11/24/13 1 Lecturer: Mr. Melwin Syafrizal, S.Kom., M.Eng. Semester: I, 2013 E-mail: [email protected] Mondays -10:40 am to 12:20 am, Room 4.2.1 Discovering Computers 2007. Shelly, Cashman, Vermaat. Computers and Information Systems. Larry Long. CAT Information Systems. CompTIA Strata IT Fundamentals Written Examination: 60% 50 multiple choice questions 4 structured questions, choose 2 Practical/Course Work: 40% 2 to 4 assignments 1 test (at least) 24/60 from written exam 16/40 from course work
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
11/24/13
1
Lecturer: Mr. Melwin Syafrizal, S.Kom., M.Eng. Semester: I, 2013 E-mail: [email protected]
Mondays -10:40 am to 12:20 am, Room 4.2.1
Discovering Computers 2007. Shelly, Cashman, Vermaat. Computers and Information Systems. Larry Long. CAT Information Systems. CompTIA Strata IT Fundamentals
Written Examination: 60% 50 multiple choice questions 4 structured questions, choose 2
Practical/Course Work: 40% 2 to 4 assignments 1 test (at least)
24/60 from written exam 16/40 from course work
11/24/13
2
Fundamentals of Information Technology seeks to provide you with an understanding of the uses of computers. The course additionally aims to endow you with practical skills of using a word processor, a spreadsheet, the Internet, and an operating system, efficiently.
In the computer industry, computer security refers to techniques for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization.
Most security measures involve data encryption and passwords.
Data encryption is the translation of data into a form that is unintelligible without a deciphering mechanism.
A password is a secret word or phrase that gives a user access to a particular program or system.
Network Security
Therefore, a computer security risk is any event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability.
A computer security plan is a summary in writing of all the safeguards that are in place to protect a company’s information assets.
Network Security
11/24/13
3
Network Security
Category Effect
Human error – e.g. delete a file by accident, adding data twice, entering incorrect data, not adequately trained/experienced (e.g. young child)
a) Loss of data, less data integrity (incorrect data) therefore incorrect information will be retrieved.
b) Damage to computer due to improper use.
Technical error – system failure e.g. hard disk crash, booting file missing/corrupted
a) Loss of data, loss of time in having to re-enter data.
Virus – program that causes damage to files or computer.
a) Loss of files/data, loss of time. May need to re-install software.
Disasters (Natural or otherwise) – earthquake, hurricane, fire, flood, lightening, power surges, low voltage, insects
a) Physical damage to computer. Loss of data. Loss of computer. Huge repair bill.
Unauthorized use and access – hacker/cracker gets access illegally. This can lead to things like software piracy.
a) Competing entity could use data against your company. Identity theft. Loss of sales due to piracy.
b) Also leads to theft of intellectual property, theft of marketing information (e.g., customer lists, pricing data, or marketing plans), or blackmail based on information gained from computerized files (e.g., medical information, personal history, or sexual preference).
c) Employees do things to deliberately modify the data. Theft, vandalism, civil disorder a) Loss of computer and data. Illegal access to files.
Loss of time. b) Loss of income due to software piracy.
A slang term for a computer enthusiast, i.e., a person who enjoys learning programming languages and computer systems and can often be considered an expert on the subject(s). Among professional programmers, depending on how it used, the term can be either complimentary or derogatory, although it is developing an increasingly derogatory connotation.
The pejorative sense of hacker is becoming more prominent largely because the popular press has co-opted the term to refer to individuals who gain unauthorized access to computer systems for the purpose of stealing and corrupting data. Hackers, themselves, maintain that the proper term for such individuals is cracker.
Network Security
Software piracy is the unauthorized copying of software. A software license is a type of proprietary or unwarranted license as well as a memorandum of contract between a producer and a user of computer software sometimes called an End User License Agreement (EULA) — that specifies the perimeters of the permission granted by the owner to the user.
By buying the software, a user becomes a licensed user rather than an owner. Users are allowed to make copies of the program for backup purposes, but it is against the law to give copies to friends and colleagues. Software licenses are primarily written to deal with issues of copyright law.
Network Security
11/24/13
4
Copying software is an act of copyright infringement, and is subject to civil and criminal penalties. Copyright is exclusive rights given to authors and artists to duplicate, publish, and sell their materials. A copyright provides its holder the right to restrict unauthorized copying and reproduction of an original expression (i.e. literary work, movie, music, painting, software, etc.) Software copyright stands in contrast to other forms of intellectual property, such as patents, which grant a monopoly right to the use of an invention or software, because it is not a monopoly right to do something, merely a right to prevent others doing it. It is illegal whether you use pirated software yourself, give it away, or sell it. In addition, it is illegal to provide unauthorized access to software or to serial numbers used to register software.
Network Security
Computer crime is defined as deliberate actions to steal, damage, or destroy computer data without authorization, as well as accessing a computer system and/or account without authorization. Criminals or perpetrators may be employees, outside users, hackers and crackers, and organized crime members.
Intellectual property refers to the category of intangible (non-physical) property comprising primarily copyright, moral rights related to copyrighted materials, trademark, patent and industrial design.
Network Security
Malware is a program that performs unexpected or unauthorized, but always malicious, actions. It is a general term used to refer to viruses, Trojans, and worms. Malware, depending on their type, may or may not include replicating and non-replicating malicious code.
A computer program that is designed to replicate itself by copying itself into the other programs stored in a computer. It may be benign or have a negative effect, such as causing a program to operate incorrectly or corrupting a computer's memory.
Network Security
11/24/13
5
The following allows someone to gain illegal/unauthorized access to data which leads to unauthorized use:
1. Spoofing - Getting one computer on a network to pretend to have the identity of another computer, usually one with special access privileges, so as to obtain access to the other computers on the network.
2. Masquerade - Accessing a computer by pretending to have an authorized user identity.
3. Scanning - Sequentially testing/ scanning passwords/ authentication codes until one is successful.
4. Snooping (Eavesdropping) - Electronic monitoring of digital networks to uncover passwords or other data.
5. Shoulder Surfing - Direct visual observation of monitor displays to obtain access.
6. Scavenging/Dumpster Diving - Accessing discarded trash to obtain passwords and other data.
Network Security
Risk management is an action taken to either prevent a risk from happening or to reduce its effects. The following table shows the various categories of risks and solutions to either prevent or reduce the effects of the risks. The solutions either protect the physical computer (hardware), or protect the data /information/software (files) on the computer.
Network Security
1) Data validation (validation rules) 2) Reduction of human interaction (because humans make
mistakes). In other words, automate as many processes as possible. For example, use a bar code reader to scan in the items rather than have the cashier typing in the item code.
3) Training of the user 4) Password protection 5) Authority levels (to limit access) 6) Supervision of children and inexperienced users. 7) Separation of duties (e.g. can enter data but not change) 8) Buy quality hardware from a reputable dealer
Network Security
11/24/13
6
9) Get a warranty period when purchase a computer 10) Backup just in case the hardware fails you 11) Air conditioning – to keep computer cool 12) Plastic dust covers to keep dust out of diskette drives 13) Proper (sturdy) desk on which to store computer 14) No magnets/sunlight/don’t open shutter and other
proper diskette care procedures 15) Proper maintenance (care) – e.g. defrag, cleaning
computer 16) Regular testing of hardware and software. 17) Antivirus software (e.g. McAfee, Norton Antivirus,
Trend Micro-PCcillin). This must be updated regularly.
Network Security
18) Firewall - A firewall is (a program and/or hardware that filters the data coming through the internet to prevent unauthorized access. Some firewalls protect systems from viruses, junk email (spam). (e.g. Black Ice, Zone Alarm)
19) Limit connectivity, such as staying off a network if it is not necessary. Visit trusted sites only when on the internet.
20) Limit software downloads since viruses can be caught by downloading music, games etc.
21) Use only authorized media for loading data and software 22) Not opening unknown email and attachments 23) Enforce mandatory access controls. Viruses generally
cannot run unless host application is running.
Network Security
24) Write protecting diskettes when opening files on another computer
25) Backup files regularly 26) Offsite Backup (located elsewhere such as another
branch or another country) 27) Good location (e.g. not on a hillside or near the sea) 28) Strong, weatherproof facilities (no windows, fireproof) 29) No food/drink around the computer – no insects, spills on
keyboard etc 30) Raised (false) floors – Similar to a false ceiling except
this is below your feet. It is used for earthquake protection as it works as a shock absorber. Raised floors also allow you to hide cables below.
Network Security
11/24/13
7
31) UPS (Uninterruptible Power Supply) – This has a battery which charges will there is power. It gives you time to shut down the computer properly when there is a power cut.
32) Generator – Used during a power cut and runs on gas. It allows you to continue using the computer for as long as there is gas.
33) Surge protectors to protect against low voltage, power surge/spike, lightening etc.
34) Lightening rod to protect the building and all electrical devices within the building from lightening storms.
35) Fire extinguishers – specially made for computers (foam). These will not damage the computers whereas water would cause damage.
36) Insurance of equipment in order to re-purchase if your computer is destroyed.
Network Security
37) Physical security – e.g. locks, guards, grills etc. 38) Access codes and passwords – passwords should not be easy to
guess (e.g. do not use your birthday). 39) Biometric devices – e.g. Retinal scan, finger print scan, voice
activated 40) Require frequent password changes. By the time a hacker goes
through a listing of the possible passwords, it would have changed.
41) Sign off when you leave your desk, even for a moment. 42) Authority levels – so that only certain users can perform
certain tasks. 43) Firewall - (a program and/or hardware that filters the
information coming through the internet to prevent unauthorized access.
Network Security
44) Encryption of data - encoding data so that it means nothing to hackers if they get into the system.
45) Audit trails – keeps track of what a user does when he is on the system
46) Log systems – keeps track of user sign on/off 47) Intrusion detection software – e.g. detects if put in wrong
password more than 3 times and kicks you off. (e.g. try to put in a false telephone card number, or the wrong PIN for your debit card at the ATM)
48) Time and Location controls - User can only use system at certain times and in certain locations
49) Separation of duties (e.g. one person enters and another person is needed to change the data such as a cashier). This is in order to prevent employees from committing fraud or stealing from the company.
Network Security
11/24/13
8
50) Restrict report distribution, shred reports – e.g. do not throw away credit card statements (prevents persons from going in your garbage and getting your private information).
51) Go to reputable web sites so that will not steal credit card number. Go to secure sites (lock at the bottom of the screen).
52) Secrecy Act in Jamaica – so that employees do not give out company information.
53) Copyright and License agreements – so that you have the right to sue persons who steal your software/data.
54) Auditing the programs that are written in case an unscrupulous employee deliberately put in code for his benefit.
55) Callback systems – the user can connect to the computer only after the computer calls the user back at a previously established telephone number.
Network Security
50) Physical security – locks, guard, dogs, biometrics 51) Metal detectors to prevent hardware theft 52) Backup 53) Lock the computer to the desk 54) Low profile facilities (no overt disclosure of high-value nature
of site, in other words do not display a sign to let persons know where your computer facilities are)
55) Mark your computers in a secret place so that you can identify it if the police finds it
Network Security
Regardless of the precautions that you take, things can still go wrong. Backup is therefore the main risk management solution. A backup is a duplicate of a file, or disk that can be used if the original is lost, damaged, or destroyed.
If your computer fails you can restore from the backup. The following describes the different types of backup. A. Full – backup that copies all of the files in a computer (also
called archival backup)
B. Incremental – backup that copies only the files that have changed since the last full or last incremental backup
C. Differential – backup that copies only the files that have changed since the last full backup
Network Security
11/24/13
9
D. Selective – backup that allows a user to choose specific files to back up, regardless of whether or not the files have changed since the last backup
E. Grandfather, Father, Son (or Three-generation backup) – backup method in which you recycle 3 sets of backups. The oldest backup is called the grandfather, the middle backup is the father and the latest backup is called the son. Each time that you backup you reuse the oldest backup medium. The father then becomes the grandfather, the son becomes the father and the new backup becomes the son. This method allows you to have the last 3 backups at all times.
Network Security
Related Documents
