Transcript Computer Concepts – Illustrated 8th edition

Computer Concepts – Illustrated
8th edition
Unit F: Data Security
Objectives
Know what can go wrong
Protect computer systems
Understand authentication
Explore security threats and malware
Avoid security threats and malware
Computer Concepts – Illustrated 8th Edition
2
Objectives (continued)
Examine network and Internet access
security
Explore Web and email security
Understand backups
Computer Concepts – Illustrated 8th Edition
3
Knowing What Can Go Wrong
Risk management in computer systems
 Identify potential threats to equipment and
data
 Implement plans to avoid threats
 Develop steps to recover from unavoidable
disasters
Possible problems with electricity
 Power failure
 Power spikes (or voltage spikes)
 Power surges
Computer Concepts – Illustrated 8th Edition
4
Knowing What Can Go Wrong
(continued)
Hardware failures
Software failures
Human error
Computer viruses
Safe Mode: a limited version of Windows
that is used to troubleshoot some problems
Cyberterrorism: terrorist acts committed
via the Internet
Computer Concepts – Illustrated 8th Edition
5
Figure F-3: Troubleshooting guidelines
Computer Concepts – Illustrated 8th Edition
6
Protecting Computer Systems
To reduce likelihood of computer theft:
 Use common sense
 Use locking devices
 Use security plates
Tracking and recovery software
 Used to track a computer if stolen
Ways to protect data if computer is stolen
 Software that deletes data if computer is
stolen
 Use of a password to access computer
Computer Concepts – Illustrated 8th Edition
7
Figure F-4: A locking device
Computer Concepts – Illustrated 8th Edition
Figure F-5: A security plate
8
Protecting Computer Systems
(continued)
Protection from power problems
 UPS (uninterruptible power supply)
• Offers the best protection against power
problems
• Provides a continuous supply of power
 Surge strip
• Protects against power surges and voltage
spikes
Most computers have a fan
 Allow for ventilation around the computer
Computer Concepts – Illustrated 8th Edition
9
Understanding Authentication
Authentication protocols
 Used to confirm a person’s identity when he
or she tries to use a computer system
Three common ways to authenticate a user:
 Using something a person carries
 Using something a person knows
 Using a unique physical characteristic
Biometrics: identification on some physical
trait, such as a fingerprint, handprint, etc.
Computer Concepts – Illustrated 8th Edition
10
Figure F-9: Retinal scans are a form of biometric authentication
Computer Concepts – Illustrated 8th Edition
11
Understanding Authentication
(continued)
Two-factor authentication: verifies identity
using two independent elements of
confirmation
User ID: a user’s unique identifier on a
computer or Web page; typically public
Password: verifies a user ID and
guarantees that the user is the person he or
she claims to be
User rights: rules that limit the directories
and files that each user can access
Computer Concepts – Illustrated 8th Edition
12
Exploring Security Threats and
Malware
Malicious code or malware
 Created by hackers, crackers, black hats,
or cybercriminals
Computer virus (or virus)
 Set of program instructions that attaches
itself to a file, reproduces itself, and spreads
to other files on the same computer
Computer worm (or worm)
 Self-copying program that carries out some
unauthorized activity on a victim’s computer
Computer Concepts – Illustrated 8th Edition
13
Figure F-13: A simulated worm attack
Computer Concepts – Illustrated 8th Edition
14
Exploring Security Threats and
Malware (continued)
Trojan horse (or Trojan)
 A program that seems to perform one
function while actually doing something else
Intelligent agent (or bot)
 Software that can automate a task or
autonomously execute a task
 Bad bots are used by hackers for
unauthorized or destructive tasks
Spyware
 A program that secretly gathers personal
information, usually for commercial purposes
Computer Concepts – Illustrated 8th Edition
15
Exploring Security Threats and
Malware (continued)
Malware can:
 Create network traffic jam
 Initiate a denial-of-Service (DoS) attack
 Reconfigure a browser
 Delete and modify files
 Access confidential information
 Disable antivirus and firewall software
 Control your computer
 Degrade performance
Computer Concepts – Illustrated 8th Edition
16
Avoiding Security Threats and
Malware
Some guidelines to avoid threats:
 Install and activate security software
 Keep software and operating system
updated
 Do not open suspicious email attachments
 Obtain software only from reliable sources
 Use security software to scan for malware
 Do not click pop-up ads
 Avoid unsavory Web sites
 Disable the option Hide extensions for
known file types in Windows
Computer Concepts – Illustrated 8th Edition
17
Avoiding Security Threats and
Malware (continued)
Security suite
 Typically includes antivirus, firewall, and
anti-spyware modules
Antivirus software
 Utility software that looks for and removes
viruses, Trojan horses, worms, and bots
 Virus signature
• A section of code that can be used to identify
a known malicious program
Computer Concepts – Illustrated 8th Edition
18
Avoiding Security Threats and
Malware (continued)
Virus definitions
 Contains information that antivirus software
uses to identify and remove malware
 Needs to be updated regularly
Make regular backups of your data
Computer Concepts – Illustrated 8th Edition
19
Examining Network and Internet
Access Security
Wireless networks
 Susceptible to unauthorized access and
use, especially if unsecured
LANjacking or war driving
 Hackers can intercept signals with a Wi-Fi
enabled notebook computer
Wireless encryption
 WEP (Wired Equivalent Privacy)
 WPA (Wi-Fi Protected Access)
 WPA2
Computer Concepts – Illustrated 8th Edition
20
Examining Network and Internet
Access Security (continued)
Wireless network key
 The basis for scrambling and unscrambling
data transmitted between wireless devices
Encryption
 Transforms a message so that its contents
are hidden from unauthorized readers
Firewall
 Software or hardware that filters out
suspicious packets attempting to enter or
leave a computer
Computer Concepts – Illustrated 8th Edition
21
Figure F-20: Windows Firewall settings
Computer Concepts – Illustrated 8th Edition
22
Exploring Web and Email Security
Cookie
 Contains information about the user
 Stored on the user’s hard drive
 Ad-serving cookie
InPrivate feature of Internet Explorer
 No user data is stored after a browsing
session
Antispyware
 Security software designed to identify and
neutralize spyware
Computer Concepts – Illustrated 8th Edition
23
Figure F-23: Anti-Spyware software
Computer Concepts – Illustrated 8th Edition
24
Exploring Web and Email Security
(continued)
Phishing
 Email-based or IM scam that persuades
users to reveal confidential information
Pharming
 Redirects users to fake sites by poisoning a
domain name server with a false IP address
Spam
 Unwanted electronic junk mail
 Techniques to combat spam:
• Email authentication techniques
• Spam filter
Computer Concepts – Illustrated 8th Edition
25
Understanding Backups
Backup: a copy made in case the original
files become damaged
 Full backup (or full-system backup)
 Differential backup
 Incremental backup
Backup storage media include:
 Writable CDs, DVDs, BDs, solid-state
storage cards, tapes, and USB flash drives
Can back up data to a network server
Some Web sites offer Web-based storage
Computer Concepts – Illustrated 8th Edition
26
Understanding Backups (continued)
Backup software is designed to back up
and restore files
Boot disk
 A removable storage medium containing the
operating system files needed to boot a
computer
Recovery CD (or recovery disk)
 A bootable CD, DVD, or other media that
contains a complete copy of a computer’s
hard drive, as it existed when shipped from
the manufacturer
Computer Concepts – Illustrated 8th Edition
27
Talking Points: Prosecuting
Computer Crime
Traditional laws do not cover the range of
possibilities for computer crimes
Computer crime laws
 Many countries have laws that specifically
define computer data and software as
personal property
Computer Concepts – Illustrated 8th Edition
28
Talking Points: Prosecuting
Computer Crime (continued)
Computer crimes include:
 Data diddling
 Identity theft
 Salami shaving
 Denial of service
 Information theft
 Virus distribution
 Vandalism
Are hackers dangerous cyberterrorists or
harmless pranksters?
Computer Concepts – Illustrated 8th Edition
29
Summary
This chapter introduced:
 Potential threats to computer equipment and
data
 Ways to protect computer system hardware
 Authentication
 How to use software to protect or recover
computer data
 How to back up data
 Network and Internet access security
 Different positions on prosecuting computer
crime
Computer Concepts – Illustrated 8th Edition
30