Teknologi Maklumat dalam

Pendidikan

(BBD 10803)

TOPIC 9:
Computer Security, Ethic and Privacy
 Topics to be covered

 9.1 Computer security risk

 9.2 Internet and network attack
 9.3 Unauthorized access and used
 9.4 Hardware, software and information theft and
vandalism
 9.5 Information privacy
 9.6 Ethics and society
 9.7 Computer and health
 9.8 Green computing
 Learning Outcomes

 At the end of this topic, students should be able to:

 1. define computer security risk

 2. define the internet and network attack

 3. state the unauthorized access and used

 4. identify hardware, software and information theft and

vandalism
 5. discuss the information privacy

 6. identify the ethics and society

 7. discuss briefly about computer and health

 8. explain about green computing

 9.1 Computer security risk

 INTERNET is vital in todays life – Virtual world vs

Real World
 Generally, everyone can own computers and gain
access to Internet remotely – schools, universities,
rural folks, children learned how to use computers
and browse the Internet.
Common Forms of Digital Security Breaches:

 Identity Theft
 Phishing e-mails
 Hacker & Crackers
 Cyber stalking
 Cyber bully
 Internet Predator and Pornography
 Identity Theft

 The use of someone’s personal information without their

permission. -
They use the information they find on the site to pretend to be someone
they're not and coax other information out of you
 Damages not limited to just financial problems, it can leave a
person feeling violated , can cause emotional struggles, damage
your name and result in illegal activities being associated with you.
- In some instances, it can even take several years to completely clear up and
have all illegal transactions cleared from your credit report.
 How does it happens?

 How to avoid being a victim?

 Phishing e-mail
 SPAM emails? - randomly sent email purporting to come from an
organisation or individual and claim to contain urgent news, confirmation of a
non-existent order, which charges will be made to a credit card, or indeed any
excuse to encourage the recipient to click on a link and visit a fake web site.
 Why? - to get as much personal information from a user as
possible. This includes login information, date of birth, and
other identifiable information that can help Cyberstalkers open
up bogus accounts under your name or steal from your existing
ones.
 Effect? Visiting to this web site with an unprotected computer and web
browser allows the attacker to run spyware on your PC. Should this happen, the
attacker can gain full remote access to your PC, which then allows them to steal
usernames, passwords, other personal information and to control the computer
for other purposes such as sending more spam emails and installing other
spyware.
 Hacker and Cracker

 Somebody can access to your private connection -

LAN/wireless/broadband – not using WEP key or you allow guest to access your
network – view all files, password, bank account, PIN no, Documents and etc.

 Effect?
 Can fully access and doing whatever he want inside your connection.
 Steal your information as email login, online banking login
 Steal your money and will impersonate as you
 Disgruntled employees stealing customer and supplier information to
use it for personal or sell it.
 Important data will lost forever.
 Malware and Spyware

 Any technology that aids in gathering information about a

person or organization without their knowledge – non authorised

 Sometimes occasionally installed just by visiting a Web site -

drive-by download
 Effect? - ability to control keystrokes, scan files on the hard drive, snoop
other applications, such as chat programs or word processors, install
other spyware programs, read cookies, change the default home page
on the Web browser, consistently relaying this information back to the
spyware author who will either use it for marketing purposes or sell the
information to another party.
Sample website suspected contains spyware
 This is not real
CIMB Bank website
address
9.2 Internet and network attack
 9.2 Internet and network attack

Definition of internet or network attack

 An internet or network attack is when someone accesses
another person’s computer via the internet or their network to
gain information for their own personal agenda or just to
destroy their data.

 Information that is transmitted over networks has a higher

degree of security risk than information kept on an
organization’s or home premises.

 Network administrators are the ones who take measures to

protect a network from security risks, and on the internet,
because of the lack of a central administrator, the security risk
is even higher.
 9.2 Internet and network attack (cont)

How it may happen

 Within an organization or at home also, unmonitored network

devices are targeted by the attackers as the primary source of
information leakage and breach.
 If your organizational network is not secure, the risk factor
increases by multi-folds as every email message, user logon,
web page request, and every transmittable file is handled by a
network device.
 Under some setups, network devices also handle telephone
service and voice messaging.
 It becomes very risky once the attacker is able of owning your
network devices, as it allows them owning your entire
network.
 9.2 Internet and network attack (cont)

Types of attack

 Spoofing
 Hijacking
 Trojans
 DoS and DDoS
 Sniffing
 Mapping
 Social engineering
 Viruses
 Worms
 Rootkits
 Botnets
 Denial of service attacks
9.2 Internet and network attack (cont)
 9.2 Internet and network attack (cont)

Hijacking (man-in-the-middle attack)

Trojans
 These are malicious programs that
seem like legitimate software, but
actually they when launched, they
perform unintended or malicious
activities behind the scenes.
 Most of the remote control
spyware programs are of this type.
A Trojan program file will look,
operate, and appear to be the same
size as the compromised system
file.
 To avoid the effects of such attacks,
early use of a cryptographic
checksum or binary digital
signature procedure is the only
protection.
 9.2 Internet and network attack (cont)

Sniffing
Denial-of-Service attack (DoS) and Distributed-Denial-of-Service
(DDoS)

A Dos attack can be executed in a number of ways, but its three basic types of
attacks are:
 Consumption of computational resources, such as disk space, CPU time,
and band width.
 Disruption of configuration details, such as routing information.
 Disruption of physical network components.

DoS attack may bring the following consequences:

 Slow network performance.
 Unavailability of a particular web site.
 Inability to access a particular web site.
 Dramatic increase of spam in your account.
Social engineering
 9.3 Unauthorized access and used

Unauthorized access
 use of a computer or network without permission.
 by connecting to it and then logging in as a
legitimate user.
 do not cause damages.
 merely access the data, valuable information or
programs in the computer.
 9.3 Unauthorized access and used (cont.)

Unauthorized used
 Use of a computer or its data for unapproved or
illegal activities.
 Ex: gaining access to a bank computer and
performing an unauthorized bank transfer etc.
Stolen IT equipment and improper way to
dispose old equipment.

 Stolen of laptop, external hard disk, thumb drive, hand phone – no

of worldwide cases?
 Old equipment still contained important information – how to
dispose them? - Even if you think all of your files are erased there are still ways
for criminals to restore the data
 Protection from security breaches & attacks

1. Self Awareness
 Online Banking: You should only access your accounts from a safe location
where no stranger can either watch you or use the same computer. Internet cafes
and public libraries are not suitable places to use sensitive information, and even
using your work computer isn't advisable. Only do online banking in the security
of your own home if at all possible.
 Identity Theft: Never give out your private personal information online or on
the phone without knowing for certain that you are indeed dealing with a
legitimate business that needs this information.
 Safely destroy any financial documents or transaction receipts you don't need to
keep anymore. Incineration or a cross cut paper shredder should do the trick.
 Phishing: If you get an email asking you to confirm your bank details, ignore it.
It will 100% certain be a fake, as no bank will ask for details via email, and could
be used to illegally access your account. If you get fooled into handing over your
details, you should contact your bank immediately so that your account can be
changed before any fraudsters can gain access.
 When using the Internet, and as things change all the time, keeping up to date is
very important.
 Protection from security breaches & attacks

2. Technology
 Firewall: It will not only protect you from outsiders trying to get in, but also tell
you each program on your system that's trying to get out
 Antivirus: To make sure that if you slip up, it will be there to catch any nasty worm
trying to infect you
 Antispyware: It works on programs that don't try to take over your system, but
instead pop up ads and unwanted messages’
 Parental Control: . It is good for filtering out websites, blogs, e-mails and instant
messages that might contain inappropriate wording
 Regular Updates: Keep your software up to date, and use secure software
 Browser: Turn off scripting, popups and ads in browser to block unwanted and
possibly armful scripts
 Backup: If you regularly make backup copies of your files and keep them in a
separate place, you can get some, if not all, of your information back in the event
something happens to the originals on your computer
 Protection from security breaches & attacks

3.1 Implement policy

 Good Password Practice:
 Use strong password. At least 8 characters. Combination of letters, numbers and special
characters.
 Hard to guess by avoid the obvious words like “qwerty”, “password” and
“123456” and avoid use personal information like your name, birthday, IC no.
 Changed periodically by force password change on first login and establish a maximum
password lifetime. it will minimize the risk of unauthorized access.
 Kept it secret. be VERY careful where it’s stored and don’t tell anyone else your password.
And the most important thing is, you can remembered it:
 Embedding special characters like “P@sswOrd”.
 Use the first letters of a common phrase and throw in some special characters and numbers
like “Hope for the best, plan for the worst” to “H4tb,p4tw”.
 Protection from security breaches & attacks

3.2 Implement policy on shared resources

 A shared resource or network share is a device or piece of information on a
computer that can be remotely accessed from another computer via a local area
network or Intranet. It can be a file access, printer, scanner or etc.
i. Best Practice:
 Limit user access to sensitive areas of the network, so users can only access
specified areas as required by their job.
 Ensure users have the correct hardware, resources and software in place to protect
them against data breaches.
 Educating users on organisation security policies and precautions, so they are
aware of how data breaches can happen and the implications
 Ensuring users log off their accounts, turn of computers and don’t share passwords
with others to prevent people accessing data.
 Plan backup and recovery strategy to ensure organisation functioning well.
 Ask user to report immediately to network admin if they see something weird on
your pc.
 9.4 Hardware, software and information theft
and vandalism

Hardware theft
 is the act of stealing computer equipment.
 Companies, schools, and other organizations that
have many computers are at risk of hardware theft

Hardware vandalism
 is the act of defacing or destroying computer
equipment.

Safegurds against Hardware Theft and

Vandalism
 physical access controls, such as locked doors and
windows
 install alarm systems in their buildings
 physical security devices such as cables that lock the
equipment to a desk.
 9.4 Hardware, software and information theft
and vandalism (cont)

Software theft
 act of stealing or illegally copying software or
intentionally erasing program.
 Software piracy is illegal duplication of copyrighted
software
 Software theft occurs when someone:
- Steals software media
- Intentionally erases programs
- Illegally copies a program
- Illegally registers and/or activates a program.
 9.4 Hardware, software and information theft
and vandalism (cont)

Protection against software theft

 to protect software media from being stolen, owners
should keep original software boxes and media in a
secure location, out of sight of prying eyes.

 All computer users should back up their files and

disks regularly.To protect themselves from software
piracy, software manufacturers issue users license
agreements.
 9.4 Hardware, software and information theft
and vandalism (cont.)

What is license agreement?

 Right to use software
 single-user license agreement allows user to install
software on one computer, make backup copy, and sell
software after removing from computer

What are some other safeguards against software

theft?
 Product activation allows user to input product
identification number online or by phone and receive
unique installation identification number
 9.4 Hardware, software and information theft
and vandalism (cont.)

Information Theft
 Information theft occurs when
someone steals personal or
confidential information.

 If stolen, the loss of information can

cause as much damage as (if not more
than) hardware or software theft.
Safeguards against Information Theft
 Protecting information on computers located on an organization’s premises.

 To protect information on the internet and networks, organizations and

individuals use a variety of encryption techniques.

 Encryption is a process of converting readable data into unreadable characters

to prevent unauthorized access.
 9.5 Information privacy

 the privacy of personal information and usually

relates to personal data stored on computer systems
 The need to maintain information privacy is
applicable to collected personal information, such as
medical records, financial data, criminal records,
political records, business related information or
website data.
 also known as data privacy
 considered an important aspect of information
sharing. With the advancement of the digital age,
personal information vulnerabilities have increased
 Information privacy relates to different data
types:

 Internet privacy (online privacy): All personal data

shared over the Internet is subject to privacy issues. Most
websites publish a privacy policy that details the
website's intended use of collected online and/or offline
collected data.
 Financial privacy: Financial information is particularly
sensitive, as it may easily used to commit online and/or
offline fraud.
 Medical privacy: All medical records are subject to
stringent laws that address user access privileges. By law,
security and authentication systems are often required
for individuals that process and store medical records.
 Why information privacy important?

 There are two reasons

 helps individuals maintain their autonomy and individuality.
 People define themselves by exercising power over information about
themselves and a free country does not ask people to answer for the
choices they make about what information is shared and what is held
close. At the same time, this does not mean that public policy should
shield people from the costs of their choices.
 its functional benefits
 This area has been especially slippery for policy-makers because they
have often use the term "privacy" to refer to one or more of privacy's
benefits.
 For example, anonymity and pseudonymity protect the privacy of
people's identities, which has the functional benefit that someone may
speak at a political rally — or go to a bar — and not have to answer
later to political opponents or unwanted suitors. Anonymity and
pseudonymity lend to both privacy and these safeguards for safety
and peace of mind.
 9.6 Ethics and society

 Little progress due to no "coherent concept of the subject"

 Computer ethics should focus on the actions that lie within the
"control of individual moral computer professionals"
 Not Unique
 Computer ethics as rules and judgments professionals make within
specific contexts
 Ethical rules and judgments are "applied in a computer context
based on professional standards and a concern for the
user of the computing product”
 Two spheres:
- ethical problems that can be reasoned by "analogy with other
traditional ethical problems"
- ethics for computing professionals
 Welfare of the user - service industry
 No organization to control membership or sanction violations

Donald Gotterbarn, 1971

 Ethics in society

 Society
 An association of people organized under a system of rules
designed to advance the good of its members over time
 Morality
 Rules of conduct describing what people ought and ought not
to do
 Ethics
 Philosophical study of morality, a rational examination into
people’s moral belief’s and behavior
 Differences between ethics and law
Ethics Law
Guidelines - as a guidelines to computer Control - as a rule to control computer
users users.
Moral standards - ethical behaviour is Judicial Standards - law is judge by
judge by moral standards judicial standards.
Free to follow - computer users are free Must follow - computers user must
to follow or ignore the code ethics. follow the regulations and law.
No punishments - no punishment for Penalties, imprisonments and other
anyone who violates ethics. punishments - penalties,
imprisonments and other punishments
for those who break the law.
Universals - Universals can be applied Depends on country - depends on
anywhere, all over the world. country and state where the crime is
committed
Produce ethical computer users - to Prevent misusing of computers - to
produce ethical computer users. prevent misuse of computers
Immoral - not honouring computer Crime - not honouring the law means
ethics means ignoring the moral committing a crime.
elements (immoral)
 AUP – Acceptable Use Policy

 An acceptable use policy is a set of rules applied

by owner or manager of a network, website or large
computer systems that restrict the ways in which the
site or network may be used
 Written for corporations, businesses, universities,
schools, ISP and website owners to protect against
legal action by users and to enable some
enforcement.
 Once we have a policy, it starts to make everyone
Accountable!
 What is AUP

 Statement of Philosophy
 Uses and advantages of the service and facility
 Code of conduct
 Consequences of violating
 issue warnings: written or verbal
 suspend the Member's newsgroup posting privileges
 suspend the Member's account
 terminate the Member's account
 bill the Member for administrative costs and/or reactivation charges
 bring legal action to enjoin violations and/or to collect damages, if
any, caused by violations.
 Consent Letters
 Disclaimers
Examples of AUP.. USAF
 Case Study 1

Whatever you do online is most likely traceable! – Digital

Footprint
 Case Study 2

No AUPs makes it difficult to enforce action against indiscipline

 Fair Use

 Fair use is a doctrine in US Copyright Law

that allows limited use of copyrighted
material without requiring permission
from the rights holders, such as for
commentary, criticism, news reporting,
research, teaching or scholarship
 Common misunderstanding

 Any use that seems fair is fair use.

 Fair use interpretations, once made, are static forever.
 If it's not fair use, it's copyright infringement
 It's copyrighted, so it can't be fair use
 Acknowledgment of the source makes a use fair
 Noncommercial use is invariably fair
 Strict adherence to fair use protects you from being sued
 The lack of a copyright notice means the work is public
domain
 It's okay to quote up to 300 words.
 You can deny fair use by including a disclaimer
 If you're selling for profit, it's not fair use
 Fair use criteria

1. The purpose and character of the use – commercial

nature or for nonprofit educational purposes
2. The nature of the copyrighted work
3. The amount and substantiality of the portion used
4. The effect of the use on potential market or value
of, the copyrighted work
Cases:
http://www.chillingeffects.org/fairuse/
http://www.copyright.gov/help/faq/faq-fairuse.html
http://fsnews.findlaw.com/cases/6th/04a0297p.html
 Copyrights

 Copyright is the set of exclusive rights granted to the

author or creator of an original work, including the right
to copy, distribute and adapt the work.
 Lasts for a certain time period after which the work is
said to enter the public domain.
 Applies to a wide range of works that are substantive and
fixed in a medium.
 Some jurisdictions also recognize "moral rights" of the
creator of a work, such as the right to be credited for the
work.
 Copyright is described under the umbrella term
intellectual property along with patents and trademarks.
 Copyright Infringement

 Also known as copyright

violation is the unauthorized or
prohibited use of works covered by
copyright law,
 violates one of the copyright
owner's exclusive rights, such as
the right to reproduce or perform
the copyrighted work, or to make
derivative works.
 For electronic and audio-visual
media, unauthorized reproduction
and distribution is also commonly
referred to as piracy
An advertisement for copyright and
patent preparation services from 1906
 Plagiarism

 The "use or close imitation of the language and

thoughts of another author and the representation
of them as one's own original work.”
 Within academia, plagiarism by students,
professors, or researchers is considered academic
dishonesty or academic fraud
 offenders are subject to academic censure, up to
and including expulsion.
 Plagiarism is not the same as copyright
infringement
 Types of plagiarism

 Online Plagiarism
 Copying and pasting
 Self Plagiarism
 Recycling
fraud
 Oxymoron or Self Contradictory
9.7 Computer and health
 9.7 Computer and health (cont)

Good things about computer

 We can find things out quickly using search engines. Do

work faster
 We can use them to write, create, keep pictures, scan
documents or photos, store our work or memories in
files, and play games.
 We can join other people online to chat or play games.
 We can read the news or watch things happening around
the world as it happens.
 We can download music, films, video clips and watch TV
programs 'on demand'.
 9.7 Computer and health (cont)

Bad things about computer

 bad posture which can lead to  muscle and joint problems,

problems with the spine, poor leading to headaches, neck or
circulation of the blood, and back pain from sitting too long
pain in muscles and joints
 eyestrain, when eyes get tired
 hand injuries, from pressing of staring at a screen leading to
buttons on a computer or blurry vision, sore eyes and
games controller headache.

 obesity, caused by sitting  losing some of your ability to

around for a long time, be creative
snacking while using the
computer or games and not
having enough physical exercise  finding it harder to talk, play
and join in with other kids.
 9.7 Computer and health (cont)

Negative side of using too much computer

 9.7 Computer and health (cont)

 Wrong posture
 9.7 Computer and health (cont)

 Correct posture
 9.7 Computer and health (cont)

Tips using computer

 Set up your computer so that you can see
the screen without tilting your head up or
down.
 Have the keyboard at the same level as
your elbows.
 Have your feet flat on the floor or a
footrest.
 Use your arm not just your wrist when
you move the mouse.
 Drop your hands to your lap when you
are not typing to give your arms a rest.
 Look away from the screen to focus on
something further away to give your eyes
a rest.
 9.7 Computer and health (cont)

Get active!

• Limit your time on the computer by

having 'walk around' breaks.
• Don't eat while you are using a
computer.
• Get out and be active.
• If you use a laptop make sure you carry
it in a backpack or wheel around bag to
protect yourself from back injury.
• Don't play games before bedtime as you
may have trouble getting a good sleep.
9.8 Green computing
 9.8 Green computing

Definition - What does Green Computing mean?

 Green computing is the environmentally responsible and

eco-friendly use of computers and their resources.

 It is also defined as the study of designing, engineering,

manufacturing, using and disposing of computing devices
in a way that reduces their environmental impact.
 9.8 Green computing (cont)

 Many IT manufacturers and vendors are continuously

investing in designing energy-efficient computing devices,
reducing the use of dangerous materials and encouraging
the recyclability of digital devices.

 Green computing practices came into prominence in 1992,

when the Environmental Protection Agency (EPA)
launched the Energy Star program.

 Green computing is also known as green information

technology (green IT).
 9.8 Green computing (cont)

The goal of green computing

 The goals of green computing are similar to green

chemistry: reduce the use of hazardous materials,
maximize energy efficiency during the product's lifetime,
the recyclability or biodegradability of defunct products
and factory waste.

 Green computing is important for all classes of systems,

ranging from handheld systems to large-scale data centers.
 9.8 Green computing (cont)

 Green computing aims to attain economic viability

and improve the way computing devices are used.

 Green IT practices include the development of

environmentally sustainable production practices,
energy-efficient computers and improved disposal
and recycling procedures
 9.8 Green computing (cont)

Approaches to promote Green computing

 Green use: Minimizing the electricity consumption of
computers and their peripheral devices and using them in an
eco-friendly manner

 Green disposal: Repurposing existing equipment or

appropriately disposing of, or recycling, unwanted electronic
equipment

 Green design: Designing energy-efficient computers, servers,

printers, projectors and other digital devices

 Green manufacturing: Minimizing waste during the

manufacturing of computers and other subsystems to reduce the
environmental impact of these activities
 9.8 Green computing (cont)

What is e-waste and what

effect does it have on the
environment?

• E-waste is any electronic

device that is not longer useful
to the owner. E-waste can be
laptops, computers,
televisions, copy machines,
etc.

• Many people do not realize

that e-waste can be recycled,
but instead throw their
electronic devices in landfills
where they can harm the
environment and even human
life.
 9.8 Green computing (cont)

Energy Star

 ENERGY STAR, started in 1922, is a program run

in joint by the Environmental Protection Agency
(EPA) and the US Department of Energy.

 The goal of this program was fairly simple: to

identify and promote energy-efficient products.

 A consumer can think of buying and using a

product with the Energy Star label as participating
in Green Computing because a product can only
receive the esteemed energy star label if they meet
the standards of the EPA and the US Department
of Energy.
 9.8 Green computing (cont)

Green Computing Statistics

 $11.5 billion dollars was the cost of the energy bill for
data centers in the U.S. for 2010.
 Energy consumption per server increased 9%
 2 out of 18 PC manufacturers obtain a reasonable green
rating
 The average desktop computer wastes over half of the
power delivered to it

Shut Down and Switch off your Desktop

Computers! 8W of electricity an hour is wasted when you
just power off your desktop computer
 9.8 Green computing (cont)

How to be “green” while computing

 Look for electronic devices with the “energy star”

label. Those devices only waste a maximum of
20% of energy.

 Reduce the brightness of the monitor. This

wastes less energy

 Go to the control panel and turn your device on

the “power save” mode.

 Print double sided pages and print less. This

wastes less paper. Buy recycled printer paper as
often as you can.

 Recycle your printer cartridges

 Recycle your old laptops and desktop computers,

don’t throw them away!