Chapter 2: Computing Security and Ethics

• Computing security is important
• Intruders

• hackers (or crackers)
• did it exist before the internet?
• phreaking (phone system hacking)
• Undirected vs directed hackers
• script kiddie
• hacktivism
• anonymous & lulzsec

• How they get in

• bad security practices, and holes in the system
• backdoors
• buffer overflow
• viruses, worms, bots, and trojans
• social engineering
• dumpster diving

• Types of attacks

• access
• modification
• DOS
• repudation

• Managing Security

• vulnerability vs threat
• vulnerability

• sensitivity of the information

• threat

• targets
• agents
• events

• Countermeasures

• Only the paranoid survive
• security policies
• physical safe guards
• passwords
• destroy old stuff
• backups
• system failures
• AUP
• VPN
• Anti-virus
• DRP

• Passwords

• complexity
• time to guess by hand vs. machine

• Antivirus software

• virus signatures
• honeypots
• heuristics
• checksums

• encryption

• certificates
• symmetric encryption
• asymmetric encryption

• firewall

• packet filtering
• proxy firewall

• routers
• DMZ
• machine addressing (NAT)
• Crimes

• intellectual property

• copyright
• patent
• trade secret

• reverse engineering
• prosecution

• Ethics

• ACM Code of ethics and professional conduct
• piracy
• viruses and virus hoxes
• weak passwords
• plagiarism
• cracking
• health issues

• privacy

• spam
• spyware
• cookies