* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Security Risks
Survey
Document related concepts
Transcript
Security Risks As computer’s have a greater role in our everyday life opportunities for technology crime have been created. All networks need to have security measures in place or they could be remotely accessed by a hacker. A hacker is a computer enthusiast who spend lots of time and effort trying to gain unauthorised access to a computer system. If they are malicious they may disrupt systems by changing, deleting or copying data while others are deliberately intent on defrauding companies. Nowadays a great deal of time, effort and money is spent attempting to make computer networks as secure as possible from unauthorised access. It is particularly important to make sure wireless networks are secure because wireless data can be easily intercepted. Both wired and wireless networks should be password protected and the transferred data encrypted to make sure only authorised people can access the network. 1 Security Risks Malware (Malicious software) is used to describe any piece of software which is malicious or damaging to a computer. Viruses, worms and Trojan horses are some examples of malware. 2 Security Risks : Viruses A virus is a malicious piece of code which can cause damage to a computer system. It is a computer program that attaches itself to programs and files on your computer. For a piece of computer code to be a virus is has to do two things: 1. create copies of itself to create a new file 2. attach itself to a file. You can tell when your computer has a virus as it starts to do unusual things. These include data going missing, space being used up on your hard disk or simply your computer running slowly. If a computer on a network has a virus, it can easily spread to the other computers through the network. A virus can even cause a computer to break down by changing its voltage settings. 3 Security Risks : Worms A worm self replicates (copies itself) like a virus but it can not attach itself to a file. For this reason it is not technically a ‘virus’ but it can have the same effect. They can quickly spread by ‘crawling’ through networks. The most harmful worms reside in the computer’s memory only. They don’t save any code to hard disks or any other type of backing storage. This means that when you switch your computer off the worm is lost. 4 Security Risks : Trojans A Trojan is a program which can attach itself to a file but cannot self-replicate. It is a program which looks harmless and tricks you into running it on your computer. It then carries out its real task, for example displaying adverts on the desktop or installing unwanted toolbars. The most common thing they do is open a ‘back door’ to give remote access to the computer. It is named after the Trojan Horse story from classical history when the Greek warriors hid inside a huge wooden horse to gain access to the city of Troy. 5 Security Risks Now attempt Task 4 on page 17 of your booklet. 6 Security Risks : Spyware Spyware is a type of malware which secretly monitors the user’s computer. These programs gather information about you from your computer. This can be personal information or information about the websites you have visited. A keylogger is an example of spyware. The program detect the keys a user presses on a keyboard. The ASCII code for each key is identified and saved in a file which can then be analysed. It is most commonly used by hackers to detect usernames, passwords and credit card numbers. Online games are especially targeted by hackers using keylogger technology to detect usernames and passwords. 7 Security Risks : Phishing Phishing is an attempt to get your personal information such as your login or bank details by pretending to be, for example a charity or claiming that you have won a prize. Phishing can use key loggers, trojans, spyware and even ordinary e-mail to steal your personal information. If you are a victim of phishing you may receive an email asking you to confirm your bank account details or a password. The authors of Phishing e-mails spend a lot time ensuring that the e-mails look as legitimate as possible. Most companies would never ask for this information in an email so you should not reply to it. http://www.youtube.com/watch?v=K8lWLwuiDwk 8 Security Risks : Online Fraud Online fraud is the use of the Internet to commit crime for financial gain. There are many types of online fraud: Bank and cheque fraud Charity donation fraud Government agency scams Holiday fraud Identity theft (see later) Loan scams Online shopping fraud 9 Security Risks : Identity Theft This is when people steal your personal information such as bank account details. The information could then be used to: shop online apply for a loan withdraw money from your account get a work permit to stay in a country pretend to be another person to rent a property and many more… Keyloggers, trojans, spyware and ordinary email can be used to steal your identity. 10 Security Risks : Denial of Service (DOS) Denial of Service (DOS) Attacks This is a particularly nasty type of attack targeted mostly at large corporations that someone has a grudge against. There are two main forms of Denial Of Service: Attacks that consume network resources like processor time, disk space, memory, network connections and modems, so that there are none left for normal users. Attacks on a specific network resource, for example attacking and disabling a server. 11 Security Risks : Denial of Service (DOS) Methods used: 1 Resource starvation This means using up a network resource (server processor time, network storage) so that real users can’t access it. 2 Bandwidth consumption This means flooding the network with useless traffic. An example of this is flooding an email server until it either crashes or denies email services to legitimate users because its too busy. 3 Hacking network software If networking software like firewalls or operating systems are not protected or have bugs in them, hackers can use these weaknesses to crash servers. http://www.youtube.com/watch?v=3eLx2LG5pPY 12 Security Risks : Denial of Service (DOS) Methods used: 4 Attacking the routers Routers are vulnerable to PING (Packet Internet Groper) attacks where bad data is sent. 5 Domain Name Server (DNS attacks) This type of attack disrupts network access by causing the server to keep looking for things that do not exist. This means that correct requests are not dealt with. Effects of DOS attacks Whichever method is adopted, the effects are clear: the attack disrupts use of the network and denies the legitimate users access to the network services and resources, for example email is not available, data files can’t be accessed or Internet access is denied. http://www.youtube.com/watch?v=3eLx2LG5pPY 13 Security Risks Now attempt Tasks 5 & 6 on page 22 of your booklet. 14 Security Precautions There are a variety of different ways of protecting computers, access to computer networks and data on computers. 1 Passwords The most common way of controlling access to a computer system or network is to use a system of IDs (user names) and passwords. You must be careful to use passwords that are hard to break. Favourite bands, family names etc are all easy to hack. 15 Security Precautions 2 Encryption Encryption is a means of encoding/scrambling data using encryption keys. Today very sophisticated encryption keys are used involving carrying out calculations on the binary data. For an encryption key to be effective it should take a computer many years to work out the decryption algorithm. Simple example of encryption The following word has been encrypted. Can you decrypt it? IFMMP Encrypting and decrypting files is big business as companies and governments race to protect their own information and access others. 16 Security Precautions 3 Firewall Software Network managers keep their networks safe and secure by installing firewall software or firewall hardware. Firewalls help prevent unauthorised access to computers by stopping hackers accessing private information stored on computers. Firewall software or hardware can allow us to block the IP address of a computer we think might be trying to access our computers illegally. Anyone who gains unauthorised access to a computer system is breaking the Computer Misuse Act. 17 Security Precautions 4 Biometric Systems Biometrics is the science and technology of measuring and analysing biological data. In Computing Science, biometrics refers to technologies that measure and analyse human body characteristics, such as DNA, fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for authentication purposes. Biometrics systems can be used to limit access to computer rooms or computer systems. Retina & iris recognition The person’s unique retina and/or iris are recognized using a biometric sensor. If the unique pattern in their eye is recognised the person is allowed access to the computer room. 18 Security Precautions 4 Biometric Systems (continued) Fingerprint recognition Every person’s fingerprint patterns are different. By reading the fingerprint with a scanner that reads key points in the pattern the user may be recognised. Face recognition Face recognition uses biometric sensor to map landmarks (nodal points) on the users face. Examples of landmarks are: Distance between the eyes Width of the nose Depth of the eye sockets The shape of the cheekbones The length of the jaw line The advantage of using biometric systems for security is that it is much harder to forge a fingerprint or retina pattern than it is to hack to system that relies on passwords or PIN numbers. Additionally, there is no need for the user to remember passwords. 19 Security Precautions 5 Anti-Virus Software Anti-virus software is used to prevent computer viruses from damaging computer systems. It locates the virus program code and then quarantines (locks it away from the rest of the system) and deletes it. There are many anti-virus programs available but they all operate in similar ways. Virus scans are performed as often as the user requires (hourly, daily weekly) by changing settings in the program. At regular intervals, the software will download ‘definitions’ of new viruses, allowing the software to keep up-to-date with the latest threats. 20 Security Precautions 6 Security Suites Nowadays companies selling security software offer more than just anti-virus software. The following packages may come bundled as a Security Suite: Antivirus protection Firewall Spamkiller Spyware protection E-mail protection Note that security software is often sold as a time-limited licence, usually for one year. This forces customers into an annual payment if they wish to keep their computer systems protected. 21 Security Risks Now attempt Task 7 on page 24 of your booklet. 22