"}' ly:imgtitle="" ly:imgalttext="" ly:imghref="" ly:site="1835290" ly:page="InternetCrime" ly:uid="AD97D167-2E13-7C2C-3962-D8CA8BFC53E8" ly:sessOpts='{"embedurl":""}' ly:onResizing="(Lycos.webon.getInstance('youtube',1835361)).lyOnResizing" ly:onResize="(Lycos.webon.getInstance('youtube',1835361)).lyOnResize" ly:resized="yes">
Internet Crime Summary
Business managers, IT professionals, and IT users all face a number of ethical decisions regarding IT security such as: Should a company pursue prosecution of criminals who has commit a crime against them, or should they maintain a low profile so that negative publicity isn't created; how "safe" is safe enough, and how much should be spent to ensure safety against computer crimes; how can companies ask their employees to gather competitive information while being ethical and legal.
The Computer Emergency Response Team Coordination Center (CERT/CC) was established in 1988 at the Software Engineering Institute (SEI) to deal with the increasing IT security incidents. Some of the reasons for an increase in computer crimes are: increasing complexity increases vulnerability, higher computer user expectations, expanding and changing systems introduce new risks, increased reliance on commercial software with known vulnerabilities.
Types of Attacks
Viruses- a piece of programming code, usually disguised as something else, that causes some unexpected and usually undesirable event.
Worms- harmful programs that reside in the active memory of the computer and duplicate themselves. They differ form viruses because they can spread on their own, sending themselves to other computers by emails or internet chats.
Trojan horse- a program that a hacker secretly installs on a computer. This allows the hacker to steal passwords or Social Security numbers, or even spy on users by recording keystrokes and transmitting them to a server operated by a third party.
Denial-of0service attack- is one in which a malicious hacker takes over computers on the internet and causes them to flood target site with demands for data and other small tasks. This is the equivalent of a caller constantly dialing a telephone number so that other callers head a busy signal.
Types of Perpetrators and their objectives (in order of frequency of attack from high to low):
Hacker- test limits of system and gain publicity
Cracker- cause problems, steal data and corrupt systems
Insider- make money and disrupt company's information systems
Industrial Spy- capture trade secrets and gain competitive advantage
Cyber criminal- make money
Cyber terrorist- destroy key infrastructure components.
Ways to help prevent cyber crimes:
Install anti-virus software on personal computers
Implement safeguards against attacks by malicious insiders
Address the most critical security threats
Conduct periodic IT security audits
Discussion Question #3
Q: How can installation of a firewall five an organization a false sense of security?
A: A firewall does nothing to protect a Web site from a denial-of-service attack. A firewall also cannot prevent a worm from entering the network as an e-mail attachment. Most firewalls are configured to allow e-mail and benign-looking attachments to reach their intended recipient.