1. Unit 4 Networks

2. Computer Networks A computer network is a collection of computers linked together so that they can communicate with each other A computer that is not connected to a network is called a stand-alone computer There are two different sorts of computer network: ‘Local Area Network’ or ‘LAN’ - the computers are all in the same building or in different buildings on one site permanently connected to each other with special cables. ‘Wide Area Network’ or ‘WAN’ - the computers are spread over a large geographical area not permanently connected to each other communicate using telephone lines, radio transmitters or satellite links. Connected by gateways

3. Factors to consider when choosing a network Cost of the network Initial purchasing of equipment Initial purchasing of equipment Installation and training Installation and training Maintenance costs Maintenance costs Size of the available budget will determine what can be done e.g. fibre optic cable is faster but is also more expensive. Wireless systems are flexible but need more maintenance. Size of the available budget will determine what can be done e.g. fibre optic cable is faster but is also more expensive. Wireless systems are flexible but need more maintenance.

4. Size of the organisation Needs can range from a small LAN to a global WAN. Needs can range from a small LAN to a global WAN. Some communications media are limited to the distance they have to travel. Some communications media are limited to the distance they have to travel. Amount of data processing required must also be considered. Amount of data processing required must also be considered.

5. How the system will be used What type of applications do users require? What type of applications do users require? Will they need large data storage? Will they need large data storage? From where will they operate the network e.g. at home in office or remote access from different locations From where will they operate the network e.g. at home in office or remote access from different locations

6. Existing systems to integrate More often networks are not developed from scratch but need to fit in with existing systems. Sometimes an extension is required e.g. when a new branch office opens. Therefore any new network must fit in with the operating systems and protocols of the existing. Therefore any new network must fit in with the operating systems and protocols of the existing. It must support any peripherals already in use e.g. bar code readers, printers etc It must support any peripherals already in use e.g. bar code readers, printers etc

7. Performance and speed required Performance in terms of: reliability reliability user friendliness user friendliness capacity capacity speed of processing. speed of processing. Different parts of the organisation may have different performance requirements. E.g. a realtime e-commerce system may require greater speeds and capacity and security than the in house payroll system Different parts of the organisation may have different performance requirements. E.g. a realtime e-commerce system may require greater speeds and capacity and security than the in house payroll system

8. Security issues Different organisations may have different priorities e.g. A large business organisation may be primarily concerned with A large business organisation may be primarily concerned with Prevention of hacking Prevention of hacking Avoid viruses Avoid viruses Secure payment site Secure payment site A school may be equally concerned with blocking the downloading of illicit material A school may be equally concerned with blocking the downloading of illicit material

9. Clients (Terminals) Thin clients (‘Dumb terminal’) Has no built in hard drive, expansion slots and only has enough RAM and processing capacity to run applications and output to a monitor Suitable for client server networks.Suitable for client server networks. Fat clients (‘Intelligent terminal’) This is a workstation with full stand alone capacity. It has its own hard drive for storage and a CPU. Stations have a processor so can share the processing. There are many different ways to do this e.g. a station could act as a printer server etc. A station could store programs on its disc and load them while data files are stored elsewhere perhaps upon a central fileserver.Stations have a processor so can share the processing. There are many different ways to do this e.g. a station could act as a printer server etc. A station could store programs on its disc and load them while data files are stored elsewhere perhaps upon a central fileserver. Suitable for peer to peer networksSuitable for peer to peer networks

10. Both LANs and WANs may be either Client/Server or Peer-to-Peer networks.

11. Peer to peer network All stations are joined together in the network have equal status. All stations are joined together in the network have equal status. E Each station can communicate directly with every other workstation on the network without going through a server. They are both client and server sharing resources. They are both client and server sharing resources. Are often a form of distributive processing sharing the processing between intelligent terminals. Are often a form of distributive processing sharing the processing between intelligent terminals. Hardware and data files can be access from several computers. Hardware and data files can be access from several computers. Applications may be stored on different computers and accessed by all as longer as the owner gives permission. Applications may be stored on different computers and accessed by all as longer as the owner gives permission. Work is backed up on individual user PCs. Work is backed up on individual user PCs.

12. Client Server Network The term Client/Server is used to describe networks that have computers or terminals (clients) that are connected to a more powerful computer called the NETWORK SERVER. A central file server store the data and programs A central file server store the data and programs Access is determined by user access privileges controlled Access is determined by user access privileges controlled by their logon names and passwords by their logon names and passwords A print server would spool data ready fro despoiling to a printer when the printer is ready A print server would spool data ready fro despoiling to a printer when the printer is ready A communication servers e.g. web server; email server may control all email and internet access. A communication servers e.g. web server; email server may control all email and internet access.

13. Peer to Peer Client server Cheaper: initial start up costs and network operating system less complicated More expensive as software system more complex and need to but servers. Less vulnerable to central server crashes If server crashes or cable fails no user can continue work Simpler to set up and maintain Require specialist personnel to manage system Slower processing of tasks Faster processing of tasks Only works well on small networks <15 Can manage large networks Security and backup are not centralised and difficult to manage Centralised control with servers often doing many management functions themselves e.g. regular backups, auditing Access to data depends upon the owner’s permission. Offers easy access to centralised data

14. Networks Advantages and Disadvantages Advantages Printers can be shared. Programs can be shared. Data can be shared. Users can communicate with each other. You don’t have to use the same computer. Disadvantages Networks are expensive to purchase and maintain. If a network breaks down everybody is affected. Special security measures are needed to stop users from using programs and data that they shouldn’t have access to.

15. Network Topology Network topology refers to the layout used to connect the computers together. There are three common topologies: Bus Ring Star Any of these topologies can be used regardless of whether a network is local or wide area, server based or peer-to-peer.

16. BUS 2.This is the cheapest network topology as the smallest amount of cabling is required Workstations are connected to the main central cable/bus Data can travel in both directions Two nodes could attempt to transmit at the same time and a collision will occur. To avoid this, a node waits until no traffic on the bus and pauses slightly before transmitting. If a collision occurs both nodes wait and try again at a random time interval. The main bus standard is known as Ethernet the communications uses a broadcast channel so all attached workstations can hear every transmission.

17. Advantages Advantages Less cable need than a ring. Relatively cheaper and easier to install and maintain. Less cable need than a ring. Relatively cheaper and easier to install and maintain. Easy to add new nodes by removing terminator Easy to add new nodes by removing terminator If a workstation/terminal goes down the others will continue If a workstation/terminal goes down the others will continue Disadvantages Disadvantages Heavy traffic can cause network failure and delays Heavy traffic can cause network failure and delays Heavily dependent upon the cable backbone and cable damage can cause network failure. Heavily dependent upon the cable backbone and cable damage can cause network failure. Terminal Fileserver PLOTTER PRINTER Terminal Terminator

18. RING NETWORK The Cambridge ring has no central host computer and none of the nodes need to have overall control of access to the network. Messages in the ring flow in one direction from node to node. The Cambridge ring has no central host computer and none of the nodes need to have overall control of access to the network. Messages in the ring flow in one direction from node to node. The ring consists of a series of repeaters which are joined by cables. The ring consists of a series of repeaters which are joined by cables. PRINTER SERVER HARD DISK FILESERVER T2 T1 T8 COMMUNICATIONS SERVER T7 SCANNER T6 T5T4 T3 RING CABLE The choice of cable depends upon the distance to be travelled and required speeds. Fibre optic cabling is the best but the most expensive. Fibre optic cabling would allow a ring of about 100 kilometres. The choice of cable depends upon the distance to be travelled and required speeds. Fibre optic cabling is the best but the most expensive. Fibre optic cabling would allow a ring of about 100 kilometres.

19. Token passing technique An imaginary token is continuously passed around the RING. A token is a small packet that contains bits of data which passes around the ring (Always the same way around) An imaginary token is continuously passed around the RING. A token is a small packet that contains bits of data which passes around the ring (Always the same way around) The token is recognised as a unique character sequence. The token is recognised as a unique character sequence. If a device is waiting to transmit it catches a token and with it the authority to send data. It attaches its data. The packet will contain the destination address. If a device is waiting to transmit it catches a token and with it the authority to send data. It attaches its data. The packet will contain the destination address. As long as one device has a token no other device can send data. As long as one device has a token no other device can send data. A receiving device acknowledges it has received the message by inverting a 1 bit field. A receiving device acknowledges it has received the message by inverting a 1 bit field. Once the sending workstation has received acknowledgement that the message has been received the token is free for use by another device. Once the sending workstation has received acknowledgement that the message has been received the token is free for use by another device.

20. Advantages of a Ring network There is no dependence upon a central host as data transmission is supported by all devices on the ring. Each node has sufficient intelligence to control the transmission of data from and to its own node. There is no dependence upon a central host as data transmission is supported by all devices on the ring. Each node has sufficient intelligence to control the transmission of data from and to its own node. Works effectively when processing is distributed across a site. Works effectively when processing is distributed across a site. Very high transmission speeds are possible. Very high transmission speeds are possible. It is deterministic i.e. different performance levels can be determined for different traffic levels. It is deterministic i.e. different performance levels can be determined for different traffic levels. Routing between devices is simple because messages normally travel in one direction. Routing between devices is simple because messages normally travel in one direction. As data is in one direction it can transmit large volumes of data As data is in one direction it can transmit large volumes of data Disadvantages - Systems depends upon the reliability of the ring repeater although it can be designed to bypass faulty repeaters. If one node malfunctions this can affect the operation of the network. Systems depends upon the reliability of the ring repeater although it can be designed to bypass faulty repeaters. If one node malfunctions this can affect the operation of the network. Cabling costs Cabling costs Difficult to extend the ring. Difficult to extend the ring.

21. STAR NETWORK Each node is connected to a CPU at the centre. Popular topology for a WAN. Each node is connected to a CPU at the centre. Popular topology for a WAN. Messages pass through host which interconnects different devices on the network. The central host switches messages point to point. Messages pass through host which interconnects different devices on the network. The central host switches messages point to point. FILESERVER Scanner PRINTER T1T2T3 T4 HARD DISC T5 T6 T7 T8 COMMUNICATIONS SERVER

22. Advantages of a Star network Suitable for WANs where large organisations rely on a central computer for the bulk of data processing tasks Suitable for WANs where large organisations rely on a central computer for the bulk of data processing tasks Central control of message switching allow a high degree of security Central control of message switching allow a high degree of security Each spoke is dependent upon the rest. If one spoke breaks down the others can continue and the central CPU can identify any faults Each spoke is dependent upon the rest. If one spoke breaks down the others can continue and the central CPU can identify any faults Data transmission speeds can vary from spoke to spoke so one can use a high-speed device and another a low speed e.g.. disc drive. Data transmission speeds can vary from spoke to spoke so one can use a high-speed device and another a low speed e.g.. disc drive. Saves cabling. Saves cabling.Disadvantages Network is vulnerable to central hub failures. Network is vulnerable to central hub failures. As a distributed system, some processing is still possible at the nodes but internode connection is lost. As a distributed system, some processing is still possible at the nodes but internode connection is lost. If servicing a WAN a mini or mainframe system is needed for control of messaging. So hardware and software is expensive. If servicing a WAN a mini or mainframe system is needed for control of messaging. So hardware and software is expensive.

23. A Wide Area Network (WAN) Workstation Printer Print ServerFile Server Remote PCModem Gateway network cables telephone lines Modem Remote PC

24. Connecting and extending LAN‘s Repeaters Repeaters A repeater re amplifies a signal and resets it time so a signal is not lost or distorted therefore longer distance can be travelled. A repeater re amplifies a signal and resets it time so a signal is not lost or distorted therefore longer distance can be travelled.Bridge This is used to connect two LAN‘S of the same type eg two token ring lan‘s two ethernet LAN,s Packets crossing such links are forwarded to the bridge device and only the data needed to be passed is passed to the receiving LAN. This is used to connect two LAN‘S of the same type eg two token ring lan‘s two ethernet LAN,s Packets crossing such links are forwarded to the bridge device and only the data needed to be passed is passed to the receiving LAN. Gateway or router Used to connect two different networks LAN's or WANs Used to connect two different networks LAN's or WANs eg an ethernet LAN to a token ring LAN or LAN's may be remotely connected to WAN's using Gateways. Routers are more intelligent than bridges because it makes decisions about the route the packet can be made to take in order to find the most efficient path. Routers are more intelligent than bridges because it makes decisions about the route the packet can be made to take in order to find the most efficient path.

25. LANs and WANs

26. Modems A modem converts a digital signal to an equivalent analogue signal so that it can be sent down a telephone line. telephone line analogue signal Modem Computer digital signal 01001 Computer 01001 digital signal

27. Collisions When two messages are sent at the same time on the one medium Collision detection - If a collision does occur transmission will cease and each device involved is made to wait a slightly different length of time before trying again. If a number of retries is unsuccessful error will be reported. Collision detection - If a collision does occur transmission will cease and each device involved is made to wait a slightly different length of time before trying again. If a number of retries is unsuccessful error will be reported. Collision avoidance - allows a device to place a packet onto the network path as soon as its network card detects it as being free. The card must test twice to see if the network is free. This is to avoid collision with other messages being put on milliseconds after the first test which could still cause a collision Collision avoidance - allows a device to place a packet onto the network path as soon as its network card detects it as being free. The card must test twice to see if the network is free. This is to avoid collision with other messages being put on milliseconds after the first test which could still cause a collision

28. Front End Processor Is a more sophisticated device for communications control usually it is a mini computer whose task is to handle all communications traffic going to and from the mainframe. leaving the mainframe to concentrate on other processing tasks. Is a more sophisticated device for communications control usually it is a mini computer whose task is to handle all communications traffic going to and from the mainframe. leaving the mainframe to concentrate on other processing tasks. It’s main tasks are It’s main tasks are parity checking parity checking stripping of overhead characters eg start and stop bits and synchronisation characters. stripping of overhead characters eg start and stop bits and synchronisation characters. conversion from serial to parallel and vice versa conversion from serial to parallel and vice versa network control and accounting network control and accounting

29. Wireless Media Infra-red Radiowaves Bluetooth Broadband Microwaves Mobile phones use microwaves. Ideal for linking computers in two separate buildings fairly near to each other. Satellite systems also make use of microwaves.

30. Infra red light. Infrared refers to light waves of a lower frequency than human eyes can receive and interpret. Infrared is used in most television remote control systems, and with a standard called IrDA (Infrared Data Association) it's used to connect some computers with peripheral devices. For most of these computer and entertainment purposes, infrared is used in a digital mode -- the signal is pulsed on and off very quickly to send data from one point to another. Infrared refers to light waves of a lower frequency than human eyes can receive and interpret. Infrared is used in most television remote control systems, and with a standard called IrDA (Infrared Data Association) it's used to connect some computers with peripheral devices. For most of these computer and entertainment purposes, infrared is used in a digital mode -- the signal is pulsed on and off very quickly to send data from one point to another. Advantages Infrared communications are fairly reliable and don't cost very much to build into a device. Disadvantages It can only travel short distances. It can only travel short distances. Infrared is a "line of sight" technology. Infrared is a "line of sight" technology. Infrared is almost always a "one to one" technology. Infrared is almost always a "one to one" technology.

31. Wireless networking- cableless connectivity Radio Transmission Devices have radio transmission facilities and radio receivers. These radio receivers constantly scan the airways for incoming signals. When it detects the signal it recognises it captures it and converts it to digital form. The digital signal can be transmitted to the CPU either by cable or wireless routers are now used. Devices have radio transmission facilities and radio receivers. These radio receivers constantly scan the airways for incoming signals. When it detects the signal it recognises it captures it and converts it to digital form. The digital signal can be transmitted to the CPU either by cable or wireless routers are now used. People now need to be mobile and still access their networks, email accounts etc. e.g. doctors at the scene of an accident accessing patient records. People now need to be mobile and still access their networks, email accounts etc. e.g. doctors at the scene of an accident accessing patient records. Wireless networks may be used as part of a LAN e.g. a mobile bar code reader in a warehouse Wireless networks may be used as part of a LAN e.g. a mobile bar code reader in a warehouse Part of a WAN or Virtual Private Network e.g. a delivery driver using a hand held device to confirm deliveries with a central database Part of a WAN or Virtual Private Network e.g. a delivery driver using a hand held device to confirm deliveries with a central database

32. Bluetooth technology The Bluetooth PDA Adapter Card, PC Card, and USB Adapter plug into your PDA, PC, or notebook computer The Bluetooth PDA Adapter Card, PC Card, and USB Adapter plug into your PDA, PC, or notebook computer Enable the user to effortlessly transfer data to other Bluetooth devices such as desktop or notebook computers, input devices, PDAs, scanners, printers, and even mobile phones Enable the user to effortlessly transfer data to other Bluetooth devices such as desktop or notebook computers, input devices, PDAs, scanners, printers, and even mobile phones Connect with up to seven other Bluetooth devices at a time. Connect with up to seven other Bluetooth devices at a time.

33. Broadband and wireless networking The broadband connection gives faster access speeds to the Internet and wireless routers give wireless connection to the wireless adaptor in your PC. Average home speeds of about 54 Mps are possible. The broadband connection gives faster access speeds to the Internet and wireless routers give wireless connection to the wireless adaptor in your PC. Average home speeds of about 54 Mps are possible.

34. Advantages of Broadband Faster connection when you want to be online Faster connection when you want to be online Savings on telephone bills Savings on telephone bills Faster downloading of programs, email, attachments songs, graphics-rich sites, animations and video clips Faster downloading of programs, email, attachments songs, graphics-rich sites, animations and video clips Play interactive games at top speed against gamers around the globe Play interactive games at top speed against gamers around the globe Use telephone and be on the Internet Use telephone and be on the Internet Realtime services such as web cams, radio better quality Realtime services such as web cams, radio better quality Work from home with high speed access to corporate networks Work from home with high speed access to corporate networks

35. Disadvantges Higher subscription costs Higher subscription costs Local exchanges may not be capable of very high speed digital transmission Local exchanges may not be capable of very high speed digital transmission

36. Software components

37. Each user must have an account with a user name and password. Each user must have an account with a user name and password. The account will have permissions i.e. access rights to files and data such as read only, right only, read and write, and there will be restrictions of programs or data they can access. e.g. a member of the Personnel Department may be able to write, add and delete files of workers but a worker may only be able to read their personnel file. The account will have permissions i.e. access rights to files and data such as read only, right only, read and write, and there will be restrictions of programs or data they can access. e.g. a member of the Personnel Department may be able to write, add and delete files of workers but a worker may only be able to read their personnel file. The resources; disk space, printers they can use etc will be allocated to their account. The resources; disk space, printers they can use etc will be allocated to their account. User Accounts and Logs

38. Auditing  Auditing software keeps a record of who has logged on, when, how long, what programs and data was used and what was amended. Therefore any illicit use of the system can be tracked and evidenced.

39. Remote Management Networks can now be managed remotely from other rooms, buildings or across many sites by network management companies. Networks can now be managed remotely from other rooms, buildings or across many sites by network management companies. e.g. e.g. A workstation left unattended can be logged off. A workstation left unattended can be logged off. Network managers can observe what users are doing. Network managers can observe what users are doing. Remote technicians can find and fix software problems with the network Remote technicians can find and fix software problems with the network

40. Configuration management Factors to be considered when making configuration choices Applications Software choices Applications Software choices Operating systems and network management software Operating systems and network management software Hardware Hardware Range of User needs Range of User needs Future proofing Future proofing

41. Security strategies Threats: Hacking Hacking Spreading viruses Spreading viruses Deliberate or accidental destruction of data Deliberate or accidental destruction of data Data integrity Data integrity White collar crime White collar crime

42. Prevention of deliberate crimes or misuse 1. Hacking – unauthorised access Define security status and access rights for users Define security status and access rights for users All authorised users should be given user names and passwords. This will limit unauthorised access to the network. Hierarchy of Passwords Hierarchy of Passwords Identification - User Name Identification - User Name Authentification - Password Authentification - Password Authorisation - What files you can see and what you arer allowed to do Authorisation - What files you can see and what you arer allowed to do

43. Enforce a strict password regime. Passwords must be kept secret; Passwords must be kept secret; never written down at least 8 characters long; a mixture of upper and lower case numbers and letters; never written down at least 8 characters long; a mixture of upper and lower case numbers and letters; not allowed to reuse old passwords; not allowed to reuse old passwords; do not use familiar names which are easy to guess. do not use familiar names which are easy to guess. Users should change their passwords frequently 1. Hacking – unauthorised access

44. Restrict physical access to files e.g. smart cards to control entrance to rooms. Secured areas to hold servers Restrict physical access to files e.g. smart cards to control entrance to rooms. Secured areas to hold serversAlarms – Protect computer room with burglar alarms. Doors & windows – Locked when room not in use Biometric scans such as voice or hand prints; retina scans; Biometric scans such as voice or hand prints; retina scans; Security of document filing systems. Security of document filing systems. Access Security limits a persons use of the network 1. Hacking – unauthorised access

45. Firewalls A dedicated gateway machine with special security precautions on it, used to monitor network, especially Internet, connections. The idea is to protect a network segment and its files from hackers. A dedicated gateway machine with special security precautions on it, used to monitor network, especially Internet, connections. The idea is to protect a network segment and its files from hackers. An iron / sandbox is a special environment set up to trap a hacker logging in over remote connections. May include a modified shell restricting the hacker's movements in unobvious ways, and "bait" files designed to keep him interested and logged on until he can be traced. An iron / sandbox is a special environment set up to trap a hacker logging in over remote connections. May include a modified shell restricting the hacker's movements in unobvious ways, and "bait" files designed to keep him interested and logged on until he can be traced. This prevents intrusion from an Internet access Point. It can be firewall software or a dedicated ‘ iron /sandbox’. It authenticates messages coming into the network and verifies the legitimacy of the user to enter the network. If a packet of data cannot be authenticated then it is removed and not let through. This is used to try to control hacking and malicious spreading of a virus This prevents intrusion from an Internet access Point. It can be firewall software or a dedicated ‘ iron /sandbox’. It authenticates messages coming into the network and verifies the legitimacy of the user to enter the network. If a packet of data cannot be authenticated then it is removed and not let through. This is used to try to control hacking and malicious spreading of a virus 1. Hacking – unauthorised access

46. Proxy servers This device tries to stop intruders from identifying the IP (Internet Protocol) address of a user workstation accessing the Internet. The IP address of any user wanting to use the Internet sends a request to the proxy server who notes this IP address. The proxy server sends the request out to the Internet and it gets the return response which then sends it to the user IP address. Outsiders only see the IP address of the proxy server and not of the user workstation. This is of little use to a hacker. This device tries to stop intruders from identifying the IP (Internet Protocol) address of a user workstation accessing the Internet. The IP address of any user wanting to use the Internet sends a request to the proxy server who notes this IP address. The proxy server sends the request out to the Internet and it gets the return response which then sends it to the user IP address. Outsiders only see the IP address of the proxy server and not of the user workstation. This is of little use to a hacker. 1. Hacking – unauthorised access

47. Call Back procedures Some companies operate a dial-back system. A user logs on to a computer which immediately disconnects the line and dials the user back. This would stop a user logging on with someone else's password. If data is transmitted through a network there needs to be measures to ensure the data is secure. If users are sending their credit card details over the Internet then it is important that hackers cannot access them Some companies operate a dial-back system. A user logs on to a computer which immediately disconnects the line and dials the user back. This would stop a user logging on with someone else's password. If data is transmitted through a network there needs to be measures to ensure the data is secure. If users are sending their credit card details over the Internet then it is important that hackers cannot access them 1. Hacking – unauthorised access

48. Encryption Data transmitted over a network is coded before transmission. This means that anybody intercepting the transmitted data would not be able to understand it. The data needs to be de-coded by the proper recipient. Data transmitted over a network is coded before transmission. This means that anybody intercepting the transmitted data would not be able to understand it. The data needs to be de-coded by the proper recipient. 1. Hacking – unauthorised access

49. 2. Spreading a computer virus These are programs introduced into computer systems which destroy or alter files by rewriting over data or by copying themselves over and over again until computer system is full and cannot continue. Firewalls Firewalls Don’t’ download unknown programs from the Internet straight to hard disc. Only use reputable sources. Don’t’ download unknown programs from the Internet straight to hard disc. Only use reputable sources. Write protect media so can’t be written onto Write protect media so can’t be written onto Don’t copy illegal software Don’t copy illegal software Use a virus scanning software and virus eradication program. Make sure this is kept up to date with the latest virus definitions – available from the Internet. Use a virus scanning software and virus eradication program. Make sure this is kept up to date with the latest virus definitions – available from the Internet. Use diskless workstations on networks Use diskless workstations on networks Control access to portable media and do not let users use own disk etc on the organisations system. Control access to portable media and do not let users use own disk etc on the organisations system.

50. Computer fraud – white-collar crime (NOT ’fraud’ by itself) Bogus data entry when entering data Bogus data entry when entering data Bogus output -output may be destroyed to prevent discovery of fraudulent data entry or processing Bogus output -output may be destroyed to prevent discovery of fraudulent data entry or processing Alteration of files e.g. employee alters salary rate or hours worked Alteration of files e.g. employee alters salary rate or hours worked Program Patching – introduction of an additional subroutine or code e.g. channel funds into a fictitious account or transmit codes to get free telephone calls Program Patching – introduction of an additional subroutine or code e.g. channel funds into a fictitious account or transmit codes to get free telephone calls Suspense accounts rejected or unreconciled accounts may be redirected into a colluding account. Suspense accounts rejected or unreconciled accounts may be redirected into a colluding account. Blackmailing with threat of virus Blackmailing with threat of virus Deliberate data destruction to cause havoc and financial loss to a competitor Deliberate data destruction to cause havoc and financial loss to a competitor

51. Prevention or ‘White Collar’ computer crimes Companies must implement security procedures Monitor all programs and users actions should be monitored and logged. All users should be identifiable and all files capable of being audited keep online transaction logs Monitor all programs and users actions should be monitored and logged. All users should be identifiable and all files capable of being audited keep online transaction logs Auditing procedures to detect fraud Auditing procedures to detect fraud Divide up programming tasks so no one programmer has responsibility for writing a program common in banks. Divide up programming tasks so no one programmer has responsibility for writing a program common in banks. Control access to hardware and software. Control access to hardware and software. Often companies are unwilling to disclose crimes against them because It could lead to loss of public confidence in the security of the data. It could lead to loss of public confidence in the security of the data. Often their own security teams can be involved and this would again question their efficiency. Often their own security teams can be involved and this would again question their efficiency. Computer crime is often relatively easy because Users do not have a great deal of technical knowledge Users do not have a great deal of technical knowledge Many external auditors do not have the expertise to trace programs but rely on printouts. Many external auditors do not have the expertise to trace programs but rely on printouts.

52. A Physical theft of computer equipment Use locking devices: lock computers to desks Use locking devices: lock computers to desks; keep doors and windows locked Serial numbers – Keep a record of all serial numbers. Restrict access to rooms with smart cards, hand or voice prints, retina scans Restrict access to rooms with smart cards, hand or voice prints, retina scans Use fire doors and smoke alarms.

53. Deliberate or accidental destruction of files. Backup systems including Backup systems including Regular back up files - offsite - and in fireproof containers Regular back up files - offsite - and in fireproof containers Online tape or disc streamer which automatically backs up data on a network Online tape or disc streamer which automatically backs up data on a network Grandfather father son security system in batch processing systems. e.g. payroll Grandfather father son security system in batch processing systems. e.g. payroll RAID systems – mirror discs (Redundant Array of Inexpensive Disc) RAID systems – mirror discs (Redundant Array of Inexpensive Disc) Back-up files should be kept secure – ideally in locked, fireproof rooms or safes in a different location to the network. Archiving means copying or moving files somewhere for long- term storage. Some software and files can be password protected. Physical protection of the data from accidental destruction

54. Accidental corruption / Data Integrity Clerical procedures e.g asking customers to confirm name and address date of birth agreed words etc, Clerical procedures e.g asking customers to confirm name and address date of birth agreed words etc, Prevent overwriting Prevent overwriting put the write protect notch on your disc put the write protect notch on your disc make hard discs read only make hard discs read only

55. Verification procedures Double entry keying Double entry keying Check / parity bit Check / parity bit A Parity Bit is a single bit (0 or 1) added onto the end of a byte of data. If even parity is used then the number of 1 bits in any transmitted data must always be even. A Parity Bit is a single bit (0 or 1) added onto the end of a byte of data. If even parity is used then the number of 1 bits in any transmitted data must always be even. In the following two bytes, the red bit is the parity bit : In the following two bytes, the red bit is the parity bit : 00101101 00101101 11101110 11101110 The receiving computer will check the number of 1-bits in the data. If data is received with an odd number of bits then the computer will know the data has been corrupted during the transmission - and will ask for the data to be sent again. Odd parity uses an odd number of 1-bits in every byte. Odd parity uses an odd number of 1-bits in every byte.

56. Validation procedures Range checks; Range checks; Presence checks; Presence checks; Check digits; Check digits; Format checks; Format checks; Input masks Input masks

57. Disaster Planning Why is disaster planning important? A computer system can crash e.g. hardware failure - e.g. hard drive head crash software failure - resource problems or errors A computer system can crash e.g. hardware failure - e.g. hard drive head crash software failure - resource problems or errors Floods, fire, bombs cannot always be prevented Floods, fire, bombs cannot always be prevented There may be deliberate vandalism/terrorism /hacking or accidental altering of data e.g. by inexperienced employees There may be deliberate vandalism/terrorism /hacking or accidental altering of data e.g. by inexperienced employees Networks may go down preventing communication Networks may go down preventing communication

58. Companies must Ensure data, hardware and software is not lost or damaged. Ensure data, hardware and software is not lost or damaged. Restore communication systems as quickly as possible. Restore communication systems as quickly as possible.Consequences Loss of business and income Loss of business and income Loss of reputation Loss of reputation Legal action Legal action

59. The factors to take into account when designing security policies Physical security Physical security Prevention of misuse Prevention of misuse Availability of an alternative computer system and back up power supply Availability of an alternative computer system and back up power supply Audit trails for detection Audit trails for detection Continuous investigation of irregularities Continuous investigation of irregularities System Access - establishing procedures for accessing data such as log on procedures, firewalls System Access - establishing procedures for accessing data such as log on procedures, firewalls Operational procedures Operational procedures Disaster recovery planning and dealing with threats from viruses Disaster recovery planning and dealing with threats from viruses Personnel administration Personnel administration Staff code of conduct and responsibilities Staff code of conduct and responsibilities Staff training Staff training Policy and maintenance staff available. Policy and maintenance staff available. Disciplinary procedures. Disciplinary procedures.

60. Operational Procedures Disciplinary procedures. Disciplinary procedures. Screening potential employees Screening potential employees Routines for distributing updated virus information and virus scanning procedures Routines for distributing updated virus information and virus scanning procedures Define procedures for downloading from the Internet, use of floppy discs, personal backup procedures Define procedures for downloading from the Internet, use of floppy discs, personal backup procedures Establish security rights for updating web pages Establish security rights for updating web pages Establish a disaster recovery programme Establish a disaster recovery programme Set up auditing procedures (Audit trails) to detect misuse. Set up auditing procedures (Audit trails) to detect misuse.

61. Factors determining how much a company spends to develop control, minimising risk.

62. Do a risk analysis of potential threats Identify potential risks Identify potential risks Likelihood of risk occurring Likelihood of risk occurring Short and long term consequences of threat Short and long term consequences of threat How well equipped is the company to deal with threat How well equipped is the company to deal with threat 1. What to do before?

63. Put preventive measures in place. Establish physical protection system (firewalls etc.) Establish physical protection system (firewalls etc.) Establish security rights for file access and updating web pages Establish security rights for file access and updating web pages Establish a disaster recovery programme Establish a disaster recovery programme Set up auditing procedures (Audit trails) to detect misuse Set up auditing procedures (Audit trails) to detect misuse

64. Staff training in operational procedures. Screening potential employees Screening potential employees Routines for distributing updated virus information and virus scanning procedures Routines for distributing updated virus information and virus scanning procedures Define procedures for downloading from the Internet, use of floppy discs, personal backup procedures Define procedures for downloading from the Internet, use of floppy discs, personal backup procedures Define staff code of conduct for using computer systems e.g. no abusive emails. No illicit use etc. Define staff code of conduct for using computer systems e.g. no abusive emails. No illicit use etc.

65. 2. What to do during? What response should staff make when the disaster occurs? What response should staff make when the disaster occurs?

66. 3. What to do after? Implement recovery measures Hardware can be replaced. Hardware can be replaced. Software can be re-installed. (or de-bugged by the programming department). Software can be re-installed. (or de-bugged by the programming department). The real problem is the data. No business can afford to lose its data. The real problem is the data. No business can afford to lose its data. Backups of all data should be regularly made. This means that the worst case scenario is that the business has to go back to the situation of the last backup and carry on from there. Backups may take a long time - often tape-streamed at night. Backups of all data should be regularly made. This means that the worst case scenario is that the business has to go back to the situation of the last backup and carry on from there. Backups may take a long time - often tape-streamed at night. Alternative communication /computer systems may be arranged in case a network goes down or alternative power supply. Alternative communication /computer systems may be arranged in case a network goes down or alternative power supply.