threats and security tips of computer system
DESCRIPTION
Threats and Security Tips of Computer SystemTRANSCRIPT
1
Threats and Security Tips of Computer System
Lecture 8
CIT 3303 2
Information technology can be disabled by a number of occurrences. It may be harmed by people, procedural, and software errors; by electromechanical problems; and by “dirty data”. It may be threatened by natural hazards and terrorism.
Computer may be harmed by viruses. Computers can also be used as instruments of crime. Criminals may be employee, outside users, hackers, crackers, and professional criminals.
Threats to computers and communications systemsThreats to computers and communications systems
CIT 3303 3
Threats to computers and communications systemsThreats to computers and communications systems
Here we discuss the following threats to computers and communications systems:
Errors and accidents Natural hazards Crimes against information technology Crimes using information technology Computer Viruses
CIT 3303 4
Errors and Accidents Errors and Accidents
Errors and accidents in computer systems may be classified as -
People errors Procedural errors Software errors Electromechanical problems “Dirty data” problems
CIT 3303 5
People errorsPeople errors
One of the most important part of a computer system is the people who manage it or run it.
Quite often, what may seem to be “the computer’s fault” is human indifference or bad management.
So, errors may be occurs by people during data entry and computer operate.
CIT 3303 6
Procedural errorsProcedural errors
We know that procedures are descriptions of how things are done, steps for accomplishing a result.
Some remarkable computer failures have occurred because someone didn’t follow procedures.
CIT 3303 7
Software errorsSoftware errors
We are hearing about “software bugs”. A software bug is an error in a program that causes it to malfunction.
Especially with complex software, there are always bugs, even after the system has been thoroughly tested and “debugged”.
CIT 3303 8
Electromechanical problemsElectromechanical problems
Mechanical systems, such as printers, and electrical systems, such as circuit boards, don’t always work. They may be faultily constructed, get dirty or overheated, or become damaged in some other way.
Power failures can shut a system down and burn out equipment.
CIT 3303 9
““Dirty data” problemsDirty data” problems
When keyboarding a research paper, you undoubtedly make a few typing errors.
A lot of problems are caused by this kind of “dirty data”.
“Dirty data” is data that is incomplete, outdated, or otherwise inaccurate.
CIT 3303 10
Natural HazardsNatural Hazards
Whatever is harmful to property (and people) is harmful to computers and communications systems. This certainly includes natural disasters: fires, floods, earthquakes, tornadoes, cyclones, hurricanes, and the like.
Natural hazards can disable all the electronic systems. Without power and communications connections, automatic teller machines (ATM), credit card verifiers, and bank computers are useless.
CIT 3303 11
Crimes against information technologyCrimes against information technology
Crime against information technology include –
Theft of hardware Theft of software Theft of time and services Theft of information
CIT 3303 12
Crimes using information technologyCrimes using information technology
Just a car can be used to assist in a crime, so can a computer and communication system.
Criminals use inexpensive microcomputers with sophisticated graphics capabilities for illegal purposes.
CIT 3303 13
VirusesViruses
Computer viruses are programs that causes systems to behave in unexpected and undesirable ways.
Virus can copy itself and damage files. Spread through floppy disks, Internet downloads or as e-mail.
Viruses may take several forms. The two principal ones are boot sector virus and file viruses.
CIT 3303 14
Computer CriminalsComputer Criminals
What kind of people are responsible for most of the information technology crime?
Over 80% may be employees, and rest are outside users, hackers and crackers, and professional criminals.
CIT 3303 15
Computer Criminals (cont…)Computer Criminals (cont…)
Employees: Employees are the ones with the skill, the knowledge, and the access to do bad things. Dishonest employees create a far greater problems than most people realize.
The increasing use of laptops, away from the eyes of supervisors, concerns some security experts. They worry that dishonest employees or outsiders can more easily intercept communications or steal company trade secrets.
CIT 3303 16
Computer Criminals (cont…)Computer Criminals (cont…)
Outside users: Suppliers and clients may also gain access to a company’s information technology and use it to commit crimes.
CIT 3303 17
Hacker An individual who has the knowledge to
illegally break into a computer system or facility, although he or she does not cause any harm to the system or the organization.
Cracker A computer thief who breaks into a system
with the intent of stealing passwords, files, and programs, either for fun or for profit.
Computer Criminals (cont…)Computer Criminals (cont…)
CIT 3303 18
Professional criminals: Member of organized crime rings don’t just steal
information technology. They also use it the way that legal businesses do – as a business tool, but for illegal purposes.
For example, databases can be used to keep track of illegal gambling debts and stolen goods. Drug dealers have user pagers as a link to customers. Microcomputers, scanners, and printers can be used for forge checks, immigration papers, passports, and driving licenses. Telecommunications can be used to transfer funds illegally.
Computer Criminals (cont…)Computer Criminals (cont…)
CIT 3303 19
Computer SecurityComputer Security
Computer security includes the policies, procedures, tools and techniques designed to protect a company’s computer assets from accidental, intentional, or natural disasters. It covers all components of a company’s computing environment: hardware, software, networks, physical facilities, data and information, and personnel.
CIT 3303 20
Computer Security (cont…)Computer Security (cont…)
We consider the following components of security:
Identification and access Password SecurityPassword Security Personal firewallPersonal firewall Anti-virus software and UpdatesAnti-virus software and Updates Be aware of how viruses spreadBe aware of how viruses spread Avoid installing bad applicationsAvoid installing bad applications Configure your systemConfigure your system Backup your dataBackup your data Credit card security Credit card security Terminal connections Terminal connections Access Controls and EncryptionAccess Controls and Encryption
CIT 3303 21
Identification and accessIdentification and access
There are three ways a computer system can verify that you have legal right of access. Some security systems use a mix of these techniques. The systems try to authenticate your identity by determining –
1. what you have – cards, keys, signatures, badges.2. what you know – PINs, passwords, digital
signatures.3. who you are –fingerprint id, voice id, retinal id, lip
prints.
CIT 3303 22
Password SecurityPassword Security
A password is a special word, code, or symbol that is required to access a computer system.
Choose Strong Passwords. Never use your name or the name of a loved one, or even a word in the dictionary.
Use a mix of alphanumeric characters, but make it easy to remember.
CIT 3303 23
Personal firewall Personal firewall
If you are not behind a corporate firewall, purchase and install a personal firewall on your computer. This will help protect your system from many weaknesses that some worms will try to use.
CIT 3303 24
Anti-virus software and Updates Anti-virus software and Updates
Use anti-virus software with regular updates.
Perform system updates regularly.
CIT 3303 25
Be aware of how viruses spreadBe aware of how viruses spread
Be aware of how viruses spread and don't open attachments unless you are SURE they are genuine. Call the sender if necessary to be sure they sent the email. Be sure your system settings are set so you can recognize potential virus files that may have multiple extensions such as filename.txt.exe. If the extension ends in .exe, .com, or .bat don't double click on it or run it unless you are SURE it is from a valid source.
CIT 3303 26
Avoid installing bad applications Avoid installing bad applications
Some computer programs may come with spyware. Avoiding these can be important in both securing your system and keeping your system performance from being degraded.
A personal firewall is one defense against this happening because it will normally notify you when a program accesses the internet.
CIT 3303 27
Configure your system Configure your system
Configure your system so you will see all file extensions as described on the page called "Windows File View Settings".
CIT 3303 28
Backup your data Backup your data
Make frequent backups of vital data and store it in a different physical location from the computer.
CIT 3303 29
Credit card security Credit card security
Don’t send your credit card number “in the clear” (that is, without encryption) over the Internet.
CIT 3303 30
Terminal connections Terminal connections
Don’t leave modem lines or Internet connections open when you are not using them. Turn off your computer when you leave it.
CIT 3303 31
Access Controls and Encryption Access Controls and Encryption
Using a PC security package that demands passwords for computer access and encrypts data resident on the hard disk.
CIT 3303 32
Ethical Issues in ComputingEthical Issues in Computing
The Ten Commandments of Computer Ethics1. Do not use a computer to harm other people. 2. Do not interfere with other people's computer work. 3. Do not snoop around in other people's computer files. 4. Do not use a computer to steal.5. Do not use a computer to bear false witness. 6. Do not copy or use proprietary software for which you have not paid. 7. Do not use other people's computer resources without authorization or
proper compensation. 8. Do not appropriate other people's intellectual output. 9. Always think about the social consequences of the program you are
writing or the system you are designing. 10. Always use a computer in ways that insure consideration and respect for
your fellow human.
CIT 3303 33
Any Question
?
CIT 3303 34
Thanks to All