SlideShare ist ein Scribd-Unternehmen logo

Computer security and

Als PPTX, PDF herunterladen
Rana Usman Sattar
Rana Usman Sattar
1 von 43
COMPUTER SECURITY AND SAFETY, ETHICS, AND PRIVACY Slides By Rana Usman Sattar Student Of BBA(Hons) PMAS Arid Agriculture University Rawalpindi Gmail: ranaa.usman@gmail.com Facebook: usman.shan86@yahoo.com
COMPUTER SECURITY RISKS  A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.  While some breaches to computer security are accidental, many are intentional.
COMPUTER SECURITY RISKS  An intentional breach of computer security often involves a deliberate act that is against the law.  Any illegal act involving a computer generally is referred to as a computer crime.  The term cybercrime refers to online or Internet-based illegal acts. Software used by cybercriminals sometimes is called crimeware.
COMPUTER SECURITY RISKS  Perpetrators of cybercrime and other intrusions fall into seven basic categories:
COMPUTER SECURITY RISKS  The term hacker, although originally a complimentary word for a computer enthusiast, now has a derogatory meaning and refers to someone who accesses a computer or network illegally.  A cracker also is someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious action
COMPUTER SECURITY RISKS  A script kiddie has the same intent as a cracker but does not have the technical skills and knowledge.
COMPUTER SECURITY RISKS  Some corporate spies have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information, or to help identify security risks in their own organization.  Unethical employees may break into their employers’ computers for a variety of reasons.
COMPUTER SECURITY RISKS  A cyberextortionist is someone who uses e-mail as a vehicle for extortion. These perpetrators send an organization a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack  A cyberterrorist is someone who uses the Internet or network to destroy or damage computers for political reasons
INTERNET AND NETWORK ATTACKS  A computer virus is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission  A worm is a program that copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer or network.
INTERNET AND NETWORK ATTACKS  A Trojan horse (named after the Greek myth) is a program that hides within or looks like a legitimate program.  A rootkit is a program that hides in a computer and allows someone from a remote location to take full control of the computer.
BOTNETS  A botnet is a group of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks, usually for nefarious purposes.  A bot is a program that performs a repetitive task on a network. Cybercriminals install malicious bots on unprotected computers to create a botnet.
DENIAL OF SERVICE ATTACKS  A denial of service attack, or DoS attack, is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail.  A more devastating type of DoS attack is the DDoS (distributed DoS) attack, in which a zombie army is used to attack computers or computer networks.
BACK DOORS  A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network Once perpetrators gain access to unsecure computers, they often install a back door or modify an existing program to include a back door, which allows them to continue to access the computer remotely without the user’s knowledge.
SPOOFING  Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network.  E-mail spoofing  IP spoofing
SAFEGUARDS AGAINST BOTNETS, DOS/DDO ATTACKS, BACK DOORS, AND SPOOFING  Firewalls A firewall is hardware and/or software that Protects a network’s resources from intrusion by users on another network such as the Internet.  Organizations use firewalls to protect network resources from outsiders and to restrict employees’ access to sensitive data such as payroll or personnel records.
SAFEGUARDS AGAINST BOTNETS, DOS/DDO ATTACKS, BACK DOORS, AND SPOOFING  A proxy server is a server outside the organization’s network that controls which communications pass into the organization’s network.  Intrusion Detection Software automatically analyses all network traffic, assesses system vulnerabilities, identifies any unauthorized intrusions, and notifies network administrators of suspicious behaviour patterns or system breaches.
SAFEGUARDS AGAINST BOTNETS, DOS/DDO ATTACKS, BACK DOORS, AND SPOOFING  Honeypots Some organizations use honey pots so that they can analyse an attack being perpetrated.  A honey pot is a vulnerable computer that is set up to entice an intruder to break into it.
SAFEGUARDS AGAINST COMPUTER VIRUSES AND OTHER MALWARE  Do not start a computer with removable media inserted in the drives or plugged in the ports.  Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source.  Some viruses are hidden in macros, which are instructions saved in software such as a word processing or spreadsheet program.
SAFEGUARDS AGAINST COMPUTER VIRUSES AND OTHER MALWARE  Users should install an antivirus program and update it frequently.
UNAUTHORIZED ACCESS AND USE  Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities.
IDENTIFYING AND AUTHENTICATING USERS  Identification verifies that an individual is a valid user.  Authentication verifies that the individual is the person he or she claims to be.  Three methods of identification and authentication include user names and passwords, possessed objects (badges, cards, smart cards,and keys, PIN), and biometric devices.
DIGITAL FORENSICS  Digital forensics, also called computer forensics, network forensics, or cyberforensics, is the discovery, collection, and analysis of evidence found on computers and networks.  Digital forensics involves the examination of computer media, programs, data and log files on computers,servers, and networks. Many areas use digital forensics, including law enforcement, criminal prosecutors, military intelligence, insurance agencies, and information security departments in the private sector.
HARDWARE THEFT AND VANDALISM  Hardware theft is the act of stealing computer equipment.  Hardware vandalism is the act of defacing or destroying computer equipment. Hardware vandalism takes many forms, from someone cutting a computer cable to individuals breaking into a business or school computer lab and aimlessly smashing computers.
SAFEGUARDS AGAINST HARDWARE THEFT AND VANDALISM  Physical access controls, such as locked doors and windows, usually are adequate to protect the equipment.  Some businesses use a real time location system (RTLS) to track and identify the location of high-risk or high-value items. One implementation of RTLS places RFID tags in items to be tracked.
SOFTWARE THEFT  Software theft occurs when someone (1) steals software media, (2) intentionally erases programs, (3) illegally copies a program, or (4) illegally registers and/or activates a program(key gen).
SAFEGUARDS AGAINST SOFTWARE THEFT  To protect themselves from software piracy, software manufacturers issue users license agreements.  A license agreement is the right to use the software. All computer users should back up their files and disks regularly, in the event of theft.
INFORMATION THEFT  Information theft occurs when someone steals personal or confidential information. If stolen, the loss of information can cause as much damage as (if not more than) hardware or software theft.
SAFEGUARDS AGAINST INFORMATION THEFT  Encryption  Encryption is a process of converting readable data into unreadable characters to prevent unauthorized access. You treat encrypted data just like any other data. That is, you can store it or send it in an e-mail message. To read the data, the recipient must decrypt, or decipher, it into a readable form.
SAFEGUARDS AGAINST INFORMATION THEFT  A digital signature is an encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the message sender.  A digital certificate is a notice that guarantees a user or a Web site is legitimate. E-commerce applications commonly use digital certificates.  Web browsers, such as Internet Explorer, often display a warning message if a Web site does not have a valid digital certificate.
SAFEGUARDS AGAINST INFORMATION THEFT  Transport Layer Security (TLS), a successor to Secure Sockets Layer (SSL), provides encryption of all data that passes between a client and an Internet server.  Secure HTTP (S-HTTP) allows users to choose an encryption scheme for data that passes between a client and a server. With S-HTTP, the client and server both must have digital certificates.  VPN
SYSTEM FAILURE  A system failure is the prolonged malfunction of a computer. System failure also can cause loss of hardware, software, data, or information.  A variety of causes can lead to system failure. These include aging hardware; natural disasters such as fires, floods, or hurricanes; random events such as electrical power problems; and even errors in computer programs.
WIRELESS SECURITY  A wireless access point (WAP) should be configured so that it does not broadcast a network name, known as an SSID (service set identifier).  Wi-Fi Protected Access (WPA) is a security Standard  An 802.11i network, sometimes called WPA2, the most recent network security standard
ETHICS AND SOCIETY  Computer ethics are the moral guidelines that govern the use of computers and information systems.  Seven frequently discussed areas of computer  ethics are unauthorized use of computers and networks, software theft (piracy), information accuracy, intellectual property rights, codes of conduct, information privacy, and green computing.
 Information Accuracy Information accuracy today is a concern because many users access information maintained by other people or companies, such as on the Internet.  Intellectual Property Rights Intellectual property (IP) refers to unique and original works such as ideas, inventions, art, writings, processes, company and product names, and logos. Intellectual property rights are the rights to which creators are entitled for their work.  A copyright gives authors and artists exclusive rights to duplicate, publish, and sell their materials.
 Codes of Conduct Recognizing that individuals need specific standards for the ethical use of computers, a number of computer-related organizations have established IT (information technology) codes of conduct.  An IT code of conduct is a written guideline that helps determine whether a specific computer action is ethical or unethical.
 Green Computing Green computing involves reducing the electricity and environmental waste while using a computer. People use, and often waste, resources such as electricity and paper while using a computer.
 Information privacy refers to the right of individuals and companies to deny or restrict the collection and use of information about them.  Electronic Profiles When you fill out a form such as a magazine subscription, product warranty registration card, or contest entry form, the merchant that receives the form usually enters it into a database.
 Cookies E-commerce and other Web applications often rely on cookies to identify users and customize Web pages.  A cookie is a small text file that a Web server stores on your computer. Cookie files typically contain data about you, such as your user name or viewing preferences.
 Spam Spam is an unsolicited e-mail message or newsgroup posting sent to many recipients or news groups at once.  Spam is Internet junk mail The content of spam ranges from selling a product or service, to promoting a business opportunity, to advertising offensive material.  An alternative to e-mail filtering is to purchase an anti-spam program that attempts to remove spam before it reaches your inbox.
 Privacy Laws The concern about privacy has led to the enactment of federal and state laws regarding the storage and disclosure of personal data.  Social Engineering Social engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others.
 Phishing Phishing is a scam in which a person sends an official looking e-mail message that attempts to obtain your personal and financial information.  Spyware and Adware spyware is a program placed on a computer without the user’s knowledge that secretly collects information about the user. spyware is a program placed on a computer without the user’s knowledge that secretly collects information about the user.  Adware is a program that displays an online advertisement in a banner or pop-up window on Web pages, e-mail messages, or other Internet services.
 Employee Monitoring Employee monitoring involves the use of computers to observe, record, and review an employee’s use of a computer, including communications such as e-mail messages, keyboard activity (used to measure productivity), and Web sites visited.
 Content Filtering Content filtering is the process of restricting access to certain material on the Web. Content filtering opponents argue that banning any materials violates constitutional guarantees of free speech and personal rights.

Empfohlen

Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Computer security
Computer securityComputer security
Computer securityShashi Chandra
 
Cyber security
Cyber security Cyber security
Cyber security ZwebaButt
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 
system Security
system Security system Security
system Security Gaurav Mishra
 

Empfohlen

Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amosAmos Oyoo
 
Cyber security
Cyber securityCyber security
Cyber securityBhavin Shah
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityStephen Lahanas
 
Computer security
Computer securityComputer security
Computer securityShashi Chandra
 
Cyber security
Cyber security Cyber security
Cyber security ZwebaButt
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 
system Security
system Security system Security
system Security Gaurav Mishra
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securityEng. Shuaib ibrahim
 
Ppt
PptPpt
PptGeetu Khanna
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Simon Salter
 
Cyber security
Cyber securityCyber security
Cyber securityRishav Sadhu
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security pptCH Asim Zubair
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks Anuradha Moti T
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End UsersCommunity IT Innovators
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxANIKETKUMARSHARMA3
 
Computer security risks
Computer security risksComputer security risks
Computer security risksAasim Mushtaq
 
cyber security
cyber securitycyber security
cyber securityBasineniUdaykumar
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
Cyber security
Cyber securityCyber security
Cyber securityKomal Samdariya
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber SecurityDominic Rajesh
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security PresentationHaniyaMaha
 
Virus and worms
Virus and wormsVirus and worms
Virus and wormsVikas Sharma
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 
Cyber security
Cyber securityCyber security
Cyber securitySamsil Arefin
 
Nonverbal communication
Nonverbal communicationNonverbal communication
Nonverbal communicationRana Usman Sattar
 
Computer Security
Computer SecurityComputer Security
Computer SecurityWilliam Mann
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Simon Salter
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Computer security risks
Computer security risksComputer security risks
Computer security risksAasim Mushtaq
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber securityAnimesh Roy
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber SecurityDominic Rajesh
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security PresentationHaniyaMaha
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerabilityA. Shamel
 

Was ist angesagt? (20)

Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
Ppt
PptPpt
Ppt
 
Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me" Cyber Security Presentation "It Will Never Happen To Me"
Cyber Security Presentation "It Will Never Happen To Me"
 
Cyber security
Cyber securityCyber security
Cyber security
 
Social engineering
Social engineering Social engineering
Social engineering
 
Cyber security ppt
Cyber security pptCyber security ppt
Cyber security ppt
 
Cyber attacks
Cyber attacks Cyber attacks
Cyber attacks
 
Basic Security Training for End Users
Basic Security Training for End UsersBasic Security Training for End Users
Basic Security Training for End Users
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Computer security risks
Computer security risksComputer security risks
Computer security risks
 
cyber security
cyber securitycyber security
cyber security
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
Cyber security
Cyber securityCyber security
Cyber security
 
General Awareness On Cyber Security
General Awareness On Cyber SecurityGeneral Awareness On Cyber Security
General Awareness On Cyber Security
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
 
Virus and worms
Virus and wormsVirus and worms
Virus and worms
 
Security vulnerability
Security vulnerabilitySecurity vulnerability
Security vulnerability
 
Cyber security
Cyber securityCyber security
Cyber security
 

Andere mochten auch

Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacyArdit Meti
 
The Revolution from Transistor to Digital Electronics
The Revolution from Transistor to Digital ElectronicsThe Revolution from Transistor to Digital Electronics
The Revolution from Transistor to Digital ElectronicsSubhajit Bhattacharjee
 
Stack implementation using c
Stack implementation using cStack implementation using c
Stack implementation using cRajendran
 
Trees - Data structures in C/Java
Trees - Data structures in C/JavaTrees - Data structures in C/Java
Trees - Data structures in C/Javageeksrik
 
Working with Dimensional data in Distributed Hash Tables
Working with Dimensional data in Distributed Hash TablesWorking with Dimensional data in Distributed Hash Tables
Working with Dimensional data in Distributed Hash TablesMike Malone
 
15. STL - Data Structures using C++ by Varsha Patil
15. STL - Data Structures using C++ by Varsha Patil15. STL - Data Structures using C++ by Varsha Patil
15. STL - Data Structures using C++ by Varsha Patilwidespreadpromotion
 
14. Files - Data Structures using C++ by Varsha Patil
14. Files - Data Structures using C++ by Varsha Patil14. Files - Data Structures using C++ by Varsha Patil
14. Files - Data Structures using C++ by Varsha Patilwidespreadpromotion
 
3. Stack - Data Structures using C++ by Varsha Patil
3. Stack - Data Structures using C++ by Varsha Patil3. Stack - Data Structures using C++ by Varsha Patil
3. Stack - Data Structures using C++ by Varsha Patilwidespreadpromotion
 
Ebook En Sams Data Structures & Algorithms In Java
Ebook En Sams Data Structures & Algorithms In JavaEbook En Sams Data Structures & Algorithms In Java
Ebook En Sams Data Structures & Algorithms In JavaAldo Quelopana
 

Andere mochten auch (20)

Nonverbal communication
Nonverbal communicationNonverbal communication
Nonverbal communication
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Computer security ethics_and_privacy
Computer security ethics_and_privacyComputer security ethics_and_privacy
Computer security ethics_and_privacy
 
The Revolution from Transistor to Digital Electronics
The Revolution from Transistor to Digital ElectronicsThe Revolution from Transistor to Digital Electronics
The Revolution from Transistor to Digital Electronics
 
Seminar algorithms of web
Seminar algorithms of webSeminar algorithms of web
Seminar algorithms of web
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
 
Stack implementation using c
Stack implementation using cStack implementation using c
Stack implementation using c
 
Hash tables
Hash tablesHash tables
Hash tables
 
Trees - Data structures in C/Java
Trees - Data structures in C/JavaTrees - Data structures in C/Java
Trees - Data structures in C/Java
 
Working with Dimensional data in Distributed Hash Tables
Working with Dimensional data in Distributed Hash TablesWorking with Dimensional data in Distributed Hash Tables
Working with Dimensional data in Distributed Hash Tables
 
15. STL - Data Structures using C++ by Varsha Patil
15. STL - Data Structures using C++ by Varsha Patil15. STL - Data Structures using C++ by Varsha Patil
15. STL - Data Structures using C++ by Varsha Patil
 
14. Files - Data Structures using C++ by Varsha Patil
14. Files - Data Structures using C++ by Varsha Patil14. Files - Data Structures using C++ by Varsha Patil
14. Files - Data Structures using C++ by Varsha Patil
 
3. Stack - Data Structures using C++ by Varsha Patil
3. Stack - Data Structures using C++ by Varsha Patil3. Stack - Data Structures using C++ by Varsha Patil
3. Stack - Data Structures using C++ by Varsha Patil
 
Networking devices
Networking devicesNetworking devices
Networking devices
 
linked list
linked list linked list
linked list
 
linked list
linked list linked list
linked list
 
Link List
Link ListLink List
Link List
 
Ch17 Hashing
Ch17 HashingCh17 Hashing
Ch17 Hashing
 
Binary tree
Binary treeBinary tree
Binary tree
 
Ebook En Sams Data Structures & Algorithms In Java
Ebook En Sams Data Structures & Algorithms In JavaEbook En Sams Data Structures & Algorithms In Java
Ebook En Sams Data Structures & Algorithms In Java
 

Ähnlich wie Computer security and

Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyHaider Ali Malik
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptxbabepa2317
 
Basics of System Security and Tools
Basics of System Security and ToolsBasics of System Security and Tools
Basics of System Security and ToolsKaran Bhandari
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks ShellyAdeel Khurram
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
Computing safety ryr
Computing safety ryrComputing safety ryr
Computing safety ryrryrsyd
 
Information security
Information securityInformation security
Information securityIshaRana14
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfsrtwgwfwwgw
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Data protection and security
Data protection and securityData protection and security
Data protection and securitynazar60
 
Internet security
Internet securityInternet security
Internet securityat1211
 

Ähnlich wie Computer security and (20)

Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
INTERNET SECURITY.pptx
INTERNET SECURITY.pptxINTERNET SECURITY.pptx
INTERNET SECURITY.pptx
 
cybersecurity
cybersecuritycybersecurity
cybersecurity
 
computer security
computer securitycomputer security
computer security
 
Basics of System Security and Tools
Basics of System Security and ToolsBasics of System Security and Tools
Basics of System Security and Tools
 
cyber security
cyber security cyber security
cyber security
 
Computer Security risks Shelly
Computer Security risks ShellyComputer Security risks Shelly
Computer Security risks Shelly
 
Chapter 10.0
Chapter 10.0Chapter 10.0
Chapter 10.0
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
 
Data security
Data securityData security
Data security
 
Computing safety ryr
Computing safety ryrComputing safety ryr
Computing safety ryr
 
Information security
Information securityInformation security
Information security
 
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdfImplications of Computer Misuse and Cyber Security (Teaching) (1).pdf
Implications of Computer Misuse and Cyber Security (Teaching) (1).pdf
 
Insecurity vssut
Insecurity vssutInsecurity vssut
Insecurity vssut
 
Cybersecurity from A to Z
Cybersecurity from A to ZCybersecurity from A to Z
Cybersecurity from A to Z
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Data protection and security
Data protection and securityData protection and security
Data protection and security
 
Cyber security
Cyber security Cyber security
Cyber security
 
Internet security
Internet securityInternet security
Internet security
 

Mehr von Rana Usman Sattar

Importance of colors in a presentation
Importance of colors in a presentationImportance of colors in a presentation
Importance of colors in a presentationRana Usman Sattar
 
Lesikar report writing basics
Lesikar report writing basicsLesikar report writing basics
Lesikar report writing basicsRana Usman Sattar
 
Chapter 2 writing a business letter
Chapter 2 writing a business letterChapter 2 writing a business letter
Chapter 2 writing a business letterRana Usman Sattar
 
Organizational communication
Organizational communicationOrganizational communication
Organizational communicationRana Usman Sattar
 

Mehr von Rana Usman Sattar (20)

Social psychology conformty
Social psychology conformtySocial psychology conformty
Social psychology conformty
 
Elliot aronson (3)
Elliot aronson (3)Elliot aronson (3)
Elliot aronson (3)
 
Operating systems
Operating systemsOperating systems
Operating systems
 
Internet
InternetInternet
Internet
 
Google news
Google newsGoogle news
Google news
 
Communications
CommunicationsCommunications
Communications
 
Application software
Application softwareApplication software
Application software
 
The system unit ch # 4
The system unit ch # 4The system unit ch # 4
The system unit ch # 4
 
Output ch # 6
Output ch # 6Output ch # 6
Output ch # 6
 
Storage ch # 7
Storage ch # 7Storage ch # 7
Storage ch # 7
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
 
Chapter 5 input
Chapter 5 inputChapter 5 input
Chapter 5 input
 
The constitution of 1962
The constitution of 1962The constitution of 1962
The constitution of 1962
 
Importance of colors in a presentation
Importance of colors in a presentationImportance of colors in a presentation
Importance of colors in a presentation
 
Presentation hints
Presentation hintsPresentation hints
Presentation hints
 
Power pointguidelines
Power pointguidelinesPower pointguidelines
Power pointguidelines
 
Writing a memorandum
Writing a memorandumWriting a memorandum
Writing a memorandum
 
Lesikar report writing basics
Lesikar report writing basicsLesikar report writing basics
Lesikar report writing basics
 
Chapter 2 writing a business letter
Chapter 2 writing a business letterChapter 2 writing a business letter
Chapter 2 writing a business letter
 
Organizational communication
Organizational communicationOrganizational communication
Organizational communication
 

Computer security and

  • 1. COMPUTER SECURITY AND SAFETY, ETHICS, AND PRIVACY Slides By Rana Usman Sattar Student Of BBA(Hons) PMAS Arid Agriculture University Rawalpindi Gmail: ranaa.usman@gmail.com Facebook: usman.shan86@yahoo.com
  • 2. COMPUTER SECURITY RISKS  A computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.  While some breaches to computer security are accidental, many are intentional.
  • 3. COMPUTER SECURITY RISKS  An intentional breach of computer security often involves a deliberate act that is against the law.  Any illegal act involving a computer generally is referred to as a computer crime.  The term cybercrime refers to online or Internet-based illegal acts. Software used by cybercriminals sometimes is called crimeware.
  • 4. COMPUTER SECURITY RISKS  Perpetrators of cybercrime and other intrusions fall into seven basic categories:
  • 5. COMPUTER SECURITY RISKS  The term hacker, although originally a complimentary word for a computer enthusiast, now has a derogatory meaning and refers to someone who accesses a computer or network illegally.  A cracker also is someone who accesses a computer or network illegally but has the intent of destroying data, stealing information, or other malicious action
  • 6. COMPUTER SECURITY RISKS  A script kiddie has the same intent as a cracker but does not have the technical skills and knowledge.
  • 7. COMPUTER SECURITY RISKS  Some corporate spies have excellent computer and networking skills and are hired to break into a specific computer and steal its proprietary data and information, or to help identify security risks in their own organization.  Unethical employees may break into their employers’ computers for a variety of reasons.
  • 8. COMPUTER SECURITY RISKS  A cyberextortionist is someone who uses e-mail as a vehicle for extortion. These perpetrators send an organization a threatening e-mail message indicating they will expose confidential information, exploit a security flaw, or launch an attack  A cyberterrorist is someone who uses the Internet or network to destroy or damage computers for political reasons
  • 9. INTERNET AND NETWORK ATTACKS  A computer virus is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission  A worm is a program that copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer or network.
  • 10. INTERNET AND NETWORK ATTACKS  A Trojan horse (named after the Greek myth) is a program that hides within or looks like a legitimate program.  A rootkit is a program that hides in a computer and allows someone from a remote location to take full control of the computer.
  • 11. BOTNETS  A botnet is a group of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks, usually for nefarious purposes.  A bot is a program that performs a repetitive task on a network. Cybercriminals install malicious bots on unprotected computers to create a botnet.
  • 12. DENIAL OF SERVICE ATTACKS  A denial of service attack, or DoS attack, is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail.  A more devastating type of DoS attack is the DDoS (distributed DoS) attack, in which a zombie army is used to attack computers or computer networks.
  • 13. BACK DOORS  A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network Once perpetrators gain access to unsecure computers, they often install a back door or modify an existing program to include a back door, which allows them to continue to access the computer remotely without the user’s knowledge.
  • 14. SPOOFING  Spoofing is a technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network.  E-mail spoofing  IP spoofing
  • 15. SAFEGUARDS AGAINST BOTNETS, DOS/DDO ATTACKS, BACK DOORS, AND SPOOFING  Firewalls A firewall is hardware and/or software that Protects a network’s resources from intrusion by users on another network such as the Internet.  Organizations use firewalls to protect network resources from outsiders and to restrict employees’ access to sensitive data such as payroll or personnel records.
  • 16. SAFEGUARDS AGAINST BOTNETS, DOS/DDO ATTACKS, BACK DOORS, AND SPOOFING  A proxy server is a server outside the organization’s network that controls which communications pass into the organization’s network.  Intrusion Detection Software automatically analyses all network traffic, assesses system vulnerabilities, identifies any unauthorized intrusions, and notifies network administrators of suspicious behaviour patterns or system breaches.
  • 17. SAFEGUARDS AGAINST BOTNETS, DOS/DDO ATTACKS, BACK DOORS, AND SPOOFING  Honeypots Some organizations use honey pots so that they can analyse an attack being perpetrated.  A honey pot is a vulnerable computer that is set up to entice an intruder to break into it.
  • 18. SAFEGUARDS AGAINST COMPUTER VIRUSES AND OTHER MALWARE  Do not start a computer with removable media inserted in the drives or plugged in the ports.  Never open an e-mail attachment unless you are expecting the attachment and it is from a trusted source.  Some viruses are hidden in macros, which are instructions saved in software such as a word processing or spreadsheet program.
  • 19. SAFEGUARDS AGAINST COMPUTER VIRUSES AND OTHER MALWARE  Users should install an antivirus program and update it frequently.
  • 20. UNAUTHORIZED ACCESS AND USE  Unauthorized access is the use of a computer or network without permission. Unauthorized use is the use of a computer or its data for unapproved or possibly illegal activities.
  • 21. IDENTIFYING AND AUTHENTICATING USERS  Identification verifies that an individual is a valid user.  Authentication verifies that the individual is the person he or she claims to be.  Three methods of identification and authentication include user names and passwords, possessed objects (badges, cards, smart cards,and keys, PIN), and biometric devices.
  • 22. DIGITAL FORENSICS  Digital forensics, also called computer forensics, network forensics, or cyberforensics, is the discovery, collection, and analysis of evidence found on computers and networks.  Digital forensics involves the examination of computer media, programs, data and log files on computers,servers, and networks. Many areas use digital forensics, including law enforcement, criminal prosecutors, military intelligence, insurance agencies, and information security departments in the private sector.
  • 23. HARDWARE THEFT AND VANDALISM  Hardware theft is the act of stealing computer equipment.  Hardware vandalism is the act of defacing or destroying computer equipment. Hardware vandalism takes many forms, from someone cutting a computer cable to individuals breaking into a business or school computer lab and aimlessly smashing computers.
  • 24. SAFEGUARDS AGAINST HARDWARE THEFT AND VANDALISM  Physical access controls, such as locked doors and windows, usually are adequate to protect the equipment.  Some businesses use a real time location system (RTLS) to track and identify the location of high-risk or high-value items. One implementation of RTLS places RFID tags in items to be tracked.
  • 25. SOFTWARE THEFT  Software theft occurs when someone (1) steals software media, (2) intentionally erases programs, (3) illegally copies a program, or (4) illegally registers and/or activates a program(key gen).
  • 26. SAFEGUARDS AGAINST SOFTWARE THEFT  To protect themselves from software piracy, software manufacturers issue users license agreements.  A license agreement is the right to use the software. All computer users should back up their files and disks regularly, in the event of theft.
  • 27. INFORMATION THEFT  Information theft occurs when someone steals personal or confidential information. If stolen, the loss of information can cause as much damage as (if not more than) hardware or software theft.
  • 28. SAFEGUARDS AGAINST INFORMATION THEFT  Encryption  Encryption is a process of converting readable data into unreadable characters to prevent unauthorized access. You treat encrypted data just like any other data. That is, you can store it or send it in an e-mail message. To read the data, the recipient must decrypt, or decipher, it into a readable form.
  • 29. SAFEGUARDS AGAINST INFORMATION THEFT  A digital signature is an encrypted code that a person, Web site, or organization attaches to an electronic message to verify the identity of the message sender.  A digital certificate is a notice that guarantees a user or a Web site is legitimate. E-commerce applications commonly use digital certificates.  Web browsers, such as Internet Explorer, often display a warning message if a Web site does not have a valid digital certificate.
  • 30. SAFEGUARDS AGAINST INFORMATION THEFT  Transport Layer Security (TLS), a successor to Secure Sockets Layer (SSL), provides encryption of all data that passes between a client and an Internet server.  Secure HTTP (S-HTTP) allows users to choose an encryption scheme for data that passes between a client and a server. With S-HTTP, the client and server both must have digital certificates.  VPN
  • 31. SYSTEM FAILURE  A system failure is the prolonged malfunction of a computer. System failure also can cause loss of hardware, software, data, or information.  A variety of causes can lead to system failure. These include aging hardware; natural disasters such as fires, floods, or hurricanes; random events such as electrical power problems; and even errors in computer programs.
  • 32. WIRELESS SECURITY  A wireless access point (WAP) should be configured so that it does not broadcast a network name, known as an SSID (service set identifier).  Wi-Fi Protected Access (WPA) is a security Standard  An 802.11i network, sometimes called WPA2, the most recent network security standard
  • 33. ETHICS AND SOCIETY  Computer ethics are the moral guidelines that govern the use of computers and information systems.  Seven frequently discussed areas of computer  ethics are unauthorized use of computers and networks, software theft (piracy), information accuracy, intellectual property rights, codes of conduct, information privacy, and green computing.
  • 34.  Information Accuracy Information accuracy today is a concern because many users access information maintained by other people or companies, such as on the Internet.  Intellectual Property Rights Intellectual property (IP) refers to unique and original works such as ideas, inventions, art, writings, processes, company and product names, and logos. Intellectual property rights are the rights to which creators are entitled for their work.  A copyright gives authors and artists exclusive rights to duplicate, publish, and sell their materials.
  • 35.  Codes of Conduct Recognizing that individuals need specific standards for the ethical use of computers, a number of computer-related organizations have established IT (information technology) codes of conduct.  An IT code of conduct is a written guideline that helps determine whether a specific computer action is ethical or unethical.
  • 36. Green Computing Green computing involves reducing the electricity and environmental waste while using a computer. People use, and often waste, resources such as electricity and paper while using a computer.
  • 37.  Information privacy refers to the right of individuals and companies to deny or restrict the collection and use of information about them.  Electronic Profiles When you fill out a form such as a magazine subscription, product warranty registration card, or contest entry form, the merchant that receives the form usually enters it into a database.
  • 38.  Cookies E-commerce and other Web applications often rely on cookies to identify users and customize Web pages.  A cookie is a small text file that a Web server stores on your computer. Cookie files typically contain data about you, such as your user name or viewing preferences.
  • 39.  Spam Spam is an unsolicited e-mail message or newsgroup posting sent to many recipients or news groups at once.  Spam is Internet junk mail The content of spam ranges from selling a product or service, to promoting a business opportunity, to advertising offensive material.  An alternative to e-mail filtering is to purchase an anti-spam program that attempts to remove spam before it reaches your inbox.
  • 40.  Privacy Laws The concern about privacy has led to the enactment of federal and state laws regarding the storage and disclosure of personal data.  Social Engineering Social engineering is defined as gaining unauthorized access or obtaining confidential information by taking advantage of the trusting human nature of some victims and the naivety of others.
  • 41. Phishing Phishing is a scam in which a person sends an official looking e-mail message that attempts to obtain your personal and financial information.  Spyware and Adware spyware is a program placed on a computer without the user’s knowledge that secretly collects information about the user. spyware is a program placed on a computer without the user’s knowledge that secretly collects information about the user.  Adware is a program that displays an online advertisement in a banner or pop-up window on Web pages, e-mail messages, or other Internet services.
  • 42. Employee Monitoring Employee monitoring involves the use of computers to observe, record, and review an employee’s use of a computer, including communications such as e-mail messages, keyboard activity (used to measure productivity), and Web sites visited.
  • 43. Content Filtering Content filtering is the process of restricting access to certain material on the Web. Content filtering opponents argue that banning any materials violates constitutional guarantees of free speech and personal rights.