ASSIGMENT 17: INTRODUCTION COMPUTER THREATS

INTRODUCTION COMPUTER THREATS

The computer is a great tool to store important information. In certain

cases, the information is very vital that losing it will harm the computer

system.

Computer threats can come from many ways either from human or natural

disasters. For example, when someone is stealing your account information

from a trusted bank, this threat is considered as a human threat. However,

when your computer is soaked in heavy rain, then that is a natural disaster

threat.

MALICIOUS CODE

Malicious code is also known as a rogue program. It is

a threat to computing assets by causing undesired

effects in the programmer’s part. The effect is caused

by an agent, with the intention to cause damage.

The agent for malicious code is the writer of the code,

or any person who causes its distribution. There are

various kinds of malicious code. They include virus, Trojan horse, logic door,

trapdoor and backdoor, worm and many others.

a) VIRUS

· a program that can pass on the malicious

code to other programs by modifying them

· attaches itself to the program, usually files

with .doc, .xls and .exe extensions

· destroys or co-exists with the program

· can overtake the entire computing system and spread to other

systems

b) TROJAN HORSE

· a program which can perform useful and

unexpected action

· must be installed by users or intruders

before it can affect the system’s assets

· an example of a Trojan horse is the login script that requests for

users’ login ID and password

· the information is then used for malicious purposes

c) LOGIC BOMB

· logic bomb is a malicious code that goes off when a specific

condition occurs.

· an example of a logic bomb is the time bomb

· it goes off and causes threats at a specified time or date

e) TRAPDOOR OR BACKDOOR

· a feature in a program that allows

someone to access the program with

special privileges

f) WORM

· a program that copies and spreads itself

through a network

Primary Differences Between Worms And viruses

HACKER

Hacking is a source of threat to security in computer.

It is defined as unauthorised access to the computer

system by a hacker.

Hackers are persons who learn about the computer system in detail. They

write program referred to as hacks. Hackers may use a modem or cable to

hack the targeted computers.

NATURAL AND ENVIRONMENTAL THREATS

Computers are also threatened by natural or environmental disaster. Be it at

home, stores, offices and also automobiles.Examples of natural and

environmental disasters:

§ Flood

§ Fire

§ Earthquakes, storms and tornados

§ Excessive Heat

§ Inadequate Power Supply

Worm Virus

Operates through the network Spreads through any medium

Spreads copies of itself as a

standalone program

Spreads copies of itself as a

program that attaches to other

programs

THEFT

Two types of computer theft:

1) Computer is used to steal money, goods,

information and resources.

2) Stealing of computer, especially notebook and

PDAs.

Three approaches to prevent theft:

1) prevent access by using locks, smart-card or

password

2) prevent portability by restricting the hardware

from being moved

3) detect and guard all exits and record any

hardware transported

ASSIGMENT 16: COMPUTER SECURITY

COMPUTER SECURITY

DEFINITION OF COMPUTER SECURITY

Computer security means protecting our

computer systems and the information they

contain against unwanted access, damage,

destruction or modification.

We need to protect our computer from any

intruders such as hackers, crackers and script

kiddie.

We do not want strangers to read our e-mail, use our computer to

attack other systems, send forged e-mail from our computer, or examine

personal information stored on our computer such as financial statements.

TYPES OF COMPUTER SECURITY

Three types of computer security are:

a) hardware security

b) software security/data security

c) network security

a) HARDWARE SECURITY

Hardware security refers to security measures used

to protect the hardware specifically the computer

and its related documents.

The examples of security measures used to protect

the hardware include PC-locks, keyboard-locks,

smart cards and biometric devices.

b) SOFTWARE AND DATA SECURITY

Software and data security refers to the security

measures used to protect the software and the loss

of data files.

Examples of security measures used to protect the

software are activation code and serial number.

41

An example of security measure used to protect the loss of data files is the

disaster recovery plan method. The idea of this plan is to store data,

program and other important documents in a safe place that will not be

affected by any major destruction.

c) NETWORK SECURITY

The transfer of data through network has become a

common practice and the need to implement

network security has become significant.

Network security refers to security measures used

to protect the network system. One example of

network security measures is firewall. With firewall, network resources can

be protected from the outsiders.

PERSONAL COMPUTER SECURITY CHECKLIST

In order to make sure our computers are secured, here are the computer

security checklist to follow.

ü Do not eat, drink or smoke near the computer

ü Do not place the computer near open windows or doors

ü Do not subject the computer to extreme temperatures

ü Clean the equipment regularly

ü Place a cable lock on the computer

ü Use a surge protector

ü Store disks properly in a locked container

ü Maintain backup copies of all files

ü Stores copies of critical files off sites

ü Scan a floppy disk before you open it

ü Do not open any unknown email received.

ASSIGNMENT 15

COMPUTER CRIMES

A computer crime is defined as any criminal activity that is related to the use of computers. These activities include computer fraud, copyright infringement, computer theft and computer attack.

COMPUTER FRAUD

Computer fraud is defined as having an intention to take advantage over or causing loss to other people, mainly on monetary basis through the use of computers.

COPYRIGHT INFRINGEMENT

Copyright infringement is defined as a violation of the rights secured by a copyright. Copyright infringement involves illegal copy or reproduction of copyrights material by the black market group. The open commercial sale of pirated item is also illegal.

COMPUTER THEFT

Computer theft is defined as the unauthorized use of another person’s property with the intention to deny the owner the rightful possession of that property or its use.
Examples of computer theft include:

• transfer of payments to the wrong accounts
• tap into data transmission lines on database at no cost
• divert goods to the wrong destination

COMPUTER ATTACK

Computer attack may be defined as any activities taken to disrupt the equipment of computer systems, change processing control or corrupt stored data.
Computer attack can be in the forms of:

• physical attack that disrupt the computer facility or its transmission lines.
• an electronic attack that uses the power of electromagnetic energy to overload computer circuitry.
• a computer network attack that uses a malicious code to exploit a weakness in software, or in the computer security practices of a computer user

ASSIGNMENT 14

CYBER LAW

Refers to any laws relating to protecting the Internet and any other online communication technologies.

The Cyber Law Acts in Malaysia

• Digital Signature Act 1997
• Computer Crime Act 1997
• Telemedicine Act 1997
  
• Communications and Multimedia Act 1997

Digital Signature Act 1997

The Digital Signature Act 1997 secures electronic communications especially on the Internet. Digital Signature is an identity verification standard that uses encryption techniques to protect against e-mail forgery. The encrypted code consists of the user’s name and a hash of all the parts of the message.

Computer Crime Act 1997

The Computer Crimes Act 1997 gives protection against the misuses of computers and computer criminal activities such as unauthorized use of programs, illegal transmission of data or messages over computers and hacking and cracking of computer systems and networks.

By implementing the Computer Crimes Act 1997, users can protect their rights to privacy and build trust in the computer system. At the same time, the government can have control at a certain level over cyberspace to reduce cyber crime activities.

Telemedicine Act 1997

The Telemedicine Act 1997 ensures that only qualified medical practitioners can practice telemedicine and that their patient's rights and interests are protected. These act provides the future development and delivery of health care in Malaysia.

Communications and Multimedia Act 1997

The implementation of Communication and Telecommunication Act 1998 ensures that information is secure, the network is reliable and the service is affordable all over Malaysia. This act also ensures high level of user's confidence in the information and communication technology industry.

ASSIGMENT 13: PROCESS OF INTERNET FILTERING

What is Internet filtering?

It is a process that prevents or blocks access to certain materials on the Internet. Filtering is most commonly used to prevent children from accessing inappropriate material and to keep employees productive on the Internet.

There are 3 most commonly used methods in internet filtering;

• Keyword blocking
• Site blocking
• Web rating system
  

1. Keyword blocking

This method uses a list of banned words or objectionable terms. As the page is downloading, the filter searches for any of these words. If found, it will block the page completely, stop downloading the page, block the banned words and even shut down the browser.

2. Site blocking

• software company maintains a list of 'dubious Internet sites'
• the software prevents access to any sites on this lists
  
• 'denial lists' regularly update
• some software provides control over what categories of information we block
  

3. Web rating systems

Web sites are rated in terms of nudity, sex, violence and language. The Recreational Software Advisory Council (RSACI) is responsible for the rating of the websites on the content on the Internet.

• ratings done either by the web page author or by the independent bureau.
• browsers set to only accept pages with certain levels of ratings.

ASSIGMENT 10: VERIFICATIONS

Verifications

Verifications is the fact of proving or disproving the correctness of the system with respect to a certain formal specification.

Methods of verifications

• User Identification

• Processed object

User Identification

It is an unique number assigned to a user from which the user is identified to various resources such as files in an operating system.

example;

1. Key in the user name to log-in to a system and the system will verify whether the user is valid or invalid user.

2. Show a passport before departure.


Processed Object

It refers to something the user has.

example;

1. Identification card

2. Credit card

3. Cell phone

ASSIGMENT 9: METHOD OF AUTHENTICATION

METHODS OF AUTHENTICATION

There are two commonly used authentication methods, which are biometric device and callback system.
Biometric device is a device that translates personal characteristics into a digital code that is compared with a digital code stored in the database.
Callback system refers to the checking system that authenticates the user.
BIOMETRIC DEVICES
Fingerprint Recognition
In order to prevent fake fingers from being used, many biometrics fingerprint systems also measure blood flow, or check for correctly arrayed ridges at the edges of the fingers.
Facial Recognition
Facial recognition analyses the characteristics of an individual's face images captured Through a digital video camera. Facial recognition is widely used, touted as a fantastic system for recognizing potential threats
(whether terrorists, scam artists, or known criminals).
Hand Geometry Scanning
Hand scanning involves the measurement and analysis of the shape of one's hand.
Unlike fingerprints, the human hand isn't unique. Individual hand features are not descriptive enough for identification.
It is possible to devise a method by combining various individual features and measurements of fingers and hands for verification purposes.
Iris Scanning
Iris scanning analyses the features that exist in the colored tissues surrounding the pupil which has more than 200 points that can be used for comparison, including rings, furrows and freckles.
The scans use a regular video camera and can be done from further away than a retinal scan. It will work perfectly fine through glasses and in fact has the ability to create an accurate enough measurement that it can be used for identification purposes.
The accuracy of this method is excellent while the cost involved is high.
Retinal Scanning
Retinal biometrics involves the scanning of retina and analyzing the layer of blood vessels at the back of the eye.
Retinal scanning involves using a low-intensity light source and an optical coupler and can read the patterns at a great level of accuracy.
Retina scanning requires the user to remove glasses, place their eye close to the device, and focus on a certain point. Whether the accuracy can outweigh the public discomfort is yet to be seen.
The accuracy in retinal scanning is very good and the cost involved is fair.
Voice Recognition
Voice recognition system compares a person’s live speech with their stored voice pattern.
Voice recognition biometrics requires user to speak into a microphone. What he speaks can be his password or an access phrase.
Verification time is approximately 5 seconds. To prevent recorded voice
use, most voice recognition devices require the high and low frequencies of the sound to match, which is difficult for many recording instruments to recreate well. Also, some devices generate random number of sequences for verification.
The accuracy in voice recognition is fair and the cost involved is very reasonable.
Signature Verification System
Signature verification system uses special pen and tablet. After pre-processing the signature, several features are extracted.
The authenticity of a writer is determined by comparing an input signature to a stored reference set (template) consisting of three signatures.
The similarity between an input signature and the reference set is computed using string matching and the similarity value is compared to a threshold.
The accuracy in signature verification system is fair and the cost involved is excellent.
CALLBACK SYSTEM
The callback system is commonly used in the bank operation and business transaction.
For example, when you book for the taxi service, the operator will ask you to hang up and she will call you back to confirm for the service required.