Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Notes on Computer Crime Cybercrime: Tools and Tricks | CSC 1113, Study notes of Computer Science

Mississippi Gulf Coast Community CollegeComputer Science
Prof. Dana M. Price

Material Type: Notes; Professor: Price; Class: Computer Concepts-Hybrid*; Subject: Computer Science; University: Mississippi Gulf Coast Community College; Term: Unknown 1989;

Typology: Study notes

Pre 2010

Uploaded on 08/08/2009

koofers-user-06v
koofers-user-06v 🇺🇸

5

(1)

10 documents

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CSC 1113 – Introduction to Computers
LECTURE NOTES – CHAPTER 11
I. Scope of the Problem CIYF 11.03
Lay the groundwork for your lecture by defining computer security risk as any event, action, or
situation—intentional or not—that could lead to the loss or destruction of computer systems or
the data they contain. Distinguish risks from computer crimes and define cybercrime and
cyberlaw.
II. Computer Crime and Cybercrime: Tools and Tricks CIYF 11.05
A. Tricks for Obtaining Passwords
Explain that unauthorized access is the most publicized computer security problem.
Ask students to recall the discussion on authentication wherein systems are protected
from unauthorized guests by requiring user IDs and passwords. List and briefly
summarize several techniques used to obtain passwords:
1. Password guessing – Identify common passwords and impress upon students the
importance of using passwords that are not easily guessed.
Teaching Tip: Encourage students to create passwords for themselves that are not
found in the dictionary and that include both letters and numbers.
Web Link: Direct students who find themselves “password-challenged” to the Secure
Password Generator (www.winguides.com/security/password.php) for quick and free
random password generation.
2. Shoulder surfing—Having someone looking over your shoulder as you type in your
password or when you are using an ATM.
3. Packet sniffers Software programs that look for passwords, credit card numbers,
and other valuable information.
4. Dumpster diving When unscrupulous folks dig through trash in the hopes of
finding user IDs, passwords, or other discarded documents.
5. Social engineering – A form of deception designed to get people to divulge sensitive
information.
6. Superuser status When intruders gain administrator status and are able to obtain
the passwords of everyone using the system.
B. Salami Shaving and Data Diddling
Explain that most computer crime is done by employees. Define salami shaving as a
process where small amounts of money are taken from many accounts and diverted
elsewhere. Define data diddling as illegal or unauthorized data alteration.
C. Forgery
E-mail messages are forged to disguise their origin. Point out that “anonymizer” sites
and programs are often used to strip traceable information from messages.
pf3
pf4
pf5

Partial preview of the text

Download Notes on Computer Crime Cybercrime: Tools and Tricks | CSC 1113 and more Study notes Computer Science in PDF only on Docsity!

CSC 1113 – Introduction to Computers

LECTURE NOTES – CHAPTER 11

I. Scope of the Problem CIYF 11. Lay the groundwork for your lecture by defining computer security risk as any event, action, or situation—intentional or not—that could lead to the loss or destruction of computer systems or the data they contain. Distinguish risks from computer crimes and define cybercrime and cyberlaw. II. Computer Crime and Cybercrime: Tools and Tricks CIYF 11.

A. Tricks for Obtaining Passwords

Explain that unauthorized access is the most publicized computer security problem. Ask students to recall the discussion on authentication wherein systems are protected from unauthorized guests by requiring user IDs and passwords. List and briefly summarize several techniques used to obtain passwords:

  1. Password guessing – Identify common passwords and impress upon students the importance of using passwords that are not easily guessed. Teaching Tip : Encourage students to create passwords for themselves that are not found in the dictionary and that include both letters and numbers. Web Link : Direct students who find themselves “password-challenged” to the Secure Password Generator (www.winguides.com/security/password.php) for quick and free random password generation.
  2. Shoulder surfing—Having someone looking over your shoulder as you type in your password or when you are using an ATM.
  3. Packet sniffers – Software programs that look for passwords, credit card numbers, and other valuable information.
  4. Dumpster diving – When unscrupulous folks dig through trash in the hopes of finding user IDs, passwords, or other discarded documents.
  5. Social engineering – A form of deception designed to get people to divulge sensitive information.
  6. Superuser status – When intruders gain administrator status and are able to obtain the passwords of everyone using the system.

B. Salami Shaving and Data Diddling

Explain that most computer crime is done by employees. Define salami shaving as a process where small amounts of money are taken from many accounts and diverted elsewhere. Define data diddling as illegal or unauthorized data alteration.

C. Forgery

E-mail messages are forged to disguise their origin. Point out that “anonymizer” sites and programs are often used to strip traceable information from messages.

Chapter 11 Lecture Notes

D. Security Loophole Detection Programs

Explain that computer crimes are initiated by intruders who use programs that automatically search for vulnerabilities in computer systems. One such program is SATAN.

E. Computer Viruses

Teaching Tip : While much of the information in this chapter is interesting, the section on Computer Viruses is where you should spend the bulk of your lecture time. Define computer virus as a program that requires a host and is designed to make a system sick, just like a real virus. Use the analogy to continue the discussion about computer viruses, informing your students that they can be spread from computer to computer, and that they can replicate themselves. Explain that some viruses are categorized as harmless pranks, while others are far more malicious. Describe three types of viruses as:

  1. File infectors – attach themselves to a program file
  2. Boot sector viruses – install themselves on the beginning tracks of a hard drive
  3. Macro viruses – infect data files Remind students that most viruses are spread by e-mail attachment and warn them to be suspicious of any files attached to unsolicited messages. Web Link : Encourage students to visit Vmyths.com (www.vmyths.com/) to discover the truth about computer viruses, hoaxes, urban legends, and computer hysteria. Teaching Tip : While the link to Vmyths.com may be fun and entertaining, it can serve a more serious purpose. Remind students that when they get a panicky e-mail saying there is a virus afloat, often that message itself may be a virus or a hoax. Encourage them to use Vmyths.com to check the veracity of the message before deleting any files from their computer, and certainly before propagating the message by forwarding it on to their friends and family.

More Rogue Programs

Explain that viruses are not the only types of nefarious programs that can destroy your system. Briefly explain the terms time bomb (logic bomb) , worm , and Trojan horse. III. Meet the Attackers CIYF 11.

A. Crackers, Cyber Gangs, and Virus Authors

Explain that there are various types of attackers who invade computer systems, not all of whom intend harm. This section introduces categories of attackers.

  1. Hackers – Computer hobbyists for whom breaking into a system is an intellectual game, they rarely steal or damage assets. They subscribe to an unwritten code of conduct called the hacker ethic that forbids the destruction of data.
  2. Crackers – These are hackers who have turned to the dark side. They don’t often intend to cause harm or damage data, but their attacks are sophisticated and cause major headaches for system administrators.
  3. Cyber gangs – Groups of hackers brought together by the Internet and physical meetings.

Chapter 11 Lecture Notes

A. Consumption of Staff Time

B. Downtime

C. Fraud and Theft

D. Adverse Publicity

Note that it is interesting that over 40 percent of all computer crimes go unreported because companies are afraid of adverse publicity damaging their reputation or business.

E. Vandalism

F. Character Assassination

G. Loss of Privacy

H. Risks to Public Safety

I. Denial of Service

Denial of Service (DoS) attacks deserve some discussion due to the fact that they have affected every one of us, even if we were not aware of it. Large companies such as Yahoo!, Amazon.com, and Microsoft have all been victims of DoS attacks. Web Link : Refer students to the article “Denial of Service ‘Nuke’ Attacks” (www.irchelp.org/irchelp/nuke/) for more information about and suggestions for defending against DoS attacks. V. Playing It Safe CIYF 11. This section discusses several measures that safeguard computer systems.

A. Protecting Computers from Power-Related Problems

Protect your computer against power surges and outages by saving your work often and installing an uninterruptible power supply (UPS) on your system.

B. Controlling Access

Use a secure password and user ID, and never give them out to anyone. Watch that someone is not “shoulder surfing” when you log in to your computer. Teaching Tip : If you did not use the Web Link provided for the Tips for Obtaining Passwords section, you can use it now. Web Link : Direct students who find themselves “password-challenged” to the Secure Password Generator (www.winguides.com/security/password.php) for quick and free random password generation.

C. Using Firewalls

Define firewall as a computer program that permits an organization’s internal computer users to access the external Internet, while placing severe limits on the ability

Chapter 11 Lecture Notes of outsiders to access internal data. Use Figure 11.15 to illustrate the point. Mention that it is possible to install a personal firewall on your home computer. Web Link : Refer students to Symantec for information about the Norton Personal Firewall (www.symantec.com/sabu/nis/npf/).

D. Using Encryption

Explain that the process of encryption is where original data is scrambled using a key, and the data is unscrambled by the receiver of the message using a key. Note that encryption will be covered in greater detail in Chapter 12.

E. Using Anti-Virus Programs

Explain that anti-virus programs are an important tool in your arsenal in preventing or spreading a virus. Identify the simple guidelines to help students reduce the risk of a virus attack:  Always check your disks for viruses  Always scan downloaded files for viruses  Disable macros in productivity programs such as Microsoft Word Teaching Tip : Recommend that students take virus protection seriously, keep their virus protection software up-to-date, and follow the simple guidelines.

F. Backing Up Data

Explain how a backup is accomplished, and the difference between full and incremental backups. Mention that every organization should have a disaster recovery plan in place. Web Link : Refer students to Microsoft’s explanation of the backup utility in Windows XP (www.microsoft.com/windowsxp/pro/using/howto/gettingstarted/guide/ backup.asp) for a clear description of the backup process. Class Exercise : Lead students in a discussion about how to develop a disaster recovery plan. Encourage them to think of their own computer and the steps they would need to take to recover from a house fire, earthquake, or similar catastrophe. Have a volunteer write ideas and suggestions on the board as students brainstorm. Web Link : For an easy-to-use guide on creating a disaster recovery plan, visit Hewlett-Packard (www.hp.com/sbso/productivity/howto/disaster_recovery/).

G. Avoiding Scams

Review the tips provided in the textbook for avoiding scams:  Do business with established companies that you know and trust.  Read the fine print.  Don’t provide financial or other personal information or passwords to anyone.  Be skeptical when somebody in an Internet chat room tells you about a great new company or stock.

H. Preventing Cyberstalkers

Review the tips provided in the textbook for protecting against cyberstalkers: