Computer Concepts - Illustrated Introductory, Seventh Edition, Enhanced

Computer Concepts - Illustrated
Introductory, Seventh Edition, Enhanced
UNIT F:
Data Security
Objectives
Know what can go wrong

Protect computer systems
Understand authentication
Explore security threats and malware
Avoid security threats and malware
Computer Concepts Illustrated Introductory, Seventh Edition,

Enhanced
Objectives
Examine network and Internet access

security
Explore Web and email security
Examine backup procedures
Talking points: Prosecuting computer
crime

Enhanced
Knowing What Can Go Wrong
Risk management
Process of identifying potential threats to
computer equipment and data
Implementing plans to avoid as many threats as
possible
Developing steps to recover from unavoidable
disasters
Risk management objectives

Reduce downtime
Maintain good quality service
Promote business continuity
Enhanced
What can go wrong?

Power outages
Hardware failures
Software failures
Human error
Computer viruses
Less common threats include natural disasters,
acts of war, security breaches, malicious
hackers, and theft

Enhanced
Power failure
Complete loss of power to computer system
Even brief power interruption can force computer to
reboot and lose all data in RAM
Power spikes, voltage spikes, and power surges can
destroy circuitry or damage a motherboard

Enhanced
Data center - specialized facility

designed to house and protect
computer system or its data
Includes special features like
Fireproof construction
Earthquake-proof foundations
Sprinkler systems
Power generators
Secure doors and windows
Antistatic floor coverings
Locations safe from floods, earthquakes, and
tornadoes
Enhanced
Effect of hardware failure depends on

which component fails
Software failure can result in lost or
inaccurate data
Common human errors include
Entering inaccurate data
Failing to follow required procedures

Enhanced
Cyberterrorism
Terrorist acts committed via Internet
Uses viruses and worms to destroy data and
corrupt systems
Power grids and telecommunications
Disasters that destroy data can and

do occur
Despite risk-prevention measures,
Floods, earthquakes, fires, etc.

Enhanced
Disaster recovery plan

Step-by-step plan
describes methods used
to secure data against
disaster
Explains how to recover
lost data if and when
disaster occurs

Enhanced
Protecting Computer Systems
Value of stolen computer often

determined by data contained in
system
Bank account numbers, credit card numbers,
PINs
Can allow thief to wipe out checking or savings
accounts or use credit card
Thieves can use stolen data to assume identity

Enhanced
Protecting computer from theft

Use common sense
Never leave notebook computer unattended or in
unsecured room
Anchor your computer to your desk with special lock or
security plate
Motion sensor alarms

Enhanced
Tracking and recovery software - used to

track stolen computer as soon as thief
connects to Internet
Some tracking software can be configured to
delete data if computer is stolen
Passwords can make data difficult to
access
Save and store unique information about
your computer
Make, model, serial number

Enhanced
Power protection
UPS (uninterruptible power supply)

Enhanced
Surge strip (surge protector, surge

suppressor)
Low-cost alternative to UPS
Designed to protect electrical devices from
power surges and voltage spikes

Enhanced
Fans help keep computers vented

Be aware of ventilation around computer
Should draw air from room and blow it across
inside components
Do not put papers, books, or other items on top
of monitor
Can heat up quickly

Enhanced
Understanding Authentication
Authentication protocol
Any method that confirms persons identity
when using computer system
Something person carries
Something person knows
Some unique physical characteristics
Biometrics

Enhanced
Two-factor authentication
Verifies identity using two independent
elements of confirmation
More secure than single-factor authentication
User ID
Also known as username, login, screen name,
online nickname, handle
Typically public and do not offer any level of
security

Enhanced
Password
Verifies user ID and guarantees that you are
the person you claim to be

Enhanced
PIN
Like passwords, PINs are something user
knows
PIN - short sequence of numbers, can be
entered using numeric keypad
Password tends to be longer sequence letters,
numbers, and special characters
If password(s) stolen, could become

victim of identity theft

Enhanced
Brute force attack

Method for stealing user IDs and passwords
Uses password-cracking software to steal
information
Password manager
Utility software that generates secure
passwords and stores them along with user
IDs
Allows for use of unique and secure passwords
for every one of your online accounts

Enhanced
Restricting access to computer

Keep it in locked room when not in use
Password protection and authentication
User rights
Rules that limit directories and files each user
can access

Enhanced
Exploring Security Threats
and Malware
Malware
Malicious code - one of biggest threats to your
computer security
Computer virus
Set of program instructions
Attaches itself to file, reproduces itself, and spreads
to other files on same computer
Does NOT spread by itself from one computer
to another
Spreads when infected files are distributed

Enhanced
and Malware
Hackers, crackers, black hats, and
cybercriminals create and unleash
malware
Some malware intended to be prank or mildly
annoying vandalism
Some created to distribute political messages
or disrupt operations at specific companies
In many cases motivation is money

Enhanced
and Malware
Viruses can
Corrupt files
Destroy data
Display irritating message
Disrupt operations
Deliver payload or trigger event
Time bombs, logic bombs
Boot sector virus

Infects system files computer uses every time
it turns on

Enhanced
and Malware
Computer worm
Self-copying program designed to carry out
unauthorized activity on victims computer
Able to spread themselves from one computer to
another
Enter through security holes in browsers and OSs
Usually sent via emails or by victims clicking
infected pop-up ads or links contained in emails
Can even infect mobile phones
Mass-mailing worm spreads by sending itself to
every address on infected computer

Enhanced
and Malware
Simulated Worm Attack

Enhanced
and Malware
Trojan horse
Computer program seems to perform one function
while actually doing something else
Not designed to spread to other computers
Notorious for stealing passwords using keylogger
Remote Access Trojan (RAT)

Backdoor capabilities that allow remote hackers to
Transmit files to victims computer
Search for data
Run programs
Use victims computer as relay station for breaking into
other computers

Enhanced
and Malware
Bot
Software that can automate task or autonomously
execute task when commanded to do so
Called intelligent agent
Because intelligent agent behaves like robot, often
called bot
Zombie
Computer under control of bot
Botmaster
Person who controls many bot-infested computers
and can link them together into network called
botnet
Enhanced
and Malware
Spyware
Program that secretly gathers personal
information without victims knowledge
Usually for advertising and commercial
purposes
Can piggyback on seemingly legitimate
freeware or shareware downloads
Can also allow spyware into computer by:
Clicking infected pop-up ads
Surfing through seemingly valid and secure but
compromised Web sites

Enhanced
and Malware
Blended threat
Malware that combines more than one type of malicious
program
What does malware do?

Network traffic jam
Denial-of-service attacks
Browser reconfiguration
Delete and modify files
Access confidential information
Disable antivirus and firewall software
Control your computer
Performance degradation

Enhanced
Avoiding Security Threats
and Malware
May not even be aware that computer is
infected
Symptoms of infected computer include
Irritating messages or sounds
Frequent pop-up ads (often pornographic in
nature)
Sudden appearance of new Internet toolbar
Addition to favorites list

Enhanced
and Malware
More symptoms of infected computer
Prolonged system start-up
Slower than usual response to clicking or
typing
Browser or application crashes
Missing files
Disabled security
Network activity when not actively browsing or
sending email
Frequent rebooting

Enhanced
and Malware
Keeping your computer safe
Install and activate security software
Keep software patches and operating system
service packs up to date
Do not open suspicious email attachments
Obtain software only from reliable sources
Use security software to scan for malware
Do not click pop-up ads
Avoid unsavory Web sites
Disable option Hide extensions for known file
types in Windows
Enhanced
and Malware
Security suite
Integrates several security modules to protect
against the most common types of malware

Enhanced
and Malware
Security suite advantages
Costs less than buying stand-alone modules
Learning one interface simpler than learning
several
Security suite disadvantages
Installation requires uninstalling or disabling all
other antivirus, antispyware, and firewall
software on your computer
Suites cannot generally run with other stand-
alone security products
Overlapping coverage can cause glitches
Enhanced
and Malware
Antivirus software
Utility software that looks for and removes
viruses, Trojan horses, worms, and bots
Included in several suites or as stand-alone
Available for all types of computer and data
storage
Dependable, but not infallible
Antivirus software searches for virus
signature
Section of program code that can be used to
identify known malicious program
Enhanced
and Malware
Once antivirus software installed:
Set it to start when your computer starts
Keep running full time in background
List of virus signatures updated

frequently
Information stored in one or more files called
virus definitions
Can be manually or automatically downloaded

Enhanced
and Malware
Configure antivirus software to periodically
scan all files on computer
If you suspect that computer has been
infected
Immediately use security software to scan
computer
If scan finds malware, program can
Try to remove infection
Quarantine file
Delete file

Enhanced
Examining Network and Internet
Access Security
Local area networks (LAN)
Susceptible to attacks from within network and
from outside
Threats to wireless networks

LANjacking or war driving
War chalking

Enhanced
Access Security
Securing wireless network
Wireless encryption
WEP, WPA, WPA2
Wireless network key (network

security key)
Basis for scrambling and unscrambling data
transmitted between wireless devices
Similar to password, only longer

Enhanced
Access Security
Many wireless networks are not
encrypted and are open to public
Others are for public use but are
encrypted and require network key

Enhanced
Access Security
Encryption transforms message so
contents are hidden from unauthorized
readers
Prevents intrusions
Secures credit card numbers and other personal
information transferred while using e-commerce
sites
Secures computer archives

Enhanced
Access Security
Firewall
Software or
hardware designed
to filter out
suspicious packets
attempting to enter
or leave a computer

Enhanced
Exploring Web and Email Security
Cookie
Message containing information about user
sent from Web server to browser
Stored on users hard drive
Marketers, hackers, and pranksters have found
harmful uses for cookies
Ad-serving cookie
Allows third party to track activities at any site
containing their banner ads
Privacy issues have developed

Enhanced
Browser may have setting that blocks all third-

party cookies to prevent ad-serving cookies
Some companies may allow opting out of allowing
cookies to be stored on computer

Enhanced
Flash cookie (local shared object)

Flash equivalent of conventional cookie
Marketers turning to Flash cookies as alternative
way to track customers
Web bug (clear GIF)
Typically 1X1 pixel graphic embedded in Web
page or email
Almost invisible
Designed to track whos reading page or
message
Can generate third-party ad-serving cookies
Enhanced
Antispyware
Security software designed to identify and
neutralize Web bugs, ad-serving cookies, and
spyware

Enhanced
Spam
Unwanted electronic junk mail that
arrives in online mailbox
Blocking spam
Email authentication techniques
Sender ID, Domain Keys
Spam filter
Utility that captures unsolicited email before
it reaches inbox

Enhanced
Fake Web site

Looks legitimate, created by third party to be
clever replication of real site
Used to collect credit card numbers from
unwary shoppers
Always review URL in Address box to ensure
site is authentic before entering sensitive
information

Enhanced
Using Internet anonymously

Anonymous proxy service
Uses go-between (proxy) server to relay
Web requests after masking originating IP
address
Tend to operate more slowly than regular
browser
Sometimes blocked due to use in spam and
flooding sites with traffic
Can still be compromised by third parties or
monitored under court order

Enhanced
Examining Backup Procedures
Need backup plan that will help recover

lost data in event of loss
Backup - copy of one or more files in case
original(s) are damaged
Full backup (full-system backup)
Contains copy of every program, data, and system file
on computer
Choosing backup device depends on value

of data, current equipment, and budget

Enhanced
Most computer owners use backup devices

they already have
Writable CD, DVD, solid state storage card,
tape, Zip disk, USB flash drive
Some consumers purchase
external hard drive
Easily connected, disconnected,
and stored
Remote storage options also available

Enhanced
Full backup takes a lot of time

Alternative is to back up most important files
Make sure computer-based documents are protected
If system fails, have to manually restore all software
and data files
Also consider backing up

Windows Registry
Connection information
Email folders and address book
Favorite URLs
Purchased downloaded files

Enhanced
Restore data from backup to original

storage medium or its replacement
Process depends on backup
equipment, software, and exactly
what is needed to restore

Enhanced
Before backing up to local area network

server
Check with network administrator to make sure
storing large amounts of data is allowed
Make sure LAN server is backed up regularly
Several Web sites offer fee-based backup
storage space
Dont relay on this option as only method of
backup

Enhanced
Backup software
Utility programs designed to back up and restore
files
Restore point
Contains computer settings
If problems occur, might be able to roll back to
restore point
Boot disk
Removable storage medium containing OS files
needed to boot computer without accessing hard
drive

Enhanced
Recovery CD (recovery disk)

Bootable CD, DVD, or other media
Contains complete copy of computers hard
drive as it existed when shipped from
manufacturer
Returns computer to default state, does not
restore data, software you installed, or
configuration settings

Enhanced
Steps to Create Backup Plan

Enhanced
Talking Points:
Prosecuting Computer Crime
Computer crimes costly to businesses and
individuals cover wide variety of activities

Enhanced
Talking Points:
Prosecuting Computer Crime
Traditional laws do not cover range of
possibilities for computer crime
Authorities must not only capture computer
criminals, but decide how law can be used
to prosecute them
Questions concerning harshness of
penalties have been raised
Some argue against many computer crimes being
considered crimes

Enhanced

Computer Concepts - Illustrated Introductory, Seventh Edition, Enhanced

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Computer Concepts - Illustrated Introductory, Seventh Edition, Enhanced

Uploaded by

Copyright:

Available Formats

Computer Concepts - Illustrated

Introductory, Seventh Edition, Enhanced

Know what can go wrong

Computer Concepts Illustrated Introductory, Seventh Edition,

Examine network and Internet access

Computer Concepts Illustrated Introductory, Seventh Edition,

Risk management objectives

What can go wrong?

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Data center - specialized facility

Effect of hardware failure depends on

Computer Concepts Illustrated Introductory, Seventh Edition,

Disasters that destroy data can and

Computer Concepts Illustrated Introductory, Seventh Edition,

Disaster recovery plan

Computer Concepts Illustrated Introductory, Seventh Edition,

Value of stolen computer often

Computer Concepts Illustrated Introductory, Seventh Edition,

Protecting computer from theft

Computer Concepts Illustrated Introductory, Seventh Edition,

Tracking and recovery software - used to

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Surge strip (surge protector, surge

Computer Concepts Illustrated Introductory, Seventh Edition,

Fans help keep computers vented

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

If password(s) stolen, could become

Computer Concepts Illustrated Introductory, Seventh Edition,

Brute force attack

Computer Concepts Illustrated Introductory, Seventh Edition,

Restricting access to computer

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Boot sector virus

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Remote Access Trojan (RAT)

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

What does malware do?

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

List of virus signatures updated

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Threats to wireless networks

Computer Concepts Illustrated Introductory, Seventh Edition,

Wireless network key (network

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Computer Concepts Illustrated Introductory, Seventh Edition,

Browser may have setting that blocks all third-