows advertisers to display pop-up and banner ads without the consent of the computer users
SpywareAdware that uses an Internet connection in the
background, without the user’s permission or knowledge
Captures information about the user and sends it over the Internet
Spyware ProblemsSpyware can steal private information and also
Add advertising links to Web pagesRedirect affiliate paymentsChange a users home page and search settingsMake a modem randomly call premium-rate
phone numbersLeave security holes that let Trojans inDegrade system performance
Removal programs are often not completely successful in eliminating spyware
Privacy IssuesThe power of information technology to store
and retrieve information can have a negative effect on every individual’s right to privacyPersonal information is collected with every
visit to a Web siteConfidential information stored by credit
bureaus, credit card companies, and the government has been stolen or misused
Opt-in Versus Opt-outOpt-In
You explicitly consent to allow data to be compiled about you
This is the default in EuropeOpt-Out
Data can be compiled about you unless you specifically request it not be
This is the default in the U.S.
84
Privacy IssuesViolation of Privacy
Accessing individuals’ private email conversations and computer records
Collecting and sharing information about individuals gained from their visits to Internet websites
Computer MonitoringAlways knowing where a person isMobile and paging services are becoming more closely
associated with people than with placesComputer Matching
Using customer information gained from many sources to market additional business services
Unauthorized Access of Personal FilesCollecting telephone numbers, email addresses, credit
card numbers, and other information to build customer profiles
Protecting Your Privacy on the InternetThere are multiple ways to protect your
privacyEncrypt emailSend newsgroup postings through anonymous
remailersAsk your ISP not to sell your name and
information to mailing list providers and other marketers
Don’t reveal personal data and interests on online service and website user profiles
Privacy LawsElectronic Communications Privacy Act
and Computer Fraud and Abuse ActProhibit intercepting data communications messages,
stealing or destroying data, or trespassing in federal-related computer systems
U.S. Computer Matching and Privacy ActRegulates the matching of data held in federal agency files
to verify eligibility for federal programsOther laws impacting privacy and how
much a company spends on complianceSarbanes-OxleyHealth Insurance Portability and Accountability Act
(HIPAA)Gramm-Leach-BlileyUSA Patriot ActCalifornia Security Breach LawSecurities and Exchange Commission rule 17a-4
Chapter 13 Security and Ethical Challenges 87
Computer Libel and CensorshipThe opposite side of the privacy debate…
Freedom of information, speech, and pressBiggest battlegrounds - bulletin boards, email boxes,
and online files of Internet and public networksWeapons used in this battle – spamming, flame mail,
libel laws, and censorshipSpamming - Indiscriminate sending of unsolicited
email messages to many Internet usersFlaming
Sending extremely critical, derogatory, and often vulgar email messages or newsgroup posting to other users on the Internet or online services
Especially prevalent on special-interest newsgroups
Chapter 13 Security and Ethical Challenges 88
CyberlawLaws intended to regulate activities over the Internet or via
electronic communication devicesEncompasses a wide variety of legal and political issuesIncludes intellectual property, privacy, freedom of
expression, and jurisdictionThe intersection of technology and the law is controversial
Some feel the Internet should not be regulatedEncryption and cryptography make traditional form of
regulation difficultThe Internet treats censorship as damage and simply
routes around itCyberlaw only began to emerge in 1996
Debate continues regarding the applicability of legal principles derived from issues that had nothing to do with cyberspace
Chapter 13 Security and Ethical Challenges 89
Internetworked Security DefensesEncryption
Data is transmitted in scrambled formIt is unscrambled by computer systems for
authorized users onlyThe most widely used method uses a pair of
public and private keys unique to each individual
Chapter 13 Security and Ethical Challenges 90
Internetworked Security DefensesFirewalls
A gatekeeper system that protects a company’s intranets and other computer networks from intrusion
Provides a filter and safe transfer point for access to/from the Internet and other networks
Important for individuals who connect to the Internet with DSL or cable modems
Can deter hacking, but cannot prevent it
Chapter 13 Security and Ethical Challenges 91
Internet and Intranet Firewalls
Chapter 13 Security and Ethical Challenges 92
Denial of Service AttacksDenial of service attacks depend on three
layers of networked computer systemsThe victim’s websiteThe victim’s Internet service providerZombie or slave computers that have been
commandeered by the cybercriminals
Chapter 13 Security and Ethical Challenges 93
Defending Against Denial of ServiceAt Zombie Machines
Set and enforce security policiesScan for vulnerabilities
At the ISPMonitor and block traffic spikes
At the Victim’s WebsiteCreate backup servers and network
connections
Chapter 13 Security and Ethical Challenges 94
Internetworked Security DefensesEmail Monitoring
Use of content monitoring software that scans for troublesome words that might compromise corporate security
Virus DefensesCentralize the updating and distribution of
antivirus softwareUse a security suite that integrates virus
protection with firewalls, Web security, and content blocking features
Chapter 13 Security and Ethical Challenges 95
Other Security Measures Security Codes
Multilevel password system Encrypted passwords Smart cards with microprocessors
Backup Files Duplicate files of data or programs
Security Monitors Monitor the use of computers and networks Protects them from unauthorized use, fraud, and
destruction Biometrics
Computer devices measure physical traits that make each individual unique Voice recognition, fingerprints, retina scan
Computer Failure Controls Prevents computer failures or minimizes its effects Preventive maintenance Arrange backups with a disaster recovery organization
Chapter 13 Security and Ethical Challenges 96
Other Security Measures In the event of a system failure, fault-tolerant systems
have redundant processors, peripherals, and software that provideFail-over capability: shifts to back up componentsFail-save capability: the system continues to operate at
the same levelFail-soft capability: the system continues to operate at
a reduced but acceptable levelA disaster recovery plan contains formalized procedures
to follow in the event of a disasterWhich employees will participateWhat their duties will beWhat hardware, software, and facilities will be usedPriority of applications that will be processedUse of alternative facilitiesOffsite storage of databases
Chapter 13 Security and Ethical Challenges 97
Auditing IT SecurityIT Security Audits
Performed by internal or external auditorsReview and evaluation of security measures
and management policiesGoal is to ensure that that proper and adequate
measures and policies are in place
Chapter 13 Security and Ethical Challenges 98
Protecting Yourself from Cybercrime
Chapter 13 Security and Ethical Challenges 99