Computer Crime Security Hackers Crackers Worms Oh my

Computer Crime & Security Hackers & Crackers & Worms! Oh my!!

What’s at Risk n n Personal Information Intellectual Property Business Information National Security

Personal Information n Identity Theft n n Contact the fraud departments of any one of the three consumer reporting companies Close the accounts that you know or believe have been tampered with or opened fraudulently. File a report with your local police or the police in the community where the identity theft took place File your complaint with the FTC

Intellectual Property n Copyright n n Trademark n n Protects unique symbol or words used by a business to identify a product or service Trade Secret n n Protects words, music, and other expressions for life of copyright holder plus 70 years Protects secrets or proprietary information Patent n Protects an invention by giving the patent holder monopoly on invention for 20 years after patent application has been applied.

Business Information n Business Intelligence n n Competitor Intelligence n n Business intelligence about the competitor. Counter Intelligence n n Collecting & analyzing information in pursuit of the business advantage. Protecting your own information from access by a competitor. Customers’ Information

National Security n Cyber terrorism n n Acts of terrorism over the Internet which intimidate or harm a population United States Computer Emergency Readiness Team – US CERT n n n National Strategy to Secure cyberspace Prevent cyberattacks on America’s critical infrastructures Reduce national vulnerability to cyberattacks Minimize damage and recovery time from cyberattacks http: //www. us-cert. gov/

Current US Privacy Laws n n Consumer Internet Privacy Protection Act of 1997 The Children’s Online Privacy Protection Act of 2000 Information Protection & Security Act of 2005 Notification of Risk of Personal Data Act 2003

Current US Privacy Laws n n Identity Theft Protection Act of 2005 Health Insurance Portability & Accountability Act (HIPAA) of 1996 Sarbanes-Oxley Act (“Sarbox”) of 2002 Gramm-Leach-Bliley Act (GBLA) of 1999

Source of Security Threats n n n Software/Network Vulnerabilities User Negligence & Theft Pirates & Plagiarism Hackers & Crackers Internal Threats

Software/Network Vulnerabilities n Security Holes Vulnerability of a program or a system n Data compromise n Unauthorized software installation n n Software Patches Fixes to the software n Announces the problem n

User Negligence & Theft n n n Data-entry errors Errors in programs Improper set-up or installation Mishandling of output Inadequate planning for equipment malfunctions Inadequate planning for environment

Pirates & Plagiarism n Piracy Illegal copying, use, and distribution of digital intellectual property n Warez - Commercial programs made available to the public illegally n n Plagiarism n Taking credit for someone else’s inellectual property

Hackers & Crackers n Hacker n n Cracker n n Slang term for computer enthusiast May be complementary or derogatory Goal is to gain knowledge Someone who breaks into a computer system for malicious purposes Computer Forensics n The application of scientifically proven methods to gather, process, interpret, and to use digital evidence to provide a conclusive description of cyber crime activities.

Internal Threats n Threat to System Health & Stability Software n Data n n Information Theft Most information theft internal n Most not reported n Accidental unauthorized access n

Types of Threats n n n Networks Wireless Networks Internet Threats Malware Scams, Hoaxes, Spam, & Fraud

Network Threats n Users Permissions n File Ownership n n Software Data Unauthorized use of resources

Wireless Network Threats n n Signals are broadcast War driving War walking Piggybacking

Internet Threats n Methods Key-logging software n Packet-sniffing software n Port-scanning software n Social engineering n Denial of Service n Distributed Denial of Service n

Internet Threats n Purpose Hobby or challenge n Vandalism n Gain a platform for an attack n Steal information or services n Spying n

Malware n n n Viruses Worms Trojan Horses Spyware/Adware Zombies & Botnets

Computer Viruses n n Self-replicating Self-executing Delivers a payload Attaches itself to an existing file

Types of Viruses n n n n Boot Virus Direct Action Virus Directory Virus Encrypted Virus File Virus Logic Bomb Macro Virus

Types of Viruses n n n Multipartite Virus Overwrite Virus Polymorphic Virus Resident Virus Time Bomb Stealth Virus

Worms n n Operate on a computer network Uses network to send copies of itself Does not attach itself to an existing file Exploits network security flaws

Types of Worms n n n E-mail Worms Instant Messaging Worms IRC Worms File-sharing Networks Worms Internet Worms

Trojan Horse n n n Disguised as non-harmful software Non-self replicating Types of Trojan Horses Legitimate program corrupted by malicious code insertion n Stand alone program masquerading as something else, i. e. a game or image file n

Spyware & Adware n Spyware Collects information n Sends information over the Internet n Can take control of computer n n Adware n Automatically pops-up with advertising material

Zombies & Botnets n Zombie Compromised computer attached to the Internet n Performs malicious behavior under remote control n May be used for Ddos or Spam n n Botnet n Collection of robot computers running autonomously

Phishing, Spam, & Hoaxes n n Phishing & Pharming Spam n n http: //video. google. com/videoplay? docid=562 7694446211716271 Hoaxes & Urban Legends n http: //www. snopes. com

Securing Systems n n n Passwords Firewalls ID Devices & Biometrics Data Encryption Systems Maintenance Wireless Security

Passwords n n Secret authentication Control access Short enough to be memorized Good Passwords n n Do use a password with mixed-case alphabetic characters. Do use a password with nonalphabetic characters. Do use a password that is easy to remember. Do use a password that you can type quickly.

Firewalls n n n Hardware or Software Port Protection Packet Filter Network Layer Application Layer Proxy Server

ID Devices & Biometrics n ID Devices n n Hardware for authentication Biometrics n Measure of unique physical characteristic for authentication

Data Encryption n Obscuring Information Cipher Encryption Software

Systems Maintenance n n Anti-virus software Back-up system and data Software updates Delete temporary files

Wireless Security n n Disable SSID Passwords Discrimination Data Encryption