1. 14A-1
Basic Security Concepts
• What is a threats?
– Anything that can harm a computer
– Vulnerabilities are weaknesses in security
– Security attempts to neutralize threats
2. 14A-2
Basic Security Concepts
• Degrees of harm
– Level of potential damage
– Include all parts of system
• Potential data loss
• Loss of privacy
• Inability to use hardware
• Inability to use software
3. 14A-3
Basic Security Concepts
• Countermeasures
– Steps taken to block a threat
– Protect the data from theft
– Protect the system from theft
4. 14A-4
Threats To Users
• 1. Loss of privacy
– Personal information is stored electronically
– Purchases are stored in a database
• Data is sold to other companies
– Public records on the Internet
– Internet use is monitored and logged
– None of these techniques are illegal
5. 14A-5
Threats to Users
• 2. Cookies
– A cookie is information that a Web site puts
on your hard disk so that it can remember
something about you at a later time.
– Cookies now track history and passwords
– Browsers include cookie blocking tools
6. 14A-6
Threats to Users
• 3. Spyware
– Software downloaded to a computer
– Designed to record personal information
– Typically undesired software
– Hides from users
– Several programs exist to eliminate
7. 14A-7
Threats to Users
• 4. Web bugs
– Small programs embedded in gif images
– A Web bug, also known as a Web beacon,
is a file object (usually a graphic image
such as a transparent GIF) that is placed
on a Web page or in an e-mail message to
monitor user behavior.
– Gets around cookie blocking tools
– Companies use to track usage
8. 14A-8
Threats to Users
• 5. Spam
– Unsolicited commercial email
– Irrelevant or unsolicited messages sent
over the Internet, typically to large numbers
of users, for the purposes of advertising,
phishing, spreading malware, etc.
– Networks and PCs need a spam blocker
• Stop spam before reaching the inbox
– Spammers acquire addresses using many
methods
9. 14A-9
Threats to Data
• The most serious threat
– Data is the reason for computers
– Data is very difficult to replace
– Protection is difficult
• Data is intangible
10. 14A-10
Threats to Data
• Viruses
– Software that distributes and installs itself
– Ranges from annoying to catastrophic
– Countermeasures
• Anti-virus software
• Popup blockers
• Do not open unknown email
11. 14A-11
Threats to Data
• Trojan horses
– Program that poses as beneficial software
– Not an actual virus but a loophole to cause
virus.
– User willingly installs the software
– Countermeasures
• Anti-virus software
• Spyware blocker
12. 14A-12
Threats to Data
• Cybercrime
– Using a computer in an illegal act
– Fraud and theft are common acts
13. 14A-13
Threats to Data
• Internet fraud
– Most common cybercrime
– Fraudulent website
– Have names similar to legitimate sites
14. 14A-14
Threats to Data
• Hacking
– Using a computer to enter another network
– Cost users $1.3 trillion in 2003
– Hackers motivation
• Recreational hacking
• Financial hackers
• Grudge hacking
– Hacking methods
• Sniffing
• Social engineering
• Spoofing
15. Computer virus
• Computer viruses are small software
programs that are designed to spread from
one computer to another and to interfere with
computer operation.
• A virus might corrupt or delete data on your
computer, use your e-mail program to spread
itself to other computers, or even erase
everything on your hard disk.
• Computer viruses are often spread by
attachments in e-mail messages or instant
messaging messages
14A-15
16. Causes of Computer virus
• Virus infection in computers can be
caused through different means. Below
are the commonest causes of Computer
Virus attack.
Through the internet
Through email attachment
Through removable storage devices
Through Bluetooth transfer
14A-16
17. Most Common Types of Viruses
• 1. Resident Viruses
• This type of virus is a permanent which
resides in the RAM memory. From there
it can overcome and interrupt all of the
operations executed by the system:
corrupting files and programs that are
opened, closed, copied, renamed etc.
14A-17
18. 2. Boot Virus
• This type of virus affects the boot sector of a floppy or
hard disk. This is a crucial part of a disk, in which
information on the disk itself is stored together with a
program that makes it possible to boot (start) the
computer from the disk.
The best way of avoiding boot viruses is to ensure
that floppy disks are write-protected and never start
your computer with an unknown floppy disk in the disk
drive.
14A-18
19. 3. Overwrite Viruses
• Virus of this kind is characterized by the fact that it
deletes the information contained in the files that it
infects, rendering them partially or totally useless
once they have been infected.
The only way to clean a file infected by an overwrite
virus is to delete the file completely, thus losing the
original content.
14A-19
20. 4. Directory Virus
• Directory viruses change the paths that indicate the
location of a file. By executing a program (file with the
extension .EXE or .COM) which has been infected by
a virus, you are unknowingly running the virus
program, while the original file and program have
been previously moved by the virus.
Once infected it becomes impossible to locate the
original files.
14A-20
21. 5. File infectors
•
This type of virus infects programs or executable files
(files with an .EXE or .COM extension). When one of
these programs is run, directly or indirectly, the virus
is activated, producing the damaging effects it is
programmed to carry out. The majority of existing
viruses belongs to this category, and can be classified
depending on the actions that they carry out.
14A-21
22. Antivirus
• Anti-virus software is a program or set of
programs that are designed to prevent,
search for, detect, and remove software
viruses, and other malicious software
infections like worms, Trojans and more.
• McAfee
• ESET NOD32
• Avast
• Avira
14A-22
23. Functions of Antivirus
• Scan specific files or directories for any malware or
known malicious patterns
• Allow you to schedule scans to automatically run for
you
• Allow you to initiate a scan of a specific file or of your
computer, or of a CD or flash drive at any time.
• Remove any malicious code detected –sometimes
you will be notified of an infection and asked if you
want to clean the file, other programs will
automatically do this behind the scenes.
• Show you the ‘health’ of your computer
14A-23
24. PASSWORD
• Password is a secret word that is used to protect a
computer system or program. It may consist of
numbers, alphabets or both. The user has to type the
password to access the computer system.
• Examples:-
Every computer provides an option for setting
password. If the computer is protected with password,
it will ask for that password to login.
Email facility on the internet is also protected with
password. Every user has to give email ID and
password to check emails.
14A-24
25. Purpose of password
• The purpose of password is to protect
data stored on a computer.
• It protects data from being lost,
misused or deleted by any person.
• The system can be accessed by a
person who knows the password.
14A-25
26. Tricks for obtaining password
• There are two essential password rules to
consider when creating a password for the
first time
• – length and complexity.
• Your password length should be at least 8
characters long
• Your password should use a combination of
lower case letters, upper case letters,
numbers, and special characters
14A-26
Teaching tip
It is important to note that no countermeasure is 100% effective all of the time. For proof, discuss an instance of a locked car being stolen. A truly dedicated attacker will eventually break through any security.
Teaching tip
Cookies are named after the ‘magic cookie’.
Teaching tip
More information regarding web bugs can be found at en.wikipedia.org/wiki/Web_bug.
Teaching tip
Spam is rumored to be named in honor of the Monty Python skit, Spam!. In the skit, a customer is forced to select spam in his lunch. Much like we are forced to accept a spam message. Visit www.detritus.org/spam/skit.html for the entire spam skit.
Discussion point
Spam is one topic that nearly everyone in the class can relate to. Have your students think about spam from the other side. Have them consider the point of view of the self proclaimed ‘Spam King’, Scott Richter. For some conversation fodder visit www.pcworld.com/news/article/0,aid,116807,00.asp.
Teaching tip
For information on specific viruses visit securityresponse.Symantec.com/.
Teaching tip
Detailed information regarding the protection from viruses, see the Computing keynote at the end of the chapter.
Teaching tip
Ad Aware is sold by LavaSoft. The homepage is www.lavasoftusa.com/software/adaware/. Spybot is a product of Patrick M. Kolla. The true website is www.safer-networking.org/en/index.html.