450 likes | 454 Vues
Chapter 06. Understanding the Need for Security Measures. Basic Security Concepts. Threats Anything that can harm a computer Vulnerabilities are weaknesses in security Security attempts to neutralize threats. Basic Security Concepts. Degrees of harm Level of potential damage
E N D
Chapter 06 Understanding the Need for Security Measures
Basic Security Concepts • Threats • Anything that can harm a computer • Vulnerabilities are weaknesses in security • Security attempts to neutralize threats
Basic Security Concepts • Degrees of harm • Level of potential damage • Include all parts of system • Potential data loss • Loss of privacy • Inability to use hardware • Inability to use software
Basic Security Concepts • Countermeasures • Steps taken to block a threat • Protect the data from theft • Protect the system from theft
Threats To Users • Identity Theft • Impersonation by private information • Thief can ‘become’ the victim • Reported incidents rising • Methods of stealing information • Shoulder surfing • Snagging • Dumpster diving • Social engineering • High-tech methods
Threats To Users • Loss of privacy • Personal information is stored electronically • Purchases are stored in a database • Data is sold to other companies • Public records on the Internet • Internet use is monitored and logged • None of these techniques are illegal
Threats to Users • Cookies • Files delivered from a web site • Originally improved a site’s function • Cookies now track history and passwords • Browsers include cookie blocking tools
Threats to Users • Spyware • Software downloaded to a computer • Designed to record personal information • Typically undesired software • Hides from users • Several programs exist to eliminate
Threats to Users • Web bugs • Small programs embedded in gif images • Gets around cookie blocking tools • Companies use to track usage • Blocked with spyware killers
Threats to Users • Spam • Unsolicited commercial email • Networks and PCs need a spam blocker • Stop spam before reaching the inbox • Spammers acquire addresses using many methods • CAN-SPAM Act passed in 2003
Threats to Hardware • Affect the operation or reliability • Power-related threats • Power fluctuations • Power spikes or browns out • Power loss • Countermeasures • Surge suppressors • Line conditioners • Uninterruptible power supplies • Generators
Threats to Hardware • Theft and vandalism • Thieves steal the entire computer • Accidental or intentional damage • Countermeasures • Keep the PC in a secure area • Lock the computer to a desk • Do not eat near the computer • Watch equipment • Chase away loiterers • Handle equipment with care
Threats to Hardware • Natural disasters • Disasters differ by location • Typically result in total loss • Disaster planning • Plan for recovery • List potential disasters • Plan for all eventualities • Practice all plans
Threats to Data • The most serious threat • Data is the reason for computers • Data is very difficult to replace • Protection is difficult • Data is intangible
Threats to Data • Viruses • Software that distributes and installs itself • Ranges from annoying to catastrophic • Countermeasures • Anti-virus software • Popup blockers • Do not open unknown email
Threats to Data • Trojan horses • Program that poses as beneficial software • User willingly installs the software • Countermeasures • Anti-virus software • Spyware blocker
Threats to Data • Cybercrime • Using a computer in an illegal act • Fraud and theft are common acts
Threats to Data • Internet fraud • Most common cybercrime • Fraudulent website • Have names similar to legitimate sites
Threats to Data • Hacking • Using a computer to enter another network • Cost users $1.3 trillion in 2003 • Hackers motivation • Recreational hacking • Financial hackers • Grudge hacking • Hacking methods • Sniffing • Social engineering • Spoofing
Threats to Data • Distributed denial of service attack • Attempt to stop a public server • Hackers plant the code on computers • Code is simultaneously launched • Too many requests stops the server
Threats to Data • Cyber terrorism • Attacks made at a nations information • Targets include power plants • Threat first realized in 1996 • Organizations combat cyber terrorism • Computer Emergency Response Team (CERT) • Department of Homeland Security
Avoiding Identity Theft • Guard your papers • Shred unneeded papers • Pick up you mail quickly • Check statements immediately • Keep records for 3 years
Avoiding Identity Theft • Guard your personal information • Be wary giving out information • Avoid giving account numbers • Never give personal information in e-mail • Ensure online shopping is secure
Avoiding Identity Theft • Look at the big picture • Review your credit report yearly • Develop an efficient filing system • Know your liability limits
Protecting Your Privacy • Keep marketers at bay • Be wary filling out forms • Guard your primary email address • Have a ‘spam account’ for forms
Protecting Your Privacy • Know your legal rights • 1966 Freedom of Information Act • 1970 Fair Credit Reporting Act • Privacy Act of 1974 • 1986 Electronic Communications Act • Financial Modernization Act of 1999 • 2001 USA Patriot Act
Managing Cookies and Spyware • Dealing with cookies • Browsers provide settings to block cookies • No cookies to all cookies allowed • Without cookies some sites crash • Cookies can be deleted • Browsers • Spyware programs
Managing Cookies and Spyware • Cookie types • Session cookies • Cookies for the current site • Persistent cookies • Stored on hard drive until deleted • First-party cookies • Installed by the current site • Third-party cookies • Installed by an ad
Managing Cookies and Spyware • Removing web bugs and spyware • Install a spyware removal program • None are 100% effective, use two • Install a pop-up blocker • Are extremely effective
Managing Cookies and Spyware • Evading spam • Contact your ISP • Use mail program’s filters • Use an anti-spam program • Use an online account for purchasing
Protection From Malware • Viruses and worms • Purchase a good anti-virus product • Keep the product updated • Keep your OS up to date
Protecting Your System • Limit physical access • Easiest way to harm or steal data • Build an account for each user • Require a password for access • Software and hardware password
Protecting Your System • Use a firewall • Protects from unauthorized remote use • Makes your computer invisible • Cost between $0 and $80
Protecting Your System • Backup often • Backup is a copy of a file • Restore replaces a file on disk • Organizations backup at least daily • Home users should backup weekly
System Events • OS generates messages for events • Provides clues about computer health • Can alert to potential problems • Windows includes the Event Viewer
Handling Storage Media • Store media in the proper container • Floppy disks in a hard case • CD should be in a sleeve • Thumb disks should be closed
Handling Storage Media • Avoid magnetism • Magnets erase the contents of disks • Magnets found in • Speakers • Televisions and CRT monitors • Radios
Handling Storage Media • Heat and cold • Avoid extreme temperatures • Heat expands media • Cold contracts media • Floppies and CD-ROMs are susceptible
Handling Storage Media • Moisture • Do not use wet media • CDs can be wiped off • Floppy disks must dry for days
Handling Storage Media • Dust, dirt, and fingerprints • Dirty or scratched media will fail • Handle media by the edge • Clean CDs with gentle strokes
Storing Computer Equipment • Never store near large electronics • Store in dry, climate controlled rooms • Plan for natural disasters • Stack equipment safely
Keeping Your Computer Clean • Computers should be spotless • Avoid eating or smoking at computer • Clean the dust from inside the system • Change the filters if present