‫ْ‬ ‫َّ‬ ‫ٰ‬ ‫ْ‬ ‫َّ‬

‫هللا الرحمن الر ِحي ِم‬ ‫ْ‬

‫ِبس ِم ِ‬
INTRODUCTION TO INFORMATION AND
COMMUNICATION TECHNOLOGY
(Computer Security, Safety, Ethics, and Privacy)
Lecture # 19
By: Mr. Muhammad Tahir Sohail
Lecturer
Department of Software Engineering

2
Computer Security Risks

3
Computer Security Risks
 Today, people rely on
computers to create, store,
and manage critical
information.
 It is crucial to take measures
to protect their computers
and data from loss, damage,
and misuse.
 A computer security risk is any event or action that
could cause a loss of or damage to computer
hardware, software, data, information, or
processing capability.
4
Computer Security Risks Cont…
• While some breaches are accidental, many are
intentional.
• Some intruders do no damage, and merely access
data.

 Others may leave messages

or alter or damage data.
 An intentional breach of
computer security often
involves a deliberate act that
is against the law.

5
 Computer Crime: Any illegal act involving a
computer is referred to as a computer crime.

 The term cybercrime refers to online or Internet-

based illegal acts.

 Software used by cybercriminals sometimes is

called crimeware.

 Perpetrators of cybercrime fall into different basic

categories: hacker, cracker, script kiddie, unethical
employee, and cyberterrorist.

6
◦ The term hacker, refers to someone who accesses
a computer or network illegally.

◦ A cracker also is someone who accesses a

computer or network illegally but has the intent of
destroying data, stealing information, or other
malicious actions.

◦ Unethical employees
may break into their
employers’ computers
for a variety of reasons
(exploit security,
financial gains, etc.)
7
• A cyberterrorist is someone who uses the
Internet or network to destroy or damage
computers for personal reasons.
• The term cyberwarfare describes an attack whose
goal ranges from disabling a government’s
computer network to crippling a country.

8
 Internet and Network Attacks
 Information transmitted over networks has a
higher degree of security risk than information
kept on an organization’s premises.

 To determine if your computer is vulnerable to an

Internet or network attack, you could use an
online security service, which is a Web site that
evaluates your computer to check for Internet and
e-mail vulnerabilities.

9
Computer Viruses

10
 Computer Viruses, Worms
• A computer virus is a potentially
damaging computer program
that affects, or infects, a
computer negatively by altering
the computer works without the
user’s knowledge.

 A worm is a program that copies itself repeatedly, in

memory or on a network, using up resources and
shutting down the computer or network.

11
 Computer Viruses, Worms Cont…
 Infected computers can suffer from one or
more of the following symptoms:
◦ OS running slower
◦ Less available memory
◦ Corrupted files
◦ Unusual messages or images
◦ Unusual sounds playing
◦ Existing programs and files disappear
◦ Programs or files not working properly
◦ Unusual programs or files appear
◦ OS does not start up or unexpectedly shuts down
12
 Safeguards against Computer Viruses and
Other Malware
 Methods that guarantee a computer or network is safe
from computer viruses and other malware simply do
not exist.
 Do not start a computer with removable media
inserted in the drives.
◦ If you must start the computer with removable
media, be certain it is from a trusted source, which
is an organization or person you believe will not
send a virus.
 Never open an e-mail attachment unless you are
expecting the attachment and it is from a trusted
source.
13
Safeguards against Computer Viruses and
Other Malware Cont…
 Some viruses are hidden in macros, which are
instructions saved in software such as a word
processing or spreadsheet program.
 Users should install an antivirus program and
update it frequently.
 An antivirus program
protects a computer
against viruses by
identifying and removing
any computer virus found
in memory, storage, or
incoming files.
14
Safeguards against Computer Viruses and
Other Malware Cont…

• An antivirus program scans for programs that

attempt to modify the boot program, the operating
system, and other programs that normally are read
from but not modified.
• One technique used to identify a virus is to look for
virus signatures, also called virus definitions, which
are a known specific pattern of virus code.
• If an antivirus program identifies an infected file, it
attempts to remove the malware.
• In extreme cases, you may need to reformat the hard
disk to remove malware from an infected computer.
15
Unauthorized Access and Use

16
Unauthorized Access and Use
 Unauthorized access is the use of a computer or
network without permission.
 Unauthorized use is the use of a computer or its
data for unapproved or possibly illegal activities.
 At a minimum, organizations should have a written
acceptable use policy (AUP) that outlines the
computer activities for which the computer and
network may and may not be used.

17
Identifying and Authenticating Users
 An access control is a security measure that defines
who can access a computer, when, and what
actions they can take.
 The computer should maintain an audit trail that
records in a file both successful and unsuccessful
access attempts.
 Identification verifies that an individual is a valid
user.
 Authentication verifies that the individual is the
person he or she claims to be.

18
User Names and Passwords
 A user name, or user ID, is a unique combination of
characters (letters, numbers) that identifies a specific user.
 A password is a private combination of characters
associated with the user name that allows access to certain
computer resources.
 A CAPTCHA, which stands for Completely Automated Public
Turing test to tell Computers and Humans Apart, is a
program developed at CMU to verify that user input is not
computer generated.
 A passphrase is a private combination of words, often
containing mixed capitalization and punctuation,
associated with a user name, to be used in place of a
password.

19
Possessed Objects
• A possessed object is any item that you must carry
to gain access to a computer or computer facility
(badges, cards, keys).
• A personal identification number (PIN) is a numeric
password, either assigned by a company or selected
by a user.

20
Biometric Devices
 A biometric device authenticates a person’s
identity by translating a personal characteristic,
such as a fingerprint, into digital code that is
compared with a digital code stored in the
computer verifying a physical or behavioral
characteristic.
◦ Ex. Biometric payment is used, where a customer’s
fingerprint is read and their account is charged.
 Biometric devices have disadvantages.
◦ Ex. Cut finger for fingerprint readers.

21
Hardware, Software &
Information Theft

22
Hardware Theft and Vandalism
• Hardware theft is the act of stealing computer
equipment.

• Hardware vandalism is the act of defacing or

destroying computer equipment.

23
Safeguards against Hardware Theft
and Vandalism
 Some labs attach physical security devices such as
cables that lock the equipment to a desk.
 Some businesses use real time location system
(RTLS) to track and identify the location of high-
risk or high-value items.
 Mobile devices require extra security, such as
logon passwords, encrypted data, and even
software to photograph the thief.

24
Software Theft
 Software theft occurs when someone steals
software media, intentionally erases programs,
illegally copies a program, or illegally registers
and/or activates a program.
 Software piracy is the unauthorized and illegal
duplication of copyrighted software.
 Illegally obtaining registration numbers can be
done with keygens, short for key generators.

25
Safeguards against Software Theft
 All owned software media should be stored
securely.
 A license agreement is the right to use the
software: you do not own it, you have the right to
use it.
 A single-user license agreement, also called a end-
user license agreement (EULA) is the most
common license.
◦ Install on one computer, make one backup copy, sell it if
it is removed from the computer it is on.

26
Safeguards against Software Theft
• During product activation, which is conducted
either online or by telephone, users provide the
software product’s identification number to receive
an installation identification number unique to the
computer on which the software is installed.

27
Information Theft
• Information theft occurs when someone steals
personal or confidential information.
• It has the potential to cause more damage than
hardware or software theft.
• Information transmitted over networks offers a
higher degree of risk.

28
Safeguards against Information Theft
• Most organizations attempt to prevent information
theft by implementing the user identification and
authentication controls discussed earlier.

29
Encryption

30
Encryption
• Encryption is a process of converting readable data
into unreadable characters to prevent unauthorized
access.
• It is treated like any other data (it can be stored,
sent, etc.)
• To read the data, the recipient must decrypt, or
decipher, it into a readable form.

31
Encryption
• The unencrypted, readable data is called plaintext.
• The encrypted (scrambled) data is called ciphertext.
• An encryption algorithm, or cypher, is a set of steps
that can convert readable plaintext into unreadable
ciphertext.

32
Encryption
 An encryption key is a set of characters that the
originator of the data uses to encrypt the plaintext
and the recipient of the data uses to decrypt the
ciphertext.
 With private key encryption, also called symmetric key
encryption, both the originator and the recipient use
the same secret key to encrypt and decrypt the data.
 Public key encryption, also called asymmetric key
encryption, uses two encryption keys, a public and a
private.
◦ A message generated with a public key can be decrypted only
with the private key.

33
JAZAK ALLAH!
Any Question?