Chapter 1

Discuss and describe the basic commandments of computer ethics.

-Thou shall not use a comp to harm other people. If it is bad to steal and destroy other people’s books, it is equally bad to access and destroy their files.

-Thou shall not interfere with other people’s comp work. Comp viruses are small programs that disrupt other people’s comp work by destroying their files, or by simply displaying annoying messages. Generating and spreading comp viruses are unethical.

-Thou shall not snoop around in other people’s files. Reading other people’s e-mail messages is as bad as opening and reading their letters: This is invading their privacy. Obtaining one’s non-public files should be judged the same way as stealing their docs.

-Thou shall not use a comp to steal. Using a comp to break into the accounts of a company or a bank and transferring money should be judged the same way as robbery. It’s illegal and there are strict laws against it.

-Thou shall not use comp to bear false witness. Spreading false rumors about a person or false propaganda about historical events is wrong.

-Thou shall not use or copy software for which you have not paid. Software is an intellectual product. Obtaining illegal copies of copyrighted software is bad. There are laws against both.

-Thou shall not appropriate other people’s intellectual output. Copying somebody else’s program without proper authorization is software piracy and is unethical. Intellectual property is a form of ownership, and may be protected by copyright laws.

-Thou shall not use other people’s comp resources without authorization. You should not try to bypass authorization system that multi-user systems use user ids and passwords to enforce their memory and time locations, and to safeguard info.

-Thou shall think about the social consequences of the program you write. You have to think about program you write be used in a way that is harmful to society or not.

-Thou shall use a comp in ways that show consideration and respect. Just like public buses or banks, you have to queue or wait for your turn for using communications systems. You cannot be rude to other people.

Chapter 2

Be able to list the tips for safeguarding the privacy online.

-Your account is only as secure as its password.

-Look for the privacy policy of the online services you use.

-Check your browser’s cookie settings.

-Shop around.

-Assume that your online communications are not private unless you use encryption software.

-Be cautious of “start-up” software that registers you as a product user and makes an initial connection to the service for you.

-Note that public postings made on the Internet are often archived and saved for posterity. It is possible to search and discover the postings an individual has made to Usenet newsgroups.

-The “delete” command does not make your e-mail messages disappear.

-Your online biography, if you create one, may be searched system-wide or remotely “fingered” by anyone.

-If you publish info on a personal web page, note that others may collect your personal privacy.

-Be aware of the possible social dangers of being online: harassment, stalking, emotional verbal attacks, or spamming.

-If your children are online users, teach them about proper online privacy behavior for avoiding revealing info.

-Use only secure web sites when you transit sensitive personal info over the Internet.

-Be aware that online activities leave electronic footprints for others to see.

Be able to discuss the ways to protect the privacy online.

Be able to differentiate cookies and web bugs.

-Cookies:

+When you surf the web, many web sites deposit data about your visit, called cookies, on your hard drive.

+When you return to that site, the cookies data will reveal that you’ve been there before.

+Most cookies are used only by the web site that placed it on your comp. But some, called third-party cookies, communicate data about you to an ads clearinghouse, which in turn shares that data with other online marketers.

+Your web browser and some software products enable you to detect and delete cookies, including third-party cookies.

-Web bugs:

+Is a graphic in a web site or an enhanced e-mail message that enables a third party to monitor who is reading the page or message.

+The graphic may be a standard size image that is easily seen, or a nearly invisible one-pixel graphic.

-E-mail messages that include graphic displays like web sites are known as enhanced messages, also called stylized or HTML e-mail.

+Can confirm when the message or web page is viewed and record the IP address of the viewer.

Chapter 3

Students should be able to define and describe an intellectual property right.

-These laws encompass/include four separate and distinct types of intangible property – namely, patents, trademarks, copyrights, and trade secrets, which collectively are referred to as intellectual property.

-Shares many of the characteristics associated with real and personal property.

-Intellectual property owner has the right to prevent the unauthorized use or sale of the property.

-Is intangible that cannot be defined or identified by its own physical parameters.

-Must be expressed in some discernible way to be protectable.

Must be able to define and differentiate patents, trademark and copyright.

-Patents are provided for any invention, either a product or a process for creating a product, “provided that they are new, involve an inventive step, and are capable of industrial app.’ In other words, to be patentable, an invention must be novel, useful, and non-obvious.

-Trademarks and service marks are primarily intended to indicate the source o goods and services and to distinguish the trademarked goods and services from others. They also symbolize the quality of the goods or services with they are used. Most trademarks and service marks are words, even symbols, logos, sounds, designs to distinguish one product or service from another.

-Copyright is an exclusive right to reproduce an original work of authorship fixed in any tangible medium of expression, to prepare derivative works based upon the original work, and to perform or display the work in the case of musical, dramatic, choreographic, and sculptural works. Copyright protection does not extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form  in which it is described, explained, or embodied.

Chapter 4

To understand and define computer crime.

-Comp crime, sometimes referred to as cyber crime, is becoming the biggest challenge to the modern societies. In the developed countries the biggest challenge that face law enforcement is the crimes committed using comp technology.

-Can be divided into two categories:

+Crimes in which comp is used as a tool to aid criminal activity such as producing false identifications, reproducing copyright materials, ad many other things.

+Crimes in which comp is used as a target, ad probably a tool, to attack organizations in order to steal or damage info, steal credit card numbers, and many other activities.

To give some examples of computer crimes and describe each. (Cyber-squatting, Cross site scripting, cyber-talking, identity theft and so on.)

-Cyber-squatting:

+generally, means registering, trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else.

+refers to the practice of buying up domain names reflecting the names of existing businesses, intending to sell the names for a profit back to the businesses when they go to put up their websites.

-Cross site scripting: (also known as XSS)

+occurs when a web app gathers malicious data from a user. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. It poses server app risks that include:

+Users can unknowingly execute malicious scripts when viewing dynamically generated pages based on content provided by an attacker.

+An attacker can take over the user session before the user’s session cookies expires.

+An attacker who can convince a user to access a URL

-Cyber-stalking:

+Is used to refer to the use of the Internet, e-mail, or other electronic communications devices to stalk/go after another person.

+Stalking generally involves harassing or threatening behavior such as following a person, appearing at a person’s home or place of business, making harassing phone calls, leaving written messages.

-Identity theft:

+Is a crime in which an imposter obtains key pieces of personal info in order to impersonate someone else.

+Info can be used to obtain credit, merchandise, and services in the name of the victim, or to provide the thief with false credentials.

+To prevent identity theft, experts recommend that you regularly check your credit report with major credit bureaus.

-Page jacking and mousse trapping:

+Page jacking is a scam that utilizes the technologies of the Internet to deceptively generate traffic to a web site.

+With mouse trapping, a web site operator adds JavaScripts to the pages when you enter a website and it appears impossible to leave such as every time a window is closed another one opens or the browser controls to lose a window are removed.

-Hacking:

+Is a state of mind.

+Generally, is seen in the context of comps.

+Means illegally accessing other people’s comp systems for destroying, disrupting or carrying out illegal activities on the network or comp systems.

To be able give some scenario where computer crime exist.

Chapter 5

The students should be able to define a computer crime.

To understand and explain Trojan horses attacks and Logical bombs.

-Trojan horse attacks are accomplished by inserting malicious code into other people’s programs. Trojan horse programs may be used by criminals to commit fraud, embezzlement, sabotage and espionage.

-A logic bomb is comp instruction that codes for a malicious act when certain criteria are met, such as a specified time in a comp’s internal clock or a particular action, such as deletion of a program or file.

To discuss the minimal ways to avoid obtaining malicious programs.

There are a number o ways to minimize potential for obtaining malicious programs:

-Individual actions:

+Never accept disks or programs without checking them first

+Never use software or demos with doubtful origins

+If you lend a disk to anyone, check it when you get it back

+Never boot your machine with a disk in the disk drive

+Always scan any program or document download onto your machine

+Keep your anti-virus software up to date on a regular basis

+Be aware or cookies, files which are automatically transferred to users comps when they visit particular website.

-Network/School actions:

+Schools need to use anti-virus software programs and pre-set network OS software

+Schools need to clearly establish acceptable use policies

+Schools may want to consider purchasing comps which lack floppy drivers

-Other terms:

+Vaccine of disinfectant: A program that searches for viruses and notifies the user that a form of virus has been detected in the system.

+Worm: tends to exist in memory and are not permanent, whereas viruses tend to reside on disk where they are permanent or where they are permanent until eradicated.

+Tempest: A term that refers to the electronic emissions that comps generate as they work.

Chapter 8

Discuss the ways to protect a computer network (security policy).

Able to discuss the process of security.

-Security is a direction you can travel in, but you’ll never actually arrive at the destination.

-Another important aspect of security is that it’s not static.

-Thus, security is a process. You can apply the process again and again to your network and the organization that maintains it, and by doing so, you will improve the security of the systems.

-The security process consists of the following steps:

+Analyze the problem you face based on everything you know

+Synthesize a solution to it, based on your analysis

+Evaluate the solution and learn where it did not live up to your expectations

-And then start the loop all over again and again and again. Process of security expands on this endless loop and adds a few twists of its own.

Explain the purpose of a security policy.

-A security policy serves several purposes:

+describes what is being protected and why

+sets priorities about what must be protected first and at what cost

+allows an explicit agreement to be made with various parts of the organization regarding the value of security

+provides the security department with a valid reason to say no when that is needed

+provides the security department with the authority to back up the no

+prevents the security department from acting frivolously.

Chapter 9

Understand the ways or qualities to defend a network against possible attackers.

Anything can be broken into, if the attackers have sufficient skill, motivation, and opportunity. To reduce the number of attackers, there are some qualities required:

-Skill: you can defend against the skill level of attackers in two ways:

+General skill level: is the skill and knowledge required of an attacker of any network.

+Custom skill level: is the skill in and knowledge of your specific network.

-Motivation: in a network that demands a high motivation level of an attacker, the attacker must be extraordinarily persistent in order to succeed in a penetration.

-Satisfaction: A network is satisfying to break into if it yields after an interesting struggle. A network penetration is unsatisfying if the struggle is uninteresting and the amount of gain is very little. A well-designed security system will always be satisfying to penetrate, but by changing the rules and allowing the attacker very little gain from any single penetration, and making the probability of detection very high.

-Tenacity: our goal is to require the attacker a great deal of patience to get anywhere. And the amount of work done per unit time has also to be minimized, so they not only have to wait but also have to waste a great deal of their own time to get anywhere.

-Ego: an attacker can be especially motivated if his or her ego is involved. A defense that is as boring and impersonal as possible is less likely to engage an attacker.

-Opportunity: presented to the attacker should be as few as possible. An opportunity is a means of access into your network that can be operated and perhaps abused by the attacker. Below are some general ways to minimize opportunity:

+Parsimony: your systems should offer minimum number of opportunities to the attacker as possible.

+Justifiability: An outside access opportunity must be present for a very good reason or not present at all.

+Completeness: any service available on your network should be fully up to date with all known bug-fixes, patches, and security modifications.

+Awareness: the network should monitor itself and be aware of any attempt to violate policy, it should also be able to notify the proper people about such as problem.

+Robustness: any limitation of services applied to a part of your network should be replicated throughout the entire network.

Chapter 11

Must be able to discuss the ways of protecting a system from possible attackers.

The idea of holding a training game is not a new one and is mean of policy design and testing. A war game is a valuable exercise at several levels:

-It exercises your existing policies and procedures

-It helps to point out where your policies and procedures fall short

-It familiarizes your staff with your policies and procedures at an applied rather than an intellectual level

-It familiarizes your staff with the tools at their disposal and the systems that they are protecting in conditions that mimic very closely an actual security problem.

The defense that keep attacks from happening are important, but one must assume that one day, an alarm will go off and one will need to react quickly and correctly to protect one’s network. A war game allows one to practice one’s request and to test and improve them so that the situation can be focused on rather than having to invent policy in real time.

Condition: Cold: normal state of affairs; no threats detected

+Transition To Warm: is declared when either (a) a significant attack is in progress or (b) evidence indicates that an attack may have gotten past the outer defense perimeter

+Transition To Hot: is declared when it is immediately apparent that a major penetration has occurred and rapid response is required

Condition: Warm: an attack is in progress or unconfirmed evidence of a penetration has been discovered.

+Transition To Cold: is declared when it has been confirmed that the triggering condition for elation to warm was in error

+Transition To Hot: is declared when sufficient evidence of an attack has been accumulated

Condition: Hot: a serious attack is in progress and/or a penetration has been confirmed

+Transition To Cool-down: is declared when all parties agree that the incident has been contained and sufficient damage control work has been accomplished so that no reoccurrence is likely

Condition: Cool-down: a major security incident has occurred and is now believed to be under control

+Transition to Cold: is declared when all action items relating to the incident have been completed

+Transition to Hot: is declared when an indication that the transition to Cool-down was premature or in error.

Chapter 12

Explain the concepts of a clean room and to be able to illustrate the clean room template.

The desired characteristics of a facility are as follows:

-Which is not connected to the organization’s network

-Which has sufficient equipment and tools to allow the team to work on the problem

-Which can allow several people to work concurrently

-Which will not interfere with or be disturbed by other activities in your organization

-Which cannot be tampered with if the attacker is a member of your organization