Course Outline

• Computer security risk

• Internet, and Network Attack
• Unauthorized Access and Use
• Hardware, Software, and Information Theft
• System Failure and Backing Up
• Discussion : Encryption Algorithms, and Data Privacy

1
 Computer Security Risks
A computer security risk is any event or action that could
cause a loss of or damage to computer hardware,
software, data, information, or processing capability
A cybercrime is an online or Internet-based illegal act

Hackers Crackers Script Kiddies Corporate Spies

Unethical
Cyberextortionists Cyberterrorists
Employees
2
 Internet and Network Attacks
• Information transmitted over networks has a higher
degree of security risk than information kept on an
organization’s premises
• An online security service is a Web site that evaluates
your computer to check for Internet and e-mail
vulnerabilities

3
 Internet and Network Attacks

Computer
Worm Trojan Horse Rootkit
Virus
• Affects a • Copies itself • A malicious • Program that
computer repeatedly, program that hides in a
negatively by using up hides within computer
altering the resources or looks like and allows
way the and possibly a legitimate someone
computer shutting program from a
works down the remote
computer or location to
network take full
control

4
Infected computer has one or more of the following symptoms:

Operating system Available memory Screen displays

Files become
runs much slower is less than unusual message
corrupted
than usual expected or image

Unknown
Music or unusual Programs or files
Existing programs programs or files
sound plays do not work
and files disappear mysteriously
randomly properly
appear

Operating system
System properties Operating system
shuts down
change does not start up
unexpectedly

5
6
Users can take several
precautions to protect
their home and work
computers and mobile
devices from these
malicious infections

7
 Internet and Network Attacks
• A botnet is a group of compromised computers connected to a network
• A compromised computer is known as a zombie
• A denial of service attack (DoS attack) disrupts computer access to Internet
services
• Distributed DoS (DDoS)
• A back door is a program or set of instructions in a program that allow users
to bypass security controls
• Spoofing is a technique intruders use to make their network or Internet
transmission appear legitimate
• A firewall is hardware and/or software that protects a network’s resources
from intrusion

8
 Internet and Network Attacks

Intrusion detection software

• Analyzes all network traffic
• Assesses system vulnerabilities
• Identifies any unauthorized intrusions
• Notifies network administrators of suspicious behavior
patterns or system breaches
Honeypot
• Vulnerable computer that is set up to entice an intruder to
break into it
9
 Unauthorized Access and Use

Unauthorized access is Unauthorized use is the

the use of a computer or use of a computer or its
network without data for unapproved or
permission possibly illegal activities

10
 Unauthorized Access and Use
Organizations take
several measures to help
prevent unauthorized
access and use
• Acceptable use policy
• Disable file and printer
sharing
• Firewalls
• Intrusion detection
software

11
 Unauthorized Access and Use
• Access controls define who can access a computer, when they can access it,
and what actions they can take
• Two-phase processes called identification and authentication
• User name
• Password
• Passphrase
• CAPTCHA

12
 Security
• A possessed object is any • A biometric device
item that you must carry to authenticates a person’s
gain access to a computer or identity by translating a
computer facility personal characteristic into a
• Often are used in combination digital code that is compared
with a personal identification with a digital code in a
number (PIN) computer

13
 Digital Forensics
• Digital forensics is the discovery, collection, and analysis of evidence found on
computers and networks
• Many areas use digital forensics

Law Criminal Military

enforcement prosecutors intelligence

Information
Insurance
security
agencies
departments

14
 Hardware Theft and Vandalism

Hardware vandalism
Hardware theft is the
is the act of defacing
act of stealing
or destroying
computer equipment
computer equipment

15
 Hardware Theft Security
To help reduce the of chances of theft, companies and schools use a variety of
security measures

Cables to lock
Physical access controls Alarm systems
equipment

Real time location Passwords, possessed

system objects, and biometrics

16
Software theft occurs when someone:

Intentionally
Steals software
erases
media
programs

Illegally
Illegally copies registers and/or
a program activates a
program
17
 Information Theft
• Information theft occurs when someone steals personal or confidential
information
• Encryption is a process of converting readable data into unreadable
characters to prevent unauthorized access

18
19
 Information Theft
• A digital signature is an encrypted code that a person, Web site, or
organization attaches to an electronic message to verify the identity of the
sender
• Often used to ensure that an impostor is not participating in an Internet transaction
• Web browsers and Web sites use encryption techniques
• Popular security techniques include :

Digital Transport Layer

Secure HTTP VPN
Certificates Security (TLS)

20
 System Failure
• A system failure is the prolonged malfunction of a computer
• A variety of factors can lead to system failure, including:
• Aging hardware
• Natural disasters
• Electrical power problems
• Noise, undervoltages, and overvoltages
• Errors in computer programs
• Two ways to protect from system failures caused by electrical power
variations include surge protectors and uninterruptable power supplies (UPS)

21
 Backing Up – The Ultimate Safeguard
• A backup is a duplicate of a file, program, or disk that can be used if the
original is lost, damaged, or destroyed
• To back up a file means to make a copy of it
• Offsite backups are stored in a location separate from the computer site

• Three-generation backup
• Two categories of backups: policy
– Full backup Grandparent
– Selective backup

Parent

Child
22
 Wireless Security
• In additional to using firewalls, some safeguards improve security of wireless
networks:

A wireless access
Change the default
point should not
SSID
broadcast an SSID

Configure a WAP
so that only Use WPA or WPA2
certain devices can security standards
access it
23
 Health Concerns of Computer Use
• The widespread use of
computers has led to
health concerns
• Repetitive strain injury
(RSI)
• Tendonitis
• Carpal tunnel syndrome
(CTS)
• Computer vision
syndrome (CVS)

24
25
 Health Concerns of Computer Use
Ergonomics is an applied
science devoted to
incorporating comfort,
efficiency, and safety into
the design of items in the
workplace

26
 Health Concerns of Computer Use
• Computer addiction occurs when the computer consumes someone’s entire
social life
• Symptoms of users include:

Craves Overjoy when Unable to stop

computer at the computer
time computer activity

Irritable when Neglects Problems at

not at the family and work or
computer friends school
27
 Discussion
Encryption: Data Privacy :
1. What is encryption ? 1. How important a
2. Advantage and privacy is?
disadvantage of 2. Misused of data ?
encryption?
3. How it works?

28
 Summary
• Computer Security Risk is any event or action that
could cause a loss of or damage to computer hardware,
software, data, information or processing capability
• How does encryption work, and why is it necessary?
• Issues surrounding information privacy

29