Professional Documents
Culture Documents
CSC 410 Day 28 Computer Security
CSC 410 Day 28 Computer Security
Computer Security
1
Admin.
Plan.
◦ 2. Computer Security.
2
1. Suggested Structure for Project
Plan due Monday 4/4.
1. Introduction.
◦ A) Explain the topic.
◦ B) State your thesis.
◦ C) Outline the rest of the paper.
2. Define key IT and philosophical terms.
3. Present some some real-world examples.
4. Explain the relevance of vocation, ethical
theory, and the professional codes, and
develop arguments for your thesis.
5. Consider and respond to objections to
your thesis.
3
2. Computer Security.
1) Confidentiality
◦ Is sensitive data kept private and in the right
hands?
2) Data integrity
◦ Is data rightly used and not corrupted?
3) Ease of use.
◦ Does it help or hinder the use of the system?
4) Monitoring.
◦ Is monitoring used to detect misuse but not to
invade privacy of legitimate users?
4
Trade offs:
1) Confidentiality should protect the innocent.
◦ But it can also be used to wrongly withhold
information or hide misinformation.
2)Protecting data integrity keeps out
unauthorized access.
◦ But it may make it difficult for legitimate users to
upgrade or respond to emergencies.
3)Good security can increase confidence so
users can trust a system.
◦ But it can make people careless.
4) Monitoring can detect misuse.
◦ But it can also be used to spy.
5
More security:
Allows people to get on with their real work, not
being sidetracked by “firefighting.”
But:
◦ 1) it consumes resources;
◦ 2) may make a system run slower;
◦ 3) reduced ease of use;
◦ 4) time lost in security upgrades;
◦ 5) promotes paranoia and false alarms;
◦ 6) requires emergency overrides, and these
introduce new security holes!
6
Security threats include:
External Threats
◦ Confidentiality breach
◦ Fraud and theft
◦ Infection with malware
◦ Remote monitoring or control
◦ Denial of service / resource attacks
Internal Threats
◦ Misuse of software and data by employees
◦ Embezzlement
◦ Spying or unauthorized data disclosure
◦ Installing monitoring or malicious software
7
Neumann’s 3 gaps:
1) Technological gap
◦ The gap between what the system should enforce
and what it does enforce
2) Sociotechnical gap
◦ The gap between computer policies and the
existing laws and professional codes of ethics that
society expects to be upheld.
3) Social gap
◦ The gap between moral expectations and actual
human behavior (a result of sin!)
8
Narrowing the gaps
1) Technological gap
◦ Requires adoption of security protocols and
software so that the system enforces policies of
confidentiality, data integrity, etc.
2) Sociotechnical gap
◦ Requires security protocols and software to
comply with laws and professional codes.
3) Social gap
◦ Requires more ethical and legal education,
promotion of virtue and accountability for misuse
of computer systems.
9
Effects of poor security 1
1) Loss of confidentiality
◦ Data may be given away or obtained deliberately
or inadvertently. Even if data is not deliberately
disclosed or stolen, it may end up in the wrong
hands
10
Effects of poor security 2
3) Denial of service / resources
◦ This leads a system to be unusable or very slow.
Can prevent mission-critical programs from
running on time, slow response time.
1) “educational”
2) to “test a system”
3) deliberate snooping, theft or vandalism
4) at a company’s request: “ethical hacking”
13
The 7 types of hackers part I.
https://securingtomorrow.mcafee.com/consumer/family-safety/7-types-of-hacker-motivations/
“1) White Hat Hackers: These are the good guys, computer security
experts who specialize in penetration testing and other methodologies to
ensure that a company’s information systems are secure. These IT security
professionals rely on a constantly evolving arsenal of technology to battle
hackers.
2) Black Hat Hackers: These are the bad guys, who are typically referred
to as just plain hackers. The term is often used specifically for hackers who
break into networks or computers, or create computer viruses. Black hat
hackers continue to technologically outpace white hats. They often manage
to find the path of least resistance, whether due to human error or laziness,
or with a new type of attack. Hacking purists often use the term “crackers”
to refer to black hat hackers. Black hats’ motivation is generally to get
paid.
3) Script Kiddies: This is a derogatory term for black hat hackers who use
borrowed programs to attack networks and deface websites in an attempt to
make names for themselves.
4) Hacktivists: Some hacker activists are motivated by politics or religion,
while others may wish to expose wrongdoing, or exact revenge, or simply
harass their target for their own entertainment. 14
The 7 types of hackers part II.
https://securingtomorrow.mcafee.com/consumer/family-safety/7-types-of-hacker-motivations/
15
Unauthorized Hacking I
All information should be free!
16
Costs of free information
Lack of privacy
17
Unauthorized Hacking II
It is good for a company!
18
Costs of security breaches:
Compels companies to expend more time and
resources on security
A laborious audit is needed to find out what the
hacker did
Not all companies can afford the upgrades
Burglars cannot say in a court of law, “your
locks were bad: you were asking for it.”
The cost of security fixes is passed on to
customers.
19
Unauthorized Hacking III
No-one was using that computer!
◦ If everyone scavenged unused capacity, computers
would lock up
◦ We don’t accept: you can joyride my car and crash
it because I am not using it, or party in my house
because I am at work!
I learned a lot!
◦ Not serious principles of IT design
◦ Not how to treat others’ property with respect
◦ Hackers don’t know most of the consequences of
their actions, so they can’t learn from them
20
Unauthorized Hacking IV
I am protecting you from Big Brother!
◦ If data is being used by governments and
companies, hacking may make them more secretive
and abusive.
21