Expert answer:685 – Security on the Internet / Critical Thinking

Solved by verified expert:Write a FOUR pages critical essay dealing with the following questions.What are the security and privacy risks and vulnerabilities encountered in using the Internet?List specific, common attack strategies and describe how they work. Describe their effects and/or consequences on the security and privacy of both individual users and organizations. Cite specific examples, and show how the damage can be mitigated or avoided (if possible).Discuss and cite at least three additional, credible or scholarly source other than the course textbooks to support your analysis and positions. Use Saudi Electronic University academic writing standards and APA style guidelines, citing references as appropriate. Your paper should be FOUR pages in length.Use proper introduction and labeled Conclusion. Textbooks are attached.You are strongly encouraged to submit all assignments to the Turnitin Originality Check prior to submitting them to your instructor for grading.
computer_network_security_and_cyber_ethics___kizza__joseph_migga.pdf

lessig_codev2.pdf

Unformatted Attachment Preview

Computer Network Security
and Cyber Ethics
FOURTH EDITION
This page intentionally left blank
Computer Network
Security and
Cyber Ethics
FOURTH EDITION
Joseph Migga Kizza
McFarland & Company, Inc., Publishers
Jefferson, North Carolina
ISBN 978-0-7864-9392-0 (softcover : acid free paper)
ISBN 978-1-4766-1560-8 (ebook)
LIBRARY
OF
CONGRESS
BRITISH LIBRARY
♾
CATALOGUING DATA ARE AVAILABLE
CATALOGUING DATA ARE AVAILABLE
© 2014 Joseph Migga Kizza. All rights reserved
No part of this book may be reproduced or transmitted in any form
or by any means, electronic or mechanical, including photocopying
or recording, or by any information storage and retrieval system,
without permission in writing from the publisher.
Front cover: Firewall lock on mainboard (© iStock/Thinkstock)
Manufactured in the United States of America
McFarland & Company, Inc., Publishers
Box 611, Jefferson, North Carolina 28640
www.mcfarlandpub.com
Celebrating what is good within us all.
Keep the fire burning!
This page intentionally left blank
Acknowledgments
I am very grateful to all colleagues for the ideas, suggestions,
and criticisms they freely gave to me.
I am indebted to my daughters, Josephine and Florence, and
to my dear wife, Omumbejja Immaculate, for her input and support. She was instrumental in many ways.
Finally, to all those who, in one way or another, contributed
to this project, but whose names do not appear, thanks!
vii
This page intentionally left blank
Contents
Acknowledgments
vii
Preface
1
1. The Changing Landscape of Cybercrime
3
2. Morality
11
3. Ethics
17
4. Morality, Technology and Value
24
5. Cyberspace Infrastructure
32
6. Anatomy of the Problem
60
7. Enterprise Security
82
8. Information Security Protocols and Best Practices
123
9. Security and Privacy in Online Social Networks
161
10. Security in Mobile Systems
171
11. Security in the Cloud
183
12. Security and Compliance
198
Appendix: Questions for Classroom Use
209
Chapter Notes
215
Bibliography
221
Index
225
ix
This page intentionally left blank
Preface
Since the publication of the third edition of this book in 2011, a lot has
changed. Dramatic advances in mobile technology have resulted in the
unprecedented growth of social networks. This fast-changing technology landscape has forced me to make considerable changes to the contents of the book
to bring my faithful readers and students of information technology up to
date.
We have updated most of the contents in a good number of chapters,
added chapters with new contents and removed chapters with outdated content. With all these alterations, additions and removals, we have kept the core
theme of the text the same but brought new light, and new discussion points,
to the table. Although the book has been in production since 2002, when it
was selected as a Choice Outstanding Academic Title, the core theme of the
book has endured. This is a testimony not only to the quality of the book but
also to the persistence and growing relevancy of the issues discussed.
The growing relevancy of the issues in the book have confirmed and solidified my belief over the years that the security of cyberspace, as it evolves and
engulfs all of us, is and will always be based on secure, reliable software and
hardware protocols and best practices and a strong ethical framework for all
its users. If a morally astute and ethically trained user is missing from the equation, cyberspace will never be secure and, therefore, the information infrastructure we have come to depend on so much will likewise never be secure.
We focus on these core issues throughout the book.
Because of the central role of this ethical framework, we devote the first
four chapters to morality, ethics, and technology and value. In these, we
demonstrate the central role of morality and ethics in the decision-making
process of an information professional, and indeed all humans handling information technology. We also discuss in depth the value that technology adds
and the role it plays in our deliberations before we make decisions. We ponder
the question of whether technology makes decisions for us or whether we
depend on and use it to make wise decisions of our own.
1
2
Preface
In all, the security of information in general and of computer networks
in particular, on which our national critical infrastructure and, indeed, our
lives is increasingly depending, is based squarely on the individuals who build
the hardware and design and develop the software that run the networks that
store our vital information.
To address security issues in the rapidly changing technology and in the
growing ecosystem of online social networks, we have added two new chapters,
“Security in Mobile Systems” and “Security in the Cloud.” To continue the
discussion of the ever-changing nature of security protocols and best practices,
we have reworked and kept Chapter 8 as “Information Security Protocols and
Best Practices.” The last chapter has been updated and renamed “Security and
Compliance” to update the debate in the changing business information security landscape.
Although we seem to be making efforts toward mitigating computer security incidents, the progress we are achieving seems insignificant. Indeed, data
from incident reporting centers shows no let-up in activity from the time of
this book’s first edition to today. In fact, data shows that digital crime incidents
are mutating, unrelenting, always on the rise, which begs the question—are
we doing the right thing?
Maybe not. After more than 10 years of efforts to rein in the growing
and indeed mutating information infrastructure security problems, we still do
not seem to be doing the right thing. Maybe we need to change course. The
rise in such incidents has been and still is an indication of the poor state of
our cyberspace infrastructure security policies and the vulnerability of all
cyberspace resources. We have been pointing out over the years that we are yet
not doing enough. Toward this end, several private and public initiatives and
partnerships have been have been established and are discussed throughout
the book.
Finally, as has been the case in the last three editions, we are still keeping
the fire burning, for public awareness of the magnitude of cyber security and
cybercrimes, the weaknesses and loopholes inherent in the cyberspace infrastructure, and the ways to protect ourselves and our society. We also must have
more debate on the need for a strong ethical framework as a way to safeguard
cyberspace.
Chapter 1
The Changing
Landscape of Cybercrime
LEARNING OBJECTIVES :
After reading this chapter, the reader should be able to:
• Describe trends in computer crimes and protection against viruses and
other cybercrimes.
• Discuss the history of computer crimes.
• Describe several different cyber-attacker approaches and motivations.
• Identify the professional’s role in security and the tradeoffs involved.
In the last two decades, we have witnessed the rapid growth of the Internet, mobile technology and the correspondingly rapid growth of online crimes,
or cybercrimes. With this growth, there has been a spike in the rate of cybercrimes committed over the Internet. This has resulted into some people condemning the Internet and partner technologies as responsible for creating new
crimes and the root causes of these crimes. However, there is hardly any new
crime resulting from these new technologies. What has changed, as a result of
these new technologies, is the enabling environment. Technology is helping
in the initiation and propagation of most known crimes. As we get rapid
changes in technological advances, we are correspondingly witnessing waves
of cybercrimes evolving. Figure 1.1 shows the changing nature of the cybercrime landscape since 1980.
The period before 1980 was an experimental period. Then, the Internet
was new and required sophisticated and specialized knowledge that very few
people back then had. There was very little valuable information and data stored
in online databases as there is today, and there were no free online hacking tools
available. If one wanted to hack, one had to develop the tools to do the job—
a daunting task that required expertise. The easiest way to do it was to join hacking groups. Ganglike groups like the Legions of Doom, the Chaos Computer
3
4
Computer Network Security and Cyber Ethics
Figure 1.1 The Changing Nature of Cybercrimes
Club, NuPrometheus League, and the Atlanta Three were formed. Most of
these groups were led by notorious individuals like Kevin Mitnick (“The Condor”), Ian Murphy (“Captain Zap”), and Patrick K. Kroupa (“Lord Digital”).
At the tail end of the 1980s, computers had become smaller. The personal
computer (PC) had been introduced and was becoming very successful. Businesses were buying these computers at a rapid pace. Schools of varying standards were opening up and filling with students interested in becoming
computer programmers. More computers started getting into the hands of
young people through their schools, libraries, and homes as it was becoming
more and more possible for affluent families to afford a home PC. Curious
young people got involved with the new tools in large numbers. As their numbers rose, so did cybercrimes.
A profile of a cyber criminal soon emerged—a privately schooled, suburban, highly intelligent, soccer-playing but lonely wolf in thrill- seeking
escapades that would lead to bragging rights. We called them computer whiz
kids. Their operations were more or less predictable and, with exception of a
few cases, there was a complete lack of organizational structure, something
that is significantly noticeable in later generations of attacks. These whiz kids
led the second generation of cybercrimes.
The second generation of cybercrimes probably started at the tail end of
the first generation, around 1990, and lasted through 2000. This period was
characterized by serious, often devastating, and widespread virus attacks on
1—The Changing Landscape of Cybercrime
5
global computer networks. This period saw an unprecedented growth in computer networks around the globe. These interconnected and interdependent
networks became a very good conduit for these virus attacks. As the world
became a mesh of thousands of interdependent computer networks, more
individuals, businesses, organizations, and nations became more dependent
on them. Because of this high dependence, which continues, the mere mention
of a virus attack, whether real or not, caused panic in company boardrooms,
classrooms, and family living rooms.
The sources of these attacks (mostly viruses) were often the whiz kids of
the 1980s. The period experienced monstrous attacks including “Melissa,”
“The Goodtimes,” “Distributed Denial of Service,” “Love Bug,” and “Code
Red,” to name a few. The inputs fuelling the rise and destructive power of the
attacks were the large volume of free hacker tools available on the Internet,
the widespread use of computers in homes, organizations and businesses, large
numbers of young people growing up with computers in their bedrooms, the
growing interest in computers, the anonymity of users of the Internet, and the
ever-growing dependence on computers and computer networks. All these
put together contributed to the wild, wild cyberspace of the 1990s.
The third generation of cybercrimes began around the turn of the century.
As the Computer Science Institute and Federal Bureau of Investigation’s (CSI/
FBI) 2005 survey results indicate, virus attacks continued as the source of the
greatest financial losses. Closely behind viruses were unauthorized access,
which showed a dramatic cost increase and replaced denial of service as the second most significant contributor to computer crime losses during that period,
unauthorized use of computer systems, and Web site incidents in that order.1
Overall, the period saw a gradual move away from the huge devastating
virus attacks released by lonely wolves who expected no reward beyond proof
of their prowess and the corresponding infamous notoriety. This period was,
so far, characterized by small, less powerful, sometimes specialized but selective
and targeted attacks. The targets were preselected to maximize personal gains,
usually financial. Attacks so far in this period were overwhelmingly targeted
at financial institutions. The list of victims was long and included the following
examples:
• In February 2005, Bank of America Corp. reported computer tapes
containing credit card records of U.S. senators and more than a million
U.S. government employees went missing, putting customers at
increased risk of identity theft.
• In February 2005, ChoicePoint Inc., a Georgia-based credit reporting
company, had a breach of its computer databases, rendering nearly
145,000 people vulnerable to identity theft.
6
Computer Network Security and Cyber Ethics
• In April 2005, data wholesaler LexisNexis, a division of Reed Elsevier,
admitted having personal information from about 310,000 customers
stolen.
Because of strict reporting laws in California, more and more companies
and institutions were reporting losses of personal accounts. Among the companies and institutions were PayMaxx, health care heavyweight San Jose Medical
Group, California State University at Chico, Boston College, and the University of California at Berkeley.2 These made headlines, but many more did not.
A decade later since the beginning of the thrird generation, around 2010,
probably the fourth generation started. This was driven by a dramatic change
in communication technologies and the nature of the information infrastructure. First, there is a fast rate of convergence of computing and telecommunication coming a lot earlier than has been predicted. Second, there is a
developing trend in computing and communication devices’ miniaturization,
leading us faster to the long-awaited and often talked-about ubiquitous computing driven by faster, more powerful machines and with a rich application
repertoire that makes the technology of a decade earlier look prehistoric. The
result of these combined forces are the exceptionally fast growing infrastructure of social networks that are leading us into a new unplanned, unpredictable,
and more threatening computing environment. This changing nature of information technology against the changing background of user demographics is
creating a dynamic mosaic of security threats and problems. Plenty of IT
administrators are tossing and turning at night over the security risks that may
threaten their servers, networks and client computers. According to the 2010
survey of 353 network administrators conducted by Amplitude Research on
behalf of VanDyk Software (2010) and the Australian Cyber Crime and Security Survey Report 2012,3 historically and traditionally leading threats are no
longer in the lead as indicated in Tables 1.1 and 1.2. Most traditional cybercrimes witnessed in the previous two generations are in decline. This can be
attributed to the continuously changing landscape of cybercrimes.
Currently there are two major trends in this generation of cyber attacks.
First, the cyber criminals are organizing themselves more into criminal enterprise cartels, and two, we are seeing more state-sponsored hacking activities
than ever before. This seems to be a more troubling trend. New threats, according to the U.S. Department of Homeland Security’s ICS-CERT, include4:
• National governments—where we see government-sponsored programs developing capabilities with the future prospect of causing widespread, long-duration damage to critical national infrastructures of
adversarial nations.
1—The Changing Landscape of Cybercrime
7
Table 1.1 Changing System Threat Landscape, 2010
Threat Management Technique
Securing remote access
Keeping virus definitions up to date
Patching systems
Monitoring intrusions
Secure file transfer
Network use monitoring
User awareness
Password management
Managing logs
Replacing non-secure protocols
Percentage of Admins Who Identified
52
44
36
33
30
28
26
16
11
11
Data Source: http://www.channelinsider.com/c/a/Security/10-Security-Risks-That-Keep-Customers-Up-at-Night–893339/
Table 1.2 Change in Types of Attack and Misuse, 1999–2012
Type of attack
Inside abuse of info
access
Virus
Theft of computing
devices
Unauthorized access
Denial of service
System penetration
Theft of proprietary
info
Telecom fraud
Financial fraud
Sabotage/degradation
of networks
Abuse of wireless network
Web site defacement
Trajon/Rootkit
None of the above
(yr/perc.)
(yr/perc.)
(yr/perc.) (Down/Up)
1999/99
2000/95
2005/50
2005/75
2012/55
2012/30
Down
Down
1999/70
2000/70
2002/40
2002/40
2005/50
2005/35
2005/35
2005/18
2012/33
2012/18
2012/15
2012/ 9
Down
Down
Down
Down
2001/30
1999/18
2003/18
2005/10
2005/10
2005/ 4
2012/34
2012/ 4
2012/ 9
Up
Down
Down
2003/20
2005/ 2
2012/ 9
Up
2005/18
2004/ 5
N/A
N/A
2003/ 0
2005/ 3
N/A
N/A
2012/18
2012/ 6
2012/20
2012/35
Up
Down
Up
not enough info
Data Source: (1) CSI/FBI Computer Crime and Security Survey—http://i.cmpnet.com/gocsi/db_
area/pdfs/fbi/FBI2005.pdf. (2) CYBER CRIME & SECURITY SURVEY REPORT 2012, http:
//www.canberra.edu.au/cis/storage/Cyber%20Crime%20and%20Security%20Survey%20Report%
202012.pdf.
• Terrorists—where terrorists are starting to acquire skill to direct cyber
threats to individuals and increasingly critical national infrastructures.
8
Computer Network Security and Cyber Ethics
• Industrial spies and organized crime groups—with profit motivation,
international corporate spies and organized crime organizations are
slowly mounting cyber threats to individuals and critical national
infrastructures.
• Hacktivism—an old type of cybercrime that has not abetted with
changes in technology. In fact, hacktists have been presented, thanks
to new technologies, with new ways of increasing their political
activism. This legion of hackers includes individuals and groups.
• Hackers—like hactivists, are also as old as computer crimes themselves.
Efforts to Combat and Curtail Old and New
Cybercrimes
Against this background, efforts need to be and are being taken to protect
online data and information. Throughout this book, we are going to look at
methods, tools and best practices to combat these increasing and evolving
crimes. We summarize below, but we will detail in the coming chapters the
global efforts by governments, civil society and individuals that include:
• Security awareness. Data from PricewaterhouseCoopers (PwC)’s Breaches
Survey (ISBS) report (2012) shows that an organization with a quality enduser security awareness program is less likely to suffer a security breach.5 The
report further shows that security awareness through enterprise security policies is very effective. For example, data in the report show that organizations
with a clearly understood security policy are less likely to be breached.
• Formation of public-private partnerships. Public private partnerships
are going to bear good results. Some of these partnerships include:
0 The United Kingdom’s Cyber Crime Reduction Partnership (CCRP).
This effort is to provide a forum in which government, law enforcement,
industry and academia can regularly come together to tackle cybercrime
more than before.6 During National Cyber Security Awareness Month
2012, the U.S. Department of Homeland Security (DHS) and its partners
from the public and private sector highlighted the importance of protecting against cybercrime.7
0 DHS collaborates with financial and other critical infrastructure sectors
to improve network security. Additionally, DHS components, such as
the U.S. Secret Service and U.S. Immigrations and Customs Enforcement
(ICE), have special divisions dedicated to fighting cybercrime.
0 The FBI has …
Purchase answer to see full
attachment

How it works

1. Paste your instructions in the instructions box. You can also attach an instructions file
2. Select the writer category, deadline, education level and review the instructions 
3. Make a payment for the order to be assignment to a writer
4.  Download the paper after the writer uploads it 

Will the writer plagiarize my essay?

You will get a plagiarism-free paper and you can get an originality report upon request.

Is this service safe?

All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades