Safety, System Security and Safe Computing
Safety, System Security and Safe Computing
Safety, System Security and Safe Computing
SECURITY AND
SAFE
COMPUTING
SYSTEM SECURITY.
1 Physical security
Physical security is the protection of personnel, hardware,
programs, networks, and data from physical circumstances and
events that could cause serious losses or damage to an
enterprise, agency, or institution. This includes protection from
fire, natural disasters, burglary, theft, vandalism, and terrorism.
2 Data Security:
Data security is the means of ensuring that data is kept safe
from corruption and that access to it is suitably controlled. Thus
data security helps to ensure privacy. It also helps in protecting
personal data. Data security is part of the larger practice of
Information security.
3 Common security threats:
These are threats that may cause system failure, data loss or
un authothised access to data.
I Hardware failure due to improper use
II Network breakdown: This May be due to a faulty component
in the network, e.g. switch, cables, network card etc.
III Programme failure: This may be due to poor software.
ivVirus and malware. Computer viruses are small software
programs that are designed to spread from one computer to
another and to interfere with computer operation.
V Industrial espionage: spying on the competitor to get
information that can be used to cripple the competitor.
Vi Hacking – gaining unauthorized access to information just
for fun. It may be done by manipulating passwords.
Vii Password cracking. This is a technique attacker’s use to
surreptitiously gain system access through another user's
account. This is possible because users often select weak
passwords. It is mainly done for malicious reasons.
Viii Eavesdropping. . Tapping into communication channels to get
information. Those who do it take advantage of poor security systems.
Contents of a message can be read or altered in transit. The message can also
be re directed.
IxBack doors: Programme that allows hidden access to a computer system.
X Spoof attack / IP spoofing: In a spoof attack, the hacker modifies the source
address of the packets he or she is sending so that they appear to be coming
from someone else. This may be an attempt to bypass your firewall rules.
X1 Phishing: In phishing attack the hacker creates a fake web site that looks
exactly like a popular site . When the user attempts to log on with their
account information, the hacker records the username and password and
then tries that information on the real site.
Xii Alteration /Illegal modification of private/confidential data with the aim
of misinforming users. It is a sabotage tool.
Xiii Physical threats like theft/burglary, vandalism, ware/ageing, sabotage
etc.
xivElectrical fluctuations. such as voltage spikes, insufficient supply voltage
(brownouts), unconditioned power (noise), and total power loss
Xv Weather problems like chance in temperature.
Xvi Denial of Service: when someone maliciously makes the system unusable
for others.
NETWORK SECURITY
An adversary
A person that is interested in attacking your
network; his motivation can range from
gathering or stealing information, creating a
DoS, or just for the challenge of it.
CLASSIFICATIONS OF NETWORK ATTACK:
1 Passive Attack
A passive attack
The intruder just taps the data channels and gets the information without
modifications or copies, eg Eavesdropping.
2 Active Attack
In an active attack, the attacker tries to bypass or break into secured systems. This
can be done through stealth, viruses, worms, or Trojan horses. Active attacks include
attempts to break protection features, to introduce malicious code, and to steal or
modify information.
3 Insider Attack
An insider attack involves someone from the inside, such as a disgruntled employee,
attacking the network. Insider attacks can be malicious or no malicious. It may be
intentional or out of ignorance.
4 Hijack attack
Hijack attack In a hijack attack, a hacker takes over a session between you and
another individual and disconnects the other individual from the communication. You
still believe that you are talking to the original party and may send private
information to the hacker by accident. Eavesdroppers use it.
COMPUTER VIRUS
1. Droppers: programmes that have been designed to perform useful tasks like file
compression but in the process they introduce the viruses in the system.
2. Failed virus: Virus that does not accomplish its task because poor designing by its
author or encountering a stronger antivirus.
3. Packagers: hide the existence of their harm from virus guards by masking some
codes around the actual software programmes. They strike after some time like
time bombs.
4. Test virus: text files written to test the effectiveness of virus guard software.
They are not harmful.
5. Time bombs: a programme code that is activated at a particular time. They
target specific moments like Valentine’s Day, fools day, etc.
6. Trojan Horses: Small programme code hidden within the legitimate software. It
may direct the legitimate software to damage the system.
7. Trojans: A programme that performs annoying actions like flickering of the
screen, the cursor disappearing, etc. some of them are incomplete computer
programs.
8. Jokes: harmless programme that perform amusing things on the screen. Eg “your
computer is about to explode in five minutes, please run away”
9. Worms: A Progamme that writes itself in the computer memory re-writes itself
continuously into the memory until the system runs out of memory and crashes.
10. Boot sector virus. They destroy the booting information on the storae media,
11. File viruses: viruses that attach themselves to useful files.
SYMPTOMS OF COMPUTER VIRUS.
1) Education
2) Use a firewall
3) Click with caution / Practice safe surfing
4) Practice safe shopping
5) Use comprehensive security software
and keep your system updated
6) Secure your wireless
7) Use strong passwords and encrypt data
8) Use common sense / BE suspicious
ICT ETHICAL ISSUES