sistem informasi online dan praktek penggunaan internet

Document Sample
sistem informasi online dan praktek penggunaan internet Powered By Docstoc
					Mudji Rachmat Ramelan
 Formal
    MBA, on Information Technology, 2005 Meinders Business
     School, Oklahoma City University, Oklahoma.
    B.Sc. Management. 1998. Marketing Management FE-UNILA
 Non Formal
    MCP (Microsoft Certified Professionals) on Windows 2000
     Server and Windows 2000 Professional, Dbase III+
     Programming, Paradox Programming, Novell Operating
     System, CCNA, Oracle 8, Sun Thin Client
    Diving Certificate Scuba Diver 3 1 Star Diver CMAS / POSSI
    Short Course in internet Technology Prince of Songkha
     University, Phuket Thailand
    Short Course Training on Information Technology Develop
     ment at Kunsan Vocational Training Institute, South Korea
    Short course for INHERENT administrator, ITB, Bandung
 (1999 – now) Lecturer at Management Department, FE UNILA
 (1996) Network Administrator Buletin Board Service - UNILA
 (1999) TA at Medical Faculty, Sriwijaya University Palembang
 (1997-2000) Administrator Project for UNILA–LAMPUNG node on with
    AI3 (Asia Internet Initiatives Interconnection)
   (1999–2000) Network Design Team for (SIAKAD) UNILA
   (1997–2002) IT Procurement Unit LPIU-DUE Project UNILA
   (1996 – 2002) Network Design Team and IU UNILA BACKBONE
   (2002 ) Procurement Unit for TPSDP–UNILA cooperation with BINUS
    (Bina Nusantara), GUNADARMA, BUMIGORA University.
   Task Force Inherent K2 Universitas Lampung 2006
   Procurement IMHERE Project UNILA 2007 – 2008
   PIC INHERENT Local Node UNILA 2006 - now
   Koordinator BBS-Unilanet Pusat Pelayanan Internet PUSKOM UNILA –
    July 2006 - now
 Sistem Informasi Manajemen
 E-Commerce
 Teknologi Informasi
 Pengantar Aplikasi Komputer
 Pemasaran International
 Internet and Intranet
    History and Function
    Email dan internet
    Browsing (if possible)
    Transfer File and File Saving
    Virus
 This “telephone” has too many shortcomings to be seriously
 considered as a means of communication. The device is inherently
 of no value to us.
                                -Western Union internal memo, 1876

 I think there is a world market for maybe five computers.
                               -Thomas Watson, chairman of IBM, 1943

 But what [is a microchip] good for?
                                -Engineer at the Advanced Computing
                                       Systems Division of IBM, 1968

 There is no reason anyone would want a computer in their home.
                          -Ken Olson, president, chairman, and founder
                                      of Digital Equipment Corp., 1977
 640K ought to be enough for anybody.
                   -Attributed to Bill Gates, chairman of Microsoft, 1981

 Dell has a great business model, but that dog won’t scale.
                  -John Shoemaker, head of Sun’s server division, 2000
Internet and Intranet
 Internet
    International network of network that are
     commercial (private) and publicly owned,
     connecting thousands of different network
     from more 200 countries around the world.
     (Managing digital Firm Page 17, K.C
Internet and Intranet
 Intranet
    An internal network based on internet and
     World Wide Web Standards (Managing
     digital Firm Page 24, K.C Laudon)

 Extranet
   Private Intranet that is accessible to
    authorized outsiders. (Managing digital Firm
    Page 24,
    K.C Laudon)
 Internet Map
 Internet map:
    Internet History
   1836 Telegraph, Patented.
   1858-1866 Transatlantic cable. Europe and US
   1876 Telephone by Alexander Graham Bell
   1957 Sputnik launch (USSR), Advanced Research Projects
    Agency (ARPA) Inside US DoD
   1962 - 1968 Packet-switching (PS) networks initiate as
    foundation of data transfer in internet
   1969 the birth of ARPANET by DoD
   1971 ARPANET expanded to 15 nodes (23 host), email were
   1972 the first public demonstration of ARPANET connecting 40
    host, Telnet were introduce
  Internet History (con’t)
   The first International connection of ARPANET to University
    College of London (England) and Royal Radar
    Establishment (Norway)
   Ethernet and FTP (file transfer protocol) format were initiate,
    the idea of internet emerged.
   TCP (Transmission Control Program) used as standard in
    ARPANET network
   Telenet, commercial version of ARPANET launched.
   Networking networks expanding.
   UUCP (Unix-to-Unix CoPy) created by AT&T Bell Labs and
    distributed together with UNIX
   UNIX as operating system still used until now.
  Internet History (con’t)
   E-mail become more popular
   Internet became reality with 100 connected host.
   THEORYNET became the fist network that provide
    email to more than 100 researcher.
   Email format and specifications became standard
   Public demonstration of ARPANET/Packet Radio Net/
    SATNET Internet protocols through gateways.
   News Groups introduced
   USENET created with UUCP and still used until today
   ARPA created Internet Configuration Control Board.
 Internet History (con’t)
   Various private and commercial network started to
    combine and connected.
   BITNET ("Because It's Time NETwork”) started as first
    cooperative network at City University (New York) with
    first connection to Yale University
   TCP/IP (Transmission Control Protocol (TCP) dan Internet
    Protocol (IP) ), became future data communication
   Internet became bigger and bigger
   Name server created, host naming with alphabet
    characters started.
   Internet Activities Board (IAB) created replacing ICCB
   Berkeley Labs launch UNIX 4.2BSD with TCP/IP
Internet History (con’t)
    Host connected reach 1000 hosts
    Domain Name Server (DNS) implemented, host naming
       become less complicated 123.456.789.10 =
    Internet power become reality with 5000 host connected
     and 241 news groups.
    Network News Transfer Protocol (NNTP) created.
    Internet commercialization, host number increased to
    UUNET established provided commercial UUCP and
     Usenet access.
Internet History (con’t)
   Introduction of Internet Relay Chat (IRC)
   Host increase to 100,000 hosts.
   The first relay between commercial email and internet
   Internet Engineering Task Force (IETF) and Internet
    Research Task Force (IRTF) established under IAB
   Host increase to 300,000 Hosts and 1,000 News
   ARPANET existence decrease
   The World ( the first company that
    provide internet service through dial up
Internet History (con’t)
    Friendly User Interface ke WWW created.
    Gopher created by Paul Lindner and Mark P. McCahill from
     university of Minnesota.
    World-Wide Web (WWW) standard established by CERN;
     Tim Berners-Lee
    Multimedia change the face of internet
    Host number increase to 1 million, News groups reach
    Established of Internet Society (ISOC)
    The first MBONE audio multicast (March) dan video
     multicast (November).
    "Surfing the Internet" introduced by by Jean Armour Polly.
Internet History (con’t)
      WWW revolution, 2 Million hosts and 600 WWW sites.
      Business and Media really take notice of the Internet.
      White house and United Nations on-line.
      Mosaic popularity in internet as front end for WWW
       evolved to Netscape the most popular WWW browser at
       that time.
   Internet commercialization started, 3 million host10.000
    www sites and 10.00 newsgroup
   ARPANET/Internet 25th year anniversary.
   Local community started to connect directly to internet,
    US senate start to give information server access.
   Internet Became life standard, the first Cyberbank opened
  Internet History (con’t)
   6.5 Million Hosts, 100,000 WWW Sites.
   dial-up systems (by Compuserve, America Online, Prodigy)
    selling internet access
   Domain name registration is not free any more.
   Search Engine technology introduced.
   Microsoft entering internet business, 12.8 Million hosts and
    0.5 million WWW sites.
   Telephone Technology through internet (VO-IP) became
    threat to telecommunication industry, they plead to US senate
    to banned this technology. (US Senate only banned this
    technology only for 1 year)
   WWW wars between netscape dan microsoft started.
September 2002
The Internet Reached Two
Important Milestones:

 200,000,000 IP Hosts
 > 840,000,000 Users
Internet Growth Trends
 2005
   The sky is the limits
   Use search engine to find more
Domain Name
 INTERNET naming based on TCP/IP protocol
   IP (Internet Protocol)
     Based on 4 column between 0 and 255 and each column
      separated by dot.
       This technology called IPv4 (Internet Protocol
        Version 4)
Domain Name
  IP address management in the world being distributed
  and manage by InterNIC where it will distributed to ISP
  (Internet Service Provider),
  ISP will distributed to its user and customer.
  DNS (domain name system) used to give flexibility to
  translate ip address number to non number
    =
    =
Domain Name
 DNS concepts can be describe as
   1      . 2 .3.4
 4 = country code
     .id   = Indonesia
     .uk   = United Kingdom   (
     .us   = United States    (peter@mars.nasa.go)
     .jp   = Japan            (
     .au   = Australia        (
     .sg   = Singapore        (
Domain Name
   1      . 2 .3.4
 .ac / the third column = institution type
     .ac. = Academic          (
     .edu.= Education         (
     .mil.= militer           (
     .com/co.= commercial (
     .gov/go. = government (
     .org / or = organization (
     .net. = Internet Service Provider (
     .tv. = television
     Web = web provide company
     Sch = school
Domain Name
    1      . 2 .3.4
 .unila / 2nd column = institution name
      .itb.= Institut Teknologi Bandung    (
      .ui. = Universitas Indonesia         (
      .bppt. = BPPT                        (
      .ptme = PT. Metrodata Elektronik     (
      .republika = Koran Republika (

 Maiser. / 1st column = machine/host name/sub institution
     maiser = komputer mail server
    cnrg = computer network research
     xxx = komputer xxx
 Format email
    MISAL :
 Email reader
      Pine                        (unix environment)
      Outlook                     (windows environment)
      Netscape Messengger         (windows environment)
      Eudora                      (windows environment)
      Pegasus                     (dos/windows
      dll
Main component of email
   From         (sender)
   To           (receiver)
   CC           (carbon copy / tembusan)
   BCC          (blind carbon copy / tembusan)
   Subject      (isi subyek dari email)
   ATTACHMENT   (sisipan file)
gTLD        Entity                                      Notes
.aero   air-transport       Must verify eligibility for registration; only those in various
        industry            categories of air-travel-related entities may register.
.asia   Asia-Pacific region This is a TLD for companies, organizations, and individuals based
                            in the region of Asia, Australia, and the Pacific.
.biz    business            This is an open TLD; any person or entity is permitted to register;
                            however, registrations may be challenged later if they are not by
                            commercial entities in accordance with the domain's charter.
.cat    Catalan             This is a TLD for websites in the Catalan language or related to
                            Catalan culture.
.com    commercial          This is an open TLD; any person or entity is permitted to register.
.coop   cooperatives        The .coop TLD is limited to cooperatives as defined by the
                            Rochdale Principles.
.edu    educational         The .edu TLD is limited to accredited postsecondary institutions
                            (nearly all 2 and 4-year colleges and universities in the U.S. and
                            increasingly overseas, e.g., Australia and China).
.gov    U.S. governmental The .gov TLD is limited to U.S. governmental entities and
                            agencies (mostly but not exclusively federal).
.info   information         This is an open TLD; any person or entity is permitted to register.
  gTLD        Entity                                   Notes
.int      international    The .int TLD is strictly limited to organizations, offices, and
          organizations    programs which are endorsed by a treaty between two or
                           more nations.
.jobs     companies        The .jobs TLD is designed to be added after the names of
                           established companies with jobs to advertise. At this time,
                           owners of a "" domain are not permitted to post
                           jobs of third party employers.
.mil      U.S. military    The .mil TLD is limited to use by the U.S. military.
.mobi     mobile devices   Must be used for mobile-compatible sites in accordance with
.museum museums            Must be verified as a legitimate museum.
.name   individuals, by    This is an open TLD; any person or entity is permitted to
        name               register; however, registrations may be challenged later if they
                           are not by individuals (or the owners of fictional characters) in
                           accordance with the domain's charter.
  gTLD        Entity                                     Notes
.net      network            This is an open TLD; any person or entity is permitted to
.org      organization       This is an open TLD; any person or entity is permitted to
.pro      professions        Currently, .pro is reserved for licensed or certified lawyers,
                             accountants, physicians and engineers in France, Canada, UK
                             and the U.S. A professional seeking to register a .pro domain
                             must provide their registrar with the appropriate credentials.
.tel      Internet
.travel   travel and tourism Must be verified as a legitimate travel-related entity.
          industry related
    Other top domain name trends 1
 Tuvalu and the Federated States of Micronesia, small island-states in the Pacific,
  have partnered with VeriSign and FSM Telecommunications respectively, to sell
    domain names using the .tv and .fm TLDs to television and radio stations.
   .ad is a ccTLD for Andorra, but has recently been increasingly used by advertising
    agencies or classified advertising.
   .am is a ccTLD for Armenia, but is often used for AM radio stations, or for domain
    hacks (such as
   .dj is a ccTLD for Djibouti but is used for CD merchants and disc jockeys.
   .je is a ccTLD for Jersey but is often used as a diminutive in Dutch (e.g. ""), as
    "you" ("" = "search ye!"), or as "I" in French (e.g. "") .la is a ccTLD for
    Laos but is marketed as the TLD for Los Angeles.
   .li is a ccTLD for Liechtenstein but is marketed as the TLD for Long Island.
   .lv is a ccTLD for Latvia but is also used to abbreviate Las Vegas or less frequently,
    love. .ly is a ccTLD for Libya but is also used for words ending with suffix "ly".
    Other top domain name trends 2
 .sc is a ccTLD for Seychelles but is often used as .Source
 .sh is a ccTLD for Saint Helena, but is also sometimes used for entities connected to
  the German Bundesland of Schleswig-Holstein.
 .si is a ccTLD for Slovenia, but is also used by Hispanic sites as "yes" ("sí"). Mexican
  mayor candidate Jorge Arana, for example, had his web site registered as (i.e. "Jorge Arana, sí", meaning Jorge Arana, yes").
 .sr is a ccTLD for Suriname but is marketed as being for "seniors".
 .st is a ccTLD for São Tomé and Príncipe but is being marketed worldwide as an
    abbreviation for various things including "street".
   .tk is a ccTLD for Tokelau but is bought by someone and given away at page
   .tm is a ccTLD for Turkmenistan but it can be used as "Trade Mark"
   .to is a ccTLD for Tonga but is often used as the English word "to", like ""; also is
    marketed as the TLD for Toronto.
   .tv is a ccTLD for Tuvalu but it is used for the television ("TV") / entertainment
    industry purposes.
   .vg is a ccTLD for British Virgin Islands but is sometimes used to abbreviate Video
    Other top domain name trends 3
 .vu is a ccTLD for Vanuatu but means "seen" in French as well as an
    abbreviation for the English language word "view".
   .ws is a ccTLD for Samoa (earlier Western Samoa), but is marketed as
   .md is a ccTLD for Moldova, but is marketed to the medical industry (as in
    "medical domain" or "medical doctor").
   .me is a ccTLD for Montenegro, and is recently opened to individuals.
   .ms is a ccTLD for Montserrat, but is also used by Microsoft for such
    projects as
   .mu is a ccTLD for Mauritius, but is used within the music industry.
   .ni is a ccTLD for Nicaragua, but is occasionally adopted by companies
    from Northern Ireland, particularly to distinguish from the more usual
   .uk within all parts of the United Kingdom
   .nu is a ccTLD for Niue but marketed as resembling "new" in English and
    "now" in Scandinavian/Dutch. Also meaning "nude" in French/Portuguese.
   .pr is a ccTLD for Puerto Rico, but can be used in the meaning of "Public
Internet Value
Business Use of the Internet
Internet connectivity
 Broadband                Fiber Optic
    Speedy (Indonesia)    Mobile
    (US)             Telkomsel Flash
 Dial Up                     Indosat
    Telkomnet Instant        Virgin Mobile
     (Indonesia_              AT&T
    Netzero (US)          PRICING !!!!
 Wireless Lan
    2.4 Ghz
    5.x Ghz
Metcalfe’s Law
 The usefulness, or utility, of a network equals the
  square of the number of users
   The more users on a network, the more useful
    it becomes
 Until critical mass is reached, a change in technology
  only affects the technology
   Once critical mass is attained, social, political, and
    economic systems change
   Example: The Internet is growing exponentially. We can
    expect more value, for less cost, virtually every time we
    log on.

Broadband Internet Trend
   South Korea (95%)                                                    Norway (75%)
   Singapore (88%)                                                      Australia (72%)
   Netherlands (85%)                                                    Finland (69%)
   Denmark (82%)                                                        France (68%)
   Taiwan (81%)                                                         United Kingdom (67%)
   Hong Kong (81%)                                                      United Arab Emirates
   Israel (77%)                                                          (65%)
   Switzerland (76%)                                                    Japan (64%)
   Canada (76%)                                                         Sweden (63%)
                                                                         Estonia (62%)
                                                                         Belgium (62%)
                                                                         USA (60%)
    Source :
Internet Population (in million)
Internet Growth Trends
   1977: 111 hosts on Internet
   1981: 213 hosts
   1983: 562 hosts
   1984: 1,000 hosts
   1986: 5,000 hosts
   1987: 10,000 hosts
   1989: 100,000 hosts
   1992: 1,000,000 hosts
   2001: 150 – 175 million hosts
   2002: over 200 million hosts
   By 2010, about 80% of the planet will be on the
Internet Application
E-Commerce Matrix
E-commerce sites component
 Shopping cart Website
 Security
 Payment
 E-commerce sites
Waseda University e-gov rank
Waseda University e-gov rank
 (Taiwan)
 (Singapore)
 (Singopore)
 (USA)
 Indonesia Higher Education Network
 Pertama kalinya Indonesia mempunyai jaringan
  riset dan pendidikan
 Agustus 2006
 Jaringan sejenis di negara lain
     Singapore : SINGAREN (
     Australia : AARNET (
     China : CERNET (
     USA : ABILENE (
     Europe : GEANT (
     Asia : TEIN2 (
    Tingkatan jaringan (network)
  – Stm 1 : 155 Mbps

  – 4E1: 8 Mbps

  – 1E1 : 2 Mbps

  – 1 Mbps :
Konfigurasi INHERENT 2006 (Jilid 1)
Jejaring Pendidikan Nasional
 Sekitar Juli 2006
 Kategori dan Fungsi utama JARDIKNAS :
   JARDIKNAS Kantor Dinas/Institusi
       Transaksi data online SIM Pendidikan
   JARDIKNAS Perguruan Tinggi
       Riset dan Pengembangan IPTEKS
   JARDIKNAS Sekolah
       Akses Informasi dan E-Learning
   JARDIKNAS Guru dan Siswa
       Akses Informasi dan Interaksi Komunitas
Media Koneksi dan Network Jardiknas
   Zona                      Zona Kantor                     Zona Guru
               Perguruan                      Zona Sekolah
 Teknologi                  Dinas/Institusi                  dan Siswa

                            Serat Optik,
Media         Serat Optik                     Wireless dan   Seluler dan
                            Wireline dan
Akses         dan Satelit                     Wireline       Wireline

              2 Mbps s/d    256 Kbps s/d      64 Kbps s/d    32 Kbps s/d
              155 Mbps      2 Mbps            1 Mbps.        384 Kbps
              STM-1, VSAT                                    ADSL,
              IP                              ADSL dan       3G/UMTS,
Teknologi                 MPLS, VPN IP,
              Dedicated                       Wireless 2.4   GPRS,
Jaringan                  dan VSAT
              atau                            Ghz            CDMA,
              Leased Line                                    Dialup
Node Tersambung JARDIKNAS akhir 2007
(Keynote Speech, By, H. E. Prof. Dr. Bambang Sudibyo, MBA., Minister of National Education, Republic of Indonesia, In Microsoft Government Leader Forum (MGLF), Asia Pacific
2008, Jakarta, 8 May 2008)

  Sampai akhir 2007
  865 nodes (OfficeNet)
  10.000 nodes (SchoolNet)
  83 perguruan tinggi negeri
  200 perguruan tinggi swasta
  36 unit belajar jarak jauh Universitas Terbuka
Jardiknas Lampung
Jaringan FO Unila
Pemanfaatan INHERENT
 Video Conference
 IPv6
 Peningkatan Content Pembelajaran
 Grid Computing
     Beberapa Situs Content INHERENT
1.       8. 15.
2.         9.       16.
3.        10.     17.
4.   inherent.wijayakusumasb 11.           18.
5.       12.   19.
6.         13.      20.
7.   14.      21.
 2006
              INHERENT 33.702.749.722,00
             JARDIKNAS,00
                   Total 68.730.814.722,00
 2007
                        INHERENT ……….?
                        JARDIKNAS ……..?
                              Total ……..?
 Implemented on
   Garuda, bank mandiri, BII, BNI, Telkom, FIF, SQP Indonesia,
    Citibank, IBM Indonesia
   November 2006 18.431 employee, on October 2007 16.733 employee
    already use E-learning program
   The number will be higher than stated mostly because one
    employee can attend several modules repeatedly
   Courseware (Content) 8.1 M Rp.
       69 course
       269 module, 167 hours
   Efficiency approx. 64 M Rp. On transportation, pocket money,
    consumption and accommodation
E-learning case studies
   Employee Competency
   BII Portal Corporate University (open source) as knowledge
      management system
     CMS (content management system based)
     LMS (learning management system) implementation (open source)
     0.1% development cost from total training budget’
     Upgrading hardware performance, creating teaching module
     Created module (mandate module for employee)
           Know your customer – anti money laundering
           Operational risk management
           Product knowledge and service quality
     Target 70 hours on e-learning
     Target to cover 6.305 employee estimate
     Traditional methods can only covering 2.000 employee a year
     With e-learning all 6.305 employee can be covered in one year
     85% cost reduction
E-learning case studies
 FIF (Federal International Finance)
    Traditional methods
       every fresh employee must take Basic mentality module
       Target for 2.500 employee at a 650 M Rp.
       6 days training
   New Methods
       Converting traditional training to e-learning
       3 days
       2.500 employee at approx. 185 M Rp.
       Efficiency at 72%
Internet Security
 Computer crime includes
    Unauthorized use, access, modification, or destruction
     of hardware, software, data, or network resources
    The unauthorized release of information
    The unauthorized copying of software
    Denying an end user access to his/her own hardware,
     software, data, or network resources
    Using or conspiring to use computer or network
     resources illegally to obtain information or tangible
Cybercrime Protection Measures
 Hacking is
    The obsessive use of computers
    The unauthorized access and use of networked computer
 Electronic Breaking and Entering
    Hacking into a computer system and reading files, but
     neither stealing nor damaging anything
 Cracker
    A malicious or criminal hacker who maintains knowledge
     of the vulnerabilities found for
     private advantage
Common Hacking Tactics
 Denial of Service
    Hammering a website’s equipment with too many requests for
    Clogging the system, slowing performance, or crashing the site
 Scans
    Widespread probes of the Internet to determine types of
     computers, services, and connections
    Looking for weaknesses
 Sniffer
    Programs that search individual packets of data as they pass
     through the Internet
    Capturing passwords or entire contents
 Spoofing
    Faking an e-mail address or Web page to trick users into passing
     along critical information like passwords or credit card numbers
Common Hacking Tactics
 Trojan House
      A program that, unknown to the user, contains instructions that
       exploit a known vulnerability in some software
   Back Doors
      A hidden point of entry to be used in case the original entry point
       is detected or blocked
   Malicious Applets
      Tiny Java programs that misuse your computer’s resources, modify
       files on the hard disk, send fake email, or steal passwords
   War Dialing
      Programs that automatically dial thousands of telephone numbers
       in search of a way in through a modem connection
   Logic Bombs
      An instruction in a computer program that triggers a malicious act
Common Hacking Tactics
 Buffer Overflow
    Crashing or gaining control of a computer by sending too much
     data to buffer memory
 Password Crackers
    Software that can guess passwords
 Social Engineering
    Gaining access to computer systems by talking unsuspecting
     company employees out of valuable information, such as passwords
 Dumpster Diving
    Sifting through a company’s garbage to find information to help
     break into their computers
Cyber Theft
 Many computer crimes involve the theft of money
 The majority are “inside jobs” that involve
  unauthorized network entry and alternation of
  computer databases to cover the tracks of the
  employees involved
 Many attacks occur through the Internet
 Most companies don’t reveal that they have been
  targets or victims of cybercrime
Unauthorized Use at Work
 Unauthorized use of computer systems and networks
  is time and resource theft
   Doing private consulting
   Doing personal finances
   Playing video games
   Unauthorized use of the Internet or company networks
 Sniffers
    Used to monitor network traffic or capacity
    Find evidence of improper use
Internet Abuses in the Workplace
   General email abuses
   Unauthorized usage and access
   Copyright infringement/plagiarism
   Newsgroup postings
   Transmission of confidential data
   Pornography
   Hacking
   Non-work-related download/upload
   Leisure use of the Internet
   Use of external ISPs
   Moonlighting

               Chapter 13 Security and Ethical Challenges   73
Software Piracy
 Software Piracy
    Unauthorized copying of computer programs
 Licensing
    Purchasing software is really a payment
     for a license for fair use
    Site license allows a certain number of copies

                                                             A third of the software
                                                             industry’s revenues are
                                                                  lost to piracy

                Chapter 13 Security and Ethical Challenges                             74
Theft of Intellectual Property
 Intellectual Property
    Copyrighted material
    Includes such things as music, videos, images, articles,
     books, and software
 Copyright Infringement is Illegal
    Peer-to-peer networking techniques have made it easy
     to trade pirated intellectual property
 Publishers Offer Inexpensive Online Music
    Illegal downloading of music and video is
     down and continues to drop

                Chapter 13 Security and Ethical Challenges      75
Viruses and Worms
 A virus is a program that cannot work without being
 inserted into another program
   A worm can run unaided
 These programs copy annoying or destructive routines
 into networked computers
   Copy routines spread the virus
 Commonly transmitted through
    The Internet and online services
    Email and file attachments
    Disks from contaminated computers
    Shareware

              Chapter 13 Security and Ethical Challenges   76
Top Five Virus Families of all Time
  My Doom, 2004
     Spread via email and over Kazaa file-sharing network
     Installs a back door on infected computers
     Infected email poses as returned message or one that can’t be opened
      correctly, urging recipient to click on attachment
     Opens up TCP ports that stay open even after termination of the
     Upon execution, a copy of Notepad is opened, filled with nonsense
  Netsky, 2004
     Mass-mailing worm that spreads by emailing itself to all email
      addresses found on infected computers
     Tries to spread via peer-to-peer file sharing by copying itself into the
      shared folder
     It renames itself to pose as one of 26 other common files along the
 Top Five Virus Families of all Time
 SoBig, 2004
    Mass-mailing email worm that arrives as
     an attachment
      Examples: Movie_0074.mpg.pif, Document003.pif
    Scans all .WAB, .WBX, .HTML, .EML, and .TXT files looking for
     email addresses to which it can send itself
    Also attempts to download updates for itself
 Klez, 2002
    A mass-mailing email worm that arrives with a randomly named
    Exploits a known vulnerability in MS Outlook to auto-execute on
     unpatched clients
    Tries to disable virus scanners and then copy itself to all local and
     networked drives with a random file name
    Deletes all files on the infected machine and any mapped network
     drives on the 13th of all even-numbered months
 Top Five Virus Families of all Time
 Sasser, 2004
    Exploits a Microsoft vulnerability to spread from computer to
     computer with no user intervention
    Spawns multiple threads that scan local subnets for vulnerabilities
The Cost of Viruses, Trojans,
 Cost of the top five virus families
    Nearly 115 million computers in 200 countries were
     infected in 2004
    Up to 11 million computers are believed to
     be permanently infected
    In 2004, total economic damage from virus proliferation
     was $166 to $202 billion
    Average damage per computer is between
     $277 and $366
Adware and Spyware
 Adware
    Software that purports to serve a useful purpose, and
     often does
    Allows advertisers to display pop-up and banner ads
     without the consent of the computer users
 Spyware
    Adware that uses an Internet connection in the
     background, without the user’s permission
     or knowledge
    Captures information about the user and sends it over
     the Internet
Spyware Problems
 Spyware can steal private information and also
    Add advertising links to Web pages
    Redirect affiliate payments
    Change a users home page and search settings
    Make a modem randomly call premium-rate phone
    Leave security holes that let Trojans in
    Degrade system performance
 Removal programs are often not completely successful in
 eliminating spyware
Privacy Issues
 The power of information technology to store and
 retrieve information can have a negative effect on
 every individual’s right to privacy
   Personal information is collected with every
    visit to a Web site
   Confidential information stored by credit
    bureaus, credit card companies, and the government has
    been stolen or misused
Opt-in Versus Opt-out
 Opt-In
   You explicitly consent to allow data to be compiled
    about you
   This is the default in Europe
 Opt-Out
   Data can be compiled about you unless you specifically
    request it not be
   This is the default in the U.S.

Privacy Issues
 Violation of Privacy
    Accessing individuals’ private email conversations and
     computer records
    Collecting and sharing information about individuals gained
     from their visits to Internet websites
 Computer Monitoring
    Always knowing where a person is
    Mobile and paging services are becoming more closely
     associated with people than with places
 Computer Matching
    Using customer information gained from many sources to
     market additional business services
 Unauthorized Access of Personal Files
    Collecting telephone numbers, email addresses, credit card
     numbers, and other information to build customer profiles
Protecting Your Privacy on the
 There are multiple ways to protect your privacy
    Encrypt email
    Send newsgroup postings through anonymous remailers
    Ask your ISP not to sell your name and information to
     mailing list providers and
     other marketers
    Don’t reveal personal data and interests on
     online service and website user profiles
Privacy Laws
 Electronic Communications Privacy Act
  and Computer Fraud and Abuse Act
    Prohibit intercepting data communications messages, stealing or
     destroying data, or trespassing in federal-related computer systems
 U.S. Computer Matching and Privacy Act
    Regulates the matching of data held in federal agency files to verify
     eligibility for federal programs
 Other laws impacting privacy and how
  much a company spends on compliance
    Sarbanes-Oxley
    Health Insurance Portability and Accountability Act (HIPAA)
    Gramm-Leach-Bliley
    USA Patriot Act
    California Security Breach Law
    Securities and Exchange Commission rule 17a-4

                   Chapter 13 Security and Ethical Challenges                87
Computer Libel and Censorship
 The opposite side of the privacy debate…
    Freedom of information, speech, and press
 Biggest battlegrounds - bulletin boards, email boxes, and online
  files of Internet and public networks
 Weapons used in this battle – spamming, flame mail, libel laws,
  and censorship
 Spamming - Indiscriminate sending of unsolicited email
  messages to many Internet users
 Flaming
    Sending extremely critical, derogatory, and often vulgar email
      messages or newsgroup posting to other users on the Internet
      or online services
    Especially prevalent on special-interest newsgroups

                  Chapter 13 Security and Ethical Challenges          88
 Laws intended to regulate activities over the Internet or via electronic
  communication devices
    Encompasses a wide variety of legal and political issues
    Includes intellectual property, privacy, freedom of expression, and
 The intersection of technology and the law is controversial
    Some feel the Internet should not be regulated
    Encryption and cryptography make traditional form of regulation
    The Internet treats censorship as damage and simply routes around
 Cyberlaw only began to emerge in 1996
    Debate continues regarding the applicability of legal principles
     derived from issues that had nothing to do with cyberspace

                    Chapter 13 Security and Ethical Challenges               89
Internetworked Security Defenses
   Encryption
      Data is transmitted in scrambled form
      It is unscrambled by computer systems for authorized
       users only
      The most widely used method uses a pair of public and
       private keys unique to each individual

                 Chapter 13 Security and Ethical Challenges    90
Internetworked Security Defenses
  Firewalls
     A gatekeeper system that protects a company’s intranets
      and other computer networks from intrusion
     Provides a filter and safe transfer point for
      access to/from the Internet and other networks
     Important for individuals who connect to the Internet
      with DSL or cable modems
     Can deter hacking, but cannot prevent it

                Chapter 13 Security and Ethical Challenges      91
Internet and Intranet Firewalls

        Chapter 13 Security and Ethical Challenges   92
Denial of Service Attacks
 Denial of service attacks depend on three
 layers of networked computer systems
   The victim’s website
   The victim’s Internet service provider
   Zombie or slave computers that have been
    commandeered by the cybercriminals

               Chapter 13 Security and Ethical Challenges   93
Defending Against Denial of Service
   At Zombie Machines
      Set and enforce security policies
      Scan for vulnerabilities
   At the ISP
      Monitor and block traffic spikes
   At the Victim’s Website
      Create backup servers and network connections

                 Chapter 13 Security and Ethical Challenges   94
Internetworked Security Defenses
  Email Monitoring
     Use of content monitoring software that scans
      for troublesome words that might compromise
      corporate security
  Virus Defenses
     Centralize the updating and distribution of antivirus
     Use a security suite that integrates virus protection with
      firewalls, Web security,
      and content blocking features

                  Chapter 13 Security and Ethical Challenges       95
Other Security Measures
 Security Codes
    Multilevel password system
    Encrypted passwords
    Smart cards with microprocessors
 Backup Files
    Duplicate files of data or programs
 Security Monitors
    Monitor the use of computers and networks
    Protects them from unauthorized use, fraud, and destruction
 Biometrics
    Computer devices measure physical traits that make each individual
      Voice recognition, fingerprints, retina scan
 Computer Failure Controls
    Prevents computer failures or minimizes its effects
    Preventive maintenance
    Arrange backups with a disaster recovery organization

                   Chapter 13 Security and Ethical Challenges             96
Other Security Measures
 In the event of a system failure, fault-tolerant systems have
  redundant processors, peripherals, and software that provide
    Fail-over capability: shifts to back up components
    Fail-save capability: the system continues to operate at the same
    Fail-soft capability: the system continues to operate at a reduced
     but acceptable level
 A disaster recovery plan contains formalized procedures to follow in
  the event of a disaster
    Which employees will participate
    What their duties will be
    What hardware, software, and facilities will be used
    Priority of applications that will be processed
    Use of alternative facilities
    Offsite storage of databases

                   Chapter 13 Security and Ethical Challenges             97
Auditing IT Security
 IT Security Audits
    Performed by internal or external auditors
    Review and evaluation of security measures
     and management policies
    Goal is to ensure that that proper and adequate
     measures and policies are in place

                Chapter 13 Security and Ethical Challenges   98
Protecting Yourself from

         Chapter 13 Security and Ethical Challenges   99