CIETY Data Security 1 Bd BME What stories do you think followed these headlines? Compare answers within your group. 1. Love bug creates worldwide chaos. 2 Hackers crack Microsoft software codes 3 Web phone scam. What other types of computer crime are there? Make a lst within your group [E00 EME tucy this diagram which explains how one type of virus ‘operates. Try to answer these questions, 1 What is the function ofthe Jump instruction? 2 What are the main parts ofthe virus code? 3 What is the last act ofthe virus? UwInFECTED secre PROGRAM PROGRAM RGA, ———> une MISOIRECTION eine —§ > REPRODUCTION ring §—§ > eae TRIGGER rie —— Gs PATLOND rine Saeed geting intin, f Fredo tate ig fpotamasaraly ten‘parts wich do not help you with this task. Scan this text to check your answers to Task 3 Ignore any FHEANATOMY OF A VIRUS Aol views avery sal simple organs ha ints ing cel, Laan a he os by ataching So tg a Td ‘fen caer bar whe how cel Silly sempatr srs is very sl pogramt row hatin compte er a resutes orepodce Wel I afen docs his by putching he oprcing sen to eal dct ‘progam iy such as CONT o EXE ls Ihe copies re no those es, Tse sts nt he ot computers. "When he errs an ete progr i ade ino memory caring the vis The vis a enn programing eh fs roentin ‘ebony ean the ea eprodacton rotten ‘str programs Tha proces ote ae he Sonpaer hitched "The it yak cone a pyoad tha emsing oem unt 3 rgge een tate sich the ‘ser prong apart ey. The plo ea ave # ‘ay of forms Img do someting rete harmless sch ac dlaying 2 meso the onior seren or it might do something more estucve sich 2 deting Her the had dike ‘When infects the vis places te fe insracton i tb os prora with command that ‘hangs he normal arco sequent. Tsp of oman known as JUMP consis! and cause. ‘he wre iran a Beene Before eho ogra. The ian hen rere contol the han Frosram which th continues wh cal sequen ‘fino and ected nthe normal mak ‘To beavis 3 pergram only meds have repredostion ote thar els fst the grams Ves ay weer ave our mat pas "Ries one dh enables tc ie al ieee ae artles tigre “ther pegran 3rge hatcaunes hepa he State at parolee or when apr vee {Sk plac nd a plod char may ely armless joke or maybe very dsr. A program that has fs bt dos ot have epedton oie frown as Troan Now read the whole texto find the answers to these question. How are computer viruses ike biological viuses? Whats the effet of vis patching the operating system? Why are some viruses designed tobe loaded into memory? What kind of programs do viruses often attach to? Match each Routine 1 mideton [4 2 reproduction fe 3 trigger « 4 payload Fueton z does the damage attaches a copy of el to another program hides the presence ofthe code || decides when and how to activate the payload 1 2 3 4 What examples of payload does the writer provide? 5 6 us routine to its function. 7 How does a Trojan differ from a virus?126 UNIT 36 it Secsity PN HIME escrive tne eects ofthese viruses and other destructive progams. 1 logic bomb — example a Adismissed employee's name is deleted from the company’s payroll. blogic bomb is activated. © All payroll records are destroyed. 2 Form (Boot sector virus) 2 Acertain date occurs. b Atrigger routine is activated. Keys beep when pressed and floppies are corrupted. 3 Beijing (Boot sector vitus) ‘a The operator starts up the computer forthe one hundred ‘and twenty-ninth time. b Atrigger routine is activated. The screen displays, ‘Bloody! June 4, 1985. 4 Antiexe ‘2 The infected program is tun. b The boot sector is corrupted. The disk content is overwritten, Data is ost.UNIT 18 bats Secuity 127 5 Cascade (File virus ~ COM files only) a Aparticular date occurs. The payload is triggered. © Characters on a text mode screen slide down to the bottom. 6 macro virus ~example ‘An infected document is opened in the wordprocessor. The virus macro is executed. The vitus code is attached to the default template. The user saves another decument. The virus code attaches to the saved document. ‘The saved document is opened in the wordprocessor. The virus destroys data, displays a message or plays music. Some verbs begining or ending with en have a causative meaning. Replace the words in lism these sentences with the appropiate form of en verb fom this ist. enable encrypt ensure encode enhance brighten encourage enlarge widen 1. AMIDI message makes sound into code as 8 information. 2 The teacher is using a new program to give courage fo children to write stores. 3 The new version of Simcity has been made betterin many ways. 4 Agatenay makes it possible for dissimilar networks to communicate. bytes of digital 5. You can convert data to secret code to make it secure. 6 Make sure the machine Is disconnected before you remove the 7 Designers can offer good ideas for making your website brighter. Electronic readers allow you to make the print size larger. Programmers write software which makes the computer able to carry out particular tasks. 10 You can make the picture on your monitor wider,328 UNIT38 pataSecuity 1 Decide in your group what these kinds of compte crime are. ‘Then match the crimes to the short descriptions which follow. Salami Shaving Denial of Service attack Trojan Horse Trapdoors, ail bombing. Software Piracy Piggybacking Phishing Defacing Hijacking Leaving, within a completed program, an illicit program that allows unauthorised ~ and unknown ~ entry. b Using another person's identification code or using that person's files before he or she has logged oft ¢ Adding concealed instructions to a computer program so that it will still work but will also perform prohibited duties. In other words, it appears to do something useful but actually does ‘something destructive in the background. ‘Wicking a user into revealing confidential information such as an ‘access code ora credit-card number. © _Inundating an email address with thousands of messages, thereby slowing oF even crashing the server. f Manipulating programs or data so that small amounts of money {are deducted from a large number of transactions or accounts ‘and accumulated elsewhere, The victims are often unaware of the crime because the amount taken from any individual is so small = Unauthorised copying ofa program for sale or distributing to other users. h_Swamping a server with large numbers of requests, | Redirecting anyone trying to visita certain site elsewhere. | Changing the information shown on another person's website,RIT UNIT 38 ata Security 129 Workin pairs, Aand B. You both have details of a computer ‘crime. Find out from your partner how his/her crime operated and its effects, Take notes of each stage in the process. ‘Student A Your computer crime is on page 187. Student B Your computer crime is on page 193. Using your notes from Task 9, write an explanation ofthe ‘computer crime described by your partner. When you have finished, ‘compare your explanation with your partners details on page 187 or 193. 3 Markthe following statements as True ‘4 ut the following sentences, about sending or false: ‘a secure ema in the correct order: ‘Amessage encrypted with a publickey can a_The message is derypted with the bbe decrypted by anyone recipient's private key “To senda secure message you must know The message is receved by the recipient. ‘the recipient's public key. ‘¢_The message is encrypted withthe Secure messages are normaly encypted recipients public key ‘using a private key before they are sent. ¢__ The message is sent by the sender. ‘Amessage can be reconstructed from its NAG. “Two message can often have the same MAC. ‘Adigial certificate is sent toa client in an encrypted form. 2 digital cerificate shouldbe signed by a ‘rusted digta-ericate issuer. [AMAC is used to check that a message has not been tampered with.330 UNIT28 Dats Secuity 1 By inthe anewersto these questions nthe following text. 11 What does data encryption provide? 2 privacy integrity authentication 2 Amessage encrypted with the recipient's ‘public ke can only be decrypted with: 4 the sender's private key the senders public key the recipient’ private key 3 What system is commonly used for encryption? 4 Whats the opposite of‘encrypt? = 5 -Amessage-digest function is used to: ‘2 authenticate a user create a MAC encrypt a message {6 What information doesadigal certificate she toa client? Safe Data Transfer ‘secur transactions across the internet have three goals First the two parties engl ‘vansection sa, an ema or 4 Business ‘urchase) dont manta thal party to be: ead thelr transmission, Some form of data erypion i necessary to preven this. Second, the receiver oF the message shouldbe able t detect whether someone has tampered ith transit Ths call fora message ntegsty 1» scheme. Fly Both parties must know that ‘hey'e communicating with each other ot an Imposter. Ths Is dome with user authentication ‘Today’ data encryption methods rely technique clea pubic ke eryptouraph. 1s Everyone using a public hey system has 3 public ey anid private hey. Messoges are encrypted ant decrypted with thee ays, A message “nerypted with your public Rey can only be ‘decrypted bya system that knows your private ey. ‘or the system vo work, wo parties engaein Secue transaction must hnow each other's DUDLI keys Pavate keys, Bowever, ae closely fuarded secrets known only to thelr owners. 2% When {want to send you ai encrypted messeue,1 use your public Key to turn my message into tniberish. {know that only you cm ura the iberiah Beck ate the orginal mete, Secause only you know your pvate ke. ube ‘ey cryptography also works In reverse that ‘only your public key ean decipher your private ey encryption “To make a message tamper proof providing -messige Integrity the sender runs ech ‘nssige thous 3 messagedigest function. This fonction within an aplication produces 2 ‘number called a message authentieation code (OAC. the system works because 1s arnost Imports for eres message 0 have te ‘hme HAC ar another message Iso, You ca take a MAC and tum 1 back ito the eign smessige ‘Te software being used fora given exchange produces « MAC fora message Before ts ‘neryped. Next, encrypts the MAC withthe [ender private Hey. then encrypts both the reste a the encrypted MAC With the recipients public hey and sends the message When the recipient gets the message and serypt they alse get en encrypted MAC. The Software kes the message and runs it through the same message digest function that the ender used and creates ts own MAC. Then t ‘erypt the senders MAC. If the two are the. Same, then the message hese been tampered “The aynamics of the Web dictate that a ser: Authentication system must exist This canbe ‘done using digital carats ‘A server authenticates itself toa cllnt by Sending am unencrypted ASCi based dial Cerifieate. A aga ertifeate contains fnformation about the company operating the server neucing the server's publi hey. The ‘ital certicat signed’ by a rusted dip erties suey, which means that the ser fas investigated the company operating the ‘server and Delleve tobe legitimate If the ‘ent tists the sor, hen can trust he Server The suer sens the certificate by feberaing 4 MAC foe hen encrypt he th the suers private Key. I he eet rusts {he issuer then alread Knows the ster ble be. ‘The dynamics and standards of secure transactions al ehunge bt the vee base {eset of secure wansactons wil remain the ‘Same If you understand the basics, then youre lea three steps ahead of everyone ese let Downey. Power ser Tar, PC Maga, gs 198] UNIT 18 ate Security 131 Re-read the text to find the answers to these questions, 41_Match the functions in Table 1 withthe keys inTable2, Es | to eneypt a message for sending > to decrypt a received message -€ toenenypt the MAC ofa message to encrypt the MAC of digital signature i sender's private key i trusted Issuer's private key iii the recipient's private key. iw the elpents pubic hey 2. Match the terms in Table A with the statements in Table B. 1 Message-authenticaton code Principal features 1 Meaningless data |v Person pretending tobe someone else Make unauthorised changes Wi Convert to meaningful data > additonal exercises on page 129,1 use your public Key to turn my message into tniberish. {know that only you cm ura the iberiah Beck ate the orginal mete, Secause only you know your pvate ke. ube ‘ey cryptography also works In reverse that ‘only your public key ean decipher your private ey encryption “To make a message tamper proof providing -messige Integrity the sender runs ech ‘nssige thous 3 messagedigest function. This fonction within an aplication produces 2 ‘number called a message authentieation code (OAC. the system works because 1s arnost Imports for eres message 0 have te ‘hme HAC ar another message Iso, You ca take a MAC and tum 1 back ito the eign smessige ‘Te software being used fora given exchange produces « MAC fora message Before ts ‘neryped. Next, encrypts the MAC withthe [ender private Hey. then encrypts both the reste a the encrypted MAC With the recipients public hey and sends the message When the recipient gets the message and serypt they alse get en encrypted MAC. The Software kes the message and runs it through the same message digest function that the ender used and creates ts own MAC. Then t ‘erypt the senders MAC. If the two are the. Same, then the message hese been tampered “The aynamics of the Web dictate that a ser: Authentication system must exist This canbe ‘done using digital carats ‘A server authenticates itself toa cllnt by Sending am unencrypted ASCi based dial Cerifieate. A aga ertifeate contains fnformation about the company operating the server neucing the server's publi hey. The ‘ital certicat signed’ by a rusted dip erties suey, which means that the ser fas investigated the company operating the ‘server and Delleve tobe legitimate If the ‘ent tists the sor, hen can trust he Server The suer sens the certificate by feberaing 4 MAC foe hen encrypt he th the suers private Key. I he eet rusts {he issuer then alread Knows the ster ble be. ‘The dynamics and standards of secure transactions al ehunge bt the vee base {eset of secure wansactons wil remain the ‘Same If you understand the basics, then youre lea three steps ahead of everyone ese let Downey. Power ser Tar, PC Maga, gs 198] UNIT 18 ate Security 131 Re-read the text to find the answers to these questions, 41_Match the functions in Table 1 withthe keys inTable2, Es | to eneypt a message for sending > to decrypt a received message -€ toenenypt the MAC ofa message to encrypt the MAC of digital signature i sender's private key i trusted Issuer's private key iii the recipient's private key. iw the elpents pubic hey 2. Match the terms in Table A with the statements in Table B. 1 Message-authenticaton code Principal features 1 Meaningless data |v Person pretending tobe someone else Make unauthorised changes Wi Convert to meaningful data > additonal exercises on page 129,