4.0 COMPUTER ETHICS AND SECURITY

4.2 Computer Security

4.2.1 Computer Security Risks

2

LEARNING OUTCOMES:

At the end of this topic, students should be able to:

Define computer security risks. Identify types of security risks.

3

• Computer Security Risks is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.

DEFINITION

Types of Computer Security Risks

5

Internet and network attackInternet and network attack

Hardware theftHardware theft

Information theftInformation theft

Unauthorized access and useUnauthorized access and use

Software theftSoftware theft

System failureSystem failure

Types of Computer Security Risks

1. Internet and network attacks

• Information transmitted over networks has a higher degree of security risk than information kept on an organization’s premises.

7

1. Malware1. Malware

2. Botnets2. Botnets

5. Spoofing5. Spoofing

4. Denial of service attacks4. Denial of service attacks

3. Back Doors3. Back Doors

Internet and network attacks

• Malware (malicious software) – which are program that act without a user’s knowledge and deliberately alter the computer operation.

• Type of malware:i. Computer virusesii. Wormsiii. Trojan Horsesiv. Rootkitv. Back doorvi. Spyware

1a.Malware

9

Malware

Symptoms Malware

• Operating system runs much slower than usual

• Available memory is less than expected

• Files become corrupted

• Screen displays unusual message or image

• Music or unusual sound plays randomly

• Existing programs and files disappear

10

Malware

Symptoms Malware

• Programs or files do not work properly

• Unknown programs or files mysteriously appear

• System properties change

• Operating system does not start up

• Operating system shuts down unexpectedly

11

1. Worm

Is a program that copies itself repeatedly, for example in memory or on a network, using up resources and possibly shutting down the computer or network.

Malware

12

2. Computer Virus

is a potentially damaging computer program that affects, or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission.

Malware

13

2. Computer Virus

it can spread throughout and may damage files and system software, including the operating system.

Malware

14

3. Trojan horse

Internet and network attacks

Is a program that hides within or looks like a legitimate program. It does not replicate itself to other computers.

Malware

15

3. Trojan horse

Internet and network attacks

it can spread throughout and may damage files and system software, including the operating system.

Malware

16

4. Rootkit

Internet and network attacks

• Is a program that hides in a computer and allows someone from a remote location to take full control of the computer.

• The rootkit author can execute programs, change settings, monitor activity, and access files on the remote computer

Malware

17

5. Spyware & Adware

Internet and network attacks

• Spyware is a program placed on a computer without the users knowledge that secretly collects information about the user.

• Adware is a program that displays an online advertisement in a banner or pop-up window on web pages, e-mail messages or other internet services

Malware

• a group of compromised computers connected to a network such as the Internet that are used as part of a network that attacks other networks, usually for nefarious purposes.

1b.Botnets

• A program or set of instructions in a program that allow users to bypass security controls when accessing a program, computer, or network

1c.Back Door

Denial of service attacks or DoS attack, is an assault whose purpose is to disrupt computer access to an Internet service such as the Web or e-mail.

1d.Denial of Service Attacks

• A technique intruders use to make their network or Internet transmission appear legitimate to a victim computer or network.

1e.Spoofing

2.Unauthorized Access and Use

Unauthorized accessThe use of a computer or network without permission.

Unauthorized useThe use of a computer or its data for unapproved or possibly illegal activities.

3.Hardware Theft and Vandalism

Hardware theftIs the act of stealing computer equipment.

Hardware vandalismThe act of defacing or destroying computer equipment.

4.Software Theft

Steals software media

Intentionally erases

programs

Illegally copies a program

Illegally registers and/or

activates a program

5.Information Theft

Occurs when someone steals personal or confidential information.

If stolen, the loss of information can cause as much damage as (if not more than) hardware or software theft.

System Failure

A system failure is the prolonged malfunction of a computer

A variety of factors can lead to system failure, including:

• Aging hardware• Natural disasters• Electrical power problems

• Noise, undervoltages, and overvoltages• Errors in computer programs