Computer Security and Risks

Introduction to Computer Science 2007-2008

Aims

Describing several types of computer crime Describing the major security issues that computer users have to face Describing how it affects to personal privacy Explaining the relationship between security and computer reliability

4626. Introd to Computer Science

Computer Crime
Crime accomplished through computer tech.

widely extended: easiness of computer usage most of them committed by company insiders high cost: foresight + repair spoong (or phishing): identity theft
4626. Introd to Computer Science

Current threats

Software Piracy

Illegal duplication of copyrighted software Reasons:

price of software means to create copies

How many pirate programs do you have?

4626. Introd to Computer Science

Intellectual Property

Privileges granted over intangible goods with nancial value They are dened over

copyright commercial secret patents trademarks

Authorship rights Industrial property

Software is covered by copyright

4626. Introd to Computer Science

Computer Sabotage
Use of malware to spoil hardware & software

Trojan horses Viruses Worms

4626. Introd to Computer Science

Trojans

hidden inside programs that perform useful tasks logic bombs: programmed to attack in response to a particular event (e.g. time bombs) solutions

software from reliable sources (avoids) anti-trojan (detects) rewall -output- (blocks)
4626. Introd to Computer Science

Viruses

as biological ones invade programs and use them to reproduce themselves operative system specic solution:

use carefully removable media (avoids) antivirus (detects and cleans)

4626. Introd to Computer Science

Worms

as viruses: use computers to reproduce themselves autonomous spread through computer networks solution:

email from condent sources (avoids) rewall -input- (blocks) security patches
4626. Introd to Computer Science

Hacking

Discovering and exploiting computer system failures Reasons:

curiosity intellectual challenge

Cracking = criminal hacking

4626. Introd to Computer Science

Reducing Risks
Information systems have to be protected...

to work properly to guarantee access to information only to granted users to guarantee privacy

4626. Introd to Computer Science

Physical Access Restrictions

Only authorised staff have access to the equipment
Security checks based on

something you have (card) something you know (password) something you do (signature) something about you (scans)

4626. Introd to Computer Science

How can we protect sensitive information?

1. protect hw

UPS
uninterruptible
power supply

protects data
to switch off the system

during power failures (minutes)

give users time

Surge protectors

shield computers from power spikes protect the computer from physical damage

4626. Introd to Computer Science

2. protect data

Passwords
The most common tool, but carefully chosen

which kind of password do you use? how frequently do you change your passwords? how many passwords do you use?

Never use a word or your b-day!!

4626. Introd to Computer Science

Firewalls
guard against
unauthorised access input and output

blocks accessing ports for by hardware or software

Encryption

keys to code messages and documents symmetric: common key asymmetric: public / private keys

4626. Introd to Computer Science

Audit Control SW

Records computer transactions Auditors can trace and identify suspicious activities

4626. Introd to Computer Science

2. replicate

Backup Copies

periodic copies of important information for companies, it is recommended that copies be stored in a different location

4626. Introd to Computer Science

RAID

Redundant Array of Independent Disks multiple disks as one logical unit mirroring: data redundancy

4626. Introd to Computer Science