1. Department of Information System Faculty of Computing & Information Technology King Abdul Aziz University, Jeddah, KSA

3.  Today, many people rely on computers to do homework, work, and create or store useful information. Therefore, it's important for the information to be stored and kept properly. It's also extremely important to protect computers from data loss, misuse and abuse.  For example, businesses need to keep their information secure and protected from hackers. Home users also need to ensure their credit card numbers are secure when participating in online transactions.  A computer security risk is any action that could cause loss of information to software, data, processing incompatibilities or damage to computer hardware. Introduction to Problem

4.  An planned break in computer security is known as a computer crime.  A cybercrime is known as illegal acts based on the Internet and is one of the FBI's top priorities. There are several distinct categories for people that commit cybercrimes, and they are: hacker, cracker, cyber terrorist, cyber extortionist, unethical employee, script kiddies’ and corporate spy.  A hacker is defined as someone who accesses a computer or computer network illegally. They often claim that they do this to find leaks in the security of a network. Introduction to Problem (Contd..)

5. The term cracker refers to someone intentionally accessing a computer or computer network with malice in mind. They access computers with the intention of destroying or stealing/theft information. Both crackers and hackers are having advanced network skills. A cyber terrorist is someone who uses a computer network or the Internet to destroy computer systems for political reasons. It’s similar to a terrorist attack because it requires highly skilled individuals, millions of dollars to implement and years of planning.

6.  The term cyber extortionist is someone who uses email as an offensive force. They usually send a company a threatening email and saying that they will release some confidential information, exploit a security leak, or launch an attack that will harm a company’s network. They use blackmail to demand a certain amount of money in exchange for not launching an attack.  When you transfer information over a network it has a high security risk compared to information transmitted in a business network because the administrators usually take strict measures to protect against security risks. Over the Internet the risk is much higher. If you're not sure if your computer is secure, it's advisable to use an online security service to check your computer for email and Internet vulnerabilities.

7. viruses, worms, and Trojan horses The typical network attacks that put computers at risk are: viruses, worms, spoofing, Trojan horses and denial of service attacks. Every unprotected computer is “in danger/risk/weak” to a computer virus. Once the virus is in the computer it can spread throughout, infecting other files and potentially damaging the operating system itself.

8.  A computer worm is a program that again and again/frequently copies itself and is similar to a computer virus. However, a virus needs to attach itself to an executable file and become part of it. A computer worm doesn’t need to do that. It copies itself, travels to other networks and eats up a lot of bandwidth.

9.  A Trojan horse is a program that hides and seems to be a legitimate program but in reality is a fake. A certain action usually triggers the Trojan horse, and unlike viruses and worms they don’t replicate. Computer viruses, worms, and Trojan horses are all classified as malicious-logic programs. These three are the most common but there many variations which are impossible to list here. You know when a computer is infected by a virus, worm, or Trojan horse if one or more of the following events take place:

10. computer Security Computer Security is a branch of technology known as information security as applied to computers. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The objective of computer security varies and can include protection of information from theft or corruption, or the preservation of availability, as defined in the security policy.

11.  Computer Security has three Layers: * Hacking * Cracking * Phrasing

12.  Hacking: Unauthorized use or attempts to circumvent or bypass the security mechanisms of an information system or network. Computer hacking always involves some degree of infringement on the privacy of others or damage to computer-based property such as files, web pages or software. The impact of computer hacking varies from simply being simply invasive and annoying to illegal.

13.  Cracking: The act of breaking into a computer system. Software Cracking is the modification of software to remove protection methods: copy prevention, trial/demo version, serial number, hardware key, CD check or software annoyances like nag screens and adware. The most common software crack is the modification of an application's binary to cause or prevent a specific key branch in the program's execution.

14.  Phrasing: The art and science of cracking the phone network. Security by design. The technologies of computer security are based on logic. There is no universal standard notion of what secure behavior is. "Security" is a concept that is unique to each situation. Security is extraneous to the function of a computer application, rather than ancillary to it, thus security necessarily imposes restrictions on the application's behavior. There are several approaches to security in computing; sometimes a combination of approaches is valid.

15. 1.Trust all the software to abide by a security policy but the software is not trustworthy (this is computer insecurity). 2. Trust all the software to abide by a security policy and the software is validated as trustworthy (by tedious branch and path analysis for example). 3. Trust no software but enforce a security policy with mechanisms that are not trustworthy (again this is computer insecurity). 4. Trust no software but enforce a security policy with trustworthy mechanisms.

16. Describe the types of computer security risks Identify ways to safeguard against computer viruses, worms, Trojan horses, denial of service attacks, back doors, and spoofing Discuss techniques to prevent unauthorized computer access and use Identify safeguards against hardware theft and vandalism Explain the ways software manufacturers protect against software piracy Define encryption and explain why it is necessary Discuss the types of devices available that protect computers from system failure Explain the options available for backing up computer resources Identify risks and safeguards associated with wireless communications Recognize issues related to information accuracy, rights, and conduct Discuss issues surrounding information privacy Discuss ways to prevent health-related disorders and injuries due to computer use 16

17.  What is a computer security risk?  Action that causes loss of or damage to computer system 17

18.  What are viruses, worms, and Trojan horses? Virus Virus is a potentially damaging computer program Worm Worm copies itself repeatedly, using up resources and possibly shutting down computer or network Trojan horse Trojan horse hides within or looks like legitimate program until triggered Payload (destructive event) that is delivered when you open file, run infected program, or boot computer with infected disk in disk drive Can spread and damage files Does not replicate itself on other computers 18

19. How can a virus spread through an e-mail message? Step 1. Unscrupulous programmers create a virus program. They hide the virus in a Word document and attach the Word document to an e-mail message. Step 2. They use the Internet to send the e-mail message to thousands of users around the world. Step 3b. Other users do not recognize the name of the sender of the e-mail message. These users do not open the e-mail message. Instead they delete the e-mail message. These users’ computers are not infected with the virus. Step 3a. Some users open the attachment and their computers become infected with the virus. 19

20.  How can you protect your system from a macro virus?  Set macro security level in applications that allow you to write macros  At medium security level, warning displays that document contains macro  Macros are instructions saved in an application, such as word processing or spreadsheet program 20

21.  What is an antivirus program?  Identifies and removes computer viruses  Most also protect against worms and Trojan horses 21

22.  What is a virus signature?  Specific pattern of virus code  Also called virus definition  Antivirus programs look for virus signatures 22

23. Keeps file in separate area of hard disk  How does an antivirus program inoculate a program file? Records information about program such as file size and creation date Attempts to remove any detected virus Uses information to detect if virus tampers with file Quarantines infected files that it cannot remove 23

24.  What are some tips for preventing virus, worm, and Trojan horse infections? Install a personal firewall program If the antivirus program flags an e-mail attachment as infected, delete the attachment immediately Set the macro security in programs so you can enable or disable macros Never open an e-mail attachment unless you are expecting it and it is from a trusted source Install an antivirus program on all of your computers Check all downloaded programs for viruses, worms, or Trojan horses 24

25.  What is a denial of service attack and back door? A denial of service attack is an assault which disrupts computer access to an Internet service such as the Web or e-mail A back door is a program or set of instructions in a program that allow users to bypass security controls when accessing a computer resource 25

26.  What is spoofing? Makes a network or Internet Transmission appear legitimate IP spoofing occurs when an intruder computer fools a network into believing its IP address is from a trusted source Perpetrators of IP spoofing trick their victims into interacting with a phony Web site 26

27.  What is a firewall?  Security system consisting of hardware and/or software that prevents unauthorized intrusion 27

28.  What is a personal firewall utility?  Program that protects personal computer and its data from unauthorized intrusions  Monitors transmissions to and from computer  Informs you of attempted intrusion 28

29.  How can companies protect against hackers? Intrusion detection software analyzes network traffic, assesses system vulnerabilities, and identifies intrusions and suspicious behavior Access control defines who can access computer and what actions they can take Audit trail records access attempts 29

30. The Honeynet tracks hackers and exposes their techniques low quality (click to start) high quality (click to start) 30

31.  What are other ways to protect your personal computer?  Disable file and printer sharing on Internet connection File and printer sharing turned off 31

32.  What is a user name?  Unique combination of characters that identifies user  Password is private combination of characters associated with the user name that allows access to computer resources 32

33.  How can you make your password more secure?  Longer passwords provide greater security 33

34.  What is a possessed object?  Item that you must carry to gain access to computer or facility  Often used with numeric password called personal identification number (PIN) 34

35.  What is a biometric device?  Authenticates person’s identity using personal characteristic  Fingerprint, hand geometry, voice, signature, and iris 35

36. Smile, Big Brother wants your iris scan low quality (click to start) high quality (click to start) 36

37.  What are hardware theft and hardware vandalism?  Hardware theft is act of stealing computer equipment  Cables sometimes used to lock equipment  Some notebook computers use passwords, possessed objects, and biometrics as security methods  For PDAs, you can password- protect the device  Hardware vandalism is act of defacing or destroying computer equipment 37

38.  What is software theft? Act of stealing or illegally copying software or intentionally erasing programs Software piracy is illegal duplication of copyrighted software 38

39.  What is a license agreement?  Right to use software  Single-user license agreement allows user to install software on one computer, make backup copy, and sell software after removing from computer 39

40.  What are some other safeguards against software theft? Product activation allows user to input product identification number online or by phone and receive unique installation identification number Business Software Alliance (BSA) promotes better understanding of software piracy problems 40

41.  What is encryption?  Safeguards against information theft  Process of converting plaintext (readable data) into ciphertext (unreadable characters)  Encryption key (formula) often uses more than one method  To read the data, the recipient must decrypt, or decipher, the data 41

42.  How can I encrypt the contents of files and folders in WindowsXP? 42

43. Secure site Secure site is Web site that uses encryption to secure data  How do Web browsers provide secure data transmission? Digital certificate Digital certificate is notice that guarantees Web site is legitimate Many Web browsers use encryption 43

44.  What is a certificate authority (CA)?  Authorized person or company that issues and verifies digital certificates  Users apply for digital certificate from CA 44

45.  What is Secure Sockets Layer (SSL)?  Provides encryption of all data that passes between client and Internet server  Web addresses beginning with “https” indicate secure connections 45

46. Undervoltage—drop in electrical supply  What is a system failure? Overvoltage or power surge— significant increase in electrical power Noise—unwanted electrical signal Caused by aging hardware, natural disasters, or electrical power disturbances Can cause loss of hardware, software, or data Prolonged malfunction of computer 46

47.  What is a surge protector?  Protects computer and equipment from electrical power disturbances  Uninterruptible power supply (UPS) is surge protector that provides power during power loss 47

48.  What is a backup? Duplicate of file, program, or disk Full backup Full backup all files in computer Selective backup Selective backup select which files to back up Three-generation backup Three-generation backup preserves three copies of important files restore In case of system failure or corrupted files, restore files by copying to original location 48

49.  How can I ensure my wireless communication is secure?  Secure your wireless access point (WAP)  WAP should not broadcast your network name  Enable Wired Equivalent Privacy or Wi-Fi Protected Access (WPA) 49

50.  What are computer ethics? Information privacy Intellectual property rights—rights to which creators are entitled for their work Software theft Information accuracy Codes of conduct Unauthorized use of computers and networks Moral guidelines that govern use of computers and information systems 50

51.  What is an IT code of conduct?  Written guideline that helps determine whether computer action is ethical  Employers can distribute to employees 51

52.  What is information privacy? Legal for employers to use monitoring software programs Difficult to maintain today because data is stored online Employee monitoring is using computers to observe employee computer use Right of individuals and companies to deny or restrict collection and use of information about them 52

53.  What are some ways to safeguard personal information? Fill in only necessary information on rebate, warranty, and registration forms Avoid shopping club and buyers cards Install a cookie manager to filter cookies Inform merchants that you do not want them to distribute your personal information Limit the amount of information you provide to Web sites; fill in only required information Clear your history file when you are finished browsing Set up a free e-mail account; use this e-mail address for merchant forms Turn off file and print sharing on your Internet connection Install a personal firewall Sign up for e-mail filtering through your Internet service provider or use an antispam program, such as Brightmail Do not reply to spam for any reason Surf the Web anonymously with a program such as Freedom Web Secure or through an anonymous Web site such as Anonymizer.com 53

54.  What is an electronic profile?  Data collected when you fill out form on Web  Merchants sell your electronic profile  Often you can specify whether you want personal information distributed 54

55.  What is a cookie? Set browser to accept cookies, prompt you to accept cookies, or disable cookies Some Web sites sell or trade information stored in your cookies Small file on your computer that contains data about you User preferences Interests and browsing habits How regularly you visit Web sites 55

56.  How do cookies work? 56

57.  What are spyware, adware, and spam?  Spyware is program placed on computer without user’s knowledge  Adware is a program that displays online advertisements  Spam is unsolicited e-mail message sent to many recipients 57

58.  How can you control spam? Collects spam in central location that you can view any time Service that blocks e-mail messages from designated sources E-mail filtering Sometimes removes valid e-mail messages Attempts to remove spam Anti-spam program 58

59.  What is phishing? Scam in which a perpetrator sends an official looking e-mail that attempts to obtain your personal and financial information 59

60.  What privacy laws have been enacted? 60

61.  What privacy laws have been enacted? (cont’d) 61

62.  What is content filtering?  Process of restricting access to certain material  Internet Content Rating Association (ICRA) provides rating system of Web content  Web filtering software restricts access to specified sites 62

63.  What is computer forensics?  Also called digital forensics, network forensics, or cyberforensics  Discovery, collection, and analysis of evidence found on computers and networks  Computer forensic analysts must have knowledge of the law, technical experience, communication skills, and willingness to learn 63

64. Computer vision syndrome (CVS)—eye and vision problems  What are some health concerns of computer use? Repetitive strain injury (RSI) Computer addiction—when computer consumes entire social life Tendonitis—inflammation of tendon due to repeated motion Carpal tunnel syndrome (CTS)—inflammation of nerve that connects forearm to palm 64

65.  What precautions can prevent tendonitis or carpal tunnel syndrome?  Spread fingers apart for several seconds while keeping wrists straight  Gently push back fingers and then thumb  Dangle arms loosely at sides and then shake arms and hands 65

66.  How can you ease eyestrain when working at the computer? 66

67.  What is ergonomics?  Applied science devoted to comfort, efficiency, and safety in workplace keyboard height: 23” to 28” feet flat on floor adjustable height chair with 5 legs for stability adjustable seat adjustable backrest elbows at 90° and arms and hands parallel to floor 67

68.  What is green computing?  Reducing electricity and environmental waste while using computer 68

69. Potential computer risks Safeguards that schools, business, and individuals can implement to minimize these risks Wireless security risks and safeguards Ethical issues surrounding information accuracy, intellectual property rights, codes of conduct, and information privacy Computer-related health issues, their preventions, and ways to keep the environment healthy 69