You are on page 1of 21

Chapter 13A

Understanding the Need
for Security Measures

McGraw-Hill Technology

Copyright © 2006 by The McGraw-Hill Companies, Inc. All

Basic Security Concepts
• Threats
– Anything that can harm a computer
– Vulnerabilities are weaknesses in security
– Security attempts to neutralize threats
– Burglar, a virus, an earthquake, or a simple
user error

14A-2

Basic Security Concepts • Degrees of harm – Level of potential damage – Include all parts of system • • • • 14A-3 Potential data loss Loss of privacy Inability to use hardware Inability to use software .

Basic Security Concepts • Countermeasures – Steps taken to block a threat – Protect the data from theft – Protect the system from theft 14A-4 .

Threats To Users • Identity Theft – Occurs when someone Impersonates you by using your private information. • Thief can ‘become’ the victim – Reported incidents rising – Methods of stealing information • • • • • 14A-5 Shoulder surfing (ATM) Snagging (listening) Dumpster diving (delete) Social engineering(website) High-tech methods(trojan horses .

Threats To Users • Loss of privacy – Personal information is stored electronically – Purchases are stored in a database • Data is sold to other companies • Public records on the Internet – Criminal records – Background Information 14A-6 .

and how long you were at the site before leaving. which pages you downloaded. – The cookie might list the last time you visited the site. 14A-7 .Threats to Users • Cookies – A cookies is a small text file that a web server asks your browser to place on your computer.

who stores it in a database. The program then sends the information to the developer. 14A-8 .Threats to Users • Spyware – When you install and register a program. it may ask you to fill out a form.

Threats to Users • Web bugs – A web bug is a small GIF-format image file that can be embedded in a web page or an MTML-format e-mail message. 14A-9 . – A web bug can be as small as a single pixel in size and can easily be hidden any where in an MTML document – Like cookies bug’s creator track many of your online activities.

Threats to Users • Spam – Spam is internet junk mail or unsolicited commercial email – Almost all spam is commercial advertising – Networks and PCs need a spam blocker • Stop spam before reaching the inbox – Spammers acquire addresses using many methods – CAN-SPAM Act passed in 2003 14A-10 .

noise) Uninterruptible power supplies (UPS) Generators .Threats to Hardware • Affect the operation or reliability • Power-related threats – Power fluctuations • Power spikes or browns out – Power loss or power failure – Countermeasures • • • • 14A-11 Surge suppressors (voltage spikes) Line conditioners (voltage drops.

Threats to Hardware • Theft and vandalism – Thieves steal the entire computer – Accidental or intentional damage – Countermeasures • • • • • 14A-12 Keep the PC in a secure area Lock the computer to a desk Do not eat near the computer Watch equipment Handle equipment with care .

hurricanes – Disaster planning • • • • 14A-13 Plan for recovery List potential disasters Plan for all eventualities Practice all plans .Threats to Hardware • Natural disasters – Disasters differ by location – Typically result in total loss – Earthquakes.

Threats to Data • Viruses – Software that distributes and installs itself – Viruses are pieces of a computer program that attach themselves to host programs. – Countermeasures • Anti-virus software • Popup blockers • Do not open unknown email 14A-14 .

Threats to Data • Trojan horses – Program that poses as beneficial software – User willingly installs the software – Countermeasures • Anti-virus software • Spyware blocker 14A-15 .

Threats to Data • Cybercrime – Using a computer in an illegal act – Fraud and theft are common acts 14A-16 .

Threats to Data • Internet fraud – Most common cybercrime – Fraudulent website – Have names similar to legitimate sites 14A-17 .

3 trillion in 2003 – Hackers motivation • Recreational hacking • Financial hackers • Grudge hacking – Hacking methods 14A-18 • Sniffing • Social engineering • Spoofing .Threats to Data • Hacking – Using a computer to enter another network – Cost users $1.

Threats to Data • Distributed denial of service attack – Attempt to stop a public server – Hackers plant the code on computers – Code is simultaneously launched – Too many requests stops the server 14A-19 .

Threats to Data • Cyber terrorism – Attacks made at a nations information – Targets include power plants – Threat first realized in 1996 – Organizations combat cyber terrorism • Computer Emergency Response Team (CERT) • Department of Homeland Security 14A-20 .

Chapter 13A End of Chapter McGraw-Hill Technology Copyright © 2006 by The McGraw-Hill Companies. Inc. All .