Security on the Internet

User Generated

qvfthvfr

Programming

Description

Write a two- to three-page critical essay dealing with the following questions.

  1. What are the security and privacy risks and vulnerabilities encountered in using the Internet?
  2. List specific, common attack strategies and describe how they work. Describe their effects and/or consequences on the security and privacy of both individual users and organizations. Cite specific examples, and show how the damage can be mitigated or avoided (if possible).

Discuss and cite at least one additional, credible or scholarly source other than the course textbooks to support your analysis and positions. Use University academic writing standards and APA style guidelines, citing references as appropriate. Your paper should be two to three pages in length.

You are strongly encouraged to submit all assignments to the Turnitin Originality Check prior to submitting them to your instructor for grading.


Textbook:

Kizza, J. (2014). Computer network security and cyber ethics (4th ed.). McFarland. ISBN: 9780786493920

Unformatted Attachment Preview

Computer Network Security and Cyber Ethics FOURTH EDITION This page intentionally left blank Computer Network Security and Cyber Ethics FOURTH EDITION Joseph Migga Kizza McFarland & Company, Inc., Publishers Jefferson, North Carolina ISBN 978-0-7864-9392-0 (softcover : acid free paper) ISBN 978-1-4766-1560-8 (ebook) LIBRARY OF CONGRESS BRITISH LIBRARY ♾ CATALOGUING DATA ARE AVAILABLE CATALOGUING DATA ARE AVAILABLE © 2014 Joseph Migga Kizza. All rights reserved No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying or recording, or by any information storage and retrieval system, without permission in writing from the publisher. Front cover: Firewall lock on mainboard (© iStock/Thinkstock) Manufactured in the United States of America McFarland & Company, Inc., Publishers Box 611, Jefferson, North Carolina 28640 www.mcfarlandpub.com Celebrating what is good within us all. Keep the fire burning! This page intentionally left blank Acknowledgments I am very grateful to all colleagues for the ideas, suggestions, and criticisms they freely gave to me. I am indebted to my daughters, Josephine and Florence, and to my dear wife, Omumbejja Immaculate, for her input and support. She was instrumental in many ways. Finally, to all those who, in one way or another, contributed to this project, but whose names do not appear, thanks! vii This page intentionally left blank Contents Acknowledgments vii Preface 1 1. The Changing Landscape of Cybercrime 3 2. Morality 11 3. Ethics 17 4. Morality, Technology and Value 24 5. Cyberspace Infrastructure 32 6. Anatomy of the Problem 60 7. Enterprise Security 82 8. Information Security Protocols and Best Practices 123 9. Security and Privacy in Online Social Networks 161 10. Security in Mobile Systems 171 11. Security in the Cloud 183 12. Security and Compliance 198 Appendix: Questions for Classroom Use 209 Chapter Notes 215 Bibliography 221 Index 225 ix This page intentionally left blank Preface Since the publication of the third edition of this book in 2011, a lot has changed. Dramatic advances in mobile technology have resulted in the unprecedented growth of social networks. This fast-changing technology landscape has forced me to make considerable changes to the contents of the book to bring my faithful readers and students of information technology up to date. We have updated most of the contents in a good number of chapters, added chapters with new contents and removed chapters with outdated content. With all these alterations, additions and removals, we have kept the core theme of the text the same but brought new light, and new discussion points, to the table. Although the book has been in production since 2002, when it was selected as a Choice Outstanding Academic Title, the core theme of the book has endured. This is a testimony not only to the quality of the book but also to the persistence and growing relevancy of the issues discussed. The growing relevancy of the issues in the book have confirmed and solidified my belief over the years that the security of cyberspace, as it evolves and engulfs all of us, is and will always be based on secure, reliable software and hardware protocols and best practices and a strong ethical framework for all its users. If a morally astute and ethically trained user is missing from the equation, cyberspace will never be secure and, therefore, the information infrastructure we have come to depend on so much will likewise never be secure. We focus on these core issues throughout the book. Because of the central role of this ethical framework, we devote the first four chapters to morality, ethics, and technology and value. In these, we demonstrate the central role of morality and ethics in the decision-making process of an information professional, and indeed all humans handling information technology. We also discuss in depth the value that technology adds and the role it plays in our deliberations before we make decisions. We ponder the question of whether technology makes decisions for us or whether we depend on and use it to make wise decisions of our own. 1 2 Preface In all, the security of information in general and of computer networks in particular, on which our national critical infrastructure and, indeed, our lives is increasingly depending, is based squarely on the individuals who build the hardware and design and develop the software that run the networks that store our vital information. To address security issues in the rapidly changing technology and in the growing ecosystem of online social networks, we have added two new chapters, “Security in Mobile Systems” and “Security in the Cloud.” To continue the discussion of the ever-changing nature of security protocols and best practices, we have reworked and kept Chapter 8 as “Information Security Protocols and Best Practices.” The last chapter has been updated and renamed “Security and Compliance” to update the debate in the changing business information security landscape. Although we seem to be making efforts toward mitigating computer security incidents, the progress we are achieving seems insignificant. Indeed, data from incident reporting centers shows no let-up in activity from the time of this book’s first edition to today. In fact, data shows that digital crime incidents are mutating, unrelenting, always on the rise, which begs the question—are we doing the right thing? Maybe not. After more than 10 years of efforts to rein in the growing and indeed mutating information infrastructure security problems, we still do not seem to be doing the right thing. Maybe we need to change course. The rise in such incidents has been and still is an indication of the poor state of our cyberspace infrastructure security policies and the vulnerability of all cyberspace resources. We have been pointing out over the years that we are yet not doing enough. Toward this end, several private and public initiatives and partnerships have been have been established and are discussed throughout the book. Finally, as has been the case in the last three editions, we are still keeping the fire burning, for public awareness of the magnitude of cyber security and cybercrimes, the weaknesses and loopholes inherent in the cyberspace infrastructure, and the ways to protect ourselves and our society. We also must have more debate on the need for a strong ethical framework as a way to safeguard cyberspace. Chapter 1 The Changing Landscape of Cybercrime LEARNING OBJECTIVES : After reading this chapter, the reader should be able to: • Describe trends in computer crimes and protection against viruses and other cybercrimes. • Discuss the history of computer crimes. • Describe several different cyber-attacker approaches and motivations. • Identify the professional’s role in security and the tradeoffs involved. In the last two decades, we have witnessed the rapid growth of the Internet, mobile technology and the correspondingly rapid growth of online crimes, or cybercrimes. With this growth, there has been a spike in the rate of cybercrimes committed over the Internet. This has resulted into some people condemning the Internet and partner technologies as responsible for creating new crimes and the root causes of these crimes. However, there is hardly any new crime resulting from these new technologies. What has changed, as a result of these new technologies, is the enabling environment. Technology is helping in the initiation and propagation of most known crimes. As we get rapid changes in technological advances, we are correspondingly witnessing waves of cybercrimes evolving. Figure 1.1 shows the changing nature of the cybercrime landscape since 1980. The period before 1980 was an experimental period. Then, the Internet was new and required sophisticated and specialized knowledge that very few people back then had. There was very little valuable information and data stored in online databases as there is today, and there were no free online hacking tools available. If one wanted to hack, one had to develop the tools to do the job— a daunting task that required expertise. The easiest way to do it was to join hacking groups. Ganglike groups like the Legions of Doom, the Chaos Computer 3 4 Computer Network Security and Cyber Ethics Figure 1.1 The Changing Nature of Cybercrimes Club, NuPrometheus League, and the Atlanta Three were formed. Most of these groups were led by notorious individuals like Kevin Mitnick (“The Condor”), Ian Murphy (“Captain Zap”), and Patrick K. Kroupa (“Lord Digital”). At the tail end of the 1980s, computers had become smaller. The personal computer (PC) had been introduced and was becoming very successful. Businesses were buying these computers at a rapid pace. Schools of varying standards were opening up and filling with students interested in becoming computer programmers. More computers started getting into the hands of young people through their schools, libraries, and homes as it was becoming more and more possible for affluent families to afford a home PC. Curious young people got involved with the new tools in large numbers. As their numbers rose, so did cybercrimes. A profile of a cyber criminal soon emerged—a privately schooled, suburban, highly intelligent, soccer-playing but lonely wolf in thrill- seeking escapades that would lead to bragging rights. We called them computer whiz kids. Their operations were more or less predictable and, with exception of a few cases, there was a complete lack of organizational structure, something that is significantly noticeable in later generations of attacks. These whiz kids led the second generation of cybercrimes. The second generation of cybercrimes probably started at the tail end of the first generation, around 1990, and lasted through 2000. This period was characterized by serious, often devastating, and widespread virus attacks on 1—The Changing Landscape of Cybercrime 5 global computer networks. This period saw an unprecedented growth in computer networks around the globe. These interconnected and interdependent networks became a very good conduit for these virus attacks. As the world became a mesh of thousands of interdependent computer networks, more individuals, businesses, organizations, and nations became more dependent on them. Because of this high dependence, which continues, the mere mention of a virus attack, whether real or not, caused panic in company boardrooms, classrooms, and family living rooms. The sources of these attacks (mostly viruses) were often the whiz kids of the 1980s. The period experienced monstrous attacks including “Melissa,” “The Goodtimes,” “Distributed Denial of Service,” “Love Bug,” and “Code Red,” to name a few. The inputs fuelling the rise and destructive power of the attacks were the large volume of free hacker tools available on the Internet, the widespread use of computers in homes, organizations and businesses, large numbers of young people growing up with computers in their bedrooms, the growing interest in computers, the anonymity of users of the Internet, and the ever-growing dependence on computers and computer networks. All these put together contributed to the wild, wild cyberspace of the 1990s. The third generation of cybercrimes began around the turn of the century. As the Computer Science Institute and Federal Bureau of Investigation’s (CSI/ FBI) 2005 survey results indicate, virus attacks continued as the source of the greatest financial losses. Closely behind viruses were unauthorized access, which showed a dramatic cost increase and replaced denial of service as the second most significant contributor to computer crime losses during that period, unauthorized use of computer systems, and Web site incidents in that order.1 Overall, the period saw a gradual move away from the huge devastating virus attacks released by lonely wolves who expected no reward beyond proof of their prowess and the corresponding infamous notoriety. This period was, so far, characterized by small, less powerful, sometimes specialized but selective and targeted attacks. The targets were preselected to maximize personal gains, usually financial. Attacks so far in this period were overwhelmingly targeted at financial institutions. The list of victims was long and included the following examples: • In February 2005, Bank of America Corp. reported computer tapes containing credit card records of U.S. senators and more than a million U.S. government employees went missing, putting customers at increased risk of identity theft. • In February 2005, ChoicePoint Inc., a Georgia-based credit reporting company, had a breach of its computer databases, rendering nearly 145,000 people vulnerable to identity theft. 6 Computer Network Security and Cyber Ethics • In April 2005, data wholesaler LexisNexis, a division of Reed Elsevier, admitted having personal information from about 310,000 customers stolen. Because of strict reporting laws in California, more and more companies and institutions were reporting losses of personal accounts. Among the companies and institutions were PayMaxx, health care heavyweight San Jose Medical Group, California State University at Chico, Boston College, and the University of California at Berkeley.2 These made headlines, but many more did not. A decade later since the beginning of the thrird generation, around 2010, probably the fourth generation started. This was driven by a dramatic change in communication technologies and the nature of the information infrastructure. First, there is a fast rate of convergence of computing and telecommunication coming a lot earlier than has been predicted. Second, there is a developing trend in computing and communication devices’ miniaturization, leading us faster to the long-awaited and often talked-about ubiquitous computing driven by faster, more powerful machines and with a rich application repertoire that makes the technology of a decade earlier look prehistoric. The result of these combined forces are the exceptionally fast growing infrastructure of social networks that are leading us into a new unplanned, unpredictable, and more threatening computing environment. This changing nature of information technology against the changing background of user demographics is creating a dynamic mosaic of security threats and problems. Plenty of IT administrators are tossing and turning at night over the security risks that may threaten their servers, networks and client computers. According to the 2010 survey of 353 network administrators conducted by Amplitude Research on behalf of VanDyk Software (2010) and the Australian Cyber Crime and Security Survey Report 2012,3 historically and traditionally leading threats are no longer in the lead as indicated in Tables 1.1 and 1.2. Most traditional cybercrimes witnessed in the previous two generations are in decline. This can be attributed to the continuously changing landscape of cybercrimes. Currently there are two major trends in this generation of cyber attacks. First, the cyber criminals are organizing themselves more into criminal enterprise cartels, and two, we are seeing more state-sponsored hacking activities than ever before. This seems to be a more troubling trend. New threats, according to the U.S. Department of Homeland Security’s ICS-CERT, include4: • National governments—where we see government-sponsored programs developing capabilities with the future prospect of causing widespread, long-duration damage to critical national infrastructures of adversarial nations. 1—The Changing Landscape of Cybercrime 7 Table 1.1 Changing System Threat Landscape, 2010 Threat Management Technique Securing remote access Keeping virus definitions up to date Patching systems Monitoring intrusions Secure file transfer Network use monitoring User awareness Password management Managing logs Replacing non-secure protocols Percentage of Admins Who Identified 52 44 36 33 30 28 26 16 11 11 Data Source: http://www.channelinsider.com/c/a/Security/10-Security-Risks-That-Keep-Customers-Up-at-Night–893339/ Table 1.2 Change in Types of Attack and Misuse, 1999–2012 Type of attack Inside abuse of info access Virus Theft of computing devices Unauthorized access Denial of service System penetration Theft of proprietary info Telecom fraud Financial fraud Sabotage/degradation of networks Abuse of wireless network Web site defacement Trajon/Rootkit None of the above (yr/perc.) (yr/perc.) (yr/perc.) (Down/Up) 1999/99 2000/95 2005/50 2005/75 2012/55 2012/30 Down Down 1999/70 2000/70 2002/40 2002/40 2005/50 2005/35 2005/35 2005/18 2012/33 2012/18 2012/15 2012/ 9 Down Down Down Down 2001/30 1999/18 2003/18 2005/10 2005/10 2005/ 4 2012/34 2012/ 4 2012/ 9 Up Down Down 2003/20 2005/ 2 2012/ 9 Up 2005/18 2004/ 5 N/A N/A 2003/ 0 2005/ 3 N/A N/A 2012/18 2012/ 6 2012/20 2012/35 Up Down Up not enough info Data Source: (1) CSI/FBI Computer Crime and Security Survey—http://i.cmpnet.com/gocsi/db_ area/pdfs/fbi/FBI2005.pdf. (2) CYBER CRIME & SECURITY SURVEY REPORT 2012, http: //www.canberra.edu.au/cis/storage/Cyber%20Crime%20and%20Security%20Survey%20Report% 202012.pdf. • Terrorists—where terrorists are starting to acquire skill to direct cyber threats to individuals and increasingly critical national infrastructures. 8 Computer Network Security and Cyber Ethics • Industrial spies and organized crime groups—with profit motivation, international corporate spies and organized crime organizations are slowly mounting cyber threats to individuals and critical national infrastructures. • Hacktivism—an old type of cybercrime that has not abetted with changes in technology. In fact, hacktists have been presented, thanks to new technologies, with new ways of increasing their political activism. This legion of hackers includes individuals and groups. • Hackers—like hactivists, are also as old as computer crimes themselves. Efforts to Combat and Curtail Old and New Cybercrimes Against this background, efforts need to be and are being taken to protect online data and information. Throughout this book, we are going to look at methods, tools and best practices to combat these increasing and evolving crimes. We summarize below, but we will detail in the coming chapters the global efforts by governments, civil society and individuals that include: • Security awareness. Data from PricewaterhouseCoopers (PwC)’s Breaches Survey (ISBS) report (2012) shows that an organization with a quality enduser security awareness program is less likely to suffer a security breach.5 The report further shows that security awareness through enterprise security policies is very effective. For example, data in the report show that organizations with a clearly understood security policy are less likely to be breached. • Formation of public-private partnerships. Public private partnerships are going to bear good results. Some of these partnerships include: 0 The United Kingdom’s Cyber Crime Reduction Partnership (CCRP). This effort is to provide a forum in which government, law enforcement, industry and academia can regularly come together to tackle cybercrime more than before.6 During National Cyber Security Awareness Month 2012, the U.S. Department of Homeland Security (DHS) and its partners from the public and private sector highlighted the importance of protecting against cybercrime.7 0 DHS collaborates with financial and other critical infrastructure sectors to improve network security. Additionally, DHS components, such as the U.S. Secret Service and U.S. Immigrations and Customs Enforcement (ICE), have special divisions dedicated to fighting cybercrime. 0 The FBI has the following cybercrime partnerships and initiatives8: ■ National Cyber Investigative Joint Task Force—as the focal point for 1—The Changing Landscape of Cybercrime 9 all U.S. government agencies to coordinate, integrate, and share information related to all domestic cyber threat investigations. ■ Cyber Task Forces (CTF)—a group of all key law enforcement agencies in all 56 field offices at the state and local levels. ■ InfraGard: Protecting Infrastructure—an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the FBI and the private sector. ■ National Cyber-Forensics & Training Alliance—an early-warning system based on the exchange of strategic and threat among members. ■ Strategic Alliance Cyber Crime Working Group—a global alliance of law enforcement community sharing and steadily building operational partnerships for joint investigations of cybercrimes. ■ Cyber Action Teams—small but highly trained teams of FBI agents, analysts, and computer forensics and malicious code experts who travel around the world on a moment’s notice to respond to cyber intrusions. • Setting up publicly funded agencies to go after cyber criminals. Representative examples include: 0 The Secret Service maintains Electronic Crimes Task Forces (ECTFs), which focus on identifying and locating international cyber criminals connected to cyber intrusions, bank fraud, data breaches, and other computer-related crimes. The Secret Service’s Cyber Intelligence Section has directly contributed to the arrest of transnational cyber criminals responsible for the theft of hundreds of millions of credit card numbers and the loss of approximately $600 million to financial and retail institutions. The Secret Service also runs the National Computer Forensic Institute, which provides law enforcement officers, prosecutors, and judges with cyber training and information to combat cybercrime. 0 ICE’s Cyber Crimes Center (C3) works to prevent cybercrime and solve cyber incidents. From the C3 Cyber Crime Section, ICE identifies sources for fraudulent identity and immigration documents on the Internet. C3’s Child Exploitation Section investigates large-scale producers and distributors of child pornography, as well as individuals who travel abroad for the purpose of engaging in sex with minors. • Security Information Sharing Partnership (CSISP) with long-term plans to establish a National Computer Emergency Response Team (CERT). These CERT teams are now in several countries including the United States, Australia, the United Kingdom and others. • In addition to sustained awareness programs, legislation is also beginning to pay off. In the CSI Computer Crime and Security Survey 2009, in which 10 Computer Network Security and Cyber Ethics responses were from 443 information security and information technology professionals in United States corporations, government agencies, financial institutions, educational institutions, medical institutions and other organizations, respondents generally said that regulatory compliance efforts have had a positive effect on their organization’s security programs. • You and I. Cybersecurity is a shared responsibility, and each of us has a role to play in making it safer, more secure and resilient. Although investment in public awareness, especially through moral and ethical education, is long-term, these are encouraging signs that there might be light at the end of the tunnel if we intensify our training programs. So, we need to concurrently educate the user as well as develop security tools and best practices as we look for the essential solutions to the ills of cyberspace. We focus on them in the rest of the book and we begin by looking at morality and ethics. Chapter 2 Morality LEARNING OBJECTIVES : After reading this chapter, the reader should be able to: • Understand how to make sound moral reasoning. • Discuss moral values and ideals in a person’s life. • Understand the relationship between morality and religion. • Understand what it means to have moral principles, the nature of conscience, and the relationship between morality and self-interest. Human beings do not live randomly. We follow a complex script, a life script, a script based on cultural, religious, and philosophical concepts and beliefs. Using the guidelines in that script, individuals then determine whether their actions are right or wrong. The concepts and beliefs making up the guidelines are formulated, generalized, and codified by individual cultures or groups over long periods of time. The main purpose of such guidelines is to regulate the behavior of the members of that culture or group to create happiness for all members of the culture or group. We define the concept of morality as the conformity to such guidelines. Morality Morality is a set of rules of right conduct, a system used to modify and regulate our behavior. It is a quality system by which we judge human acts right or wrong, good or bad. This system creates moral persons who possess virtues like love for others, compassion, and a desire for justice; thus, it builds character traits in people. Morality is a lived set of shared rules, principles, and duties, independent from religion which is practiced, applicable to all in a group or society, and having no reference to the will or power of any one 11 12 Computer Network Security and Cyber Ethics individual whatever his or her status in that group or society. Every time we interact in a society or group, we act the moral subscript. Because morality is territorial and culturally based, as long as we live in a society, we are bound to live the society’s moral script. The actions of individuals in a society only have moral values if taken within the context of this very society and the culture of the individual. Although moral values are generally lived and shared values in a society, the degree of living and sharing of these values varies greatly. We may agree more on values like truth, justice, and loyalty than on others. A number of factors influence the context of morality, including time and place. Moral Theories If morality is a set of shared values among people in a specific society, why do we have to worry about justifying those values to people who are not members of that society? To justify an action or a principle requires showing good reason for its existence and why there are no better alternatives. Justifying morality is not a simple thing since morality, by its own definition, is not simply justifiable especially to an outsider. Moral reasons require more justification than social reasons because moral reasons are much stronger than aesthetic ones; for example, murder is not immoral just because most people find it revolting; it is much more than that. To justify more reasons, therefore, we need something strong and plausible to anchor our reasoning on. That something cannot be religion, for example, because one’s religion is not everyone’s religion. We need something that demonstrates that the balance of good in an action is favorable to other people, not only to one’s interests and desires. Moral theories do satisfy this purpose. According to Chris MacDonald, moral theories “seek to introduce a degree of rationality and rigor into our moral deliberations.”1 They give our deliberations plausibility and help us better understand those values and the contradictions therein. Because many philosophers and others use the words moral and ethical synonymously, we delay the discussion of moral theories until we discuss ethics. Moral Codes For one to be morally good, one must practice the qualities of being good. To live these qualities, one must practice and live within the guidelines of these qualities. These guidelines are moral codes. The Internet Encyclopedia of Philosophy defines moral codes as rules or norms within a group for what is proper 2—Morality 13 behavior for the members of that group.2 The norm itself is a rule, standard, or measure for us to compare something else whose qualities we doubt. In a way, moral codes are shared behavioral patterns of a group. These patterns have been with us since the first human beings inhabited the Earth and have evolved mainly for survival of the group or society. Societies and cultures survive and thrive because of the moral code they observe. Societies and cultures throughout history like the once mighty Babylonians, Romans, and Byzantines probably failed because their codes failed to cope with the changing times. We have established that morality and cultures are different in different societies. This does not, however, exclude the existence of the commonality of humanity with timeless moral code. These codes are many and they come in different forms including: • The Golden Rule: “Do unto others as you would have them do unto you.” • The Bronze Rule: “Repay kindness with kindness.” This rule is widely observed because of its many varying interpretations. There is a commonality of good in these rules which equate to Carl Sagan’s culture-free and timeless universal set of moral codes3: • • • • • Be friendly at first meeting. Do not envy. Be generous; forgive your enemy if he or she forgives you. Be neither a tyrant nor a patsy. Retaliate proportionately to an intentional injury (within the constraints of the rule of the law). • Make your behavior fairly (although not perfectly) clear and consistent. The purpose of moral codes in a society is to exert control over the actions of the society’s members that result from emotions. Observance of moral codes in most societies is almost involuntary mostly because members of such societies grow up with these codes so they tend to follow them religiously without question. In some societies, observance is enforced through superstition, and in others through folklore and custom. The Need for a Moral Code When you ask people what kind of life they like most, the most popular answer is always going to be a life full of freedoms. They want to be free. Democratic societies always claim to be free. The citizens have freedom. When you 14 Computer Network Security and Cyber Ethics ask anyone what they mean by freedom, they will say that freedom is doing what they want to do, when they want to do it, and in the way that they want to do it. What they are actually talking about is a life without restraints. But can we live in a society where an individual can do anything that he or she wants? Popular culture dictates this kind of freedom. One would therefore say that in a world or society like this, where everyone enjoys full freedoms, there would be anarchy. Well, not so. God created humans, probably the only creatures on earth who can reason. God endowed us with the capacity to reason, to create guidelines for life so that everyone can enjoy freedom with reason. Freedom with reason is the bedrock of morality. True, morality cannot exist without freedom. Because humans have the capacity to reason, they can attain the freedom they want by keeping a moral code. The moral code, therefore, is essential for humanity to attain and keep the freedoms humans need. By neglecting the moral code in search of more freedoms, human beings can lose the essential freedoms they need to live. Lee Bohannon calls it a moral paradox: by wrongly using your freedom, you lose your freedom.4 Humanity must realize the need for freedom within reasonable restraints—with the moral code, because without the code, absolute freedoms result in no freedom at all. Moral Standards A moral standard is a moral norm, a standard to which we compare human actions to determine their goodness or badness. This standard guides and enforces policy. Morality is a system that, in addition to setting standards of virtuous conduct for people, also consists of mechanisms to self-regulate through enforcement of the moral code and to self-judge through guilt, which is an internal discomfort resulting from disappointment self-mediated by conscience. Guilt and Conscience Moral guilt is a result of self-judging and punishing oneself for not living up to the moral standards set for oneself or for the group. If individuals judge that they have not done “good” according to moral standards, they activate the guilt response, which usually makes them feel bad, hide their actions from both self and others, and find a fitting punishment for themselves, sometimes a very severe punishment. This internal judgment system is brought about because human beings have no sure way of telling whether an action is good or bad based independently on their own standards. Individual standards are 2—Morality 15 usually judged based on group standards. So individuals judge themselves based on group standards, and self-judgment sets in whenever one’s actions fall short of the group’s standards. The problem with guilt is that it can be cumulative. If individuals commit acts repeatedly that they judge to be below moral standards, they tend to become more and more withdrawn. This isolation often leads individuals to become more comfortable with the guilt. As they become comfortable living with the guilt, their previous actions, which were previously judged below standards, begin to look not so bad after all. Individuals become more and more complacent about the guilt and begin to look at the whole moral system as amoral. Guilt can be eased by encouraging people to focus on the intentions behind the actions. Sometimes the intentions may be good but the resulting action is bad. In such a case the individual should not feel so guilty about the action. Besides looking for intent, one should also have the will and ability to forgive oneself. Self-forgiveness limits the cumulative nature of guilt and hence helps an individual to keep within the group. Our moral code, and many times the law, lay out the general principles that we ought not do because it is wrong to do it. The law also tells us not to do this or that because it is illegal to do so. However, both systems do not specifically tell us whether a particular human action is an immoral or illegal act. The link must be made by the individual—a self-realization. It is this inner judgment that tells us if the act just committed is right or wrong, lawful or unlawful. This inner judgment is what we call conscience. Additionally, conscience is the capacity and ability to judge our actions ourselves based on what we set as our moral standards. The word conscience comes from the Latin word conscientia which means knowing with. It is an “inner voice” telling us what to do or not to do. This kind of self-judgment is based on the responsibility and control we have over our actions. Conscience is motivated by good feelings within us such as pride, compassion, empathy, love, and personal identification. Conscience evolves as individuals grow. The childhood conscience is far different from the adult conscience because the perception of evil evolves with age. The benefits of conscience are that the actions taken with good conscience, even if the results are bad, do not make one guilty of the actions. Fr. Austin Fagothey5 writes that conscience applies to three things: (i) the intellect as a faculty of forming judgments about right and wrong individual acts, (ii) the process of reasoning that the intellect goes through to reach such judgment, and (iii) the judgment itself which is the conclusion of this reasoning process. 16 Computer Network Security and Cyber Ethics We have seen in this section that morality does not belong to any individual, nor does it belong to any society or group of people. Thus, it cannot be localized. However, those parts of the moral code that can be localized become law. The Purpose of Morality—The Good Life According to Michael Miller, the ancients identified the purpose of morality with the chief good. Because morality is territorial, whatever chief good they proposed—happiness for Aristotle, no pain for Epicurus, apathy for the Stoics, heavenly afterlife for Christians—they took that chief good to be the moral purpose.6 In general, the chief good is not to suffer and die, but to enjoy and live. Chapter 3 Ethics LEARNING OBJECTIVES : After reading this chapter, the reader should be able to: • Analyze an argument to identify premises and conclusion using ethical theories. • Understand the use of ethical theories in ethical arguments. • Detect basic logical fallacies in an argument. • Articulate the ethical tradeoffs in a technical decision. • Understand the role of professional codes of ethics. “The unexamined life is not worth living.” This is a statement made by Socrates before the Athenian court. The jury gave him a death sentence for his menacing practice of going around Athens asking its citizens the ultimate questions of human existence.1 Socrates agreed to drink hemlock and kill himself for his belief in a science that represents a rational inquiry into the meaning of life. Socrates’s pursuit was a result of the Greeks’ curiosity and their desire to learn about themselves, human life and society. This led to the examination of all human life, to which Socrates devoted his life. Philosophers call this ethics. Ethics is, therefore, the study of right and wrong in human conduct. Ethics can also be defined as a theoretical examination of morality or “theory of morals.” Other philosophers have defined ethics in a variety of ways. Robert C. Solomon, in Morality and the Good Life,2 defines ethics as a set of “theories of value, virtue, or of right (valuable) action.” O.J. Johnson, on the other hand, defines ethics as a set of theories “that provide general rules or principles to be used in making moral decisions and, unlike ordinary intuitions, provides a justification for those rules.”3 The word ethics comes from the ancient Greek word eché,4 which means character. Every human society practices ethics in some way because every society attaches a value on a continuum of good to bad, right to wrong, to an individual’s actions according to where that individual’s actions fall within the domain of that society’s rules and canons. 17 18 Computer Network Security and Cyber Ethics The role of ethics is to help societies distinguish between right and wrong and to give each society a basis for justifying the judgment of human actions. Ethics is, therefore, a field of inquiry whose subject is human actions, collectively called human conduct, that are taken consciously, willfully, and for which one can be held responsible. According to Fr. Austin Fagothey,5 such acts must have knowledge, which signifies the presence of a motive, be voluntary, and have freedom to signify the presence of free choice to act or not to act. The purpose of ethics is to interpret human conduct, acknowledging and distinguishing between right and wrong. The interpretation is based on a system which uses a mixture of induction and deduction. In most cases, these arguments are based on historical schools of thought called ethical theories. There are many different kinds of ethical theories, and within each theory there may be different versions of that theory. Let us discuss these next. Ethical Theories Since the dawn of humanity, human actions have been judged good or bad, right or wrong based on theories or systems of justice developed, tested, revised, and debated by philosophers and elders in each society. Such theories are commonly known as ethical theories. An ethical theory determines if an action or set of actions is morally right or wrong. Codes of ethics have been drawn up based on these ethical theories. The processes of reasoning, explanation, and justification used in ethics are based on these theories. Ethical theories fall into two categories: those based on one choosing his or her action based on the expected maximum value or values as a consequence of the action and those based on one choosing his or her action based on one’s obligation or requirements of duty. The Greeks called the first category of theories telos, meaning purpose or aim. We now call these teleological or consequentialist theories. The Greeks called the second category of theories deon, meaning binding or necessary. Today, we call them deontological theories.6 Consequentialist Theories We think of the right action as that which produces good consequences. If an act produces good consequences, then it is the right thing to do. Those who subscribe to this position are called consequentialists. Consequentialist theories judge human actions as good or bad, right or wrong, based on the best attainable results of such actions—a desirable result denotes a good action, and vice versa. According to Richard T. Hull, consequentialist theories “have three parts: a theory of value, a principle of utility, and a decision procedure.”7 3—Ethics 19 Within these are further theories. For example, in the theory of value there are several other theories held by consequentialists including8: • Hedonism, which equates good with pleasure, bad or evil with pain. • Eudamonism, which equates good with happiness, bad or evil with unhappiness. • Agathism, which views good as an indefinable, intrinsic feature of various situations and states. Evil is seen as either an indefinable, intrinsic feature of other situations and states, or simply as the absence of good. • Agapeism, which equates good with live, bad with hate. • Values pluralism, which holds that there are many kinds of good, including pleasure and happiness, but also knowledge, friendship, love, and so forth. These may or may not be viewed as differing in importance or priority. There are three commonly discussed types of consequentialist theory9: (i) Egoism puts an individual’s interests and happiness above everything else. With egoism, any action is good as long as it maximizes an individual’s overall happiness. There are two kinds of egoism: ethical egoism, which states how people ought to behave as they pursue their own interests, and psychological egoism, which describes how people actually behave. (ii) Utilitarianism, unlike egoism, puts a group’s interest and happiness above those of an individual, for the good of many. Thus, an action is good if it benefits the maximum number of people. Among the forms of utilitarianism are the following: • Act utilitarianism tells one to consider seriously the consequences of all actions before choosing that with the best overall advantage, happiness in this case, for the maximum number of people.10 • Rule utilitarianism tells one to obey those rules that bring the maximum happiness to the greatest number of people. Rule utilitarianism maintains that a behavioral code or rule is good if the consequences of adopting that rule are favorable to the greatest number of people.11 (iii) Altruism states that an action is right if the consequences of that action are favorable to all except the actor. Deontological Theories The theory of deontological reason does not concern itself with the consequences of the action but rather with the will of the action. An action is 20 Computer Network Security and Cyber Ethics good or bad depending on the will inherent in it. According to deontological theory, an act is considered good if the individual committing it had a good reason to do so. This theory has a duty attached to it. For example, we know that killing is bad, but if an armed intruder enters your house and you kill him, your action is good, according to deontologists. You did it because you had a duty to protect your family and property. Deontologists fall into two categories: act deontologists and rule deontologists. • Act deontologists consider every judgment of moral obligation to be based on its own merit. We decide separately in each particular situation what is the right thing to do. • Rule deontologists consider that one’s duty in any situation is to act within rules. All other contemporary ethical theories, as Richard T. Hull contends, are hybrids of utilitarianist and deontologist theories. The process of ethical reasoning takes several steps, which we refer to as layers of reasoning, before one can justify to someone else the goodness or badness, rightness or wrongness of one’s action. For example, if someone wants to convince you to own a concealed gun, he or she needs to explain to you why it is good to have a concealed gun. In such an exercise, the person may start by explaining to you that we are living in difficult times and that no one is safe. You may then ask why no one is safe, to which the person might reply that there are many bad people out there in possession of high-powered guns waiting to fire them for various and very often unbelievable reasons. So owning a gun will level the playing field. Then you may ask why owning a gun levels the playing field, to which the answer would be that if the bad guys suspect that you own a gun just like theirs, they will think twice before attacking you. You may further ask why this is so; the answer may be that if they attack you, they themselves can get killed in the action. Therefore, because of this fear, you are not likely to be attacked. Hence, owning a gun may save your life and enable you to continue pursuing the ultimate concept of the good life: happiness. On the other hand, to convince somebody not to own a concealed gun also needs a plausible explanation and several layers of reasoning to demonstrate why owning a gun is bad. Why is it a bad thing, you would ask, and the answer would be because bad guys will always get guns. And if they do, the possibility of everyone having a concealed gun may make those bad guys trigger-happy to get you fast before you get them. It also evokes an imageof the Wild West filled with gun-toting people daring everyone in order to get a kick out of what may be a boring life. You would then ask why is this situation 3—Ethics 21 dangerous if no one fires? The reply might be because it creates a situation in which innocent people may get hurt, denying them happiness and the good life. The explanation and reasoning process can go on and on for several more layers before one is convinced that owning a gun is good or bad. The act of owning a gun is a human act that can be judged as either good or bad, right or wrong depending on the moral and ethical principles used. The spectrum of human actions on which ethical judgments can be based is wide-ranging, from simple, traditional and easy to understand actions like killing and stealing, to complex and abstract ones like hacking, cellular telephone scanning, and subliminal human brain alterations. On one side of this spectrum, the inputs have straight output value judgments of right and wrong or good and evil. The other end of the spectrum, however, has inputs that cannot be easily mapped into the same output value judgments of right and wrong or good and evil. It is on this side of the input spectrum that most new human actions, created as a result of computer technology, are found. It is at this end, therefore, that we need an updated definition of ethics—a functional definition. Codes of Ethics The main domains in which ethics is defined are governed by a particular and definitive regiment of guidelines and rules of thumb called codes of ethics. These rules, guidelines, canons, advisories, or whatever you want to call them, are usually followed by members of the respective domains. For example, your family has an ethical set of rules that every member of the family must observe. Your school has a set of conduct rules that all students, staff and faculty must observe. And, your college has a set of rules that govern the use of college computers. So depending on the domain, ethical codes can take any of the following forms: • principles, which may act as guidelines, references, or bases for some document; • public policies, which may include aspects of acceptable behavior, norms, and practices of a society or group; • codes of conduct, which may include ethical principles; and • legal instruments, which enforce good conduct through courts. Although the use of ethical codes is still limited to professions and high visibility institutions and businesses, there is a growing movement toward widespread use. The wording, content, and target of codes can differ greatly. 22 Computer Network Security and Cyber Ethics Some codes are written purposely for the public, others target employees, and yet others are for professionals only. The reader is referred to the codes of the Association of Computing Machinery (ACM) and the Institute of Electric and Electronics Engineers’ Computer Society (IEEE Computer), both professional organizations. Codes for the ACM can be found at and those for IEEE Computer at www.ieee.org. Objectives of Codes of Ethics Different domains and groups of people formulate different codes of ethics, but they all have the following objectives: • Disciplinary: By instilling discipline, the group or profession ensures professionalism and integrity of its members. • Advisory: Codes are usually a good source of tips for members, offering advice and guidance in areas where moral issues are fuzzy. • Educational: Ethical codes are good educational tools for members of the domain, especially new members who have to learn the dos and don’ts of the profession. The codes are also a good resource for existing members needing to refresh and polish their possibly waning morals. • Inspirational: Besides being disciplinary, advisory, and educational, codes should also carry subliminal messages to those using them to inspire them to be good. • Publicity: One way for professions to create a good clientele is to show that they have a strong code of ethics and, therefore, their members are committed to basic values and are responsible. The Relevancy of Ethics to Modern Life When Socrates made the statement, “the unexamined life is not worth living” before the Athens court in 399 BC, human life was the same as it is today in almost every aspect except quality. Not much has changed in the essence of life since Socrates’s time and now. We still struggle for the meaning of life, we work to improve the quality of life and we do not rest unless we have love, justice and happiness for all. Socrates spent time questioning the people of Athens so that they, together with him, could examine their individual lives to find “What I Individually Ought to Do” and “To Improve the Lot of Humankind.” Many philosophers and those not so schooled believe that this is the purpose of ethics. The difficulty in finding “What I Individually Ought to Do” has always 3—Ethics 23 been, and continues to be for a modern life, a myriad of decisions that must be made quickly, with overwhelming and quickly changing information, and must be done reasonably well. This is not a simple statement that can be quickly overlooked. We face these decision-making dilemmas every minute of every day. Under these circumstances, when we are faced with the need to make such decisions, do we really have enough information to make a sound decision? When the information at hand is not complete and when the necessary knowledge and understanding of reality is lacking, the ability to identify the consequences of a decision may often lead to a bad decision. For a number of people, when the ingredients of a good decision-making process are missing, they rely on habits. Decisions based on habits are not always sound ethical decisions, and they are not always good. The purpose of ethics has been and continues to be, especially for us in a modern and technologically driven society, the establishment of basic guidelines and rules of thumb for determining which behaviors are most likely to promote the achievement of the “The Best,” over the long-term.12 These guidelines and rules of thumb are the codes of ethics. Chapter 4 Morality, Technology and Value LEARNING OBJECTIVES : After reading this chapter, the reader should be able to: • Identify assumptions and values embedded in a particular computer product design including those of a cultural nature. • Understand the moral value of technology. • Understand the role morality plays in decision making. • Describe positive and negative ways in which computing alters the way decisions are made by different people. • Explain why computing/network access is restricted in some countries. • Analyze the role and risks of computing in the implementation of public policy and government. • Articulate the impact of the input deficit from diverse populations in the computing profession. Every time I am onboard an aircraft, I reflect on how technology has drastically changed our lives. Great things have happened during my life to make our lives easier. Planes, trains and automobiles have all been invented to ease our daily needs and necessity of movement. Near miraculous drugs and difficult-to-believe medical procedures have been made possible because of technology. The advent of computer technology has opened a new chapter in technological advances, all to make our lives easier so that we all can live good lives. Ken Funk defines technology as a rational process of creating a means to order and transform matter, energy, and information to realize certain valued ends.1 Technology is not a value. Its value depends on how we use it. Indeed, technology is a utility tool like a device, system, or method that represents the process to the good life. Technological processes have three components: 24 4—Morality, Technology and Value 25 inputs, an engine, and outputs. For technology to be novel and useful to us as a utility, the engine must be new and the outputs must have value to us. We derive usefulness out of this utility based on the quality of that value in relation to our value system. If the outputs of the processes have relevancy and contribute to the knowledge base that we routinely use to create other utilities that ease our lives, then, the new technology has value. Otherwise, it is not a good technology. We have seen and probably used many technologies that we judge to be of no use to us. What we call good and bad technologies are scaled on our value system. If the process outputs are judged as having contributed to good knowledge in our value system (moral values), then that technology is judged good and useful. We have seen many such technologies. However, we have also seen a myriad of technologies that come nowhere near our value systems. These we call bad technologies. So all judgments of technology are based on a set of value standards, our moral values. There are many who will disagree with me in the way I define value, as it is derived from technology. In fact, some argue that this value is subjective. Others define it as objective. Many say it is intrinsic yet others call it instrumental. We are saying that this value is personal, hence, moral. In the end, when we use technology, the value we derive from the technology and the value we use in decision making while using the technology is based on one’s beliefs and moral value system. This value scaling problem in the use of technology haunts all of us in the day-to-day use of technology and even more so in decision making. Moral Dilemmas, Decision Making, and Technology Dilemmas in decision making are quite common in our everyday activities. The process of decision making is complex: It resembles a mathematical mapping of input parameters into output decisions. The input parameters in the decision-making process are premises. Each premise has an attached value. The mapping uses these values along with the premises to create an output, which is the decision. For example, if I have to make the decision whether to walk to church or take the car, the set of premises might include time, parking, exercise, and gas. If I take the car, the values attached to the premises are saving time, needing a parking space, not getting any exercise, and buying gas. However, if I decide to walk, my decision might be based on another set of premises like: Walking to church one day a week is good exercise, and I will save money by not buying gas. The mapping function takes these premises together with 26 Computer Network Security and Cyber Ethics the values and outputs a “logical” decision. Dilemmas in decision making are caused by one questioning the values attached to one’s premises as inputs to the decision being made. One’s scaling of values to the inputs may be influenced by a number of factors such as advances in technology and incomplete or misleading information. Advances in Technology Dilemmas are usually caused by advances in technology. Computer technology in particular has created more muddles in the decision-making process than in any other technology. Advances in computer technology create a multitude of possibilities that never existed before. Such possibilities present professionals with myriad temptations.2 Incomplete or Misleading Information Not having all the information one needs before making a decision can be problematic. Consider the famous prisoners’ dilemma. Two people are caught committing a crime, and they are taken to different interrogation rooms before they have a chance to coordinate their stories. During the interrogation, each prisoner is told that the other prisoner has agreed to plead guilty on all charges. Authorities inform each prisoner that agreeing to plead guilty on all charges as the other prisoner has done will bring him or her a reduced sentence. Rejecting the plea will mean that the prisoner refuses to cooperate with the investigation and may result in he or she receiving the maximum punishment. Each prisoner has four recourses: (i) plead guilty without the friend pleading guilty, which means deserting a friend; (ii) refuse to plead guilty while the friend pleads guilty, which means betrayal and probably a maximum sentence; (iii) plead guilty while the friend pleads guilty, which means light sentences for both of them; or (iv) both refuse to plead guilty and each receives either a light sentence or a maximum sentence. Whichever option the prisoners take is risky because they do not have enough information to enable them to make a wise decision. There are similar situations in professional life when a decision has to be made quickly and not enough information is available. In such a situation, the professional must take extra care to weigh all possibilities in the input set of premises with their corresponding values. 4—Morality, Technology and Value 27 Making Good Use of Technology How can we use technology in a nondestructive way to advance human society? Technology has placed at our disposal a multitude of possibilities, many of which we never had before, that are shrouding our daily value-based decision making in confusion and doubt. Doubt of our own value system, the system we grew up with. Doubts are created because gaps in reasoning between right and wrong has been muddled up because of the many possibilities, many of which are new and we are no longer sure! An appropriate response to this confusion of reasoning is multifaceted and may include the following solutions: • Formulate new laws to strengthen our basic set of values, which are being rendered irrelevant by technology. • Construct a new moral and ethical conceptual framework in which the new laws can be applied successfully. • Launch a massive education campaign to make society aware of the changing environment and the impact such an environment is having on our basic values. Nations and communities must have a regulated technology policy. Technology without a policy is dangerous technology. We are not calling for a burdensome policy. We are calling for a guided technology policy that is based on a basket of values. In formulating a policy like this, societies must be guided by the critical needs of their society based on a sound value system. Scientists and researchers must also be guided by a system of values. Strengthening the Legal System In many countries and local governing systems, technology has outpaced the legal system. Many laws on the books are in serious need of review and revision. Lawyers and judges seriously need retraining to cope with the new realities of information technology and its rapidly changing landscape. Legal books and statutes need to be updated. The technology in many courtrooms in many countries needs to be updated in order to handle the new breed of criminal. Updating the legal system to meet new technology demands cannot be done overnight. It is complex. It needs a training component that will involve judges, lawyers, court clerks, and every other personnel of the court. It also needs an implementation component that involves acquiring the new technologies for the courtrooms. This will involve software and hardware and the 28 Computer Network Security and Cyber Ethics training of the people to use such facilities. Lastly, and probably the most difficult, is the legislative component. A thorough review of current law is needed to update the relevant laws and to draw up new ones to meet current needs. Also, since technology is stretching the legal garment and constantly causing tears in the seams, there is a need for a policy to allow quick and effective reaction to new technologies so relevant and needed laws are created quickly. A New Conceptual Moral Framework New technologies in communication have resulted in demographical tidal waves for the global societies. Only primitive societies (which themselves are disappearing) have not been touched. The movement of people and goods between nations and societies and the Internet are slowly creating a new global society with serious social and moral characteristics. With this new society, however, no corresponding moral and ethical framework has been created. This has resulted in a rise in crime in the new nonmonolithic societies. The future of monolithic societies is uncertain because of the rapid globalization of cultures and languages. This globalization, along with the plummeting prices of computers and other Internet-accessing devices, had ignited a growing realization and fear, especially among religious and civic leaders, moralists, and parents, that society is becoming morally loose and citizens are forgetting what it is to be human. Of immediate concern to these groups and many others is that a common morality is needed. However, they also realize that morality is not easily definable. As societies become diverse, the need for a common moral framework as a standard for preserving decency and effectively reversing the trend of skyrocketing moral decadence and combating crimes becomes most urgent. Moral and Ethics Education It is not easy to teach morality. In many countries this has been accomplished through the teaching of character. Character education in public schools has raised many controversies between civil libertarians and the religious right. Each believes they have a God-given right to character education. So while it is good to teach, we will focus on ethics education for now. Ethics education can take many forms. We will discuss formal education and advocacy. Formal Education The formal education of ethics should start in elementary schools. As students are introduced to information technology in elementary school, they 4—Morality, Technology and Value 29 should be told not to use machines to destroy other people’s property or to hurt others. This should be explained in age-appropriate language. For example, children should be taught to use computers and the Internet responsibly. They should be told not to visit certain Web pages, to avoid getting involved in relationships online, not to give out personal or family information online, and not to arrange to meet anyone offline. In addition, they should be told to respect the work and property of others whether they are online or off. There are already reported cases of children as young as 14 years old breaking into computer systems and destroying records. In fact, many of the computer network attacks and a good number of the headline-making computer attacks have been perpetrated by young people, sometimes as young as ten years old. For example, in a certain county in Tennessee, several ninth graders broke into their school’s computer system and infected it with a virus that wiped out most of the school’s records. It is believed the students got the virus off the Internet.3 The educational content must be relevant and sensitive to different age groups and professionals. As students go through high school, content should become progressively more sophisticated. The message on the responsible use of computers should be stressed more. The teen years are years of curiosity and discovery and a lot of young people find themselves spending long hours on computers. Those long hours should be spent responsibly. While a good portion of the message should come from parents, schools should also play a part by offering courses in responsible use of computers. The teaching should focus on ethics; students should be given reasons why they should not create and distribute viruses, download copyrighted materials off the Internet, or use the Internet to send bad messages to others. These are ethical reasons that go beyond the “do it and you will be expelled from school” type of threats. In college, of course, the message should be more direct. There are several approaches to deliver the message: • Students take formal courses in professional ethics in a number of professional programs in their respective colleges. • Instead of taking formal ethics courses, students are taught the information sprinkled throughout their courses, either in general education or in their major. • Include an ethics course in the general education requirements or add ethics content to an existing course. For example, many colleges now require computer literacy as a graduation requirement. Adding ethics content to the already required class is an option. • Require a one-hour online information ethics course. 30 Computer Network Security and Cyber Ethics Once students join the workplace environment, they should be required to attend informal refresher courses, upgrading sessions, seminars, in-service courses or short workshops periodically. Advocacy Advocacy is a mass education strategy which has been used for generations. Advocacy groups work with the public, corporations and governments to enhance public education through awareness. A mass education campaign involves distributing a message in magazines, and electronic publications, by supporting public events and by communicating through the mass media like television, radio, and now the Internet. Advocacy is intended to make people part of the message. For example, during the struggles for voting rights in the United States, women’s groups and minorities designed and carried out massive advocacy campaigns that were meant to involve all women who eventually became part of the movement. Similarly, in the minority voting rights struggles, the goal was to involve all minorities whose rights had been trampled. The purpose of advocacy is to organize, build, and train so there is a permanent and vibrant structure people can be a part of. By involving as many people as possible, including the intended audience in the campaigns, the advocacy strategy brings awareness which leads to more pressure on lawmakers and everyone else responsible. The pressure brought about by mass awareness usually results in some form of action, usually the desired action. The expansion and growth of cyberspace has made fertile ground for advocacy groups, because now they can reach virtually every society around the globe. Advocacy groups rally their troops around issues of concern. So far, online issues include individual privacy and security, better encryption standards and the blocking of pornographic materials and any other materials deemed unsuitable or offensive to certain audiences. The list of issues grows every day as cyberspace gets more exposure. Not only is the list of issues getting longer, but the number of advocacy groups is also getting larger as more groups form in reaction to new issues. Renowned advocacy groups for moral issues include4: • The Family Research Council (FRC) works to promote and defend common morality through traditional family values in all media outlets. It develops and advocates legislative and public policy initiatives that promote and strengthen family and traditional values, and it established and maintains a database for family value research. 4—Morality, Technology and Value 31 • Enough Is Enough (EE) is dedicated to preserving common morality in cyberspace through fighting pornography on the Internet. • The Christian Coalition (CC) represents some Christian churches in the United States. It works on legislative issues and on strengthening families and family values. Chapter 5 Cyberspace Infrastructure LEARNING OBJECTIVES : After reading this chapter, the reader should be able to: • Describe the evolution of and types of computer networks. • Understand networking fundamentals, including network services and transmission media. • Understand network software and hardware, including media access control, network topologies, and protocols, as well as connectivity hardware for both local area and wide area networks. • Understand how and why the computer network infrastructure is the bedrock that enables and offers a medium of computer crimes In his science-fiction novel Neuromancer, William Gibson first coined the term “cyberspace” to describe his vision of a three-dimensional space of pure information, moving between computer and computer clusters that make up this vast landscape. This infrastructure, as envisioned by Gibson, links computers as both computing and transmitting elements, people as generators and users of information, and pure information moving at high speed between highly independent transmitting elements. The transmitting elements are linked by conducting media, and the information moving from the sourcing element to the receiving element via intermediary transmitting elements is handled by software rules called protocols. The cyberspace infrastructure, therefore, consists of hardware nodes as sourcing, transmitting, and receiving elements; software as protocols; humanware as users of information; and finally pure information that is either in a state of rest at a node or a state of motion in the linking media. Computer Communication Networks A computer communication network system consists of hardware, software, and humanware. The hardware and software allow the humanware— 32 5—Cyberspace Infrastructure 33 the users—to create, exchange, and use information. The hardware consists of a collection of nodes that include the end systems, commonly called hosts, and intermediate switching elements that include hubs, bridges, routers and gateways. We will collectively call all of these network or computing elements, or sometimes without loss of generality, just network elements. The software, all application programs and network protocols, synchronize and coordinate the sharing and exchange of data among the network elements and the sharing of expensive resources in the network. Network elements, network software, and users, all work together so that individual users get to exchange messages and share resources on other systems that are not readily available locally. The network elements may be of diverse hardware technologies and the software may be different, but the whole combo must work together in unison. This concept that allows multiple, diverse underlying hardware technologies and different software regimes to interconnect heterogeneous networks and bring them to communicate is called internetworking technology. Internetworking technology makes Gibson’s vision a reality; it makes possible the movement and exchange of data and the sharing of resources among the network elements. This is achieved through the low-level mechanisms provided by the network elements and the high-level communication facilities provided by the software running on the communicating elements. Let us see how this infrastructure works by looking at the hardware and software components and how they produce a working computer communication network. We will start with the hardware components, consisting of network types and network topology. Later, we will discuss the software components consisting of the transmission control system. Network Types The connected computer network elements may be each independently connected on the network or connected in small clusters, which are in turn connected together to form bigger networks via connecting devices. The size of the clusters determines the network type. There are, in general, two network types: a local area network (LAN) and a wide area network (WAN). A LAN consists of network elements in a small geographical area such as a building floor, a building, or a few adjacent buildings. The advantage of a LAN is that all network elements are close together so the communication links maintain a higher speed data movement. Also, because of the proximity of the communicating elements, high-cost and quality communicating elements can be used to deliver better service and higher reliability. Figure 5.1 shows a LAN network. WANs cover large geographical areas. Some advantages of a WAN 34 Computer Network Security and Cyber Ethics Figure 5.1 A LAN Network include the ability to distribute services to a wider community and the availability of a wide array of both hardware and software resources that may not be available in a LAN. However, because of the large geographical areas covered by WANs, communication media are slow and often unreliable. Figure 5.2 shows a WAN network. Network Topology WAN networks are typically found in two topologies: mesh and tree. WANs using a mesh topology provide multiple access links between network elements. The multiplicity of access links offers an advantage in network reliability because whenever a network element failure occurs, the network can always find a bypass to the failed element and the network continues to function. Figure 5.3 shows a mesh network. A WAN using a tree topology uses a hierarchical structure in which the most predominant element is the root of the tree and all other elements in the network share a child-parent relationship. The tree topology is a generalization of the bus topology. As in ordinary trees, there are no closed loops, so dealing with failures can be tricky, especially in deeply rooted trees. Transmission from any element in the network propagates through the network and is received by all elements in the network. Figure 5.4 shows a WAN using a tree topology. Figure 5.2 A WAN Network Figure 5.3 A Mesh Network Figure 5.4 A Tree Topology 36 Computer Network Security and Cyber Ethics A LAN can be a bus, a star, or a ring topology. Elements in a bus topology, as seen in Figure 5.5, are on a shared bus and, therefore, have equal access to all LAN resources. All network elements have full-duplex connections to the transmitting medium which allow them to send and receive data. Because each computing element is directly attached to the transmitting medium, a transmission from any one element propagates the whole length of the medium in either direction and, therefore, can be received by all elements in the network. Because of this, precautions need to be taken to make sure that transmissions intended for one element can only be gotten by that element and no one else. Figure 5.5 A Bus Topology Also, if two or more elements try to transmit at the same time, there is a mechanism to deal with the likely collision of signals and to bring a quick recovery from such a collision. It is also necessary to create fairness in the network so that all other elements can transmit when they need to do so. To improve efficiency in LANs that use a bus topology, only one element in the network can have control of the bus at any one time. This requirement prevents collisions from occurring in the network as elements in the network try to seize the bus at the same time. In a star topology setting, all elements in the network are connected to a central element. However, elements are interconnected as pairs in a pointto-point manner through this central element, and communication between any pair of elements must go through this central element. The central element, or node, can operate either in a broadcast fashion, in which case information from one element is broadcast to all connected elements, or it can transmit as a switching device in which the incoming data are transmitted to only one element, the nearest element en route to the destination. The biggest disad- 5—Cyberspace Infrastructure 37 Figure 5.6 A Star Topology vantage to the star topology in networks is that the failure of the central element results in the failure of the entire network. Figure 5.6 shows a star topology. In networks using a ring topology, each computing element is directly connected to the transmitting medium via a unidirectional connection so that information put on the transmission medium is able to reach all computing elements in the network through a system of taking turns in sending information around the ring. Figure 5.7 shows a ring topology network. The taking of turns in passing information is managed through a token system. An element currently sending information has control of the token and it passes it downstream to its nearest neighbor after its turn. The token system is a good management system of collision and fairness. There are variations of a ring topology collectively called hub hybrids. They can be a combination of either a star with a bus as shown in Figure 5.8 or a stretched star as shown in Figure 5.9. Although network topologies are important in LANs, the choice of a topology depends on a number of other factors including the type of transmission medium, reliability of the network, the size of the network and the 38 Computer Network Security and Cyber Ethics Figure 5.7 A Ring Topology Figure 5.8 A Bus and Star Topology Hub 5—Cyberspace Infrastructure 39 Figure 5.9 A Token Ring Hub anticipated future growth of the network. Recently, the most popular LAN topologies have been the bus, star, and ring topologies. The most popular busand star-based LAN topology is the Ethernet and the most popular ring-based LAN topology is the Token Ring. Ethernet as a LAN technology started in the mid–1970s. Since then, it has grown at a rapid rate to capture a far larger LAN technology market share than its rivals, which include Asynchronous Transfer Mode (ATM), Fiber Distributed Data Interface (FDDI), and Token Ring technologies. Its rapid growth is partly historical. It has been on the market for the longest period and it is simple. Many variations of Ethernet use either a bus or a star topology and can run over any of the following transmission media: coaxial cable, twisted pair, and optical fiber. We will discuss transmission media in the coming sections. Ethernet can transmit data at different speeds, varying from a few Mbps to higher numbers Gbps. The basic Ethernet transmission structure is a frame and it is shown in Figure 5.10. The source and destination fields contain six byte LAN addresses of the form xx-xx-xx-xx-xx-xx, where X is a hexadecimal integer. The error detection field is four bytes of bits used for error detection, usually using Cyclic Redundancy Check (CRC) algorithm, in which the source and destination elements synchronize the values of these bits. Ethernet LANs broadcast data to all network elements. Because of this, Ethernet uses a collision and fairness control protocol commonly known as Carrier Sense Multiple Access (CSMA) and Collision Detection (CD), combined 40 Computer Network Security and Cyber Ethics Figure 5.10 Ethernet Frame Data Structure as CSMA/CD. CSMA/CD makes sure that an element never transmits a data frame when it senses that some other element on the network is transmitting. Table 5.1 Popular Ethernet Technologies Technology 10Base2 10Base-T 100Base-T Gigabit Transmission medium Coaxial Twisted Copper wire Optical fiber Topology Bus Star Star Star Speed 10Mbps 10Mbps 100Mbps Gigabps In this case it is carrier sensitive. If an element detects another element on the network transmitting, the detecting element immediately aborts its efforts. It then tries to retransmit later after a random amount of time. Table 5.1 shows some popular Ethernet technologies. Token Ring LAN technology is based on a token concept which involves passing the token around the network so that all network elements have equal access to it. The token concept is very similar to a worshipping house collection basket. If and when an attendee wants to donate money during the service, they wait until the basket makes its way to where they are sitting. At that point the donor grabs the basket and puts in money. Precisely, when the network element wants to transmit, it waits for the token on the ring to make its way to the element’s connection point on the ring. When the token arrives at this point, the element grabs it and changes one bit of the token, which becomes the start bit in the data frame the element will be transmitting. The element then inserts data and releases the payload onto the ring. It then waits for the token to make a round and come back. Upon return, the element withdraws the token and a new token is put on the ring for another network element that may need to transmit. Because of its round-robin nature, the Token Ring technique gives each network element a fair chance of transmitting if it wants to. However, if the token ever gets lost, the network business halts. Figure 5.11 shows the structure of a Token Ring data frame. Like Ethernet, Token Ring has a variety of technologies based on transmission rates. Table 5.2 shows some of these topologies.1 5—Cyberspace Infrastructure 41 Figure 5.11 Token Ring Data Frame Rival LAN technologies such as FDDI uses a Token Ring scheme with many similarities to the original Token Ring technology. ATM transports realtime voice and video, text, e-mail, and graphic data and offers a full array of network services that make it a rival of the Internet network. Table 5.2 Token Ring Topologies Technology 1 2 3 4 Transmission medium Twisted pair Twisted Twisted pair Optical fiber Topology Ring Ring Ring Ring Speed 4Mbps 16Mbps 100Mbps 100Mbps Transmission Control Systems The performance of a network type depends greatly on the transmission control system (TCS) the network uses. Network transmission control systems have five components: transmission technology, transmission media, connecting devices, communication services, and transmission protocols. Transmission Technology Data movement in a computer network is either analog or digital. In an analog format, data is sent as continuous electromagnetic waves on an interval representing things like voice and video. In a digital format, data is sent as a digital signal, a sequence of voltage pulses which can be represented as a stream of binary bits. Transmission itself is the propagation and processing of data signals between network elements. The concept of representation of data for transmission, either as an analog or a digital signal, is called an encoding scheme. Encoded data is then transmitted over a suitable transmission medium that connects all network elements. There are two encoding schemes: analog and digital. Analog encoding propagates analog signals representing analog data. Digital encoding, on the other hand, propagates digital signals representing either an analog or a digital signal representing digital data of binary streams. Because our interest in this book is in digital networks, we will focus on the encoding of digital data. 42 Computer Network Security and Cyber Ethics In an analog encoding of digital data, the encoding scheme uses a continuous oscillating wave, usually a sine wave, with a constant frequency signal called a carrier signal. Carrier signals have three characteristics: amplitude, frequency, and phase shift. The scheme then uses a modem, a modulationdemodulation pair to modulate and demodulate any one of the three carrier characteristics. Figure 5.12 shows the three carrier characteristic modulations.2 Amplitude modulation represents each binary value by a different amplitude of the carrier frequency. For example, as Figure 5.12 (a) shows, the absence of a low carrier frequency may be represented by a 0 and any other frequency then represents a 1. Frequency modulation also represents the two binary values by two different frequencies close to the frequency of the underlying carrier. Higher frequency represents a 1 and low frequency then represents a 0. Frequency modulation is represented in Figure 5.12 (b). Phase shift modulation changes the timing of the carrier wave, shifting the carrier phase to encode the data. One type of shifting may represent a 0 and another type a 1. For example, as Figure 5.12 (c) shows, a 0 may represent a forward shift and a 1 may represent a backward shift. Figure 5.12 Carrier Characteristic Modulations 5—Cyberspace Infrastructure 43 Quite often during transmission of data over a network medium, the volume of transmitted data may far exceed the capacity of the medium. When this happens, it may be possible to make multiple signal carriers share a transmission medium. This is referred to as multiplexing. There are two ways multiplexing can be achieved: time-division multiplexing (TDM) and frequencydivision multiplexing (FDM). The second encoding scheme is the digital encoding of digital data. Before information is transmitted, it is converted into bits (zeros and ones). The bits are then sent to a receiver as electrical or optical signals. The scheme uses two different voltages to represent the two binary states (digits). For example, a negative voltage may be used to represent a 1 and a positive voltage to represent a 0. Figure 5.13 shows the encoding of digital data using this scheme. To ensure a uniform standard for using electrical signals to represent data, the Electrical Industries Association (EIA) developed a standard widely known as RS-232. RS-232 is a serial, asynchronous communication standard: serial, because during transmission, bits follow one another, and asynchronous, because it is irregular in the transfer rate of data bits. The bits are put in the form of a packet and the packets are transmitted. RS-232 works in full duplex between the two transmitting elements. This means that the two elements can both send and receive data simultaneously. RS-232 has a number of limitations including the idealizing of voltages, which never exists, and limits on both bandwidth and distances. Figure 5.13 Encoding Electrical Signal and Showing of Zeros and Ones 44 Computer Network Security and Cyber Ethics Transmission Media The transmission medium is the physical medium between network elements. The characteristic quality, dependability, and overall performance of a network depends heavily on its transmission medium. Transmission medium determines a network’s key criteria, the distance covered, and the transmission rate. Computer network transmission media fall into two categories: wired and wireless transmission.3 Wired transmission consists of different types of physical media. A very common medium, for example, is optical fiber, a small medium made up of glass and plastics that conducts an optical ray. As shown in Figure 5.14 (b), a simple optical fiber has a central core made up of thin fibers of glass or plastics. The fibers are protected by a glass or plastic coating called a cladding. The cladding, though made up of the same materials as the core, has different properties that give it the capacity to reflect back to the core rays that tangentially hit on it. The cladding itself is encased in a plastic jacket. The jacket is meant to protect the inner fiber from external abuses like bending and abrasions. The transmitted light is emitted at the source either from a light emitting diode (LED) or an injection laser diode (ILD). At the receiving end, the emitted rays are received by a photo detector. Figure 5.14 Types of Physical Media 5—Cyberspace Infrastructure 45 Another physical medium is the twisted pair, two insulated copper wires wrapped around each other forming frequent and numerous twists. Together, the twisted, insulated copper wires act as a full-duplex communication link. To increase the capacity of the transmitting medium, more than one pair of the twisted wires may be bundled together in a protective coating. Twisted pairs are far less expensive than optical fibers, and indeed other media, and they are, therefore, widely used in telephone and computer networks. However, they are limited in transmission rate, distance, and bandwidth. Figure 5.14 (c) shows a twisted pair. Coaxial cables are dual conductor cables with an inner conductor in the core of the cable protected by an insulation layer and the outer conductor surrounding the insulation. The outer conductor is itself protected by yet another outer coating called the sheath. Figure 5.14 (a) shows a coaxial cable. Coaxial cables are commonly used in television transmissions. Unlike twisted pairs, coaxial cables can be used over long distances. A traditional medium for wired communication are copper wires, which have been used in communication because of their low resistance to electrical currents which allow signals to travel even further. But copper wires suffer from interference from electromagnetic energy in the environment, including from themselves. Because of this, copper wires are insulated. Wireless communication involves basic media like radio wave communication, satellite communication, laser beam, microwave, and infrared.4 Radio, of course, is familiar to us all as radio broadcasting. Networks using radio communications use electromagnetic radio waves or radio frequencies commonly referred to as RF transmissions. RF transmissions are very good for long distances when combined with satellites to refract the radio waves. Microwave, infrared, and laser are other communication types that can be used in computer networks. Microwaves are a higher frequency version of radio waves but whose transmissions, unlike radio, can be focused in a single direction. Infrared is best used effectively in a small confined area, for example, in a room as you use your television remote, which uses infrared signals. Laser light transmissions can be used to carry data through air and optical fibers, but like microwaves, they must be refracted when used over large distances. Cell-based communication technology of cellular telephones and personal communication devices are boosting this wireless communication. Wireless communication is also being boosted by the development in broadband multimedia services that use satellite communication. Connecting Devices Computing elements in either LAN or WAN clusters are brought together by and can communicate through connecting devices commonly 46 Computer Network Security and Cyber Ethics referred to as network nodes. Nodes in a network are either at the ends as end systems, commonly known as clients, or in the middle of the network as transmitting elements. Among the most common connecting devices are: hubs, bridges, switches, routers, and gateways. Let us briefly look at each one of these devices. A hub is the simplest in the family of network connecting devices because it connects LAN components with identical protocols. It takes in imports and retransmits them verbatim. It can be used to switch both digital and analog data. In each node, presetting must be done to prepare for the formatting of the incoming data. For example, if the incoming data is in digital format, the hub must pass it on as packets; however, if the incoming data is analog, then the hub passes it on in a signal form. There are two types of hubs: simple and multiple port. Figure 5.15 shows both types of hubs in a LAN. Bridges are like hubs in every respect including the fact that they connect LAN components with identical protocols. However, bridges filter incoming data packets, known as frames, for addresses before they are forwarded. As it filters the data packets, the bridge makes no modifications to the format or content of the incoming data. A bridge filters frames to determine whether a frame should be forwarded or dropped. It works like a postal sorting machine which checks the mail for complete postal addresses and drops a piece of mail if the address is incomplete or illegible. The bridge filters and forwards frames on the Figure 5.15 Types of Hubs in a LAN network with the help of a 5—Cyberspace Infrastructure 47 dynamic bridge table. The bridge table, which is initially empty, maintains the LAN addresses for each computer in the LAN and the addresses of each bridge interface that connects the LAN to other LANs. Bridges, like hubs, can be either simple or multiple port. Figure 5.16 shows the position of a simple bridge in a network cluster. Figure 5.17 shows a multiple port bridge. Figure 5.16 A Simple Bridge Figure 5.17 A Multiple Port Bridge 48 Computer Network Security and Cyber Ethics Figure 5.18 LAN with Two Interfaces LAN addresses on each frame in the bridge table are of the form cc-cccc-cc-cc-cc-cc-cc, where cc are hexadecimal integers. Each LAN address in the cluster uniquely connects a computer on a bridge. LAN addresses for each machine in a cluster are actually network identification card (NIC) numbers that are unique for every network card ever manufactured. The bridge table, which initially is empty, has a turnaround time slice of n seconds, and node addresses and their corresponding interfaces enter and leave the table after n seconds.5 For example, suppose in Figure 5.18 we begin with an empty bridge table and node A in cluster 1 with the address A0-15-7A-ES-15-00 sending a frame to the bridge via interface 1 at time 00:50. This address becomes the first entry in the bridge table, Table 5.3, and it will be purged from the table after n seconds. The bridge uses these node addresses in the table to filter and then forwards LAN frames onto the rest of the network. Switches are newer network intercommunication devices that are nothing more than high-performance bridges. Besides providing high performance, switches accommodate a high number of interfaces. They can, therefore, interconnect a relatively high number of hosts and clusters. Like their cousins the bridges, the switches filter and then forward frames. Routers are general purpose devices that interconnect two or more heterogeneous networks. They are usually dedicated to special purposes computers with separate input and output interfaces for each connected network. Each network addresses the router as a member computer in that network. Because routers and gateways are the backbone of large computer networks 5—Cyberspace Infrastructure 49 Table 5.3 Changes in the Bridge Table Address A0-14-7A-ES-15-08 Interface 1 Time 00:50 like the Internet, they have special features that give them the flexibility and the ability to cope with varying network addressing schemes and frame sizes through segmentation of big packets into smaller sizes that fit the new network components. They can also cope with both software and hardware interfaces and are very reliable. Since each router can connect two or more heterogeneous networks, each router is a member of each network it connects to. It, therefore, has a network host address for that network and an interface address for each network it is connected to. Because of this rather strange characteristic, each router interface has its own Address Resolution Protocol (ARP) module, its own LAN address (network card address), and its own Internet Protocol (IP) address. The router, with the use of a router table, has some knowledge of possible routes a packet could take from its source to its destination. The routing table, like in the bridge and switch, grows dynamically as activities in the network develop. Upon receipt of a packet, the router removes the packet headers and trailers and analyzes the IP header by determining the source and destination addresses, data type, and noting the arrival time. It also updates the router table with new addresses if not already in the table. The IP header and arrival time information is entered in the routing table. Let us explain the working of a router by using Figure 5.19. Figure 5.19 Routers in Action 50 Computer Network Security and Cyber Ethics In Figure 5.19, suppose Host A tries to send a packet to Host B. Host A is in network 1 and host B is in network 2. Both Host A and Host B have two addresses, the LAN (host) address and the IP address. Notice also that the router has two network interfaces: Interface1 for LAN1 and Interface2 for LAN2 (for the connection to a bigger network like the Internet). Each interface has a LAN (host) address for the network the interface connects on and a corresponding IP address. As we will see later in this chapter, Host A sends a packet to Router 1 at time 10:01 that includes, among other things, both its addresses, message type, and destination IP address of Host B. The packet is received at Interface1 of the router; the router reads the packet and builds row 1 of the routing table. The router notices that the packet is to go to network 193.55.1.***, where *** are digits 0–9, and it has knowledge that this network is connected on Interface2. It forwards the packet to Interface2. Now Interface2 with its own ARP may know Host B. If it does, then it forwards the packet on and updates the routing table with inclusion of row 2. What happens when the ARP at the router Interface1 cannot determine the next network? That is, if it has no knowledge of the presence of network 193.55.1.***, then it will ask for help from a gateway. Gateways are more versatile devices that provide translation between networking technologies such as Open System Interconnection and Transmission Control Protocol/Internet Protocol. (We will discuss these technologies shortly.) Because of this, gateways connect two or more autonomous networks each with its own routing algorithms, protocols, domain name service, and network administration procedures and policies. Gateways perform all of the functions of routers and more. In fact, a router with added translation functionality is a gateway. The function that does the translation between different network technologies is called a protocol converter. Figure 5.20 shows the position of a gateway in a network. Communication Services Now that we have a network infrastructure in place, how do we get the network transmitting elements to exchange data over the network? The communication control system provides services to meet specific network reliability and efficiency requirements. Two services are provided by most digital networks: connectio...
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hello😊 , here is it is.

Running head: INTERNET PRIVACY AND SECURITY RISKS

Internet Privacy and Security Risks
Student’s Name
Instructor’s Name
Date

1

INTERNET PRIVACY AND SECURITY RISKS

2

Vulnerabilities, Security and Privacy Risks associated with the Internet.
Internet and the network technology have been instrumental in improving the operational
aspects of many sectors including marketing, healthcare, and education. The internet has enabled
the creation, storage and sharing of information across interconnected networks which have
enhanced access and retrieval of information. Despite having many benefits, the internet comes
with a number of inherent drawbacks and risks. This paper will explore a number of security and
privacy risks associated with the internet as well as elucidate some of the attack strategies
employed by cybercriminals and how such attacks can be mitigated.
To begin with, there is the issue of excessive sharing of personal information in the
online social networks. Users of these sites have the tendency of giving out too much of their
personal information without considering the malicious people out there who might see that
information (Kizza, 2014). For example, sexual predators might use this information from the
o...


Anonymous
Excellent! Definitely coming back for more study materials.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags