Professional Documents
Culture Documents
Introduction to ICT
Muhammad Sharjeel
muhammadsharjeel@cuilahore.edu.pk
1
Lecture - 13
2
Computer and Internet Security
What is security?
freedom from danger, fear, or anxiety
3
Computer and Internet Security
Why is security necessary?
Because;
people aren’t always nice
a lot of money and important information is handled by computers
It is a general concept that the big issues in security can be solved with technology
Unfortunately, security issues are much more complex than that
4
Security in Computers
What we have learnt from our experiences is that;
you could build the biggest fortress in the world and someone could just produce a bigger battering
ram
Security is the name given to the preventative steps you take to guard your information and your capabilities
Security thus depends on the policies we define and the decisions we take
A computer is said to be secure, if we have adopted adequate measures to mitigate actions that causes loss of
or damage to system/data
5
Security in Computers
Two main types; External and Internal Security
External security: Securing computer against external factors such as fires, floods, earthquakes, stolen
disks/tapes, etc. by maintaining adequate backup, using security guards, allowing access to sensitive
information to only trusted employees/users, etc.
6
Security in Computers
Authentication: Verifying the identity of a user (person or program) before permitting access to the requested
resource
Access Control: Once authenticated, access control mechanisms prohibit a user/process from accessing those
resources/information that he/she/it is not authorized to access
Cryptography: Means of encrypting private information so that unauthorized access cannot use information
7
Authentication
Computer-to-computer authentication
computers can remember high-quality cryptographic keys and perform cryptographic operations
Human-to-computer authentication
humans cannot store large keys
humans cannot accurately or efficiently perform cryptographic operations
8
Authentication
There are three main ways of authenticating a human:
9
Few Concepts in Computer Security
Hacking: Using a computer to break into another computer
“White hat” hackers are computer geeks who identify security flaws in order to improve computer systems
they have a desire to learn more about technology and to experiment
“Black hat” hackers are people who attempt to exploit security flaws to their own advantage
they are computer criminals or people unethically exploiting computer systems
10
Few Concepts in Computer Security
Computer crime: Also called cybercrime, is any illegal act involving a computer
Examples:
theft of financial assets
manipulating data for personal advantage
act of sabotage, i.e., releasing a computer virus, shutting down a Web server etc.
Cyber-bullying: Also known as cyber-harassment, is the use of technology (computers, cell phones, and other
electronic devices) to threaten, embarrass, or target another person (especially teenagers)
Cyber-stalking: Is the use of electronic communications (e-mail or messages) to send repeated threats and to
distress an individual, group, or organization.
Cyber-bulling is minors going after minors while cyber-stalking means that there is an adult involved
11
Few Concepts in Computer Security
War driving: Driving around an area to find a Wi-Fi network to access and use without authorization
Wi-Fi piggybacking: Accessing an unsecured Wi-Fi network without authorization
Click-baiting: An attack in which a webpage link designed to entice users to go to a certain webpage but
aimed at generating online advertising revenue
Click-jacking: An attack in which malicious code is hidden beneath apparently legitimate links on a webpage
12
Few Concepts in Computer Security
Virus: a potentially damaging computer program, can spread (by replicating) and damage files
Trojan horse: a script that hides within or looks like a legitimate file (data) until triggered, but it does not
replicate itself on other computers
Spyware: a program placed on computer without user knowledge, tracks and sends user activity to the
other (spying) computer
Adware: a program that, without user’s consent, displays online advertisements
Spam: an unsolicited e-mail message (usually commercial) sent to many recipients
Phishing: a scam in which a perpetrator sends an official looking e-mail that attempts to obtain your
personal information
13
Security Principles to Follow
Turn off file sharing
Disable Wi-Fi and Bluetooth if not needed
Turn off automatic and ad hoc connections
Install an antivirus program on all your computers
Think twice before posting your personal information online
Never open an e-mail attachment unless you are expecting it and it is from a trusted source
Install a personal firewall program
Disable file and printer sharing on Internet connection
Always have strong passwords
Limit the amount of information you provide to websites; fill in only required information
Clear your history file when you are finished browsing
14
THANK YOU
15