1 / 34

Chapter 9

Chapter 9. Computers, Privacy, and Security . Introduction. With the rise of the Internet, personal data is often made available online Many government agencies make a wide range of records available online

teagan
Download Presentation

Chapter 9

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 9 Computers, Privacy, and Security

  2. Introduction • With the rise of the Internet, personal data is often made available online • Many government agencies make a wide range of records available online • The accessibility of personal information on the Internet raises security and privacy concerns • Security concerns include system failure and securing online transactions and e-mail • Privacy concerns include the collection of customer data, spam, and online activity tracking • Laws and software tools can protect an individual’s security and privacy

  3. Security Concerns • System Failure • Prolonged malfunction to a computer • A crash (in user mode) occurs when an application tries to execute an illegal instruction, and is shut down by the operating system (OS) • A crash in the operating system itself can occur as well, when for example it was hacked and illegal instruction was attempted to be executed, or drivers failed (which run in kernel mode), OS updates were installed which were not completely tested, etc. • A hang can also occur. For example, two or more threads are deadlocked, or an application is causing 100% CPU usage (ex. has an infinite loop) and the machine appears frozen, there is a memory leak in some application, so machine is out of memory and appears frozen, etc.

  4. Security Concerns, cont. • An environmental failure: • Undervoltage occurs when the electrical supply drops below 120 volts (in the U.S.) • Overvoltage occurs when the incoming electrical voltage increases significantly above 120 volts • Secure Internet Transactions and E-Mail • Information transmitted over networks has a greater security risk than internal data • There is no central administrator present on the Internet • Data over the Internet may be routed through a number of networks, any of which can be monitored • On an e-commerce site, intercepted data might include contact and credit card information • An unprotected e-mail might contain personal or confidential information

  5. Privacy Concerns • When one uses a computer to send data over the Internet, their privacy can potentially be compromised • Personal information and online activity may be shared • Personal information may be stored databases on servers • Ex. health insurance, travel sites, government • Some personal information may not be considered private by a user, such as grocery store purchases • Other information one may want protected, such as medical history or Web surfing activity

  6. Collecting Customer Data • Electronic profiling • Companies can sell personal data to national marketing firms and Internet advertising firms • These firms create profiles of customers to identify their preferences, as well as buying trends in general • Electronic profiles can be sold to other companies • Privacy policies sometimes change without the customer’s knowledge • Opt out policies should be clear and easy to find • Privacy policies should be easy to understand

  7. Spam • Any unsolicited junk e-mail message or newsgroup posting sent to many recipients or newsgroups at once • Often a result of companies sharing personal information • Used to sell products, promote business opportunities, special offers, etc. • Can contains viruses or spyware • Accounts for almost half of all U.S. e-mail traffic • May degrade the usefulness of e-mail

  8. Online Activity Tracking • Cookie • Small text file that a Web server stores on your computer • Contains user data, such as user name and preferences • Used for several purposes • Customizes Web pages • Stores username and password so that you do not have to log in each time • Tracks which Web pages or ads you have visited • Keeps track of items in your online shopping cart • Web sites may sell cookie data, or use third-party cookies to record click stream data from any Web page or link

  9. Yahoo uses a cookie to store information about your customized MyYahoo page

  10. Types of cookies

  11. Online Activity Tracking, cont. • Spyware • A program placed on a computer without the user’s knowledge that secretly collects information about the user • Can enter the computer as a virus, or just install itself in the background (when low security settings are used) • Used by employers to monitor employees • Used by firms to determine Web browsing habits • Web bugs • A graphic embedded on Web pages to collect information about visitors to the site • Can store IP addresses, browser type, Web address of previous page, time of visit, and a previously set cookie value • Used to gather statistics or customize a a user’s experience

  12. Carnivore is a FBI packet-sniffing program used to monitor all data sent to and from a suspected criminal’s computer

  13. Privacy Laws • Electronic Communications Privacy Act • Protects electronics communications • Excludes businesses monitoring and the use of the Carnivore program to monitor suspected criminals • Computer Fraud and Abuse Acts • Outlaws unauthorized access to federal government computers and the transmission of harmful computer code • Fair Credit Reporting Act • Limits people who can legally view a credit report to those with legitimate business needs, but does not define legitimate business need • Children’s Online Privacy Protection Act • Requires parental permission for children over 13 for marketing or personal data

  14. Summary of the major U.S. laws concerning privacy

  15. Many Web sites demonstrate their commitment to privacy by applying to be part of the TRUSTe program

  16. Protecting against System Failure • A surge protector protects against electrical power variations • It smoothes out overvoltages, provides a stable current flow, and keeps an overvoltage from reaching computer equipment • An uninterruptible power supply (UPS) can provide power during a temporary or permanent loss of power • Contains surge protector circuits and one or more batteries • Connects a computer with the power source • Can shut down the computer properly if power is out for a certain number of minutes

  17. Backing Up Data • A backup is a duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed • Critical files should always be backed up and stored off site • Can be stored on any storage media, including tapes, CDs, DVDs, or on remote machine, or duplicate hard drives • Can also be stored on an Internet hard drive, also called online storage • Might be impractical without a high-speed connection • Backups can be done manually, with a built-in backup utility, or with a backup software package • Backup procedures specify a regular plan of different types of backups

  18. Types of backups

  19. Defining a Disaster Recovery Plan • A disaster recovery plan is a written plan describing the steps a company would take to restore computer operations in the event of a disaster • The plan contains four components • Emergency, backup, recovery, and test plans • Companies may maintain a hot or cold site for backup • A hot site is a separate facility that mirrors the systems and operations of the main site • A cold site mirrors the main site, but does not become operational until the main site is down

  20. Components of a disaster recover plan

  21. Protecting against Unauthorized Access and Use • Access controls use a two-phase process • Authentication verifies that the individual is the person he or she claims to be • Authorization verifies the user has permissions / privileges to access the resource requested, or perform the actions requested • Firewalls prevent unauthorized access to services through the network • Companies use firewalls to deny access to outsiders, as well as to restrict employee access • A proxy server outside of the company’s network controls which communications pass into the company’s network • A personal firewall protects a personal computer from undesirable network connections

  22. A firewall helps to prevent unauthorized access to services, resources and data available on a network

  23. Protecting against Unauthorized Access and Use, cont. • Intrusion detection software identifies possible security leaks • Analyzes all network traffic, assesses system vulnerabilities, identifies unauthorized access or suspicious behavior patterns • A honeypot entices an intruder to hack a system by posing as a simulated computer system / virtual machine with security vulnerabilities (not patched) • Therefore, all critical security updates for the platform and services/applications running on it should be installed as soon as they become available (enable automatic updates) in order to patch vulnerabilities. • A choice of a strong password can reduce chances of gaining unauthorized access to a machine. Password should be as long as possible, containing letters (upper case and lower case), numbers, and punctuation. A combination of two or more words, or a pass-sentence is much more difficult to generate through brut force algorithms, or other password guessing programs than a pass-word, as words are available in the dictionary.

  24. Protecting against Unauthorized Access and Use, cont. • Possessed objects are items (usually cards, badges, smart-cards) that users must carry to gain access to a facility or computer • Biometric devices authenticate a person’s identity by translating physical characteristics into a digital code (finger print, retina scan, face recognition, etc.) • A callback system only allows to connect to a computer after the computer calls the person back at a previously established phone number • Audit logs maintain a file record of successful and unsuccessful attempts to access a system

  25. Protecting against Hardware Theft • School and companies use • Physical access controls, such as locks • Alarm systems • Physical security devices such as cables that lock equipment to a desk or cabinet • Small locking devices to secure access to a disk drives • Mobile equipment users can • Carry equipment with them at all times • Lock it temporarily with a cable • Install a mini-security system

  26. Protecting Online Privacy -Encryption • Encryption is the process of converting readable data into unreadable characters to prevent unauthorized access • The recipient must decrypt the data into a readable form • Private key encryption • Both the originator and recipient use the same secret key to encrypt and decrypt the data • Public key encryption • Both a public key and a private key are generated • A message encrypted with your public key can only be decrypted with your private key, and vice versa • RSA encryption is a powerful public key encryption technology used for transmitting data over the Internet

  27. Four simple methods of encryption

  28. Protecting Online Privacy - Transactions • Many Web browsers provide 40-bit or 128-bit encryption (a random number used to encrypt communication with SSL, after the initial handshake). • A secure Web site uses encryption techniques • Security protocols: • Secure Sockets Layer (SSL), or HTTPS, require the server to have a digital certificate. The certificate has two parts: public key and a private key, which are used for the encryption algorithm. The public key is digitally signed by the certification authority, which issued the certificate. • The certificate contains information to identify the web site such as web site name, company name, and location. It also contains the certificate authority’s (CA) name (which certifies the company is who they say they are) a digital signature, serial number of the certificate, expiration date, etc. • Secure Electronics Transactions (SET) Specification secures financial transactions on the Internet

  29. Protecting Online Privacy –E-mail and Spam • Protect e-mail by • Encrypting it with an e-mail encryption program • Using a digital signature which attaches an encrypted code to a document to verify the identity of the sender • Reduce spam by • Changing e-mail settings to block and delete spam (junk mail filters if available) • If not, sign up for e-mail filtering services that block e-mail messages from designated sources • Use an antispam software

  30. Protecting Online Privacy - Cookies, Spyware, and Web Bugs • Set your browser’s privacy setting to specify what type of cookies you accept: • You do not want to refuse all cookies, because some legitimate online applications would not work properly if you did not have cookies enabled. However, you may set the browser to prompt before downloading/creating a cookie. • Set the browser security settings to medium or high (it will prompt before downloading any files (cookies, activeX controls, applets, spyware etc.) and block pop-ups ) • May use software which checks for spyware and web bugs • Limit the amount of information you enter on a Web site • Create a designated junk mail e-mail, and give only that e-mail to online sites requiring you to provide e-mail (in order to purchase things, or use online services)

  31. Security and Privacy in the Workplace • Employee monitoring and surveillance are often used in companies today to ensure network security, manage productivity, and protect the company’s reputation • Companies should have an acceptable use policy (AUP) that outlines what a computer may or may not be used for • Employee Internet Management (EIM) software helps employees monitor and report on employee behavior, such as Internet use. • Employee monitoring and video surveillance tools are legal • Maintaining security and privacy is a balancing act

  32. Summary • Security concerns discussed in this chapter include • System failure • Securing online transactions and e-mail • Privacy concerns surrounding computers include • Collection of customer data for electronic profiling • Spam • Online activity tracking with cookies, spyware, and Web bugs • A computer can be protected by: • using software or hardware tools (firewall, antivirus software, automatic updates software), • set browser to use medium or high security settings, • use strong passwords, • set appropriate access controls (permissions)/ user privileges

More Related