1.3 Computer Security- SEE COMPUTER SCIENCE 2080

  

Computer Security / Cyber Security

Computer security refers to protecting computer and its content from damage, theft or misuse and action to prevent such incidents.

Computer security includes security of data and information strored and being transferred, computer programs and applications and computer hardware.

 

Types of computer security

·       Hardware security

·       Software security.

 

Information Security (infosec)

Information security is the practice of preventing unauthorized access, use, disclosure, modification, recording or destruction of information.

 

Key principles of Information Security

a)     Confidentiality:- Only authorized users can access the data resources and information.

b)     Integrity:- Only authorized users should be able to modify the data when needed.

c)     Availability:- Data should be available to users when needed.

 

We can protect our data by

·       by periodically checking the hard disk and replacing it if it shows failure symptoms

·       by copying the data in another disk in the system to avoid accidentally erasing or erasing data by unauthorized person.

·       we can copy important data into online storage devices which is also called cloud storage like Dropbox, Google Drive, iCloud, OneDrive etc.

·       We can also, sometimes, send important files as an attachment to our own mail such as Gmail or Hotmail.

·       Another issue of protecting data is preventing them from authorized access. Unauthorized users may access our data store in our computer in the cloud storage. To prevent our data from unauthorized access we have to protect the storage space, folder or file with password.

 

Security Threats

—  A risk which can potentially harm computer systems and organization.

—   The cause could be physical such as someone stealing a computer that contains vital data.

—  The cause could also be non-physical such as a virus attack.

 

Possible Security Threats

Phishing is the fake attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.

 

A botnet is a logical collection of Internet-connected devices such as computers, smartphones or internet of things (IoT) devices whose security have been breached and control is given away to a third party.

 

A rootkit is a malicious code (kit) that hides in system area provides continued Administrator's (root) privileged access to a computer while actively hiding its presence.

 

Keylogger is hardware or software for recording the keys pressed on a keyboard secretly so that person using the keyboard does not know that their actions are being monitored.

A computer hacker is any skilled computer expert who uses his/her technical knowledge to overcome a problem.

Malicious code (Malware)

Malicious code is a kind of harmful computer code or web script that is planned to cause undesired effects to damage a system. 

 

Types of malware

a)     A computer virus is a destructive program that copies itself and infects a PC, spreading from one file to another, and then from one PC to another when the files are copied or shared.

Some viruses produce unnecessary messages on the screen, some virus hide files, some virus corrupt files and programs, some virus reduce memory size, etc.

Computer viruses can spread from one computer to other computers through sharing of infected portable disk like pendrive, opening a virus infected email, messages or attached files and downloading files and programs form the websites which are not secure.

b)     Computer worms use the network to send copies of themselves to other PCs, usually utilizing a security hole to travel from one host to the next, often automatically without user intervention.

c)     Trojan horses are applications that look like they are doing something harmless, but secretly have malicious code that does something else. 

d)     Spyware is any software installed on user’s  PC that collects your information without user’s knowledge

e)     Adware is a software application used by companies for marketing purposes; advertising banners are displayed while any program is running.

 

Security mechanisms

—  A mechanism that is designed to detect, prevent, or recover from a security attack.

—  It includes

—  Authentication Systems

—  Firewalls

—  Cryptography

—  Antivirus Software

—  Backup System

 

Authentication System

—  The process of identifying an individual usually based on a username and password is called an authentication system.

—  Authentication system makes sure that right people enters the system and access the right information.

—  Types of Authentication

Password               Biometric

 

Password

—  A password is a string of characters including letters, digits, or other symbols which confirms the identity of a user.

—  Password secures the data by protecting the data from unauthorized access.

—  We have to keep the password secure and strong so that unauthorized users may not gain access to the resource and misuse it with our identity.

 

Following are some of the tips to make password secure and strong:

l Never share your credentials online.

l Don't use easily guessable the name of a pet, child, family member, birthdays, birthplace, name of a favourite holiday.

l Don't use a sequence like abcd or 1234 which are, again, easily guessable.

l Mix characters, numbers and symbols. Also, mix small and capital letters.

l Avoid using the same password in all applications.

l Change password periodically

 

Biometric

·       Biometrics are physical or behavioral human characteristics that can be used to digitally identify a person to grant access to systems, devices or data.

·       E.g., fingerprints, facial patterns and voice.

 

Firewall

 A firewall is the network security systems that monitors and controls the traffic flow between the Internet and private network on the basis of a set of user-defined rules. 

Firewall blocks unwanted traffic as well as malicious software from infecting your computer.

 

Cryptography

—  Cryptography is the study of secure communications techniques that allow only the sender and intended recipient of a message to view its contents.

—  Cryptography is used to secure and protect data during communication.

 

Types of Cryptograpy

Encryption

Decryption

 

Encryption

—  Encryption is the technology to encode file or message that is being stored or transferred online in intelligible content which cannot be used by an unauthorized person.

—  Encryption is done by the person who is sending the data to the destination

Decryption

—  The conversion of encrypted data into its original form is decryption.

—  Decryption is done at the person who is receiving the data

 

Antivirus software

—  Antivirus software is software designed to detect and remove virus from computer system and ensures virus free environment.

—  E.g. Kaspersky, NAV, MSAV, McAfee, NOD 32 etc.

 

Backup system

·       Backup is the system of copying data and programs into another location or creating a duplicate copy of it in a secured place.

·       Backup is vital to computer security system in order to save the data from being lost or damaged due to accidental or intentional harm. When data and software are lost or damaged, we can easily recover through backup.

 

Hardware Security

Hardware security is the protection given to the various hardware tools and equipment used in computer system from the accidental or intentional harm.

 

Different hardware security measures are:

a)     Regular Maintenance

b)     Insurance

c)     Dust free environment

d)     Protection from Fire

e)     Protection from Thief

f)      Air condition system

g)     Power Protection device (Volt guard, Spike guard, UPS)

 

Regular Maintenance

Computer system need regular maintenance to keep the computer hardware in good working condition and it also helps to find out problems in hardware and correct the problems before they cause several damages.

 

Insurance

·       A means of protection from financial loss.

·       If a computer is damaged or stolen or any kind of harm done then we can claim for the insurance amount and get the economic support.

 

Dust Free Environment

·       Dust particles can cause the failure of hardware components.

·       Computer room should be absolutely free from dust and air pollution.

 

Protection from Fire

·       Due to faulty wiring, loose connection, smoking in the computer room and overload on power socket can cause fire in a room.

·       Using fire alarms, fire doors, fire detectors and fire extinguishers can minimize the damage of hardware components and loss of information from fire.

 

Protection from Theft

The computer room should have physical security with proper locking system, controlled access of authorized persons only by having human guard or biometric machine.

 

Air Condition System

A system for controlling the temperature and humidity (wetness) of the air

Maintains suitable temperature or humidity in the computer room.

Room Temperature should be maintained between 21⁰C to 24⁰C.

 

Power Protection Device

An electric device that controls electric voltage and provides enough backup to the computer system when there is power failure.

Computer needs 220 volts to 240 volts constantly.

Some common power protection devices are:

a)     UPS

b)     Volt Guard

c)     CVT (Constant Voltage Transformer)

d)     Spike Guard

e)     Surge Suppressor

 

Why Power Protection Device needed?

To protect computer system from damage, expensive data loss and unnecessary down time (is out of action or unavailable for use).

 

Volt Guard

A power protection device that provides constant output voltage to the computer system in case of high input voltage coming from the source.

UPS (Uninterruptible Power Supply)

·       UPS is a battery supported power protection device which controls the electric voltage and supplies clean and continuous power to the computer system even during power failures.

·       The importance of UPS in computer security system is that it controls fluctuation of electric voltage and provides enough backup electric power to the computer system when there is power failure.

Spike Guard

A device designed to protect electrical devices from voltage spikes.

Automatically maintains a constant voltage level.

 

Software security
The security given to the software and data from being lost or damaged due to accidental or intentional harm is called software security.

 

Some of the software security measures  

a)     Backup                 

b)     Scandisk              

c)     Password

d)     Antivirus

 

Scan disk

Scan disk is a process which involves in maintaining the disk files and folders, bad sectors, lost clusters, lost chains and other errors of the specific disk and it can fix them if it is possible.

 

1.2 Ethical and Social Issues in ICT -COMPUTER SCIENCE 2080

 

1.2 Ethical and Social Issues in ICT

 

Computer ethics

Computer ethics is a set of moral principles or code of conducts that regulate the use of computers systematically without making harm to other users.

It gives awareness to the user regarding the immoral behaviour and activities in the computing field.

 

Commandments of computer ethics

·       Do not use a computer to publish fake information.

·       Do not search the file or record of other people.

·      Do not destroy or delete the records of other people.

·     Do not use a computer to steal someone's privacy.

·     Do not snoop around in other people's files.

·     Do not use other people's computer resources without authorization.

 

Digital citizenship

Digital citizenship refers to the responsible and ethical use of technology and the internet which involves understanding, practicing, and promoting appropriate behavior when using digital tools and resources.

 

Elements of digital citizenship

lDigital Access: The state of full electronic participation in society

l Digital Commerce: The act of promoting the purchase of goods through electronic means

l Digital Communication: Electronic exchange of information

l Digital literacy: Teaching and learning about teaching and technology

l Digital Security: Electronic precautions

lDigital Health: The solution to health problems using digital technology

l Digital Law: Act, rules and regulations required for performing electrical work

 

Digital footprint

A digital footprint is the trail of data and information left behind by an individual's online activities which includes social media posts, website visits, online purchases, and other digital engagements.

 

The following should be considered when managing Digital Footprint:

l Subscribed accounts and unused social media accounts which are no longer in use should be unsubscribed or deleted.

l Ensure the content posted protect your privacy.

l Not to forget that online posts are private.

l To note that parents, teachers and other people can view the content posted.

l Ensure the content posted does not damage yours or others reputation.

 

Cyber bullying

Cyberbullying refers to harassment or bullying that takes place through electronic devices and digital platforms, such as the internet, social media, or messaging apps..

 

Examples of cyber bullying:

·       Sending rude emails, texts or instant messages online or on the phone

·       Posting hurtful things about someone on social media

·       Taking an embarrassing photo or video and sharing it without permission

·       Pretending to be another person by creating a fake online profile.

·       Spreading rumours or gossip about someone online

·       Offensive chat on online gaming.

Cyber law
The law which governs the legal issues in the cyber space regarding the internet or WWW for digital data processing and transaction is called cyber law. The importance of cyber law is that it controls cyber-crime and misuse of computer.

 

Aims of formulating cyber law in Nepal

- To legalize the transaction through electronic media to control various types of electronic frauds

- To punish a person who does criminal activities through electronic means especially on computers.

 

Cyber law was introduced in Nepal in 30^th Bhadra, 2061 [15 September, 2004]

 

Cyberspace

Cyberspace is the virtual environment created by the Internet and devices and services related to the Internet.

 

Cyber crime
Cyber crime refers to criminal activities that are carried out using computers, networks and the internet.

E.g. Software piracy, hacking, cracking, pornography etc.
Computer hacking means stealing and destroying other data, information, files and program.

 

Digital signature

·       Digital signature is a security mechanism system used on the internet for data and information transaction by attaching a code at the end of the electronic message that confirms the authenticity of sent message.

·       The importance of digital signature is that it provides legal framework to facilitate and safeguard electronic transaction in the electronic media.

 

ICT (Information and Communication Technology)

A technology which collects stores and processes data into information and communication through computer system is known as ICT.

 

Challenges of ICT

·       Internet criminals enter into the system by creating fake identities and use the system for their benefits which is difficult to recognize and control.

·       Hacking or unauthorized access of system is increasing.

·       Sharing unnecessary information of individual or group of people is the danger of ICT in this era.

·       The Digital Divide is a social issue referring to the differing (conflicting) amount of information between those who have access to the Internet (especially broadband access) and those who do not have access. 

 

IT Policy 2072

·       IT Policy launch in Nepal – 2000 AD (2057 BS)

·       Most recent and the latest information technology policy– ICT Policy 2015 (2072 BS)

·       Total laws in ICT policies 2015 (2072 BS) – 21 Policies

·       Strategies in ICT policies 2015 (2072 BS) – 21 Strategies

·       Percentage of the population will have digital skills by the end of 2020? – 75%

·       Percentage of the population will be able to access the broadband services by 2020? – 90%

·       Percentage of the population of Nepal will have internet access by 2020? – 100%

·       Percent of government services will be provided online by 2020? – 80%

 

Objectives of IT Policy 2000

a)     To establish knowledge based industry

b)     To increase employment

c)     To build knowledge based society

Vision of ICT Policy 2015

v To transform Nepal into information and knowledge based society and economy.

Mission of ICT Policy 2015

·       To create conditions for the intensified development and growth of ICT sector as a key driver for Nepal’s sustainable development and poverty reduction strategies.

 

Goals of ICT policy

·       At least 75 percent of the population will have digital literacy skills by the end of 2020. 

·       80% of all citizen facing government services would be offered on line by 2020

·       By 2020, entire population of Nepal to have access to Internet.

·       By 2020, 90 percent of the population to have access to broadband service

 

ETA (Electronic Transaction Act)

v ETA (Electronic Transaction Act) deals with issues related to cybercrime and also help in making and implementing laws over cybercrime.

v Maintaining privacy in the cyberspace, creating strong passwords, updating the security software, updating password are some of the techniques to keep secure him /her.

v The action against such crimes and punishment will be in the range of a minimum Rs 50,000 to a maximum Rs 3,00,000 in cash and six months to three years imprisonment.

 

When was Electronic transaction act 2063 authenticated and published in Nepal?

—  December 8 2006 (22 Mangshir 2063)

Objectives of the Electronic Transaction Act 2063

a)     To make legal provision for authentication and regulation of electronic data.

b)     To make a reliable data generation, communication, and transmission.

c)     To make a secured and authentic means of electronic communication.

d)      To regulate all the relating matters of electronic transactions.

 

Scopes of the Electronic Transaction Act 2063

a)     Creation and use of digital signature

b)     Control cyber/computer-related crimes.

c)     Protection of intellectual property.

d)     Protection of confidentiality.

 

Social Media

Social Media is an online tool that helps us to stay connected with the whole world

 

Different platforms of Social media

Facebook        Twitter            Instagram        LinkedIn         Blogs                           Wikipedia

 

Opportunities of using social media

a)     It creates awareness and innovate the way people live

b)     Social media let us share anything with others around the world.

c)     It keeps us informed about the world.

d)     It creates brand exposure for business to the largest audience.

 

Threats of using social media

a)     Personal data and privacy can be easily hacked and shared on the internet.

b)     More chances of creating fake accounts.

c)     Negative impact on the health.

d)     Decrease the working efficiency of people.

e)     Spreading false or unreliable information.