Computer Security

computer security risks

Definition of computer security risk:

Any event or action that could cause a loss of or damage to computer hardware, software, data, information or processing capability.

 Malicious code

•Malicious code is code causing damage to a computer or system. It is code not easily or

solely controlled through the use of anti-virus tools.

•Definition : A computer virus is a potentially damaging computer program that affects or

infects, a computer negatively by altering the way the computer works without the user’s

knowledge or permission.

•Examples: Melissa, Tequila, Cascade, Invader  

•A worm is a program that copies itself repeatedly.

•Examples: Jerusalem, Sobig,   Nimda, Morris Worm

•A program that hides within or looks like a legitimate program. It does not replicate itself to other computers

•Examples: Netbus, Back Orifice, Subseven, Beast

Unauthorized access & use

•To help prevent unauthorized access and use, they should have a written acceptable use policy (AUP) that outlines the computer activities for which the computer and network may and may not be used.

•An access control is a security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer.

•Many systems implement access controls using a two-phase process called identification and authentication.

Identification verifies that an individual is a valid user

Hardware theft

•Hardware theft is the act of stealing computer equipment.

•Hardware vandalism is the act of defacing or destroying computer equipment.

•Companies, schools, and other organizations that house many computers, however, are at risk of hardware theft.

•Safeguards against Hardware Theft and Vandalism:

qphysical access controls, such as locked doors and windows

qinstall alarm systems in their buildings

qphysical security devices such as cables that lock the equipment to a desk.

Information theft

•Information theft occurs when someone steals personal or confidential information.

•If stolen, the loss of information can cause as much damage as (if not more than) hardware or software theft.

•An unethical company executive may steal or buy stolen information to learn about a competitor.

•A corrupt individual may steal credit card numbers to make fraudulent purchases.

System failure

•A system failure is the prolonged malfunction of a computer

•Can cause loss of hardware, software, data, or information.

•These include aging hardware; natural disasters such as fires, floods, or hurricanes;

random events such as electrical power  problems; and even errors in computer

programs.

Safeguards against System failure

•

•To protect against electrical power variations, use a surge protector.

•

•A surge protector, also called a surge suppressor, uses special electrical components to smooth out minor noise, provide a stable current flow, and keep an overvoltage from reaching the computer and other electronic equipment.

Security Measures

Definition of security measures:

The precautionary measures taken toward possible danger or damage.

Types of security Measure 

data backup

Cryptography

Importance…

qThe process of proving one's identity.

qEnsuring that no one can read the message except the intended receiver.

qAssuring the receiver that the received message has not been altered in anyway from the original.

  A mechanism to prove that the sender really sent this message

Anti-virus

•Anti-virus software is a program or set of programs that are designed to prevent, search for, detect and remove software viruses and other malicious software like worms, Trojan horses, adware and more.

•If and when a virus is detected, the computer displays a warning asking what action should be done, often giving the options to remove, ignore, or move the file to the vault.

•If a virus infected a computer without an antivirus program, it may delete files, prevent access to files, send spam, spy on you, or perform other malicious actions.

•Examples: Norton anti-virus, AVG anti-virus, Kaspersky anti-virus

                                         Anti-spyware

•Spyware is a type of malware that is installed on a computer without the user's knowledge in order to collect information about them.

•Once installed, spyware can degrades system performance by taking up processing power, installing additional software, or redirecting users' browser activity.

•It also can monitors user activity on the Internet and transmits that information in the background to someone else.

•Examples :

qSpyware Blaster

q

qSpy Sweeper

Firewall

•A firewall is a system designed to prevent unauthorized access to or from a private network.

•A firewall can be implement either through hardware or software form, or a combination of both.

•Firewalls prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.

•All messages entering or leaving the intranet (i.e., the local network to which you are connected) must pass through the firewall, which examines each message and blocks those that do not meet the specified rules/security criteria.

•Rules will decide who can connect to the internet, what kind of connections can be made, which or what kind of files can be transmitted in out.

Physical Access Control

•Lock your laptop whether you're at home, in a dorm, in an office, or sitting in a coffee shop, use a security device, such as a laptop security cable.

•Lock doors and windows, usually adequate to protect the equipment.

•Put the access code at the door to enter the computer room or your office.

•Put the CCTV (closed-circuit television) in your office or computer room.

•Make a policies who can access the computer room or your data center.

                    Human aspects: awarene

•Ethics - Be a good cyber citizen

qDo not engage in inappropriate conduct, such as cyber bullying, cyber stalking or rude and offensive behavior.

qDo not use someone else's password or other identifying information.

•Lock it when you leave

qIt takes only a few seconds to secure your computer and help protect it from unauthorized access. Lock down your computer every time you leave your desk.

q

qSet up a screen-saver that will lock your computer after a pre-set amount of time and require a password to log back in.

•Phishing Emails

qNever respond to requests for personal information via email. Businesses will never ask for personal information in an email.

q

qDo not enter personal information in a pop-up screen.

•Dispose of Information Properly

qDestroy/shred hard copy confidential documents that contain personal information such as social security numbers, credit card numbers, bank account numbers, health records.

qEnsure you are using the right tools when destroying and disposing of personal information or media storage from your computer and mobile devices