Today I will post about the things that I learn yesterday..which are Computer Security Risks and Security Measure.
Computer Security Risks
Definition of computer security risk:
Any event or action
that could cause a loss of or damage to computer hardware, software, data, information or processing
capability.
•Other intruders indicate some evidence of
their presence either by leaving a message or by deliberately altering or
damaging data.
•Any illegal act involving a
computer generally is referred to as a computer crime.
•Cybercrime refers to online or
Internet-based illegal acts.
•Software
used by cybercriminals sometimes is called crimeware.
Types of computer risks
Malicious Code (Virus, Worm, Trojan horse)
Unauthorized Access & Use
Hardware theft
Software theft
Information theft
System failure
MALICIOUS CODE
•Malicious
code is code causing damage to a computer or system. It is code not easily or solely controlled
through the use of anti-virus tools.
•Malicious
code can
either activate itself or be like a virus requiring user to perform an action, such as clicking on something or opening an
email attachment.
Computer Virus
Worm
Trojan horse
•
Attached itself to a program or file which
cannot spread without human action.
•
Worm is similar to virus but spreads without
human action.
•
Similar to virus and worm but it does not
spread or reproduce.
UNAUTHORIZED ACCESS & USE
• To help prevent unauthorized access and use,
they should have a written acceptable use policy (AUP) that outlines the
computer activities for which the computer and network may and may not be
used.
• An access control is a security
measure that defines who can access a computer, when they can access it, and
what actions they can take while accessing the computer.
• Many systems implement access controls using a
two-phase process called identification and authentication.
Identification verifies that an individual
is a valid user.
HARDWARE THEFT
• Hardware theft is the act of stealing
computer equipment.
• Hardware vandalism is the act of
defacing or destroying computer equipment.
• Companies, schools, and other organizations that
house many computers, however, are at risk of hardware theft.
• Safeguards against Hardware Theft and
Vandalism:
q physical
access controls, such as locked doors and windows
q install
alarm systems in their buildings
physical security devices such as cables that lock the
equipment to a desk
SOFTWARE THEFT
•Software theft occurs
when someone:
qSteals software media
qIntentionally erases
programs
qIllegally copies a program
qIllegally registers and/or
activates a program.
•Steals software media involves a perpetrator
physically stealing the media that contain the software or the hardware that
contains the media.
•Intentionally erases programs can occur when a
programmer is terminated from, or stops working for a company.
•Although the programs are company property,
some dishonest programmers intentionally remove or disable the programs they have written from company
computers.
INFORMATION THEFT
. Information theft occurs when someone
steals personal or confidential information.
• If stolen, the loss of information can cause as
much damage as (if not more than) hardware or software theft.
• An unethical company executive may steal
or buy stolen information to learn about a competitor.
• A corrupt individual may steal credit card
numbers to make fraudulent purchases.
SYSTEM FAILURE
• A system failure is the prolonged malfunction of a computer
• Can cause loss of hardware, software, data, or information.
• These include aging hardware; natural disasters such as fires, floods, or hurricanes; random events such as electrical power problems; and even errors in computer programs.
SECURITY MEASURES
Definition of security measures:
The precautionary measures taken toward possible danger
or damage.
SECURITY MEASURES
~Data backup
~Cryptopgraphy
~Anti-virus
~Anti-spyware
~Firewall
~Physical access control
~Human aspects : awareness
1.DATA BACKUP
•A data backup is the result of copying or archiving files and folders for the
purpose of
•Data loss can be caused by many
things ranging from computer viruses, hardware
•If you are responsible for business
data, a loss may involve critical financial,
customer,
•If the data is on a personal computer, you could lose financial data and other key files
2.ANTI-VIRUS
•Anti-virus software is a program or set of
programs that are designed to prevent, search for,
•If and when a virus is detected, the computer
displays a warning asking what action should be done, often giving the options to remove, ignore, or move the file to the
vault.
•If a virus
infected a computer without an
antivirus program, it may delete
files, prevent access to files, send spam, spy on you, or perform other
malicious actions.
•Examples: Norton
anti-virus, AVG anti-virus, Kaspersky anti-virus
3.ANTI-SPYWARE
•Spyware is a type
of malware that is installed on a computer without the user's knowledge
•Once installed, spyware can degrades system performance by taking up processing
power, installing additional software, or redirecting users' browser activity.
•Spyware can also gather information about email addresses and even passwords and
•Example:spyware
blader, spyware sleeper
4.FIREWALL
•A firewall is a system designed to prevent unauthorized access to or
from a private network.
•A firewall
can be implement either through hardware or software form, or a
combination
of both.
•Rules will
decide who can connect to the internet, what kind of connections can be
5.CRYPTHOGRAPHY
How…
To read
the data, you must decrypt it into readable form.
6.PHYSICAL
ACCESS CONTROL
•Lock your
laptop whether you're at home, in a dorm, in an office, or sitting in a
coffee
7. HUMAN
ASPECTS: AWARENESS
•Ethics
- Be a good cyber citizen
Do not
use someone else's password or other identifying information.
•Lock it
when you leave
Set up
a screen-saver that will lock your in.computer after a pre-set amount
of
Definition of computer security risk:
Any event or action
that could cause a loss of or damage to computer hardware, software, data, information or processing
capability.
•Other intruders indicate some evidence of
their presence either by leaving a message or by deliberately altering or
damaging data.
•Any illegal act involving a
computer generally is referred to as a computer crime.
•Cybercrime refers to online or
Internet-based illegal acts.
•Software
used by cybercriminals sometimes is called crimeware.
Types of computer risks
Malicious Code (Virus, Worm, Trojan horse)
Unauthorized Access & Use
Hardware theft
Software theft
Information theft
System failure
MALICIOUS CODE
•Malicious
code is code causing damage to a computer or system. It is code not easily or solely controlled
through the use of anti-virus tools.
•Malicious
code can
either activate itself or be like a virus requiring user to perform an action, such as clicking on something or opening an
email attachment.
Computer Virus
|
Worm
|
Trojan horse
|
•
Attached itself to a program or file which
cannot spread without human action.
•
When we run or open a file in which virus
is present then it starts effecting and starts spreading
|
•
Worm is similar to virus but spreads without
human action.
•
It gets multiplied or copied itself into
hundred or thousands in number
•
Spread itself into other computers through
mail or address box
|
•
Similar to virus and worm but it does not
spread or reproduce.
•
It looks similar to a software but will
actually damage once installed or run it.
•
Can cause severe damage such as deleting files
|
UNAUTHORIZED ACCESS & USE
• To help prevent unauthorized access and use,
they should have a written acceptable use policy (AUP) that outlines the
computer activities for which the computer and network may and may not be
used.
• An access control is a security
measure that defines who can access a computer, when they can access it, and
what actions they can take while accessing the computer.
• Many systems implement access controls using a
two-phase process called identification and authentication.
Identification verifies that an individual
is a valid user.
HARDWARE THEFT
• Hardware theft is the act of stealing
computer equipment.
• Hardware vandalism is the act of
defacing or destroying computer equipment.
• Companies, schools, and other organizations that
house many computers, however, are at risk of hardware theft.
• Safeguards against Hardware Theft and
Vandalism:
q physical
access controls, such as locked doors and windows
q install
alarm systems in their buildings
physical security devices such as cables that lock the
equipment to a desk
SOFTWARE THEFT
•Software theft occurs
when someone:
qSteals software media
qIntentionally erases
programs
qIllegally copies a program
qIllegally registers and/or
activates a program.
•Steals software media involves a perpetrator
physically stealing the media that contain the software or the hardware that
contains the media.
•Intentionally erases programs can occur when a
programmer is terminated from, or stops working for a company.
•Although the programs are company property,
some dishonest programmers intentionally remove or disable the programs they have written from company
computers.
INFORMATION THEFT
. Information theft occurs when someone
steals personal or confidential information.
• If stolen, the loss of information can cause as
much damage as (if not more than) hardware or software theft.
• An unethical company executive may steal
or buy stolen information to learn about a competitor.
• A corrupt individual may steal credit card
numbers to make fraudulent purchases.
SYSTEM FAILURE
• A system failure is the prolonged malfunction of a computer
• Can cause loss of hardware, software, data, or information.
• These include aging hardware; natural disasters such as fires, floods, or hurricanes; random events such as electrical power problems; and even errors in computer programs.
SECURITY MEASURES
Definition of security measures:
The precautionary measures taken toward possible danger
or damage.
SECURITY MEASURES
~Data backup
~Cryptopgraphy
~Anti-virus
~Anti-spyware
~Firewall
~Physical access control
~Human aspects : awareness
1.DATA BACKUP
•A data backup is the result of copying or archiving files and folders for the
purpose of
being
able to restore them in case of data loss.
•Data loss can be caused by many
things ranging from computer viruses, hardware
failures,
file corruption, system failure or theft.
•If you are responsible for business
data, a loss may involve critical financial,
customer,
and
company data.
•If the data is on a personal computer, you could lose financial data and other key files
pictures,
music and others that would be hard to replace.
2.ANTI-VIRUS
•Anti-virus software is a program or set of
programs that are designed to prevent, search for,
detect
and remove software viruses and
other malicious software like worms, Trojan
horses,
adware and more.
•If and when a virus is detected, the computer
displays a warning asking what action should be done, often giving the options to remove, ignore, or move the file to the
vault.
•If a virus
infected a computer without an
antivirus program, it may delete
files, prevent access to files, send spam, spy on you, or perform other
malicious actions.
•Examples: Norton
anti-virus, AVG anti-virus, Kaspersky anti-virus
3.ANTI-SPYWARE
•Spyware is a type
of malware that is installed on a computer without the user's knowledge
in order to collect
information about them.
•Once installed, spyware can degrades system performance by taking up processing
power, installing additional software, or redirecting users' browser activity.
•It also can monitors user activity on the Internet and
transmits that information in the
background
to someone else.
•Spyware can also gather information about email addresses and even passwords and
credit
•Example:spyware
blader, spyware sleeper
4.FIREWALL
•A firewall is a system designed to prevent unauthorized access to or
from a private network.
•A firewall
can be implement either through hardware or software form, or a
combination
of both.
•Firewalls prevent
unauthorized Internet users from accessing private networks
connected
to the Internet, especially intranets.
•
•All
messages entering or leaving the intranet (i.e., the local network to
which you are
connected)
must pass through the firewall, which examines each message and blocks
those
that do not meet the specified rules/security criteria.
•Rules will
decide who can connect to the internet, what kind of connections can be
made,
which or what kind of files can be transmitted in out.
5.CRYPTHOGRAPHY
How…
To read
the data, you must decrypt it into readable form.
The unencrypted data
is called plain text.
The encrypted data
is called cipher text.
To encrypt,
plain text converted into cipher text using an encryption key.
Importance…
The
process of proving one's identity.
Ensuring
that no one can read the message except the intended receiver.
Assuring
the receiver that the received message has not been altered in anyway from
the
original.
A
mechanism to prove that the sender really sent this message.
6.PHYSICAL
ACCESS CONTROL
•Lock your
laptop whether you're at home, in a dorm, in an office, or sitting in a
coffee
shop,
use a security device, such as a laptop security cable.
•Lock
doors and windows, usually adequate to protect the equipment.
•Put
the access code at the door to enter the computer room or your
office.
•Put
the CCTV (closed-circuit television) in your office or computer room.
•Make
a policies who can access the computer room or your data center.
7. HUMAN
ASPECTS: AWARENESS
•Ethics
- Be a good cyber citizen
Do not
engage in inappropriate conduct, such as cyber bullying, cyber
stalking
or rude and offensive behavior.
Do not
use someone else's password or other identifying information.
•Lock it
when you leave
It
takes only a few seconds to secure your computer and help protect it from
unauthorized
access. Lock down your computer every time you leave your
desk.
Set up
a screen-saver that will lock your in.computer after a pre-set amount
of
time and
require a password to log back
No comments:
Post a Comment