.png)
1.3
Computer Security
Computer Security / Cyber Security
Computer security refers to the
protection of computer systems, networks, and data from unauthorized access,
theft, damage, or disruption.
Examples of computer security
Password, Biometric, Firewall,
Cryptography etc
Types of computer security
Hardware security & Software
security
Information Security (infosec)
Information security refers to the protection of data
and information from being accessed, changed or used by unauthorized people.
It ensures that information remains confidential,
accurate, and available only to those who are supposed to have access to it.
Key principles of Information Security
a)
Confidentiality:-
Only authorized users can access the data resources and information.
b)
Integrity:-
Only authorized users should be able to modify the data when needed.
c)
Availability:-
Data should be available to users when needed.
How can we protect data?
We can protect data by using strong passwords,
encryption, two-factor authentication, firewalls, and antivirus. Regularly
update software, back up data, and restrict access to authorized users to
enhance security.
Security Threats
Security threats are the possible dangers or risks
that can potentially harm computer systems and organization. Examples include
malware, phishing attacks, hacking etc,
Possible Security Threats
Phishing : A fake attempt to obtain
sensitive information such as usernames, passwords and credit card details by
pretending to be a trustworthy source.
Botnet: A group of
infected computers controlled by a hacker, used together to perform harmful
activities online, like attacking websites or sending spam, without the owners information.
Rootkit : A hidden
software tool that allows a hacker to take control of a computer secretly,
making it hard to detect and remove.
Key
logger:
A type of software or hardware that secretly records every keystroke a person
types on their computer, often used to steal passwords and other sensitive
information.
Hacker:
- A skilled computer expert who uses his/her technical
knowledge to overcome a problem.
- An illegal activity and the individuals who are
engaged in hacking.
- A person who steals or destroys other’s data,
information and program
Hacking is the act of breaking into computer systems or networks
without permission, often to steal, change, or destroy data, or to disrupt
operations.
Ethical Hacking: Hacking done
with permission from the client.
Malicious code (Malware)
Malicious code is software or scripts created to damage,
disrupt, or gain unauthorized access to computer systems. Examples include
viruses, worms, and ransom ware, which can steal data, corrupt files, or cause
other harm.
Types of malware
Computer Virus
A computer virus
is malicious software that attaches itself to other programs or files and
spreads to other computers. It can damage, corrupt, or delete data and disrupt
system operations.
E.g.
C-Brain, Frodo, Disk Killer, I Love You etc
- Some viruses produce unnecessary messages on the
screen, some virus hide files, some virus corrupt files and programs, some
virus reduce memory size, etc.
- Computer viruses can spread from one computer to
other computers through sharing of infected portable disk like pen drive,
opening a virus infected email, messages or attached files and downloading
files and programs form the websites which are not secure.
Any
four symptoms of computer virus.
- Program takes long time to load.
- Increased use of disk space and growth in file size.
- Corrupting the system data.
- Renaming files with different
names.
Two preventive ways are:
- Installing and regularly
updating antivirus software.
- Avoiding the download of files
or attachments from unknown or untrusted sources.
A computer worm is a type of malware
that spreads itself to other computers without needing to attach to other
programs or files, often causing harm or using up system resources.
A Trojan horse is malicious software
that pretends to be a useful program to trick users into installing it. Once
installed, it can cause harm, like stealing data or giving unauthorized access
to the computer.
Spyware is a type of
malicious software that secretly monitors and collects information about a
user's activities or data without their knowledge. It often monitors browsing
habits, keystrokes, or personal information and sends it to a third party.
Adware is software that automatically
displays or downloads unwanted ads on the computer or device. It often tracks
browsing habits to display targeted advertisements.
Security
mechanisms
A security
mechanism is a tool or method used to protect computer systems
and data from unauthorized access, threats, or attacks.
It includes
— Authentication
Systems
— Firewalls
— Cryptography
— Antivirus Software
— Backup System
Authentication System
An authentication
system is a process that verifies the identity of a user or
device before granting access to a system, typically using credentials like
passwords, PINs, or biometric data.
Authentication system makes sure that right people
enters the system and access the right information.
Types of Authentication
Password
& Biometric
Password
— A password is a secret code or set of
characters used to protect access to an account, system, or device, ensuring
that only authorized users can gain entry.
Importance of password protection
— Password secures
the data by protecting from unauthorized access.
— It safeguards
personal information from being stolen or misused.
Password
policy
A password
policy is a set of rules or guidelines designed to ensure that passwords are
secure. It often includes requirements for password length, complexity, and expiration
to help protect accounts from unauthorized access.
How password policy protects computer
software and data? Explain
Passwords protect data by preventing unauthorized
access. Strong password policies significantly reduce security risks,
safeguarding sensitive information and maintaining the integrity of computer
systems and software.
Following are some of the tips to make
password secure and strong:
Don't use easily guessable the name of a pet, child,
family member, birthdays, birthplace, name of a favourite holiday.
Don't use a sequence like abcd or 1234 which are,
again, easily guessable.
Mix characters, numbers and symbols. Also, mix small
and capital letters.
Avoid using the same password in all applications and
change password periodically
Biometric
Biometric is a technology that uses unique physical or
behavioral characteristics, such as fingerprints, facial recognition, or voice
patterns, to identify and authenticate individuals.
Any
four areas where biometric are used -
o Time and Attendance Tracking: track employee attendance
accurately.
o Smartphones and Devices: For unlocking phones and other
devices through fingerprint or facial recognition.
o Banking and Financial Services: To authenticate transactions
and access accounts securely.
o Access Control: Restricting
entry to buildings or secure areas using fingerprint or facial recognition.
Biometric
verification
Biometric verification is the process of
using unique physical or behavioral characteristics, like fingerprints or
facial features, to confirm a person's identity.
Firewall
A
firewall is a security system that monitors and controls incoming and outgoing
network traffic to protect systems from unauthorized access and cyber threats.
Firewall blocks unwanted traffic as well as malicious
software from infecting the computer.
Its
Types are:
Hardware Firewall: A physical device that
sits between a network and its internet connection, providing centralized
protection by filtering and monitoring network traffic.
Software Firewall: A program installed on
individual computers or servers that controls and monitors network traffic,
providing protection from unauthorized access and threats.
Two
uses of firewall
v
Prevents
unauthorized users from accessing a network or computer system.
v
Controls
and filters incoming and outgoing network traffic based on security rules.
Cryptography
Cryptography is the practice of using techniques to
secure and protect information by converting it into a coded format ensuring
that only authorized users can access or understand it.
It
involves methods for encrypting (encoding) and decrypting (decoding) data to
ensure its confidentiality, integrity, and authenticity.
Types of Cryptography
Encryption & Decryption
Encryption
— Encryption is the process of
converting plain text or data into a coded format, known as cipher text, to
prevent unauthorized access. It ensures that only individuals with the correct
decryption key can read the original information.
— Encryption is done
by the person who is sending the data to the destination
How encryption helps in data protection?
— Encryption helps in
data protection by providing a secure way to store and transmit sensitive
information.
Decryption
— Decryption is the process of
converting encrypted data, or cipher text, back into its original, readable
format, or plaintext, using a decryption key.
— Decryption is done
at the person who is receiving the data
Why data decryption is necessary?
- To convert encrypted (coded) data into readable
form.
Antivirus software
— Antivirus software is a program that
scans, detects, and removes malicious software from a computer or device to
protect it from security threats.
E.g. Norton
Antivirus, McAfee Antivirus, Bit defender, Kaspersky Antivirus, Avast
Antivirus.
How antivirus helps to secure computer
software?
An antivirus helps to secure computer
software by detecting and removing malicious software, such as viruses,
spyware, and Trojans, that can harm the computer or steal sensitive
information.
Which software is used to remove virus
from Computer System?
Antivirus Software is used to remove virus from
Computer System
Backup system
·
Backup is a copy of important data or files
stored separately from the original, used to restore the information if the
original is lost, damaged, or corrupted.
·
Backup
is important because it keeps copies of our important files and data in a safe
place. If our computer crashes or we accidentally delete something, we can use
these copies to restore our information and avoid losing important work or
personal files.
Hardware Security
Different hardware security measures are:
a)
Regular
Maintenance e) Insurance
b)
Dust
free environment f) Protection from Fire
c)
Protection
from Thief g) Air condition system
d)
Power
Protection device (Volt guard, Spike guard, UPS)
Regular Maintenance
Computer system need regular maintenance to keep the
computer hardware in good working condition and it also helps to find out
problems in hardware and correct the problems before they cause several
damages.
Insurance
·
A
means of protection from financial loss.
·
If
a computer is damaged or stolen or any kind of harm done then we can claim for
the insurance amount and get the economic support.
Dust Free Environment
·
Dust
particles can cause the failure of hardware components.
·
Computer
room should be absolutely free from dust and air pollution.
Protection from Fire
·
Due
to faulty wiring, loose connection, smoking in the computer room and overload
on power socket can cause fire in a room.
·
Using
fire alarms, fire doors, fire detectors and fire extinguishers can minimize the
damage of hardware components and loss of information from fire.
Protection from Theft
The computer room should have physical security with
proper locking system, controlled access of authorized persons only by having
human guard or biometric machine.
Air Condition System
A system for controlling the temperature and humidity
(wetness) of the air
Maintains suitable temperature or humidity in the
computer room.
Room Temperature should be maintained between 210C
to 240C.
Power Protection Device
A power protection device is a tool used to safeguard
electrical equipment from damage caused by issues with the power supply.
Computer needs 220 volts to 240 volts constantly.
These devices protect against problems such as:
1.
Power
Surges: Sudden increases in voltage.
2.
Power
Outages: Loss of electricity.
3.
Voltage
Fluctuations: Changes in voltage levels that are too high or too low.
Examples include:
- Surge
Protectors: Prevent damage from voltage spikes.
- UPS
(Uninterruptible Power Supply): Provides backup power during outages.
- Volt
Guards: Protect against unsafe voltage levels.
These devices help keep the electronic equipment safe
and ensure it works properly.
Why Power Protection Device needed?
Power protection device is needed in computer security
is to prevent damage to the computer's hardware and data loss due to sudden
power fluctuations.
Volt Guard
A volt guard is a device designed to protect
electrical appliances from damage caused by voltage fluctuations.
It monitors the voltage supply and cuts off the power
if it detects levels that are too high or too low.
This helps prevent damage to the devices from unstable
power sources and ensures that they receive a consistent and safe voltage
level.
UPS (Uninterruptible Power Supply)
·
UPS
is a battery supported power protection device which controls the electric
voltage and supplies clean and continuous power to the computer system even
during power failures.
·
The importance of
UPS in computer security system is that it controls fluctuation of electric
voltage and provides enough backup electric power to the computer system when
there is power failure.
Why do you connect your PC to the
UPS?
We connect PC to the UPS
to control fluctuation of electric voltage and provides enough backup
electric power to the computer system when there is power failure.
Spike Guard
A device designed to protect electrical devices from
voltage spikes.
Automatically
maintains a constant voltage level.
Software security
Software security is the protection
of computer programs and applications from threats, such as hacking, virus
attacks, and unauthorized access, to ensure their confidentiality, integrity,
and availability.
Some of the software security
measures
-
Backup - Scandisk - Password - Antivirus
Scan disk
Scan Disk is a tool used to check and fix problems on
a computer’s hard drive. It looks for errors and bad sectors on the disk and
tries to fix them.
List some points about how we can
protect our data.
·
Install and Use Antivirus Software.
·
Create and maintain backups of
important data so it can be restored it if it's lost or compromised.
What is digital signature?
Digital signature is a security
mechanism system used on the internet for data and information transaction by
attaching a code at the end of the electronic message that confirms the
authenticity of sent message.
The
importance of digital signature is that it provides legal framework to
facilitate and safeguard electronic transaction in the electronic media
What is digital currency?
Digital
currency is money that exists only in electronic form and is used for online
transaction. Examples include cryptocurrencies like Bitcoin and digital
versions of traditional currencies, such as digital dollars.
No comments:
Post a Comment