CHAPTER 10
Computer security, Ethics and Privacy
After completing this chapter, you will be able to:
1. Identify ways to safeguard against computer viruses, worms, Trojan horses, denial of service attacks, back doors, and spoofing
2. Discuss techniques to prevent unauthorized computer access and use
3. Identify safeguards against hardware theft and vandalism
4. Explain the ways to protect against software theft and information theft
5. Discuss the types of devices available that protect computers from system failure
6. Identify risks and safeguards associated with wireless communications
7. Discuss issues surrounding information privacy
8. Discuss ways to prevent health-related disorders and injuries due to computer use
Computer Viruses, Worms, and Trojan Horses
Safeguards against Computer Viruses, Worms, and Trojan Horses
Denial of Service Attacks
Back Doors
Spoofing
Safeguards against DoS Attacks, Back Doors, and IP Spoofing
Firewalls
Intrusion Detection Software
Safeguards against Unauthorized Access and Use
Identifying and Authenticating Users
Safeguards against Hardware Theft and Vandalism
Safeguards against Software Theft
Safeguards against Information Theft
Encryption
Safeguards against System Failure
BACKING UP — THE ULTIMATE SAFEGUARD
WIRELESS SECURITY ETHICS AND SOCIETY
Information Accuracy
Intellectual Property Rights
Electronic Profiles
Cookies
Spyware and Adware
Phishing
Spam
Privacy Laws
Computer Forensics
Employee Monitoring Content Filtering
Computers and Health Risks
Ergonomics and Workplace Design
Computer Addiction Green Computing
McAfee
Symantec
Donn Parker
Clifford Stoll
Today, people rely on computers to create, store, and manage critical information. Thus, it is crucial that users take measures to protect their computers and data from loss, damage, and misuse.
A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability. Some breaches to computer security are accidental. Others are planned intrusions. Some intruders do no damage; they merely access data, information, or programs on the computer. Other intruders indicate some evidence of their presence either by leaving a message or by deliberately altering or damaging data.
An intentional breach of computer security often involves a deliberate act that is against the law. Any illegal act involving a computer generally is referred to as a computer crime. The term cybercrime refers to online or Internet-based illegal acts. Today, cybercrime is one of the FBI’s top three priorities.
Perpetrators of cybercrime and other intrusions fall into seven basic categories: hacker, cracker, script kiddie, corporate spy, unethical employee, cyberextortionist, and cyberterrorist.
• The term hacker, although originally a complimentary word for a computer enthusiast, now has a derogatory meaning and refers to someone who accesses a computer or network illegally. Hackers often claim the intent of their security breaches is to improve security.
• A cracker also is someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious action. Both hackers and crackers have advanced computer and network skills.
• A script kiddie has the same intent as a cracker but does not have the technical skills and knowledge. Script kiddies often are teenagers that use prewritten hacking and cracking programs to break into computers.
• Some corporate spies have excellent computer and network skills and are hired to break into a specific computer and steal its proprietary data and information. Unscrupulous companies hire corporate spies, a practice known as corporate espionage, to gain a competitive advantage.
• Unethical employees break into their employers computers for a variety of reasons. Some simply want to exploit a security weakness. Others seek financial gains from selling confidential information. Disgruntled employees may want revenge.
• A cyberextortionist is someone who uses e-mail as a vehicle for extortion. These perpetrators send a company a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack that will compromise the company’s network — if they are not paid a sum of money.
• A cyberterrorist is someone who uses the Internet or network to destroy or damage computers for political reasons. The extensive damage might destroy the nation’s air traffic control system, electricity-generating companies, or a telecommunications infrastructure. Cyberterrorism usually requires a team of highly skilled individuals, millions of dollars, and several years of planning.
Business and home users must protect, or safeguard, their computers from breaches of security and other computer security risks.
The more common computer security risks include Internet and network attacks, unauthorized access and use, hardware theft, software theft, information theft, and system failure (Figure 10-1). The following pages describe these computer security risks and also discuss safeguards users might take to minimize or prevent their consequences.
FIGURE 10-1 Computers are exposed to several types of computer security risks.
Information transmitted over networks has a higher degree of security risk than information kept on a company’s premises. In a business, network administrators usually take measures to protect a network from security risks. On the Internet, where no central administrator is present, the security risk is greater.
Internet and network attacks that jeopardize security include computer viruses, worms, and Trojan horses; denial of service attacks; and spoofing. The following pages address these computer security risks and suggest measures businesses and individuals can take to protect their computers while on the Internet or connected to a network.
Every unprotected computer is susceptible to the first type of computer security risk — a computer virus, worm, and/or Trojan horse.
• A computer virus is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission. Once the virus infects the computer, it can spread throughout and may damage files and system software, including the operating system.
• A worm is a program that copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer or network.
• A Trojan horse (named after the Greek myth) is a program that hides within or looks like a legitimate program. A certain condition or action usually triggers the Trojan horse. Unlike a virus or worm, a Trojan horse does not replicate itself to other computers.
Computer viruses, worms, and Trojan horses are classified as malicious-logic programs, which are programs that act without a user’s knowledge and deliberately alter the computer’s operations. Unscrupulous programmers write malicious-logic programs and then test the programs to ensure they can deliver their payload. The payload is the destructive event or prank the program is intended to deliver. A computer infected by a virus, worm, or Trojan horse often has one or more of the following symptoms:
• Screen displays unusual message or image
• Music or unusual sound plays randomly
• Available memory is less than expected
• Existing programs and files disappear
• Files become corrupted
• Programs or files do not work properly
• Unknown programs or files mysteriously appear
• System properties change
Computer viruses, worms, and Trojan horses deliver their payload on a computer in four basic ways: when a user (1) opens an infected file, (2) runs an infected program, (3) boots the computer with an infected disk in a disk drive, or (4) connects an uprotected computer to a network. A common way computers become infected with viruses, worms, and Trojan horses is through users opening infected e-mail attachments. Figure 10-2 shows how a virus can spread from one computer to another through an infected e-mail attachment.
Currently, more than 81,000 known viruses, worms, and Trojan horse programs exist with an estimated 6 new programs discovered each day.
:How long is an unprotected computer safe from intruders?
One security expert maintains that an unprotected computer will be compromised by an intruder within 20 minutes. Slammer and Nimda, two devastating worms, wreaked worldwide havoc in 10 and 30 minutes, respectively. For more information, visit scsite.com/dcf2e/chl 0/faq and then click Viruses and Worms.
Safeguards against Computer Viruses, Worms, and Trojan Horses Users can take several precautions to protect their home and work computers from these malicious infections. The following paragraphs discuss these precautionary measures.
Do not start a computer with removable media, such as CDs, DVDs, and floppy disks, in the drives — unless you are certain the media is uninfected. Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source. If the e-mail is from an unknown source, delete the e-mail message immediately — without opening or executing any attachments. If the e-mail message is from a trusted source, but you were not expecting an attachment, verify with the source that they intended to send you an attachment — before opening it. Some viruses are hidden in macros, which are instructions saved in an application such as a word processing or spreadsheet program. In applications that allow users to write macros, you should set the macro security level to medium. With a medium security level, the application software warns users that a document they are attempting to open contains a macro. From this warning, a user chooses to disable or enable the macro. If the document is from a trusted source, the user can enable the macro. Otherwise, it should be disabled.
Users should install an antivirus program and update it frequently. An antivirus program protects a computer against viruses by identifying and removing any computer viruses found in memory, on storage media, or on incoming files. Most antivirus programs also protect against worms and Trojan horses. When you purchase a new computer, it often includes antivirus software.
If an antivirus program identifies an infected file, it attempts to remove its virus, worm, or Trojan horse. If the antivirus program cannot remove the infection, it often quarantines the infected file. A quarantine is a separate area of a hard disk that holds the infected file until the infection can be removed. This step ensures other files will not become infected.
Some users also install a personal firewall program to protect a computer and its data from unauthorized intrusion. A section later in this chapter discusses firewalls.
Finally, stay informed about new virus alerts and virus hoaxes. A virus hoax is an e-mail message that warns users of a nonexistent virus, worm, or Trojan horse. Often, these virus hoaxes are in the form of a chain letter that requests the user to send a copy of the e-mail message to as many people as possible. Instead of forwarding the message, visit a Web site that publishes a list of virus alerts and virus hoaxes.
The list in Figure 10-4 summarizes important tips for protecting your computer from virus, worm, and Trojan horse infection.
FIGURE 10-4 With the growing number of new viruses, worms, and Trojan horses, it is crucial that users take steps to protect their computers.
An antivirus program scans for programs that attempt to modify the boot program, the operating system, and other programs that normally are read from but not modified. In addition, many antivirus programs automatically scan files downloaded from the Web, e-mail attachments, opened files, and all removable media inserted in the computer.
One technique that antivirus programs use to identify a virus is to look for virus signatures. A virus signature, also called a virus definition, is a known specific pattern of virus code. Computer users should update their antivirus program’s signature files regularly. Updating signature files downloads any new virus definitions that have been added since the last update (Figure 10-3). This extremely important activity allows the antivirus program to protect against viruses written since the antivirus program was released. Most antivirus programs contain an automatic update feature that regularly prompts users to download the virus signature. The vendor usually provides this service to registered users at no cost for a specified time.
For more information, visit scsite.comldcf2el chlO/weblink and then click Virus Hoaxes.
TIPS FOR PREVENTING VIRUS, WORM, AND TROJAN HORSE INFECTIONS
1 Never start a computer with removable media in the drives unless the media is uninfected
2. Never open an e-mail attachment unless you are expecting it and it is from a trusted source. Turn off message preview.
3. Set the macro security in programs so you can enable or disable macros. Enable macros only if the document is from a trusted source and you are expecting it.
4. Install an antivirus program on all of your computers. Obtain updates to the virus signature files on a regular basis.
5. Check all downloaded programs for viruses, worms, or Trojan horses. These malicious-logic programs often are placed in seemingly innocent programs, so they will affect a large number of users.
6. If the antivirus program flags an e-mail attachment as infected, delete the attachment immediately.
7. Before using any removable media, use the antivirus scan program to check the media for infection. Incorporate this procedure even for shrink wrapped software from major developers Some commercial software has been infected and distributed to unsuspecting users this way.
8 Install a personal firewall program
Page 367
A denial of service attack, or DoS attack, is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. Perpetrators carry out a DoS attack in a variety of ways. For example, they may use an unsuspecting computer to send an influx of con fusing data messages or useless traffic to a computer network. The victim computer network eventually jams, blocking legitimate visitors from accessing the network.
A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network. Once perpetrators gain access to unsecure computers, they often install a back door or modify an existing program to include a back door, which allows them to continue to access the computer remotely without the user’s knowledge.
Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network. IP spoofing occurs when an intruder computer fools a network into believing its IP address is associated with a trusted source. Perpetrators of IP spoofing trick their victims into interacting with a phony Web site. For example, the victim may provide confidential information or download files containing viruses, worms, or other malicious programs.
To defend against DoS attacks, improper use of back doors, and IP spoofing, users can implement firewall solutions and install intrusion detection software. The following sections discuss these safeguards.
A firewall is hardware and/or software that protects a network’s resources from intrusion by users on another network such as the Internet (Figure 10-5). All networked and online computer users should implement a firewall solution.
Companies use firewalls to protect network resources from outsiders and to restrict employees’ access to sensitive data such as payroll or personnel records. Businesses can implement a firewall solution themselves or outsource their needs to a company specializing in providing firewall protection. Large companies often route all their communications through a proxy server, which is a component of the firewall. A proxy server is a server outside the company’s network that controls which communications pass into the company’s network.
Home and small office/home office users often protect their computers with a personal firewall utility. A personal firewall utility is a program that detects and protects a personal computer and its data from unauthorized intrusions. Some operating systems, such as Windows XP, include personal firewalls.
Some small office/home office users purchase a hardware firewall, such as a router or other device that has a built-in firewall, in addition to or instead of personal firewall software. Hardware firewalls stop intrusions before they break in your computer.
To provide extra protection against hackers and other intruders, large companies sometimes use intrusion detection software to identify possible security breaches. Intrusion detection software automatically analyzes all network traffic, assesses system vulnerabilities, identifies any unauthorized access (intrusions), and notifies network administrators of suspicious behavior patterns or system breaches.
To utilize intrusion detection software requires the expertise of a network administrator because the programs are complex and difficult to use and interpret. These programs also are quite expensive.
Another type of computer security risk is unauthorized access and use. Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities. Unauthorized use includes a variety of activities: an employee using an organization’s computer to send personal e-mail messages, an employee using the organization’s word processing software to track his or her child’s soccer league scores, or someone gaining access to a bank computer and performing an unauthorized transfer.
Companies take several measures to help prevent unauthorized access and use. At a minimum, they should have a written acceptable use policy (AUP) that outlines the computer activities for which the computer and network may and may not be used. A company’s AUP should specify the acceptable use of computers by employees for personal reasons. Some companies prohibit such use entirely. Others allow personal use on the employee’s own time such as a lunch hour.
Other measures that safeguard against unauthorized access and use include firewalls and intrusion detection software, which were discussed in the previous section, and identifying and authenticating users.
Many companies use access controls to minimize the chance that a perpetrator intentionally may access or an employee accidentally may access confidential information on a computer. An access control is a security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer. In addition, the computer should maintain an audit trail that records in a file both successful and unsuccessful access attempts. An unsuccessful access attempt could result from a user mistyping his or her password, or it could result from a hacker trying thousands of passwords.
Companies should investigate unsuccessful access attempts immediately to ensure they are not intentional breaches of security. They also should review successful access for irregularities, such as use of the computer after normal working hours or from remote computers.
For more information, visit scsite.comldcf2el chlO/weblink and then click Intrusion Detection Software.
Many systems implement access controls using a two-phase process called identification and authentication. Identification verifies that an individual is a valid user. Authentication verifies that the individual is the person he or she claims to be. Three methods of identification and authentication include user names and passwords, possessed objects, and biometric devices. The technique(s) a company uses should correspond to the degree of risk that is associated with the unauthorized access.
USER NAMES AND PASSWORDS
A user name, or user ID (identification), is a unique combination of characters, such as letters of the alphabet or numbers, that identifies one specific user. A password is a private combination of characters associated with the user name that allows access to certain computer resources.
Most multiuser (networked) operating systems require that users correctly enter a user name and a password before they can access the data, information, and programs stored on a computer or network (Figure 10-6).
Most systems require that users select their own passwords. Users typically choose an easy-to-remember word or series of characters for passwords. If your password is too obvious, however, such as your initials or birthday, others can guess it easily. Easy passwords make it simple for hackers and other intruders to break into a system. Hackers use computer automated tools to assist them with guessing passwords. Thus, you should select a password carefully. Longer passwords provide greater security than shorter ones. Each character added to a password significantly increases the number of possible combinations and the length of time it might take for someone or for a hacker’s computer to guess the password (Figure 10-7).
In addition to a user name and password, some systems ask users to enter one of several pieces of personal information. Such items can include a spouse’s first name, a birth date, a place of birth, or a mother’s maiden name. As with a password, if the user’s response does not match the information on file, the system denies access.
Pg 370
POSSESSED OBJECTS
A possessed object is any item that you must carry to gain access to a computer or computer facility Examples of possessed objects are badges, cards, smart cards, and keys. The card you use in an automated teller machine (ATM) is a possessed object that allows access to your bank account.
Possessed objects often are used in combination with personal identification numbers. A personal identification number (PIN) is a numeric password, either assigned by a company or selected by a user. PINs provide an additional level of security An ATM card typically requires a four-digit PIN. PINs are passwords. Select them carefully and protect them as you do any other password.
BIOMETRIC DEVICES A biometric device authenticates a person’s identity by translating a personal characteristic, such as a fingerprint, into a digital code that is then compared with a digital code stored in the computer verifying a physical or behavioral characteristic. If the digital code in the computer does not match the personal characteristic code, the computer denies access to the individual.
Biometric devices grant access to programs, computers, or rooms using computer analysis of some biometric identifier. Examples of biometric devices and systems include finger print scanners (Figure 10-8), hand geometry systems, face recognition systems, voice verification systems, signature verification systems, and iris recognition systems. Read Looking Ahead 10-1 for a look at the next generation of face recognition systems.
Your next passport may contain an added feature: a chip that communicates with a reader via radio frequency. The chip will contain at least one photograph of you and perhaps your fingerprints so you can be verified as the passport owner.
The facial recognition software market is expected to grow from $228 million in 2005 to $802 million in 2008 according to the International Biometric Group. Leading the way are three-dimensional systems that measure the width, height, and depth of an individual’s face and then compare the dimensions to the original photographs. The software can identify an individual positively in a dark room or in a different pose than when the photographs were taken. For more information, visit scsite.com/dcf2e/chl 0/looking and then click Facial Recognition.
Pg 371.
Hardware theft and vandalism are other types of computer security risks. Hardware theft is the act of stealing computer equipment. Hardware vandalism is the act of defacing or destroying computer equipment. Hardware vandalism takes many forms, from someone cutting a computer cable to individuals breaking into a business or school computer lab and aimlessly smashing computers.
Mobile users are susceptible to hardware theft. It is estimated that more than 600,000 notebook computers are stolen each year. The size and weight of these computers make them easy to steal. Thieves often target notebook computers of company executives, so they can use the stolen computer to access confidential company information illegally.
To help reduce the chances of theft, companies and schools use a variety of security measures. Physical access controls, such as locked doors and windows, usually are adequate to protect the equipment. Many businesses, schools, and some homeowners install alarm systems for additional security. School computer labs and other areas with a large number of semifrequent users often attach additional physical security devices such as cables that lock the equipment to a desk (Figure 10-9), cabinet, or floor. Small locking devices also exist that require a key to access a hard disk or CD/DVD drive.
Mobile computer users must take special care to protect their equipment. Some users attach a physical device such as a cable to lock a mobile computer temporarily to a stationary object. Other mobile users install a mini-security system in the notebook computer. Some of these security systems shut down the computer and sound an alarm if the computer moves outside a specified distance. Others can track the location of the stolen notebook computer.
Some notebook computers use passwords, possessed objects, and biometrics as methods of security. When you boot up these computers, you must enter a password, slide a card in a card reader, or press your finger on a fingerprint scanner before the hard disk unlocks. This type of security does not prevent theft, but it renders the computer useless if it is stolen.
...
Januszek66