Chp 11 Section 1-3 Notes

Chapter 11
What is a computer security risk?
Any event or action that could cause a loss of or
damage to computer hardware, software, data,
information, or processing capability.
Intentional Breach of Computer Security
 Computer Crime (illegal act involving a computer)
 Cybercrime (Online or Internet-based illegal acts)
Hacker – Access a computer illegally
Cracker – Access a computer illegally but has
the intent of destroying
Script Kiddie – Same intent but not have the
technical skills and knowledge
Corporate Spies – Hired to break into a
computer, steal data info, to help indentify
security risks
Unethical employees-want to exploit a
security weakness
Cyberextortionist – Use the email as a vehicle
for extortion
Cyberterriorist - Destroy or damage for
political reason
Both requires a team of highly skilled
individuals, millions of dollars and years of
Internet and Network Attacks
Unauthorized Access and Use
Hardware theft
Software theft
Information theft
System failure
What are Computer Viruses, worms, Trojan
horses and Rootkits?
A program that
copies itself
repeatedly, using
up resources and
possibly shutting
down computer
or network
Trojan Horse
Hides within or
looks likes a
program until
Hides in a
computer and
allows someone
from a remote
location to take
full control
What is Malware?
 Programs that act without a user’s knowledge and
deliberately alters the computer operation.
Unscrupulous programmer write malware
and then test to ensure it can deliver it
payload (destructive event or prank the
program is intended to deliver)
When a user:
 Opens an infected file
 Runs an infected program
 Boots the computer with an infected removable
 Connect to an unprotected computer
Most common way – email attachments
No guarantee methods
Some ways to Prevent Viruses
 Do not start computer with removable disks
 Never open email attachment unless from trusted
 Install an Antivirus program
 Stay informed about new virus and virus hoax
What is an Antivirus program?
•Identifies and removes
computer viruses
•Most also protect against
worms, Trojan horses and
Popular Antivirus Programs
AVG Anti-Virus
avast! Antivirus
CA Anti-Virus
F-Secure Anti-Virus
Kaspersky Anti-Virus
McAfee Virus Scan
Norton AntiVirus
Trend Micro AntiVirus
Vexira Antivirus
What is a virus signature?
Specific pattern of virus code
•Also called virus definition
Antivirus programs look for virus signatures
How does an antivirus program
inoculate a program file?
to detect if
with file
program such
as file s and
creation date
Attempts to
remove any
files that
What are a Botnet, denial of service attack,
back door and spoofing?
A Botnet is a group of comprised computers
connected to a network that are used as part of a
network that attack other networks
A denial of service attack is an assault whose
purpose is to disrupt a computer access to an
Internet data
A back door is a program or set of instruction in a
program that allow users to bypass security
controls when accessing a computer resource
Spoofing is a technique intruders use to make
their network or Internet transmission appear
legitimate to a victim computer or network
 Protects a network’s resources from intrusion by user on
another network
Intrusion Detection Software
 Automatically analyze all network traffic, assess system
vulnerabilities, identifies any unauthorized intrusion, and
notifies network administration of suspicious behavior
 A vulnerable computer that is setup to enticed an intruder
to break into it
What is Unauthorized Access and
Unauthorized Use?
Unauthorized Access – use of a computer in a
network without permission
Unauthorized Use – the use of a computer or
its data for unapproved or possibility illegal
Use Written Acceptable Use Policy (AUP)
Disable file and printer sharing on your
Internet connection
Use Firewalls
Use Intrusion detection software
Identify and authenticate users
Access controls (security measure that
defines who can access a computer)
Maintain an audit trail (records in a file both
successful and unsuccessful access attempt)
Two – Phase Process
 Identification – verifies individual is a valid user
 Authentication – verifies the individual is the
person he/she claims to be
User Names and Passwords
Possessed Objects
Biometrics Devices
What are User Names and Passwords?
 User ID – a unique combination of character that
identifies on specific user
 Password – a private combination of character
associated the user name
Longer passwords provides greater security
CAPTCHA (Completely Automated Public
Turing Test to Tell Computer and Humans
 Display a series of distorted characters
What is a Possessed Object?
 Any items you must carry to gain access to a
computer or a computer facility
▪ Examples: badges, cards, smart cards and keys
 Often used with Personal Identification Number
What is a Biometric Devices?
 Authenticated a person’s identify by translating a
personal characteristics into digital codes
Examples: Fingerprint readers,
hand geometry systems, face
recognition system, voice
verification system, signature
verification system, iris
recognition system and retinal
What is Digital Forensics?
Discovery, collection, and analysis of
evidence found on computers and networks
Involves – examination of computer media,
programs, data and log files
What are hardware theft and hardware
Hardware Theft – act of stealing computer
Vandalism – act of defacing or destroying a
Physical Access Controls
 Locked doors
 Install alarms
 Use cables that lock the equip
 Real time location system
▪ Track and Identify the location of high risk or high value
What is software theft?
Occurs when someone
 Steals software media
 Intentionally erases programs
 Illegally copies a program (piracy)
 Illegally register and/or activates a program
Keep original software box in a secure
Backup files
Protect from software piracy
 License agreement (right to use software)
▪ Don’t own the software
▪ Most common type of license – single-use license
agreement/end-user license agreement (EULA)
Permitted to:
Not Permitted to:
 Install the software on
 Install the software on a
one computer
 Make one copy – Backup
 Give or sell only if the
software is removed
 Gives copies to friends
 Export the software
 Rent or lease the
What are some other safeguards against
software theft?
Business Software Alliance (BSA) promotes better understanding of
software piracy problems
Product activation allows user to input product identification number
online or by telephone and receive unique installation identification number
Occurs when someone steals personal or
confidential information
 Use user identification and authentication
 Use encryption techniques
What is Encryption?
 Process of converting readable data into
unreadable characters to prevent unauthorized
 Encryption Process
▪ Readable data – plaintext
▪ Scramble data – ciphertext
▪ Encryption key – use to encrypt the plaintext
Private Key (symmetric)
 Both the originator and recipient use the same
secret key to encrypt and decrypt data
Public Key (asymmetric)
 Two encryption keys (public and private)
 A message is encrypted with a public key must be
decrypted along with the corresponding private
 Popular encryption program – Pretty Good
Privacy (PGP)
Digital Certificates- notice that guarantees a
user on a web site is legitimate
Transport Layer Security- provides encryption
of all data that pasts between a client and a
Internet server
Secure HTTP – allows users to choose an
encryption scheme for data that passes
between a client and a Internet server
VPN-Virtual Private Network
 Provide the mobile users with a secure connection
to the company network server
What is a system failure?
malfunction of
Can cause loss of
software , or data
Caused by aging
hardware, natural
disaster, or electrical
power disturbances
Undervoltagedrop in
Overvoltage or
power surgesignificant power
increase in electrical
What is a surge protectors?
 Absorb small overvoltage
 Not 100% effective
Uninterruptible Power
 A device that contains surge
protection circuits and more
batteries that can provide
power during a temporary or
permanent loss of power
What is a backup?
Duplicate of file, program, or disk
Full backup
all files in computer
Selective backup
Select which files to
back up
Preserves three copies
of important files
Store in a fireproof and heat proof safe or vault, offsite

similar documents