Top Banner
Security CPS120 Introduction to Computer Science Lecture 4
36

Security

Dec 31, 2015

Download

Documents

aurelia-vaughn

Security. CPS120 Introduction to Computer Science Lecture 4. Aspects of Computer Security. A. Hardware B. Files C. Connectivity. Key Areas Addressed by Security. Physical security – how do I keep my hardware and key files safe - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Security

Security

CPS120

Introduction to Computer Science

Lecture 4

Page 2: Security

Aspects of Computer Security

A. Hardware

B. Files

C. Connectivity

Page 3: Security

Key Areas Addressed by Security Physical security – how do I keep my hardware and key

files safe Password security – what is a good password and how do

you set one Computer viruses – what they are and how to protect your

computer Network security -- how to protect yourself Firewalls - what the can and can’t do and why they are

important for always-on connections Backup strategies - why and how to backup your work

Page 4: Security

Physical Security

Page 5: Security

All Computers

Temperature – If too high, components malfunction

– Components generate heat which must be removed

Humidity – If too high: condensation and corrosion of metal parts

– If too low: static electricity (very high voltage!)

Electric power – Irregularities: power spikes, dips, and brown-outs

– Special care during thunderstorms!

– Power failure: un-interruptible power supply (UPS)

Page 6: Security

Physical Access

Access to the computer room– Logs of who goes in and out– Console security

• Screen passwords, etc.

Access to the physical network Locking laptops, protecting components on

desktops, servers, etc. Policies Contingency planning

Page 7: Security

Password Security

Page 8: Security

Security Principles

Access is restricted to safeguard the computer. Use is allowed only with user code and password: – User ID:

• Like hotel room number

• Gives private access to data files

– Password: • Like hotel room key

All users must enter valid user code and password before doing anything– Combines who you are and what you know

Page 9: Security

Password Cracking There are many software programs available now that can

guess your password if you are using words that are in the English or foreign dictionary

When guessing passwords involves simple transformations such as:– Converting all the letters in a word to lowercase– Applying user specific information about a person to a password– Using numeric suffixes

• The number 1 is far and away the most common suffix. More than all other digits combined

– Using numeric prefixes– The number 1 is the most common prefix. The number 2 is a

distant second– 0 and 6 are rarely used as prefixes

Page 10: Security

Creating Good Passwords

In order to be useful in authentication and authorization, a password should meet the following criteria:– Passwords must be at least six characters

– Passwords must include three of four types of characters:

– Uppercase letters

– Lowercase letters

– Numbers

– Non-alphabetic characters such as punctuation marks

Passwords shouldn't contain personal information

Page 11: Security

Pass-phrases

If you are serious about good password security, get in the habit of using ‘pass-phrases’. For example, it is easy enough to remember a phrase like ‘…born on the 4th of July’, but creating a password from it like bot4thoJ would create a password that meets the criteria discussed above.

Page 12: Security

Computer Viruses

Page 13: Security

Virus Definition A computer virus is a computer program that

can infect other computer programs by modifying them in such a way as to include a copy of itself. A virus, by definition, can't exist by itself. It must infect an executable program.

– A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt.

Page 14: Security

Other Types of Viruses

An e-mail virus is not any different from a regular virus; it just has a different mode of transportation ILOVEYOU"– Melissa

Script viruses are destructive code that does its damage by executing a program on a client machine

A macro virus is a type of computer virus that is encoded as a macro embedded in a document

Page 15: Security

Virus Software

Use of a virus checker regularly is the best way to combat viruses– Freeware, shareware, and commercial

anti-virus programs are widely available

Page 16: Security

Combating Script Viruses The most important thing to do is to check every

email you receive, file you download or are sent for a double file type (ie: .txt.vbs, or .html.jse, or whatever).

Never save executable attachments from email messages to your computer and run them – (files that end with .EXE, .COM, .VBS, and .BAT are

executable on Windows computers). – Change the default on your machine to open those file

types in an editor rather than run them• "Hardening your PC"

If you want to make your PC more secure in regard to script viruses, you may want to remove the Windows Scripting host from your machine.

Page 17: Security

Anti-Virus Software Anti-viral software can be set up to run automatically each time you

boot up the machine or run an executable. You can also execute anti-viral software manually if you suspect you have had a problem or you have received a suspicious attachment or some sort of un-trusted media.

There are two parts to most pieces of anti-viral software; the engine and the definitions. – The definitions change all the time. This is the part of anti-viral software

that needs to be updated constantly, because the population of viruses changes rapidly, with newly developed viruses springing up along with minor modifications of existing viruses (mutations) appearing constantly.

– The engine, on the other hand, is static and changes only at major release points. The engine is the driving force behind a virus program that checks for virus signatures on you machine and in your software.

Page 18: Security

Stay Current

The program you use isn't as important as how often you use it and that you keep it updated with the most recent virus definitions– To be effective, antiviral software must be

current -- even two-month-old software can be dangerously outdated

Page 19: Security

Other Types of 'Malware'

A worm is a special type of virus that can replicate itself and use memory, but cannot attach itself to other programs– 'Code Red'

– Nimda

A Trojan horse is a program that pretends to do something useful, but instead does something nefarious. – Trojans aren't infectious

– Often they place executables on the drive

Page 20: Security

Combating 'Malware'

Promptly apply all security patches to all Internet-exposed systems and replace with more secure products those that continually have vulnerabilities exposed.

Page 21: Security

Network Security

Page 22: Security

Hardening Your System

The term "hardening" refers to the process of configuring software so as to minimize potential security risks

Hardening security-specific applications like firewalls, intrusion detection systems, and antiviral tools involves turning on features and setting restrictive access rules

Page 23: Security

Your Security Profile

A port is an interface on a computer to which you can connect a device– A port is an endpoint to a logical connection– The port number identifies what type of port it

is Personal computers have various types of

ports. In this context A key to determining your computer’s

security profile is to determine port usage

Page 24: Security

Firewalls

Page 25: Security

What is a Firewall

A system designed to prevent unauthorized access to or from a private network

Firewalls can be both hardware and software, or a combination of both

Firewalls are used to prevent unauthorized Internet users from accessing private networks connected to the Internet

Page 26: Security

How Does It Work

A firewall is analogous to a moat around a medieval castle. In essence, the moat and drawbridge represent a "choke" point for all traffic in and out

A single point is much easier to monitor and can be closed if needed– All messages entering or leaving the intranet pass

through the firewall, which examines each message and blocks those that do not meet the specified security criteria

Page 27: Security

How Does it Work Technically?

Firewalls act as proxy servers, by masking the address of internal machines

Or packet filters using a "wall of code" that inspects each individual "packet" of data as it arrives at either side of the firewall

Page 28: Security

Backups

Page 29: Security

Making Backups

Copy original files onto another medium. This is called "making a backup"– Program files:

• Copy or install the original disks to a hard disk

• Use the copy and store the originals in a safe place

– Data files:• Copy the originals to another disk or tape

• Put the backup disk or tape in a safe place

Page 30: Security

Backups for This Class

Diskettes, Zip Disks, CD-R's:For every floppy you own, have a backup copy

Hard disk: backup on diskettes, tapes, removable hard disk, CD-RW or networked drive

Page 31: Security

Different Types of Backups

Different types– Full– Incremental– Differential

Page 32: Security

Full Backups

Includes all files on your drive(s)– Advantages

• Files are easily found when needed– All of the most current information can be found on

the last backup tape

– Disadvantages• Full backups are redundant backups

• Full backups take longer to perform and can be very time consuming

Page 33: Security

Incremental Backups

Includes files that were created or changed since the last backup

• Advantages– Incremental backups provide better use of media

– Much less data storage space required

– Less time is also required

• Disadvantages– Multiple disks or tapes are needed for restore

– You may have to search several volumes to find the file you wish to restore

Page 34: Security

Differential Backups

Includes all files that were created or modified since last Full backup– Advantages

• Differential backups take less time• Provides more efficient restores• Maximum of two media sets to perform a full

restore– The last Full backup and the last Differential backup tape

– Disadvantages• As time goes on a longer and longer time needed for

a differential backup• The amount of data gets larger and larger each day

Page 35: Security

Backup Plans

Backups are performed according to a schedule. For example:– Weekly: back up all files ("complete"

backup); Often done on the Friday evening

– Daily: back up only files that have been changed ("incremental" backup)• Incremental• Differential

Page 36: Security

Contingency Plans

A "system backup plan" is like an insurance policy: a contract with company having a computer system similar to ours or a 'hot' site– In case of computer disaster, we can use theirs