UNAUTHORIZED ACCESS AND USED

SPPM 1013: TELECOMMUNICATION AND NETWORKING

UNAUTHORIZED ACCESS
The use of a computer and network without permission. A cracker, or hacker, is someone who tries to access a computer or network illegally. Some hackers break into a computer for the challenge. However, others use or steal computer resources or corrupt a computer's data.

UNAUTHORIZED USED
The use of a computer or its data for unapproved or possibly illegal activities. Examples of unauthorized use of computers include: An employee using a company computer to send personal e-mail. Someone gaining access to a bank computer and performing an unauthorized transfer.

They can be committed by both insider and outsider. Insider: people who work for the company whose computer are being accessed. Outsider: people who do not work for that company.

HOW TO PREVENT
One way to prevent unauthorized access and unauthorized use of computers is to utilize access controls. Codes of conduct (used to specify rules for behavior, typically by a business or school); typically address prohibited activities such as playing games, installing personal software, violating copyright laws, causing harm to other computer and snooping other files.

SAMPLE CODE OF CONDUCT

TYPES OF UNAUTHORIZED

HACKERS
Person using the computer to break into another computer network. It can be performed in person by hacking into a computer the hacker has physical access to, but more often performed via the internet or another network. Unless authorized, when a company ask a professional hackers to test the security of its system.

REASONS

i.

ii.

To steal data, sabotage a computer system and perform some other type of illegal act such as: Theft on credit card number and cardholder information. Generating spam or hosting pornographic sites.

In US hacking is also considered serious threat because of increasing on the number of worms controlled by computer and connected to internet. Its allow the hackers to access a system that led to an based risk of cyberterrorism where terrorist launch attack via the Internet.

WAR DRIVING AND WI-FI PIGGYBACKING

Wi-Fi hacking: Common for hackers to gain entrance via Wi-Fi. War driving or Wi-Fi piggybacking: Using someone elses Wi-Fi network to gain free access to the Internet. Illegal in some areas: steal data of credit card number via network. Can lead to criminal behavior Ethical issues: borrow someone internet connection to avoid paying crossing over the line.

INTERCEPTION OF COMMUNICATION

Interception of communications: Gaining unauthorized access to data as it is being sent over the Internet or another network. The increased use of wireless networks has opened up new opportunities for data interception; Business and personal wireless networks Use of public hotspots Wireless connections with mobile phones and mobile devices Once intercepted, the content can be read, altered, or otherwise used for unintended purposes.

PROTECTING AGAINST UNAUTHORIZED

ACCESS AND AUTHORIZED USE

ACCESS TO CONTROL SYSTEM

Used to control access to: Facilities Computer networks Databases Web site accounts Can be individual or part of a complete network access control (NAC) system.

Can be: Identification systems: Verify that the person trying to access the facility or system is an authorized user. Authentication systems: Determine if the person is who he or she claims to be. Can use more than one type (two-factor systems).

POSSESSED KNOWLEDGE ACCESS SYSTEM

Use information that only an individual should know: Usernames PINs Passwords Should be strong passwords and changed frequently. Tokens can generate passwords.

Cognitive authentification systems: Use information the individual knows (past teachers, birthplace, first home, etc.) Disadvantage: Can be used by an unauthorized individual with the proper knowledge

Two factor authentication; The user must have both the access card (to obtain the OTP) and his or her conventional username/ password combination in order to log on to his or her online account.

BIOMETRIC ACCESS SYSTEM (BAS)

BAS is refer to identify users by a particular unique biological characteristic. Such as fingerprints, iris, hand and face recognition.

Today, keystroke dynamics are commonly use like type on username and password.

Other than that, identify via voice, signature or gait.

HOW THE BAS FUNCTION

To identify an individual, some device need to use. There is the system and device that should be use.
System Device

Fingerprints system
Iris detection Via voice Via face recognition

Fingerprints reader
Iris scanner Recorder Digital camera

All the device have been conjunct it to database that who were stored all the data saved previously. In order to indentify who is the user, the device will recognize it by searching on the matching data by what they received from scanning from the user. Other than that, to speed up the process, user needs to identify themselves first by swiping their personal card and so on.

USES OF BIOMETRIC ACCESS SYSTEM

To control access on security facilities To log user computer or other device On networking Secure Web site (https:// exp.CIMBCLICKs) Punch of employee in and out of work Confirms customer on ATM machine.

DEPARTMENT THAT USE THIS SYSTEM

Military Prisoner Airport Banking

ADVANTAGE OF BAS
Totally accurate. (exp: even a twin have same DNA but they will have difference irises.) Tend more accurate than personal trait. Because personal trait may be change like signature. Cannot be lost/broken and forgotten. Doesnt need to bring all time.

DISADVANTAGE OF BAS
Hardware and software to expensive The data used for authentication ( cannot be reset )

CONTROLLING ACCESS TO WIRELESS NETWORKS

Wireless network like WIFI are less secure. The original standard was WEP ( Wired Equivalent Privacy) are replaced with WPA/WPA2 ( Wi-Fi protection Access) who is more secure Commonly, Wi-Fi hardware are shipped with security features switched off. So, owner need to change their router and access point setting in order to secure their network. SSID is helping us to protect and secure to our network.

FIREWALL

Is a security system that essentially create barrier between computer network to internet.

Work two-way, will check on all incoming and outgoing to protect home computer from hackers.

outgoing incoming

outgoing incoming

All computer directly connect to internet must have fire wall. There are some example of firewall software. It will classified in two. Stand Alone and Built in Operating System.

Stand Alone Software (need to purchase by user)

Built in Operating System (purchase with window)

THE USES OF FIREWALL

To control employee Internet access. To protect business networks from the outsiders or hacker.

ENCRYPTION
Is a way of temporarily converting data into a form. ( called cipher) It only can be read after decrypted it. In order to protect data from unauthorized people.

Secure Web pages will encrypt the sensitive data like ( credit card number) It also use in data file. So, the data that stored in hard drive will be secure and unreadable from unauthorized people.

TYPE OF ENCRYPTION

Public Key Encryption

Type of encryption that uses key pairs to encrypt and decrypt the file or message.

Private Key Encryption

Type of encryption that uses a single key to encrypt and decrypt the file or message.