Imagine that you are to make a report on the following topics. While preparing it use the main information from the text.

1. How to become a computer graphics developer.

2. Advantages and disadvantages of 3D computer graphics.

3. 3D computer graphics in game industry.

UNIT 19

DATA PROTECTION

Vocabulary Bank Unit 19

Task 1. Read, write the translation and learn the basic vocabulary terms:

1. black-hat hacker

2. breaking open

3. cash-dispensing systems

4. computer extortion

5. console operator

6. cracker

7. dark filters

8. decryption

9. distortion

10. duplicate

11. embedded

12. encryption

1. envisage

13. fingerprints

14. firewall

15. firmware

16. for abusing

17. fraud

18. fraudulent use

19. freeware program

20. harassment

21. ill-intentioned use

22. impose

23. industrial espionage

24. innocent-looking file

25. intruder

26. IP spoofing

27. juristically fixed rules

28. leak

29. malicious software

30. massifs

31. personal enrichment

32. personal privacy

33. positive identification

34. predator

35. public cryptosystem

36. ransom

37. restrictions

38. safeguarding

39. security matrix

40. shareware applications

41. sneakernet crowd

42. sniffer program

43. spyware

44. surge protector

45. theft of data

46. throughput

47. to confine

48. to forge

49. to protect

50. unsanctioned

51. unscrupulous

52. violators

53. voiceprints

54. white-collar crime

55. worms

56. write-protect measures

Text 18A. DATA PROTECTION

The computer industry has been extremely vulnerable in the mat­ter of security. Computer security once meant the physical securi­ty of the computer itself — guarded and locked doors. Computer screens were given dark filters so others could not easily see the data on the screen. But filters and locks by no means prevented access. More sophisticated security means safeguarding the computer sys­tem against such threats as burglary, vandalism, fire, natural di­sasters, theft of data for ransom, industrial espionage, and various forms of white-collar crime.

Rapid development of automation processes and the penetration of the computers in all fields of life have lead to appearance of a range of peculiar problems. One of these problems is the necessity of providing effective protection to information and means of its processing.

A lot of ways to access information, considerable quantity of qualified specialists, vast use of special technical equipment in social production make it possible for violators practically at any moment and in any place carry out the actions, which represent a threat to information safety.

Particular role in this process has been played by appearance of personal computer (PC), which has made computers, software and other informational technologies available to general public. Wide distribution of PC and impossibility of conducting effective control of their use have resulted in the decreasing security level of information systems.

The problem of information security is relatively new. Not all problems, connected with it have been figured out and solved up to now. The fact of great number of computer systems users means the definite risk to security because not all clients will carry out the requirements of its providing.

The order of storage mediums should be clearly defined in legal acts and envisage the complete safety of mediums, control over the work with information, responsibility for unsanctioned access to medium with a purpose of copying, changing or destroying them and so on.

There are some legal aspects of information protection, which can appear due to not carefully thought or ill-intentioned use of computer techniques:

• Legal questions of informational massifs form distortions;

• Security of stored information from the unsanctioned access;

• Setting juristically fixed rules and methods of copyrights protection and priorities of software producers;

• Development of measures for providing the juridical power to the documents, which are given to the machines;

• Legal protection of the experts’ interests, who pass their knowledge to the databases;

• Setting of legal norms and juridical responsibility for using electronic computer means in personal interests, which hurt other people and social interests and can harm them;

• The lack of appropriate registration and control, low level of work and production personnel discipline, the access of an unauthorized persons to the computing sources create conditions for abusing and cause difficulties to their detection. In every computing canter it is usual to set and strictly follow the regulations of the access to different official rooms for employees of any categories.

The main purpose of information protection is preventing from the leak, theft, distortion, counterfeit of information; preventing the threat to person’s life and social safety, protection of the constitution and so on. The information is subjected to protection, when it may cause the harm for its owner, user or other person.

The development of computer technology and its wide use have lead to appearance and spread of computer crimes. Such situation causes alarm among those organizations and legislative institution that use computer technologies and, of course, people, who use new informational services at home.

The term “computer crime” was first used in the early 70s. However, the discussions concerning it are still actual. The top question of these discussions is “What unlawful actions are implied by computer crime”.

A rank of definitions of the computer crime has been composed. It often refers to crimes directly or indirectly connected to electronic computing machines and which includes a number of illegal acts, committed by means of electronic data processing system or against it. Others consider that computer crime is any action, which goes together with interfering with property rights and fulfilled by means of computers. The thirds think that computer crime can be defined as all intentional and unlawful actions, which lead to causing harm to possessions, with help of computers too.

There are following forms of computers criminality: computer manipulations, economic espionage, sabotage, computer extortion, “hacker” activity. The main character of committing computer crimes in the business field becomes highly qualified “white collars” from the suffered organization’s employees.

There are many causes, when “hackers” get a job with a goal of personal enrichment. But the most danger can represent such specialists, who are in collusion with managers of commercial structures and organized criminal groups; in these situations causing damage and weight of consequences considerably increases.

There are two types of unsanctioned access:

• internal “breaking open” – the criminal has access to the terminal, with information he interested in and can work with it for some time without somebody’s control;

• external “breaking open” – the criminal doesn’t have indirect access to the computer system, but has an opportunity of penetration to the protected system by means of remote access;

Analysis of such actions shows that single crimes from own or neighbor work places gradually develop into network computer crimes, which are carried out by means of breaking of organizations’ protecting systems.

Therefore the importance of information protection cannot be doubted. However, not only companies and state institutions need information protection system but also general home users need information protection system and should maintain the security of their computers.

Emphasis on Access and Throughput. For the last decade or so, computer programmers have concentrated on making it easy for people to use computer systems. Unfortunately, in some situations the systems are all too easy to use; they don’t impose nearly enough restrictions to safeguard confidential information or to prevent un­authorized persons from changing the information in a file.

It’s as if a bank concentrated all its efforts on handing out money as fast is it could and did very little to see that the persons who requested the money were entitled to it. Of course, a real bank works just the opposite way, checking very carefully before handing out any money. Computer systems that handle sensitive personal and financial data should be designed with the same philosophy in mind.

Positive Identification of Users. A computer system needs a sure way of identifying the people who are authorized to use it.

The identifi­cation procedure has to be quick, simple, and convenient. It should be so thorough that there is little chance of the computer being fooled by a clever imposter. At the same time, the computer must not reject legitimate users. Unfortunately, no identification system currently in use meets all these requirements.

At present, signatures are widely used to identify credit-card hold­ers, but it takes an expert to detect a good forgery. Sometimes even a human expert is fooled, and there is no reason to believe that a computer could do any better.

A variation is to have the computer analyze a person’s hand move­ments as he signs his name instead of analyzing the signature itself. Advocates of this method claim that different persons’ hand move­ments are sufficiently distinct to identify them. And while a forger might learn to duplicate another person’s signature, he probably would not move his hand exactly the way the person whose signa­ture he was forging did.

Photographs are also sometimes used for identification. But, peo­ple find it inconvenient to stop by a bank or credit card company and be photographed. Companies might lose business if they made the pictures an absolute requirement. Also, photographs are less useful these days, when people frequently change their appear­ance by changing the way they wear their hair. Finally, computer programs for analyzing photographs are still highly experimental.

Cash-dispensing systems often use two identification numbers: one is recorded on a magnetic stripe on the identification card, and the other is given to the cardholder. When the user inserts his card into the cash-dispensing terminal, he keys in the identification number he has been given. The computer checks to see that the number recorded on the card and the one keyed in by the user both refer to the same person. Someone who stole the card would not know what number had to be keyed in to use it. This method currently is the one most widely used for identifying computer users.

For a long time, fingerprints have provided a method of positive identification. But they suffer from two problems, one technical and one psychological.

The technical problem is that there is no simple system for com­paring fingerprints electronically. Also, most methods of taking fin­gerprints are messy. The psychological problem is that fingerprints are strongly associated in the public mind with police procedures. Because most people associate being fingerprinted with being ar­rested, they almost surely would resist being fingerprinted for rou­tine identification.

Voiceprints may be more promising. With these, the user has only to speak a few words into a microphone for the computer to analyze his voice. There are no psychological problems here. And technically it’s easier to take and analyze voiceprints than finger­prints. Also, for remote computer users, the identifying words could be transmitted over the telephone.

However, voiceprints still require more research. It has yet to be proved that the computer cannot be fooled by mimics. Also, tech­nical difficulties arise when the voice is subjected to the noise and distortion of a telephone line.

Even lip prints have been suggested. But it’s doubtful that kissing computers will ever catch on.

To date, the most reliable method of positive identification is the card with the magnetic stripe. If the technical problems can be worked out, however, voiceprints may prove to be even better.

Data Encryption. When sensitive data is transmitted to and from remote terminals, it must be encrypted (translated into a secret code) at one end and decrypted (translated back into plain text) at the other. Files also can be protected by encrypting the data before storing it and decrypting it after it has been retrieved.

Since it is impractical to keep secret the algorithms that are used to encrypt and decrypt data, these algorithms are designed so that their operation depends on a certain data item called the key. It is the key that is kept secret.

Even if you know all the details of the encrypting and decrypting algorithms, you cannot decrypt any mes­sages unless you know the key that was used when they were en­crypted.

For instance, the National Bureau of Standards has adopted an algorithm for encrypting and decrypting the data processed by fede­ral agencies. The details of the algorithm have been published in the Federal Register. Plans are under way to incorporate the algorithm in special purpose microprocessors, which anyone can purchase and install in his computer.

So the algorithm is available to anyone who bothers to look it up or buy one of the special purpose microprocessors. But the opera­tion of the algorithm is governed by a sixty-four-bit key. Since there are about 10²² possible sixty-four-bit keys, no one is likely to dis­cover the correct one by chance. And, without the correct key, knowing the algorithm is useless.

A recent important development involves what are called public- key cryptosystems.

In a public-key cryptosystem, each person using the system has two keys, a public key and a private key. Each person’s public key is published in a directory for all to see; each person’s private key is kept secret. Messages encrypted with a person’s public key can be decrypted with that person’s (but no one else’s) private key. Mes­sages encrypted with a person’s private key can be decrypted with that person’s (but no one else’s) public key.

Protection through Software. The software of a computer system, particularly the operating system, can be designed to prevent un­authorized access to the files stored on the system. The protection scheme uses a special table called a security matrix.

Each row of the security matrix corresponds to a data item stored in the system. Each entry in the table lies at the intersection of a particular row and a particular column. The entry tells what kind of access the person corresponding to the row in which the entry lies has to the data item corresponding to the column in which the entry lies.

Usually, there are several kinds of access that can be specified. For instance, a person may be able to read a data item but not change it. Or he may be able to both read and modify it. If the data is a program, a person may be able to have the computer execute the program without being able either to read or modify it. Thus, people can be allowed to use programs without being able to change them or find out how they work.

Needless to say, access to the security matrix itself must be re­stricted to one authorized person.

Also, the software has to be reliable. Even the software issued by reputable vendors may be full of bugs. One or more bugs may make it possible for a person to circumvent the security system. The secu­rity provisions of more than one computer system have been evad­ed by high school and college students.

Restricting the Console Operator. Most computer systems are ex­tremely vulnerable to the console operator. That’s because the op­erator can use the switches on the computer’s control panel to insert programs of his own devising, to read in unauthorized pro­grams, or to examine and modify confidential information, in­cluding the security matrix. In the face of these capabilities, any software security system is helpless. Computer systems for han­dling sensitive information must be designed so that the console operator, like other users, works through the software security system and cannot override it. One solution is to incorporate the security system in firmware instead of software, so that unautho­rized changes to it cannot be made easily.

Task 2. Discuss the following questions:

1. What is computer security?

2. What is the most serious problem: the loss of hardware, software, or the loss of data?

3. How does a computer system detect whether you are the person who should be granted access to it?

4. What are the shortcomings of each biometric means?

5. What is to prevent any user from copying PC software onto dis­kettes?

6. What steps can be taken to prevent theft or alteration of data?

7. What is the weakest link in any computer system?

8. Should a programmer also be a computer operator?

9. What is a security matrix?

10. Can the computer industry risk being without safeguards for securi­ty and privacy?

Task 3. Find English equivalents to the following words:

Забезпечити надійний захист інформації, загроза інформаційній безпеці, несанкціонований доступ, база даних, юридична відповідальність, протиправний акт, економічне шпигунство, зломник.

Task 4. Complete the sentences as in the text:

1. One of the most important problem for computer science is the providing ------

2. There are some legal ----- of computer protection.

3. Security of stored information from any unsanctioned ---

4. The main purpose of information protection is ----- from leak, theft, distortion of information.

5. Sometimes ----- get a job with a goal of personal enrichment.

Task 5. Give synonyms to:

To encrypt, to secure, confidential, biometric, recognition, imposter, to meet requirements, to detect, to lose business, appearance, to incorpo­rate, unless, to circumvent.

Give antonyms to:

Convenient, advocate, to reject, to encrypt, legitimate, messy, autho­rized, white-collar crime, to safeguard info, sensitive, to retrieve data, practical, by chance, private.

Task 6. Put the proper words into sentences:

foolproof, complicated, virus, unauthorized, crime, fingerprint, alter­ing, messages.

1. Computer security is more ... today than it was in the past.

2. International literature tells lurid stories about computer viruses ... — about bank swindles, espionage, sent from one computer to destroy the contents of others.

3. Movies like War Games have dramatized the dangers from ... entry to the computer systems that control nuclear weapons.

4. Methods used in computer-based criminal activity range from switch­ing or ... data as they enter the computer, to pulling self-conceal­ing instruction into the software.

5. The person who develops a ... lock for the computer data will make a fortune.

6. ... is the name generally given to software that causes ... of computer files.

7. People must be taught that some kinds of help, such as assisting ... users with passwords are inappropriate.

8. According to a published article, the Mafia has kidnapped an IBM executive and cut off his finger because it needed his ... to breach a computer security system.

9. Data sent over communication lines can be protected by encryp­tion, the process of scrambling ...

10. Firewall is security measures taken to block ... access to an Internet site.

Task 7. Mark the true sentences (T) and the false ones (F), according to the text.

1. The importance of information protection can be doubted.

2. “Hackers” are not so dangerous as ‘crackers”.

3. Poverty of “hackers” is the main reason of their computer crimes.

4. The problem of information security is not so old.

5. Every organization should set protection system.

Task 8. Define the function of that (those) in the following sentences and translate them.

1. This system of information security is more efficient than that described in that journal. 2. Computers are devices that are capable of very rapid and accurate calculation. 3. We know that the term “computer crime” was first used in the early 70-s. 4. On that day the main character of committing computer crimes was found. 5. Some think that computer crimes can be defined as unlawful actions. 6. The information protection system was similar to that described previously. 7. There are computers that can do many jobs. 8. That Ch. Babbage invented the first computer is well known. 9. Since that time it represents a threat to information safety. 10. Different forms of computer criminality were found in their company similar to those used in Vidtec.

Task 9. Discuss the following questions:

1. What is the main problem of information protection?

2. When was the term “computer crime “used?

3. What is security concerned with?

4. Why have computer crimes spread so quickly?

5. What is the difference between “hackers” and “crackers?

6. How can the main purpose of information protection be achieved?

7. What unlawful actions are implied by computer crimes?

8. What does statistics say about computer crimes?

9. Why are so many computer crimes committed?

10. Can you suggest the appropriate solution of the information protection?

Task 10. Translate the sentences into Ukrainian.

1. Web browsers warn you if the connection is not secure; they display a message when you try to send personal information to a server.

2. Private networks use a software and hardware mechanism, called a 'firewall', to block unauthorized traffic from the Internet.

3. You have to type your user name and password to access a locked computer system or network.

4. An open padlock in Netscape Communicator indicates the page is not secure; a closed padlock indicates the page is encrypted (secure).

Task 11. Read the text and do the exercises below.

Security and privacy on the Internet

There are a lot of benefits from an open system like the Internet, but we are also exposed to hackers who break into computer systems just for fun, as well as to steal information or propagate viruses. So how do you go about making online transactions secure?

Security on the Web

The question of security is crucial when sending confidential information such as credit card numbers. For example, consider the process of buying a book on the Web. You have to type your credit card number into an order form which passes from computer to computer on its way to the online bookstore. If one of the intermediary computers is infiltrated by hackers, your data can be copied. It is difficult to say how often this happens, but it's technically possible.

To avoid risks, you should set mail security alerts to high on your Web browser. Netscape Communicator and Internet Explorer display a lock when the Web page is secure and allow you to disable or delete “cookies”.

If you use online bank services, make sure your bank uses digital certificates. A popular security standard is SET (secure electronic transactions).

E-mail privacy

Similarly, as your e-mail message travels across the net, it is copied temporarily on many computers in between. This means it can be read, by unscrupulous people who illegally enter computer systems.

The only way to protect a message is to put it in a sort of 'envelope', that is, to encode it with some form of encryption. A system designed to send e-mail privately is Pretty Good Privacy, a freeware program written by Phil Zimmerman.

Network security

Private networks connected to the Internet can be attacked by intruders who attempt to take valuable information such as Social Security numbers, bank accounts or research and business reports.

To protect crucial data, companies hire security consultants who analyze the risks and provide security solutions. The most common methods of protection are passwords for access control, encryption and decryption systems, and firewalls.