Threats and Security Tips of Computer System

1

Threats and Security Tips of Computer System

Lecture 8

CIT 3303 2

Information technology can be disabled by a number of occurrences. It may be harmed by people, procedural, and software errors; by electromechanical problems; and by “dirty data”. It may be threatened by natural hazards and terrorism.

Computer may be harmed by viruses. Computers can also be used as instruments of crime. Criminals may be employee, outside users, hackers, crackers, and professional criminals.

Threats to computers and communications systemsThreats to computers and communications systems

CIT 3303 3

Threats to computers and communications systemsThreats to computers and communications systems

Here we discuss the following threats to computers and communications systems:

Errors and accidents Natural hazards Crimes against information technology Crimes using information technology Computer Viruses

CIT 3303 4

Errors and Accidents Errors and Accidents

Errors and accidents in computer systems may be classified as -

People errors Procedural errors Software errors Electromechanical problems “Dirty data” problems

CIT 3303 5

People errorsPeople errors

One of the most important part of a computer system is the people who manage it or run it.

Quite often, what may seem to be “the computer’s fault” is human indifference or bad management.

So, errors may be occurs by people during data entry and computer operate.

CIT 3303 6

Procedural errorsProcedural errors

We know that procedures are descriptions of how things are done, steps for accomplishing a result.

Some remarkable computer failures have occurred because someone didn’t follow procedures.

CIT 3303 7

Software errorsSoftware errors

We are hearing about “software bugs”. A software bug is an error in a program that causes it to malfunction.

Especially with complex software, there are always bugs, even after the system has been thoroughly tested and “debugged”.

CIT 3303 8

Electromechanical problemsElectromechanical problems

Mechanical systems, such as printers, and electrical systems, such as circuit boards, don’t always work. They may be faultily constructed, get dirty or overheated, or become damaged in some other way.

Power failures can shut a system down and burn out equipment.

CIT 3303 9

““Dirty data” problemsDirty data” problems

When keyboarding a research paper, you undoubtedly make a few typing errors.

A lot of problems are caused by this kind of “dirty data”.

“Dirty data” is data that is incomplete, outdated, or otherwise inaccurate.

CIT 3303 10

Natural HazardsNatural Hazards

Whatever is harmful to property (and people) is harmful to computers and communications systems. This certainly includes natural disasters: fires, floods, earthquakes, tornadoes, cyclones, hurricanes, and the like.

Natural hazards can disable all the electronic systems. Without power and communications connections, automatic teller machines (ATM), credit card verifiers, and bank computers are useless.

CIT 3303 11

Crimes against information technologyCrimes against information technology

Crime against information technology include –

Theft of hardware Theft of software Theft of time and services Theft of information

CIT 3303 12

Crimes using information technologyCrimes using information technology

Just a car can be used to assist in a crime, so can a computer and communication system.

Criminals use inexpensive microcomputers with sophisticated graphics capabilities for illegal purposes.

CIT 3303 13

VirusesViruses

Computer viruses are programs that causes systems to behave in unexpected and undesirable ways.

Virus can copy itself and damage files. Spread through floppy disks, Internet downloads or as e-mail.

Viruses may take several forms. The two principal ones are boot sector virus and file viruses.

CIT 3303 14

Computer CriminalsComputer Criminals

What kind of people are responsible for most of the information technology crime?

Over 80% may be employees, and rest are outside users, hackers and crackers, and professional criminals.

CIT 3303 15

Computer Criminals (cont…)Computer Criminals (cont…)

Employees: Employees are the ones with the skill, the knowledge, and the access to do bad things. Dishonest employees create a far greater problems than most people realize.

The increasing use of laptops, away from the eyes of supervisors, concerns some security experts. They worry that dishonest employees or outsiders can more easily intercept communications or steal company trade secrets.

CIT 3303 16


Outside users: Suppliers and clients may also gain access to a company’s information technology and use it to commit crimes.

CIT 3303 17

Hacker An individual who has the knowledge to

illegally break into a computer system or facility, although he or she does not cause any harm to the system or the organization.

Cracker A computer thief who breaks into a system

with the intent of stealing passwords, files, and programs, either for fun or for profit.


CIT 3303 18

Professional criminals: Member of organized crime rings don’t just steal

information technology. They also use it the way that legal businesses do – as a business tool, but for illegal purposes.

For example, databases can be used to keep track of illegal gambling debts and stolen goods. Drug dealers have user pagers as a link to customers. Microcomputers, scanners, and printers can be used for forge checks, immigration papers, passports, and driving licenses. Telecommunications can be used to transfer funds illegally.


CIT 3303 19

Computer SecurityComputer Security

Computer security includes the policies, procedures, tools and techniques designed to protect a company’s computer assets from accidental, intentional, or natural disasters. It covers all components of a company’s computing environment: hardware, software, networks, physical facilities, data and information, and personnel.

CIT 3303 20

Computer Security (cont…)Computer Security (cont…)

We consider the following components of security:

Identification and access Password SecurityPassword Security Personal firewallPersonal firewall Anti-virus software and UpdatesAnti-virus software and Updates Be aware of how viruses spreadBe aware of how viruses spread Avoid installing bad applicationsAvoid installing bad applications Configure your systemConfigure your system Backup your dataBackup your data Credit card security Credit card security Terminal connections Terminal connections Access Controls and EncryptionAccess Controls and Encryption

CIT 3303 21

Identification and accessIdentification and access

There are three ways a computer system can verify that you have legal right of access. Some security systems use a mix of these techniques. The systems try to authenticate your identity by determining –

1. what you have – cards, keys, signatures, badges.2. what you know – PINs, passwords, digital

signatures.3. who you are –fingerprint id, voice id, retinal id, lip

prints.

CIT 3303 22

Password SecurityPassword Security

A password is a special word, code, or symbol that is required to access a computer system.

Choose Strong Passwords. Never use your name or the name of a loved one, or even a word in the dictionary.

Use a mix of alphanumeric characters, but make it easy to remember.

CIT 3303 23

Personal firewall Personal firewall

If you are not behind a corporate firewall, purchase and install a personal firewall on your computer. This will help protect your system from many weaknesses that some worms will try to use.

CIT 3303 24

Anti-virus software and Updates Anti-virus software and Updates

Use anti-virus software with regular updates.

Perform system updates regularly.

CIT 3303 25

Be aware of how viruses spreadBe aware of how viruses spread

Be aware of how viruses spread and don't open attachments unless you are SURE they are genuine. Call the sender if necessary to be sure they sent the email. Be sure your system settings are set so you can recognize potential virus files that may have multiple extensions such as filename.txt.exe. If the extension ends in .exe, .com, or .bat don't double click on it or run it unless you are SURE it is from a valid source.

CIT 3303 26

Avoid installing bad applications Avoid installing bad applications

Some computer programs may come with spyware. Avoiding these can be important in both securing your system and keeping your system performance from being degraded.

A personal firewall is one defense against this happening because it will normally notify you when a program accesses the internet.

CIT 3303 27

Configure your system Configure your system

Configure your system so you will see all file extensions as described on the page called "Windows File View Settings".

CIT 3303 28

Backup your data Backup your data

Make frequent backups of vital data and store it in a different physical location from the computer.

CIT 3303 29

Credit card security Credit card security

Don’t send your credit card number “in the clear” (that is, without encryption) over the Internet.

CIT 3303 30

Terminal connections Terminal connections

Don’t leave modem lines or Internet connections open when you are not using them. Turn off your computer when you leave it.

CIT 3303 31

Access Controls and Encryption Access Controls and Encryption

Using a PC security package that demands passwords for computer access and encrypts data resident on the hard disk.

CIT 3303 32

Ethical Issues in ComputingEthical Issues in Computing

The Ten Commandments of Computer Ethics1. Do not use a computer to harm other people. 2. Do not interfere with other people's computer work. 3. Do not snoop around in other people's computer files. 4. Do not use a computer to steal.5. Do not use a computer to bear false witness. 6. Do not copy or use proprietary software for which you have not paid. 7. Do not use other people's computer resources without authorization or

proper compensation. 8. Do not appropriate other people's intellectual output. 9. Always think about the social consequences of the program you are

writing or the system you are designing. 10. Always use a computer in ways that insure consideration and respect for

your fellow human.

CIT 3303 33

Any Question

?

CIT 3303 34

Thanks to All

Education

Threats and Security Tips of Computer System