Your Interactive Guide to the Digital World
Discovering
Computers 2012 Chapter 11
Manage Computing Securely, Safely and
Ethically
Objectives Overview
Define the term, computer security risks, and briefly describe the
types of cybercrime perpetrators
Define the term, computer security risks, and briefly describe the
types of cybercrime perpetrators
Describe various types of Internet and network
attacks, and identify ways to safeguard against these attacks Describe various types of Internet and network
attacks, and identify ways to safeguard against these attacks
Discuss techniques to prevent unauthorized computer access and
use
Discuss techniques to prevent unauthorized computer access and
use
Identify safeguards against hardware theft
and vandalism Identify safeguards against hardware theft
and vandalism
Explain the ways software manufacturers
protect against software piracy Explain the ways software manufacturers
protect against software piracy
Discuss how encryption works, and explain why
it is necessary
Discuss how encryption works, and explain why
it is necessary
Discovering Computers 2012: Chapter 11 2
See Page 555
for Detailed Objectives
Objectives Overview
Discuss the types of devices available that protect computers from
system failure Discuss the types of devices available that protect computers from
system failure
Explain the options available for backing up
computer resources Explain the options available for backing up
computer resources
Identify risks and safeguards associated
with wireless communications Identify risks and safeguards associated
with wireless communications
Discuss ways to prevent health-related disorders
and injuries due to computer use
Discuss ways to prevent health-related disorders
and injuries due to computer use
Recognize issues related to information accuracy,
intellectual property rights, codes of conduct,
and green computing Recognize issues related to information accuracy,
intellectual property rights, codes of conduct,
and green computing
Discuss issues
surrounding information privacy
Discuss issues
surrounding information privacy
Discovering Computers 2012: Chapter 11 3
See Page 555
for Detailed Objectives
Computer Security Risks
• A computer security risk is any event or action that could cause a loss of or damage to computer hardware,
software, data, information, or processing capability
• A cybercrime is an online or Internet-based illegal act
Discovering Computers 2012: Chapter 11 4
Pages 556 - 557
Hackers
Hackers CrackersCrackers Script KiddiesScript Kiddies Corporate SpiesCorporate Spies
Unethical Employees Unethical
Employees CyberextortionistsCyberextortionists CyberterroristsCyberterrorists
Computer Security Risks
Discovering Computers 2012: Chapter 11 5
Pages 556 – 557 Figure 11-1
Internet and Network Attacks
• Information transmitted over networks has a higher degree of security risk than information kept on an organization’s premises
• An online security service is a Web site that evaluates your computer to check for Internet and e-mail
vulnerabilities
Discovering Computers 2012: Chapter 11 6
Page 558 Figure 11-2
Internet and Network Attacks
Computer Virus Computer
Virus
• Affects a computer negatively by altering the way the computer works
• Affects a computer negatively by altering the way the computer works
WormWorm
• Copies itself repeatedly, using up resources and possibly shutting
down the computer or network
• Copies itself repeatedly, using up resources and possibly shutting
down the computer or network
Trojan Horse Trojan Horse
• A malicious program that hides within or looks like a legitimate program
• A malicious program that hides within or looks like a legitimate program
Rootkit Rootkit
• Program that hides in a computer and allows someone from a remote location to take full control
• Program that hides in a computer and allows someone from a remote location to take full control
Discovering Computers 2012: Chapter 11 7
Page 558
Video: Attack of the Mobile Viruses
Discovering Computers 2012: Chapter 11 8
CLICK TO START
Internet and Network Attacks
• An infected computer has one or more of the following symptoms:
Discovering Computers 2012: Chapter 11 9
Pages 558 - 559
Operating system runs much slower
than usual Operating system runs much slower
than usual
Available memory is less than
expected
Available memory is less than
expected
Files become corrupted Files become
corrupted
Screen displays unusual message
or image Screen displays unusual message
or image
Music or unusual sound plays
randomly Music or unusual
sound plays randomly
Existing programs and files disappear Existing programs and files disappear
Programs or files do not work
properly Programs or files
do not work properly
Unknown programs or files
mysteriously appear Unknown programs or files
mysteriously appear
System properties change
System properties
change Operating system does not start up Operating system
does not start up
Operating system shuts down unexpectedly Operating system
shuts down unexpectedly
Discovering Computers 2012: Chapter 11 10 Page 559
Figure 11-3
Discovering Computers 2012: Chapter 11 11 Page 561
Figure 11-6
Internet and Network Attacks
• Users can take several precautions to protect their home and work computers and mobile devices from these
malicious infections
Discovering Computers 2012: Chapter 11 12
Page 560 – 561 Figure 11-7
Internet and Network Attacks
• A botnet is a group of compromised computers connected to a network
– A compromised computer is known as a zombie
• A denial of service attack (DoS attack) disrupts computer access to Internet services
– Distributed DoS (DDoS)
• A back door is a program or set of instructions in a program that allow users to bypass security controls
• Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate
Discovering Computers 2012: Chapter 11 13
Pages 562 - 563
Internet and Network Attacks
• A firewall is hardware and/or software that protects a network’s resources from intrusion
Discovering Computers 2012: Chapter 11 14
Pages 563 - 564 Figure 11-8
Internet and Network Attacks
Intrusion detection software Intrusion detection software
• Analyzes all network traffic
• Assesses system vulnerabilities
• Identifies any unauthorized intrusions
• Notifies network administrators of suspicious behavior patterns or system breaches
Honeypot Honeypot
• Vulnerable computer that is set up to entice an intruder to break into it
Discovering Computers 2012: Chapter 11 15
Page 564
Unauthorized Access and Use
Unau tho
riz ed ac ces s is
th e u se of a c omp
ute r or
net wor
k w ith out
perm iss
ion
Unau tho
riz ed ac ces s is
th e u se of a c omp
ute r or
net wor
k w ith out
perm iss
ion
Unaut hori
zed us e is
th e
use of a com pu
ter o r it s
dat a fo
r u nap pro
ved or
pos sib ly ille gal
ac tivi
ties
Unaut hori
zed us e is
th e
use of a com pu
ter o r it s
dat a fo
r u nap pro
ved or
pos sib ly ille gal
ac tivi
ties
Discovering Computers 2012: Chapter 11 16
Page 564
Unauthorized Access and Use
• Organizations take
several measures to help prevent unauthorized
access and use
– Acceptable use policy – Disable file and printer
sharing – Firewalls
– Intrusion detection software
Discovering Computers 2012: Chapter 11 17
Page 565 Figure 11-10
Unauthorized Access and Use
• Access controls define who can access a
computer, when they can access it, and what actions they can take
– Two-phase processes called identification and authentication
– User name – Password – Passphrase – CAPTCHA
Discovering Computers 2012: Chapter 11 18
Pages 565 – 567 Figure 11-11
Unauthorized Access and Use
• A possessed object is any item that you must carry to gain access to a computer or computer facility
– Often are used in
combination with a personal identification number (PIN)
• A biometric device
authenticates a person’s identity by translating a
personal characteristic into a digital code that is
compared with a digital code in a computer
Discovering Computers 2012: Chapter 11 19
Page 568 Figure 11-14
Unauthorized Access and Use
• Digital forensics is the discovery, collection, and analysis of evidence found on computers and
networks
• Many areas use digital forensics
Discovering Computers 2012: Chapter 11 20
Page 569
Law enforcement
Law
enforcement Criminal prosecutors
Criminal
prosecutors Military intelligence
Military intelligence
Insurance agencies Insurance
agencies
Information security departments
Information security departments
Hardware Theft and Vandalism
Hardware theft is the act of stealing
computer equipment Hardware theft is the
act of stealing
computer equipment
Hardware vandalism is the act of defacing
or destroying
computer equipment Hardware vandalism
is the act of defacing or destroying
computer equipment
Discovering Computers 2012: Chapter 11 21
Page 570
Hardware Theft and Vandalism
• To help reduce the of chances of theft, companies and schools use a variety of security measures
Discovering Computers 2012: Chapter 11 22
Page 570 Figure 11-15
Physical access controls
Physical access controls Alarm systemsAlarm systems Cables to lock equipment Cables to lock
equipment
Real time location system
Real time location
system Passwords, possessed objects, and biometrics
Passwords, possessed objects, and biometrics
Software Theft
• Software theft occurs when someone:
Discovering Computers 2012: Chapter 11 23
Page 571
Steals software media
Steals software
media Intentionally
erases programs Intentionally erases programs
Illegally copies a program
Illegally copies a program
Illegally registers and/or activates
a program Illegally registers
and/or activates a program
Software Theft
• A single-user license agreement typically contains the following conditions:
Discovering Computers 2012: Chapter 11 24
Page 571
Permitted to Permitted to
• Install the software on one computer
• Make one copy of the software
• Remove the software from your computer before giving it away or selling it
Not permitted to Not permitted to
• Install the software on a network
• Give copies to friends or colleagues while continuing to use the software
• Export the software
• Rent or lease the software
Software Theft
• Copying, loaning,
borrowing, renting, or distributing software can be a violation of copyright law
• Some software requires product activation to function fully
Discovering Computers 2012: Chapter 11 25
Pages 571 – 572 Figure 11-16
Information Theft
• Information theft occurs when someone steals personal or confidential information
• Encryption is a process of converting readable data into unreadable characters to prevent
unauthorized access
Discovering Computers 2012: Chapter 11 26
Pages 572 - 573 Figure 11-17
Information Theft
Discovering Computers 2012: Chapter 11 27
Page 573 Figure 11-18
Information Theft
• A digital signature is an encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the sender
– Often used to ensure that an impostor is not participating in an Internet transaction
• Web browsers and Web sites use encryption techniques
Discovering Computers 2012: Chapter 11 28
Page 574
Information Theft
• Popular security techniques include
Discovering Computers 2012: Chapter 11 29
Pages 574 - 575
Digital Certificates
Digital Certificates
Transport Layer Security (TLS) Transport Layer
Security (TLS)
Secure HTTP
Secure HTTP VPN VPN
Discovering Computers 2012: Chapter 11 30 Pages 574 - 575
Figures 11-19 – 11-20
Discovering Computers 2012: Chapter 11 31 Pages 574 - 575
Figures 11-19 – 11-20
System Failure
• A system failure is the prolonged malfunction of a computer
• A variety of factors can lead to system failure, including:
– Aging hardware – Natural disasters
– Electrical power problems
• Noise, undervoltages, and overvoltages
– Errors in computer programs
Discovering Computers 2012: Chapter 11 32
Page 575
System Failure
• Two ways to protect from system failures caused by electrical power variations include surge
protectors and uninterruptable power supplies (UPS)
Discovering Computers 2012: Chapter 11 33
Page 576
Figures 11-21 – 11-22
Backing Up – The Ultimate Safeguard
• A backup is a duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed
– To back up a file means to make a copy of it
• Offsite backups are stored in a location separate from the computer site
Discovering Computers 2012: Chapter 11 34
Page 577
Cloud Storage
Backing Up – The Ultimate Safeguard
• Two categories of backups:
– Full backup
– Selective backup
• Three-generation backup policy
Discovering Computers 2012: Chapter 11 35
Page 577
Grandparent Grandparent
Parent Parent
Child Child
Wireless Security
• Wireless access poses additional security risks
– About 80 percent of wireless networks have no security protection
• War driving allows individuals to detect wireless networks while driving a vehicle through the area
Discovering Computers 2012: Chapter 11 36
Page 578 Figure 11-23
Wireless Security
• In additional to using firewalls, some safeguards improve security of wireless networks:
Discovering Computers 2012: Chapter 11 37
Page 578
A wireless access point should not broadcast an SSID
A wireless access point should not broadcast an SSID
Change the default SSID
Change the default SSID
Configure a WAP so that only
certain devices can access it
Configure a WAP so that only
certain devices can access it
Use WPA or WPA2 security standards Use WPA or WPA2 security standards
Health Concerns of Computer Use
• The widespread use of computers has led to health concerns
– Repetitive strain injury (RSI)
• Tendonitis
• Carpal tunnel syndrome (CTS)
– Computer vision syndrome (CVS)
Discovering Computers 2012: Chapter 11 38
Page 579 Figure 11-24
Discovering Computers 2012: Chapter 11 39 Page 580
Figure 11-25
Health Concerns of Computer Use
• Ergonomics is an
applied science devoted to incorporating
comfort, efficiency, and safety into the design of items in the workplace
Discovering Computers 2012: Chapter 11 40
Page 580 Figure 11-26
Health Concerns of Computer Use
• Computer addiction occurs when the computer consumes someone’s entire social life
• Symptoms of users include:
Discovering Computers 2012: Chapter 11 41
Page 581
Craves computer
time Craves computer
time
Overjoyed when at the
computer Overjoyed when at the
computer
Unable to stop computer
activity
Unable to stop computer
activity Irritable when
not at the computer Irritable when
not at the computer
Neglects family and
friends Neglects family and
friends
Problems at work or school
Problems at work or school
Ethics and Society
• Computer ethics are the moral guidelines that govern the use of computers and
information systems
• Information accuracy is a concern
– Not all information on the Web is correct
Discovering Computers 2012: Chapter 11 42
Pages 581 – 582 Figure 11-28
Ethics and Society
Intellectual property rights are the rights to which creators are entitled for their work
Intellectual property rights are the rights to which creators are entitled for their work
• A copyright protects any tangible form of expression
An IT code of conduct is a written guideline that helps determine whether a specific
computer action is ethical or unethical
An IT code of conduct is a written guideline that helps determine whether a specific
computer action is ethical or unethical
Discovering Computers 2012: Chapter 11 43
Page 582
Discovering Computers 2012: Chapter 11 44 Page 583
Figure 11-29
Ethics and Society
• Green computing involves reducing the electricity and environmental waste while using a computer
Discovering Computers 2012: Chapter 11 45
Pages 583 – 584 Figure 11-30
Ethics and Society
• Information privacy refers to the right of
individuals and companies to deny or restrict the collection and use of information about them
• Huge databases store data online
• It is important to safeguard your information
Discovering Computers 2012: Chapter 11 46
Page 584
Discovering Computers 2012: Chapter 11 47 Page 584
Figure 11-31
Discovering Computers 2012: Chapter 11 48 Page 584
Figure 11-31
Ethics and Society
• When you fill out a
form, the merchant that receives the form
usually enters it into a database
• Many companies today allow people to specify whether they want their personal information
distributed
Discovering Computers 2012: Chapter 11 49
Page 585 Figure 11-32
Ethics and Society
• A cookie is a small text file that a Web server stores on your computer
• Web sites use cookies for a variety of reasons:
Discovering Computers 2012: Chapter 11 50
Pages 585 – 586
Allow for personalization
Allow for personalization
Store users’
passwords Store users’
passwords
Assist with online shopping Assist with
online shopping
Track how often users visit
a site
Track how often users visit
a site
Target
advertisements Target
advertisements
Ethics and Society
Discovering Computers 2012: Chapter 11 51
Page 586 Figure 11-33
Ethics and Society
• Spam is an unsolicited e-mail message or
newsgroup posting
• E-mail filtering blocks e-mail messages from designated sources
• Anti-spam programs attempt to remove
spam before it reaches your inbox
Discovering Computers 2012: Chapter 11 52
Page 587 Figure 11-34
Ethics and Society
• Phishing is a scam in
which a perpetrator sends an official looking e-mail message that attempts to obtain your personal and financial information
• Pharming is a scam where a perpetrator attempts to obtain your personal and financial information via spoofing
Discovering Computers 2012: Chapter 11 53
Pages 587 - 588 Figure 11-35
Ethics and Society
• The concern about privacy has led to the
enactment of federal and state laws regarding the storage and disclosure of personal data
– See Figure 11-36 on page 589 for a listing of major U.S.
government laws concerning privacy
• The 1970 Fair Credit Reporting Act limits the rights of others viewing a credit report to only those with a legitimate business need
Discovering Computers 2012: Chapter 11 54
Page 588
Ethics and Society
Social engineering is defined as gaining
unauthorized access or obtaining confidential
information by taking advantage of trust and naivety Social engineering is defined as gaining
unauthorized access or obtaining confidential
information by taking advantage of trust and naivety
Employee monitoring involves the use of computers to observe, record, and review an employee’s use of a computer
Employee monitoring involves the use of computers to observe, record, and review an employee’s use of a computer
Discovering Computers 2012: Chapter 11 55
Page 590
Ethics and Society
• Content filtering is the process of restricting
access to certain material on the Web
• Many businesses use content filtering
• Internet Content Rating Association (ICRA)
• Web filtering software
restricts access to specified Web sites
Discovering Computers 2012: Chapter 11 56
Pages 590 – 591 Figure 11-37
Summary
Potential computer risks and safeguards
Potential computer risks and
safeguards Wireless security risks and safeguards
Wireless security risks and safeguards
Computer-related health issues and preventions Computer-related health
issues and preventions
Ethical issues surrounding information accuracy, intellectual property rights,
codes of conduct, green computing, and information
privacy
Ethical issues surrounding information accuracy, intellectual property rights,
codes of conduct, green computing, and information
privacy
Discovering Computers 2012: Chapter 11 57
Page 591
Your Interactive Guide to the Digital World
Discovering
Computers 2012 Chapter 11
Manage Computing Securely, Safely and Ethically
Chapter 11 Complete