Assignment chapter 11 from Mr. Tri Djoko Wahjono,Ir, M.Sc

ASSINGNMENT CHAPTER 11

Chapter Review

Discovering Computer (“Living In the Digital World 2011”)

Lecture       :         Mr. Tri Djoko Wahjono,Ir, M.Sc

Student       :         Williem [1701309721]

                1.       What are Computer Security Risks, and what are the types of Cybercrime Perpetrators?

Computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability. While some breaches to computer security are accidental, many are intentional. Some intruders do no damage; they merely access data, information, or programs on the computer before logging off. Other intruders indicate some evidence of their presence either by leaving a message or by deliberately altering or damaging data.

Any illegal act involving a computer generally is referred to as a computer crime. The term cybercrime refers to online or Internet-based illegal acts. Perpetrators of cybercrime and other intrusions fall into seven basic categories: hacker, cracker, script kiddies, corporate spy, unethical employee, cyber extortionist, and cyber terrorist.

              2.       What are various Internet and Networking Attacks, and how can Users Safeguard against these attacks?

Various internet and networking attacks are: computer virus, worm, Trojan horse, and rootkit.

A computer virus is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission. A worm is a program that copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer or network. A Trojan horse (named after the Greek myth) is a program that hides within or looks like a legitimate program. A certain condition or action usually triggers the Trojan horse. Unlike a virus or worm, a Trojan horse does not replicate itself to other computers. A rootkit is a program that hides in a computer and allows someone from a remote location to take full control of the computer. Once the rootkit is installed, the rootkit author can execute programs, change settings, monitor activity, and access files on the remote computer.

To take precautions against those malware, do not start a computer with removable media in the drives or ports. Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source. Disable macros in documents that are not from a trusted source. Install an antivirus program and a personal firewall. Stay informed about any new virus alert or virus hoax. To defend against a botnet, a denial of service attack, improper use of a back door, and spoofing, users can install a firewall, install intrusion detection software, and set up a honeypot.

                3.       What are techniques to prevent Unauthorized Computer Access and Use?

Unauthorized access is the use of a computer or network without permission.

Unauthorized use is the use of a computer or its data for unapproved or illegal activities. Organizations can take measures such as implementing a written acceptable use policy (AUP),

 a firewall, intrusion detection software, an access control, and an audit trail.

Access controls include a user name and password or passphrase, a CAPTCHA, a possessed object, and a biometric device.

Organizations take several measures to help prevent unauthorized access and use. At a mini mum, they should have a written acceptable use policy (AUP) that outlines the computer activities for which the computer and network may and may not be used. An organization’s AUP should specify the acceptable use of computers by employees for personal reasons. Some organizations prohibit such use entirely. Others allow personal use on the employee’s own time such as a lunch hour.

To protect your personal computer from unauthorized intrusions, you should disable file and printer sharing on your Internet connection. Other measures that safeguard against unauthorized access and use include firewalls and intrusion detection software, which were discussed in the previous section, and identifying and authenticating users.

                  4.       What are safeguard against Hardware Theft and Vandalism?

Hardware theft and vandalism are other types of computer security risks. Hardware theft is the act of stealing computer equipment. Hardware vandalism is the act of defacing or destroying computer equipment.

To help reduce the chances of theft, companies and schools use a variety of security measures. Physical access controls, such as locked doors and windows, usually are adequate to protect the equipment. Many businesses, schools, and some homeowners install alarm systems for additional security. School computer labs and other areas with a large number of semi frequent users often attach additional physical security devices such as cables that lock the equipment to a desk, cabinet, or floor. Small locking devices also exist that require a key to access a hard disk or optical disc drive. Some businesses use a real time location system (RTLS) to track and identify the location of high-risk or high-value items.

                 5.       How do software manufacturers protect against software piracy?

To protect themselves from software piracy, software manufacturers issue users license agreements.

A license agreement is the right to use the software. That is, you do not own the software. The license agreement provides specific conditions for use of the software, which a user must accept before using the software. These terms usually are displayed when you install the software. In an attempt to prevent software piracy, Microsoft and other manufacturers have incorporated an activation process into many of their consumer products.

During the product activation, which is conducted either online or by telephone, users provide the software product’s 25-character identification number to receive an installation identification number unique to the computer on which the software is installed. Usually, the software does not function or has limited functionality until you activate it via the Internet or telephone.

                                                                           

                 6.       How does encryption work, and why it is necessary?

Encryption is a process of converting readable data into unreadable characters to prevent unauthorized access. You treat encrypted data just like any other data. That is, you can store it or send it in an e-mail message. In the encryption process, the unencrypted, readable data is called plain text. The encrypted (scrambled) data is called cipher text. An encryption algorithm, or cypher, is a set of steps that can convert readable plain text into unreadable cipher text. Encryption programs typically use more than one encryption algorithm, along with an encryption key. Encryption is used to protect information on the Internet and networks.

                 7.       What types of devices are available to protect computers from system failure?

A system failure is the prolonged malfunction of a computer. System failure also can cause loss of hardware, software, data, or information. A variety of causes can lead to system failure.

A common cause of system failure is an electrical power variation such as noise, an under voltage, or an over voltage.

To protect against electrical power variations, use a surge protector. A surge protector, also called a surge suppressor, uses special electrical components to smooth out minor noise, provide a stable current flow, and keep an over voltage from reaching the computer and other electronic equipment. For additional electrical protection, some users connect an uninterrupted power supply to the computer. An uninterrupted power supply (UPS) is a device that contains surge protection circuits and one or more batteries that can provide power during a temporary or permanent loss of power. A UPS connects between your computer and a power source.

                  8.       What are options for backing up computer resources?

To protect against data loss caused by system failure or hardware/software/information theft, computer users should back up files regularly. A backup is a duplicate of a file, program, or disk that can be used if the original is lost, damaged, or destroyed. Thus, to back up a file means to make a copy of it. In the case of system failure or the discovery of corrupted files, you restore the files by copying the backed up files to their original location on the computer.

You can use just about any media to store backups. Be sure to use high-quality media. A good choice for a home user might be optical discs or external hard disks. Home and business users keep backup copies offsite so that a single disaster, such as a fire, does not destroy both the original and the backup copy of the data. An offsite location can be a safe deposit box at a bank or a briefcase. A growing trend is to use cloud storage as an offsite location. Most backup programs for the home user provide for a full backup and a selective backup. Some users implement a three-generation backup policy to preserve three copies of important files.

            9.       What risks and safeguards are associated with wireless communications?

Although wireless access provides many conveniences to users, it also poses additional security risks. One study showed that about 80 percent of wireless networks have no security protection. Some perpetrators connect to other’s wireless networks to gain free Internet access; others may try to access an organization’s confidential data.

In one technique, called war driving or access point mapping, individuals attempt to detect wireless networks via their notebook computer or mobile device while driving a vehicle through areas they suspect have a wireless network. Some individuals instead use war flying, where they use airplanes instead of vehicles to detect unsecured wireless networks. Once located, some individuals use a GPS device to add the WAP to a war driving access point map on the Internet, making the wireless network vulnerable.

In addition to using firewalls, some safeguards that improve the security of wireless networks include reconfiguring the wireless access point and ensuring equipment uses one or more wireless security standards such as Wi-Fi Protected Access and 802.11i.

•        A wireless access point (WAP) should be configured so that it does not broadcast a network name, known as an SSID (service set identifier). Users should change the default SSID to prevent unauthorized users from accessing their wireless network. The WAP also can be programmed so that only certain devices can access it.

•        Wi-Fi Protected Access (WPA) is a security standard that improves on older security standards by authenticating network users and providing more advanced encryption techniques.

•        An 802.11i network, sometimes called WPA2, the most recent network security standard, conforms to the government’s security standards and uses more sophisticated encryption techniques than WPA.

              10.   How can health-related disorders and injuries due to computer use be prevented?

A repetitive strain injury (RSI) is an injury or disorder of the muscles, nerves, tendons, ligaments, and joints. Computer-related RSIs include tendonitis and carpal tunnel syndrome. For prevented this, OSHA (Occupational Safety and Health Administration) has developed industry-specific and task-specific guidelines designed to prevent workplace injuries with respect to computer usage.

Tendonitis is inflammation of a tendon due to repeated motion or stress on that tendon. Carpal tunnel syndrome (CTS) is inflammation of the nerve that connects the forearm to the palm of the wrist. Repeated or forceful bending of the wrist can cause CTS or tendonitis of the wrist. Symptoms of tendonitis of the wrist include extreme pain that extends from the forearm to the hand, along with tingling in the fingers. Symptoms of CTS include burning pain when the nerve is compressed, along with numbness and tingling in the thumb and first two fingers.  You can take many precautions to prevent these types of injuries. Take frequent breaks during the computer session to exercise your hands and arms. To prevent injury due to typing, place a wrist rest between the keyboard and the edge of your desk. To prevent injury while using a mouse, place the mouse at least six inches from the edge of the desk. In this position, your wrist is flat on the desk. Finally, minimize the number of times you switch between the mouse and the keyboard, and avoid using the heel of your hand as a pivot point while typing or using the mouse.

Another type of health-related condition due to computer usage is computer vision syndrome (CVS). You may have CVS if you have sore, tired, burning, itching, or dry eyes; blurred or double vision; distance blurred vision after prolonged staring at a display device; headache or sore neck; difficulty shifting focus between a display device and documents; difficulty focusing on the screen image; color fringes or after-images when you look away from the display device; and increased sensitivity to light. To ease eyestrain, take these techniques:

•         Every 10 to 15 minutes, take an eye break.

ü  Look into the distance and focus on an object for 20 to 30 seconds.

ü  Roll your eyes in a complete circle.

ü  Close your eyes and rest them for at least one minute.

• •         Blink your eyes every five seconds.
• •         Place your display device about an arm’s length away from your eyes with the top of the screen at eye level or below.
• •         Use large fonts.
• •         If you wear glasses, ask your doctor about computer glasses.
• •         Adjust the lighting.

      11.   What are issues related to information accuracy, intellectual property rights, codes of conduct, and green computing?

•        Computer ethics are the moral guidelines that govern the use of computers and information systems. Seven frequently discussed areas of computer ethics are unauthorized use of computers and networks, software theft (piracy), information accuracy, intellectual property rights, codes of conduct, information privacy, and green computing.

•        Information accuracy today is a concern because many users access information maintained by other people or companies, such as on the Internet. Be aware that the organization providing access to the information may not be the creator of the information. In addition to concerns about the accuracy of computer input, some individuals and organizations raise questions about the ethics of using computers to alter output, primarily graphical output such as a retouched photo. Using graphics equipment and software, users easily can digitize photos and then add, change, or remove images.

•        Intellectual property rights are the rights to which creators are entitled for their work. A copyright gives authors and artists exclusive rights to duplicate, publish, and sell their materials. A copyright protects any tangible form of expression. A common infringement of copyright is piracy. People pirate (illegally copy) software, movies, and music. Many areas are not clear cut with respect to the law, because copyright law gives the public fair use to copyrighted material. The issues surround the phrase, fair use, which allows use for educational and critical purposes.

•        IT code of conduct is a written guideline that helps determine whether a specific computer action is ethical or unethical.

•        Green computing involves reducing the electricity and environmental waste while using a computer. People use, and often waste, resources such as electricity and paper while using a computer.

                     12.   What are issues surrounding information privacy?

•        Information privacy is the right of individuals and companies to deny or restrict the collection and use of information about them. Issues surrounding information privacy include the following. An electronic profile combines data about an individual’s Web use with data from public sources, which then is sold.

•        A cookie is a file that a Web server stores on a computer to collect data about the user. Spyware is a program placed on a computer that secretly collects information about the user. Adware is a program that displays an online advertisement in a banner or pop-up window.

•        Spam is an unsolicited e-mail message or newsgroup posting sent to many recipients or newsgroups at once.

•        Phishing is a scam in which a perpetrator attempts to obtain personal or financial information. The concern about privacy has led to the enactment of many federal and state laws regarding the disclosure of data. As related to the use of computers,

•        Social engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others.

•        Employee monitoring uses computers to observe, record, and review an employee’s computer use.

•        Content filtering restricts access to certain materials on the Web.