computing security
DESCRIPTION
Information about security in our computing devices and software, some tips to prevent some kind of dangers, the methods used to be aware with malwares, the things that can damage our programs and their types.TRANSCRIPT
CCCOOOMMMPPPUUUTTTIIINNNGGG SSSEEECCCUUURRRIIITTTYYY
School year
2013/2014
CCaarrmmeenn BBuueennoo IIgglleessiiaass 44IINNFF ((44ººBB)) COMPUTING WITH ELENA CEDENILLA
MAY 2014
IES JUANELO TURRIANO
Computing Security Carmen Bueno Iglesias, 4INF (4ºB)
Page 1 .
IES Juanelo Turriano, 2013-2014
Index
Definition .............................................................................................................................. 2
Human security ............................................................................................................... 2
Physical security ............................................................................................................. 2
Logical security ............................................................................................................... 2
Malicious programs ............................................................................................................ 2
Malware which infect, spread themselves and destroy: ........................................... 3
Viruses ......................................................................................................................... 3
Worms .......................................................................................................................... 3
Trojan Horses .............................................................................................................. 3
Backdoors .................................................................................................................... 3
Malware which embed themselves and act upon the data they research about
the user: ................................................................................................................................... 3
Adware ......................................................................................................................... 3
Spyware ....................................................................................................................... 4
Malware which give full access of your machine to the attacker to do what they
want: ......................................................................................................................................... 4
Rootkits ........................................................................................................................ 4
Anti-Malware ....................................................................................................................... 4
Antivirus ........................................................................................................................... 5
Antispyware ..................................................................................................................... 5
Firewalls ........................................................................................................................... 5
Proxy servers .................................................................................................................. 5
Dangers of the Internet ...................................................................................................... 5
Phishing ....................................................................................................................... 5
Sure navigation ............................................................................................................... 5
HTTPS protocol .......................................................................................................... 6
Digital certificate ......................................................................................................... 6
Dangers with the Wi-Fi access ......................................................................................... 6
Accessing fake Wi-Fi’s ................................................................................................... 6
Leaving your Wi-Fi connexion neglected .................................................................... 7
Communication through the Internet ............................................................................... 7
Bibliography ......................................................................................................................... 8
Computing Security Carmen Bueno Iglesias, 4INF (4ºB)
Page 2 .
IES Juanelo Turriano, 2013-2014
Definition Cyber-security is an area in computing that focuses on protecting anything related with computing devices, software, information and the Internet through standards, protocols, methods, rules, tools and laws. There are different types of computing security:
Human security: It’s the personal use of each person, the responsibility of
using and storing the devices and the data we have safely.
Active security: The use of different passwords, digital signatures and certificates,
encryption, hard disks…
Passive security: It avoids damages in case of error or harm of the active security,
like security copies, external saving hardware…
Physical security: It’s the set of methods used to control physical access to a
computing element, to avoid someone to access our devices or an incident to break them. For example, in the CPU, wires, equipment… which we have to take care of.
Logical security: It protects software, applications, data… from being stolen or
lost, by manipulating and controlling information and its access, such as passwords, antimalware…
Malicious programs Malware is any software that controls some parts of your computer to do whatever its creator wants. The damage they do can vary from something slight (as changing the some data not very important) to full control of your machine without you to easily find out. Most malware requires the user to initiate its operation. Some vectors of attack (the way the malware gets into a computer or programme) are:
Attachments in e-mails
Browsing a malicious website that installs software after the user clicks ok on a pop-up
Vulnerabilities in the operating system or programs Malware is not limited to one operating system.
Computing Security Carmen Bueno Iglesias, 4INF (4ºB)
Page 3 .
IES Juanelo Turriano, 2013-2014
Malware which infect, spread themselves and destroy:
Viruses They are computer software that can replicate themselves and infect a computer without the informed consent or knowledge of the computer user. Certain malware, adware and spyware have been incorrectly termed as a “virus” because they lack the ability to copy themselves. A real virus spreads from one system to another through an executable code when its host is transferred to a target computer; such as being sent over a network or the Internet, email or transported via removable media such as a CD, DVD or USB drive. Infected files residing in a network file system or any instance where a computer can be accessed by another one increases the chances of spreading a virus infection. The increasing number of computers being connected to local area networks and the Internet is creating an environment for computer viruses to spread. Increased use of email and instant messaging are additional ways computer viruses spread.
Worms They’re self-replicating computer programs that send copies of themselves within a computer network and they can do so without any involvement by the user. A worm doesn’t need to attach itself to an existing program in order to spread. Worms typically cause some harm to the network, most notably by consuming bandwidth.
Trojan Horses
They appear to have a normal function but they conceal malicious functions that it performs without authorized access to the host system. A Trojan can allow the ability to save their files on the user's computer or monitor the user's screen and control his computer. A Trojan can be easily and unknowingly downloaded by the computer user. One example might be a computer game, when executed by the computer user, allows a hacker to control the user's computer. In this case the computer game is a Trojan.
Backdoors They’re means of circumventing regular authentication, securing remote computer access, accessing plaintext, etc., while remaining to be undetected. A backdoor may appear to be an installed program or a modification to a program or hardware device that's already installed.
Malware which embed themselves and act upon the data they research about the user:
Adware They’re any type of advertising-supported software that will play, display, or download advertisements automatically on a user's computer once the software has been installed on it or while the application is in use. Some adware can also be spyware due to its privacy-invasive characteristics.
Computing Security Carmen Bueno Iglesias, 4INF (4ºB)
Page 4 .
IES Juanelo Turriano, 2013-2014
Spyware They’re installed on a user's computer without the user's express consent with the purpose of collecting information about him, his computer or browsing habits. They’re capable of secretly monitoring the user's behaviour, collect personal information (including web surfing habits and websites visited). Spyware can also impede the user's control of his computer by installing additional software, and redirecting web browser activity. Spyware is known to cause other interference by changing computer settings that slow connection speeds, load different home pages, and lose Internet connectivity or program functionality.
Malware which give full access of your machine to the attacker to do what they want:
Rootkits They contain one or more programs designed to show no indication that a system has been compromised. A rootkit is used to replace essential system executables, which can then conceal processes and files installed by the attacker as well as rootkit itself. Its intention is to control the operating system. They reach the system through by evading standard operating system security mechanisms. Rootkits can also be Trojans, tricking the user into thinking they can be safely run on their systems. This can be achieved by concealing running processes from monitoring programs, or hiding files or system data from the operating system. Originally, rootkits may have been normal applications, designed to take control of a faulty or unresponsive system, but more recently have been produced as malware allowing attackers to gain access to systems undetected. Rootkits often install themselves.
Anti-Malware Antimalware are software programmes designed to prevent, detect and remediate malware on computing devices or systems. They can protect from malware in two ways:
Providing real-time protection against malware installation in the device by scanning data from the network and blocking any threat.
Detecting and removing existing malware in the device through scanning the registry, the operative system, the memory and any software: Then they show the threats found and let choose which of them to remove. This one is easier and more popular.
You can find an anti-malware for each kind of malware, and it will fight against them depending on the type of malware (Antivirus, antispyware, antitrojan, antirootkit…). The two of them more used or known are:
Computing Security Carmen Bueno Iglesias, 4INF (4ºB)
Page 5 .
IES Juanelo Turriano, 2013-2014
Antivirus: They are designed to detect and remove malware by:
Comparing and searching the code pattern which coincide with the one in a library of known virus patterns.
Detecting hostile behaviour-based programs; it recognizes sets of suspicious behaviours so it studies the programmes which can act like that because of their code.
Antispyware: It’s a specific program to detect spywares, like it could be an
antitrojan to detect only Trojans or an antiworm to detect worms, but this one is the best known. Nowadays this kind of protection software are complementary to antivirus, which tries to protect to any kind of malware, but an antispyware will be more effective to do this only task.
Another kind of protection programs which prevent from malware instead of removing them are:
Firewalls: They control and filter net connexions from a device or a set of devices.
It prevents from threats and external intrusion, like a protection barrier between the protected and the outside world, controlling access, filtering communications, registering events and generating alarms.
Proxy servers: They are go-betweens from the clients to their destinies. When
the client wants some information it connects the proxy server instead of the destiny server, and it connects with the destiny server as if it was the client, and when it has the information it sends it to the client.
In a local network it serves every devices, letting only internal communications with the proxy server, which is the only one which has access to external networks’ data.
Dangers of the Internet There are many dangers on the internet, like getting viruses, being spammed, being cheated, confusing data or information, getting inadequate information, becoming addict, being tempted to do illegal or improper things (like gambling)...
Phishing: It’s a very common danger related with identity theft; it is a crime in which
someone, through chats, social networks, posts, false mails asking for data, and anywhere they can, collects information to “steal” someone’s identity and use it to commit another crime or use it against someone.
Sure navigation
When we surf the Internet we have to be careful about what we do, but to help us there are some resources like:
Computing Security Carmen Bueno Iglesias, 4INF (4ºB)
Page 6 .
IES Juanelo Turriano, 2013-2014
HTTPS protocol: This is a security version from http network used
to make sure the information which is introduced in the webpages which have this protocol won’t leave that page and anybody won’t be able to catch it. It’s used, for example, for bank accounts, in-line shops, private services, password accesses… When you access to them, client and server’s browsers make an encrypted communication. Browsers usually show this service with a padlock.
Digital certificate: This is a document shown or asked for in some secure pages or
documents through which a certification authority guarantee the entailment between a subject or entity’s identity data, and a public key. Some examples of elements used as digital certificate are the electronic Identity Document or the digital signature.
But we also have to be careful with our own data:
Don’t give any personal data unless you really trust the place.
You shouldn’t keep your passwords in your computing device.
Don’t allow programmes or webpages to remember your passwords.
Make secure passwords with at least eight digits and mixing numbers and letters and, if possible, capital letters with small letters.
Don’t use personal or evident data in your passwords.
Protect your privacy checking the pages record, cookies or downloaded documents.
Don’t open suspicious mail.
Don’t click advertisements.
Don’t accept suspicious request and don’t answer to people or programmes you don’t know.
Dangers with the Wi-Fi access
Accessing fake Wi-Fi’s Some free Wi-Fi’s in public places are sometimes fakes created by someone to catch your information, and depending on the information you have compiled in your Internet connexion, the hacker can access your accounts, watch and use your media files, supplant your identity... So connecting completely opened or suspicious Wi-Fi’s can be very dangerous. Anyway, when you connect to a free Wi-Fi:
You shouldn’t access somewhere important or with private data
You mustn’t show any password
You shouldn’t access your mail account or send any mail
Try not to have any account opened when you access the Internet
Avoid sending or receiving any personal or private data
Be careful with what you search or what you do surfing the Internet
Computing Security Carmen Bueno Iglesias, 4INF (4ºB)
Page 7 .
IES Juanelo Turriano, 2013-2014
Leaving your Wi-Fi connexion neglected Some people can catch your Wi-Fi password to simply use the Internet, but they can also use it to commit a crime or access your information to harm you. In our routers we usually have WEP (Wired Equivalent Privacy) encryption codes, which are weak and easily decoded, and worse if we don't change the default codes. If you want to be safer, at least you should have WPA (Wi-Fi Protected Wireless), whose algorithm is stronger. But the safer and difficultly decoded encryption protocols are WPA2, with Advanced Encryption Standard. To make your connection safer, you should change the name and the password and hide any weak point.
Communication through the Internet
When you communicate through forums, blogs, chats or social networks you have to follow some rules, for example:
Be respectful and don’t make to the others what you don’t want them to make to you.
Behave on the Internet as on the real life; don’t do or say what you wouldn’t face-to-face.
Rules are different depending on where you are; be thoughtful and be diplomatic if you have to.
Respect the others’ time and don’t make them waste it if it’s not necessary.
Show your good side; write correctly and simply.
Share useful and relevant information, white about what you know and not foolishness.
Help to keep control in difficult situations.
Respect the others’ privacy and intimacy but also yours.
Don’t take advantage of any situation and don’t advantage anybody because you know something else.
Excuse errors and take delicate conversations in private and kindly.
Computing Security Carmen Bueno Iglesias, 4INF (4ºB)
Page 8 .
IES Juanelo Turriano, 2013-2014
Bibliography http://es.wikipedia.org/wiki/Seguridad_inform%C3%A1tica file:///F:/Inform%C3%A1tica/seguridad%20inform%C3%A1tica.pdf http://compunoticias.com/2011/12/30/seguridad-informatica-vol-1-conceptos-basicos-y-definiciones-tipos-de-seguridad/ http://www.seas.ucla.edu/security/malware.html http://files-recovery.blogspot.com.es/2011/04/27-malware-types-and-their.html http://es.wikipedia.org/wiki/Malware http://carmenscomputingblog.blogspot.com.es/ http://juanjbano.blogspot.com.es/2013/09/reglas-basicas-de-comportamiento-y.html