Mudji Rachmat Ramelanmuji@unila.ac.id

EDUCATIONFormal

MBA, on Information Technology, 2005 Meinders Business School, Oklahoma City University, Oklahoma.

B.Sc. Management. 1998. Marketing Management FE-UNILA

Non FormalMCP (Microsoft Certified Professionals) on Windows

2000 Server and Windows 2000 Professional, Dbase III+ Programming, Paradox Programming, Novell Operating System, CCNA, Oracle 8, Sun Thin Client

Diving Certificate Scuba Diver 3 1 Star Diver CMAS / POSSI

Short Course in internet Technology Prince of Songkha University, Phuket Thailand

Short Course Training on Information Technology Develop ment at Kunsan Vocational Training Institute, South Korea

Short course for INHERENT administrator, ITB, Bandung

Pengalaman(1999 – now) Lecturer at Management Department, FE UNILA(1996) Network Administrator Buletin Board Service - UNILA(1999) TA at Medical Faculty, Sriwijaya University Palembang(1997-2000) Administrator Project for UNILA–LAMPUNG node

on with AI3 (Asia Internet Initiatives Interconnection)(1999–2000) Network Design Team for (SIAKAD) UNILA(1997–2002) IT Procurement Unit LPIU-DUE Project UNILA(1996 – 2002) Network Design Team and IU UNILA BACKBONE (2002 ) Procurement Unit for TPSDP–UNILA cooperation with

BINUS (Bina Nusantara), GUNADARMA, BUMIGORA University.

Task Force Inherent K2 Universitas Lampung 2006Procurement IMHERE Project UNILA 2007 – 2008PIC INHERENT Local Node UNILA 2006 - nowKoordinator BBS-Unilanet Pusat Pelayanan Internet PUSKOM

UNILA – July 2006 - now

CoursesSistem Informasi ManajemenE-CommerceTeknologi InformasiPengantar Aplikasi KomputerPemasaran International

ActivitiesInternet and Intranet

History and FunctionEmail dan internet Browsing (if possible)Transfer File and File SavingVirus

MISPREDICTIONS BY IT INDUSTRY LEADERSThis “telephone” has too many shortcomings to be seriously considered as a means of communication. The device is inherently of no value to us. -Western Union internal memo, 1876

I think there is a world market for maybe five computers.

There is no reason anyone would want a computer in their home.

640K ought to be enough for anybody.

Dell has a great business model, but that dog won’t scale.

-Thomas Watson, chairman of IBM, 1943

But what [is a microchip] good for?-Engineer at the Advanced Computing Systems Division of IBM, 1968

-Ken Olson, president, chairman, and founder of Digital Equipment Corp., 1977

-Attributed to Bill Gates, chairman of Microsoft, 1981

-John Shoemaker, head of Sun’s server division, 2000

Internet and IntranetInternet

International network of network that are commercial (private) and publicly owned, connecting thousands of different network from more 200 countries around the world. (Managing digital Firm Page 17, K.C Laudon)

Internet and IntranetIntranet

An internal network based on internet and World Wide Web Standards (Managing digital Firm Page 24, K.C Laudon)

ExtranetPrivate Intranet that is accessible to

authorized outsiders. (Managing digital Firm Page 24, K.C Laudon)

Internet MapInternet map:

http://www.caida.org/tools/visualization/mapnet/Backbones/

Internet History1836 Telegraph, Patented.1858-1866 Transatlantic cable. Europe and US1876 Telephone by Alexander Graham Bell1957 Sputnik launch (USSR), Advanced Research

Projects Agency (ARPA) Inside US DoD1962 - 1968 Packet-switching (PS) networks initiate as

foundation of data transfer in internet 1969 the birth of ARPANET by DoD 1971 ARPANET expanded to 15 nodes (23 host), email

were introduce1972 the first public demonstration of ARPANET

connecting 40 host, Telnet were introduce

Internet History (con’t)1973

The first International connection of ARPANET to University College of London (England) and Royal Radar Establishment (Norway)

Ethernet and FTP (file transfer protocol) format were initiate, the idea of internet emerged.

1974 TCP (Transmission Control Program) used as

standard in ARPANET networkTelenet, commercial version of ARPANET launched.

1976 Networking networks expanding.UUCP (Unix-to-Unix CoPy) created by AT&T Bell Labs

and distributed together with UNIXUNIX as operating system still used until now.

Internet History (con’t)1977

E-mail become more popularInternet became reality with 100 connected host. THEORYNET became the fist network that provide

email to more than 100 researcher.Email format and specifications became standardPublic demonstration of ARPANET/Packet Radio Net/

SATNET Internet protocols through gateways. 1979

News Groups introducedUSENET created with UUCP and still used until todayARPA created Internet Configuration Control Board.

Internet History (con’t)1981

Various private and commercial network started to combine and connected.

BITNET ("Because It's Time NETwork”) started as first cooperative network at City University (New York) with first connection to Yale University

1982 TCP/IP (Transmission Control Protocol (TCP) dan

Internet Protocol (IP) ), became future data communication standard.

1983 Internet became bigger and bigger Name server created, host naming with alphabet

characters started.Internet Activities Board (IAB) created replacing

ICCB Berkeley Labs launch UNIX 4.2BSD with TCP/IP

Internet History (con’t)1984

Host connected reach 1000 hostsDomain Name Server (DNS) implemented, host

naming become less complicated 123.456.789.10 = www.myuniversity.mydept.mynetwork.mycountry (www.unila.ac.id).

1986 Internet power become reality with 5000 host

connected and 241 news groups.Network News Transfer Protocol (NNTP) created.

1987 Internet commercialization, host number increased

to 28.000

UUNET established provided commercial UUCP and Usenet access.

Internet History (con’t)1988

Introduction of Internet Relay Chat (IRC) 1989

Host increase to 100,000 hosts.The first relay between commercial email and

internet Internet Engineering Task Force (IETF) and

Internet Research Task Force (IRTF) established under IAB

1990 Host increase to 300,000 Hosts and 1,000 News

groups ARPANET existence decreaseThe World (world.std.com) the first company that

provide internet service through dial up

Internet History (con’t)1991

Friendly User Interface ke WWW created.Gopher created by Paul Lindner and Mark P.

McCahill from university of Minnesota. World-Wide Web (WWW) standard established by

CERN; Tim Berners-Lee1992

Multimedia change the face of internetHost number increase to 1 million, News groups

reach 4,000

Established of Internet Society (ISOC)The first MBONE audio multicast (March) dan video

multicast (November). "Surfing the Internet" introduced by by Jean Armour

Polly.

Internet History (con’t)1993

WWW revolution, 2 Million hosts and 600 WWW sites. Business and Media really take notice of the Internet. White house and United Nations on-line. Mosaic popularity in internet as front end for WWW

evolved to Netscape the most popular WWW browser at that time.

1994 Internet commercialization started, 3 million host10.000

www sites and 10.00 newsgroupARPANET/Internet 25th year anniversary.Local community started to connect directly to internet,

US senate start to give information server access. Internet Became life standard, the first Cyberbank opened

Internet History (con’t)1995

6.5 Million Hosts, 100,000 WWW Sites. dial-up systems (by Compuserve, America Online,

Prodigy) selling internet accessDomain name registration is not free any more. Search Engine technology introduced.

1996 Microsoft entering internet business, 12.8 Million hosts

and 0.5 million WWW sites.

Telephone Technology through internet (VO-IP) became threat to telecommunication industry, they plead to US senate to banned this technology. (US Senate only banned this technology only for 1 year)

WWW wars between netscape dan microsoft started.

September 2002The Internet Reached TwoImportant Milestones:

200,000,000 IP Hosts> 840,000,000 Users

Internet Growth Trends2005

The sky is the limitsUse search engine to find more information

Domain Name INTERNET naming based on TCP/IP protocol

IP (Internet Protocol) Based on 4 column between 0 and 255 and each

column separated by dot. xxx.xxx.xxx.xxx 167.205.136.1 35.8.7.92 This technology called IPv4 (Internet Protocol

Version 4)

Domain Name IP address management in the world being

distributed and manage by InterNIC where it will distributed to ISP (Internet Service Provider),

ISP will distributed to its user and customer. DNS (domain name system) used to give

flexibility to translate ip address number to non number identification.167.205.136.1 = www.unila.ac.id208.150.216.210 = www.kompas.com

Domain Name DNS concepts can be describe as

maiser.unila.ac.id 1 . 2 . 3 . 4

4 = country code.id = Indonesia.uk = United Kingdom

(peter@jerk.edu.uk).us = United States (peter@mars.nasa.go).jp = Japan (shien@maca.ac.jp).au = Australia (bob@landiv.mil.au).sg = Singapore (head@intel.com)

Domain Name maiser.unila.ac.id 1 . 2 . 3 . 4

.ac / the third column = institution type.ac. = Academic (admin@maiser.unila.ac.id).edu.= Education (admin@grep.mit.edu).mil.= militer (pentagon-info@mil.us).com/co.= commercial (snake@petshop.com).gov/go. = government (alatas@rty.deplu.gov.id).org / or = organization (info@golkar.org).net. = Internet Service Provider

(server@idola.net.id).tv. = televisionWeb = web provide company Sch = school

Domain Name maiser.unila.ac.id 1 . 2 . 3 . 4

.unila / 2nd column = institution name .itb.= Institut Teknologi Bandung (info@nic.itb.ac.id).ui. = Universitas Indonesia (puskom@ui.ac.di).bppt. = BPPT (info@bppt.go.id).ptme = PT. Metrodata Elektronik (sales@ptme.com).republika = Koran Republika (kontak@republika.co.id)

Maiser. / 1st column = machine/host name/sub institutionWebmaster@unila.ac.id maiser = komputer mail serverInfo@cnrg.itb.ac.id cnrg = computer network research

groupInfo@xxx.oke.edu xxx = komputer xxx

EmailFormat email

xxx@xxx.xxx.xxxMISAL :

zarina@maiser.unila.ac.idmajordomo@itb.ac.idmajordomo@columbia.eduadmin@unila.ac.id

Email readerPine (unix

environment)Outlook (windows environment)Netscape Messengger (windows environment)Eudora (windows environment)Pegasus (dos/windows

environment)dll

Main component of email (HEADER)From (sender)To (receiver)CC (carbon copy / tembusan)BCC (blind carbon copy / tembusan)Subject (isi subyek dari email)ATTACHMENT (sisipan file)

gTLD Entity Notes.aero air-transport

industryMust verify eligibility for registration; only those in various categories of air-travel-related entities may register.

.asia Asia-Pacific region This is a TLD for companies, organizations, and individuals based in the region of Asia, Australia, and the Pacific.

.biz business This is an open TLD; any person or entity is permitted to register; however, registrations may be challenged later if they are not by commercial entities in accordance with the domain's charter.

.cat Catalan This is a TLD for websites in the Catalan language or related to Catalan culture.

.com commercial This is an open TLD; any person or entity is permitted to register.

.coop cooperatives The .coop TLD is limited to cooperatives as defined by the Rochdale Principles.

.edu educational The .edu TLD is limited to accredited postsecondary institutions (nearly all 2 and 4-year colleges and universities in the U.S. and increasingly overseas, e.g., Australia and China).

.gov U.S. governmental The .gov TLD is limited to U.S. governmental entities and agencies (mostly but not exclusively federal).

.info information This is an open TLD; any person or entity is permitted to register.

gTLD Entity Notes.int international

organizationsThe .int TLD is strictly limited to organizations, offices, and programs which are endorsed by a treaty between two or more nations.

.jobs companies The .jobs TLD is designed to be added after the names of established companies with jobs to advertise. At this time, owners of a "company.jobs" domain are not permitted to post jobs of third party employers.

.mil U.S. military The .mil TLD is limited to use by the U.S. military.

.mobi mobile devices Must be used for mobile-compatible sites in accordance with standards.

.museum museums Must be verified as a legitimate museum.

.name individuals, by name

This is an open TLD; any person or entity is permitted to register; however, registrations may be challenged later if they are not by individuals (or the owners of fictional characters) in accordance with the domain's charter.

gTLD Entity Notes.net network This is an open TLD; any person or entity is permitted to

register..org organization This is an open TLD; any person or entity is permitted to

register..pro professions Currently, .pro is reserved for licensed or certified lawyers,

accountants, physicians and engineers in France, Canada, UK and the U.S. A professional seeking to register a .pro domain must provide their registrar with the appropriate credentials.

.tel Internet communication services

.travel travel and tourism industry related sites

Must be verified as a legitimate travel-related entity.

Other top domain name trends 1 Tuvalu and the Federated States of Micronesia, small island-states in the

Pacific, have partnered with VeriSign and FSM Telecommunications respectively, to sell domain names using the .tv and .fm TLDs to television and radio stations.

.ad is a ccTLD for Andorra, but has recently been increasingly used by advertising agencies or classified advertising.

.am is a ccTLD for Armenia, but is often used for AM radio stations, or for domain hacks (such as .i.am)

.dj is a ccTLD for Djibouti but is used for CD merchants and disc jockeys. .je is a ccTLD for Jersey but is often used as a diminutive in Dutch (e.g.

"huis.je"), as "you" ("zoek.je" = "search ye!"), or as "I" in French (e.g. "moi.je") .la is a ccTLD for Laos but is marketed as the TLD for Los Angeles.

.li is a ccTLD for Liechtenstein but is marketed as the TLD for Long Island. .lv is a ccTLD for Latvia but is also used to abbreviate Las Vegas or less

frequently, love. .ly is a ccTLD for Libya but is also used for words ending with suffix "ly".

Other top domain name trends 2 .sc is a ccTLD for Seychelles but is often used as .Source .sh is a ccTLD for Saint Helena, but is also sometimes used for entities

connected to the German Bundesland of Schleswig-Holstein. .si is a ccTLD for Slovenia, but is also used by Hispanic sites as "yes" ("sí").

Mexican mayor candidate Jorge Arana, for example, had his web site registered as http://www.jorgearana.si (i.e. "Jorge Arana, sí", meaning Jorge Arana, yes").

.sr is a ccTLD for Suriname but is marketed as being for "seniors". .st is a ccTLD for São Tomé and Príncipe but is being marketed worldwide as

an abbreviation for various things including "street". .tk is a ccTLD for Tokelau but is bought by someone and given away at

dot.tk page .tm is a ccTLD for Turkmenistan but it can be used as "Trade Mark" .to is a ccTLD for Tonga but is often used as the English word "to", like "go.to";

also is marketed as the TLD for Toronto. .tv is a ccTLD for Tuvalu but it is used for the television ("TV") / entertainment

industry purposes. .vg is a ccTLD for British Virgin Islands but is sometimes used to abbreviate

Video games

Other top domain name trends 3 .vu is a ccTLD for Vanuatu but means "seen" in French as well as an

abbreviation for the English language word "view". .ws is a ccTLD for Samoa (earlier Western Samoa), but is marketed

as .Website .md is a ccTLD for Moldova, but is marketed to the medical industry

(as in "medical domain" or "medical doctor"). .me is a ccTLD for Montenegro, and is recently opened to

individuals. .ms is a ccTLD for Montserrat, but is also used by Microsoft for such

projects as popfly.ms. .mu is a ccTLD for Mauritius, but is used within the music industry. .ni is a ccTLD for Nicaragua, but is occasionally adopted by

companies from Northern Ireland, particularly to distinguish from the more usual

.uk within all parts of the United Kingdom .nu is a ccTLD for Niue but marketed as resembling "new" in

English and "now" in Scandinavian/Dutch. Also meaning "nude" in French/Portuguese.

.pr is a ccTLD for Puerto Rico, but can be used in the meaning of "Public Relations"

Internet Value

Business Use of the Internet

Internet connectivityBroadband

Speedy (Indonesia)Cox.net (US)

Dial UpTelkomnet Instant

(Indonesia_Netzero (US)

Wireless Lan2.4 Ghz5.x Ghz

Fiber OpticMobile

Telkomsel FlashIndosatVirgin MobileAT&T

PRICING !!!!

38

Metcalfe’s LawThe usefulness, or utility, of a network equals

the square of the number of usersThe more users on a network, the more useful

it becomesUntil critical mass is reached, a change in

technology only affects the technologyOnce critical mass is attained, social, political,

and economic systems changeExample: The Internet is growing

exponentially. We can expect more value, for less cost, virtually every time we log on.

Broadband Internet Trend South Korea (95%) Singapore (88%) Netherlands (85%) Denmark (82%) Taiwan (81%) Hong Kong (81%) Israel (77%) Switzerland (76%) Canada (76%)

Norway (75%) Australia (72%) Finland (69%) France (68%) United Kingdom (67%) United Arab Emirates

(65%) Japan (64%) Sweden (63%) Estonia (62%) Belgium (62%) USA (60%)

Source : http://arstechnica.com/tech-policy/news/2009/06/us-20th-in-broadband-penetration-trails-s-korea-estonia.ars

Internet Population (in million)

        

Internet Growth Trends1977: 111 hosts on Internet1981: 213 hosts1983: 562 hosts1984: 1,000 hosts1986: 5,000 hosts1987: 10,000 hosts1989: 100,000 hosts1992: 1,000,000 hosts2001: 150 – 175 million hosts2002: over 200 million hostsBy 2010, about 80% of the planet will be on

the Internet

Internet Applicationhttp://docs.google.comhttp://maps.google.com/http://www.google.com/trendshttp://www.google.com/analytics/Zinio.comwww.netflix.comhttp://books.google.com/http://translate.google.comhttp://www4.passur.com/jfk.htmlhttp://radar.weather.govhttp://www.news9.com/global/Category.asp?

c=118562http://www.internetworldstats.com/stats.htm

E-Commerce Matrix

E-commerce sites componentShopping cart Website

http://ecommerce.networksolutions.com/ http://www.fortune3.com http://store.resellfortune.com/ http://www.activecheckout.com/

Security http://www.verisign.com

Payment http://www.daopay.com http://www.plimus.com/ http://www.onebip.com

E-commerce sites www.nike.com http://www.thaigem.com

Waseda University e-gov rank

Waseda University e-gov rank

E-govhttp://www.gov.tw/ (Taiwan)http://www.gov.sg/ (Singapore)http://www.ecitizen.gov.sg/ (Singopore)http://www.usa.gov/ (USA)http://www.bantul.go.idhttp://www.agamkab.go.id/http://www.kotabekasi.go.id/

INHERENT?Indonesia Higher Education Network Pertama kalinya Indonesia mempunyai

jaringan riset dan pendidikanAgustus 2006Jaringan sejenis di negara lain

Singapore : SINGAREN (www.singaren.net.sg) Australia : AARNET (www.aarnet.edu.au)China : CERNET (www.cernet.edu.cn) USA : ABILENE (abilene.internet2.edu) Europe : GEANT (www.geant.net) Asia : TEIN2 (www.tein2.net)

Tingkatan jaringan (network)• ADVANCE NETWORK

– Stm 1 : 155 Mbps– UI, ITB, UGM, UNDIP, UNIBRAW, ITS

• MEDIUM NETWORK– 4E1: 8 Mbps– USU, UNAND, UNUD, UNHAS, UNSRAT, UNSRI,

UNSYIAH, UNRI, UNTIRTA, UNJA, UNIB, UNILA, UNDANA, UNRAM, UNHALU, UNMUL, UNTAN, UNPAR, UNLAM, UNTAD, UNG

• BASIC NETWORK– 1E1 : 2 Mbps– UNCEN, UNIPA, UNPATI, UNKHAIR

• REDUNDANT LINK– 1 Mbps :– UNSRAT-UNMUL ; UNTAN-UNSYIAH; UNIB-UNRAM;

UNDANA-UNHALU

Jejaring Pendidikan NasionalJejaring Pendidikan Nasional(JARDIKNAS)(JARDIKNAS)Sekitar Juli 2006Kategori dan Fungsi utama JARDIKNAS :

JARDIKNAS Kantor Dinas/Institusi Transaksi data online SIM Pendidikan

JARDIKNAS Perguruan Tinggi Riset dan Pengembangan IPTEKS

JARDIKNAS Sekolah Akses Informasi dan E-Learning

JARDIKNAS Guru dan Siswa Akses Informasi dan Interaksi Komunitas

Media Koneksi dan Network JardiknasZona

Teknologi

Zona Perguruan

Tinggi

Zona Kantor Dinas/Institusi

Zona SekolahZona Guru dan Siswa

Media Akses

Serat Optik dan Satelit

Serat Optik, Wireline dan Satelit

Wireless dan Wireline

Seluler dan Wireline

Kapasitas Jaringan (Bandwidth)

2 Mbps s/d 155 Mbps

256 Kbps s/d 2 Mbps

64 Kbps s/d 1 Mbps.

32 Kbps s/d 384 Kbps

Teknologi Jaringan

STM-1, VSAT IP Dedicated atau Leased Line

MPLS, VPN IP, dan VSAT

ADSL dan Wireless 2.4 Ghz

ADSL, 3G/UMTS, GPRS, CDMA, Dialup

Node Tersambung JARDIKNAS akhir 2007 (Keynote Speech, By, H. E. Prof. Dr. Bambang Sudibyo, MBA., Minister of National Education, Republic of Indonesia, In Microsoft Government Leader Forum (MGLF), Asia Pacific 2008, Jakarta, 8 May 2008)

Sampai akhir 2007 865 nodes (OfficeNet)10.000 nodes (SchoolNet)83 perguruan tinggi negeri200 perguruan tinggi swasta 36 unit belajar jarak jauh Universitas

Terbuka

Jardiknas Lampung

INHERENT 2009

Unila-Unja-Unsri

Jaringan FO Unila

Pemanfaatan INHERENTVideo ConferenceVOIPIPv6PJJ PGSD / LPTKPeningkatan Content PembelajaranGrid Computing

Beberapa Situs Content INHERENT1.       inherent.unsil.ac.id 8.      

inherent.brawijaya.ac.id

15.   www.inherent.ui.edu

2.       inherent.ugm.ac.id 9.       inherent.ipb.ac.id 16.   inherent.usm.ac.id

3.       inherent.stta.ac.id 10.   inherent.unimal.ac.id 17.   inherent.uniku.ac.id

4.       inherent.wijayakusumasby.ac.id

11.   inherent.uns.ac.id 18.   inherent.itn.ac.id:81

5.       inherent.uwiga.ac.id 12.   inherent.stsi-bdg.ac.id 19.   inherent.unnes.ac.id

6.       inherent.uii.ac.id 13.   inherent.unila.ac.id 20.   inherent.usu.ac.id

7.       inherent.gunadarma.ac.id 14.   inherent.uwiga.ac.id 21.   inherent.unimmer.ac.id

Biaya INHERENT - JARDIKNAS2006

INHERENT 33.702.749.722,00JARDIKNAS 35.028.065.000,00

Total 68.730.814.722,002007

INHERENT ……….?JARDIKNAS ……..?

Total ……..?

E-learningImplemented on

Garuda, bank mandiri, BII, BNI, Telkom, FIF, SQP Indonesia, Citibank, IBM Indonesia

BNINovember 2006 18.431 employee, on October 2007

16.733 employee already use E-learning programThe number will be higher than stated mostly because

one employee can attend several modules repeatedlyCourseware (Content) 8.1 M Rp.

69 course 269 module, 167 hours

Efficiency approx. 64 M Rp. On transportation, pocket money, consumption and accommodation

E-learning case studiesBII

Employee CompetencyBII Portal Corporate University (open source) as knowledge

management systemCMS (content management system based)LMS (learning management system) implementation (open

source)0.1% development cost from total training budget’Upgrading hardware performance, creating teaching moduleCreated module (mandate module for employee)

Know your customer – anti money laundering Operational risk management Product knowledge and service quality

Target 70 hours on e-learningTarget to cover 6.305 employee estimateTraditional methods can only covering 2.000 employee a yearWith e-learning all 6.305 employee can be covered in one

year85% cost reduction

E-learning case studiesFIF (Federal International Finance)

Traditional methods every fresh employee must take Basic mentality

module Target for 2.500 employee at a 650 M Rp. 6 days training

New Methods Converting traditional training to e-learning 3 days 2.500 employee at approx. 185 M Rp. Efficiency at 72%

Internet SecurityComputer crime includes

Unauthorized use, access, modification, or destruction of hardware, software, data, or network resources

The unauthorized release of informationThe unauthorized copying of softwareDenying an end user access to his/her own

hardware, software, data, or network resourcesUsing or conspiring to use computer or

network resources illegally to obtain information or tangible property

Cybercrime Protection Measures

HackingHacking is

The obsessive use of computersThe unauthorized access and use of networked

computer systemsElectronic Breaking and Entering

Hacking into a computer system and reading files, but neither stealing nor damaging anything

CrackerA malicious or criminal hacker who maintains

knowledge of the vulnerabilities found for private advantage

Common Hacking TacticsDenial of Service

Hammering a website’s equipment with too many requests for information

Clogging the system, slowing performance, or crashing the site

ScansWidespread probes of the Internet to determine types of

computers, services, and connectionsLooking for weaknesses

SnifferPrograms that search individual packets of data as they

pass through the InternetCapturing passwords or entire contents

SpoofingFaking an e-mail address or Web page to trick users into

passing along critical information like passwords or credit card numbers

Common Hacking TacticsTrojan House

A program that, unknown to the user, contains instructions that exploit a known vulnerability in some software

Back DoorsA hidden point of entry to be used in case the original entry

point is detected or blockedMalicious Applets

Tiny Java programs that misuse your computer’s resources, modify files on the hard disk, send fake email, or steal passwords

War DialingPrograms that automatically dial thousands of telephone

numbers in search of a way in through a modem connectionLogic Bombs

An instruction in a computer program that triggers a malicious act

Common Hacking Tactics

Buffer OverflowCrashing or gaining control of a computer by sending

too much data to buffer memoryPassword Crackers

Software that can guess passwordsSocial Engineering

Gaining access to computer systems by talking unsuspecting company employees out of valuable information, such as passwords

Dumpster DivingSifting through a company’s garbage to find information

to help break into their computers

Cyber TheftMany computer crimes involve the theft of

moneyThe majority are “inside jobs” that involve

unauthorized network entry and alternation of computer databases to cover the tracks of the employees involved

Many attacks occur through the InternetMost companies don’t reveal that they have

been targets or victims of cybercrime

Unauthorized Use at WorkUnauthorized use of computer systems and

networks is time and resource theftDoing private consultingDoing personal financesPlaying video gamesUnauthorized use of the Internet or company

networksSniffers

Used to monitor network traffic or capacityFind evidence of improper use

Internet Abuses in the WorkplaceGeneral email abusesUnauthorized usage and accessCopyright infringement/plagiarismNewsgroup postingsTransmission of confidential dataPornographyHackingNon-work-related download/uploadLeisure use of the InternetUse of external ISPsMoonlighting

Chapter 13 Security and Ethical Challenges 73

Software PiracySoftware Piracy

Unauthorized copying of computer programsLicensing

Purchasing software is really a payment for a license for fair use

Site license allows a certain number of copies

Chapter 13 Security and Ethical Challenges 74

A third of the software industry’s revenues are lost to

piracy

Theft of Intellectual PropertyIntellectual Property

Copyrighted materialIncludes such things as music, videos, images,

articles, books, and softwareCopyright Infringement is Illegal

Peer-to-peer networking techniques have made it easy to trade pirated intellectual property

Publishers Offer Inexpensive Online MusicIllegal downloading of music and video is

down and continues to drop

Chapter 13 Security and Ethical Challenges 75

Viruses and WormsA virus is a program that cannot work without

being inserted into another programA worm can run unaided

These programs copy annoying or destructive routines into networked computersCopy routines spread the virus

Commonly transmitted throughThe Internet and online servicesEmail and file attachmentsDisks from contaminated computersShareware

Chapter 13 Security and Ethical Challenges 76

Top Five Virus Families of all Time My Doom, 2004

Spread via email and over Kazaa file-sharing network Installs a back door on infected computers Infected email poses as returned message or one that

can’t be opened correctly, urging recipient to click on attachment

Opens up TCP ports that stay open even after termination of the worm

Upon execution, a copy of Notepad is opened, filled with nonsense characters

Netsky, 2004 Mass-mailing worm that spreads by emailing itself to all

email addresses found on infected computers Tries to spread via peer-to-peer file sharing by copying

itself into the shared folder It renames itself to pose as one of 26 other common files

along the way

Top Five Virus Families of all TimeSoBig, 2004

Mass-mailing email worm that arrives asan attachment Examples: Movie_0074.mpg.pif, Document003.pif

Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for email addresses to which it can send itself

Also attempts to download updates for itselfKlez, 2002

A mass-mailing email worm that arrives with a randomly named attachment

Exploits a known vulnerability in MS Outlook to auto-execute on unpatched clients

Tries to disable virus scanners and then copy itself to all local and networked drives with a random file name

Deletes all files on the infected machine and any mapped network drives on the 13th of all even-numbered months

Top Five Virus Families of all TimeSasser, 2004

Exploits a Microsoft vulnerability to spread from computer to computer with no user intervention

Spawns multiple threads that scan local subnets for vulnerabilities

The Cost of Viruses, Trojans, WormsCost of the top five virus families

Nearly 115 million computers in 200 countries were infected in 2004

Up to 11 million computers are believed to be permanently infected

In 2004, total economic damage from virus proliferation was $166 to $202 billion

Average damage per computer is between $277 and $366

Adware and SpywareAdware

Software that purports to serve a useful purpose, and often does

Allows advertisers to display pop-up and banner ads without the consent of the computer users

SpywareAdware that uses an Internet connection in the

background, without the user’s permission or knowledge

Captures information about the user and sends it over the Internet

Spyware ProblemsSpyware can steal private information and also

Add advertising links to Web pagesRedirect affiliate paymentsChange a users home page and search settingsMake a modem randomly call premium-rate

phone numbersLeave security holes that let Trojans inDegrade system performance

Removal programs are often not completely successful in eliminating spyware

Privacy IssuesThe power of information technology to store

and retrieve information can have a negative effect on every individual’s right to privacyPersonal information is collected with every

visit to a Web siteConfidential information stored by credit

bureaus, credit card companies, and the government has been stolen or misused

Opt-in Versus Opt-outOpt-In

You explicitly consent to allow data to be compiled about you

This is the default in EuropeOpt-Out

Data can be compiled about you unless you specifically request it not be

This is the default in the U.S.

84

Privacy IssuesViolation of Privacy

Accessing individuals’ private email conversations and computer records

Collecting and sharing information about individuals gained from their visits to Internet websites

Computer MonitoringAlways knowing where a person isMobile and paging services are becoming more closely

associated with people than with placesComputer Matching

Using customer information gained from many sources to market additional business services

Unauthorized Access of Personal FilesCollecting telephone numbers, email addresses, credit

card numbers, and other information to build customer profiles

Protecting Your Privacy on the InternetThere are multiple ways to protect your

privacyEncrypt emailSend newsgroup postings through anonymous

remailersAsk your ISP not to sell your name and

information to mailing list providers and other marketers

Don’t reveal personal data and interests on online service and website user profiles

Privacy LawsElectronic Communications Privacy Act

and Computer Fraud and Abuse ActProhibit intercepting data communications messages,

stealing or destroying data, or trespassing in federal-related computer systems

U.S. Computer Matching and Privacy ActRegulates the matching of data held in federal agency files

to verify eligibility for federal programsOther laws impacting privacy and how

much a company spends on complianceSarbanes-OxleyHealth Insurance Portability and Accountability Act

(HIPAA)Gramm-Leach-BlileyUSA Patriot ActCalifornia Security Breach LawSecurities and Exchange Commission rule 17a-4

Chapter 13 Security and Ethical Challenges 87

Computer Libel and CensorshipThe opposite side of the privacy debate…

Freedom of information, speech, and pressBiggest battlegrounds - bulletin boards, email boxes,

and online files of Internet and public networksWeapons used in this battle – spamming, flame mail,

libel laws, and censorshipSpamming - Indiscriminate sending of unsolicited

email messages to many Internet usersFlaming

Sending extremely critical, derogatory, and often vulgar email messages or newsgroup posting to other users on the Internet or online services

Especially prevalent on special-interest newsgroups

Chapter 13 Security and Ethical Challenges 88

CyberlawLaws intended to regulate activities over the Internet or via

electronic communication devicesEncompasses a wide variety of legal and political issuesIncludes intellectual property, privacy, freedom of

expression, and jurisdictionThe intersection of technology and the law is controversial

Some feel the Internet should not be regulatedEncryption and cryptography make traditional form of

regulation difficultThe Internet treats censorship as damage and simply

routes around itCyberlaw only began to emerge in 1996

Debate continues regarding the applicability of legal principles derived from issues that had nothing to do with cyberspace

Chapter 13 Security and Ethical Challenges 89

Internetworked Security DefensesEncryption

Data is transmitted in scrambled formIt is unscrambled by computer systems for

authorized users onlyThe most widely used method uses a pair of

public and private keys unique to each individual

Chapter 13 Security and Ethical Challenges 90

Internetworked Security DefensesFirewalls

A gatekeeper system that protects a company’s intranets and other computer networks from intrusion

Provides a filter and safe transfer point for access to/from the Internet and other networks

Important for individuals who connect to the Internet with DSL or cable modems

Can deter hacking, but cannot prevent it

Chapter 13 Security and Ethical Challenges 91

Internet and Intranet Firewalls

Chapter 13 Security and Ethical Challenges 92

Denial of Service AttacksDenial of service attacks depend on three

layers of networked computer systemsThe victim’s websiteThe victim’s Internet service providerZombie or slave computers that have been

commandeered by the cybercriminals

Chapter 13 Security and Ethical Challenges 93

Defending Against Denial of ServiceAt Zombie Machines

Set and enforce security policiesScan for vulnerabilities

At the ISPMonitor and block traffic spikes

At the Victim’s WebsiteCreate backup servers and network

connections

Chapter 13 Security and Ethical Challenges 94

Internetworked Security DefensesEmail Monitoring

Use of content monitoring software that scans for troublesome words that might compromise corporate security

Virus DefensesCentralize the updating and distribution of

antivirus softwareUse a security suite that integrates virus

protection with firewalls, Web security, and content blocking features

Chapter 13 Security and Ethical Challenges 95

Other Security Measures Security Codes

Multilevel password system Encrypted passwords Smart cards with microprocessors

Backup Files Duplicate files of data or programs

Security Monitors Monitor the use of computers and networks Protects them from unauthorized use, fraud, and

destruction Biometrics

Computer devices measure physical traits that make each individual unique Voice recognition, fingerprints, retina scan

Computer Failure Controls Prevents computer failures or minimizes its effects Preventive maintenance Arrange backups with a disaster recovery organization

Chapter 13 Security and Ethical Challenges 96

Other Security Measures In the event of a system failure, fault-tolerant systems

have redundant processors, peripherals, and software that provideFail-over capability: shifts to back up componentsFail-save capability: the system continues to operate at

the same levelFail-soft capability: the system continues to operate at

a reduced but acceptable levelA disaster recovery plan contains formalized procedures

to follow in the event of a disasterWhich employees will participateWhat their duties will beWhat hardware, software, and facilities will be usedPriority of applications that will be processedUse of alternative facilitiesOffsite storage of databases

Chapter 13 Security and Ethical Challenges 97

Auditing IT SecurityIT Security Audits

Performed by internal or external auditorsReview and evaluation of security measures

and management policiesGoal is to ensure that that proper and adequate

measures and policies are in place

Chapter 13 Security and Ethical Challenges 98

Protecting Yourself from Cybercrime

Chapter 13 Security and Ethical Challenges 99