Wednesday, July 7, 2010

ASSIGMENT 17: INTRODUCTION COMPUTER THREATS

INTRODUCTION COMPUTER THREATS


The computer is a great tool to store important information. In certain
cases, the information is very vital that losing it will harm the computer
system.
Computer threats can come from many ways either from human or natural
disasters. For example, when someone is stealing your account information
from a trusted bank, this threat is considered as a human threat. However,
when your computer is soaked in heavy rain, then that is a natural disaster
threat.

MALICIOUS CODE

Malicious code is also known as a rogue program. It is
a threat to computing assets by causing undesired
effects in the programmer’s part. The effect is caused
by an agent, with the intention to cause damage.
The agent for malicious code is the writer of the code,
or any person who causes its distribution. There are
various kinds of malicious code. They include virus, Trojan horse, logic door,
trapdoor and backdoor, worm and many others.

a) VIRUS
· a program that can pass on the malicious
code to other programs by modifying them
· attaches itself to the program, usually files
with .doc, .xls and .exe extensions
· destroys or co-exists with the program
· can overtake the entire computing system and spread to other
systems

b) TROJAN HORSE
· a program which can perform useful and
unexpected action
· must be installed by users or intruders
before it can affect the system’s assets
· an example of a Trojan horse is the login script that requests for
users’ login ID and password
· the information is then used for malicious purposes

c) LOGIC BOMB
· logic bomb is a malicious code that goes off when a specific
condition occurs.
· an example of a logic bomb is the time bomb
· it goes off and causes threats at a specified time or date

e) TRAPDOOR OR BACKDOOR
· a feature in a program that allows
someone to access the program with
special privileges

f) WORM
· a program that copies and spreads itself
through a network
Primary Differences Between Worms And viruses

HACKER
Hacking is a source of threat to security in computer.
It is defined as unauthorised access to the computer
system by a hacker.
Hackers are persons who learn about the computer system in detail. They
write program referred to as hacks. Hackers may use a modem or cable to
hack the targeted computers.

NATURAL AND ENVIRONMENTAL THREATS
Computers are also threatened by natural or environmental disaster. Be it at
home, stores, offices and also automobiles.Examples of natural and
environmental disasters:
§ Flood
§ Fire
§ Earthquakes, storms and tornados
§ Excessive Heat
§ Inadequate Power Supply

Worm Virus
Operates through the network Spreads through any medium
Spreads copies of itself as a
standalone program
Spreads copies of itself as a
program that attaches to other
programs

THEFT
Two types of computer theft:
1) Computer is used to steal money, goods,
information and resources.
2) Stealing of computer, especially notebook and
PDAs.

Three approaches to prevent theft:
1) prevent access by using locks, smart-card or
password
2) prevent portability by restricting the hardware
from being moved
3) detect and guard all exits and record any
hardware transported

ASSIGMENT 16: COMPUTER SECURITY

COMPUTER SECURITY

DEFINITION OF COMPUTER SECURITY
Computer security means protecting our
computer systems and the information they
contain against unwanted access, damage,
destruction or modification.
We need to protect our computer from any
intruders such as hackers, crackers and script
kiddie.
We do not want strangers to read our e-mail, use our computer to
attack other systems, send forged e-mail from our computer, or examine
personal information stored on our computer such as financial statements.

TYPES OF COMPUTER SECURITY
Three types of computer security are:
a) hardware security
b) software security/data security
c) network security

a) HARDWARE SECURITY
Hardware security refers to security measures used
to protect the hardware specifically the computer
and its related documents.
The examples of security measures used to protect
the hardware include PC-locks, keyboard-locks,
smart cards and biometric devices.

b) SOFTWARE AND DATA SECURITY
Software and data security refers to the security
measures used to protect the software and the loss
of data files.
Examples of security measures used to protect the
software are activation code and serial number.
41
An example of security measure used to protect the loss of data files is the
disaster recovery plan method. The idea of this plan is to store data,
program and other important documents in a safe place that will not be
affected by any major destruction.

c) NETWORK SECURITY
The transfer of data through network has become a
common practice and the need to implement
network security has become significant.
Network security refers to security measures used
to protect the network system. One example of
network security measures is firewall. With firewall, network resources can
be protected from the outsiders.

PERSONAL COMPUTER SECURITY CHECKLIST
In order to make sure our computers are secured, here are the computer
security checklist to follow.
ü Do not eat, drink or smoke near the computer
ü Do not place the computer near open windows or doors
ü Do not subject the computer to extreme temperatures
ü Clean the equipment regularly
ü Place a cable lock on the computer
ü Use a surge protector
ü Store disks properly in a locked container
ü Maintain backup copies of all files
ü Stores copies of critical files off sites
ü Scan a floppy disk before you open it
ü Do not open any unknown email received.

Wednesday, May 12, 2010

ASSIGNMENT 15

COMPUTER CRIMES

A computer crime is defined as any criminal activity that is related to the use of computers. These activities include computer fraud, copyright infringement, computer theft and computer attack.

COMPUTER FRAUD

Computer fraud is defined as having an intention to take advantage over or causing loss to other people, mainly on monetary basis through the use of computers.

COPYRIGHT INFRINGEMENT

Copyright infringement is defined as a violation of the rights secured by a copyright. Copyright infringement involves illegal copy or reproduction of copyrights material by the black market group. The open commercial sale of pirated item is also illegal.

COMPUTER THEFT

Computer theft is defined as the unauthorized use of another person’s property with the intention to deny the owner the rightful possession of that property or its use.
Examples of computer theft include:
  • transfer of payments to the wrong accounts
  • tap into data transmission lines on database at no cost
  • divert goods to the wrong destination
COMPUTER ATTACK

Computer attack may be defined as any activities taken to disrupt the equipment of computer systems, change processing control or corrupt stored data.
Computer attack can be in the forms of:
  • physical attack that disrupt the computer facility or its transmission lines.
  • an electronic attack that uses the power of electromagnetic energy to overload computer circuitry.
  • a computer network attack that uses a malicious code to exploit a weakness in software, or in the computer security practices of a computer user

ASSIGNMENT 14

CYBER LAW

Refers to any laws relating to protecting the Internet and any other online communication technologies.

The Cyber Law Acts in Malaysia
  • Digital Signature Act 1997
  • Computer Crime Act 1997
  • Telemedicine Act 1997
  • Communications and Multimedia Act 1997
Digital Signature Act 1997

The Digital Signature Act 1997 secures electronic communications especially on the Internet. Digital Signature is an identity verification standard that uses encryption techniques to protect against e-mail forgery. The encrypted code consists of the user’s name and a hash of all the parts of the message.

Computer Crime Act 1997

The Computer Crimes Act 1997 gives protection against the misuses of computers and computer criminal activities such as unauthorized use of programs, illegal transmission of data or messages over computers and hacking and cracking of computer systems and networks.

By implementing the Computer Crimes Act 1997, users can protect their rights to privacy and build trust in the computer system. At the same time, the government can have control at a certain level over cyberspace to reduce cyber crime activities.

Telemedicine Act 1997

The Telemedicine Act 1997 ensures that only qualified medical practitioners can practice telemedicine and that their patient's rights and interests are protected. These act provides the future development and delivery of health care in Malaysia.

Communications and Multimedia Act 1997

The implementation of Communication and Telecommunication Act 1998 ensures that information is secure, the network is reliable and the service is affordable all over Malaysia. This act also ensures high level of user's confidence in the information and communication technology industry.

ASSIGMENT 13: PROCESS OF INTERNET FILTERING

What is Internet filtering?

It is a process that prevents or blocks access to certain materials on the Internet. Filtering is most commonly used to prevent children from accessing inappropriate material and to keep employees productive on the Internet.

There are 3 most commonly used methods in internet filtering;
  • Keyword blocking
  • Site blocking
  • Web rating system
1. Keyword blocking

This method uses a list of banned words or objectionable terms. As the page is downloading, the filter searches for any of these words. If found, it will block the page completely, stop downloading the page, block the banned words and even shut down the browser.

2. Site blocking
  • software company maintains a list of 'dubious Internet sites'
  • the software prevents access to any sites on this lists
  • 'denial lists' regularly update
  • some software provides control over what categories of information we block
3. Web rating systems

Web sites are rated in terms of nudity, sex, violence and language. The Recreational Software Advisory Council (RSACI) is responsible for the rating of the websites on the content on the Internet.
  • ratings done either by the web page author or by the independent bureau.
  • browsers set to only accept pages with certain levels of ratings.

Friday, April 2, 2010

ASSIGMENT 10: VERIFICATIONS

Verifications

Verifications is the fact of proving or disproving the correctness of the system with respect to a certain formal specification.

Methods of verifications
  • User Identification
  • Processed object

User Identification

It is an unique number assigned to a user from which the user is identified to various resources such as files in an operating system.

example;

1. Key in the user name to log-in to a system and the system will verify whether the user is valid or invalid user.

2. Show a passport before departure.


Processed Object

It refers to something the user has.

example;

1. Identification card

2. Credit card

3. Cell phone

Tuesday, March 30, 2010

ASSIGMENT 9: METHOD OF AUTHENTICATION

METHODS OF AUTHENTICATION

There are two commonly used authentication methods, which are biometric device and callback system.
Biometric device is a device that translates personal characteristics into a digital code that is compared with a digital code stored in the database.
Callback system refers to the checking system that authenticates the user.
BIOMETRIC DEVICES
Fingerprint Recognition
In order to prevent fake fingers from being used, many biometrics fingerprint systems also measure blood flow, or check for correctly arrayed ridges at the edges of the fingers.
Facial Recognition
Facial recognition analyses the characteristics of an individual's face images captured Through a digital video camera. Facial recognition is widely used, touted as a fantastic system for recognizing potential threats
(whether terrorists, scam artists, or known criminals).
Hand Geometry Scanning
Hand scanning involves the measurement and analysis of the shape of one's hand.
Unlike fingerprints, the human hand isn't unique. Individual hand features are not descriptive enough for identification.
It is possible to devise a method by combining various individual features and measurements of fingers and hands for verification purposes.
Iris Scanning
Iris scanning analyses the features that exist in the colored tissues surrounding the pupil which has more than 200 points that can be used for comparison, including rings, furrows and freckles.
The scans use a regular video camera and can be done from further away than a retinal scan. It will work perfectly fine through glasses and in fact has the ability to create an accurate enough measurement that it can be used for identification purposes.
The accuracy of this method is excellent while the cost involved is high.
Retinal Scanning
Retinal biometrics involves the scanning of retina and analyzing the layer of blood vessels at the back of the eye.
Retinal scanning involves using a low-intensity light source and an optical coupler and can read the patterns at a great level of accuracy.
Retina scanning requires the user to remove glasses, place their eye close to the device, and focus on a certain point. Whether the accuracy can outweigh the public discomfort is yet to be seen.
The accuracy in retinal scanning is very good and the cost involved is fair.
Voice Recognition
Voice recognition system compares a person’s live speech with their stored voice pattern.
Voice recognition biometrics requires user to speak into a microphone. What he speaks can be his password or an access phrase.
Verification time is approximately 5 seconds. To prevent recorded voice
use, most voice recognition devices require the high and low frequencies of the sound to match, which is difficult for many recording instruments to recreate well. Also, some devices generate random number of sequences for verification.
The accuracy in voice recognition is fair and the cost involved is very reasonable.
Signature Verification System
Signature verification system uses special pen and tablet. After pre-processing the signature, several features are extracted.
The authenticity of a writer is determined by comparing an input signature to a stored reference set (template) consisting of three signatures.
The similarity between an input signature and the reference set is computed using string matching and the similarity value is compared to a threshold.
The accuracy in signature verification system is fair and the cost involved is excellent.
CALLBACK SYSTEM
The callback system is commonly used in the bank operation and business transaction.
For example, when you book for the taxi service, the operator will ask you to hang up and she will call you back to confirm for the service required.