Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Computer Security and Risks
1. Computer Security
and Risks
Introduction to Computer Science
2007-2008
2. Aims
• Describing several types of computer crime
• Describing the major security issues that
computer users have to face
• Describing how it affects to personal privacy
• Explaining the relationship between security
and computer reliability
4626. Introd to Computer Science
3. Computer Crime
Crime accomplished through computer tech.
• widely extended: easiness of computer
usage
• most of them committed by company
insiders
• high cost: foresight + repair
Current threats
• spoofing (or phishing): identity theft
4626. Introd to Computer Science
4. Software Piracy
• Illegal duplication of copyrighted software
• Reasons:
• price of software
• means to create copies
How many pirate programs do
you have?
4626. Introd to Computer Science
5. Intellectual Property
• Privileges granted over intangible goods with
financial value
• They are defined over
• copyright Authorship rights
• commercial secret
• patents Industrial property
• trademarks
• Software is covered by copyright
4626. Introd to Computer Science
6. Computer Sabotage
Use of malware to spoil
hardware & software
• Trojan horses
• Viruses
• Worms
4626. Introd to Computer Science
7. Trojans
• hidden inside programs that perform
useful tasks
• logic bombs: programmed to ‘attack’ in
response to a particular event (e.g. time
bombs)
• solutions
• software from reliable sources
(avoids)
• anti-trojan (detects)
• firewall -output- (blocks)
4626. Introd to Computer Science
8. Viruses
• as biological ones
• invade programs and use them to reproduce
themselves
• operative system specific
• solution:
• use carefully removable media (avoids)
• antivirus (detects and cleans)
4626. Introd to Computer Science
9. Worms
• as viruses: use computers to
reproduce themselves
• autonomous spread through
computer networks
• solution:
• email from confident sources
(avoids)
• firewall -input- (blocks)
• security patches
4626. Introd to Computer Science
10. Hacking
• Discovering and exploiting
computer system failures
• Reasons:
• curiosity
• intellectual challenge
• Cracking = criminal hacking
4626. Introd to Computer Science
11. Reducing Risks
Information systems have to be protected...
• to work properly
• to guarantee access
to information only
to granted users
• to guarantee
privacy
4626. Introd to Computer Science
12. Physical Access
Restrictions
Only authorised staff
have access to the equipment
Security checks based on…
• something you have (card)
• something you know (password)
• something you do (signature)
• something about you (scans)
4626. Introd to Computer Science
18. Passwords
The most common tool,
but carefully chosen
• which kind of password do you use?
• how frequently do you change your passwords?
• how many passwords do you use?
Never use a word or your b-day!!
4626. Introd to Computer Science
19. Firewalls
• guard against
unauthorised access
• blocks accessing ports for
input and output
• by hardware or software
20. Encryption
• keys to code messages
and documents
• symmetric:
common key
• asymmetric:
public / private keys
4626. Introd to Computer Science
21. Audit Control SW
• Records computer
transactions
• Auditors can trace and
identify suspicious activities
4626. Introd to Computer Science
23. Backup Copies
• periodic copies of
important information
• for companies, it is
recommended that copies
be stored in a different
location
4626. Introd to Computer Science
24. RAID
• Redundant Array of
Independent Disks
• multiple disks as
one logical unit
• mirroring: data
redundancy
4626. Introd to Computer Science