Security Risks

• Viruses, worms, Trojans • Hacking• Spyware, phishing • Keylogging • Online fraud• Identity theft• DOS (Denial of Service attacks

Virus

• A computer virus is a program that will damage your computer

• Once into your computer system it will attach itself to another program and reproduce itself

• Examples of the destructive effects of a virus:– data corrupted or deleted, the screen display

malfunction, hard drive spinning, computer freezes, unexpected messages or sounds

Worm

• A computer worm is a malicious program that multiplies once it is in your computer.

• It can multiply so many times that it can fill up your computer’s memory and backing storage and slow the system ,or even a whole network, right down!

Trojan

• Trojans are programs that pretend to be something like a game, a small application, a tool for maintaining your computer.

• Once you run the Trojan program it will damage your computer system.

• They are often found in e-mail attachments and are .exe files.

Hacking

• A hacker is someone who gains unauthorised access to a computer system.

• Hackers usually use networks to get into computer systems.

• They ‘break’ or steal passwords to gain access then copy, steal, delete, corrupt data.

Anti-virus software

• Anti-virus software can detect and destroy lots of viruses worms and trojans.

• Anti-virus software has a database of all viruses. worms and trojans which they must keep up to date or a regular basis.

• They will then scan your computer, locate and destroy the viruses worms and trojans

Anti-Virus

Spyware• Spyware is a program that steals information

from your computer e.g. -mail messages, usernames, passwords, bank details.

• It then sends this information across the internet to the person who sent the spyware.

• How does it get into your computer?–E-mail attachments, –Hidden inside another program that you install.

• If you don’t stop the spyware all your personal details and passwords can be stolen!

Phishing

• Phishing is a technique used by criminals tour personal information such as ID & password, bank details, phone number, address etc..

• Phishers use e-mails pretending to be from e.g. your bank, from Ebay from Pay-Pal to get you to give them your details.

• They can even pretend to be someone who wants to give you money, but first you have to give them your bank details.. Then they steal from you!

Keylogging

• A keylogger is a program designed to track and monitor user keystrokes, often used to steal passwords, credit card numbers.

• Keyloggers work unseen by the user, often by acting as software driving thekeyboard

• The information gathered is often then uploaded to a website, a server or an e-mail address.

KeyloggerUsing a keylogger you can:

online fraud

• Criminals use websites, online messages, or “spam” e-mails can reach large numbers of people easily.

• Their fake messages and websites look real and credible and can convince people to part with their money.

• Examples: bogus investment schemes, spreading false information to boost share prices, fake prize giving schemes, news that you have inherited money, bargain selling websites

Online fraud

• All on line fraud schemes want to get money from you

• They will try– to get your bank details– to get enough personal information to open

accounts in your name– get you to send cash directly

Identity theft

• Stealing your personal details such as bank account details, national insurance number, date of birth, address etc

• This enables the thief to pretend to be you and e.g. open bank accounts, get a credit card, buy on-line, withdraw cash

Denial of Service Attacks• There are two main types of DOS• Attacks which consume so many network

resources such as processors, disk space, memory, network connections, routers, that there is none left for users

• Attacks on a specific network resource e.g. disabling a file server.

Methods used in Denial of Service Attacks

• Resource starvation. This means using up a network resource so that legitimate users can’t access it. A good example is when the DOS attack sends corrupt packets of data to a network filling up the storage area so it can’t handle any more network traffic

• Bandwidth consumption. This means flooding the network with senseless data. : e.g. An example of this is flooding an e-mail server with messages until it crashes.

Methods used in Denial of Service Attacks

• Using weaknesses in networking software, making a server crash by targeting a design flaw in the operating system

• Attacking the routers. Sending streams of corrupted packets aimed at routers to divert them from routing data through a network.

Security precaution: Passwords

• A Password need to be secure! Tips:• Make it at least 8 letters long• Use a combination of UPPER and lower case

letters, numbers and punctuation e.g

Baw% Heid34& • Don’t write it down and leave it lying about• Change it frequently

Security precaution: Encryption

Security precaution: Encryption • Ecryption: protecting sensitive data by using

codes.• In order to read an encrypted data you need

the Key to the code• You can encrypt data held on a storage device

such as a hard drive: this would mean that any data that a hacker stole would be meaningless to them

Security precaution: Encryption

• Data being sent across networks is vulnerable to hacking so:– Encrypting data being sent across networks is a sensible

precaution e.g. when paying for something bought on-line you have to send your card details.

– Websites that collect your card details should have https in their address: that means they are using encryption to send your information.

Security precaution: Biometrics • Biometrics: security using technology to

recognise physical characteristics such as:– Fingerprints, the eye retina, a face, a voice.

• Firstly the data on a person is input and stored into the computer e.g: – A copy of their fingerprints, images of their face,

an image of the retina in their eye, a recording of their voice

Security precaution: Biometrics

• Before it allows a person access, the computer system – Scans their fingerprints– Takes a picture of their face– Takes a picture of their eye retina– Takes a recording of their voice

• The compares it to the data held in its memory

• If there is a match then access is granted

Security protocols

• A security protocol is a method of protecting data being sent across networks

• Commonly used protocols are – Secure File Transfer Protocol (SFTP)– Secure Hypertext Transfer Protocol (HTTPS)– Secure Socket Layer (SSL).

These protocols carry out functions such as:– Authenticating the sender and receiver of the data– Managing the encryption of the data ( including the keys)– Making sure that the data arrives intact and has not been

tampered with.

Security precaution: Firewall• A firewall is a system designed to check the data

coming into or going out of a network.• It :– only allows access to authorised users and applications – prevents unauthorised access to a network.

• On a small network e.g. a home network it will be implemented using software.

• On a larger network it may involve using a dedicated computer as well as software.

• The firewall software will often be provided by a security suite or, it might be provided by the operating system

Firewall

Security Suite

• A Security Suite is a set of programs are designed to protect your computer from a wide range of threats such as: viruses, trojans, spyware, identity theft, fake websites

• They can even provide firewalls and software to ‘tune up’ your system performance.

Security Suite

Security SuiteChecking websites

Security Suite

• Not all security suites provide the same features and when you are choosing between them you should ask the following questions– Does the suite protect from every type of threat? – How effective is the suite at protecting your

computer?– How easy is it to use?– Does it offer additional support and helpful

resources?– How often is it updated?

Security Suite

Check out these websites to compare security suiteshttp://internet-security-suite-review.toptenreviews.com/

http://www.pcmag.com/article2/0,2817,2369749,00.asp