Scribd
Upload
10 views

Online Privacy and Security

Uploaded by

Ninad Jaiswal
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
10 views

Online Privacy and Security

Uploaded by

Ninad Jaiswal
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

Online Privacy and Security

Security and Privacy

Data communications capabilities provides new


challenges

Keep data secure Keep data private


• Destruction • Salaries
• Accidental damage • Medical information
• Theft • Aadhar numbers
• Espionage • Bank balances
Computer Crimes
• Discovery
• Difficult
• Accidental
• 85% of computer crimes are never reported
• Prosecution
• Legal representatives lack technical knowledge to
understand the crime
What Systems Have Been Invaded?

• Corporate networks
• Over half largest corporations were invaded
• Competitors?
• Government networks
• Dept of Defense attacked more than 200,000 times per
year
• Computer attack - abilities of other nations?
• Web sites
How Can Systems be Easily Compromised?
• Social engineering
• Con artist – persuade/manipulate a person to give away
their information like passwords, OTP over the phone
• What are they looking for?
• Take a close look at some of the 'secure' sites you log into.
• The questions seem pretty tough for an outsider looking into
trying to hack into your account.
• What's the name of your first pet?
• What is your maiden name?
• When was your mother/father born?
• Where were you born?

Do these sound familiar?


How do they do that?
• Pretexting – Creating a fake scenario

• Phishing – Send out bait to fool victims into giving away their
information

• Fake Websites – Molded to look like the real thing. Log in with real
credentials that are now compromised

• Fake Pop-up – Pops up in front of real web site to obtain user


credentials
Frequently Reported Crimes
• Credit-card fraud • Bomb
• Numbers captured and used fraudulently • Program to trigger damage
• Scheduled to run at a later date
• Data communications fraud
• May be found in software for general public,
• Piggyback on someone else’s network especially shareware
• Office network for personal purposes
• Denial of service attack (DOS)
• Unauthorized access to computer files • Hackers bombard a site with more request
• Accessing confidential employee records for service than it can possible handle
• Theft of trade secrets and product pricing • Prevents legitimate users from accessing the
• Unlawful copying of copyrighted software site
• Appearance of requests coming from many
• Casual sharing of copyrighted software
different sites simultaneously
Frequently Reported Crimes
• Piggybacking • Trojan horse
• Original user does not sign off properly • Illegal instructions placed inside a
• Intruder gains accesses to files via the legitimate program
original user id • Program does something useful and
destructive at the same time
• Scavenging
• Search garbage and recycling bins for • Zapping
personal information • Software to bypass security
• Trapdoor systems
• Illicit program left within a completed • Viruses
legitimate program
• Illicit instructions that pass
• Permits unauthorized and unknown
entry to the program
themselves on to other programs
Security
System of safeguards designed to protect a computer
system and data from deliberate or accidental
damage
• Natural disasters • Theft
• Fire • Theft or destruction of
• Accidents data
• Vandalism • Industrial espionage
• Hackers
Security Identification and Access

• Provide access to authorized individuals only


• Uses one of more of the following systems
• What you have
• What you know
• What you do
• What you are
Security Identification and Access
What You Have
• Key
• Badge
• Token
• Plastic card – magnetized strip
• Active badge – signals wearer’s location using
infrared signals
Security Identification and Access

What You Know


• Password
• Identification number
• Combination
Security Identification and Access

What You Do
• Verify signature – software verifies scanned and
online signatures
Security Identification and Access
What You Are
• Biometrics – science of measuring individual
body characteristics
• Fingerprints
• Voice pattern
• Retina of the eye
• Entire face
Security Identification and Access
• How can you prevent?
• Internal controls
• Transaction log
• Auditor checks
• Who has accessed data during periods when that data
is not usually used?
• Off-the-shelf software to access the validity and
accuracy of the system’s operations and output
Security Identification and Access
• Secured waste
• Shredders
• Locked trash barrels
• Applicant screening
• Verify the facts on a resume
• Background checks
• Built-in software protection
• Record unauthorized access attempts
• User profile
Security The Internet

• Firewall
• Dedicated computer that
governs interaction
between internal network
and the Internet
• Encryption
• Data Encryption Standard
(DES)
Security – Protect Yourself
• Recognize inappropriate requests for information
• Take ownership for your online security
• Understand risk and impact of security breeches
• Social engineering attacks are personal
• Password management
• Two factor authentication
• Physical security
• Understand what information you are putting on the
Web for targeting at social network sites
Privacy

• Where is my data?
• How did they get my data?
• Who sees it?
• Is anything private anymore?

Everything about you is in at


least one computer file
Privacy: How Did They Get My Data?

• Loans • Insurance claim


• Charge accounts • Hospital stay
• Orders via mail • Sending checks
• Magazine subscriptions • Fund-raisers
• Tax forms • Advertisers
• Applications for schools, • Warranties
jobs, clubs • Military draft registration
• Court petition
Privacy: How Did They Get My Data?
Privacy: Industries are Spying on You!

Monitoring software
• Screens
• E-mail
• Keystrokes per minute
• Length of breaks
• What computer files are used and for how long
Privacy groups want legislation requiring employers
to alert employees that they are being monitored.
Privacy: Monitoring by Web Sites
• Records:
• Country/State/City… address
• Site you just left
• Everything you do while on the site
• Hardware and software you use
• Click stream
• Series of clicks that link from site to site
• History of what the user chooses to view
Privacy: Monitoring by Web Sites
• Cookie
• Stores information about you
• Located on your hard drive or browser
• Beneficial uses
• Viewing preferences
• Online shopping
• Secure sites retain password in cookie
• Controversial use
• Tracking surfing habits for advertisers
• Can set browser to refuse cookies or warn before storing
• Software available to manage cookies (e.g. cookiebot, Osano)
Is there privacy anymore?
Policies world across on Data Protection
• General Data Protection Regulation (GDPR) - EU
• European Union regulation on information privacy in the European Union
and the European Economic Area.
• California Consumer Privacy Act (CCPA) - USA
• Comprehensive data privacy act gives Californian residents greater
transparency and control over how businesses collect and use their personal
information
• Digital Personal Data Protection Act (DPDP) - India
• Act to provide for the processing of digital personal data in a manner that
recognises both the right of individuals to protect their personal data

You might also like