Transcript Unit F
Computer Concepts - Illustrated Introductory, Seventh Edition UNIT F: Data Security Objectives Know what can go wrong Protect computer systems Understand authentication Explore security threats and malware Avoid security threats and malware Computer Concepts – Illustrated Introductory, Seventh Edition Objectives Examine network and Internet access security Explore Web and email security Examine backup procedures Talking points: Prosecuting computer crime Computer Concepts – Illustrated Introductory, Seventh Edition Knowing What Can Go Wrong Risk management Process of identifying potential threats to computer equipment and data Implementing plans to avoid as many threats as possible Developing steps to recover from unavoidable disasters Risk management objectives Reduce downtime Maintain good quality service Promote business continuity Computer Concepts – Illustrated Introductory, Seventh Edition Knowing What Can Go Wrong What can go wrong? Power outages Hardware failures Software failures Human error Computer viruses Less common threats include natural disasters, acts of war, security breaches, malicious hackers, and theft Computer Concepts – Illustrated Introductory, Seventh Edition Knowing What Can Go Wrong Power failure Complete loss of power to computer system Even brief power interruption can force computer to reboot and lose all data in RAM Power spikes, voltage spikes, and power surges can destroy circuitry or damage a motherboard Computer Concepts – Illustrated Introductory, Seventh Edition Knowing What Can Go Wrong Data center - specialized facility designed to house and protect computer system or its data Includes special features like • • • • • • • Fireproof construction Earthquake-proof foundations Sprinkler systems Power generators Secure doors and windows Antistatic floor coverings Locations safe from floods, earthquakes, and tornadoes Computer Concepts – Illustrated Introductory, Seventh Edition Knowing What Can Go Wrong Effect of hardware failure depends on which component fails Software failure can result in lost or inaccurate data Common human errors include Entering inaccurate data Failing to follow required procedures Computer Concepts – Illustrated Introductory, Seventh Edition Knowing What Can Go Wrong Cyberterrorism Terrorist acts committed via Internet Uses viruses and worms to destroy data and corrupt systems • Power grids and telecommunications Disasters that destroy data can and do occur Despite risk-prevention measures, Floods, earthquakes, fires, etc. Computer Concepts – Illustrated Introductory, Seventh Edition Knowing What Can Go Wrong Disaster recovery plan Step-by-step plan describes methods used to secure data against disaster Explains how to recover lost data if and when disaster occurs Computer Concepts – Illustrated Introductory, Seventh Edition Protecting Computer Systems Value of stolen computer often determined by data contained in system Bank account numbers, credit card numbers, PINs • Can allow thief to wipe out checking or savings accounts or use credit card Thieves can use stolen data to assume identity Computer Concepts – Illustrated Introductory, Seventh Edition Protecting Computer Systems Protecting computer from theft Use common sense Never leave notebook computer unattended or in unsecured room Anchor your computer to your desk with special lock or security plate Motion sensor alarms Computer Concepts – Illustrated Introductory, Seventh Edition Protecting Computer Systems Tracking and recovery software - used to track stolen computer as soon as thief connects to Internet Some tracking software can be configured to delete data if computer is stolen Passwords can make data difficult to access Save and store unique information about your computer Make, model, serial number Computer Concepts – Illustrated Introductory, Seventh Edition Protecting Computer Systems Power protection UPS (uninterruptible power supply) Computer Concepts – Illustrated Introductory, Seventh Edition Protecting Computer Systems Surge strip (surge protector, surge suppressor) Low-cost alternative to UPS Designed to protect electrical devices from power surges and voltage spikes Computer Concepts – Illustrated Introductory, Seventh Edition Protecting Computer Systems Fans help keep computers vented Be aware of ventilation around computer Should draw air from room and blow it across inside components Do not put papers, books, or other items on top of monitor • Can heat up quickly Computer Concepts – Illustrated Introductory, Seventh Edition Understanding Authentication Authentication protocol Any method that confirms person’s identity when using computer system Something person carries Something person knows Some unique physical characteristics • Biometrics Computer Concepts – Illustrated Introductory, Seventh Edition Understanding Authentication Two-factor authentication Verifies identity using two independent elements of confirmation More secure than single-factor authentication User ID Also known as username, login, screen name, online nickname, handle Typically public and do not offer any level of security Computer Concepts – Illustrated Introductory, Seventh Edition Understanding Authentication Password Verifies user ID and guarantees that you are the person you claim to be Computer Concepts – Illustrated Introductory, Seventh Edition Understanding Authentication PIN Like passwords, PINs are something user knows PIN - short sequence of numbers, can be entered using numeric keypad Password tends to be longer sequence letters, numbers, and special characters If password(s) stolen, could become victim of identity theft Computer Concepts – Illustrated Introductory, Seventh Edition Understanding Authentication Brute force attack Method for stealing user IDs and passwords Uses password-cracking software to steal information Password manager Utility software that generates secure passwords and stores them along with user IDs Allows for use of unique and secure passwords for every one of your online accounts Computer Concepts – Illustrated Introductory, Seventh Edition Understanding Authentication Restricting access to computer Keep it in locked room when not in use Password protection and authentication User rights Rules that limit directories and files each user can access Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Security Threats and Malware Malware Malicious code - one of biggest threats to your computer security Computer virus Set of program instructions • Attaches itself to file, reproduces itself, and spreads to other files on same computer Does NOT spread by itself from one computer to another • Spreads when infected files are distributed Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Security Threats and Malware Hackers, crackers, black hats, and cybercriminals create and unleash malware Some malware intended to be prank or mildly annoying vandalism Some created to distribute political messages or disrupt operations at specific companies In many cases motivation is money Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Security Threats and Malware Viruses can Corrupt files Destroy data Display irritating message Disrupt operations Deliver payload or trigger event • Time bombs, logic bombs Boot sector virus Infects system files computer uses every time it turns on Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Security Threats and Malware Computer worm Self-copying program designed to carry out unauthorized activity on victim’s computer Able to spread themselves from one computer to another Enter through security holes in browsers and OSs Usually sent via emails or by victims clicking infected pop-up ads or links contained in emails Can even infect mobile phones Mass-mailing worm spreads by sending itself to every address on infected computer Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Security Threats and Malware Simulated Worm Attack Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Security Threats and Malware Trojan horse Computer program seems to perform one function while actually doing something else Not designed to spread to other computers Notorious for stealing passwords using keylogger Remote Access Trojan (RAT) Backdoor capabilities that allow remote hackers to • • • • Transmit files to victim’s computer Search for data Run programs Use victim’s computer as relay station for breaking into other computers Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Security Threats and Malware Bot Software that can automate task or autonomously execute task when commanded to do so • Called intelligent agent Because intelligent agent behaves like robot, often called bot Zombie Computer under control of bot Botmaster Person who controls many bot-infested computers and can link them together into network called botnet Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Security Threats and Malware Spyware Program that secretly gathers personal information without victim’s knowledge Usually for advertising and commercial purposes Can piggyback on seemingly legitimate freeware or shareware downloads Can also allow spyware into computer by: • Clicking infected pop-up ads • Surfing through seemingly valid and secure but compromised Web sites Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Security Threats and Malware Blended threat Malware that combines more than one type of malicious program What does malware do? Network traffic jam Denial-of-service attacks Browser reconfiguration Delete and modify files Access confidential information Disable antivirus and firewall software Control your computer Performance degradation Computer Concepts – Illustrated Introductory, Seventh Edition Avoiding Security Threats and Malware May not even be aware that computer is infected Symptoms of infected computer include Irritating messages or sounds Frequent pop-up ads (often pornographic in nature) Sudden appearance of new Internet toolbar Addition to favorites list Computer Concepts – Illustrated Introductory, Seventh Edition Avoiding Security Threats and Malware More symptoms of infected computer Prolonged system start-up Slower than usual response to clicking or typing Browser or application crashes Missing files Disabled security Network activity when not actively browsing or sending email Frequent rebooting Computer Concepts – Illustrated Introductory, Seventh Edition Avoiding Security Threats and Malware Keeping your computer safe Install and activate security software Keep software patches and operating system service packs up to date Do not open suspicious email attachments Obtain software only from reliable sources Use security software to scan for malware Do not click pop-up ads Avoid unsavory Web sites Disable option Hide extensions for known file types in Windows Computer Concepts – Illustrated Introductory, Seventh Edition Avoiding Security Threats and Malware Security suite Integrates several security modules to protect against the most common types of malware Computer Concepts – Illustrated Introductory, Seventh Edition Avoiding Security Threats and Malware Security suite advantages Costs less than buying stand-alone modules Learning one interface simpler than learning several Security suite disadvantages Installation requires uninstalling or disabling all other antivirus, antispyware, and firewall software on your computer Suites cannot generally run with other standalone security products Overlapping coverage can cause glitches Computer Concepts – Illustrated Introductory, Seventh Edition Avoiding Security Threats and Malware Antivirus software Utility software that looks for and removes viruses, Trojan horses, worms, and bots Included in several suites or as stand-alone Available for all types of computer and data storage Dependable, but not infallible Antivirus software searches for virus signature Section of program code that can be used to identify known malicious program Computer Concepts – Illustrated Introductory, Seventh Edition Avoiding Security Threats and Malware Once antivirus software installed: Set it to start when your computer starts Keep running full time in background List of virus signatures updated frequently Information stored in one or more files called virus definitions Can be manually or automatically downloaded Computer Concepts – Illustrated Introductory, Seventh Edition Avoiding Security Threats and Malware Configure antivirus software to periodically scan all files on computer If you suspect that computer has been infected Immediately use security software to scan computer If scan finds malware, program can • Try to remove infection • Quarantine file • Delete file Computer Concepts – Illustrated Introductory, Seventh Edition Examining Network and Internet Access Security Local area networks (LAN) Susceptible to attacks from within network and from outside Threats to wireless networks LANjacking or war driving War chalking Computer Concepts – Illustrated Introductory, Seventh Edition Examining Network and Internet Access Security Securing wireless network Wireless encryption WEP, WPA, WPA2 Wireless network key (network security key) Basis for scrambling and unscrambling data transmitted between wireless devices Similar to password, only longer Computer Concepts – Illustrated Introductory, Seventh Edition Examining Network and Internet Access Security Many wireless networks are not encrypted and are open to public Others are for public use but are encrypted and require network key Computer Concepts – Illustrated Introductory, Seventh Edition Examining Network and Internet Access Security Encryption transforms message so contents are hidden from unauthorized readers Prevents intrusions Secures credit card numbers and other personal information transferred while using e-commerce sites Secures computer archives Computer Concepts – Illustrated Introductory, Seventh Edition Examining Network and Internet Access Security Firewall Software or hardware designed to filter out suspicious packets attempting to enter or leave a computer Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Web and Email Security Cookie Message containing information about user sent from Web server to browser Stored on user’s hard drive Marketers, hackers, and pranksters have found harmful uses for cookies Ad-serving cookie Allows third party to track activities at any site containing their banner ads Privacy issues have developed Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Web and Email Security Browser may have setting that blocks all thirdparty cookies to prevent ad-serving cookies Some companies may allow opting out of allowing cookies to be stored on computer Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Web and Email Security Flash cookie (local shared object) Flash equivalent of conventional cookie Marketers turning to Flash cookies as alternative way to track customers Web bug (clear GIF) Typically 1X1 pixel graphic embedded in Web page or email Almost invisible Designed to track who’s reading page or message Can generate third-party ad-serving cookies Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Web and Email Security Antispyware Security software designed to identify and neutralize Web bugs, ad-serving cookies, and spyware Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Web and Email Security Spam Unwanted electronic junk mail that arrives in online mailbox Blocking spam Email authentication techniques • Sender ID, Domain Keys Spam filter • Utility that captures unsolicited email before it reaches inbox Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Web and Email Security Fake Web site Looks legitimate, created by third party to be clever replication of real site Used to collect credit card numbers from unwary shoppers Always review URL in Address box to ensure site is authentic before entering sensitive information Computer Concepts – Illustrated Introductory, Seventh Edition Exploring Web and Email Security Using Internet anonymously Anonymous proxy service • Uses go-between (proxy) server to relay Web requests after masking originating IP address • Tend to operate more slowly than regular browser • Sometimes blocked due to use in spam and flooding sites with traffic • Can still be compromised by third parties or monitored under court order Computer Concepts – Illustrated Introductory, Seventh Edition Examining Backup Procedures Need backup plan that will help recover lost data in event of loss Backup - copy of one or more files in case original(s) are damaged Full backup (full-system backup) • Contains copy of every program, data, and system file on computer Choosing backup device depends on value of data, current equipment, and budget Computer Concepts – Illustrated Introductory, Seventh Edition Examining Backup Procedures Most computer owners use backup devices they already have Writable CD, DVD, solid state storage card, tape, Zip disk, USB flash drive Some consumers purchase external hard drive Easily connected, disconnected, and stored Remote storage options also available Computer Concepts – Illustrated Introductory, Seventh Edition Examining Backup Procedures Full backup takes a lot of time Alternative is to back up most important files • Make sure computer-based documents are protected • If system fails, have to manually restore all software and data files Also consider backing up Windows Registry Connection information Email folders and address book Favorite URLs Purchased downloaded files Computer Concepts – Illustrated Introductory, Seventh Edition Examining Backup Procedures Restore data from backup to original storage medium or its replacement Process depends on backup equipment, software, and exactly what is needed to restore Computer Concepts – Illustrated Introductory, Seventh Edition Examining Backup Procedures Before backing up to local area network server Check with network administrator to make sure storing large amounts of data is allowed Make sure LAN server is backed up regularly Several Web sites offer fee-based backup storage space Don’t relay on this option as only method of backup Computer Concepts – Illustrated Introductory, Seventh Edition Examining Backup Procedures Backup software Utility programs designed to back up and restore files Restore point Contains computer settings If problems occur, might be able to roll back to restore point Boot disk Removable storage medium containing OS files needed to boot computer without accessing hard drive Computer Concepts – Illustrated Introductory, Seventh Edition Examining Backup Procedures Recovery CD (recovery disk) Bootable CD, DVD, or other media Contains complete copy of computer’s hard drive as it existed when shipped from manufacturer Returns computer to default state, does not restore data, software you installed, or configuration settings Computer Concepts – Illustrated Introductory, Seventh Edition Examining Backup Procedures Steps to Create Backup Plan Computer Concepts – Illustrated Introductory, Seventh Edition Talking Points: Prosecuting Computer Crime Computer crimes – costly to businesses and individuals – cover wide variety of activities Computer Concepts – Illustrated Introductory, Seventh Edition Talking Points: Prosecuting Computer Crime Traditional laws do not cover range of possibilities for computer crime Authorities must not only capture computer criminals, but decide how law can be used to prosecute them Questions concerning harshness of penalties have been raised Some argue against many computer crimes being considered crimes Computer Concepts – Illustrated Introductory, Seventh Edition