Chapter 11: Manage Computing Securely, Safely and Ethically.
As the title says, we have to manage computing securely, safely and ethically to avoid any loss of private information and also the performance of computer. This is important since the computer virus been invented, as well as more and more different malware, trojan horse and spyware is coming out and spreading over the internet. It is hard to trace the originality of the viruses and destroy them completely as they will replicate themselves over time. What we can do as a user is to prevent the viruses from entering our computer system with the aid of various antivirus software.
Computer security risk- any event or action that could cause a loss of or damage to computer hardware, software, data, information and processing capability.
Type of computer security risk:
A) Cybercrime- an online or internet-based illegal act.
For example:
1) Hackers- where a person's computer is broken into so that any personal or sensitive information could be obtained. But there are ethical hackers (provide benefit) and unethical hackers (steal information).
2) Crackers- where a computer program's license or password is bypassed.
3) Script kiddies- where a person uses existing scripts or code to hack into a computer.
4) Corporate spies- a covert gaining competitor's information.
5) Unethical employees- employee who obtain company's information and sell it.
6) Cyberextortionists- crime involving attack or threat of attack with purpose to get money out of it.
7) Cyberterrorists- act of internet terrorism in terrorists activities, including acts of deliberate, large scale disruption of computer networks by the means of tools such as computer viruses.
B) Internet and network attacks- often caused by viruses, malware, spyware or trojan horse.
Users may use online security service (websites that evaluates computer to check for internet and e-mail vulnerabilities) such as Audit My PC, McAfee Free Scan and Symantec Security Check.
Types of internet and network attacks:
1) Computer virus- affects a computer negatively by damaging computer system and hardware.
2) Worm- replicate itself and will take up hard disk space and internet bandwidth.
3) Trojan horse- hides itself and looks like a legitimate program that will steal information.
4) Rootkit- hides in a computer and allows someone from remote location to take full control.
5) Botnet- a group of compromised computers a.k.a zombie connected to a network.
6) Denial of service attack (DoS attack)- disrupts computer access to internet services.
7) Back door- a program or set of instructions in a program that allow users to bypass security control.
8) Spoofing- a technique intruders used to make their network or internet transmission appear legitimate.
Symptoms of infected computer:
1) Operating system run slower than usual.
2) Available memory is less than expected.
3) Files become corrupted.
4) Screen displays unusual messages or images.
5) Music or unusual sound plays randomly.
6) Existing program and files disappear.
7) Program or files do not work properly.
8) Unknown program or files mysteriously appear.
9) System properties changed.
10) Operating system does not start up.
11) Operating system shut down unexpectedly.
Tips for preventing viruses and other malware:
1) Never start a computer with removable device connected to computer unless it is not infected.
2) Never open an unknown e-mail attachment.
3) Install an antivirus software and keep it updated.
4) Scan all downloaded programs for virus and malware.
5) Delete e-mail attachment that is infected.
6) Scan removable media with antivirus software before using it.
7) Install a personal firewall program (hardware and/or software that protect a network's resources from intrusion).
8) Stay informed about new virus alerts and virus hoaxes.
Intrusion detection software- notifies network administrators of suspicious behaviour patterns or system breaches by analysing all network traffic and accesses system vulnerabilities to identify unauthorised intrusions.
Honeypot- vulnerable computer that is set up to entice an intruder to break into it.
C) Unauthorised access and use
Unauthorised access- use of computer or network without permission.
Unauthorised use- use of computer or its data for unapproved or illegal activities.
Ways that an organisation takes to prevent unauthorised access and use:
1) Acceptable use policy (AUP)- a document stipulating constraints and practices that a user must agree to for access to a corporate network or internet. A type of terms and conditions.
2) Disable file and printer sharing- so that computer files cannot be displayed by other computers in a network.
3) Firewalls- hardware and/or software that protect a network's resources from intrusion.
4) Intrusion detection software- notifies network administrators of suspicious behaviour patterns or system breaches by analysing all network traffic and accesses system vulnerabilities to identify unauthorised intrusions.
5) Access control- define who can access a computer and types of actions they can take with the use of username, password, passphrase and CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart).
6) A possessed object- any item that a user must carry to gain access to a computer or computer facility.
7) Biometric device- authenticate a person's identity by translating a personal's characteristic into a digital code to match with digital code in a computer. Such as fingerprint reader or facial recognition system.
Digital Forensic- discovery, collection and analysis of evidence found on computers and networks. Application can be found in many areas such as law enforcement, criminal prosecutor, military intelligence, insurance agency and information security department.
D) Hardware theft- stealing computer's hardware.
Hardware vandalism- destroying of computer's hardware.
Ways that a company or school use to reduce the chances of theft:
1) Physical access controls.
2) Alarm systems.
3) Cables to lock equipment.
4) Real time location system.
5) Passwords, possessed object and biometrics.
E) System failure- prolonged malfunction of a computer. Often caused by aging hardware, natural disasters, electrical power problems (noise, undervoltages and overvoltages) and errors in computing programs.
Ways to prevent system failure:
1) Surge protectors.
2) Uninterruptable power supplies (UPS).
F) Information theft- stealing other's information like identity or personal information.
Ways to reduce information theft:
1) Encryption- process of converting readable data into unreadable characters to prevent unauthorised access.
Example of encryption algorithms:
i) Transposition- switch the order of characters.
ii) Substitution- replace characters with other characters.
iii) Expansion- insert characters between existing characters.
iv) Compaction- remove characters and store elsewhere.
2) Public key encryption- uses a paired public and private key algorithm for secure data communication.
How it works:
i) A sender will encrypt the message or document to be e-mailed to receiver by using the receiver's public key.
ii) The receiver will decrypt the message or document with his/her private key.
3) Digital signature- an encrypted code that a person, web site or organisation attaches to an electronic message to verify the identity of the sender.
4) Digital certificate- an electronic passport that allows a person, computer or organisation to exchange information securely over the internet using the public key infrastructure (PKI).
5) Transport layer security (TLS)- provide secure communications on the internet such as e-mail, internet faxing and other data transfers.
6) Secure HTTP (Hypertext Transfer Protocol)- allows secure exchange of files on the WWW.
7) VPN (Virtual Private Network)- technology that creates an encrypted connection over a less secure network.
G) Software theft- occurs when someone steals software media, intentionally erases programs, illegally copies a program and illegally registers and/or activates a program.
Ways a software developer use to prevent software theft:
1) Single user license agreement- user is permitted to install the software only on one computer, make one copy of the software and must remove the software from computer before giving or selling it to others. User is not permitted to install the software on network, give copies to others while still using it, export the software and rent the software.
2) Copyright law- copying, loaning, borrowing, renting or distributing software without copyright or permission from the software developer.
3) Product activation- some software may require product activation code.
Beside computer security risk, there is wireless security risk. And the ways to prevent it are a wireless access point should not broadcast an SSID (Service Set Identifier), change the default SSID, configure a WAP (Wireless Application Protocol) and use WPA (Wi-Fi Protected Access) or WPA 2 security standards.
The best way to reduce computer security risk is having a good ethics and society.
Under Ethics and Society,
Computer ethics are the moral guidelines that govern the use of computers and information systems.
Intellectual property rights are the rights to which creator are entitled for their work.
Copyright protects any tangible form of expression.
IT code of conduct is a written guideline that help determine ethical and unethical computer action.
For example:
1) Computers may not be used to harm other people.
2) Employees may not interfere with others' computer work.
3) Employees may not meddle in others' computer files.
4) Computers may not be used to steal.
5) Computers may not be used to bear false witness.
6) Employees may not copy or use software illegally.
7) Employees may not use others' computer resources without authorisation.
8) Employees may not use others' intellectual property as their own.
9) Employees shall consider the social impact of programs and systems they design.
10) Employees always should use computers in a way that demonstrates considerations and respect for fellow humans.
Green computing involve reducing the electricity and environmental waste while using a computer.
Green computing suggestions:
1) Use computers and devices that comply with the Energy Star program.
2) Turn off computers when not in use.
3) Use LCD monitor instead of CRT monitor.
4) Turn on power save mode.
5) Use paperless method to communicate.
6) Recycle paper.
7) Buy recycled paper.
8) Recycle toner cartridges.
9) Recycle old computers, printers and other devices.
10) Telecommute to save gas.
11) Use video conferencing and VoIP for meetings.
Information privacy- refers to the right of individuals and companies to deny or restrict the collection and use of information about them.
Examples on how to safeguard personal information:
1) Fill only necessary information on any form.
2) Avoid shopping club and buyer cards.
3) Ask before giving personal information to any merchants.
4) Install a cookie manager to filter cookies.
5) Turn off file and printer sharing on internet connection.
6) Install a personal firewall.
7) Inform merchant not to distribute your personal information.
8) Clear history file frequently on browser.
9) Do not reply to spam for any reason.
10) Surf the web anonymously.
Cookie- a small text file that a web server stores on your computer. It allows personalisation, store users' passwords, assist with online shopping, track how often users visit a site and target advertisement.
Spam is an unsolicited e-mail message or newsgroup posting.
E-mail filtering blocks e-mail messages from designated sources.
Anti-spam programs attempt to remove spam before it reaches your inbox.
Phishing is a scam where an official looking e-mail message that attempts to obtain your personal and financial information.
Pharming is a scam where spoofing is used as an attempt to obtain your personal and financial information.
Content filtering is the process of restricting access to certain material on the web.
Web filtering software restricts access to specified websites.
Social engineering is defined as gaining unauthorised access or obtaining confidential information by taking advantage of trust and naivety.
Employee monitoring involves the use of computers to observe, record and review an employee's use of a computer.
