Scribd
Upload
11 views

Lecture 14

Uploaded by

affantariq712
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
11 views

Lecture 14

Uploaded by

affantariq712
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 26

Chapter 7:

Computer and
Network Security

1-1
Chapter Overview

• Introduction
• Hacking
• Malware
• Cyber crime and cyber attacks
• Online voting

1-2
1-2
7.1 Introduction

• Computers getting faster and less expensive


• Utility of networked computers increasing
– Shopping and banking
– Managing personal information
– Controlling industrial processes
• Increasing use of computers  growing
importance of computer security

1-3
1-3
7.2 Hacking

1-4
1-4
Hackers, Past and Present

• Original meaning of hacker: explorer, risk taker,


system innovator
– MIT’s Tech Model Railroad Club in 1950s
• 1960s-1980s: Focus shifted from electronics to
computers and networks
– 1983 movie WarGames
• Modern meaning of hacker: someone who gains
unauthorized access to computers and computer
networks
1-5
1-5
Obtaining Login Names, Passwords

• Eavesdropping/monitor private
conservations
• Dumpster diving/collect data from garbage
• Social engineering/fake calls

1-6
1-6
Password Dos and Don’ts

• Do not use short passwords.


• Do not use a word from the dictionary.
• Do not rely on substituting numbers for letters.
• Do not reuse passwords.
• Give ridiculous answers to security questions.
• Enable two-factor authentication if available.
• Have password recoveries sent to a secure email
address.

1-7
1-7
Computer Fraud and Abuse Act

• Criminalizes wide variety of hacker-related


activities
– Transmitting code that damages a computer
– Accessing any Internet-connected computer without authorization
– Transmitting classified government information
– Trafficking in computer passwords
– Computer fraud
– Computer extortion
• Maximum penalty: 20 years in prison and
$250,000 fine
1-8
1-8
Sidejacking

• Sidejacking: hijacking of an open Web session


by capturing a user’s cookie
• Sidejacking possible on unencrypted wireless
networks because many sites send cookies “in
the clear”
• Internet security community complained about
sidejacking vulnerability for years, but
ecommerce sites did not change practices

1-9
1-9
Case Study: Firesheep

• October 2010: Eric Butler released Firesheep


extension to Firefox browser
• Firesheep made it possible for ordinary computer
users to easily sidejack Web sessions
• More than 500,000 downloads in first week
• Attracted great deal of media attention
• Early 2011: Facebook and Twitter announced
options to use their sites securely

1-10
1-10
Act Utilitarian Analysis

• Release of Firesheep led media to focus on


security problem
• Benefits were high: a few months later Facebook
and Twitter made their sites more secure
• Harms were minimal: no evidence that release of
Firesheep caused big increase in identity theft or
malicious pranks
• Conclusion: Release of Firesheep was good

1-11
1-11
7.3 Malware

1-12
1-12
Viruses

• Virus: Piece of self-replicating code


embedded within another program (host)
• Viruses associated with program files
– Hard disks, floppy disks, CD-ROMS
– Email attachments
• How viruses spread
– Diskettes or CDs
– Email
– Files downloaded from Internet
1-13
1-13
One Way a Virus Can Replicate

1-14
1-14
Email Attachment with Possible Virus

1-15
1-15
How an Email Virus Spreads

1-16
1-16
Antivirus Software Packages

• Allow computer users to detect and destroy


viruses
• Must be kept up-to-date to be most effective
• Many people do not keep their antivirus
software packages up-to-date
• Consumers need to beware of fake antivirus
applications

1-17
1-17
Worm

• Self-contained program
• Spreads through a computer network
• Exploits security holes in networked
computers

1-18
1-18
How a Worm Spreads

1-19
1-19
The Internet Worm

• Robert Tappan Morris, Jr.


– Graduate student at Cornell
– Released worm onto Internet from MIT computer
• Effect of worm
– Spread to significant numbers of Unix computers
– Infected computers kept crashing or became unresponsive
– Took a day for fixes to be published
• Impact on Morris
– Suspended from Cornell
– 3 years’ probation + 400 hours community service
– $150,000 in legal fees and fines

1-20
1-20
Ethical Evaluation
• Kantian evaluation
– Morris used others by gaining access to their computers without
permission
• Social contract theory evaluation
– Morris violated property rights of organizations
• Utilitarian evaluation
– Benefits: Organizations learned of security flaws
– Harms: Time spent by those fighting worm, unavailable
computers, disrupted network traffic, Morris’s punishments
• Virtue ethics evaluation
– Morris selfishly used Internet as experimental lab
– He deceitfully released worm from MIT instead of Cornell
– He avoided taking responsibility for his actions
• Morris was wrong to have released the Internet worm 1-21
1-21
Cross-site Scripting

• Another way malware may be downloaded


without user’s knowledge
• Problem appears on Web sites that allow people
to read what others have posted
• Attacker injects client-side script into a Web site
• Victim’s browser executes script, which may
steal cookies, track user’s activity, or perform
another malicious action

1-22
1-22
Drive-by Downloads

• Unintentional downloading of malware caused by


visiting a compromised Web site
• Also happens when Web surfer sees pop-up
window asking permission to download software
and clicks “Okay”
• Google Anti-Malware Team says 1.3 percent of
queries to Google’s search engine return a
malicious URL somewhere on results page

1-23
1-23
Trojan Horses and Backdoor Trojans

• Trojan horse: Program with benign


capability that masks a sinister purpose
• Backdoor Trojan: Trojan horse that gives
attack access to victim’s computer

1-24
1-24
Rootkits

• Rootkit: A set of programs that provides


privileged access to a computer
• Activated every time computer is booted
• Uses security privileges to mask its
presence

1-25
1-25
Spyware and Adware

• Spyware: Program that communicates over an Internet


connection without user’s knowledge or consent
– Monitor Web surfing
– Log keystrokes
– Take snapshots of computer screen
– Send reports back to host computer
• Adware: Type of spyware that displays pop-up
advertisements related to user’s activity
• Backdoor Trojans often used to deliver spyware and
adware

1-26
1-26

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy