2. LEARNING OUTLINES
▪ Define Computer Security.
▪ Explain the main purpose of computer security.
▪ Define Information Security.
▪ Explain the main objectives of Information Security.
▪ Define Security Threats and its types.
▪ Explain the security measures to protect computer equipment and
supplies.
2
3. “
Do not go where the path may lead, go
instead where there is no path and
leave a trail.
3
Ralph Waldo Emerson
5. INTRODUCTION
⬥ Computer has become inseparable from our life. It is no more a
machine sitting on our desk or lap. The increased use of computing
system has also increased threat in computer security.
⬥ Computer security means protecting our computers and it’s
components from damage, theft or misuse and action to prevent
such incidents. It includes security of:
▪ Data and information,
▪ Computer programs and applications
▪ Credentials
▪ Computer hardware.
5
6. COMPUTER SECURITY
⬥ Computer security focuses on the security attacks, security
mechanisms and security services.
▪ Security attacks are the reasons for breach of security.
Security attacks comprise of all actions that breaches the
computer security
▪ Security mechanism are the tools that include algorithms,
protocols or devices, that are designed to detect, prevent, or
recover from a security attack
▪ Security services are the services that are provided by a
system for a specific kind of protection to the system
resources
6
7. INFORMATION SECURITY
▪ Information security, sometimes shortened to InfoSec, is the practice
of protecting information by mitigating information risks.
▪ It is part of information risk management. It typically involves preventing
or at least reducing the probability of unauthorized/inappropriate access
to data, or the unlawful use, disclosure, disruption, deletion, corruption,
modification, inspection, recording or devaluation of information.
⬥ Information security is the practice of preventing unauthorized access,
use, disclosure, disruption, modification, infection, recording or
destruction of information.
⬥ Information security programs are build around 3 objectives, commonly
known as CIA(Confidentiality, Integrity, Availability)
7
9. ⬥ Periodically checking the hard disk and replacing it if it
shows failure symptoms
⬥ Copying the data in another disk in the system to avoid
accidentally erasing or erasing data by unauthorized person
⬥ Nowadays, we can copy important data into online storage
devices which is also called cloud storage. There are many
providers who provide space in the cloud for online storage
of our data which include Dropbox, Google Drive, OneDrive,
iCloud. Some of them are free up to the certain size of
storage space.
⬥ We can also, sometimes, send important files as an
attachment to our own mail such as Gmail or Hotmail.
Protection of data
9
11. ➢ Phishing is the fake attempt to obtain sensitive
information such as user’s names, passwords and credit
card details by disguising oneself as a trustworthy
entity in an electronic communication.
➢ It could involve an attachment to an email that loads
malware onto your computer.
➢ It could also be a link to an illegitimate website that
can trick you into downloading malware are handing
over your personal information.
Phising
11
12. ➢ A botnet is illogical collection of Internet- Connected
devices such as computers, smart phones or Internet of
Things devices whose security have been breached and
control is given away to a third party.
➢ Each compromised device, known as a board, is created
when a device is penetrated by a software from a
malware distribution.
Botnet
12
13. ➢ A rootkit is a malicious code(kit) that hired in system
area provides continued administrator’(root) privileged
access to a computer while actively hiding its presence.
➢ A root kit on an infected computer can access log files
and spy on the legitimate computer owners usage.
Rootkit
13
14. ➢ Keylogger is hardware or software for recording the
keys pressed on a keyboard secretly so that person
using the keyboard does not know that their actions
are being monitored.
➢ While the programs themselves are legal, with many of
them being designed to allow employers to oversee the
use of their computers, keyloggers are most often used
stealing passwords and all the confidential information.
Keylogger
14
15. ➢ A computer hacker is any skilled computer expert who
uses his are hard technical knowledge to overcome a
problem.
➢ Security hackers are people involved with
circumvention of computer security. Among security
hackers, there are several types, including White hats,
Black hats and Gray hats.
Hacker
15
16. ➢ Drive-by download attacks are common method of
spreading malware. Hackers look for insecure websites
and plant a malicious script into HTTP or PHP code on
one of the pages.
➢ Drive-by downloads can happen when visiting a
website or viewing an email message on a pop up
window.
Drive-by Attack
16
17. ⬥Malicious code is the kind of humble computer cord or web scripted
designed to create system vulnerabilities leading to back doors, security
breaches, information and data theft, and other potential damages to
files and computing systems.
⬥The code gives a cybercriminal unauthorized remote access to the
attacked system- called an application back door – which that exposes
sensitive company data.
⬥Preventing Malicious Software
▪ Restricting computer access
▪ Vigilance while installing a software
▪ Refusing malicious request while browsing
▪ Allowing only trustworthy users
▪ Using trusted removable storage media.
Malicious Codes
17
18. Security Mechanisms
The process of identifying an individual usually
based on a username and password is called an
authentication system.
2
19. ▪ The process of identifying an individual usually based on a
username and password is called an authentication system
▪ In security systems, authentication is distinct from authorization,
which is the process of giving individuals access to system objects
based on their identity.
▪ Authentication is facilitated by use of username and password,
smart cards, biometric methods etc.
Authentication System
19
20. Password
A password, sometimes called a passcode, is a memorized secret, typically a string of
characters, usually used to confirm a user's identity. In general, a password is an arbitrary string
of characters including letters, digits, or other symbols. If the permissible characters are
constrained to be numeric, the corresponding secret is sometimes called a personal identification
number (PIN).
Following are some of the tips to make our password secure and strong:
⬥ Never share your credentials online.
⬥ Don't use easily guessable the name of a pet, child, family member, birthdays, birthplace,
name of a favorite holiday.
⬥ Don't use a sequence like abcd or 1234 which are, again, easily guessable.
⬥ Mix characters, numbers and symbols. Also, mix small and capital letters.
⬥ Avoid using the same password in all applications.
⬥ Change password periodically.
Authentication System
20
Continuation…
21. Biometrics
⬥ Biometrics is the measurement and statistical analysis of people's unique
physical and behavioral characteristics.
⬥ The technology is mainly used for identification and access control or for
identifying individuals who are under surveillance.
⬥ Biometrics can include physiological traits, such as fingerprints and eyes, or
behavioral characteristics, such as the unique way you'd complete a security-
authentication puzzle.
Authentication System
21
Continuation…
22. Firewalls
⬥ A firewall is the network security systems that monitors and controls the traffic
flow between the Internet and private network or private computer on the basis of
a set of user-defined rules.
⬥ Firewall can be a hardware firewall, software firewall or firewall incorporated in
Operating System such as Windows Firewall.
Authentication System
22
Continuation…
23. Cryptography
⬥ Cryptography is a method of protecting information and
communications through the use of codes, so that only those for whom
the information is intended can read and process it.
⬥ The prefix "crypt-" means "hidden" or "vault" -- and the suffix "-graphy"
stands for "writing.".
⬥ Cryptography is associated with the process of converting ordinary plain
text into unintelligible text and vice versa. •
⬥ The process of distinguishing information into an unintelligible form is
known as encryption. •
Authentication System
23
Continuation…
24. 24
Cryptography
⬥ The information that needs to be disguised is called plaintext. • The
encrypted information is called ciphertext. •
⬥ After the encrypted information reaches its destination, it has to be
converted into plaintext so that the information is intelligible. The
process of converting ciphertext into plaintext is known as decryption.
Authentication System
Continuation…
Plain Text Encryption Cipher text Decryption Plain Text
25. Encryption
Encryption is the technology to encode file or message that is being stored or
transferred online in intelligible content which cannot be used by an unauthorized
person. Generally, encryption is done with the help of key and the key is made available
to the authorized user by another medium.
Decryption
The conversion of encrypted data into its original form is decryption. It is generally a
reverse process of encryption. It decodes the encrypted information so that an
authorized user can only decrypt the data because decryption requires a secret key or
password.
Types of Cryptography
25
26. Malware
⬥ Malware is the collective name for a number of malicious software variants,
including viruses, ransomware and spyware.
⬥ Shorthand for malicious software, malware typically consists of code developed by
cyber attackers, designed to cause extensive damage to data and systems or to gain
unauthorized access to a network.
⬥ It is used to describe all of the viruses, spyware, worms, adware, nagware, Trojan,
and pretty much anything that is specifically designed to cause harm to your PC or
steal your information.
Types of Cryptography
26
Continuation…
27. ⬥ Virus-A virus is a program that copies itself and infects a PC, spreading from one file
to another, and then from one PC to another when the files are copied or shared.
⬥ Spyware-Spyware is any software installed on your PC that collects your
information without your knowledge and sends that information back to the creator
so they can use your personal information in some immoral way.
⬥ Trojan-Trojan horses are applications that look like they are doing something
harmless, but secretly have malicious code that does something else.
⬥ Worm-Computer worms use the network to send copies of themselves to other PCs,
usually utilizing a security hole to travel from one host to the next, often
automatically without user intervention.
⬥ Adware- Adware is a software application used by companies for marketing
purposes; advertising banners are displayed while any program is running.
Types of Malware
27
29. ➢ Antivirus software, nowadays also known as anti-malware, is a
computer program used to prevent, detect, and remove malware.
➢ Antivirus software can protect from browser hijackers, keyloggers,
rootkits, Trojan horses, worms, adware, spyware, and many more.
⬥ Popular antivirus software:
Bitdefender Antivirus Plus 2020, Norton Antivirus(NAV) Plus,
Web root Secure Anywhere Antivirus, ESET NOD32 Antivirus, F-
Secure Antivirus SAFE, Kaspersky Anti-Virus, etc.
Antivirus Software
29
31. 31
Back up System
⬥ A system backup is the process of backing up the operating system, files
and system-specific useful/essential data.
⬥ Backup is a process in which the state, files and data of a computer
system are duplicated to be used as a backup or data substitute when the
primary system data is corrupted, deleted or lost.
⬥ When data and software are corrupted or lost, we can recover them from
the backup copy. Backups can be kept in different locations such as hard
disks, compact disc, external hard drive and on the cloud (Internet). So,
Backups are important methods of data and software security measures
against data corruption or loss.
33. 33
Hardware Security
⬥ Hardware security is vulnerability protection that comes in the form of a physical
device rather than software that is installed on the hardware of a computer system.
⬥ Hardware security can pertain to a device used to scan a system or monitor network
traffic. Common examples include hardware firewalls and proxy servers.
⬥ The hardware can be damaged by:
• Dust or dirt on mechanical parts;
• Water and moisture on the electronic circuits;
• Irregular electricity on the circuit boards;
• Overheating of the device
• Fire burning the machine
• Theft of the computer and its devices
34. 34
Methods of Hardware Security
⬥ Regular Maintenance
⬥ Insurance
⬥ Free from Dust
⬥ Fire Extinguisher
⬥ Theft
⬥ Air conditioning system
⬥ Power Protection device
35. 35
Methods of Hardware Security
Regular Maintenance
• Keep the computer room clean.
• Arrange regular maintenance of the computer system and devices
• Faulty devices should be detected and replaced. We can do this by
bringing our computers and devices to the service center or by having
annual maintenance contract with a service providing company
depending on the policy of organization and number of computers and
devices
Continuation….
36. 36
Methods of Hardware Security
Continuation….
Insurance
• Insurance is a way to get the investment- whole part of it- back in case,
the computer system is damaged because of theft, vandalism or
natural calamities like fire or flood.
• For insurance assets we have to contact the agent of non life insurance
company and against the payment off in nominal amount of money as
premium every year we can ensure our computer and other assets.
37. 37
Methods of Hardware Security
Continuation….
Free from dust
• Often dust buildup occurs in computer case fans,
inside the power supply or CPU cooler. When CPU
cooler fails to spin because of dust build up, process
it can overheat and become damaged.
• If the power supply fan blows, this can become a
serious fire hazard because of the heat being
generated.
38. 38
Methods of Hardware Security
Continuation….
⬥ Fire extinguisher and Air condition system
• Fire extinguisher:
Install fire extinguishers in the computer room. So that in case
of fire we can extinguish the fire quickly and minimize damage.
• Air condition System:
When a computer system is used for a long time, it becomes
heated. The air conditioning system should be installed as it helps
to reduce the room temperature
39. 39
Methods of Hardware Security
Continuation….
Theft
• The computer room should have physical security with proper locking
system, controlled access of authorized personnel only by having
human guard or biometric machine.
40. 40
Methods of Hardware Security
Continuation….
Power protection device
• Have reliable electric system such as cable, switches in the
computer room, checking and replacing them regularly.
• Use voltage stabilizers, spike controllers or Uninterruptible
Power Supply (UPS) to avoid irregular electric supplies like
high voltage, fluctuating voltage or power cuts.
• Frequent power cuts me not only cause damage to the
computer hardware but also causes data loss that we are
currently working on. And UPS is a device which has a
battery back up in it which is charged when there is power