Computer security

2 Outline

 Nature of computer security

 Basic challenges
 importance of computer
security
 Security components
 Security threats and breaches
 Computer security measures
computer security
 Nature of computer security

 Computer security is the protection of computers,

as well as of the data that the computers hold.
 Computer security measures can encompass
anything, from protecting computers with
passwords to setting up firewalls—it’s important to
familiarise yourself with as many different
measures as you can in order to ensure that you
give your data and your devices as much
protection as possible.
 Cybersecurity is defined as
protecting computer systems, which
communicate over
the computer networks
 Computer Security is, basically, the
preservation of computing systems
and the information that they save
and / or retrieve.
 Basic challenges in computer security
 There is a natural tendency on the part of
users and system managers to perceive
little benefit from security investment
until a security failure occurs.
 Security requires regular, even constant,
monitoring, and this is difficult to be
implemented especially at individual level
 Basic challenges in computer security
 Security is still too often an afterthought to be
incorporated into a system after the design is
complete rather than being an integral part of
the design process.
 Many users and even security administrators
view strong security as an impediment to
efficient and user-friendly operation of an
information system or use of information.
 Significance
 Computer Security is important enough that it
should be learned by everyone. Only 10% of
security safeguards are technical—the remaining
90% depends on the user adhering to good
computing practices.
 Computer Security is important as it
enables people to perform their work and
study.
 It helps in the execution of essential
business processes, and Safeguards
confidential and sensitive information.
 Every user of a computer or mobile device
should be able to grasp how to keep their
computer, devices, and data secure.
Computer security is everyone’s
responsibility.
 Why computer security is important
in higher learning institutions
 Historically, this industry is based on the free
exchange of information,
 Students and staff may have limited technical skills to
know how to stay safe online
 Online education systems
 There’s a significant change in the user population
every year due to students graduating and new
students enrolling, making it difficult to track who is
using certain resources and who has access to them.
 Importance of Computer Security in Organizations
Today

 To preserve company assets – Company assets

include information kept in the in the computer
network
 To conform with governing requirements and moral
responsibilities – Each organization creates policies
and procedures which deal with the security
requirements of the organization in question.
 For competitive benefit – Financial
services and e-commerce considers
network security to be of prime
importance.
 To help curb the increasing volume and
sophistication of cyber security threats
 14 Some differences between traditional
security and soft information security

 Information can be stolen - but you still have it

 Confidential information may be copied and
sold - but the theft might not be detected
 The criminals may be on the other side of the
world
 15 Security Components
 Confidentiality: The assets are accessible only by
authorized parties.
 Keeping data and resources hidden
 Integrity: The assets are modified only by authorized
parties, and only in authorized ways.
 Data integrity (integrity)
 Origin integrity (authentication)
 Availability: Assets are accessible to authorized
parties.
computer security

 Enabling access to data and resources

 Vulnerabilities and Attacks
 system resource vulnerabilities may
 be corrupted (loss of integrity)
 become leaky (loss of confidentiality)
 become unavailable (loss of availability)
 attacks are threats carried out and may be
 passive
 active
 insider
 outsider
17 Computing System Vulnerabilities

 Hardware vulnerabilities
 Software vulnerabilities
 Data vulnerabilities
 Human vulnerabilities

computer security
 18 Software Vulnerabilities

 Destroyed (deleted) software

 Stolen (pirated) software
 Altered (but still run) software
 Eg Virus

computer security
 Examples of computer system
threats
Malware:
 Hostile, intrusive, or annoying software or
program code ("malicious + "software“)
 It is code or software that is specifically
designed to damage, disrupt, steal, or in
general inflict some other "bad" or
illegitimate action on data, hosts, or
networks.
 Examples of computer system
threats

Internet bot:
 also known as web robots, are automated internet
applications controlled by software agents
 These bots interact with network services intended
for people, carrying out monotonous tasks and
behaving in a humanlike manner (i.e. computer
game bot)
21

 Bots can gather information, reply to

queries, provide entertainment, and
serve commercial purposes.
 Botnet - a network of "zombie"
computers used to do automated tasks
such as spamming or reversing
spamming
computer security
Examples of computer system
threats

Adware:
 Advertising-supported software is
any software package which
automatically plays, displays, or
downloads advertising material to a
computer after the software is
installed on it or while the application
is being used.
 Examples of computer system
threats
Spyware:
 A broad category of software designed to intercept
or take partial control of a computer's operation
without the informed consent of that machine's
owner or legitimate user
 In simpler terms, spyware is a type of program that
watches what users do with their computer and
then sends that information over the internet
Examples of computer system
threats
Spam:
 Spamming is the abuse of
electronic messaging systems to
send unsolicited, undesired bulk
messages
 Examples of computer system
threats
Phishing:
 A criminal activity using social engineering
techniques.
 An attempt to acquire sensitive data, such as
passwords and credit card details, by
masquerading as a trustworthy person or
business in an electronic communication.
 Typically carried out using email or an instant
message
 Countermeasures

 means used to deal with security attacks

 prevent
 detect
 recover
 may result in new vulnerabilities
 will have residual vulnerability
 goal is to minimize risk given constraints
27 Goals of Security
 Prevention
 Prevent attackers from violating security policy
 Detection
 Detect attackers’ violation of security policy
 Recovery
 Stop attack, assess and repair damage
 Continue to function correctly even if attack
succeeds

computer security
28 Methods of Defense

 Encryption
 Software controls
 Hardware controls
 Policies
 Physical controls

computer security
 ways computer users can protect
themselves against security breaches
 Encryption: the method by which information is converted int
secret code that hides the information's true meaning
 Use strong, ambiguous passwords that can’t be easily
predicted, and keep them secret.
 Ensure that your computer, devices and applications are
updated with the latest version of the operating system
in question.
 ways computer users can protect
themselves against security breaches
 Ensure that your computer is secured with up-to-date
antivirus and anti-spyware software.
 Ignore unknown or unsolicited links and attachments.
Don’t download unfamiliar files or programs onto your
computer or other devices.
 cont

 Remember that data, especially passwords

transmitted through typical wireless
connections, is very easy for hackers to
capture.
32 Physical control
 Restricting physical access to
infrastructure – e.g. locking, biometrics,
smart cards, and wireless-enabled
keycards, motion detectors
 Surveillance of infrastructure
 Environmental controls – e.g. Air
conditioning, cleanliness, waterproofing
computer security
 Cloud storage/back up of course
33
work
 Use cloud storage/back up for all school work
 One Drive – 5GB Free
 https://onedrive.live.com/about/en-us/
 Drop Box – 5GB Free
 https
://www.dropbox.com/help/account/create-account
 Google Drive – 15GB Free
 https://drive.google.com/
THE END