Security

Security

•      Computer stored information must be kept secured.

•      Safeguarding the system against natural disaster, fire, accidents, vandalism, theft or destruction of data, industrial espionage and hackers.

•      Hackers refer to persons who gain access to computer system illegally.

•      Computer professionals hired to illicitly gain entry into a system

•     Reveal weak points

•     Protect the points

•     May not alert its own employees of the testing

•      Tiger teams

•      Intrusion tester

•      White hat hackers

Computer Crime

Stealing and using or selling of data:

Company data

Personal information in company files

Computer Crime
Security and Privacy

Keep data secure

•       Destruction

•       Accidental damage

•       Theft

•       Espionage

Keep data private

•      Salaries

•      Medical information

•      Social security numbers

•      Bank balances

Computer Crime : Then and now

•      Computer crime once was restricted between unauthorized copy of software and data destruction. Now, it varies in nature:-

–      Credit card fraud

–      Data communication fraud

–      Unauthorized access to computer files

–      Unlawful copying of copyrighted software

Computer Crime
Frequently Reported Crimes

•      Credit-card fraud

•     Numbers captured and used fraudulently

•      Data communications fraud

•     Piggyback on someone else’s network

•     Office network for personal purposes

•     Computer-directed diversion of funds

•      Unauthorized access to computer files

•     Accessing confidential employee records

•     Theft of trade secrets and product pricing

•      Unlawful copying of copyrighted software

•     Casual sharing of copyrighted software

•     Assembly-line copying

Computer Crimes

•      Bomb

•     Program to trigger damage

•     Scheduled to run at a later date

•     May be found in software for general public, especially shareware

•      Data diddling

•     Changing data before or as it enters the system

•      Denial of service attack (DOS)

•     Hackers bombard a site with more request for service than it can possible handle

•     Prevents legitimate users from accessing the site

•     Appearance of requests coming from many different sites simultaneously

Computer Crimes

•      Piggybacking

•     Original user does not sign off properly

•     Intruder gains accesses to files via the original user id

•      Salami technique

•     Embezzlement

•      Scavenging

•     Search garbage and recycling bins for personal information

Computer Crimes

•       Trapdoor

•      Illicit program left within a completed legitimate program

•      Permits unauthorized and unknown entry to the program

•       Trojan horse

•      Illegal instructions placed inside a legitimate program

•      Program does something useful and destructive at the same time

•       Zapping

•      Software to bypass security systems

Computer Crime
Discovery and Prosecution

Computer Forensics

Uncovering computer-stored information suitable for legal use

Security
Identification and Access

•      Provide access to authorized individuals only

•      Uses one of more of the following systems

•     What you have

•     What you know

•     What you do

•     What you are

Security
Identification and Access

What You Have

•      Key

•      Badge

•      Token

•      Plastic card – magnetized strip

•      Active badge – signals wearer’s location using infrared signals

Security
Identification and Access

What You Know

•      Password

•      Identification number

•      Combination

Security
Identification and Access

What You Do

•      Verify signature – software verifies scanned and online signatures

Security
Identification and Access

What You Are

•      Biometrics – science of measuring individual body characteristics

•      Fingerprints

•      Voice pattern

•      Retina of the eye

•      Entire face

When disaster strikes

•      Hardware and peripheral equipment – Replacement cost is not important but diminishing data processing is critical. The ability to continue processing data is of premier importance.

•      Loss of data- High cost needs to be incurred to reassemble lost data.

Disaster Recovery plan

•      Method of restoring processing operation and data files if operations are halted or files are damaged by major destruction. They can do it in different ways :-

–       Manual services

–       Take service from companies

–       Two or more companies agree to lend each other computing power if disaster strikes.

–       Can form consortium, a joint venture to support a complete computer facility.

–       It is only used in the event of a disaster.

Disaster Recovery plan

•      Hot site- Fully equipped computer site with hardware, security and communication facility.

•      Cold site- Environment friendly empty cell in which a company can install its own computer system.

•      Everything except the hardware is stored in the safe place. It should be several miles away to minimize the impact of local physical forces.

Disaster Recovery Plan
Advance Arrangements

Everything except hardware safely stored in geographically distant locations

•     Program and data files

•     Program listings

•     Program and operating systems documentation

•     Hardware inventory lists

•     Output forms

•     Copy of the disaster plan manual

Data security

•      Secured waste: Destroying printout, printing ribbons by the use of shredders or locked trash beans.

•      Internal control: Controls that are planned as part of the computer system. Transaction log

•      Applicant screening- Sort out the dishonest applicant.

•      Password- Breaking the password is the most prevalent method of illicit entry into the computer system.

•      Built-in-software protection – User profile- Information about the users is kept alongwith the files to which he/she has entry.

Backup
Why Backup?

“If you are not backing up your files regularly, you deserve to lose them.”

Average user experiences loss once a year

Backup

•      You may accidentally delete some data

•      Your hard drive is not functioning making files inaccessible

•      Natural calamities may strike

•      Incorrect use of software

•      Virus infections

Security
Software Security

Ownership

•      Company if programmer is employee

•      Contractual agreement if the programmer is not an employee

•      Software can be copyrighted

Worm and Virus

•      A worm is a program that transfer itself from computer to computer over a network, planting itself as a separate file on the target computer.

•      A virus is a set of illicit instructions that passes itself on to other programs with which it comes into contact.

•      Antivirus is a program that stops the spread of virus and eradicates it.

•      A retro virus can fight back and delete antivirus software.

Antivirus Programs

•      McAfee VirusScan

•      Virex

•      Dr. Solomon’s Anti-Virus

•      Pc-cillin

•      Norton AntiVirus

Viruses

Vaccine or antivirus

•      Stops the spread of and eradicates the virus

•      Install software

•      Download signature files regularly

Privacy

•       It can affect individual as well as corporate users.

•       A business owns its computer systems and the data they contain. Businesses are entitled to restrict the use of their systems, to inspect them, and to block employees from any or all services.

Many companies routinely monitor their employees’ communications.

–       To protect trade secrets

–       To protect the distribution of libelous messages

–       To prevent the system’s users from downloading inappropriate materials i.e. copying files that are illegal, infected by virus.

–       To ensure organizational resources are not wasted or abused.

Junk e-mail

•      Cheaper than snail mail

•      Spamming

•     Sends e-mail messages to “everyone”

•     Abandons the originating site

Junk e-mail

•      Help eliminate junk e-mail

•     Do not complete a member profile with online service

•     Do not fill in registration forms unless the purveyor promises not to sell or exchange your information

•     Never respond to spamming

•      Use filter software

•      States are beginning to provide laws banning unsolicited junk e-mail

•      Spamming – Mass advertising over the internet is called spamming

•      Flaming – Enraged spam recipients sometimes respond to the spammers by flaming, sending insulting messages in return.

•      Spoofing- It enables the spammer to hide his e-mail address from the mail recipient. In spoofing the sender places a false e-mail address in the spam.

Disclaimer:

The information contains in this web-site is prepared for educational purpose. This site may be used by the students, faculties, independent learners and the learned advocates of all over the world. Researchers all over the world have the access to upload their writes up in this site. In consideration of the people’s participation in the Web Page, the individual, group, organization, business, spectator, or other, does hereby release and forever discharge the Lawyers & Jurists, and its officers, board, and employees, jointly and severally from any and all actions, causes of actions, claims and demands for, upon or by reason of any damage, loss or injury, which hereafter may be sustained by participating their work in the Web Page. This release extends and applies to, and also covers and includes, all unknown, unforeseen, unanticipated and unsuspected injuries, damages, loss and liability and the consequences thereof, as well as those now disclosed and known to exist.  The provisions of any state’s law providing substance that releases shall not extend to claims, demands, injuries, or damages which are known or unsuspected to exist at this time, to the person executing such release, are hereby expressly waived. However the Lawyers & Jurists makes no warranty expressed or implied or assumes any legal liability or responsibility for the accuracy, completeness or usefulness of any information, apparatus, product or process disclosed or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product process or service by trade name, trade mark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favouring by the Lawyers & Jurists. The views and opinions of the authors expressed in the Web site do not necessarily state or reflect those of the Lawyers & Jurists. Above all, if there is any complaint drop by any independent user to the admin for any contents of this site, the Lawyers & Jurists would remove this immediately from its site.