Documente Academic
Documente Profesional
Documente Cultură
Ethics in Information Technology, Second Edition 5 Ethics in Information Technology, Second Edition 6
Ethics in Information Technology, Second Edition 7 Ethics in Information Technology, Second Edition 8
Increased Reliance on Commercial
Increased Reliance on Commercial
Software with Known Vulnerabilities
Software with Known Vulnerabilities
(continued)
Exploit Zero-day attack
Attack on information system Takes place before a vulnerability is discovered or
Takes advantage of a particular system vulnerability fixed
Due to poor system design or implementation U.S. companies rely on commercial software with
Patch known vulnerabilities
Fix to eliminate the problem
Users are responsible for obtaining and installing
patches
Delays in installing patches expose users to security
breaches
Ethics in Information Technology, Second Edition 9 Ethics in Information Technology, Second Edition 10
Ethics in Information Technology, Second Edition 11 Ethics in Information Technology, Second Edition 12
Viruses Viruses (continued)
Pieces of programming code Does not spread itself from computer to computer
Usually disguised as something else Must be passed on to other users through
Cause unexpected and usually undesirable events Infected e-mail document attachments
Often attached to files Programs on diskettes
Deliver a payload Shared files
Macro viruses
Most common and easily created viruses
Created in an application macro language
Infect documents and templates
Ethics in Information Technology, Second Edition 13 Ethics in Information Technology, Second Edition 14
Harmful programs
Reside in active memory of a computer
Duplicate themselves
Can propagate without human intervention
Negative impact of virus or worm attack
Lost data and programs
Lost productivity
Effort for IT workers
Ethics in Information Technology, Second Edition 15 Ethics in Information Technology, Second Edition 16
Trojan Horses Denial-of-Service (DoS) Attacks
Program that a hacker secretly installs Malicious hacker takes over computers on the
Users are tricked into installing it Internet and causes them to flood a target site with
demands for data and other small tasks
Logic bomb The computers that are taken over are called
Executes under specific conditions zombies
Does not involve a break-in at the target computer
Target machine is busy responding to a stream of
automated requests
Legitimate users cannot get in
Spoofing generates a false return address on
packets
Ethics in Information Technology, Second Edition 17 Ethics in Information Technology, Second Edition 18
Ethics in Information Technology, Second Edition 19 Ethics in Information Technology, Second Edition 20
Classifying Perpetrators of Computer
Crime Hackers and Crackers
Hackers
Test limitations of systems out of intellectual curiosity
Crackers
Cracking is a form of hacking
Clearly criminal activity
Ethics in Information Technology, Second Edition 21 Ethics in Information Technology, Second Edition 22
Legal Overview:
The Check Clearing for the 21st Cyberterrorists
Century Act
Intimidate or coerce governments to advance
Requires that banks accept paper documents
political or social objectives
In lieu of original paper checks
Launch computer-based attacks
Speeds clearing of checks
Seek to cause harm
New opportunities for check fraud
Rather than gather information
Bankers dont fully realize the extent of possible
increased fraud Many experts believe terrorist groups pose only a
limited threat to information systems
Ethics in Information Technology, Second Edition 27 Ethics in Information Technology, Second Edition 28
Reducing Vulnerabilities Risk Assessment
Ethics in Information Technology, Second Edition 31 Ethics in Information Technology, Second Edition 32
Establishing a Security Policy Educating Employees, Contractors,
(continued) and Part-Time Workers
Trade-off between Educate users about the importance of security
Ease of use Motivate them to understand and follow security
Increased security policy
Areas of concern Discuss recent security incidents that affected the
E-mail attachments organization
Wireless devices Help protect information systems by:
VPN uses the Internet to relay communications but Guarding passwords
maintains privacy through security features
Not allowing others to use passwords
Additional security includes encrypting originating
and receiving network addresses Applying strict access controls to protect data
Reporting all unusual activity
Ethics in Information Technology, Second Edition 33 Ethics in Information Technology, Second Edition 34
Ethics in Information Technology, Second Edition 35 Ethics in Information Technology, Second Edition 36
Popular Firewall Software for Personal
Prevention (continued)
Computers
Antivirus software
Continually updated with the latest virus detection
information
Called definitions
Departing employees
Promptly delete computer accounts, login IDs, and
passwords
Carefully define employee roles
Create roles and user accounts
Ethics in Information Technology, Second Edition 37 Ethics in Information Technology, Second Edition 38
Ethics in Information Technology, Second Edition 41 Ethics in Information Technology, Second Edition 42
Ethics in Information Technology, Second Edition 45 Ethics in Information Technology, Second Edition 46