Securitry measure

Definition of security measures:
The precautionary measures taken toward possible danger or damage.

Data Backup
➤A data backup is the result of copying or archiving files and folders for the purpose of            being able to restore them in case of data loss.
➤Data loss can be caused by many things ranging from computer viruses, hardware                 failures, file corruption, system failure or theft.
➤If you are responsible for business data, a loss may involve critical financial, customer,          and company data.
➤If the data is on a personal computer, you could lose financial data and other key files,           pictures, music and others that would be hard to replace.

Cryptography

How…

1. To read the data, you must decrypt it into readable form.
2. The unencrypted data is called plain text.
3. The encrypted data is called cipher text.
4. To encrypt, plain text converted into cipher text using an encryption key.

Importance…

1. The process of proving one's identity.
2. Ensuring that no one can read the message except the intended receiver.
3. Assuring the receiver that the received message has not been altered in anyway from the original.
4. A mechanism to prove that the sender really sent this message. 

Anti Virus
➤Anti-virus software is a program or set of programs that are designed to prevent, search      for, detect and remove software viruses and other malicious software like worms, Trojan        horses, adware and more.
➤If and when a virus is detected, the computer displays a warning asking what action         ➤should be done, often giving the options to remove, ignore, or move the file to the vault.
➤If a virus infected a computer without an antivirus program, it may delete files, prevent          access to files, send spam, spy on you, or perform other malicious actions.
   
Examples: Norton anti-virus, AVG anti-virus, Kaspersky anti-virus

➤There are several different companies that build and offer anti-virus software and what           each offers can vary but all perform some basic functions:
Scan specific files or directories for any malware or known malicious patterns

• Allow you to schedule scans to automatically run for you
• Allow you to initiate a scan of a specific file or of your computer, or of a CD or flash drive at any time.
• Remove any malicious code detected –sometimes you will be notified of an infection and asked if you want to clean the file, other programs will automatically do this behind the scenes.

Anti Spyware
➤Spyware is a type of malware that is installed on a computer without the user's                      knowledge in order to collect information about them.
➤Once installed, spyware can degrades system performance by taking up processing             power, installing additional software, or redirecting users' browser activity.
➤It also can monitors user activity on the Internet and transmits that information in the             background to someone else.
➤Spyware can also gather information about email addresses and even passwords and           credit card numbers.
➤Anti-spyware is a type of software that is designed to detect and remove unwanted              spyware programs.
➤Anti-spyware software can be used to find and remove spyware that has already been           installed on the user's computer.OR it can act much like an anti-virus program by                   providing real-time protection and preventing spyware from being downloaded in the first       place.

Examples :

• Spyware Blaster
• Spy Sweeper

Firewall
➤A firewall is a system designed to prevent unauthorized access to or from a private              network.
➤A firewall can be implement either through hardware or software form, or a combination of    both.
➤Firewalls prevent unauthorized Internet users from accessing private networks connected    to the Internet, especially intranets.
➤All messages entering or leaving the intranet (i.e., the local network to which you are            connected) must pass through the firewall, which examines each message and blocks          those that do not meet the specified rules/security criteria.
➤Rules will decide who can connect to the internet, what kind of connections can be made,     which or what kind of files can be transmitted in out.


Physical Control
➤Lock your laptop whether you're at home, in a dorm, in an office, or sitting in a coffee             shop, use a security device, such as a laptop security cable.
➤Lock doors and windows, usually adequate to protect the equipment.
➤Put the access code at the door to enter the computer room or your office.
➤Put the CCTV (closed-circuit television) in your office or computer room.
➤Make a policies who can access the computer room or your data center.

Human Aspect : Awareness

Ethics - Be a good cyber citizen

1. Do not engage in inappropriate conduct, such as cyber bullying, cyber stalking or rude and offensive behavior.
2. Do not use someone else's password or other identifying information.
3. Lock it when you leave
4. It takes only a few seconds to secure your computer and help protect it from unauthorized access. Lock down your computer every time you leave your desk.
5. Set up a screen-saver that will lock your computer after a pre-set amount of time and require a password to log back in.

Phishing Emails

1. Never respond to requests for personal information via email. Businesses will never ask for personal information in an email.
2. Do not enter personal information in a pop-up screen.
3. Dispose of Information Properly
4. Destroy/shred hard copy confidential documents that contain personal information such as social security numbers, credit card numbers, bank account numbers, health records.
5. Ensure you are using the right tools when destroying and disposing of personal information or media storage from your computer and mobile devices

Protect data on mobile device

1. Choose a strong password. A good password should always include upper and lowercase letters, numbers, and at least one special character. Never use the same password for multiple devices or accounts.
2. Store your portable devices securely. When not in use, store devices out of sight and when possible in a locked drawer or cabinet.

Expose employees or staff to computer security.
Make a routine check to update from new virus, worm or other malicious threat.

Computer security

➧Other intruders indicate some evidence of their presence either by leaving a message or ➧by deliberately altering or damaging data.
➧Any illegal act involving a computer generally is referred to as a computer crime.
➧Cybercrime refers to online or Internet-based illegal acts.
➧Software used by cybercriminals sometimes is called crimeware.

• Perpetrators of cybercrime and other intrusions fall into seven basic categories:
• Hacker, refers to someone who accesses a computer or network illegally. Some hackers claim the intent of their security breaches is to improve security.
• Cracker also is someone who accesses a computer or network illegally but has the intent of. destroying data, stealing information, or other malicious action
• Script kiddie has the same intent as a cracker but does not have the technical skills and knowledge. Often use prewritten hacking and cracking programs to break into computers.
• Corporate spies have excellent computer and networking skills.

ühired to break into a specific computer and steal its proprietary data and information.

üto help identify security risks in their own organization.

• Unethical employees may break into their employers’ computers for a variety of reasons:

üwant to exploit a security weakness,

üseek financial gains from selling confidential information

üdisgruntled employees may want revenge.

• Cyber extortionist is someone who uses e-mail as a medium for extortion.

üThey will send an organization a threatening e-mail message indicatingthey will expose confidential information if they are not paid a sum of money.

• Cyberterrorist is someone who uses the Internet or network to destroy or damage computers for political reasons. They might targets:

üthe nation’s air traffic control system,

üelectricity-generating companies,

üa telecommunications infrastructure.

Malicious code

➧Malicious code is code causing damage to a computer or system. It is code not easily or solely           controlled through the use of anti-virus tools.
➧Malicious code can either activate itself or be like a virus requiring user to perform an action, such      as clicking on something or opening an email attachment.

Computer Virus
Definition : A computer virus is a potentially damaging computer program that affects or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission.
➧A computer virus attaches itself to a program or file enabling it to spread from one                 computer to another, leaving infections as it travels
➧It may damage files and system software, including the operating system
➧Almost all viruses are attached to an executable file.
➧The virus may exist on your computer but it actually cannot infect your computer unless         you run or open the malicious program.
➧A computer virus by sharing infecting files or sending emails with viruses as attachments in   the email.Even such a simple virus is dangerous because it will quickly use all available       memory and bring the system to a halt.
Examples: Melissa, Tequila, Cascade, Invader  

Worm
➧A worm is a program that copies itself repeatedly.
➧For example in memory or on a network, using up resources and possibly shutting down      the computer or network.
➧Worms spread from computer to computer, but unlike a virus, it has the capability to travel   without any human action
➧A worm takes advantage of file or information transport features on your system, which is     what allows it to travel unaided.
➧The biggest danger with a worm is its capability to replicate itself on your system.
➧It will causing Web servers, network servers and individual computers to stop responding.

Examples: Jerusalem, Sobig,   Nimda, Morris Worm

Differentiate between worms and virus
Enable visualization to see the difference between the two.














Trojan Horse
➧A program that hides within or looks like a legitimate program. It does not replicate itself to   other computers.
➧At first glance will appear to be useful software but will actually do damage once installed     or run on your computer.
➧Examples: It can change your desktop, adding silly active desktop icons or they can cause   serious damage by deleting files and destroying information on your system.
Examples: Netbus, Back Orifice, Subseven, Beast 

Differences of Malicious code












Unauthorized access & use
Unauthorized accesss

• The use of a computer or network without permission.

Unauthorized use 

• The use of a computer or its data for unapproved or possibly illegal activities

To help prevent unauthorized access and use, they should have a written acceptable use policy (AUP) that outlines the computer activities for which the computer and network may and may not be used.An access control is a security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer.Many systems implement access controls using a two-phase process called identification and authentication.Identification verifies that an individual is a valid user.

Authentication verifies that the individual is the person he or she claims to be.Three methods of identification and authentication include user names and passwords, possessed objects, and bio metric devices.A user name or user ID (identification), is a unique combination of characters, such as letters of the alphabet or numbers, that identifies one specific user.A password is a private combination of characters associated with the user name that allows access to certain computer resources.

Most multi user (networked) operating systems require that users correctly enter a user name and a password before they can access the data, information and programs stored on a computer or network.

A possessed object is any item that you must carry to gain access to a computer or computer facility. Examples of possessed objects are badges, cards, smart cards and keys. The card you use in an automated teller machine (ATM) is a possessed object that allows access to your bank account. Possessed objects often are used in combination with personal identification numbers. 

A personal identification number (PIN) is a numeric password, either assigned by a company or selected by a user. A biometric device authenticates a person’s identity by translating a personal characteristic, such as a fingerprint into a digital code.

Hardware Theft

➤Hardware theft is the act of stealing computer equipment.

➤Hardware vandalism is the act of defacing or destroying computer equipment.

➤Companies, schools, and other organizations that house many computers, however, are       at risk of hardware theft.

➤Safeguards against Hardware Theft and Vandalism:

• physical access controls, such as locked doors and windows
• install alarm systems in their buildings
• physical security devices such as cables that lock the equipment to a desk.

Software Theft

➤Software theft occurs when someone:

• Steals software media
• Intentionally erases programs
• Illegally copies a program
• Illegally registers and/or activates a program.

➤Steals software media involves a perpetrator physically stealing the media that contain         the software or the hardware that contains the media.

➤Intentionally erases programs can occur when a programmer is terminated from, or stops     working for a company.

➤Although the programs are company property, some dishonest programmers intentionally     remove or disable the  programs they have written from company computers.

➤Illegally copies a program occurs when software is stolen from software manufacturers.

➤This type of theft, called piracy, is by far the most common form of software theft.

➤Illegally registers and/or activates a program involves users 

➤illegally obtaining registration numbers and/or activation codes.

➤A program called a keygen, short for key generator, creates software registration numbers    and sometimes activation codes.

➤Some individuals create and post keygens so that users can install software without              legally purchasing it

Safeguards against Software Theft

➤To protect software media from being stolen, owners should keep original software boxes      and media in a secure location, out of sight of prying eyes.

➤All computer users should back up their files and disks regularly.

➤To protect themselves from software piracy, software manufacturers issue users license         agreements.

Information Theft

➤Information theft occurs when someone steals personal or confidential information.

➤If stolen, the loss of information can cause as much damage as (if not more than)                  hardware or software theft.

➤An unethical company executive may steal or buy stolen information to learn about a             competitor.

➤A corrupt individual may steal credit card numbers to make fraudulent purchases.

Safeguards against Information Theft

➤Protecting information on computers located on an organization’s premises.

➤To protect information on the internet and networks, organizations and individuals use a         variety of encryption techniques.

➤Encryption is a process of converting readable data into unreadable characters to prevent     unauthorized access.

System Failure

➤A system failure is the prolonged malfunction of a computer

➤Can cause loss of hardware, software, data, or information.

➤These include aging hardware; natural disasters such as fires, floods, or hurricanes;             random events such as electrical power  problems; and even errors in computer                   programs.

➤Electrical power variations can cause loss of data and loss of equipment.

➤If the computer equipment is networked, a single power disturbance can damage multiple    systems.

➤Electrical disturbances include noise (any unwanted signal), undervoltages (electrical             supply drops), and overvoltages (incoming electrical power increases).

Safeguards against System failure

➤To protect against electrical power variations, use a surge protector.

➤A surge protector, also called a surge suppressor, uses special electrical components to      smooth out minor noise, provide a stable current flow, and keep an overvoltage from              reaching the computer and other electronic equipment.

Computers ethics

Computer ethic

Netiquette

➧Netiquette, or net etiquette, refers to etiquette on the Internet. 

➧Is the code of acceptable behaviours users should follow while on the Internet or online or     cyberspace.

➧Rules for all aspects of the:

qWorld Wide Web

qE-mail

qInstant Messaging

qChat rooms

qNewsgroups & message board.

➧Electronic communication lacks the facial expression, gestures and tone of voice to convey    your meaning. It’s easy to misinterpret meaning of words. 

➧Remember, when you communicate through cyberspace your words are written.

➧Chances are they're stored somewhere and they can come back and haunt you.

➧Any message you send could be saved or forwarded by

its recipient. You have no control   over where it goes.

When do these rules apply?

Anytime when you are using…

• Chatting online 
• Using email
• Posting to a discussion
• Blogging
• Playing online games
• Social media
• Using web
• Internet messaging
• FTP

Areas of computer ethics

Information accuracy

➧One of the concern because many users access information maintained by other people or   companies, such as on the Internet.
➧Do not assume all the information on the Web is correct.
➧Users should evaluate the value of a Web page before relying on its content.
➧Be aware that the organization providing access to the information may not be the creator     of the information.

Green Computing

➧Green computing is the environmentally responsible and eco-friendly use of computers and their resources. In broader terms, it is also defined as the study of designing, manufacturing/engineering, using and disposing of computing devices in a way that reduces their environmental impact.

➧Involves reducing the electricity and environmental waste while using a computer.
➧Society has become aware of this waste and is taking measures to combat it.

➧Some of the actions that has been taken:

qUsing energy- efficient devices that require little power when   they are not in use.

q

qBuy computers with low power consumption processors and power supplies.

q

qWhen possible, use outside air to cool the data center.

➧Average computer users can employ the following general tactics to make their                     computing usage more green:

qUse the hibernate or sleep mode when away from a computer for extended periods.

q

qUse flat-screen or LCD monitors, instead of conventional cathode ray tube (CRT) monitors.

q

qBuy energy efficient notebook computers, instead of desktop computers.

q

qActivate the power management features for controlling energy consumption.

q

qTurn off computers at the end of each day.

q

Refill printer cartridges, rather than buying new ones

codes of conduct

➤Written guideline that helps determine whether a specific action is ethical/unethical or           allowed/not allowed.

Information privacy

➤The right of individuals and companies to deny or restrict the collection, use, and                   dissemination of information about them.

➧The privacy of personal information and usually relates to personal data stored on computer systems.
➧The need to maintain information privacy is applicable to collected personal information such as medical records, financial data, criminal records, political records, business related information or website data.
➧Information privacy is also known as data privacy.
➧Today, huge databases store their data online.Much of the data is personal and confidential and should be accessible only to authorize users.
➧Many individuals and organizations, however, question whether this data really is private.
➧That is, some companies and individuals collect and use this information without your authorization. 
➧Web sites often collect data about you, so that they can customize advertisements and send you personalized e-mail messages.
➧Some employers monitor your computer usage and e-mail messages.