Computer Concepts - Illustrated Introductory, Seventh Edition

1
Computer Concepts - Illustrated Introductory,
Seventh Edition

• UNIT F
• Data Security

2
Objectives

• Know what can go wrong
• Protect computer systems
• Understand authentication
• Explore security threats and malware
• Avoid security threats and malware

3
Objectives

• Examine network and Internet access security
• Explore Web and email security
• Examine backup procedures
• Talking points Prosecuting computer crime

4
Knowing What Can Go Wrong

• Risk management
• Process of identifying potential threats to
  computer equipment and data
• Implementing plans to avoid as many threats as
  possible
• Developing steps to recover from unavoidable
  disasters
• Risk management objectives
• Reduce downtime
• Maintain good quality service
• Promote business continuity

5
Knowing What Can Go Wrong

• What can go wrong?
• Power outages
• Hardware failures
• Software failures
• Human error
• Computer viruses
• Less common threats include natural disasters,
  acts of war, security breaches, malicious
  hackers, and theft

6
Knowing What Can Go Wrong

• Power failure
• Complete loss of power to computer system
• Even brief power interruption can force computer
  to reboot and lose all data in RAM
• Power spikes, voltage spikes, and power surges
  can destroy circuitry or damage a motherboard

7
Knowing What Can Go Wrong

• Data center - specialized facility designed to
  house and protect computer system or its data
• Includes special features like
• Fireproof construction
• Earthquake-proof foundations
• Sprinkler systems
• Power generators
• Secure doors and windows
• Antistatic floor coverings
• Locations safe from floods, earthquakes, and
  tornadoes

8
Knowing What Can Go Wrong

• Effect of hardware failure depends on which
  component fails
• Software failure can result in lost or inaccurate
  data
• Common human errors include
• Entering inaccurate data
• Failing to follow required procedures

9
Knowing What Can Go Wrong

• Cyberterrorism
• Terrorist acts committed via Internet
• Uses viruses and worms to destroy data and
  corrupt systems
• Power grids and telecommunications
• Disasters that destroy data can and do occur
• Despite risk-prevention measures,
• Floods, earthquakes, fires, etc.

10
Knowing What Can Go Wrong

• Disaster recovery plan
• Step-by-step plan describes methods used to
  secure data against disaster
• Explains how to recover lost data if and when
  disaster occurs

11
Protecting Computer Systems

• Value of stolen computer often determined by data
  contained in system
• Bank account numbers, credit card numbers, PINs
• Can allow thief to wipe out checking or savings
  accounts or use credit card
• Thieves can use stolen data to assume identity

12
Protecting Computer Systems

• Protecting computer from theft
• Use common sense
• Never leave notebook computer unattended or in
  unsecured room
• Anchor your computer to your desk with special
  lock or security plate
• Motion sensor alarms

13
Protecting Computer Systems

• Tracking and recovery software - used to track
  stolen computer as soon as thief connects to
  Internet
• Some tracking software can be configured to
  delete data if computer is stolen
• Passwords can make data difficult to access
• Save and store unique information about your
  computer
• Make, model, serial number

14
Protecting Computer Systems

• Power protection
• UPS (uninterruptible power supply)

15
Protecting Computer Systems

• Surge strip (surge protector, surge suppressor)
• Low-cost alternative to UPS
• Designed to protect electrical devices from power
  surges and voltage spikes

16
Protecting Computer Systems

• Fans help keep computers vented
• Be aware of ventilation around computer
• Should draw air from room and blow it across
  inside components
• Do not put papers, books, or other items on top
  of monitor
• Can heat up quickly

17
Understanding Authentication

• Authentication protocol
• Any method that confirms persons identity when
  using computer system
• Something person carries
• Something person knows
• Some unique physical characteristics
• Biometrics

18
Understanding Authentication

• Two-factor authentication
• Verifies identity using two independent elements
  of confirmation
• More secure than single-factor authentication
• User ID
• Also known as username, login, screen name,
  online nickname, handle
• Typically public and do not offer any level of
  security

19
Understanding Authentication

• Password
• Verifies user ID and guarantees that you are the
  person you claim to be

20
Understanding Authentication

• PIN
• Like passwords, PINs are something user knows
• PIN - short sequence of numbers, can be entered
  using numeric keypad
• Password tends to be longer sequence letters,
  numbers, and special characters
• If password(s) stolen, could become victim of
  identity theft

21
Understanding Authentication

• Brute force attack
• Method for stealing user IDs and passwords
• Uses password-cracking software to steal
  information
• Password manager
• Utility software that generates secure passwords
  and stores them along with user IDs
• Allows for use of unique and secure passwords for
  every one of your online accounts

22
Understanding Authentication

• Restricting access to computer
• Keep it in locked room when not in use
• Password protection and authentication
• User rights
• Rules that limit directories and files each user
  can access

23
Exploring Security Threatsand Malware

• Malware
• Malicious code - one of biggest threats to your
  computer security
• Computer virus
• Set of program instructions
• Attaches itself to file, reproduces itself, and
  spreads to other files on same computer
• Does NOT spread by itself from one computer to
  another
• Spreads when infected files are distributed

24
Exploring Security Threatsand Malware

• Hackers, crackers, black hats, and cybercriminals
  create and unleash malware
• Some malware intended to be prank or mildly
  annoying vandalism
• Some created to distribute political messages or
  disrupt operations at specific companies
• In many cases motivation is money

25
Exploring Security Threatsand Malware

• Viruses can
• Corrupt files
• Destroy data
• Display irritating message
• Disrupt operations
• Deliver payload or trigger event
• Time bombs, logic bombs
• Boot sector virus
• Infects system files computer uses every time it
  turns on

26
Exploring Security Threatsand Malware

• Computer worm
• Self-copying program designed to carry out
  unauthorized activity on victims computer
• Able to spread themselves from one computer to
  another
• Enter through security holes in browsers and OSs
• Usually sent via emails or by victims clicking
  infected pop-up ads or links contained in emails
• Can even infect mobile phones
• Mass-mailing worm spreads by sending itself to
  every address on infected computer

27
Exploring Security Threatsand Malware

• Simulated Worm Attack

28
Exploring Security Threatsand Malware

• Trojan horse
• Computer program seems to perform one function
  while actually doing something else
• Not designed to spread to other computers
• Notorious for stealing passwords using keylogger
• Remote Access Trojan (RAT)
• Backdoor capabilities that allow remote hackers
  to
• Transmit files to victims computer
• Search for data
• Run programs
• Use victims computer as relay station for
  breaking into other computers

29
Exploring Security Threatsand Malware

• Bot
• Software that can automate task or autonomously
  execute task when commanded to do so
• Called intelligent agent
• Because intelligent agent behaves like robot,
  often called bot
• Zombie
• Computer under control of bot
• Botmaster
• Person who controls many bot-infested computers
  and can link them together into network called
  botnet

30
Exploring Security Threatsand Malware

• Spyware
• Program that secretly gathers personal
  information without victims knowledge
• Usually for advertising and commercial purposes
• Can piggyback on seemingly legitimate freeware or
  shareware downloads
• Can also allow spyware into computer by
• Clicking infected pop-up ads
• Surfing through seemingly valid and secure but
  compromised Web sites

31
Exploring Security Threatsand Malware

• Blended threat
• Malware that combines more than one type of
  malicious program
• What does malware do?
• Network traffic jam
• Denial-of-service attacks
• Browser reconfiguration
• Delete and modify files
• Access confidential information
• Disable antivirus and firewall software
• Control your computer
• Performance degradation

32
Avoiding Security Threatsand Malware

• May not even be aware that computer is infected
• Symptoms of infected computer include
• Irritating messages or sounds
• Frequent pop-up ads (often pornographic in
  nature)
• Sudden appearance of new Internet toolbar
• Addition to favorites list

33
Avoiding Security Threatsand Malware

• More symptoms of infected computer
• Prolonged system start-up
• Slower than usual response to clicking or typing
• Browser or application crashes
• Missing files
• Disabled security
• Network activity when not actively browsing or
  sending email
• Frequent rebooting

34
Avoiding Security Threatsand Malware

• Keeping your computer safe
• Install and activate security software
• Keep software patches and operating system
  service packs up to date
• Do not open suspicious email attachments
• Obtain software only from reliable sources
• Use security software to scan for malware
• Do not click pop-up ads
• Avoid unsavory Web sites
• Disable option Hide extensions for known file
  types in Windows

35
Avoiding Security Threatsand Malware

• Security suite
• Integrates several security modules to protect
  against the most common types of malware

36
Avoiding Security Threatsand Malware

• Security suite advantages
• Costs less than buying stand-alone modules
• Learning one interface simpler than learning
  several
• Security suite disadvantages
• Installation requires uninstalling or disabling
  all other antivirus, antispyware, and firewall
  software on your computer
• Suites cannot generally run with other
  stand-alone security products
• Overlapping coverage can cause glitches

37
Avoiding Security Threatsand Malware

• Antivirus software
• Utility software that looks for and removes
  viruses, Trojan horses, worms, and bots
• Included in several suites or as stand-alone
• Available for all types of computer and data
  storage
• Dependable, but not infallible
• Antivirus software searches for virus signature
• Section of program code that can be used to
  identify known malicious program

38
Avoiding Security Threatsand Malware

• Once antivirus software installed
• Set it to start when your computer starts
• Keep running full time in background
• List of virus signatures updated frequently
• Information stored in one or more files called
  virus definitions
• Can be manually or automatically downloaded

39
Avoiding Security Threatsand Malware

• Configure antivirus software to periodically scan
  all files on computer
• If you suspect that computer has been infected
• Immediately use security software to scan
  computer
• If scan finds malware, program can
• Try to remove infection
• Quarantine file
• Delete file

40
Examining Network and InternetAccess Security

• Local area networks (LAN)
• Susceptible to attacks from within network and
  from outside
• Threats to wireless networks
• LANjacking or war driving
• War chalking

41
Examining Network and InternetAccess Security

• Securing wireless network
• Wireless encryption
• WEP, WPA, WPA2
• Wireless network key (network security key)
• Basis for scrambling and unscrambling data
  transmitted between wireless devices
• Similar to password, only longer

42
Examining Network and InternetAccess Security

• Many wireless networks are not encrypted and are
  open to public
• Others are for public use but are encrypted and
  require network key

43
Examining Network and InternetAccess Security

• Encryption transforms message so contents are
  hidden from unauthorized readers
• Prevents intrusions
• Secures credit card numbers and other personal
  information transferred while using e-commerce
  sites
• Secures computer archives

44
Examining Network and InternetAccess Security

• Firewall
• Software or hardware designed to filter out
  suspicious packets attempting to enter or leave a
  computer

45
Exploring Web and Email Security

• Cookie
• Message containing information about user sent
  from Web server to browser
• Stored on users hard drive
• Marketers, hackers, and pranksters have found
  harmful uses for cookies
• Ad-serving cookie
• Allows third party to track activities at any
  site containing their banner ads
• Privacy issues have developed

46
Exploring Web and Email Security

• Browser may have setting that blocks all
  third-party cookies to prevent ad-serving cookies
• Some companies may allow opting out of allowing
  cookies to be stored on computer

47
Exploring Web and Email Security

• Flash cookie (local shared object)
• Flash equivalent of conventional cookie
• Marketers turning to Flash cookies as
  alternative way to track customers
• Web bug (clear GIF)
• Typically 1X1 pixel graphic embedded in Web page
  or email
• Almost invisible
• Designed to track whos reading page or message
• Can generate third-party ad-serving cookies

48
Exploring Web and Email Security

• Antispyware
• Security software designed to identify and
  neutralize Web bugs, ad-serving cookies, and
  spyware

49
Exploring Web and Email Security

• Spam
• Unwanted electronic junk mail that arrives in
  online mailbox
• Blocking spam
• Email authentication techniques
• Sender ID, Domain Keys
• Spam filter
• Utility that captures unsolicited email before it
  reaches inbox

50
Exploring Web and Email Security

• Fake Web site
• Looks legitimate, created by third party to be
  clever replication of real site
• Used to collect credit card numbers from unwary
  shoppers
• Always review URL in Address box to ensure site
  is authentic before entering sensitive information

51
Exploring Web and Email Security

• Using Internet anonymously
• Anonymous proxy service
• Uses go-between (proxy) server to relay Web
  requests after masking originating IP address
• Tend to operate more slowly than regular browser
• Sometimes blocked due to use in spam and flooding
  sites with traffic
• Can still be compromised by third parties or
  monitored under court order

52
Examining Backup Procedures

• Need backup plan that will help recover lost data
  in event of loss
• Backup - copy of one or more files in case
  original(s) are damaged
• Full backup (full-system backup)
• Contains copy of every program, data, and system
  file on computer
• Choosing backup device depends on value of data,
  current equipment, and budget

53
Examining Backup Procedures

• Most computer owners use backup devices they
  already have
• Writable CD, DVD, solid state storage card, tape,
  Zip disk, USB flash drive
• Some consumers purchaseexternal hard drive
• Easily connected, disconnected,and stored
• Remote storage options also available

54
Examining Backup Procedures

• Full backup takes a lot of time
• Alternative is to back up most important files
• Make sure computer-based documents are protected
• If system fails, have to manually restore all
  software and data files
• Also consider backing up
• Windows Registry
• Connection information
• Email folders and address book
• Favorite URLs
• Purchased downloaded files

55
Examining Backup Procedures

• Restore data from backup to original storage
  medium or its replacement
• Process depends on backup equipment, software,
  and exactly what is needed to restore

56
Examining Backup Procedures

• Before backing up to local area network server
• Check with network administrator to make sure
  storing large amounts of data is allowed
• Make sure LAN server is backed up regularly
• Several Web sites offer fee-based backup storage
  space
• Dont relay on this option as only method of
  backup

57
Examining Backup Procedures

• Backup software
• Utility programs designed to back up and restore
  files
• Restore point
• Contains computer settings
• If problems occur, might be able to roll back to
  restore point
• Boot disk
• Removable storage medium containing OS files
  needed to boot computer without accessing hard
  drive

58
Examining Backup Procedures

• Recovery CD (recovery disk)
• Bootable CD, DVD, or other media
• Contains complete copy of computers hard drive
  as it existed when shipped from manufacturer
• Returns computer to default state, does not
  restore data, software you installed, or
  configuration settings

59
Examining Backup Procedures
Steps to Create Backup Plan
60
Talking PointsProsecuting Computer Crime

• Computer crimes costly to businesses and
  individuals cover wide variety of activities

61
Talking PointsProsecuting Computer Crime

• Traditional laws do not cover range of
  possibilities for computer crime
• Authorities must not only capture computer
  criminals, but decide how law can be used to
  prosecute them
• Questions concerning harshness of penalties have
  been raised
• Some argue against many computer crimes being
  considered crimes