Security Chapter 8Objectives

• Societal impact of information and information technology

– Explain the meaning of terms related to computer security and crime and determine ways to protect both a business and yourself

– Identify areas of computer security vulnerability and ways to protect against them

– Recall the definition of encryption and apply the XOR encryption technique

– Recognize good and bad passwords based on password guidelines

Security Resources you can use

• Protecting your computer sound byte:http://wps.prenhall.com/bp_evans_techinaction_1/0,8697,1105530-,00.html

• Norton AntiVirus Response Center Web Page

http://securityresponse.symantec.com/• Test the vulnerability of your computer:

– Gibson Research Corporation (http://www.grc.com)

– Qualys (http://browsercheck.qualys.com/)

Computer security vulnerability points

• Hardware –

• Software –

• People –

Backup

• Data and Files are vulnerable

• Primary defense against data loss

• Selective, incremental & full

Software

• Perform regular updates

• http://update.microsoft.com for Windows

• Microsoft update: Windows, Office, more

• Automatic updates

• Check with vendors for updates

• Verify e-mail notices independently

Hackers

• Def:

• Types of hackers:– White-hat– Black-hat– Script kiddies

What Hackers Do

• Steal information from computers:– Credit card numbers– Bank account numbers

• Internet packet sniffing• Commit identity theft• Create widespread computer attacks:

– Backdoor programs (Trojan horse)

• Denial of service attacks

How Hackers Gain Access

• Direct access:– Hacking software

• Indirect access:– Internet connection

Firewall• Def:

• Types of firewalls:– Norton Personal Firewall– McAfee Firewall– Zone Alarm– BlackICE PC Protection– Network routers

Computer Viruses

• What puts you at risk for viruses?

How to "Catch" a Virus

• Email attachments. Do not open attachments before checking– Is this email from someone I know?– Is the message a sensible follow-up to the last

message from the sender?– Is the content of the message something the sender

would say to me?– Is there a reason for the sender to include an

attachment?

• When in doubt, be cautious

Antivirus Software• Def:

– Scan files looking for virus signatures (unique code)

– Provide options for deleting or fixing infected files

• Need to be updated frequently

• Examples: McAfee, Norton, and Sophos, Inc.

What Viruses Do

• Replicate themselves:– Slow down networks

• Display annoying messages

• Delete files

• Change computer settings

Love Letter – Fastest spreading virus

Melissa – Caused $80 million damage

Nimda – Affected more than 1 million computers

Logical security

Def:

What are ways to protect your password?

Biometric identification systems

– Fingerprint– Palm print– Iris scan– Face recognition technology

Encryption

• Def:

• Encrypted data can be safely stored or transmitted

• Why is this needed?

Encryption example

• Using Exclusive OR, XOR, If bits are the same, result is 0; if different 1

Apply a key to the plain or clear text

Encryption example

0101 Cleartext (The hex digit 5)

1001 Key

Encryption example

• If the cleartext is the hex digit D and the XOR key is 1001, what is the encrypted text?

Encryption example

• Encrypt the word NO with the key 10110110

Assignment

• Using XOR and the key 10110110, determine the encrypted results for the ASCII text: PASSWORD

• Complete HTML3