computer concepts - illustrated introductory, seventh edition unit f: data security
Post on 25-Dec-2015
223 Views
Preview:
TRANSCRIPT
Computer Concepts - Illustrated Computer Concepts - Illustrated Introductory, Seventh EditionIntroductory, Seventh Edition
UNIT F:
Data Security
ObjectivesObjectives
Know what can go wrong
Protect computer systems
Understand authentication
Explore security threats and malware
Avoid security threats and malware
Computer Concepts – Illustrated Introductory, Seventh Edition
ObjectivesObjectives
Examine network and Internet access security
Explore Web and email security
Examine backup procedures
Talking points: Prosecuting computer crime
Computer Concepts – Illustrated Introductory, Seventh Edition
Knowing What Can Go WrongKnowing What Can Go Wrong
Risk management Process of identifying potential threats to
computer equipment and data Implementing plans to avoid as many threats as
possible Developing steps to recover from unavoidable
disasters
Risk management objectives Reduce downtime Maintain good quality service Promote business continuity
Computer Concepts – Illustrated Introductory, Seventh Edition
Knowing What Can Go WrongKnowing What Can Go Wrong
What can go wrong? Power outages Hardware failures Software failures Human error Computer viruses Less common threats include natural disasters,
acts of war, security breaches, malicious hackers, and theft
Computer Concepts – Illustrated Introductory, Seventh Edition
Knowing What Can Go WrongKnowing What Can Go Wrong
Power failure Complete loss of power to computer system Even brief power interruption can force computer to
reboot and lose all data in RAM Power spikes, voltage spikes, and power surges can
destroy circuitry or damage a motherboard
Computer Concepts – Illustrated Introductory, Seventh Edition
Knowing What Can Go WrongKnowing What Can Go Wrong
Data center - specialized facility designed to house and protect computer system or its data Includes special features like
• Fireproof construction• Earthquake-proof foundations• Sprinkler systems• Power generators• Secure doors and windows• Antistatic floor coverings• Locations safe from floods, earthquakes, and
tornadoes
Computer Concepts – Illustrated Introductory, Seventh Edition
Knowing What Can Go WrongKnowing What Can Go Wrong
Effect of hardware failure depends on which component fails
Software failure can result in lost or inaccurate data
Common human errors include Entering inaccurate data Failing to follow required procedures
Computer Concepts – Illustrated Introductory, Seventh Edition
Knowing What Can Go WrongKnowing What Can Go Wrong
Cyberterrorism Terrorist acts committed via Internet Uses viruses and worms to destroy data and
corrupt systems• Power grids and telecommunications
Disasters that destroy data can and do occur Despite risk-prevention measures, Floods, earthquakes, fires, etc.
Computer Concepts – Illustrated Introductory, Seventh Edition
Knowing What Can Go WrongKnowing What Can Go Wrong
Disaster recovery plan Step-by-step plan
describes methods used to secure data against disaster
Explains how to recover lost data if and when disaster occurs
Computer Concepts – Illustrated Introductory, Seventh Edition
Protecting Computer SystemsProtecting Computer Systems
Value of stolen computer often determined by data contained in system Bank account numbers, credit card numbers,
PINs • Can allow thief to wipe out checking or savings
accounts or use credit card
Thieves can use stolen data to assume identity
Computer Concepts – Illustrated Introductory, Seventh Edition
Protecting Computer SystemsProtecting Computer Systems
Protecting computer from theft Use common sense Never leave notebook computer unattended or in
unsecured room Anchor your computer to your desk with special lock or
security plate Motion sensor alarms
Computer Concepts – Illustrated Introductory, Seventh Edition
Protecting Computer SystemsProtecting Computer Systems
Tracking and recovery software - used to track stolen computer as soon as thief connects to Internet Some tracking software can be configured to
delete data if computer is stolen
Passwords can make data difficult to access
Save and store unique information about your computer Make, model, serial number
Computer Concepts – Illustrated Introductory, Seventh Edition
Protecting Computer SystemsProtecting Computer Systems
Power protection UPS (uninterruptible power supply)
Computer Concepts – Illustrated Introductory, Seventh Edition
Protecting Computer SystemsProtecting Computer Systems
Surge strip (surge protector, surge suppressor) Low-cost alternative to UPS Designed to protect electrical devices from
power surges and voltage spikes
Computer Concepts – Illustrated Introductory, Seventh Edition
Protecting Computer SystemsProtecting Computer Systems
Fans help keep computers vented Be aware of ventilation around computer Should draw air from room and blow it across
inside components Do not put papers, books, or other items on top
of monitor • Can heat up quickly
Computer Concepts – Illustrated Introductory, Seventh Edition
Understanding AuthenticationUnderstanding Authentication
Authentication protocol Any method that confirms person’s identity
when using computer system Something person carries Something person knows Some unique physical characteristics
• Biometrics
Computer Concepts – Illustrated Introductory, Seventh Edition
Understanding AuthenticationUnderstanding Authentication
Two-factor authentication Verifies identity using two independent
elements of confirmation More secure than single-factor authentication
User ID Also known as username, login, screen name,
online nickname, handle Typically public and do not offer any level of
security
Computer Concepts – Illustrated Introductory, Seventh Edition
Understanding AuthenticationUnderstanding Authentication
Password Verifies user ID and guarantees that you are
the person you claim to be
Computer Concepts – Illustrated Introductory, Seventh Edition
Understanding AuthenticationUnderstanding Authentication
PIN Like passwords, PINs are something user
knows PIN - short sequence of numbers, can be
entered using numeric keypad Password tends to be longer sequence letters,
numbers, and special characters
If password(s) stolen, could become victim of identity theft
Computer Concepts – Illustrated Introductory, Seventh Edition
Understanding AuthenticationUnderstanding Authentication
Brute force attack Method for stealing user IDs and passwords Uses password-cracking software to steal
information
Password manager Utility software that generates secure
passwords and stores them along with user IDs Allows for use of unique and secure passwords
for every one of your online accounts
Computer Concepts – Illustrated Introductory, Seventh Edition
Understanding AuthenticationUnderstanding Authentication
Restricting access to computer Keep it in locked room when not in use Password protection and authentication
User rights Rules that limit directories and files each user
can access
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Security ThreatsExploring Security Threatsand Malwareand Malware
Malware Malicious code - one of biggest threats to your
computer security
Computer virus Set of program instructions
• Attaches itself to file, reproduces itself, and spreads to other files on same computer
Does NOT spread by itself from one computer to another• Spreads when infected files are distributed
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Security ThreatsExploring Security Threatsand Malwareand Malware
Hackers, crackers, black hats, and cybercriminals create and unleash malware Some malware intended to be prank or mildly
annoying vandalism Some created to distribute political messages
or disrupt operations at specific companies In many cases motivation is money
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Security ThreatsExploring Security Threatsand Malwareand Malware
Viruses can Corrupt files Destroy data Display irritating message Disrupt operations Deliver payload or trigger event
• Time bombs, logic bombs
Boot sector virus Infects system files computer uses every time
it turns on
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Security ThreatsExploring Security Threatsand Malwareand Malware
Computer worm Self-copying program designed to carry out
unauthorized activity on victim’s computer Able to spread themselves from one computer to
another Enter through security holes in browsers and OSs Usually sent via emails or by victims clicking
infected pop-up ads or links contained in emails Can even infect mobile phones Mass-mailing worm spreads by sending itself to
every address on infected computer
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Security ThreatsExploring Security Threatsand Malwareand Malware
Computer Concepts – Illustrated Introductory, Seventh Edition
Simulated Worm Attack
Exploring Security ThreatsExploring Security Threatsand Malwareand Malware
Trojan horse Computer program seems to perform one function
while actually doing something else Not designed to spread to other computers Notorious for stealing passwords using keylogger
Remote Access Trojan (RAT) Backdoor capabilities that allow remote hackers to
• Transmit files to victim’s computer
• Search for data
• Run programs
• Use victim’s computer as relay station for breaking into other computers
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Security ThreatsExploring Security Threatsand Malwareand Malware
Bot Software that can automate task or autonomously
execute task when commanded to do so• Called intelligent agent
Because intelligent agent behaves like robot, often called bot
Zombie Computer under control of bot
Botmaster Person who controls many bot-infested computers
and can link them together into network called botnet
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Security ThreatsExploring Security Threatsand Malwareand Malware
Spyware Program that secretly gathers personal
information without victim’s knowledge Usually for advertising and commercial
purposes Can piggyback on seemingly legitimate
freeware or shareware downloads Can also allow spyware into computer by:
• Clicking infected pop-up ads• Surfing through seemingly valid and secure but
compromised Web sites
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Security ThreatsExploring Security Threatsand Malwareand Malware
Blended threat Malware that combines more than one type of malicious
program
What does malware do? Network traffic jam Denial-of-service attacks Browser reconfiguration Delete and modify files Access confidential information Disable antivirus and firewall software Control your computer Performance degradation
Computer Concepts – Illustrated Introductory, Seventh Edition
Avoiding Security ThreatsAvoiding Security Threatsand Malwareand Malware
May not even be aware that computer is infected
Symptoms of infected computer include Irritating messages or sounds Frequent pop-up ads (often pornographic in
nature) Sudden appearance of new Internet toolbar Addition to favorites list
Computer Concepts – Illustrated Introductory, Seventh Edition
Avoiding Security ThreatsAvoiding Security Threatsand Malwareand Malware
More symptoms of infected computer Prolonged system start-up Slower than usual response to clicking or
typing Browser or application crashes Missing files Disabled security Network activity when not actively browsing or
sending email Frequent rebooting
Computer Concepts – Illustrated Introductory, Seventh Edition
Avoiding Security ThreatsAvoiding Security Threatsand Malwareand Malware
Keeping your computer safe Install and activate security software Keep software patches and operating system
service packs up to date Do not open suspicious email attachments Obtain software only from reliable sources Use security software to scan for malware Do not click pop-up ads Avoid unsavory Web sites Disable option Hide extensions for known file
types in Windows
Computer Concepts – Illustrated Introductory, Seventh Edition
Avoiding Security ThreatsAvoiding Security Threatsand Malwareand Malware
Security suite Integrates several security modules to protect
against the most common types of malware
Computer Concepts – Illustrated Introductory, Seventh Edition
Avoiding Security ThreatsAvoiding Security Threatsand Malwareand Malware
Security suite advantages Costs less than buying stand-alone modules Learning one interface simpler than learning
several
Security suite disadvantages Installation requires uninstalling or disabling all
other antivirus, antispyware, and firewall software on your computer
Suites cannot generally run with other stand-alone security products
Overlapping coverage can cause glitches
Computer Concepts – Illustrated Introductory, Seventh Edition
Avoiding Security ThreatsAvoiding Security Threatsand Malwareand Malware
Antivirus software Utility software that looks for and removes
viruses, Trojan horses, worms, and bots Included in several suites or as stand-alone Available for all types of computer and data
storage Dependable, but not infallible
Antivirus software searches for virus signature Section of program code that can be used to
identify known malicious program
Computer Concepts – Illustrated Introductory, Seventh Edition
Avoiding Security ThreatsAvoiding Security Threatsand Malwareand Malware
Once antivirus software installed: Set it to start when your computer starts Keep running full time in background
List of virus signatures updated frequently Information stored in one or more files called
virus definitions Can be manually or automatically downloaded
Computer Concepts – Illustrated Introductory, Seventh Edition
Avoiding Security ThreatsAvoiding Security Threatsand Malwareand Malware
Configure antivirus software to periodically scan all files on computer
If you suspect that computer has been infected Immediately use security software to scan
computer If scan finds malware, program can
• Try to remove infection• Quarantine file• Delete file
Computer Concepts – Illustrated Introductory, Seventh Edition
Examining Network and InternetExamining Network and InternetAccess SecurityAccess Security
Local area networks (LAN) Susceptible to attacks from within network and
from outside
Threats to wireless networks LANjacking or war driving War chalking
Computer Concepts – Illustrated Introductory, Seventh Edition
Examining Network and InternetExamining Network and InternetAccess SecurityAccess Security
Computer Concepts – Illustrated Introductory, Seventh Edition
Securing wireless network Wireless encryption WEP, WPA, WPA2
Wireless network key (network security key) Basis for scrambling and unscrambling data
transmitted between wireless devices Similar to password, only longer
Examining Network and InternetExamining Network and InternetAccess SecurityAccess Security
Many wireless networks are not encrypted and are open to public
Others are for public use but are encrypted and require network key
Computer Concepts – Illustrated Introductory, Seventh Edition
Examining Network and InternetExamining Network and InternetAccess SecurityAccess Security
Encryption transforms message so contents are hidden from unauthorized readers Prevents intrusions Secures credit card numbers and other personal
information transferred while using e-commerce sites
Secures computer archives
Computer Concepts – Illustrated Introductory, Seventh Edition
Examining Network and InternetExamining Network and InternetAccess SecurityAccess Security
Firewall Software or
hardware designed to filter out suspicious packets attempting to enter or leave a computer
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Web and Email SecurityExploring Web and Email Security
Cookie Message containing information about user
sent from Web server to browser Stored on user’s hard drive Marketers, hackers, and pranksters have found
harmful uses for cookies
Ad-serving cookie Allows third party to track activities at any site
containing their banner ads Privacy issues have developed
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Web and Email SecurityExploring Web and Email Security
Browser may have setting that blocks all third-party cookies to prevent ad-serving cookies
Some companies may allow opting out of allowing cookies to be stored on computer
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Web and Email SecurityExploring Web and Email Security
Flash cookie (local shared object) Flash equivalent of conventional cookie Marketers turning to Flash cookies as alternative
way to track customers
Web bug (clear GIF) Typically 1X1 pixel graphic embedded in Web
page or email Almost invisible Designed to track who’s reading page or
message Can generate third-party ad-serving cookies
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Web and Email SecurityExploring Web and Email Security
Antispyware Security software designed to identify and
neutralize Web bugs, ad-serving cookies, and spyware
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Web and Email SecurityExploring Web and Email Security
Spam Unwanted electronic junk mail that
arrives in online mailbox
Blocking spam Email authentication techniques
• Sender ID, Domain Keys
Spam filter• Utility that captures unsolicited email before
it reaches inbox
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Web and Email SecurityExploring Web and Email Security
Fake Web site Looks legitimate, created by third party to be
clever replication of real site Used to collect credit card numbers from
unwary shoppers Always review URL in Address box to ensure
site is authentic before entering sensitive information
Computer Concepts – Illustrated Introductory, Seventh Edition
Exploring Web and Email SecurityExploring Web and Email Security
Using Internet anonymously Anonymous proxy service
• Uses go-between (proxy) server to relay Web requests after masking originating IP address
• Tend to operate more slowly than regular browser
• Sometimes blocked due to use in spam and flooding sites with traffic
• Can still be compromised by third parties or monitored under court order
Computer Concepts – Illustrated Introductory, Seventh Edition
Examining Backup ProceduresExamining Backup Procedures
Need backup plan that will help recover lost data in event of loss Backup - copy of one or more files in case
original(s) are damaged Full backup (full-system backup)
• Contains copy of every program, data, and system file on computer
Choosing backup device depends on value of data, current equipment, and budget
Computer Concepts – Illustrated Introductory, Seventh Edition
Examining Backup ProceduresExamining Backup Procedures
Most computer owners use backup devices they already have Writable CD, DVD, solid state storage card,
tape, Zip disk, USB flash drive
Some consumers purchaseexternal hard drive Easily connected, disconnected,
and stored
Remote storage options also available
Computer Concepts – Illustrated Introductory, Seventh Edition
Examining Backup ProceduresExamining Backup Procedures
Full backup takes a lot of time Alternative is to back up most important files
• Make sure computer-based documents are protected
• If system fails, have to manually restore all software and data files
Also consider backing up Windows Registry Connection information Email folders and address book Favorite URLs Purchased downloaded files
Computer Concepts – Illustrated Introductory, Seventh Edition
Examining Backup ProceduresExamining Backup Procedures
Restore data from backup to original storage medium or its replacement
Process depends on backup equipment, software, and exactly what is needed to restore
Computer Concepts – Illustrated Introductory, Seventh Edition
Examining Backup ProceduresExamining Backup Procedures
Before backing up to local area network server Check with network administrator to make sure
storing large amounts of data is allowed Make sure LAN server is backed up regularly
Several Web sites offer fee-based backup storage space Don’t relay on this option as only method of
backup
Computer Concepts – Illustrated Introductory, Seventh Edition
Examining Backup ProceduresExamining Backup Procedures
Backup software Utility programs designed to back up and restore
files
Restore point Contains computer settings If problems occur, might be able to roll back to
restore point
Boot disk Removable storage medium containing OS files
needed to boot computer without accessing hard drive
Computer Concepts – Illustrated Introductory, Seventh Edition
Examining Backup ProceduresExamining Backup Procedures
Recovery CD (recovery disk) Bootable CD, DVD, or other media Contains complete copy of computer’s hard
drive as it existed when shipped from manufacturer
Returns computer to default state, does not restore data, software you installed, or configuration settings
Computer Concepts – Illustrated Introductory, Seventh Edition
Examining Backup ProceduresExamining Backup Procedures
Computer Concepts – Illustrated Introductory, Seventh Edition
Steps to Create Backup Plan
Talking Points:Talking Points:Prosecuting Computer CrimeProsecuting Computer Crime
Computer crimes – costly to businesses and individuals – cover wide variety of activities
Computer Concepts – Illustrated Introductory, Seventh Edition
Talking Points:Talking Points:Prosecuting Computer CrimeProsecuting Computer Crime
Traditional laws do not cover range of possibilities for computer crime
Authorities must not only capture computer criminals, but decide how law can be used to prosecute them
Questions concerning harshness of penalties have been raised Some argue against many computer crimes being
considered crimes
Computer Concepts – Illustrated Introductory, Seventh Edition
top related