Security and Ethics

(Unhu/Ubuntu/Vumunhu)

COMPUTER ETHICS
Ethics is a set of moral principles that govern the behavior of a society, group or
individual.
Computer ethics is set of moral principles that regulate the use of
computers.

Some common issues of computer ethics include intellectual property rights,

privacy concerns, and how computers affect society. Computers should be used
without damaging or violating the moral values and beliefs of any individual,
society or organization. Computer ethical principles includes methods and
procedures to avoid infringing copyrights, trademarks and the unauthorized
distribution of digital content. Computer ethics also entails the behavior and
approach of a human operator, workplace ethics and compliance with the ethical
standards that surround computer use.

TYPES OF COMPUTER ETHICS

Computer ethics are divided into three types :
* The ethics of using computers between the person and the same.
* The ethics of using computers between the person and the other.
* Ethics between the user and device.

The Ten Commandments of computer ethics

1. Do not use the computer in ways that may harm other people.
Explanation: It include physical injury physical injury, harming or corrupting
other users' data or files, it is wrong to use a computer to steal someone's
personal information, Manipulating or destroying files, writting programs which
on execution lead to stealing, copying or gaining unauthorized access to other
users' data,being involved in practices like hacking, spamming, phishing or cyber
bullying does not conform to computer ethics.

2. Do not use computer technology to cause interference in other users' work.

Explanation: Computer software can be used in ways that disturb other users or
disrupt their work. Viruses and malware for example, are programs meant to
harm useful computer programs or interfere with the normal functioning of a
computer.

Pg 1 Reproduction and/or distribution of this book, in any form, is prohibited. All rights reserved
3. Do not spy on another person's computer data.
Explanation: it is wrong to read someone else's email messages or files.
Obtaining data from another person's private files is nothing less than breaking
into someone's room and this is invasion of privacy.

4. Do not use computer technology to steal information.

Explanation: Stealing sensitive information or leaking confidential information is
as good as robbery. It is wrong to acquire personal information of employees from
an employee database or patient history from a hospital database or client record
in a bank etc, such information that is meant to be confidential. Iillegal
electronic transfer of funds is a type of fraud.

5. Do not contribute to the spread of misinformation using computer technology.

Explanation: Spread of information has become viral today, because of the
Internet. This also means that false news or rumors can spread speedily through
social networking sites or emails. Being involved in the circulation of incorrect
information is unethical. Direct or indirect involvement in the circulation of false
information is ethically wrong. Giving wrong information can hurt other parties or
organizations that are affected by that particular theme.

6. Refrain from copying software or buying pirated copies. Pay for software unless it
is free.
Explanation: Like any other artistic or literary work, software is copyrighted. A
piece of code is the original work of the individual who created it. It is copyrighted
in his/her name. In case of a developer writing software for the organization she
works for, the organization holds the copyright for it. Copyright holds true unless
its creators announce it is not. Obtaining illegal copies of copyrighted software is
unethical and also encourages others to make copies illegally.

7. Do not use someone else's computer resources unless authorized to.

Explanation: Multi-user systems have user specific passwords. Breaking into
some other user's password, thus intruding his/her private space is unethical. It
is not ethical to hack passwords for gaining unauthorized access to a password-
protected computer system. Accessing data that you are not authorized to access
or gaining access to another user's computer without her permission is not
ethical.

8. Simply put: It is wrong to claim ownership on a work which is the output of

someone else's intellect.
Explanation: Programs developed by a software developer are her property. If he
is working with an organization, they are the organization's property. Copying
them and propagating them in one's own name is unethical. This applies to any
creative work, program or design. Establishing ownership on a work which is not
yours is ethically wrong.

9. Before developing a software, think about the social impact it can have.
Pg 2 Reproduction and/or distribution of this book, in any form, is prohibited. All rights reserved
 Explanation: Looking at the social consequences that a program can have,
describes a broader perspective of looking at technology. A computer software on
release, reaches millions. Software like video games and animations or
educational software can have a social impact on their users. When working on
animation films or designing video games, for example, it is the programmer's
responsibility to understand his target audience/users and the effect it may have
on them. For example, a computer game for kids should not have content that
can influence them negatively. Similarly, writing malicious software is ethically
wrong. A software developer/development firm should consider the influence their
code can have on the society at large.

10. In using computers for communication, be respectful and courteous with the
fellow members.
Explanation: The communication etiquette we follow in the real world applies to
communication over computers as well. While communicating over the Internet,
one should treat others with respect. One should not intrude others' private
space, use abusive language, make false statements or pass irresponsible
remarks about others. One should also be considerate with a novice computer
user.

THE DATA PROTECTION ACT (1984)

This tries to regularise the use of automatically processed individual information by
organisations. The Act outlines some of the following rules:
Organisations using personal data must be registered. Data about individuals must be
obtained fairly and lawfully for the purpose collected for. Data must be used only for the
specific purpose collected for and may only be disclosed in accordance with such a
purpose. Data collected must not be excessive for the purpose collected for but must be
adequate and relevant. Data collected must be accurate, up-to-date and kept no longer
than necessary. Data must be protected from unauthorised access or loss. Individuals with
collected data have the right to view it and make alterations where necessary.

PRIVACY
Data privacy, or Information privacy or data protection is the privacy of personal
information and usually relates to personal data stored on computer systems.

The need to maintain information privacy is applicable to collected personal information,

such as medical records, financial data, criminal records, political records, business
related information or website data. There are laws that govern and regulate the extend to
which personal data may be used.

The following organizations are the most common sources of violation of personal data.

 Healthcare records
 Criminal justice investigations and proceedings
 Financial institutions and transactions
 Biological traits, such as genetic material
 Residence and geographic records
 Web surfing behavior or user preferences using persistent cookies

Pg 3 Reproduction and/or distribution of this book, in any form, is prohibited. All rights reserved
  Academic institution
 Recreational site
 Employee institutions

While organization data may be violated by employees, customers and hackers.

COMPUTER SECURITY
In the computer industry, the term security or the phrase computer security refers to
techniques for ensuring that data stored in a computer cannot be read or compromised by
any individuals without authorization.

In a broad sense, System security is the protection of information and

information systems against unauthorized access or modification
of information,whether in storage, processing, or transit, and against denial of service to a
uthorized users.

System security includesthose measures necessary to detect, document, and counter such
threats.

The process makes sure computer software and information is confidential, available, and
assuring its integrity.

Data security is done or ensured by using various ways such as

1. Data validation
2. Using password to open a database file
3. Using access limits to data in the database
4. Database encryption
5. Designing Read-Write permission to records or files.
6. Training users
7. Providing documentation and user help desk.
8. Securing the computer from physical and malware
9. Backing up data regulary

Computer security refers to the protection of a computer, its data and software against damage or loss.
Computer security therefore deals with the protection of
(a) The computer itself and its accessories
(b) Computer data or information
(c) Computer software

Computer security can therefore be classied as physical security and data or software security

PHYSICAL SECURITY
The following are threats that can cause computer or information loss or damage
1. Storms
2. Burglars (thief)
3. Dust
4. Heat
5. Fire
Pg 4 Reproduction and/or distribution of this book, in any form, is prohibited. All rights reserved
 6. Electrical faults
7. Accidental loss

How to protect a computer from physical damage

(a) Storms:
 build false floors,
 keep backup,
 build computer labs in upper rooms.
 Cover your computers
 Use storm detectors and early warning systems
(b) Burglars:
 Install burglars bars in computer rooms
 Install alarms
 Install CCTV
 Install electronic security doors
 Lock the computer room
 Hire a security guard
 Lock computers onto desks
 Use biometric doors
(c) Dust:
 Use computer covers
 Do not open windows
 Take computer for servicing (blowing off dust)
(d) Heat:
 Use air conditioners
 Provide free air circulation near a computer.
(e) Fire:
 Keep a fire extinguisher
 Use smoke detectors and early warning systems

(f) Electrical faults:

 use surge protectors
 remove all naked wires
 use correct connections (avoid short cuts)
 do not overload a socket or an adapter.
(g) Accidental loss:
 Keep a backup
 Do not move around with easily lost devices
 Secure memory stick with a neck string.

OTHER PHYSICAL SECURITY MEASURES

1. Make sure the most vulnerable devices are in that locked room
2. Use rack mount servers
3. Keep intruders from opening the case
4. Protect the portables
5. Disable the drives
6. Protect your printers

Pg 5 Reproduction and/or distribution of this book, in any form, is prohibited. All rights reserved
DATA /SOFTWARE LOSS OR DAMAGE
Threats to data and software examples are
1. Virus or malicious software
2. Accidental loss
3. Hackers
4. Sniffing
5. Software piracy
6. etc

SOLUTIONS TO DATA AND SOFTWARE THREATS

1. Use two-factor authentication
2. Use Strong Passwords
3. Use Cloud Encryption
4. Use a Strong Firewall
5. Do Not Allow Users to Bring Jailbroken Devices to the Office
6. Have Ad-blocker Installed
8. Update your Software
9. Secure your Mobile Devices
10. Monitor Your Network
11. Prevent the installation or execution of unauthorized software or content.
12. Don’t let non-admin users be logged in as administrators or root.
13. Secure your e-mail. Convert all incoming HTML content to plain text and block all file extensions by
default, except the handful or two you want to allow.
14. Implement anti-virus, anti-spam, and anti-spyware tools on the gateway and/or at the host-level.
15. Scan for and investigate unexpected listening TCP or UDP ports on your network.
17. Automate security. If you don’t automate it, you won’t do it consistently.
18. Educate staff and employees about security risks and create appropriate policies and procedures.
Practice change and configuration management. Enforce penalties for non-compliance.

19. Remove or disable accounts upon loss of eligibility: Separate user and administrator accounts:
20. Administrator accounts must not be used for non-administrative purposes.
21. Use unique passwords for administrator accounts: Throttle repeated unsuccessful login-attempts:
22. A maximum rate for unsuccessful login attempts must be enforced. Account lockout is not required,
but the rate of unsuccessful logins must be limited.
23. Enable session timeout: Sessions must be locked or closed after some reasonable period.
24. Enforce least privilege: Non-administrative accounts must be used whenever possible. User accounts
and server processes must be granted the least-possible level of privilege that allows them to perform
their function.
25. Enable system logging and auditing: The facilities required to automatically generate, retain, and
expire system logs must be enabled.
26. Access control: Access to confidential data must be provided on a least-privilege basis. No person or
system should be given access to the data unless required by business process. In such cases where
access is required, permission to use the data must be granted by the data steward.
27. For data loss, use data recovery tools such as RECUVA and many others
28. Also create a recovery plan

Pg 6 Reproduction and/or distribution of this book, in any form, is prohibited. All rights reserved
 CYBERCRIME
Computer Crime or cyber crime is the use of a computer to take or alter data, or to gain
unlawful use of computers or services. Computer crime is an act performed by a
knowledgeable computer user, sometimes referred to as a hacker that illegally browses or
steals a company's or individual's private information. In some cases, this person or group
of individuals may be malicious and destroy or otherwise corrupt the computer or data
files.

Categories of Cyber Crime

Cyber crimes are broadly categorized into three categories, namely crime against
1. Individual
2. Property
3. Government

Individual: This type of cyber crime can be in the form of cyber stalking, distributing
pornography, trafficking and “grooming”.

Property: In the cyber world criminals resort to stealing and robbing using computers. In
this case, they can steal a person’s bank details and siphon off money; misuse the credit
card to make numerous purchases online; run a scam to get naïve people to part with their
hard earned money; use malicious software to gain access to an organization’s website or
disrupt the systems of the organization.

Government: Crimes against a government are referred to as cyber terrorism. If

successful, this category can wreak havoc and cause panic amongst the civilian population.
In this category, criminals hack government websites, military websites or circulate
propaganda. The perpetrators can be terrorist outfits or unfriendly governments of other
nations.

Types of Cybercrime Acts

1. Hacking: Hacking is gaining illegal or unautorized access by breaking into a to a file,

computer or network to access information.
2. Theft: This crime occurs when a person violates copyrights and downloads music,
movies, games and software.
3. Cyber Stalking: This is a kind of online harassment wherein the victim is subjected to
a barrage of online messages and emails.
4. Identity Theft: In this cyber crime, a criminal accesses data about a person’s bank
account, credit cards, Social Security, debit card and other sensitive information to
siphon money or to buy things online in the victim’s name. It can result in major
financial losses for the victim and even spoil the victim’s credit history.
5. Malicious Software: These are Internet-based software or programs that are used
to disrupt a network. The software is used to gain access to a system to steal
sensitive information or data or causing damage to software present in the system.
6. Child soliciting and Abuse: This is also a type of cyber crime wherein criminals
solicit minors via chat rooms for the purpose of child pornography.
7. Online Identity theft
Identity theft and fraud is one of the most common types of cybercrime. The term
Identity Theft is used, when a person purports to be some other person, with a view
to creating a fraud for financial gains.
8. Ransomware
This is one of the detestable malware-based attacks. Ransomware enters your
computer network and encrypts your files using public-key encryption, and unlike

Pg 7 Reproduction and/or distribution of this book, in any form, is prohibited. All rights reserved
 other malware this encryption key remains on the hacker’s server. Attacked users
are then asked to pay huge ransoms to receive this private key.
9. Spam
Spamming and phishing are two very common forms of cybercrimes. There is not
much you can do to control them. Spam is basically unwanted emails and
messages sent onto an online computer.

10. Phishing is a method where cyber criminals offer a bait so that you take it and give
out the information they want. The bait can be in form of a business proposal,
announcement of a lottery to which you never subscribed, and anything that
promises you money for nothing or a small favor. There are online loans companies
too, making claims that you can get insecure loans irrespective of your location.
Doing business with such claims, you are sure to suffer both financially and
mentally.

11. Social Engineering

Social engineering is a method where the cyber criminals make a direct contact
with you using emails or phones – mostly the latter. They try to gain your
confidence and once they succeed at it, they get the information they need. This
information can be about you, your money, your company where you work or
anything that can be of interest to the cyber criminals. It is easy to find out basic
information about people from the Internet. Using this information as the base, the
cyber criminals try to befriend you and once they succeed, they will disappear,
leaving you prone to different financial injuries directly and indirectly.
12. Malvertising
Malvertising is a method whereby users download malicious code by simply
clicking at some advertisement on any website that is infected. In most cases, the
websites are innocent. It is the cyber criminals who insert malicious
advertisements on the websites without the knowledge of the latter.
13. PUPs
PUPs, commonly known as Potentially Unwanted Programs are less harmful but
more annoying malware. It installs unwanted software in your system including
search agents and toolbars. They include spyware, adware, as well as dialers.
Bitcoin miner was one of the most commonly noticed PUPs in 2013.
14. Scams
For making a quick profit,to cheat or swindle. Notable among Internet scams are,
scams which misuse the Microsoft name and other general tech support scams.
Scamsters phone computer users randomly and offer to fix their computer for a
fee. Every single day, scores of innocent people are trapped by scam artists into
Online Tech Support Scams and forced to shell out hundreds of dollars for non-
existent computer problems. Eg Click Fraud: Repeated clicking on an advert to
either increase a site's revenue or to use up a competitors advertising budget.

15. Pharming: False websites that fish for personal and financial information by
planting false URLs in Domain Name Users.
16. Fraud A wide-ranging term for theft and fraud committed using a credit card or
any similar payment mechanism as a fraudulent source of funds in a transaction.
Also the manipulation of computer records for personal gain or credit. Salami
slicing a from of fraud which is committed by the practice of stealing money
repeatedly in extremely small quantities

17. Forgery
The process of making, adapting, or imitating objects, statistics, or documents,
with the intent to deceive. Digital Forgery: New technologies are used to create
fake checks, passports, visas, birth certificates with little skill or investments.

Pg 8 Reproduction and/or distribution of this book, in any form, is prohibited. All rights reserved
 18. Intellectual property theft, including software piracy.

19. Industrial espionage - access to or theft of computer materials.

20. Spoofing, is a cyber crime. It is is a fraudulent or malicious practice in which

communication is sent from an unknown source disguised as a source known to
the receiver. Spoofing is most prevalent in communication mechanisms that lack a
high level of security.

21. Sniffing is a cyber crime which uses illegal data interception technologies. A
Sniffer is a program that monitor or read all network traffic passing in and out
over a network. It is also called eavesdropping.

Ways to Prevent Computer Crime

1. Restrict Access To Computers

An obvious way to prevent computer crime is to properly restrict access to all terminals on
a network or on a single computer in the home of office. Make sure access to the computer
is only possible with a secret password to avoid physical intrusion on the home terminal or
office terminal. Do not leave the computer on and connected to the Internet when it is not
in use.
2. Install antivirus programs on your computers
Viruses may break the immunity of your computers, making them vulnerable to external
attacks. It is advisable to install latest antivirus programs on your computers and to keep
them regularly updated.
3. Install firewalls
A firewall is a software or hardware that disallows information from making its way into
the network without authorization. The firewall will block out any data that has not been
intentionally permitted by the network administrator.

4. Upgrade your Operating System

Latest versions are always equipped with the most potent protection against cyber attacks.
5. Install intrusion detection
A good intrusion detection tool will notify you immediately your system is breached. After
installing it, make it mandatory for each employee to monitor his or her systems with for
signs of intrusion
6. Back-up your information regularly
The safety of your business is more guaranteed if you regularly back up your information.
You should back up your files, data, and other resources that are the backbones of your
business.
You can always turn to the backed up files in case of data loss through the invasion.
7. Restrict Access To Sensitive Information
Restrict access to all the sensitive information about yourself or your business. You can do
so by using strong passwords as well as user access levels in the case of database
information.
8. Hire a Security Expert
His job is to routinely check your systems for potential risks and prevent them. As a
business expands in its operations, it creates greater loopholes for access. In case of
intrusion, an expert, will use his expertise to mitigate the damages.
9.Use separate machines
To have totally separate and isolated machines for external access and and separate isloted
mahines for internal communications. When a secure computer and a computer for
external access are in the same building, communications between them should be via
memory sticks or Cds and not via wire or cable or otherwise.

Pg 9 Reproduction and/or distribution of this book, in any form, is prohibited. All rights reserved
 10. Disabling Features in Microsoft Windows that makes my computer vulnerable to
attacks.

ACTIVITY

USE YOUR COMPUTER TO LEARN HOW TO

 apply data privacy measures
 verify and validate data
 set up a firewall
 apply network security measures
 identify online crimes
 Creating user accounts with different access levels
 Using verification techniques during data capturing
 Using validation techniques to validate data such as checksum, format check
 Protecting networks using proxy servers

Pg 10 Reproduction and/or distribution of this book, in any form, is prohibited. All rights reserved