Lecture 21 - Computer security ethics. After studying this chapter you will be able to understand: Hackers’ code of ethics, new(er) hacker ethics, security threats, ethical issues in security courses. | Lecture 21 Computer Security Ethics Before we start Being ethical is not necessarily following one’s feelings; “feelings frequently deviate from what is ethical“ Often because of the way one is raised, ethics and religion are coupled; but ethics is not confined to religion nor is the same as religion Being ethical is not solely following the law. Elements of practical ethics through basic philosophy: Ethical thought Ethical definition Ethical values Example: “If a person conceives of engineering activity as only making money, then one's definition of practical ethics, one's actions and values will, be guided by this basic philosophical position. “ Security in: Client / Workstation / Terminal Intra-networks Inter-networks In terms of: Physical Security Non-Physical Security Security Threats (sources, causes, people behind) : Hackers Crackers Script Kiddies Unethical Employees (logic bombs, backdoor, ) Cyberterrorists Corporate Spy Worm / Virus / Trojan (incl. keyloggers, ) Spoofing / Sniffing / Phishing DoS / DDoS attacks Hoax / Spam . Examples: Example of Phishing: Hackers’ Code of Ethics: Hacker creed (Steven Levy’s “Hackers: Heroes of Computer Revolution” - 1984 ): Access to computers should be unlimited and total. Always yield to the Hands-On Imperative All information should be free. Mistrust authority -- promote decentralization. Hackers should be judged by their hacking. You can create art and beauty on a computer. Computers can change your life for the better. New Code of Ethics (90s) - Steven Mizrach : "Above all else, do no harm" Protect Privacy "Waste not, want not." Exceed Limitations The Communicational Imperative Leave No Traces Share! Self Defense Hacking Helps Security Trust, but Test! In Short : 1) protect data and hardware 2) respect and protect privacy 3) utilize what is being wasted by others 4) exceed unnecessary restrictions 5) promote peoples' right to communicate 6) leave no traces 7) share data and software 8) be vigilant against . | Lecture 21 Computer Security Ethics Before we start Being ethical is not necessarily following one’s feelings; “feelings frequently deviate from what is ethical“ Often because of the way one is raised, ethics and religion are coupled; but ethics is not confined to religion nor is the same as religion Being ethical is not solely following the law. Elements of practical ethics through basic philosophy: Ethical thought Ethical definition Ethical values Example: “If a person conceives of engineering activity as only making money, then one's definition of practical ethics, one's actions and values will, be guided by this basic philosophical position. “ Security in: Client / Workstation / Terminal Intra-networks Inter-networks In terms of: Physical Security Non-Physical Security Security Threats (sources, causes, people behind) : Hackers Crackers Script Kiddies Unethical Employees (logic bombs, backdoor, ) Cyberterrorists Corporate Spy Worm / Virus / Trojan (incl. keyloggers, ) .