Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Information and Computer Science Security Lecture a This material (Comp4_Unit8a) was developed by Oregon Health and Science University,

Published byRosa Griffin Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction to Information and Computer Science Security Lecture a This material (Comp4_Unit8a) was developed by Oregon Health and Science University,"— Presentation transcript:

1 Introduction to Information and Computer Science Security Lecture a This material (Comp4_Unit8a) was developed by Oregon Health and Science University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC000015.

2 Security Learning Objectives List and describe common security concerns (Lecture a) Describe safeguards against common security concerns (Lecture b) Describe security concerns for wireless networks and how to address them (Lecture b and c) List security concerns/regulations for health care applications (Lecture c) Describe security safeguards used for health care applications (Lecture c) Health IT Workforce Curriculum Version 3.0/Spring 2012 2 Introduction to Information and Computer Science Security Lecture a

3 Concerns About Security Loss, stolen, or compromised data Identity theft and impersonation Downtime for businesses –Loss of revenue Blackmail –Threat to disclose medical information Health IT Workforce Curriculum Version 3.0/Spring 2012 3 Introduction to Information and Computer Science Security Lecture a

4 Common Threats to Security Wikipedia: –“Malware... (malicious software) is... designed to infiltrate a computer system without the owner's informed consent.” (Wikipedia, 2007) Types of malware include: –Trojans –Viruses –Hoaxes –Worms –Phishing –Macro viruses –Hackers Health IT Workforce Curriculum Version 3.0/Spring 2012 4 Introduction to Information and Computer Science Security Lecture a

5 Trojan Horse Trojan horse―malware program that usually impersonates a known good file installed on system by replacing (deleting) \good file Name comes from Greek Trojan Horse myth The Trojan then does its dirty work on certain date, through user action or on command Trojans can destroy or copy data, install adware, or install browser toolbar Trojans can record keystrokes and send this to attacker and scan computer ports Health IT Workforce Curriculum Version 3.0/Spring 2012 5 Introduction to Information and Computer Science Security Lecture a

6 Viruses A virus is a computer program that can harm a computer and make it inoperable. Some viruses are only an annoyance. Viruses usually do not replicate (make copies of) themselves on other computers Removing a virus usually cleans computer Sending a virus via email may replicate virus In 2008, Fun.exe virus spread itself via email throughout the world and was very difficult to remove as it made many copies of itself on an infected computer Health IT Workforce Curriculum Version 3.0/Spring 2012 6 Introduction to Information and Computer Science Security Lecture a

7 Macro Viruses Macro viruses usually infect Microsoft Office files and install themselves when users click files. A macro is a small program, usually written in VBA (Visual Basic for Applications) Macro viruses spread when users click files in which the macro virus resides Macro viruses may also delete files, etc. on infected system Health IT Workforce Curriculum Version 3.0/Spring 2012 7 Introduction to Information and Computer Science Security Lecture a

8 Personal Information Attacks Phishing Attempt to trick user into revealing personal information to attacker so they can impersonate user Pronounced like “fishing”; attacker is fishing for information about user User may receive email that appears to be from financial institution, eBay, or Amazon, asking for login to verify transaction. Health IT Workforce Curriculum Version 3.0/Spring 2012 8 Introduction to Information and Computer Science Security Lecture a

9 Personal Information Attacks (continued) Clicking link in email brings user to Web site that looks like real Web site No reputable organization will ever ask for this Report attack to organization so they are aware and can act Most email software includes ability to monitor for phishing and move suspected email to non-functional (junk email) folder Health IT Workforce Curriculum Version 3.0/Spring 2012 9 Introduction to Information and Computer Science Security Lecture a

10 Worms A worm is a program that works to create lots of network traffic Some worms are not malware as they crawl network searching for reporting information Most worms replicate themselves, making network unusable ILOVEYOU worm successfully attacked millions of computers (users who clicked attachment) in May 2000 Health IT Workforce Curriculum Version 3.0/Spring 2012 10 Introduction to Information and Computer Science Security Lecture a

11 False Information Hoaxes Hoaxes usually a harmless attempt to convince user of something that is not true Usually come in form of an email Some hoaxes invite user to send money to someone in another part of world or ask for contributions to find missing children Use search engine to determine whether email’s message is true by entering email subject line in search engine Result will usually indicate whether email is hoax Health IT Workforce Curriculum Version 3.0/Spring 2012 11 Introduction to Information and Computer Science Security Lecture a

12 False Information (continued) Uncloak hoax Use trusted Internet sites to detect hoaxes Snopes.com - http://www.snopes.com/http://www.snopes.com/ Urban Legends Online - http://urbanlegendsonline.com/ http://urbanlegendsonline.com/ Never forward email chains without verifying their source Health IT Workforce Curriculum Version 3.0/Spring 2012 12 Introduction to Information and Computer Science Security Lecture a

13 How do Hackers Operate? Packet sniffers can read Internet traffic Wireshark―free protocol analyzer software tool that can display unencrypted network traffic on monitor screen. –www.wireshark.orgwww.wireshark.org Install malware Adware―Continuous ads on screen Spyware―Reports on sites visited Guess at user names and passwords Don’t use easy-to-guess passwords Do change default usernames and passwords (wireless routers) Health IT Workforce Curriculum Version 3.0/Spring 2012 13 Introduction to Information and Computer Science Security Lecture a

14 What is Network Security? According to Wikipedia: –“In the field of networking, the specialist area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources.” In plain English: –Network security is about rules set up for use of equipment, software, and data and how to follow these rules –Use of assets revolves around authentication, authorization, and providing permissions to network assets. If user can’t prove identity, he or she can’t gain access to network, equipment, or data. Health IT Workforce Curriculum Version 3.0/Spring 2012 14 Introduction to Information and Computer Science Security Lecture a

15 Authentication User provides valid username and password –Referred to as “credential” Computer authenticates credentials against user account and password database –If user logs in successfully, user is authenticated! If credentials entered match what is in database, user is authenticated –Servers authenticate users using special type of database known as directory –Directory stores information about all users, user groups, computers, printers, and so on Health IT Workforce Curriculum Version 3.0/Spring 2012 15 Introduction to Information and Computer Science Security Lecture a

16 Authorization Next, authenticated users are authorized Authorization means that computer indicates precisely what user can do: –Print files using specified printers –Access specified network drives –View and/or change documents in folders –Use company email Actions are usually recorded for audit Health IT Workforce Curriculum Version 3.0/Spring 2012 16 Introduction to Information and Computer Science Security Lecture a

17 Permissions (Windows) Authorized objects are associated with permissions –Part of authorizing object is determining permissions Permissions determine what object can or cannot do on computer or network Two types of permissions typically used: –Sharing: Allows one object to connect to or use another object over network –NTFS: Determines what one object can or cannot do to another object Permissions are a complex topic Health IT Workforce Curriculum Version 3.0/Spring 2012 17 Introduction to Information and Computer Science Security Lecture a

18 Permissions (Windows) Sharing and NTFS permissions work together –User creates folder on his computer so his sister can copy pictures he took –Next, he shares folder and sets his permissions to “read” –Lastly, he sets NTFS permissions to “read” so that she can view and copy pictures –Without this configuration, his sister will not be able to view or copy files from his computer Non-Windows OS protect devices and files similarly Health IT Workforce Curriculum Version 3.0/Spring 2012 18 Introduction to Information and Computer Science Security Lecture a

19 Permissions Example Right-click folder and select Properties from menu Pictures folder is shared Click Advanced Sharing to configure sharing permissions for this folder (2011, PD-US) Health IT Workforce Curriculum Version 3.0/Spring 2012 19 Introduction to Information and Computer Science Security Lecture a

20 Permissions Example (continued) Click Security tab to configure NTFS permissions Group or user names are listed in ACL Administrators have Full Control over this folder and its contents –This means that a user who is a member of the Windows Administrator’s group can do anything to this folder and its contents –Anything means view, add new files, delete existing files, change existing files, create new sub- folders, etc (2011, PD-US) Health IT Workforce Curriculum Version 3.0/Spring 2012 20 Introduction to Information and Computer Science Security Lecture a

21 Security Summary – Lecture a List and describe common security concerns Health IT Workforce Curriculum Version 3.0/Spring 2012 21 Introduction to Information and Computer Science Security Lecture a

22 Security References – Lecture a References Wikipedia. Malware. [Internet]. 2011 Jun [cited 2011 Nov 07]. Available from: http://en.wikipedia.org/wiki/Malware.http://en.wikipedia.org/wiki/Malware Images Slide 19: Screenshot of a shared folder's properties window. Image source: the creator of this presentation. (2011, PD-US) Slide 20: Screen shot of the folder named Picture properties dialog box. Image source: the creator of this presentation. (2011, PD-US) Health IT Workforce Curriculum Version 3.0/Spring 2012 22 Introduction to Information and Computer Science Security Lecture a

Download ppt "Introduction to Information and Computer Science Security Lecture a This material (Comp4_Unit8a) was developed by Oregon Health and Science University,"

Similar presentations

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.

Chapter 1: Fundamentals of Security JV Note: Images may not be relevant to information on slide.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
POSSIBLE THREATS TO DATA

POSSIBLE THREATS TO DATA
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Computer Viruses.

Computer Viruses.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.

Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.

INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.

Computer Viruses. Where the name came from This is a phrase coined from biology to describe a piece of software that behaves very much like a real virus.
Quiz Review.

Quiz Review.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Hierarchical file system Hierarchical file system - A hierarchical file system is how drives, folders, and files are displayed on an operating system.

Hierarchical file system Hierarchical file system - A hierarchical file system is how drives, folders, and files are displayed on an operating system.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 1 This material was developed by Oregon Health & Science University,

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 1 This material was developed by Oregon Health & Science University,

Similar presentations

Ads by Google