Security Risks

Download Report

Transcript Security Risks

Security Risks
Malware (Malicious software)
- Software which is malicious or damaging to a computer.
Viruses, Worms and Trojan horses are examples of malware.
10 Cyber Security Facts
Security v3
1
Security Risks : Viruses
•
A virus is a malicious piece of code
which can cause damage to a
computer system.
•
It is a computer program that attaches
itself to programs and files on your
computer.
For a piece of computer code to be a virus it is has
to do two things:
1. Create copies of itself to create a new file.
2. Attach itself to a file.
Security v3
2
Security Risks : Viruses
Effects
You can tell when your computer has a virus if it starts to do unusual
things.
1.
2.
3.
4.
You may lose data.
Space can be used up on your hard disk.
Your computer runs slowly.
The computer can break down because voltage settings have
been changed.
5. Unwanted messages displayed.
6. Strange sounds or visual effects.
7. Computer keeps rebooting unexpectedly.
If the computer is on a network then it can easily spread to the
other computers.
Security Risks : Worms
•
•
•
A worm self replicates (copies itself) like a virus
but it cannot attach itself to a file.
They can quickly spread by ‘crawling’ through networks.
The most harmful worms reside only in the computer’s
memory.
• They don’t save any code to hard disks or any other
type of backing storage.
• This means that when you switch your computer off
the worm is lost.
Effects
1. By replication a worm can clog up the memory of a computer
and cause the response of a computer to slow down or stop.
Security v3
4
Security Risks : Trojans
• A Trojan is a program which can attach itself to a file but
cannot self-replicate.
• Program looks harmless and tricks you into running it on your
computer.
Effects
1. Displaying adverts on the desktop or installing unwanted
toolbars.
2. The most common thing they do is open a ‘back door’ to give
remote access to the computer. This gives the intruder
administrative control, allowing them to do just about
anything on the targeted computer
5
Now do
Task 4 on page 17
Security v3
6
Security Risks : Spyware
• Spyware secretly monitors the user’s computer.
• These programs gather information about you from your
computer.
• This can be personal information or information about the
websites you have visited.
• A keylogger is an example of spyware.
• The program detects the keys a user presses on a keyboard,
save it in a file which can be analysed.
• Most commonly used by hackers to detect usernames,
passwords and credit card numbers.
• Online games are especially targeted by hackers using
keylogger technology to detect usernames and passwords.
Security v3
7
Security Risks : Phishing
• Phishing attempts to get your personal information, e.g.
your login or bank details by pretending to be, for example, a
charity or claiming that you have won a prize.
• Phishing can use key loggers, trojans, spyware and even ordinary
e-mail to steal your personal information.
•
If you are a victim of phishing you may receive an email asking
you to confirm your bank account details or a password.
• The authors of Phishing e-mails spend a lot time
ensuring that the e-mails look as legitimate as possible.
• Most companies would never ask for this information in
Link
an email so you should not reply to it.
8
Security Risks : Online Fraud
Online fraud is the use of the Internet to
commit crime for financial gain.
There are many types of online fraud:
•Bank and cheque fraud
•Charity donation fraud
•Government agency scams
•Holiday fraud
•Identity theft (see later)
•Loan scams
•Online shopping fraud
Security v3
9
Security Risks : Identity Theft
People stealing your personal information such as bank account
details. The information could then be used to:
•
•
•
•
•
shop online
apply for a loan
withdraw money from your account
get a work permit to stay in a country
pretend to be another person to rent a property
and many more…
Keyloggers, trojans, spyware and ordinary email
can be used to steal your identity.
Security v3
10
Security Risks : Denial of Service (DOS)
Denial of Service (DOS) Attacks
• Targeted mostly at large corporations that someone has a grudge
against.
•
There are two main forms of Denial Of Service:
• Attacks that consume network resources like processor
time, disk space, memory, network connections and
modems, so that there are none left for normal users.
• Attacks on a specific network resource,
for example attacking and disabling a server.
Security v3
11
Security Risks : Denial of Service (DOS)
Effects of DOS attacks
• Disrupts use of the network and denies the legitimate users
access to the network services and resources, for example
email is not available, data files can’t be accessed or Internet
access is denied.
Link
Security v3
12
Now do
Task 6 on page 21
Security v3
13
Security Precautions
There are a variety of different ways of protecting computers,
access to computer networks and data on computers.
1. Passwords
The most common way of controlling access to a computer system
or network is to use a system of IDs (user names) and passwords.
• You must be careful to use passwords that are hard to break.
Favourite bands, family names etc are all easy to hack.
Cyber security
The worst passwords
Security v3
14
Security Precautions
2. Encryption
• Encoding/scrambling data using encryption keys.
• Today very sophisticated encryption keys are used involving
carrying out calculations on the binary data.
• For an encryption key to be effective it should take a computer
many years to work out the decryption algorithm.
Simple example of encryption
The following word has been encrypted.
Can you decrypt it?
Encryption
IFMMP
• Encrypting and decrypting files is big business as companies
and governments race to protect their own information.
Security v3
15
Security Precautions
3. Firewall Software
• Network managers keep networks safe and secure by installing
firewall software or firewall hardware.
• Firewalls help prevent unauthorised access to computers by
stopping hackers accessing private information stored on
computers.
• Firewall software or hardware blocks the IP address of a
computer we think might be trying to access our computers
illegally.
Anyone who gains unauthorised access to a
computer system is breaking the
Computer Misuse Act.
Security v3
16
Security Precautions
4. Biometric Systems
Biometrics is the science and technology of measuring and
analysing biological data.
• Technologies that measure and analyse human body
characteristics, such as DNA, fingerprints, eye retinas and irises,
voice patterns, facial patterns and hand measurements, for
authentication purposes.
• Biometrics systems can be used to limit access to computer
rooms or computer systems.
Retina & iris recognition
• The person’s unique retina and/or iris are recognized
using a biometric sensor.
• If the unique pattern in their eye is recognised the
person is allowed access to the computer room.
17
Security Precautions
4. Biometric Systems (continued)
Fingerprint recognition
• Every person’s fingerprint patterns are different.
•
By reading the fingerprint with a scanner that reads key points in the
pattern
the user may be recognised.
Face recognition
Face recognition uses biometric sensor to map landmarks (nodal points) on
the users face. Examples of landmarks are:
Distance between the eyes
Width of the nose
Depth of the eye sockets
The shape of the cheekbones
The length of the jaw line
• Advantage of using biometric systems for security is that it is much harder to
forge a fingerprint or retina pattern than it is to hack into a system that relies
on passwords or PIN numbers.
18
• Additionally, there is no need for the user to remember passwords.
Security Precautions
5. Anti-Virus Software
• Used to prevent computer viruses from damaging computer
systems.
• It locates the virus program code and then quarantines (locks
it away from the rest of the system) and deletes it.
There are many anti-virus programs available but they all
operate in similar ways.
• Virus scans are performed as often as the user requires
(hourly, daily weekly) by changing settings in the program.
• At regular intervals, the software will download ‘definitions’
of new viruses, allowing the software to keep up-to-date
with the latest threats.
Security v3
19
Security Precautions
6. Security Suites
Nowadays companies selling security software offer more than just
anti-virus software. The following packages may come bundled as a
Security Suite:
• Antivirus protection
• Firewall
• Spamkiller
• Spyware protection
• E-mail protection
Note that security software is often sold as a time-limited licence,
usually for one year. This forces customers into an annual payment if
they wish to keep their computer systems protected.
Security v3
20
Now do
Task 7 on page 24
Now do
Revision 4 & 5 on
page 36
Security v3
21