CSC101

Introduction to ICT

Muhammad Sharjeel
muhammadsharjeel@cuilahore.edu.pk

1
 Lecture - 13

Computer and Internet

Security

2
Computer and Internet Security
What is security?
freedom from danger, fear, or anxiety

In computers science terms, security can be defined as;

Measures adopted to prevent the unauthorized use, misuse, modification, or denial of use of knowledge, facts,
data, or capabilities
OR
Mechanisms to prevent, detect, and recover from network attacks, or for auditing purposes

3
Computer and Internet Security
Why is security necessary?
Because;
people aren’t always nice
a lot of money and important information is handled by computers

It is a general concept that the big issues in security can be solved with technology
Unfortunately, security issues are much more complex than that

At the very bottom, security is a people’s issue

We can not solve the basic problem with technology, but we can manage the security problem through the
dedicated application of well-thought-out security processes and procedures

4
Security in Computers
What we have learnt from our experiences is that;
you could build the biggest fortress in the world and someone could just produce a bigger battering
ram

Security is the name given to the preventative steps you take to guard your information and your capabilities
Security thus depends on the policies we define and the decisions we take

A computer is said to be secure, if we have adopted adequate measures to mitigate actions that causes loss of
or damage to system/data

5
Security in Computers
Two main types; External and Internal Security

External security: Securing computer against external factors such as fires, floods, earthquakes, stolen
disks/tapes, etc. by maintaining adequate backup, using security guards, allowing access to sensitive
information to only trusted employees/users, etc.

Internal security: User authentication, access control, and cryptography mechanisms

6
Security in Computers
Authentication: Verifying the identity of a user (person or program) before permitting access to the requested
resource

Access Control: Once authenticated, access control mechanisms prohibit a user/process from accessing those
resources/information that he/she/it is not authorized to access

Cryptography: Means of encrypting private information so that unauthorized access cannot use information

7
Authentication
Computer-to-computer authentication
computers can remember high-quality cryptographic keys and perform cryptographic operations

Human-to-computer authentication
humans cannot store large keys
humans cannot accurately or efficiently perform cryptographic operations

That’s why we need special methods for authenticating humans

8
Authentication
There are three main ways of authenticating a human:

Something you know

A password, cryptographic key, or the correct answer to a challenge-response test

Something you own

A physical key, security card, or a one-time password generator

Something you are

Some biometric measurement (facial features, fingerprint, retina scan, or voice print etc.)

9
Few Concepts in Computer Security
Hacking: Using a computer to break into another computer

“White hat” hackers are computer geeks who identify security flaws in order to improve computer systems
they have a desire to learn more about technology and to experiment

“Black hat” hackers are people who attempt to exploit security flaws to their own advantage
they are computer criminals or people unethically exploiting computer systems

10
Few Concepts in Computer Security
Computer crime: Also called cybercrime, is any illegal act involving a computer
Examples:
theft of financial assets
manipulating data for personal advantage
act of sabotage, i.e., releasing a computer virus, shutting down a Web server etc.

Cyber-bullying: Also known as cyber-harassment, is the use of technology (computers, cell phones, and other
electronic devices) to threaten, embarrass, or target another person (especially teenagers)
Cyber-stalking: Is the use of electronic communications (e-mail or messages) to send repeated threats and to
distress an individual, group, or organization.

Cyber-bulling is minors going after minors while cyber-stalking means that there is an adult involved

11
Few Concepts in Computer Security
War driving: Driving around an area to find a Wi-Fi network to access and use without authorization
Wi-Fi piggybacking: Accessing an unsecured Wi-Fi network without authorization

Click-baiting: An attack in which a webpage link designed to entice users to go to a certain webpage but
aimed at generating online advertising revenue
Click-jacking: An attack in which malicious code is hidden beneath apparently legitimate links on a webpage

12
Few Concepts in Computer Security
Virus: a potentially damaging computer program, can spread (by replicating) and damage files
Trojan horse: a script that hides within or looks like a legitimate file (data) until triggered, but it does not
replicate itself on other computers
Spyware: a program placed on computer without user knowledge, tracks and sends user activity to the
other (spying) computer
Adware: a program that, without user’s consent, displays online advertisements
Spam: an unsolicited e-mail message (usually commercial) sent to many recipients
Phishing: a scam in which a perpetrator sends an official looking e-mail that attempts to obtain your
personal information

13
Security Principles to Follow
Turn off file sharing
Disable Wi-Fi and Bluetooth if not needed
Turn off automatic and ad hoc connections
Install an antivirus program on all your computers
Think twice before posting your personal information online
Never open an e-mail attachment unless you are expecting it and it is from a trusted source
Install a personal firewall program
Disable file and printer sharing on Internet connection
Always have strong passwords
Limit the amount of information you provide to websites; fill in only required information
Clear your history file when you are finished browsing

14
THANK YOU

15