Introduction to Computer Information Systems/Security

From Wikibooks, open books for an open world
< Introduction to Computer Information Systems
Jump to: navigation, search

Unauthorized Access and Control Systems[edit]

Encryption - decryption

Firewall is a type of security system that creates a wall that checks all incoming and outgoing messages to ensure only authorized traffic goes through. There are many different forms of this application such as Norton[1] and Windows Security Essentials[2]. Another way to protect your information is encryption. Encryption basically scrambles and makes any message sent unreadable to anyone who does not have a key. The key is then used to decrypt the scrambled message into the original format. Whenever you go to a website that has an S after the HTTP that means it is a secure web page. Meaning the entire web page is encrypted, so people hacking to your web browser cannot get you credit card number or SSN. One question that arises is, can't you just make every website a secure web page? The simple answer is money, a site owner needs to pay someone to encrypt the site. Then to send the data takes up more bandwidth, and slows down traffic in general. Another form of protection is a VPN (virtual private network). A VPN creates a link between the user and some other destination. In order to access the VPN you will need a username and password, in order to keep it more secure and to block out hackers.

Retinal Scanner

Biometric Access Systems identify an individual based on their fingerprint, iris, or facial features or other unique physiological characteristic. Keystroke Dynamics recognize an individual's personal typing pattern to authenticate the user as s/he types a username or password. Biometric readers allow access based on the persons physical characteristics. Fingerprint readers and retinal scanners isolate an unchangeable property in an individual in order to identify them and offer high security based on these measures. They are typically used to control access to high risk facilities such as government property, prisons, and corporate headquarters. Fingerprint scanners have also been equipped into laptops in order to offer a higher standard of protection in securing personal files. In the same way, a person can download face recognition software onto their laptop as well. Because biometrics are entirely unique to the user, they are extremely accurate. In the same way no two people will have the same fingerprint, a persons facial features and iris' are as equally unique. In fact, the odds of another person having the same features as another is about 1 in 10^78 power.[3]

Computer Sabotage[edit]

Botnets and Computer Viruses[edit]

Protect Your Computer

A botnet is a large group of computers that have been taken over; botnets are a serious threat to computer users because of their devious ways of taking over computers. At the time, computer owners did not know their computers were being altered. Botnets are commonly used for DDoS attacks, click-fraud, phishing campaigns, key logging,and host malicious web sites. There are warning signs a computer user should be aware of if he or she's computer is apart of a botnet. For example, the computer will be extremely slow, one will receive emails accusing he or she of spam, and the computer user will have email messages in his or her's outbox that was never sent. [4] Also, a malware is any type of deleterious software. A computer virus is a common type of malware that ruins computers. There are many harmful effects that could come with a computer virus. For example, a virus could delete important data, send out fake emails, and could possibly delete the information that contains on the hard drive. Therefore, it is important for a computer user to buy an anti virus system for his or her’s computer to avoid these terrible malfunctions that are very common in computers. [5]

Online Theft and Fraud[edit]

Identity Theft[edit]

Credit-cards.jpg

Identity theft is when someone identity in order to gain access to their bank accounts and possibly rent apartments or take out loans in that persons name. They then use their credit cards to make purchases. It usually begins when someone gets the name, address, and social security of someone from thrown a discarded document, usually mail. They can also get people’s information form the Internet. Identity theft is typically grouped into two subcategories. One is true name identity theft and that is when the thief uses another person’s information to open new accounts. The other kind is account takeover, which is when the thief uses someone else’s personal information to gain access to their existing accounts. [6] There are different techniques such as skimming and social engineering. Skimming is when the thief uses a device that reads and stores credit and debit card numbers and stores them for later retrieval by the thief. Social engineering is when you pretend to work at a bank and ask people for their information. [7]

Phishing[edit]

Twitter logo.svg

Phishing is when a thief sends out an e-mail that looks like it is from a legitimate site and then they steal your information. They are typically sent to a large group of people and they include an urgent message. It usually says that they need to update their banking information or something to that affect. Phishing attempts can occur anywhere, including Twitter, MySpace, or e-bay. [8] Something that is becoming more targeted is spear phishing. Spear phishing is e-mails are personalized. It is often targeted to social media sites because it is easier to find personal information on people. [9]


Online Fraud

Pharming, Drive-by Pharming, and Online Auction Fraud[edit]

Many people today are victims of identity theft. Another type of fraud or scam is called Pharming. Pharming is usually a fraudulent domain name intended to redirect a website’s traffic to another “trick” website. Pharming can be conducted either by changing the hosts file on a victim’s computer, or by the exploitation of a vulnerability in DNS server software. [10] Sometimes this happens via email. The hacker gets ahold of the user’s email address and sends the code or website to the specific user. Once the user receives and opens the email, the hacker can receive the user’s information. Pharming usually happens most often with DNS servers at a company with a common and well-known Web site. The hacker can change IP addresses intended for the company URL. Then the company URL is routed to the “poisoned” URL, which then takes over the Web server. This method of pharming is useful to the hacker because the “poisoned” Web site is usually made to look exactly like the company Web site. Once the user logs in, the hacker captures the username and password for the first time. The user receives a login message error and is then returned to the original company Web site. Drive-by Pharming is a little more recent. This method is used by logging into the user’s personal routers by using a common password that a script within a website can run. When it is accessed, the information on the router can be modified to suite the hacker. [11] Online auction fraud happens when a payment online goes to the seller, but the item is never delivered. For instance, if a buyer wants to make a bid online and buy tickets to a show or a concert, the buyer pays the seller for the tickets, and the seller never sends them. Many people are scammed each year and need to be careful with who they are trusting over the Internet.

Protecting Against Online Theft and Fraud[edit]

Protecting Against Identity Theft[edit]

The key to internet safety is always being self aware.

Just as the Internet is always evolving for good, there are also constantly scheming e-criminals hoping to take advantage of those who aren't careful with their online identities. Identity Theft is one of the scariest things that can happen to a person, especially if they don't have a strong friend or family base to help convince the proper authorities of their true identity. There is no one universal way to protect yourself from identity theft; instead, there are a number of steps you should take to keep yourself fully protected. The first thing you can do is be responsible with your bank accounts and credit cards. If you're checking your balance every day, you will be quick to see if there are any suspicious discrepancies occurring.[12] The next important step to protect against identity theft seems simple but can be easily overlooked: do not give out your personal information on the internet. This includes phone numbers, addresses, or anything else that hackers could potentially trace back to something you hold valuable. One of the final ways you can protect yourself from identity theft is being wary of your mail. It is very easy for an e-criminal to send you a destructive link in an email that looks like it came from one of your friends, where one small click will lead you into a world of pain. Just follow these few rules and you will be doing fine online.

The Safety of Using PayPal[edit]

Credit-cards

Internet users have to be very cautious of the information they put on the internet. PayPal seems to be a popular e-commerce business that many people use and willing give their private information to. Is this payment processor to be trusted? PayPal makes the lives of everyday internet consumers much easier. Its secure server stores your credit card information so payment over the internet is more efficient. Not much effort has to be put in by the individuals that use this payment processor. Other accounts require a vast amount of paper work to be signed beforehand. [13]One drawback to using PayPal is that there is a long list of rules the users must abide by, and if a user breaks any of these rules their money could be locked for up to six months while under investigation. An interesting feature that was added to PayPal in 2006 was an additional security option. Instead of only entering a login id and password, PayPal users can choose to type a six-digit number code in as well. This lowers the risk of malware bots trying to hack into the account. The only bad part is that there is a fee associated with this added security measure. Users might be discouraged to protect their accounts because of this additional fee. They should still take caution when it comes to entering personal information into PayPal.

Personal Safety[edit]

Only starts with one message

Cyber-bullying[edit]

This is a new way of bullying especially for the amount of social networks and how it has influenced our society today. Unfortunately, it happens 24 hours of the day and anything can be posted or distributed anonymously in which it could be difficult to track where the bullying is coming from. And as everyone is informed these days, once something is on the internet, there is no way to permanently delete the comment after it has been sent. It happens when individuals are bullied through electronic technology. For example, you can cyber bully over text message, emails, rumors send through any type of social networks. There’s no way to prevent an individual from making a comment that could be known as the start of cyber bullying, but simply ignoring or reporting the comment to either a parent, friend or any type of guidance person could benefit you most in not having the bullying continue. To elaborate, you can simply block the individual that had started the commenting and keep any type of evidence of the bullying for future documents in case it gets worse. A last important note is to recognize the signs of attitudes if a student were to be cyber bullied; some reactions are abusing drugs and alcohol, skip school, receive poor grades and have lower self-esteem.[14]

Online Pornography[edit]

Protecting the Children

Along with the lifespan and constant evolution of the Internet came the controversial issue of online pornography. Though pornography has unfortunately been around on paper for centuries, electronic access has made it much easier, quicker, and more convenient for any individual to get ahold of it at any given time. With this online access comes a much bigger and more controversial issue. It has introduced people, especially children, to new and substantial safety issues. Though child pornography is banned and illegal, there is a considerable amount of it being circulated and passed throughout the Internet. With the link that has been made between this horrible content and child molestation, it is reasonable to be concerned about the spike that this will bring. Not only does it encourage sick people to do horrible things, but the computer also gives them an outlet to meet and dishonestly introduce themselves to children. It is unfortunate that today we have to be concerned about what could come from our children talking to people on the Internet; however, it is important that we voice these risks and make sure that parents take every precaution possible to keep their children from ever experiencing these horrific possibilities. [15]

Protecting Against Cyberbullying, Cyberstalking, and Other Personal Safety Concerns[edit]

Safety Tips for Adults[edit]

Be careful what you send

While it may seem unnecessary to state, the Internet is accessed by not only those with good intentions but also those who can pose a threat in a variety of ways. It is important to be aware of this fact because it is quite easy to forget how vast of an entity the Internet is and countless masses who use it daily. This makes for the task of safeguarding information from those who mean harm an important responsibility. Some of the ways one can prevent cyberbullying, cyberstalking and other issues are by using names that are gender-neutral. This hides the identity of the user, and this is important for female users because unfortunately they are more likely to be targets compared to male users.[16] Also, one should not give phone numbers, addresses and other personal information to strangers for obvious reasons.

Safety Tips for Children and Teens[edit]

Monitoring how children and teenagers use the Internet through the computer, smartphone, game console, etc. is the most important step in protecting them. It is recommended to place certain restrictions on how they use the Internet so that they do not access certain sites that might make them more susceptible to dangerous individuals or certain sites (e.g. adult sites). It is also important for older teens to understand the potential ramifications, including not only personal but also legal issues, that can arise from sending explicit messages or pictures via text messaging.



Review[edit]

Important Terms[edit]

antivirus software [1]: Software used to detect and eliminate computer viruses and other types of malware.

biometric access system: An access control system that uses one unique physical characteristic of an individual (such as a fingerprint, face, or voice) to authenticate that individual.

bot: A computer that is controlled by a hacker or other computer criminal.

botnet: A group of bots that are controlled by one individual.

computer crime: Any illegal act involving a computer.

computer sabotage: An act of malicious destruction to a computer or computer resource.

computer virus: A software program installed without the user’s knowledge and designed to alter the way a computer operates or to cause harm to the computer system.

computer worm: A malicious program designed to spread rapidly to a large number of computers by sending copies of itself to other computers.

cyberbullying: Children or teenagers bullying other children or teenagers via the Internet.

cyberstalking: Repeated threats or harassing behavior between adults carried out via e-mail or another Internet communications method. denial of service (DoS) attack: An act of sabotage that attempts to flood a network server or a Web server with so much activity that it is unable to function.

digital certificate: A group of electronic data that can be used to verify the identity of a person or organization; includes a key pair that can be used for encryption and digital signatures.

digital signature: A unique digital code that can be attached to a file or an e-mail message to verify the identity of the sender and guarantee the file or message has not been changed since it was signed.

dot con: A fraud or scam carried out through the Internet.

encryption: A method of scrambling the contents of an e-mail message or a file to make it unreadable if an unauthorized user intercepts it.

firewall: A collection of hardware and/or software intended to protect a computer or computer network from unauthorized access.

hacking: Using a computer to break into another computer system.

identity theft: Using someone else’s identity to purchase goods or services, obtain new credit cards or bank loans, or otherwise illegally masquerade as that individual.

malware: Any type of malicious software.

online auction fraud: When an item purchased through an online auction is never delivered after payment, or the item is not as specified by the seller.

password: A secret combination of characters used to gain access to a computer, computer network, or other resource.

pharming: The use of spoofed domain names to obtain personal information in order to use that information in fraudulent activities.

phishing: The use of spoofed e-mail messages to gain credit card numbers and other personal data to be used for fraudulent purposes.

possessed knowledge access system: An access control system that uses information only the individual should know to identify that individual.

possessed object access system: An access control system that uses a physical object an individual has in his or her possession to identify that individual.

private key encryption: A type of encryption that uses a single key to encrypt and decrypt the file or message.

public key encryption: A type of encryption that uses key pairs to encrypt and decrypt the file or message.

secure Web page: A Web page that uses encryption to protect information transmitted via that Web page.

security software: Software, typically a suite of programs, used to protect your computer against a variety of threats.

spear phishing: A personalized phishing scheme targeted at an individual. Trojan horse: A malicious program that masquerades as something else. two-factor authentication: Using two different methods to authenticate a user. unauthorized access: Gaining access to a computer, network, file, or other resource without permission.

unauthorized use": Using a computer resource for unapproved activities.

virtual private network (VPN): A private, secure path over the Internet that provides authorized users a secure means of accessing a private network via the Internet.

war driving: Driving around an area with a Wi-Fi-enabled computer or mobile device to find a Wi-Fi network to access and use without authorization. Wi-Fi piggybacking: Accessing an unsecured Wi-Fi network from your current location without authorization.

Questions[edit]

1. Which of the following is an example of something used to gain access to a possessed object access system? [2]

a. password

b. smartcard

c. username

d. pin

2. The most common type of possessed knowledge, comprising secret words or character combinations associated with an individual, are:

a. security keys

b. passcodes

c. usernames

d. passwords

Fill in the blanks:

3. Driving around looking for a Wi-Fi network to access is referred to as ________.

4. _______ access control systems use some type of unique physical characteristic of a person to authenticate that individual.

5. A(n) ____________ can be used at a Wi-Fi hotspot to create a secure path over the Internet.

6. A(n)____________ can be added to a file or an e-mail message to verify the identity of the sender and guarantee the file or message has not been changed.

True or false?

7. A computer virus can only be transferred to another computer via a storage medium.

8. An access control system that uses passwords is a possessed knowledge access system.

9. Using a password that is two characters long is an example of two-factor authentication. Answer

10. Secure Web pages use encryption to securely transfer data sent via those pages.

Answers[edit]

[3]

1. b

2.d

3. war driving

4. Biometric

5. virtual private network or VPN

6. digital signature

7. F

8. T

9. F

10.T