Types of Electronic Infection 1. Computer viruses 2. Worms 3. Trojan horses
1.Computer virus 17.3 Electronic Infection A program that attaches itself to a real program Each time the user’s program runs, the virus runs too Can corrupt a computer system Can replicate itself to infect other computer systems
1.Computer virus 17.3 Electronic Infection spreading through e-mail messages Spread via the Internet Spread through storage media
1.Computer virus: Spread through e-mail messages 17.3 Electronic Infection E-mail virus 1.Computer virus: Spread through e-mail messages Most common way of virus transmission Computers usually infected through e-mail attachments Virus replicates itself by automatically mailing itself to people in victim’s e-mail address book
1.Computer virus: Spread via the Internet 17.3 Electronic Infection Source of viruses Good practice to scan suspicious downloads
1.Computer virus: Spread through Storage Media 17.3 Electronic Infection 1.Computer virus: Spread through Storage Media Storage Media: Floppy Disks, CD- ROM etc… NOT the major sources for spreading computer viruses nowadays Files in a disk may be infected with virus downloaded from the Internet or attached to e-mails
2.Worms Method of spreading 17.3 Electronic Infection A computer program that uses computer networks and security loopholes to spread out and replicate itself. Method of spreading A copy of the worm scans the network for another machine with a specific security loophole The worm copies itself to the new computer using the security loophole.
3.Trojan Horses 17.3 Electronic Infection A computer program that intends to perform malicious or destructive actions Hide well or looks like real programs Running these programs the Trojan horse enters without any notice Hackers, with Trojan horses, can Steal sensitive information such as passwords and credit card numbers Remotely control the victim’s computer NOT a virus as there is NO REPLICATION
Avoiding Virus Attacks 17.3 Electronic Infection Avoiding Virus Attacks 1. Antivirus software Examine files stored on disk or downloaded from the Internet Determine whether they are infected Disinfect the files if necessary Scan for virus signatures to identify a known virus
Avoiding Virus Attacks 17.3 Electronic Infection Avoiding Virus Attacks 2. Measures to prevent infection Do not accept files from high-risk sources Install updated antivirus software Update virus signatures regularly Scan computer at regular intervals to ensure that it is free from virus Scan all incoming files before opening Backup programs and data regularly Change passwords at regular intervals
1. What is an Encryption? 17.4 Securing Internet Transaction The process of converting readable data (plaintext) into unreadable characters (ciphertext) Can prevent unauthorized access Read the encrypted file → Decryption → Readable form The reverse process is called decryption The encryption process generally requires -Algorithm -A mathematical formula -Encryption key -A string of numbers and characters
2. Symmetric Key Encryption & Public Key Encryption 17.4 Securing Internet Transaction 2. Symmetric Key Encryption & Public Key Encryption Symmetric Key Encryption BOTH the sender and the recipient use the SAME key to encrypt and decrypt data Problem Need one key for each partner → problem of key management and storage when a lot of people need to communicate
2. Symmetric Key Encryption & Public Key Encryption 17.4 Securing Internet Transaction 2. Symmetric Key Encryption & Public Key Encryption Public Key Encryption Two keys (Public Key & Private Key) Public Key Used for encryption Known to every person and placed on a public-key server Private Key Used for decryption Should be kept confidential
3. Digital Certificate 17.4 Securing Internet Transaction Guarantees the identity of a user involved in a transaction Also called a public-key certificate Issued and verified by a certificate authority (CA) Typically contains Holder’s name Holder’s public key Expiration date Issuing CA’s name and signature Serial number of certificate
4. Secure Sockets Layer (SSL) 17.4 Securing Internet Transaction 4. Secure Sockets Layer (SSL) A protocol that provides secure data transmission between web servers and browser A web site providing SSL must have a digital certificate Web sites use them to transmit confidential information like passwords and credit card numbers Web pages that use SSL typically begin with https:// instead of http://
4. Secure Sockets Layer (SSL) 17.4 Securing Internet Transaction 4. Secure Sockets Layer (SSL)
5. Securing E-mail Messages 17.4 Securing Internet Transaction 5. Securing E-mail Messages An e-mail message passes through a number of servers before reaching the recipient. Messages can be read by everyone if pried intentionally. Messages containing confidential information should be encrypted before being sent.
6. Digital Signature 17.4 Securing Internet Transaction A digital code attached to a message Used to identify the sender and verify that the received message has not been altered during transmission Generation process of digital signatures relies on public key method