17.3 Electronic Infection Types of Electronic Infection 1. Computer viruses 3. Trojan horses2. Worms.

17.3 Electronic Infection

Types of Electronic Infection

1. Computer viruses

3. Trojan horses2. Worms

• A program that attaches itself to a real program

• Each time the user’s program runs, the virus runs too

• Can corrupt a computer system

• Can replicate itself to infect other computer systems

17.3 Electronic Infection

1.Computer virus

17.3 Electronic Infection

spreading through e-mail messages

Spread via the Internet

Spread through storage media

1.Computer virus

Most common way of virus transmission

Computers usually infected through e-mail attachments

Virus replicates itself by automatically mailing itself to people in victim’s e-mail address book

E-mail

virus

Spread through e-mail messages

17.3 Electronic Infection

1.Computer virus:

Source of viruses Good practice to scan suspicious downloads

17.3 Electronic Infection

Spread via the Internet

1.Computer virus:

Spread through Storage Media

Storage Media: Floppy Disks, CD- ROM etc… NOT the major sources for spreading computer

viruses nowadaysFiles in a disk may be infected with virus

downloaded from the Internet or attached to e-mails

17.3 Electronic Infection

1.Computer virus:

• A computer program that uses computer networks and security loopholes to spread out and replicate itself.

17.3 Electronic Infection

2.Worms

Method of spreadingA copy of the worm scans the network for another machine with a specific security loopholeThe worm copies itself to the new computer using the security loophole.

• A computer program that intends to perform malicious or destructive actions

• Hide well or looks like real programs• Running these programs the Trojan horse enters

without any notice• Hackers, with Trojan horses, can

– Steal sensitive information such as passwords and credit card numbers

– Remotely control the victim’s computer• NOT a virus as there is NO REPLICATION

17.3 Electronic Infection

3.Trojan Horses

1. Antivirus software• Examine files stored on disk or downloaded

from the Internet

• Determine whether they are infected

• Disinfect the files if necessary

• Scan for virus signatures to identify a known virus

17.3 Electronic Infection

Avoiding Virus Attacks

2. Measures to prevent infection• Do not accept files from high-risk sources• Install updated antivirus software • Update virus signatures regularly• Scan computer at regular intervals to ensure

that it is free from virus• Scan all incoming files before opening• Backup programs and data regularly• Change passwords at regular intervals

17.3 Electronic Infection

Avoiding Virus Attacks

1. What is an Encryption?

17.4 Securing Internet Transaction

• The process of converting readable data (plaintext) into unreadable characters (ciphertext)• Can prevent unauthorized access• Read the encrypted file → Decryption → Readable form• The reverse process is called decryption• The encryption process generally requires -Algorithm -A mathematical formula -Encryption key -A string of numbers and characters

• Symmetric Key Encryption– BOTH the sender and the recipient use the SAME key to

encrypt and decrypt data

– Problem• Need one key for each partner → problem of key

management and storage when a lot of people need to communicate

17.4 Securing Internet Transaction

2. Symmetric Key Encryption & Public Key Encryption

• Public Key Encryption– Two keys (Public Key & Private Key)

• Public Key

–Used for encryption

–Known to every person and placed on a public-key server

• Private Key

–Used for decryption

–Should be kept confidential

17.4 Securing Internet Transaction2. Symmetric Key Encryption & Public Key Encryption

– Guarantees the identity of a user involved in a transaction – Also called a public-key certificate– Issued and verified by a certificate authority (CA)– Typically contains

• Holder’s name• Holder’s public key• Expiration date• Issuing CA’s name and signature• Serial number of certificate

17.4 Securing Internet Transaction

3. Digital Certificate

– A protocol that provides secure data transmission between web servers and browser

– A web site providing SSL must have a digital certificate– Web sites use them to transmit confidential information

like passwords and credit card numbers– Web pages that use SSL typically begin with https://

instead of http://

17.4 Securing Internet Transaction

4. Secure Sockets Layer (SSL)

17.4 Securing Internet Transaction

4. Secure Sockets Layer (SSL)

– An e-mail message passes through a number of servers before reaching the recipient.

– Messages can be read by everyone if pried intentionally.

– Messages containing confidential information should be encrypted before being sent.

17.4 Securing Internet Transaction

5. Securing E-mail Messages

– A digital code attached to a message

– Used to identify the sender and verify that the received message has not been altered during transmission

– Generation process of digital signatures relies on public key method

17.4 Securing Internet Transaction

6. Digital Signature