Professional Documents
Culture Documents
Computer Security
Computer Security
© G Campbell 2021 1
Learner Outcomes:
© G Campbell 2021 2
What is computer security?
Techniques for ensuring that data stored in
a computer cannot be read or
compromised by any individuals without
authorization.
© G Campbell 2021 3
What is a computer security risk?
Any event or action that could cause a loss of
or damage to computer hardware, software,
data, information, or processing capability.
© G Campbell 2021 4
Categories of Risks
© G Campbell 2021 5
Risks and their effects
Categories Effects
Human Error Loss of data, damage
Technical Error Loss of data, time
Virus Loss of data/time/ software
Disaster Physical damage
Unauthorized access/use Identity theft, blackmail etc.
Theft, vandalism Loss of computer, data
© G Campbell 2021 6
What is Risk Management?
AKA Risk management solution
An action taken to either prevent a risk from
happening or to reduce its effects.
© G Campbell 2021 7
Protecting from Human Error
Data validation
Reduce human interaction (i.e. automate)
Training
Password protection
Authority levels
Supervision (children, inexperienced users)
Separation of duties
Backup
© G Campbell 2021 8
Protecting from Technical Error
Buy quality hardware from a reputable dealer
Warranty
Backup
Air conditioning
Plastic dust covers
Proper (sturdy) desk
No magnets/sunlight
Proper maintenance (care)
Regular testing of hardware and software
© G Campbell 2021 9
What is a Virus?
A computer program that is designed to replicate
itself by copying itself into the other programs
stored in a computer.
It may be benign or have a negative effect, such
as causing a program to operate incorrectly or
corrupting a computer's memory.
© G Campbell 2021 10
Types of Viruses
Worm
Trojan
Boot Sector
Program
Multipartite
Stealth
Macro
E-mail
Polymorphic
Logic bomb
Time bomb
Rootkit
© G Campbell 2021 11
Worm
© G Campbell 2021 12
Helen of Sparta was captured
by the Trojans
© G Campbell 2021 13
Agamemnon and his army of Greeks went to
the city of Troy to rescue Helen
© G Campbell 2021 14
The Greek army made a large wooden
horse and left it outside the city gates
© G Campbell 2021 15
The Trojans took the horse inside their city.
They thought it was a present from the gods
© G Campbell 2021 16
That night, Greek soldiers crept out from
inside the horse and opened the city gates
© G Campbell 2021 17
The Greek army poured into
the city
© G Campbell 2021 18
Trojan
© G Campbell 2021 19
Boot Sector
© G Campbell 2021 21
Multipartite
A hybrid of Boot and Program viruses.
This sophisticated type of virus infects
program files and when the infected
program is executed, this virus infects the
boot record.
When you boot the computer next time the
virus from the boot record loads in memory
and then starts infecting other program files
on disk.
© G Campbell 2021 22
Stealth
These viruses use certain techniques to
avoid detection.
E.g. they redirect the disk head to read
another sector instead of the one in which
they reside.
© G Campbell 2021 23
Macro
© G Campbell 2021 24
E-mail
Moves around in e-mail messages, and
usually replicates itself by automatically
mailing itself to dozens of people in the
victim's e-mail address book
© G Campbell 2021 25
Polymorphic
A virus that can encrypt its code in
different ways so that it appears
differently in each infection.
These viruses are more difficult to detect
© G Campbell 2021 26
Logic bomb
Written to activate when the user carries
out a certain action, such as open a
particular file.
© G Campbell 2021 27
Time bomb
Viruses written to activate on a
particular date such as Friday the 13th
© G Campbell 2021 28
Rootkit
A rootkit is a clandestine program designed to
provide continued privileged access to a
computer while actively hiding its presence.
A rootkit allows someone to maintain
command and control over a computer without
the computer user/owner knowing about it.
Once a rootkit has been installed, the
controller of the rootkit has the ability to
remotely execute files and change system
configurations on the host machine.
A rootkit on an infected computer can also
access log files and spy on the legitimate
computer owner’s usage.
© G Campbell 2021 29
Protecting from A Virus
Antivirus software
Update Anti-virus regularly
Firewall
© G Campbell 2021 32
Protecting from Unauthorized
Access and Use
Physical security – e.g. locks, guards, grills etc.
Access codes and passwords
Biometric devices
Require frequent password changes
Passwords that are hard to guess (What are the
features of a good password?)
Sign off when you leave your desk
Authority levels
Firewall
Encryption of data
Audit trails
Log systems
© G Campbell 2021 33
Protecting from Unauthorized
Access and Use Cont’d
Intrusion detection software
Time and Location controls
Separation of duties
Restrict report distribution, shred reports
Reputable web sites that will not steal credit
card
Secrecy Act in Jamaica
Copyright and License agreements
Auditing the programs
Callback systems
© G Campbell 2021 34
Protecting from Theft,
Vandalism
Physical security – locks, guard, dogs,
biometrics
Metal detectors to prevent hardware theft
Backup
Lock the computer to the desk
Low profile facilities
Mark your computers in a secret place
Record serial numbers
Insurance of equipment
© G Campbell 2021 35
Backup
Regardless of the precautions that you
take, things can still go wrong.
Backup is therefore the main risk
management solution.
A backup is a duplicate of a file, or disk
that can be used if the original is lost,
damaged, or destroyed.
What backup software do you use?
© G Campbell 2021 36
Types of backup
Full – copies all of the files in a computer
Incremental – copies only the files that have
changed since the last full or last incremental
backup
Differential – copies only the files that have
changed since the last full backup
Selective – allows a user to choose specific
files to back up
Grandfather, Father, Son (or Three-
generation backup)
© G Campbell 2021 37
What risk management
strategy is most suitable?
Hacker
Motherboard burning up
Thumb drive was stolen
File deleted in error
A virus infected the computer
A flood washed away the computer
The wrong data was entered
© G Campbell 2021 38
Practice Questions
1. A __________ is a private combination
of characters associated with the user name
that allows access to certain computer
resources.
A. Encryption
B. Signature
C. Password
D. Code key
© G Campbell 2021 39
2. Which of the following best defines computer
security?
A. Techniques for ensuring that data stored in a
computer cannot be read or compromised by any
individuals without authorization
B. Any event or action that could cause a loss of or
damage to computer hardware, software, data,
information, or processing capability
C. The use of anti-virus or other utilities in order to
keep a computer safe
D. Unauthorized access and use
© G Campbell 2021 40
3. A computer program that is designed to
replicate itself and possibly cause problems
on a computer is called a ____________.
A. McAfee
B. Spam
C. Hacker
D. Virus
© G Campbell 2021 41
4. Which of the following has a battery
which charges while there is power. It
gives you time to shut down the
computer properly when there is a
power cut?
A. Surge protector
B. Lightening rod
C. Generator
D. UPS
© G Campbell 2021 42
5. Which of the following is the best
example of protection against human
error?
A. Data validation
B. Surge protector
C. Air conditioning
D. Intrusion Detection
© G Campbell 2021 43
6. Which of the following is the most
secure password?
A. JohnBrown
B. 123456789
C. 25Jan1980
D. K3gH8$6#2
© G Campbell 2021 44
7. Which of the following is a program
and/or hardware that filters the
information coming through the internet
to prevent unauthorized access?
A. Encryption standard
B. Firewall
C. Log system
D. Callback system
© G Campbell 2021 45
8. Which of the following would qualify
as a technical error on a network?
A. Failure to back up files
B. Malfunction in a cable
C. Mistake made by a technician
D. Improper recovery procedures
© G Campbell 2021 46
9. Which of the following describes a
situation where a thief steals your
information by simply watching you
type?
A. Snagging
B. Spoofing
C. Shoulder surfing
D. Social engineering
© G Campbell 2021 47
10. Person who gains unauthorized
access to computer systems for the
purpose of stealing and corrupting data
is called ________.
A. Anti-virus programmer
B. Pirate
C. Spoofer
D. Hacker
© G Campbell 2021 48