Computer Security

© G Campbell 2021 1
 Learner Outcomes:

Upon successful completion, learners will be able

to:
 define computer risk and risk management
 describe different types of computer risks
 apply risk management strategies to counter
computer risks

© G Campbell 2021 2
What is computer security?
 Techniques for ensuring that data stored in
a computer cannot be read or
compromised by any individuals without
authorization.

© G Campbell 2021 3
What is a computer security risk?
 Any event or action that could cause a loss of
or damage to computer hardware, software,
data, information, or processing capability.

© G Campbell 2021 4
 Categories of Risks

 Human Error – mistakes made when using the

computer
 Technical Error – hardware or software issue
 Virus – program that affects the computer
 Disaster – natural or otherwise
 Unauthorized access/use – when someone
takes/uses your computer or data without
permission
 Theft, vandalism – when someone takes your
computer or physically damages it

© G Campbell 2021 5
 Risks and their effects
Categories
 Human Error
 Technical Error
 Virus
 Disaster
 Unauthorized access/use
 Theft, vandalism
© G Campbell 2021
Effects
 Loss of data, damage
 Loss of data, time
 Loss of data/time/ software
 Physical damage
 Identity theft, blackmail etc.
 Loss of computer, data
6
What is Risk Management?
 AKA Risk management solution
 An action taken to either prevent a risk from
happening or to reduce its effects.

© G Campbell 2021 7
Protecting from Human Error
 Data validation
 Reduce human interaction (i.e. automate)
 Training
 Password protection
 Authority levels
 Supervision (children, inexperienced users)
 Separation of duties
 Backup

© G Campbell 2021 8
Protecting from Technical Error
 Buy quality hardware from a reputable dealer
 Warranty
 Backup
 Air conditioning
 Plastic dust covers
 Proper (sturdy) desk
 No magnets/sunlight
 Proper maintenance (care)
 Regular testing of hardware and software

© G Campbell 2021 9
What is a Virus?
 A computer program that is designed to replicate
itself by copying itself into the other programs
stored in a computer.
 It may be benign or have a negative effect, such
as causing a program to operate incorrectly or
corrupting a computer's memory.

© G Campbell 2021 10
Types of Viruses
 Worm
 Trojan
 Boot Sector
 Program
 Multipartite
 Stealth
 Macro
 E-mail
 Polymorphic
 Logic bomb
 Time bomb
 Rootkit
© G Campbell 2021 11
Worm

 A worm is a small piece of software that

uses computer networks and security
holes to replicate itself.
 A copy of the worm scans the network for
another machine that has a specific
security hole.

© G Campbell 2021 12
Helen of Sparta was captured
by the Trojans

© G Campbell 2021 13
Agamemnon and his army of Greeks went to
the city of Troy to rescue Helen

© G Campbell 2021 14
The Greek army made a large wooden
horse and left it outside the city gates

© G Campbell 2021 15
The Trojans took the horse inside their city.
They thought it was a present from the gods

© G Campbell 2021 16
That night, Greek soldiers crept out from
inside the horse and opened the city gates

© G Campbell 2021 17
The Greek army poured into
the city

© G Campbell 2021 18
Trojan

 A Trojan appears to be something that it is not

so that you give out certain information.
 Example: a fake login screen will allow you to
put in your id and password, thereby allowing it
to be read by unscrupulous persons.
 Example: a fake web site on which you give out
your credit card information.

© G Campbell 2021 19
Boot Sector

 The boot sector of your hard disk contains the

programs used to boot (or start) your
computer. These system sectors are vital for
proper operation of your computer.
 The viruses replace the boot record program
(which is responsible for loading the operating
system in memory) copying it elsewhere on
the disk or overwriting it.
 Boot viruses load into memory if the computer
tries to read the disk while it is booting.
© G Campbell 2021 20
Program
 These infect executable program files.
 These programs are loaded in memory during
execution, taking the virus with them.
 The virus becomes active in memory, making
copies of itself and infecting files on the disk.

© G Campbell 2021 21
Multipartite
 A hybrid of Boot and Program viruses.
 This sophisticated type of virus infects
program files and when the infected
program is executed, this virus infects the
boot record.
 When you boot the computer next time the
virus from the boot record loads in memory
and then starts infecting other program files
on disk.

© G Campbell 2021 22
Stealth
 These viruses use certain techniques to
avoid detection.
 E.g. they redirect the disk head to read
another sector instead of the one in which
they reside.

© G Campbell 2021 23
Macro

 A type of computer virus that infects the

macros within a document or template.
 A macro is an automated series of
program commands, such as a list of
formatting commands for a word
processing program.

© G Campbell 2021 24
E-mail
 Moves around in e-mail messages, and
usually replicates itself by automatically
mailing itself to dozens of people in the
victim's e-mail address book

© G Campbell 2021 25
Polymorphic
 A virus that can encrypt its code in
different ways so that it appears
differently in each infection.
 These viruses are more difficult to detect

© G Campbell 2021 26
Logic bomb
 Written to activate when the user carries
out a certain action, such as open a
particular file.

© G Campbell 2021 27
Time bomb
 Viruses written to activate on a
particular date such as Friday the 13th

© G Campbell 2021 28
Rootkit
 A rootkit is a clandestine program designed to
provide continued privileged access to a
computer while actively hiding its presence.
 A rootkit allows someone to maintain
command and control over a computer without
the computer user/owner knowing about it.
 Once a rootkit has been installed, the
controller of the rootkit has the ability to
remotely execute files and change system
configurations on the host machine.
 A rootkit on an infected computer can also
access log files and spy on the legitimate
computer owner’s usage.
© G Campbell 2021 29
Protecting from A Virus
 Antivirus software
 Update Anti-virus regularly
 Firewall

 Limitconnectivity (e.g. stay off network if not

necessary
 Visit trusted sites only
 Limit software downloads
 Use only authorized media for loading data and
software
 Do Not open unknown email / attachments
 Write protect thumb drive
 Backup
© G Campbell 2021 30
Protecting from Disasters
 Offsite Backup
 Good location (e.g. not on a hillside or near the
sea)
 Strong, weatherproof facilities (no windows,
fireproof)
 No food/drink around the computer
 Raised (false) floors
 UPS (Uninterruptible Power Supply)
 Generator
 Surge protectors
 Lightening rods
 Fire extinguishers
 Insurance of equipment
© G Campbell 2021 31
Unauthorized Access and Use

 Unauthorized access is the use of a

computer or network without permission.
 Unauthorised use is the use of a computer
or its data for unapproved or possibly
illegal or unethical activities.

© G Campbell 2021 32
Protecting from Unauthorized
Access and Use
 Physical security – e.g. locks, guards, grills etc.
 Access codes and passwords
 Biometric devices
 Require frequent password changes
 Passwords that are hard to guess (What are the
features of a good password?)
 Sign off when you leave your desk
 Authority levels
 Firewall
 Encryption of data
 Audit trails
 Log systems
© G Campbell 2021 33
Protecting from Unauthorized
Access and Use Cont’d
 Intrusion detection software
 Time and Location controls
 Separation of duties
 Restrict report distribution, shred reports
 Reputable web sites that will not steal credit
card
 Secrecy Act in Jamaica
 Copyright and License agreements
 Auditing the programs
 Callback systems
© G Campbell 2021 34
Protecting from Theft,
Vandalism
 Physical security – locks, guard, dogs,
biometrics
 Metal detectors to prevent hardware theft
 Backup
 Lock the computer to the desk
 Low profile facilities
 Mark your computers in a secret place
 Record serial numbers
 Insurance of equipment

© G Campbell 2021 35
Backup
 Regardless of the precautions that you
take, things can still go wrong.
 Backup is therefore the main risk
management solution.
 A backup is a duplicate of a file, or disk
that can be used if the original is lost,
damaged, or destroyed.
 What backup software do you use?

© G Campbell 2021 36
Types of backup
 Full – copies all of the files in a computer
 Incremental – copies only the files that have
changed since the last full or last incremental
backup
 Differential – copies only the files that have
changed since the last full backup
 Selective – allows a user to choose specific
files to back up
 Grandfather, Father, Son (or Three-
generation backup)
© G Campbell 2021 37
What risk management
strategy is most suitable?
 Hacker
 Motherboard burning up
 Thumb drive was stolen
 File deleted in error
 A virus infected the computer
 A flood washed away the computer
 The wrong data was entered

© G Campbell 2021 38
Practice Questions
 1. A __________ is a private combination
of characters associated with the user name
that allows access to certain computer
resources.
A. Encryption
B. Signature
C. Password
D. Code key

© G Campbell 2021 39
 2. Which of the following best defines computer
security?
A. Techniques for ensuring that data stored in a
computer cannot be read or compromised by any
individuals without authorization
B. Any event or action that could cause a loss of or
damage to computer hardware, software, data,
information, or processing capability
C. The use of anti-virus or other utilities in order to
keep a computer safe
D. Unauthorized access and use

© G Campbell 2021 40
 3. A computer program that is designed to
replicate itself and possibly cause problems
on a computer is called a ____________.
A. McAfee
B. Spam
C. Hacker
D. Virus

© G Campbell 2021 41
 4. Which of the following has a battery
which charges while there is power. It
gives you time to shut down the
computer properly when there is a
power cut?
A. Surge protector
B. Lightening rod
C. Generator
D. UPS
© G Campbell 2021 42
 5. Which of the following is the best
example of protection against human
error?
A. Data validation
B. Surge protector
C. Air conditioning
D. Intrusion Detection

© G Campbell 2021 43
 6. Which of the following is the most
secure password?
A. JohnBrown
B. 123456789
C. 25Jan1980
D. K3gH8$6#2

© G Campbell 2021 44
 7. Which of the following is a program
and/or hardware that filters the
information coming through the internet
to prevent unauthorized access?
A. Encryption standard
B. Firewall
C. Log system
D. Callback system

© G Campbell 2021 45
 8. Which of the following would qualify
as a technical error on a network?
A. Failure to back up files
B. Malfunction in a cable
C. Mistake made by a technician
D. Improper recovery procedures

© G Campbell 2021 46
 9. Which of the following describes a
situation where a thief steals your
information by simply watching you
type?
A. Snagging
B. Spoofing
C. Shoulder surfing
D. Social engineering

© G Campbell 2021 47
 10. Person who gains unauthorized
access to computer systems for the
purpose of stealing and corrupting data
is called ________.
A. Anti-virus programmer
B. Pirate
C. Spoofer
D. Hacker

© G Campbell 2021 48