COMPUTER SECURITY RISK
→ Definition of computer security risk:
Any event or action that could cause a loss of or damage to computer hardware, software, data, information or processing capability
→ Other intruders indicate some evidence of their presence either by leaving a message or by deliberately altering or damaging data.
→Any illegal act involving a computer generally is referred to as a computer crime.
→Cybercrime refers to online or Internet-based illegal acts.
→Software used by cybercriminals sometimes is called crimeware.
→Perpetrators of cybercrime and other intrusions fall into seven basic categories:
Hacker, refers to someone who accesses a computer or network illegally. Some hackers claim the intent of their security breaches is to improve security.
Cracker also is someone who accesses a computer or network illegally but has the intent of. destroying data, stealing information, or other malicious action
Script kiddie has the same intent as a cracker but does not have the technical skills and knowledge. Often use prewritten hacking and cracking programs to break into computers.
Corporate spies have excellent computer and networking skills.
hired to break into a specific computer and steal its proprietary data and information.
to help identify security risks in their own
Unethical employees may break into their employers’ computers for a variety of reasons:
want to exploit a security weakness,
seek financial gains from selling confidential information
disgruntled employees may want revenge.
Cyber extortionist is someone who uses e-mail as a medium for extortion.
They will send an organization a threatening e-mail message indicating they will expose confidential information if they are not paid a sum of money.
Cyberterrorist is someone who uses the Internet or network to destroy or damage computers for political reasons. They might targets:
the nation’s air traffic control system,
electricity-generating companies,
a telecommunications infrastructure.
MALICIOUS CODE
→Malicious code is code causing damage to a computer or system. It is code not easily or solely controlled through the use of anti-virus tools.
→Malicious code can either activate itself or be like a virus requiring user to perform an action, such as clicking on something or opening an email attachment.
💀COMPUTER VIRUS💀
- Definition : A computer virus is a potentially damaging computer program that affects or infects, a computer negatively by altering the way the computer works without the user’s knowledge or permission.
- A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels
- It may damage files and system software, including the operating system.
- Almost all viruses are attached to an executable file.
- The virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program.
- A computer virus by sharing infecting files or sending emails with viruses as attachments in the email.
- Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt.
- Examples: Melissa, Tequila, Cascade, Invader
⇒A worm takes advantage of file or information transport features on your system, which is what allows it to travel unaided.
⇒The biggest danger with a worm is its capability to replicate itself on your system.
⇒It will causing Web servers, network servers and individual computers to stop responding.
⇒Examples: Jerusalem, Sobig, Nimda, Morris Worm
💀TROJAN HORSE💀
⇢A program that hides within or looks like a legitimate program. It does not replicate itself to other computers.
⇢At first glance will appear to be useful software but will actually do damage once installed or run on your computer.
⇢Examples: It can change your desktop, adding silly active desktop icons or they can cause serious damage by deleting files and destroying information on your system.
⇢Examples: Netbus, Back Orifice, Subseven, Beast
UNAUTHORIZED ACCESS AND USE
➤Unauthorized access - the use of computer or network without permission
Unauthorized use - the use of computer or its data for unapproved or possibly illegal activities.
➤To help prevent unauthorized access and use, they should have a written acceptable use policy (AUP) that outlines the computer activities for which the computer and network may and may not be used.
➤An access control is a security measure that defines who can access a computer, when they can access it, and what actions they can take while accessing the computer.
➤A user name or user ID (identification), is a unique combination of characters, such as letters of the alphabet or numbers, that identifies one specific user.
➤A password is a private combination of characters associated with the user name that allows access to certain computer resources.
HARDWARE THEFT
➦Hardware theft is the act of stealing computer equipment.
➦Hardware vandalism is the act of defacing or destroying computer equipment.
➦Companies, schools, and other organizations that house many computers, however, are at risk of hardware theft.
➦Safeguards against Hardware Theft and Vandalism:
-physical access controls, such as locked doors and windows
-install alarm systems in their buildings
-physical security devices such as cables that lock the equipment to a desk.
SOFTWARE THEFT
⏩Software theft occurs when someone:
- Steals software media
- Intentionally erases programs
- Illegally copies a program
- Illegally registers and/or activates a program.
⏩Steals software media involves a perpetrator physically stealing the media that contain the software or the hardware that contains the media.
⏩Intentionally erases programs can occur when a programmer is terminated from, or stops working for a company.
⏩Although the programs are company property, some dishonest programmers intentionally remove or disable the programs they have written from company computers.
⏩All computer users should back up their files and disks regularly.
⏩To protect themselves from software piracy, software manufacturers issue users license agreements.
INFORMATION THEFT
⟶Information theft occurs when someone steals personal or confidential information.
⟶If stolen, the loss of information can cause as much damage as (if not more than) hardware or software theft.
Safeguards against Information Theft
⟶Protecting information on computers located on an organization’s premises.
⟶To protect information on the internet and networks, organizations and individuals use a variety of encryption techniques.
⟶Encryption is a process of converting readable data into unreadable characters to prevent unauthorized access.
SYSTEM FAILURE
➺A system failure is the prolonged malfunction of a computer
➺Can cause loss of hardware, software, data, or information.
➺These include aging hardware; natural disasters such as fires, floods, or hurricanes; random events such as electrical power problems; and even errors in computer programs.
➺To protect against electrical power variations, use a surge protector.
➺A surge protector, also called a surge suppressor, uses special electrical components to smooth out minor noise, provide a stable current flow, and keep an overvoltage from reaching the computer and other electronic equipment.
No comments:
Post a Comment