Professional Documents
Culture Documents
Modules Information: Module Session Programme Lecturer ICT2209 COMPUTER ETHICS SEPTEMBER 2009 BGSDI, BIMCI, BNMCI, BITMI Vijayan A/L Venggadasallam Email: vijayan@intimal.edu.my Phone Ext: 2335 Summary of Coursework Breakdown: (as stated in course structure) No Description of coursework Learning Outcomes covered Room: A3-F02
Marks allocated
1 2
Assignment 1 Assignment 2
CONTRIBUTION OF THE COURSEWORK TO THE COURSE FINAL EXAM TOTAL Penalty for late submission: 1 day minus 20% of total mark awarded 2 days minus 50% of total mark awarded 3 days 0 mark for this piece of coursework
Coursework Specifications
Page 1
Coursework #2
Modules Information: Module Session Programme Lecturer ICT2209 COMPUTER ETHICS SEPTEMBER 2009 BGSDI, BIMCI, BNMCI, BITMI Vijayan A/L Venggadasallam ICT2209 COMPUTER ETHICS Coursework Type Percentage Hand-out Date Due Date Students Declaration: Individual Assignment 2 30% out of 100% Week 4 Week 7 Room: A3-F02
I declare that: I understand what is meant by plagiarism This assignment is all my own work and I have acknowledged any use of the published or unpublished works of other people. I hold a copy of this assignment which I can produce if the original is lost or damaged [Name/ID] _______________________________________ [Date] _____________________
[Signature] _______________________
Discuss the propriety rights in computer software Apply the ethics in software development project Total Marks
10 20 20 25 25
Assessment Criteria
1. 2. 3. 4. 5. Introduction. Background study. Report format and structure. Specification and Discussion of the Requirements. The overall presentation skills.
Given Marks
100 Penalty
Coursework Specifications
Page 2
Penalty for late submission: 1 day minus 20% of total mark awarded 2 days minus 50% of total mark awarded 3 days 0 mark for this piece of coursework
Student to do research on topic related to computer ethics and produce report of their research. Students are also required to conduct presentation on the topic. Proposed topics: 1. Issues in computer privacy 2. Computer security 3. Intellectual Property 4. Any other suitable topic
The following guidelines must be adhered: 1. The contents of the report must have a cover page, contents page, and body of information, conclusion, and list of references. 2. The report should have 15-20 pages. 3. Font size: 12; Font type: Times New Roman; Spacing: 1.5
End of Coursework #2
Coursework Specifications
Page 3
TABLE OF CONTENTS No. 1. 2. 3. 4. Descriptions Introduction Background study Contents Hacking 3.1. Hackers Attitude Identity Theft 4.1. Phishing 4.2. Pharming Prevention Tips Conclusion References Plagiarism Detect Page Page No. 5 6 8 8 11 12 14 16 20 21 22
5. 6. 7. 8.
Coursework Specifications
Page 4
1. Introduction
Nowadays there are so many computer crimes all over the world. My research tells about computer security. So it will cover about some stealing techniques that the criminal use to steal our confidential information and how to protect our personal information. Computer security is a branch of technology known as information security and usually applied to computers and networks. The objectives of computer security consist of protection of information and property from theft, corruption, and natural disaster, while allowing the information and property to remain accessible and productive to its users needs. The terms computer system security, means the whole processes and mechanisms by which sensitive and valuable information and services are protected from publication, tampering or collapse by unauthorized activities or untrustworthy individuals and unplanned events respectively.
Coursework Specifications
Page 5
2. Background study
The term computer security is often used, but the content of a computer is vulnerable to few risks even less the computer is connected to other computers on a network and as the use of computer networks, especially the Internet, the concept of computer security has expanded to denote issues refering to the networked use of computers and their resources. The most important areas of computer security are usually represented by the initials CIA: confidentiality, integrity, and authentication or availability. 1. Confidentiality means that information cannot be access by unauthorized parties and is also known as secrecy or privacy; breaches of confidentiality range from the embarrassing to the disastrous. 2. Integrity means that information is protected against changes without permission that are not detectable to authorized users and many incidents of hacking expose the integrity of databases and other resources. 3. Authentication means that users are who they claim to be and availability means that resources are accessible by authorized parties; "denial of service are attacks against availability which are sometimes the topic of national news. Other important concerns of computer security professionals are maintain access control and nonrepudiation. Maintaining access control means not only that users can access only those resources and services to which they are entitled, but also that they are not refused resources that they legitimately can expect to access. Nonrepudiation implies that a person who sends a message cannot refuse that he sent it and, on the other hand, that a person who has received a message cannot refused to receive it. In addition to these technical aspects, the forming of concepts reach of computer security is extensive and multifaceted. Computer security touches draws from disciplines as ethics and risk analysis, and is
Coursework Specifications
Page 6
Coursework Specifications
Page 7
3. Hacking
Hacking is an action that breaks into computers, usually by gaining illegal or unauthorized access to administrative controls. Nowadays the subculture has evolved around hackers is often related to as the computer underground. Many people claim that the hackers are motivated by artistic and political ends, and are unconcerned about the use of illegal means to archive them. Other uses of the word hacker not only related to computer security, but also rarely used by the mainstream media. Some would say that the people that are now considered hackers are not hackers, as before the media explained the person who breaks into the computer security as a hacker there was a hacker community. This community was a community that people had a great interest in computer programming, and they often create and distribute open source software. Nowadays these people in the community refer to the cyber-criminal hackers as crackers. 3.1. Hackers Attitude Several groups of computer underground have different attitudes and aims use different ways to separate distinctly themselves from each other, or try excluding some specific group. The members of the computer underground should be called crackers. They usually reserve cracker refer to the black hat hacker or more generally hackers with unlawful intentions. There are 5 types of hackers that consist of white hat hacker, grey hat hacker, black hat hacker, script kiddie and hacktivist. 1. White hat hackers White hat hackers are known as ethical hackers. They are computer security experts, who have specialization in penetration testing and other testing methodologies. These computer professionals are employed by companies to ensure that a companys information systems are secure and they may utilize variety kinds of methods to carry out their tests, including social engineering
Coursework Specifications
Page 8
Coursework Specifications
Page 9
Coursework Specifications
Page 10
4. Identity theft
Identity theft is a term used to relate to fraud that involves someone presuming to be someone else in order to steal money or get other benefits. The term is relatively new and is actually like an error in naming, since it is impossible to steal an identity, only to use it. The person whose identity is stolen can suffer various kinds of consequences when he or she is held responsible for the criminals actions. It is a crime to use another persons personal identity for personal gain in many countries. Identity theft is a thing that different from identity fraud. However, the terms are often used get accidentally exchanged. Identity fraud is result of identity theft. Someone can steal or appropriate someone identifying information without actually performing identity fraud. The best example of this is when a data violation occurs. There has been very little evidence to link ID fraud to data violations. A Government Accountability Office study determined that most violations have not resulted in detected incidents of identity theft. However the title of that report is "Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown". A later study by Carnegie Mellon University concluded that "the probability of becoming a victim to identity theft as a result of a data breach is ...around only 2%". More recently, one of the largest data breaches ever, accounting for over four million records, resulted in only about 1800 instances of identity theft, according to the company whose systems were breached. However, synthetic ID theft is not always detectable by the consumers whose information was used, according to an FTC report.
Coursework Specifications
Page 11
4.1. Phishing
Phishing is actually an online con game, and phishers are nothing more than tech-intellect con artists and identity thieves. Phishers use spam, fake Web sites, crimeware and other techniques to trick people into leaking sensitive information, such as bank and credit card account details. Once theyve captured enough victims financial information, they either use the stolen information themselves to deceive the victims, for example by opening up new accounts using the victims information or draining the victims bank accounts or they sell it on the black market as third party for a profit.
How phishing works In many cases, phishers send out a lot of spam email, sometimes up to millions of messages. Each spam email has contents of a message that appears from a famous and trusted company. Usually the message contains the companys name and logo, and it often tries to provoke an emotional response to a false crisis. Email contents are looks like business language and couched in urgent, the email often request for the users personal or financial information. And even sometimes the email provides the recipients to a fake web site. The web site, like the email, appears authentic and in some cases its URL has been covered so the web address looks real. The fake web site insists the visitor to provide confidential information such as social security numbers, account numbers, passwords, etc. Since the email and corresponding Web site look like the real one, the phisher hopes at least a fraction of recipients are fooled into submitting their personal data. While it is impossible to know the actual victim response rates to all phishing attacks, it is commonly believed that about 1 to 10 percent of recipients are tricked with a successful phisher campaign having a response rate around 5 percent.
Coursework Specifications Page 12
Another example of the growing skills of the phishing groups is their use of lacks in Web site design to make their attacks more convincing. For example, a lack in the IRS Web site allowed people to make their bait URLs appear to be the IRS Web site, even though the victim was headed to a different, criminallyowned Web server. This is one of many potential examples of the steadily advancing skills of online fraudsters. Phishing example Symantec operates a group of machines known as honey potsa network of intentionally vulnerable systems that are used to capture and study real-world attacks. This information is in turn used for research and refinement of Symantecs products. Symantec recently captured a stereotypical phishing attack in its honey pot network focused on the online auction service eBay. EBay become one of the most phished brands on the internet.
Coursework Specifications
Page 13
Coursework Specifications
Page 14
Coursework Specifications
Page 15
5. Prevention Tips
Cybercrime prevention can be performed when faced with a little technical advice and common sense, many attacks can be avoided. In general, online criminals are trying to make their money as quickly and simple as possible. If you make their job more difficult, they will leave you alone and move on to an easier target. There are some tips below provide basic information on how you can prevent online fraud.
Keep your computer security current with the latest patches and updates. Make sure your computer is managed securely. Choose strong passwords and keep your information safe. Protect computer with security software. Protect your confidential information. Keep your computer security current with the latest patches and updates. One of the best ways to keep hackers away from your computer is to apply patches and other software fixes when they become available. By evenly updating your computer, you block attackers from being able to take advantage of software lacks (vulnerabilities) that they could otherwise use to go through into your system.
While keeping your computer up-to-date will not protect you at all, it only makes it more difficult for hackers to gain access to your system, blocks many basic and automated attacks completely, and might be enough to prevent a less-determined attacker to look for a more vulnerable computer elsewhere.
More recent versions of Microsoft Windows and other popular software can be configured to download and apply updates automatically so that you do not have to remember to check for the latest software and taking advantage of "autoupdate" features in your software is a great way to keep yourself safe online.
Coursework Specifications
Page 16
Configuring Internet applications such as your Web browser is one of the most important areas to focus on. For example, settings in your Web browser such as Internet Explorer or Firefox will decide what happens when you visit certain Web sites on the Internet. The strongest security settings will give you the most control over what happens online but may also disturbing some people with a large number of questions when they are searching some things ("This may not be safe, are you sure you want do this?") or the inability to do what they want to do.
Choosing the level of security and privacy depends on the individual using the computer. Oftentimes security and privacy settings can be simply configured without any sort of special expert skill by simply using the "Help" feature of your software or reading the vendor's Web site and if you are uncomfortable configuring it yourself call someone that experts in computer that you know and trust for assistance or contact the vendor directly. Choose strong passwords and keep your information safe. Passwords are a fact of life on the Internet today and we use them for everything such as online banking and logging into our favorite airline Web site to see how many miles we have collected. There are some tips can help make your online experiences secure: 1. Choose a password that cannot be easily guessed is the first step to keep passwords secure and away from the other people. Strong passwords have eight characters or more and use a combination of letters, numbers and symbols (e.g. # $ %!?). Avoid using the following as your password such as your login name,
Coursework Specifications Page 17
Protect your computer with security software. Several types of security software are necessary for basic online security and security software includes firewall and antivirus programs. A firewall is usually your computer's first line defense. Firewall controls who and what can communicate and have access with your computer online. You could think of a firewall as a sort of "policeman" that controls all the data that flow in and out of your computer on the Internet and allows communications that it knows are safe and blocking bad traffic such as attacks from ever reaching your computer.
The next line defense is your antivirus software, which monitors all online activities such as email messages and Web browsing and protects an individual from viruses, worms, Trojan horse and other types malicious programs. Most recent versions of antivirus software, such as Norton Antivirus, also protect from spyware and potentially unwanted programs. Having security software that gives you control over software you may not want and protects you from online threats is essential to staying safe when you are going online. Your antivirus and antispyware software should be set to update itself, and it should update by itself every time you connect to the Internet.
Coursework Specifications
Page 18
Coursework Specifications
Page 19
6. Conclusion
Nowadays computer security is a vast topic that is becoming more important because the world is becoming highly interconnected, with networks being used to carry out important transactions. The environment in which machines must survive has changed fundamentally since the popularization of the Internet. The goal of my research is to familiarize you with the current best practices for keeping security flaws out of your software. Cybercrime can happen anytime and anywhere. We must have knowledge about that and how to keep our computer and confidential information safe so we can minimize damages or even we can prevent all unauthorized attacks. Good software security practices can help ensure that software performs properly. Safety-critical and high-assurance system designers have always taken great damages to analyze and to track software behavior and security-critical system designers must follow suit. We can avoid the Band-Aid-like penetrate-and-patch approach to security only by considering security as a important system property. This requires integrating software security into your entire software engineering process is a topic that we take up in the next chapter.
Coursework Specifications
Page 20
7. References
Science and Technology Resources on the Internet-by Jane F. Kinkus-11th October 2009 URL :< http://www.istl.org/02-fall/internet.html>
Computer security - Wikipedia, the free encyclopedia 11th October 2009 URL :< http://en.wikipedia.org/wiki/Computer_security>
Hacker (computer security) - Wikipedia, the free encyclopedia 9th October 2009 URL :< http://en.wikipedia.org/wiki/Hacker_(computer_security) >
Identity theft eHow.com 10th October 2009 URL :< http://www.ehow.com/identity-theft/ >
Online Fraud: Phishing 10th October 2009 URL :< http://www.symantec.com/norton/cybercrime/phishing.jsp > Online Fraud: Pharming 10th October 2009 URL :< http://www.symantec.com/norton/cybercrime/pharming.jsp>
Coursework Specifications
Page 21
Coursework Specifications
Page 22