Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Computer security and_privacy_2010-2011

Nächste SlideShare
Computer security
Computer security
Wird geladen in …3

Hier ansehen

1 von 34 Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)


Ähnlich wie Computer security and_privacy_2010-2011 (20)

Aktuellste (20)


Computer security and_privacy_2010-2011

  1. 1. Computer Security and Privacy
  2. 2. Terms <ul><li>Computer security risk </li></ul><ul><li>Computer crime </li></ul><ul><li>Cybercrime </li></ul><ul><li>Hacker </li></ul><ul><li>Cracker </li></ul><ul><li>Script kiddie </li></ul><ul><li>Corporate spy </li></ul><ul><li>Unethical employee </li></ul><ul><li>Cyberextortionist </li></ul><ul><li>Cyberterrorist </li></ul><ul><li>Back doors </li></ul><ul><li>spoofing </li></ul><ul><li>Virus </li></ul><ul><li>Worm </li></ul><ul><li>Trojan horse </li></ul><ul><li>Malware </li></ul><ul><li>Payload </li></ul><ul><li>Virus signature/virus definition </li></ul><ul><li>Quarantine </li></ul><ul><li>Virus hoax </li></ul><ul><li>Botnets </li></ul><ul><li>Denial of service attacks </li></ul>
  3. 3. Computer Security Risks <ul><li>Computer security risk – any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing. </li></ul><ul><li>Computer crime – any illegal act involving a computer. </li></ul><ul><li>Cybercrime – online or Internet-based illegal acts </li></ul>
  4. 4. Cyber Crime Categories <ul><li>Hacker – someone who accesses a computer or network illegally. </li></ul><ul><ul><li>Claims intent is to improve security </li></ul></ul><ul><li>Cracker – someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious action. </li></ul>
  5. 5. <ul><li>Script kiddie –Often are teenagers that use prewritten hacking and cracking programs to break into computers </li></ul><ul><ul><ul><li>has the same intent as a cracker </li></ul></ul></ul><ul><ul><ul><li>does not have the technical skills and background. </li></ul></ul></ul><ul><li>Corporate spies – are hired to break into a specific computer and steal its proprietary data and information </li></ul><ul><ul><ul><li>Have excellent computer and network skills </li></ul></ul></ul>Cyber Crime Categories
  6. 6. <ul><li>Unethical employees – break into their employers ‘ computers for a variety of reasons </li></ul><ul><ul><li>1) To exploit a security weakness; 2) seek financial gains from selling confidential information; 3) disgruntled employees seek revenge </li></ul></ul><ul><li>Cyberextortionist – someone who uses e-mail as a vehicle for extortion. </li></ul><ul><ul><li>Send a company a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack that will compromise the company’s network—if they are not paid a sum of money </li></ul></ul>Cyber Crime Categories
  7. 7. <ul><li>Cyberterrorist – uses the Internet or network to destroy or damage computers for political reasons. </li></ul><ul><ul><li>Usually require a team of highly skilled individuals, millions of dollars, and several years of planning </li></ul></ul>Cyber Crime Categories
  8. 8. Internet and Network Attacks <ul><li>Attacks that jeopardize security include computer viruses, worms, and Trojan horses; botnets; denial of service attacks; back doors; and spoofing. </li></ul><ul><li>Virus – a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission </li></ul><ul><li>Worm –a program that copies itself repeatedly </li></ul><ul><li>Trojan horse – a program that hides within or looks like a legitimate program. </li></ul>
  9. 9. <ul><li>Virus, worms, Trojan horse are classified as malware. </li></ul><ul><li>Malware (malicious software) – program that act without a user’s knowledge and deliberately alter the computer’s operation </li></ul><ul><li>Payload – the destructive event or prank the program is intended to deliver. </li></ul>Internet and Network Attacks
  10. 10. Symptoms of a computer affected by virus, worm or Trojan horse <ul><li>Screen displays unusual message or image </li></ul><ul><li>Available memory is less than expected </li></ul><ul><li>Files become corrupted </li></ul><ul><li>Unknown programs or files mysteriously appear </li></ul><ul><li>Music or unusual sound plays randomly </li></ul><ul><li>Existing programs and files disappear </li></ul><ul><li>Programs or files do not work properly </li></ul><ul><li>System properties change </li></ul>
  11. 11. Safeguards against viruses, worms, and Trojan horses <ul><li>Don’t start with removable media </li></ul><ul><ul><li>CDs, DVDs, and USB flash drives </li></ul></ul><ul><li>Never open an e-mail from an unknown source </li></ul><ul><li>Never open an e-mail attachment unless you are expecting the attachment </li></ul><ul><li>Set macro security level to medium </li></ul><ul><li>Stay informed about new virus alerts and virus hoaxes. </li></ul>
  12. 12. <ul><li>Install antivirus program and update it frequently </li></ul><ul><ul><li>How antivirus programs work </li></ul></ul><ul><ul><ul><li>Look for virus signatures/virus definitions —a known specific pattern of virus code. </li></ul></ul></ul><ul><ul><ul><li>Quarantine infected file </li></ul></ul></ul>Safeguards against viruses, worms, and Trojan horses
  13. 13. Network and Internet Security Risks <ul><li>Denial of service attack (DoS) hackers run multiple copies of a program to flood it and shut it down. </li></ul>
  14. 14. <ul><li>Back Doors </li></ul><ul><ul><li>A program or set of instructions in a program that allows users to bypass security controls when accessing a program, computer, or network. </li></ul></ul><ul><li>Spoofing </li></ul><ul><ul><li>fooling another computer by pretending to send packets from a legitimate source </li></ul></ul>Network and Internet Security Risks
  15. 15. Safeguards against DoS Attacks, Back Doors, and IP Spoofing <ul><li>Firewalls </li></ul><ul><ul><li>allows normal Web browser operations but prevents other types of communication </li></ul></ul><ul><ul><li>checks incoming data against a list of known sources </li></ul></ul><ul><ul><li>data rejected if it does not fit a preset profile </li></ul></ul>
  16. 16. <ul><li>Intrusion Detection Software </li></ul><ul><ul><li>Automatically analyzes all network traffic, assesses system vulnerabilities </li></ul></ul><ul><ul><li>Identifies any unauthorized access (intrusions) </li></ul></ul><ul><ul><li>Notifies network administrators of suspicious behavior patterns or system breaches </li></ul></ul>Safeguards against DoS Attacks, Back Doors, and IP Spoofing
  17. 17. Safeguards Against Unauthorized Access And Use <ul><li>Access control </li></ul><ul><ul><li>A security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer. </li></ul></ul><ul><li>Audit trail </li></ul><ul><ul><li>Records in a file both successful and unsuccessful access attempts. </li></ul></ul><ul><li>User Name and passwords </li></ul><ul><ul><li>Longer passwords provide better security </li></ul></ul>
  18. 18. Password Protections Average Time to Discover Number of Characters Possible Combinations Human Computer 1 36 3 minutes .0000018 seconds 2 1,300 2 hours .00065 seconds 3 47,000 3 days .02 seconds 4 1,700,000 3 months 1 second 5 60,000,000 10 years 30 seconds 10 3,700,000,000,000,000 580 million years 59 years
  19. 19. <ul><li>Possessed Objects </li></ul><ul><ul><li>Any item that you must carry to gain access to a computer or computer facility. (Examples: badges, cards, smart cards & key) </li></ul></ul><ul><ul><li>Often are used in combination with personal identification numbers. </li></ul></ul><ul><li>Biometric Devices </li></ul><ul><ul><li>Authenticates a person’s identify by translating a personal characteristics, such as a fingerprint, into a digital code that is then compared with a digital code stored in the computer to verify a physical or behavioral characteristic </li></ul></ul>Safeguards Against Unauthorized Access And Use
  20. 20. Lets Review <ul><li>A back door attack is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail. </li></ul><ul><ul><li>Answer </li></ul></ul><ul><ul><li>Denial of service </li></ul></ul>
  21. 21. Lets Review <ul><li>2. All networked and online computer users should implement a firewall solution. </li></ul>Answer Yes, because a firewall protects a network’s resources from intrusion (software or hardware) by users on another network.
  22. 22. Lets Review <ul><li>3. Computer viruses, worms, and Trojan horses are malware that act with a user’s knowledge. </li></ul>Answer Are classified as malware, but acts with out a user’s knowledge and deliberately alters the computer’s operations.
  23. 23. Lets Review <ul><li>4. Shorter passwords provide greater security than longer ones. </li></ul>Answer The longer the password, the more effort required to discover it.
  24. 24. Lets Review <ul><li>5. Updating an antivirus program’s quarantine protects a computer against viruses written since the antivirus program was released. </li></ul>Answer Updating an antivirus program’s signature files protects a computer against viruses written since the antivirus program was release.
  25. 25. Theft and Vandalism <ul><li>Hardware </li></ul><ul><ul><li>Locking doors/windows </li></ul></ul><ul><ul><li>Install alarm systems </li></ul></ul><ul><ul><li>Using cables to lock computers to stationary object </li></ul></ul><ul><ul><li>Install a mini-security system </li></ul></ul><ul><li>Software piracy —unauthorized and illegal duplication of copyrighted software. </li></ul><ul><ul><li>License agreement </li></ul></ul>
  26. 26. License Agreement <ul><li>Are permitted to </li></ul><ul><ul><li>Install on only one computer </li></ul></ul><ul><ul><li>Make one copy of the software as a backup </li></ul></ul><ul><ul><li>Give or sell the software to another individual, but only is the software is removed from the user’s computer first. </li></ul></ul><ul><li>Not allowed to: </li></ul><ul><ul><li>Install the software on a network, such as a school computer lab </li></ul></ul><ul><ul><li>Give copies to friends and colleagues, while continuing to use the software </li></ul></ul><ul><ul><li>Export the software </li></ul></ul><ul><ul><li>Rent or lease the software </li></ul></ul>
  27. 27. Theft <ul><li>Information – occurs when someone steals personal or confidential information. </li></ul><ul><ul><li>Encryption—the process of converting readable data into unreadable characters to prevent unauthorized access. </li></ul></ul><ul><ul><ul><li>Plaintext--Unencrypted, readable data </li></ul></ul></ul><ul><ul><ul><li>Ciphertext—is the scrambled (encrypted) data </li></ul></ul></ul><ul><ul><ul><li>Encryption key—a programmed formula that the recipient of the data uses to decrypt ciphertext. </li></ul></ul></ul>
  28. 28. Security Risk <ul><li>System failure – the prolonged malfunction of a computer </li></ul><ul><ul><li>Safeguards </li></ul></ul><ul><ul><ul><li>Surge protectors </li></ul></ul></ul><ul><ul><ul><li>Uninterruptible power supply (UPS) </li></ul></ul></ul><ul><li>Backup files </li></ul>
  29. 29. Let’s Review <ul><li>True or False. An end-user license agreement (EULA) permits users to give copies to friends and colleagues, while continuing to use the software. </li></ul>Answer False, Does not permit users to give copies to friends and colleagues, while continuing to use the software.
  30. 30. <ul><li>True or False. Encryption is a process of converting ciphertext into plaintext to prevent authorized access. </li></ul>Let’s Review Answer False. Converting plaintext into ciphertext
  31. 31. <ul><li>3. True or False. Mobile users are not susceptible to hardware theft. </li></ul>Let’s Review Answer False. They are susceptible
  32. 32. <ul><li>4. True or False. To prevent against data loss caused by a system failure, computer users should restore files regularly. </li></ul>Let’s Review Answer Backup files regularly
  33. 33. Did You Know? The penalty for copying software can be up to $250,000, five years in prison , or both?
  34. 34. Security Strategies for Protecting Computer Systems and Data <ul><li>Network Sniffer </li></ul><ul><li>displays network traffic data </li></ul><ul><li>shows which resources employees use and Web sites they visit </li></ul><ul><li>can be used to troubleshoot network connections and improve system performance </li></ul>

Hinweis der Redaktion

  • Both hackers and crackers have advanced computer and network skills
  • Example: The extensive damage might destroy the nation’s air traffic control system, electricity-generating companies, or a telecommunications infrastructure. The more common computer securityb risks include Internet theft, network attacks, unauthorized access, and use, hardware theft, software theft, information thft, and system failure.
  • Every unprotected computer is susceptible to these computer security risks: computer virus; worm; Trojan Horse Once the virus infects the computer, it can spread throughout and may damage files and system software, including the operating system. Worm example: in memory or on a network , using up resources and possible shutting down the computer or network Trojan horse – a certain condition or action usually triggers the Trojan horse. Unlike a virus or worm, a Trojan horse does not replicate itself to other computers
  • Unscrupulous programmers write malware and then test it to ensure it can deliver its payload.
  • Many programs allow a user to preview an e-mail message before or without opening it. Thus you should turn off message preview in your e-mail program. Virus hoax – an e-mail message that warns users of a nonexistent virus, worm, or Trojan horse. Often, these virus hoaxes are in the form of a chain letter that request the user to send a copy of the e-mail messages to as many people as possible. Antivirus program—protects a computer against viruses by identifying and removing an y computer viruses found in memory, on storage media, or on incoming files. Most antivirus programs also protect against worms, Trojan horses, and spyware. Some viruses are hidden in macros, which are instructions saved in an application such as a word processing or spreadsheet program.
  • Back Doors – once inside the software, they often install a back door or modify an existing program to include as back door, which allows them to continue to access the computer remotely without the user’s knowledge. Spoofing – Perpetrators trick their victims into interacting with a phony Web site. The victim may provide confidential information or download files containing viruses, worms, or other malwar fooling another computer by pretending to send packets from a legitimate source e.
  • Software requires the expertise of a network administrator because the programs are complex and difficult to use and interpret. These programs are expensive.
  • a mini-security system -- shuts down the computer and sound an alarm if the computer is moved outside a specified distance License agreement—is the right to use the software
  • System failure– can cause loss of hardware, software, data, or information. UPS – advice the contains surge protection circuits and one or more batteries that can provide power during a loss of power. A ups connects between your computers and a power source.