Computer Security
and Risks
Introduction to Computer Science
2007-2008

Aims
• Describing several types of computer crime
• Describing the major security issues that
computer users have to face
• Describing how it affects to personal privacy
• Explaining the relationship between security
and computer reliability
4626. Introd to Computer Science

Computer Crime
Crime accomplished through computer tech.
• widely extended: easiness of computer
usage
• most of them committed by company
insiders
• high cost: foresight + repair
Current threats
• spoofing (or phishing): identity theft
4626. Introd to Computer Science

Software Piracy
• Illegal duplication of copyrighted software
• Reasons:
• price of software
• means to create copies
How many pirate programs do
you have?
4626. Introd to Computer Science

Intellectual Property
• Privileges granted over intangible goods with
financial value
• They are defined over
• copyright Authorship rights
• commercial secret
• patents Industrial property
• trademarks
• Software is covered by copyright
4626. Introd to Computer Science

Computer Sabotage
Use of malware to spoil
hardware & software
• Trojan horses
• Viruses
• Worms
4626. Introd to Computer Science

Trojans
• hidden inside programs that perform
useful tasks
• logic bombs: programmed to ‘attack’ in
response to a particular event (e.g. time
bombs)
• solutions
• software from reliable sources
(avoids)
• anti-trojan (detects)
• firewall -output- (blocks)
4626. Introd to Computer Science

Viruses
• as biological ones
• invade programs and use them to reproduce
themselves
• operative system specific
• solution:
• use carefully removable media (avoids)
• antivirus (detects and cleans)
4626. Introd to Computer Science

Worms
• as viruses: use computers to
reproduce themselves
• autonomous spread through
computer networks
• solution:
• email from confident sources
(avoids)
• firewall -input- (blocks)
• security patches
4626. Introd to Computer Science

Hacking
• Discovering and exploiting
computer system failures
• Reasons:
• curiosity
• intellectual challenge
• Cracking = criminal hacking
4626. Introd to Computer Science

Reducing Risks
Information systems have to be protected...
• to work properly
• to guarantee access
to information only
to granted users
• to guarantee
privacy
4626. Introd to Computer Science

Physical Access
Restrictions
Only authorised staff
have access to the equipment
Security checks based on…
• something you have (card)
• something you know (password)
• something you do (signature)
• something about you (scans)
4626. Introd to Computer Science

How
can we protect
sensitive
information?

1. protect hw

UPS
• uninterruptible
power supply
• protects data
during power
failures (minutes)
• give users time
to switch off
the system

Surge
protectors
• shield computers from power
spikes
• protect the computer from
physical damage
4626. Introd to Computer Science

2. protect data

Passwords
The most common tool,
but carefully chosen
• which kind of password do you use?
• how frequently do you change your passwords?
• how many passwords do you use?
Never use a word or your b-day!!
4626. Introd to Computer Science

Firewalls
• guard against
unauthorised access
• blocks accessing ports for
input and output
• by hardware or software

Encryption
• keys to code messages
and documents
• symmetric:
common key
• asymmetric:
public / private keys
4626. Introd to Computer Science

Audit Control SW
• Records computer
transactions
• Auditors can trace and
identify suspicious activities
4626. Introd to Computer Science

2. replicate

Backup Copies
• periodic copies of
important information
• for companies, it is
recommended that copies
be stored in a different
location
4626. Introd to Computer Science

RAID
• Redundant Array of
Independent Disks
• multiple disks as
one logical unit
• mirroring: data
redundancy
4626. Introd to Computer Science