SlideShare a Scribd company logo

computer security

Download as PPT, PDF
Azhar Akhtar
Azhar Akhtar

Presentation on Computer Security

Technology
1 of 51
Computer Security and Safety,Computer Security and Safety, Ethics, and PrivacyEthics, and Privacy
Computer Security RisksComputer Security Risks Today, people rely on computers to create, store, and manage critical information. It is crucial to take measures to protect their computers and data from loss, damage, and misuse. A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
Computer Security RisksComputer Security Risks While some breaches are accidental, many are intentional. Some intruders do no damage, and merely access data. Others may leave messages or alter or damage data. An intentional breach of computer security often involves a deliberate act that is against the law.
Computer Security RisksComputer Security Risks Any illegal act involving a computer is referred to as a computer crime. The term cybercrime refers to online or Internet-based illegal acts. Software used by cybercriminals sometimes is called crimeware. Perpetrators of cybercrime fall into seven basic categories: hacker, cracker, script kiddie, corporate spy, unethical employee, cyberextortionist, and cyberterrorist.
Computer Security RisksComputer Security Risks ◦ The term hacker, although originall a complimentary word for a computer enthusiast, now has a derogatory meaning and refers to someone who accesses a computer or network illegally. ◦ A cracker also is someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious actions. ◦ A script kiddie has the same intent as a cracker but does not have the technical skills and knowledge, using prewritten code to break into computers.
Computer Security RisksComputer Security Risks ◦ Some corporate spies have excellent computer and networking skills and are hired to break into a specific computer or identify risks in their own organization. ◦ Unethical employees may break into their employers’ computers for a variety of reasons (exploit security, financial gains, etc.)
Computer Security RisksComputer Security Risks ◦ A cyberextortionist is someone who uses e-mail as a vehicle for extortion, threatening others for personal gain. ◦ A cyberterrorist is someone who uses the Internet or network to destroy or damage computers for personal reasons.  The term cyberwarfare describes an attack whose goal ranges from disabling a government’s computer network to crippling a country.
Internet and Network AttacksInternet and Network Attacks Information transmitted over networks has a higher degree of security risk than information kept on an organization’s premises. To determine if your computer is vulnerable to an Internet or network attack, you could use an online security service, which is a Web site that evaluates your computer to check for Internet and e-mail vulnerabilities.
Internet and Network AttacksInternet and Network Attacks Companies and individuals requiring assistance or information about Internet security braches can contact or visit the Web site for the Computer Emergency Response Team Coordination Center, or CERT/CC, which is a federally funded Internet security research and development center.
Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan Horses, and RootkitsHorses, and Rootkits A computer virus is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge. A worm is a program that copies itself repeatedly, in memory or on a network, using up resources and shutting down the computer or network.
Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan Horses, and RootkitsHorses, and Rootkits A Trojan horse (named after the Greek myth) is a program that hides within or looks like a legitimate program and causes a condition or action when triggered. A rootkit is a program that hides in a computer and allows someone from a remote location to take full control of the computer. ◦ Execute programs, change settings, etc.
Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan Horses, and RootkitsHorses, and Rootkits Computer viruses, worms, Trojan horses, and rootkits are all classified as malware (malicious software), which are programs that act without a user’s knowledge and deliberately alter the computer’s operations. The payload is the destructive event or prank the program is intended to deliver.
Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan Horses, and RootkitsHorses, and Rootkits Infected computers can suffer from one or more of the following symptoms: ◦ OS running slower ◦ Less available memory ◦ Corrupted files ◦ Unusual messages or images ◦ Unusual sounds playing ◦ Existing programs and files disappear ◦ Programs or files not working properly ◦ Unusual programs or files appear ◦ OS does not start up or unexpectedly shuts down
Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan Horses, and RootkitsHorses, and Rootkits Malware delivers its payload on a computer when a user ◦ Opens an infected file ◦ Runs an infected program ◦ Boots the computer with infected removable media inserted ◦ Connects to an unprotected computer or network ◦ When a certain condition or event occurs, such as the clock changing to a specific date
Safeguards against ComputerSafeguards against Computer Viruses and Other MalwareViruses and Other Malware Methods that guarantee a computer or network is safe from computer viruses and other malware simply do not exist. Do not start a computer with removable media inserted in the drives. ◦ If you must start the computer with removable media, be certain it is from a trusted source, which is an organization or person you believe will not send a virus. Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source.
Safeguards against ComputerSafeguards against Computer Viruses and Other MalwareViruses and Other Malware Some viruses are hidden in macros, which are instructions saved in software such as a word processing or spreadsheet program. Users should install an antivirus program and update it frequently. An antivirus program protects a computer against viruses by identifying and removing any computer virus found in memory, storage, or incoming files.
Safeguards against ComputerSafeguards against Computer Viruses and Other MalwareViruses and Other Malware An antivirus program scans for programs that attempt to modify the boot program, the operating system, and other programs that normally are read from but not modified. One technique used to identify a virus is to look for virus signatures, also called virus definitions, which are a known specific pattern of virus code.
Safeguards against ComputerSafeguards against Computer Viruses and Other MalwareViruses and Other Malware Another technique that antivirus programs use to detect viruses is to inoculate existing program files. To inoculate a program file, the antivirus program records information such as the file size and creation date in a separate inoculation file, thus enabling it to tell if a file has been tampered with.
Safeguards against ComputerSafeguards against Computer Viruses and Other MalwareViruses and Other Malware If an antivirus program identifies an infected file, it attempts to remove the malware. If it cannot remove the infected file, it will attempt to quarantine it. A quarantine is a separate area of a hard disk that holds infected files until the infection can be removed, ensuring other files will not become infected.
Safeguards against ComputerSafeguards against Computer Viruses and Other MalwareViruses and Other Malware In extreme cases, you may need to reformat the hard disk to remove malware from an infected computer. Stay informed about new virus alerts and virus hoaxes. A virus hoax is an e-mail message that warns users of a nonexistent virus or other malware. ◦ They come in the form of chain mail and inform users to delete an important system file claiming it is malware.
BotnetsBotnets A botnet is a group of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks. A compromised computer, known as a zombie, is one whose owner is unaware the computer is being controlled remotely by an outsider. A bot is a program that performs a repetitive task on a network. Cybercriminals install malicious bots on unprotected computers to create a botnet, also called a zombie army.
Denial of Service AttacksDenial of Service Attacks A denial of service attack, or DoS attack, is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. This is done by flooding a victim computer with confusing data messages, thus making it unresponsive. A DDoS (distributed DoS) attack, is more devastating, in which a zombie army is used to attack computers or computer networks.
Back DoorsBack Doors A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network. Some malware will install a back door once it infects the victim computer.
SpoofingSpoofing Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network. E-mail spoofing occurs when the sender’s address or other components of the e-mail header are altered so that it appears the e- mail originated from a different sender. IP spoofing occurs when an intruder computer fools a network into believing its IP address is associated with a trusted source.
Safeguards against Botnets, DoS/DDoSSafeguards against Botnets, DoS/DDoS Attacks, Back Doors, and SpoofingAttacks, Back Doors, and Spoofing Some of the latest antivirus programs include provisions to protect a computer form DoS and DDoS attacks. Users can also implement firewall solutions, install intrusion detection software, and set up honeypots.
FirewallsFirewalls A firewall is a hardware and/or software that protects a network’s resources from intrusion by users on another network such as the Internet. A proxy server is a server outside the organization’s network that controls which communications pass into the organization’s network. A personal firewall is a utility program that detects and protects a personal computer and its data from unauthorized intrusions.
Intrusion Detection SoftwareIntrusion Detection Software Intrusion detection software automatically analyzes all network traffic, assesses system vulnerabilities, identifies any unauthorized intrustions, and notifies network admins.
HoneypotsHoneypots A honeypot is a vulnerable computer that is set up to entice an intruder to break into it. They appear real to the intruder but are separated from the organization’s network. They are used to learn how intruders are exploiting their network.
Unauthorized Access and UseUnauthorized Access and Use Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities. At a minimum, organizations should have a written acceptable use policy (AUP) that outlines the computer activities for which the computer and network may and may not be used.
Identifying and Authenticating UsersIdentifying and Authenticating Users An access control is a security measure that defines who can access a computer, when, and what actions they can take. The computer should maintain an audit trail that records in a file both successful and unsuccessful access attempts. Identification verifies that an individual is a valid user. Authentication verifies that the individual is the person he or she claims to be.
User Names and PasswordsUser Names and Passwords A user name, or user ID, is a unique combination of characters (letters, numbers) that identifies a specific user. A password is a private combination of characters associated with the user name that allows access to certain computer resources. A CAPTCHA, which stands for Completely Automated Public Turing test to tell Computers and Humans Apart, is a program developed at CMU to verify that user input is not computer generated. A passphrase is a private combination of words, often containing mixed capitalization and punctuation, associated with a user name, to be used in place of a password.
Possessed ObjectsPossessed Objects A possessed object is any item that you must carry to gain access to a computer or computer facility (badges, cards, keys). A personal identification number (PIN) is a numeric password, either assigned by a company or selected by a user.
Biometric DevicesBiometric Devices A biometric device authenticates a person’s identity by translating a personal characteristic, such as a fingerprint, into digital code that is compared with a digital code stored in the computer verifying a physical or behavioral characteristic. ◦ Ex. Biometric payment is used, where a customer’s fingerprint is read and their account is charged. Biometric devices have disadvantages. ◦ Ex. Cut finger for fingerprint readers.
Digital ForensicsDigital Forensics Digital forensics, also called computer forensics, network forensics, or cyberforensics, is the discovery, collection, and analysis of evidence found on computers and networks.
Hardware Theft and VandalismHardware Theft and Vandalism Hardware theft is the act of stealing computer equipment. Hardware vandalism is the act of defacing or destroying computer equipment.
Safeguards against Hardware TheftSafeguards against Hardware Theft and Vandalismand Vandalism Some labs attach physical security devices such as cables that lock the equipment to a desk. Some businesses use real time location system (RTLS) to track and identify the location of high-risk or high-value items. Mobile devices require extra security, such as logon passwords, encrypted data, and even software to photograph the theif.
Software TheftSoftware Theft Software theft occurs when someone steals software media, intentionally erases programs, illegally copies a program, or illegally registers and/or activates a program. Software piracy is the unauthorized and illegal duplication of copyrighted software. Illegally obtaining registration numbers can be done with keygens, short for key generators.
Safeguards against Software TheftSafeguards against Software Theft All owned software media should be stored securely. A license agreement is the right to use the software: you do not own it, you have the right to use it. A single-user license agreement, also called a end-user license agreement (EULA) is the most common license. ◦ Install on one computer, make one backup copy, sell it if it is removed from the computer it is on.
Safeguards against Software TheftSafeguards against Software Theft During product activation, which is conducted either online or by telephone, users provide the software product’s identification number to receive an installation identification number unique to the computer on which the software is installed.
Information TheftInformation Theft Information theft occurs when someone steals personal or confidential information. It has potential of causing more damage than hardware or software theft. Information transmitted over networks offers a higher degree of risk.
Safeguards against Information TheftSafeguards against Information Theft Most organizations attempt to prevent information theft by implementing the user identification and authentication controls discussed earlier.
EncryptionEncryption Encryption is a process of converting readable data into unreadable characters to prevent unauthorized access. It is treated like any other data (it can be stored, sent, etc.) To read the data, the recipient must decrypt, or decipher, it into a readable form.
EncryptionEncryption The unencrypted, readable data is called plaintext. The encrypted (scrambled) data is called ciphertext. An encryption algorithm, or cypher, is a set of steps that can convert readable plaintext into unreadable ciphertext.
EncryptionEncryption An encryption key is a set of characters that the originator of the data uses to encrypt the plaintext and the recipient of the data uses to decrypt the ciphertext. With private key encryption, also called symmetric key encryption, both the originator and the recipient use the same secret key to encrypt and decrypt the data. Public key encryption, also called asymmetric key encryption, uses two encryption keys, a public and a private. ◦ A message generated with a public key can be decrypted only with the private key.
EncryptionEncryption Some operating systems and e-mail programs allow you to encrypt the contents of files. Programs such as pretty Good Privacy (PGP) can be used as well. A digital signature is an encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the message sender. It consists of the user’s name and a hash of all or part of the message, which is a mathematical formula that generates a code from the contents of the message.
EncryptionEncryption Many Web browsers offer 40-bit, 128-bit, and even 1024-bit encryption, which are even higher levels of protection since they have longer keys. A Web site that uses encryption techniques is known as a secure site, which use digital certificates along with a security protocol.
Digital CertificatesDigital Certificates A digital certificate is a notice that guarantees a user or a Web site is legitimate. A certificate authority (CA) is an authorized person or company that issues and verifies digital certificates.
Transport Layer SecurityTransport Layer Security Transport Layer Security (TLS) a successor to Secure Sockets Layer (SSL), provides encryption of all data that passes between a client and an Internet server. Both ends require a certificate and prevents perpetrators from accessing or tampering with communications TLS protected websites typically begin with https, instead of http.
Transport Layer SecurityTransport Layer Security
Secure HTTPSecure HTTP Secure HTTP (S-HTTP) allows users to choose an encryption scheme for data that passes between a client and server. It is more difficult than TLS to use, but it is also more secure.
VPNVPN When a mobile user connects to a main office using a standard Internet connection, a virtual private network (VPN) provides the mobile user with a secure connection to the company network server, as if the user has a private line. They help ensure that data is safe from being intercepted by unauthorized people by encrypting.

Recommended

Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacyArdit Meti
 
Computer security risks
Computer security risksComputer security risks
Computer security risksAasim Mushtaq
 
Threats and Security Tips of Computer System
Threats and Security Tips of Computer SystemThreats and Security Tips of Computer System
Threats and Security Tips of Computer SystemFaruk_Hossen
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security riskshazirma
 
Desktop Pc Computer Security
Desktop Pc Computer SecurityDesktop Pc Computer Security
Desktop Pc Computer SecurityNicholas Davis
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Computer security and
Computer security andComputer security and
Computer security andRana Usman Sattar
 
Computer Security
Computer SecurityComputer Security
Computer SecurityWilliam Mann
 

Recommended

Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacyArdit Meti
 
Computer security risks
Computer security risksComputer security risks
Computer security risksAasim Mushtaq
 
Threats and Security Tips of Computer System
Threats and Security Tips of Computer SystemThreats and Security Tips of Computer System
Threats and Security Tips of Computer SystemFaruk_Hossen
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security riskshazirma
 
Desktop Pc Computer Security
Desktop Pc Computer SecurityDesktop Pc Computer Security
Desktop Pc Computer SecurityNicholas Davis
 
Computer security threats & prevention
Computer security threats & preventionComputer security threats & prevention
Computer security threats & preventionPriSim
 
Computer security and
Computer security andComputer security and
Computer security andRana Usman Sattar
 
Computer Security
Computer SecurityComputer Security
Computer SecurityWilliam Mann
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
3.2.1 computer security risks
3.2.1 computer security risks3.2.1 computer security risks
3.2.1 computer security riskshazirma
 
SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESShyam Kumar Singh
 
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and PrivacyCH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacymalik1972
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
Threats to a computer
Threats to a computer Threats to a computer
Threats to a computer FCA - Future Chartered Accountants
 
Chapter 11
Chapter 11Chapter 11
Chapter 11Mohd Khairil Borhanudin
 
Computer security
Computer securityComputer security
Computer securityDhani Ahmad
 
Computer Security
Computer SecurityComputer Security
Computer Securityvishal purkuti
 
It ppt new
It ppt newIt ppt new
It ppt newchrispaul8676
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Computer security basics
Computer security basicsComputer security basics
Computer security basicsSrinu Potnuru
 
BAIT1003 Chapter 11
BAIT1003 Chapter 11BAIT1003 Chapter 11
BAIT1003 Chapter 11limsh
 
Computer security
Computer securityComputer security
Computer securityEktaVaswani2
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
security By ZAK
security By ZAKsecurity By ZAK
security By ZAKTabsheer Hasan
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Presentation1
Presentation1Presentation1
Presentation1Rachel Lasotas
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacksijdmtaiir
 
Computer crimes
Computer crimesComputer crimes
Computer crimesMuniba Bukhari
 
Computer virus
Computer virusComputer virus
Computer virusAnkita Shirke
 

More Related Content

What's hot

Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
3.2.1 computer security risks
3.2.1 computer security risks3.2.1 computer security risks
3.2.1 computer security riskshazirma
 
SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESShyam Kumar Singh
 
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and PrivacyCH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacymalik1972
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsConnecting Up
 
Computer security
Computer securityComputer security
Computer securityDhani Ahmad
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Computer security basics
Computer security basicsComputer security basics
Computer security basicsSrinu Potnuru
 
BAIT1003 Chapter 11
BAIT1003 Chapter 11BAIT1003 Chapter 11
BAIT1003 Chapter 11limsh
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer SecurityDamian T. Gordon
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer securityArzath Areeff
 
Computer security overview
Computer security overviewComputer security overview
Computer security overviewCAS
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacksijdmtaiir
 

What's hot (20)

Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
3.2.1 computer security risks
3.2.1 computer security risks3.2.1 computer security risks
3.2.1 computer security risks
 
SECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURESSECURITY THREATS AND SAFETY MEASURES
SECURITY THREATS AND SAFETY MEASURES
 
CH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and PrivacyCH. 5 Computer Security and Safety, Ethics and Privacy
CH. 5 Computer Security and Safety, Ethics and Privacy
 
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security ThreatsSophos Threatsaurus: The A-Z of Computer and Data Security Threats
Sophos Threatsaurus: The A-Z of Computer and Data Security Threats
 
Threats to a computer
Threats to a computer Threats to a computer
Threats to a computer
 
Chapter 11
Chapter 11Chapter 11
Chapter 11
 
Computer security
Computer securityComputer security
Computer security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
It ppt new
It ppt newIt ppt new
It ppt new
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 
Computer security basics
Computer security basicsComputer security basics
Computer security basics
 
BAIT1003 Chapter 11
BAIT1003 Chapter 11BAIT1003 Chapter 11
BAIT1003 Chapter 11
 
Computer security
Computer securityComputer security
Computer security
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
 
security By ZAK
security By ZAKsecurity By ZAK
security By ZAK
 
Basic concepts in computer security
Basic concepts in computer securityBasic concepts in computer security
Basic concepts in computer security
 
Presentation1
Presentation1Presentation1
Presentation1
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
Detection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service AttacksDetection of Distributed Denial of Service Attacks
Detection of Distributed Denial of Service Attacks
 

Similar to computer security

Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilitiesricharddxd
 
computer virus ppt.pptx
computer virus ppt.pptxcomputer virus ppt.pptx
computer virus ppt.pptxAbiniyavk
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyHaider Ali Malik
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsDrPraveenKumar37
 
Computer Virus ppt.pptx
Computer Virus ppt.pptxComputer Virus ppt.pptx
Computer Virus ppt.pptxPragatiKachhi1
 
Internet security
Internet securityInternet security
Internet securityat1211
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptxbabepa2317
 
Societal Impacts Of IT (Class X)
Societal Impacts Of IT (Class X)Societal Impacts Of IT (Class X)
Societal Impacts Of IT (Class X)Vatsal Unadkat
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5CAS
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfsrtwgwfwwgw
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)EC-Council
 
Network management and security
Network management and securityNetwork management and security
Network management and securityAnkit Bhandari
 

Similar to computer security (20)

Computer crimes
Computer crimesComputer crimes
Computer crimes
 
Computer virus
Computer virusComputer virus
Computer virus
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
viruses.pptx
viruses.pptxviruses.pptx
viruses.pptx
 
4 threatsandvulnerabilities
4 threatsandvulnerabilities4 threatsandvulnerabilities
4 threatsandvulnerabilities
 
computer virus ppt.pptx
computer virus ppt.pptxcomputer virus ppt.pptx
computer virus ppt.pptx
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
Cyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering studentsCyber-Security-CIT good for 1st year engineering students
Cyber-Security-CIT good for 1st year engineering students
 
Computer Virus ppt.pptx
Computer Virus ppt.pptxComputer Virus ppt.pptx
Computer Virus ppt.pptx
 
Internet security
Internet securityInternet security
Internet security
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptx
 
Societal Impacts Of IT (Class X)
Societal Impacts Of IT (Class X)Societal Impacts Of IT (Class X)
Societal Impacts Of IT (Class X)
 
Data security
Data securityData security
Data security
 
RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5RRB JE Stage 2 Computer and Applications Questions Part 5
RRB JE Stage 2 Computer and Applications Questions Part 5
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
 
Types of Malware (CEH v11)
Types of Malware (CEH v11)Types of Malware (CEH v11)
Types of Malware (CEH v11)
 
Network security and viruses
Network security and virusesNetwork security and viruses
Network security and viruses
 
Network management and security
Network management and securityNetwork management and security
Network management and security
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
 

Recently uploaded

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

computer security

  • 1. Computer Security and Safety,Computer Security and Safety, Ethics, and PrivacyEthics, and Privacy
  • 2. Computer Security RisksComputer Security Risks Today, people rely on computers to create, store, and manage critical information. It is crucial to take measures to protect their computers and data from loss, damage, and misuse. A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
  • 3. Computer Security RisksComputer Security Risks While some breaches are accidental, many are intentional. Some intruders do no damage, and merely access data. Others may leave messages or alter or damage data. An intentional breach of computer security often involves a deliberate act that is against the law.
  • 4. Computer Security RisksComputer Security Risks Any illegal act involving a computer is referred to as a computer crime. The term cybercrime refers to online or Internet-based illegal acts. Software used by cybercriminals sometimes is called crimeware. Perpetrators of cybercrime fall into seven basic categories: hacker, cracker, script kiddie, corporate spy, unethical employee, cyberextortionist, and cyberterrorist.
  • 5. Computer Security RisksComputer Security Risks ◦ The term hacker, although originall a complimentary word for a computer enthusiast, now has a derogatory meaning and refers to someone who accesses a computer or network illegally. ◦ A cracker also is someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious actions. ◦ A script kiddie has the same intent as a cracker but does not have the technical skills and knowledge, using prewritten code to break into computers.
  • 6. Computer Security RisksComputer Security Risks ◦ Some corporate spies have excellent computer and networking skills and are hired to break into a specific computer or identify risks in their own organization. ◦ Unethical employees may break into their employers’ computers for a variety of reasons (exploit security, financial gains, etc.)
  • 7. Computer Security RisksComputer Security Risks ◦ A cyberextortionist is someone who uses e-mail as a vehicle for extortion, threatening others for personal gain. ◦ A cyberterrorist is someone who uses the Internet or network to destroy or damage computers for personal reasons.  The term cyberwarfare describes an attack whose goal ranges from disabling a government’s computer network to crippling a country.
  • 8. Internet and Network AttacksInternet and Network Attacks Information transmitted over networks has a higher degree of security risk than information kept on an organization’s premises. To determine if your computer is vulnerable to an Internet or network attack, you could use an online security service, which is a Web site that evaluates your computer to check for Internet and e-mail vulnerabilities.
  • 9. Internet and Network AttacksInternet and Network Attacks Companies and individuals requiring assistance or information about Internet security braches can contact or visit the Web site for the Computer Emergency Response Team Coordination Center, or CERT/CC, which is a federally funded Internet security research and development center.
  • 10. Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan Horses, and RootkitsHorses, and Rootkits A computer virus is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge. A worm is a program that copies itself repeatedly, in memory or on a network, using up resources and shutting down the computer or network.
  • 11. Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan Horses, and RootkitsHorses, and Rootkits A Trojan horse (named after the Greek myth) is a program that hides within or looks like a legitimate program and causes a condition or action when triggered. A rootkit is a program that hides in a computer and allows someone from a remote location to take full control of the computer. ◦ Execute programs, change settings, etc.
  • 12. Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan Horses, and RootkitsHorses, and Rootkits Computer viruses, worms, Trojan horses, and rootkits are all classified as malware (malicious software), which are programs that act without a user’s knowledge and deliberately alter the computer’s operations. The payload is the destructive event or prank the program is intended to deliver.
  • 13. Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan Horses, and RootkitsHorses, and Rootkits Infected computers can suffer from one or more of the following symptoms: ◦ OS running slower ◦ Less available memory ◦ Corrupted files ◦ Unusual messages or images ◦ Unusual sounds playing ◦ Existing programs and files disappear ◦ Programs or files not working properly ◦ Unusual programs or files appear ◦ OS does not start up or unexpectedly shuts down
  • 14. Computer Viruses, Worms, TrojanComputer Viruses, Worms, Trojan Horses, and RootkitsHorses, and Rootkits Malware delivers its payload on a computer when a user ◦ Opens an infected file ◦ Runs an infected program ◦ Boots the computer with infected removable media inserted ◦ Connects to an unprotected computer or network ◦ When a certain condition or event occurs, such as the clock changing to a specific date
  • 15. Safeguards against ComputerSafeguards against Computer Viruses and Other MalwareViruses and Other Malware Methods that guarantee a computer or network is safe from computer viruses and other malware simply do not exist. Do not start a computer with removable media inserted in the drives. ◦ If you must start the computer with removable media, be certain it is from a trusted source, which is an organization or person you believe will not send a virus. Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source.
  • 16. Safeguards against ComputerSafeguards against Computer Viruses and Other MalwareViruses and Other Malware Some viruses are hidden in macros, which are instructions saved in software such as a word processing or spreadsheet program. Users should install an antivirus program and update it frequently. An antivirus program protects a computer against viruses by identifying and removing any computer virus found in memory, storage, or incoming files.
  • 17. Safeguards against ComputerSafeguards against Computer Viruses and Other MalwareViruses and Other Malware An antivirus program scans for programs that attempt to modify the boot program, the operating system, and other programs that normally are read from but not modified. One technique used to identify a virus is to look for virus signatures, also called virus definitions, which are a known specific pattern of virus code.
  • 18. Safeguards against ComputerSafeguards against Computer Viruses and Other MalwareViruses and Other Malware Another technique that antivirus programs use to detect viruses is to inoculate existing program files. To inoculate a program file, the antivirus program records information such as the file size and creation date in a separate inoculation file, thus enabling it to tell if a file has been tampered with.
  • 19. Safeguards against ComputerSafeguards against Computer Viruses and Other MalwareViruses and Other Malware If an antivirus program identifies an infected file, it attempts to remove the malware. If it cannot remove the infected file, it will attempt to quarantine it. A quarantine is a separate area of a hard disk that holds infected files until the infection can be removed, ensuring other files will not become infected.
  • 20. Safeguards against ComputerSafeguards against Computer Viruses and Other MalwareViruses and Other Malware In extreme cases, you may need to reformat the hard disk to remove malware from an infected computer. Stay informed about new virus alerts and virus hoaxes. A virus hoax is an e-mail message that warns users of a nonexistent virus or other malware. ◦ They come in the form of chain mail and inform users to delete an important system file claiming it is malware.
  • 21. BotnetsBotnets A botnet is a group of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks. A compromised computer, known as a zombie, is one whose owner is unaware the computer is being controlled remotely by an outsider. A bot is a program that performs a repetitive task on a network. Cybercriminals install malicious bots on unprotected computers to create a botnet, also called a zombie army.
  • 22. Denial of Service AttacksDenial of Service Attacks A denial of service attack, or DoS attack, is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. This is done by flooding a victim computer with confusing data messages, thus making it unresponsive. A DDoS (distributed DoS) attack, is more devastating, in which a zombie army is used to attack computers or computer networks.
  • 23. Back DoorsBack Doors A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network. Some malware will install a back door once it infects the victim computer.
  • 24. SpoofingSpoofing Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network. E-mail spoofing occurs when the sender’s address or other components of the e-mail header are altered so that it appears the e- mail originated from a different sender. IP spoofing occurs when an intruder computer fools a network into believing its IP address is associated with a trusted source.
  • 25. Safeguards against Botnets, DoS/DDoSSafeguards against Botnets, DoS/DDoS Attacks, Back Doors, and SpoofingAttacks, Back Doors, and Spoofing Some of the latest antivirus programs include provisions to protect a computer form DoS and DDoS attacks. Users can also implement firewall solutions, install intrusion detection software, and set up honeypots.
  • 26. FirewallsFirewalls A firewall is a hardware and/or software that protects a network’s resources from intrusion by users on another network such as the Internet. A proxy server is a server outside the organization’s network that controls which communications pass into the organization’s network. A personal firewall is a utility program that detects and protects a personal computer and its data from unauthorized intrusions.
  • 27. Intrusion Detection SoftwareIntrusion Detection Software Intrusion detection software automatically analyzes all network traffic, assesses system vulnerabilities, identifies any unauthorized intrustions, and notifies network admins.
  • 28. HoneypotsHoneypots A honeypot is a vulnerable computer that is set up to entice an intruder to break into it. They appear real to the intruder but are separated from the organization’s network. They are used to learn how intruders are exploiting their network.
  • 29. Unauthorized Access and UseUnauthorized Access and Use Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities. At a minimum, organizations should have a written acceptable use policy (AUP) that outlines the computer activities for which the computer and network may and may not be used.
  • 30. Identifying and Authenticating UsersIdentifying and Authenticating Users An access control is a security measure that defines who can access a computer, when, and what actions they can take. The computer should maintain an audit trail that records in a file both successful and unsuccessful access attempts. Identification verifies that an individual is a valid user. Authentication verifies that the individual is the person he or she claims to be.
  • 31. User Names and PasswordsUser Names and Passwords A user name, or user ID, is a unique combination of characters (letters, numbers) that identifies a specific user. A password is a private combination of characters associated with the user name that allows access to certain computer resources. A CAPTCHA, which stands for Completely Automated Public Turing test to tell Computers and Humans Apart, is a program developed at CMU to verify that user input is not computer generated. A passphrase is a private combination of words, often containing mixed capitalization and punctuation, associated with a user name, to be used in place of a password.
  • 32. Possessed ObjectsPossessed Objects A possessed object is any item that you must carry to gain access to a computer or computer facility (badges, cards, keys). A personal identification number (PIN) is a numeric password, either assigned by a company or selected by a user.
  • 33. Biometric DevicesBiometric Devices A biometric device authenticates a person’s identity by translating a personal characteristic, such as a fingerprint, into digital code that is compared with a digital code stored in the computer verifying a physical or behavioral characteristic. ◦ Ex. Biometric payment is used, where a customer’s fingerprint is read and their account is charged. Biometric devices have disadvantages. ◦ Ex. Cut finger for fingerprint readers.
  • 34. Digital ForensicsDigital Forensics Digital forensics, also called computer forensics, network forensics, or cyberforensics, is the discovery, collection, and analysis of evidence found on computers and networks.
  • 35. Hardware Theft and VandalismHardware Theft and Vandalism Hardware theft is the act of stealing computer equipment. Hardware vandalism is the act of defacing or destroying computer equipment.
  • 36. Safeguards against Hardware TheftSafeguards against Hardware Theft and Vandalismand Vandalism Some labs attach physical security devices such as cables that lock the equipment to a desk. Some businesses use real time location system (RTLS) to track and identify the location of high-risk or high-value items. Mobile devices require extra security, such as logon passwords, encrypted data, and even software to photograph the theif.
  • 37. Software TheftSoftware Theft Software theft occurs when someone steals software media, intentionally erases programs, illegally copies a program, or illegally registers and/or activates a program. Software piracy is the unauthorized and illegal duplication of copyrighted software. Illegally obtaining registration numbers can be done with keygens, short for key generators.
  • 38. Safeguards against Software TheftSafeguards against Software Theft All owned software media should be stored securely. A license agreement is the right to use the software: you do not own it, you have the right to use it. A single-user license agreement, also called a end-user license agreement (EULA) is the most common license. ◦ Install on one computer, make one backup copy, sell it if it is removed from the computer it is on.
  • 39. Safeguards against Software TheftSafeguards against Software Theft During product activation, which is conducted either online or by telephone, users provide the software product’s identification number to receive an installation identification number unique to the computer on which the software is installed.
  • 40. Information TheftInformation Theft Information theft occurs when someone steals personal or confidential information. It has potential of causing more damage than hardware or software theft. Information transmitted over networks offers a higher degree of risk.
  • 41. Safeguards against Information TheftSafeguards against Information Theft Most organizations attempt to prevent information theft by implementing the user identification and authentication controls discussed earlier.
  • 42. EncryptionEncryption Encryption is a process of converting readable data into unreadable characters to prevent unauthorized access. It is treated like any other data (it can be stored, sent, etc.) To read the data, the recipient must decrypt, or decipher, it into a readable form.
  • 43. EncryptionEncryption The unencrypted, readable data is called plaintext. The encrypted (scrambled) data is called ciphertext. An encryption algorithm, or cypher, is a set of steps that can convert readable plaintext into unreadable ciphertext.
  • 44. EncryptionEncryption An encryption key is a set of characters that the originator of the data uses to encrypt the plaintext and the recipient of the data uses to decrypt the ciphertext. With private key encryption, also called symmetric key encryption, both the originator and the recipient use the same secret key to encrypt and decrypt the data. Public key encryption, also called asymmetric key encryption, uses two encryption keys, a public and a private. ◦ A message generated with a public key can be decrypted only with the private key.
  • 45. EncryptionEncryption Some operating systems and e-mail programs allow you to encrypt the contents of files. Programs such as pretty Good Privacy (PGP) can be used as well. A digital signature is an encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the message sender. It consists of the user’s name and a hash of all or part of the message, which is a mathematical formula that generates a code from the contents of the message.
  • 46. EncryptionEncryption Many Web browsers offer 40-bit, 128-bit, and even 1024-bit encryption, which are even higher levels of protection since they have longer keys. A Web site that uses encryption techniques is known as a secure site, which use digital certificates along with a security protocol.
  • 47. Digital CertificatesDigital Certificates A digital certificate is a notice that guarantees a user or a Web site is legitimate. A certificate authority (CA) is an authorized person or company that issues and verifies digital certificates.
  • 48. Transport Layer SecurityTransport Layer Security Transport Layer Security (TLS) a successor to Secure Sockets Layer (SSL), provides encryption of all data that passes between a client and an Internet server. Both ends require a certificate and prevents perpetrators from accessing or tampering with communications TLS protected websites typically begin with https, instead of http.
  • 50. Secure HTTPSecure HTTP Secure HTTP (S-HTTP) allows users to choose an encryption scheme for data that passes between a client and server. It is more difficult than TLS to use, but it is also more secure.
  • 51. VPNVPN When a mobile user connects to a main office using a standard Internet connection, a virtual private network (VPN) provides the mobile user with a secure connection to the company network server, as if the user has a private line. They help ensure that data is safe from being intercepted by unauthorized people by encrypting.