B.A. (Mahayana Studies)000-209 Introduction to Computer Science

November 2005 - March 2006

9. Safety and Security

What are the main safety and security issues when using computers? How can data/files be kept safe?

000-209 Intro to CS. 9/Secure 2

Overview

1. Hardware Reliability 2. Backing up your Data 3. Computer Viruses 4. Keeping Data Safe 5. Internet Security

000-209 Intro to CS. 9/Secure 3

The reliability of a computer component is measured in MTBF (mean time between failures). hardware is tested in a laboratory number of failures is divided by total hours of

observation

It’s better to plan for a hardware failure than hope one doesn’t happen.

1. Hardware Reliability

000-209 Intro to CS. 9/Secure 4

Downtime - time when a computer is not functioning.

Hardware redundancy (maintaining extra equipment) is a popular safeguard used by e-commerce sites.

Hardware Failure

000-209 Intro to CS. 9/Secure 5

A power failure is a complete loss of power to the computer system. data stored in RAM will be lost

A power spike is a brief increase in power less than one-millionth of a second

A power surge lasts a little longer

Surges and spikes can damage computers.

Power Supply Problems

000-209 Intro to CS. 9/Secure 6

A UPS (uninterruptible power supply) is the best protection against power failures, surges, and spikes.

A UPS contains a batterythat keeps your computerrunning for several minutesduring a power failure

Uninterruptible Power Supply

000-209 Intro to CS. 9/Secure 7

A surge strip can protect your computer and other devices from power spikes and surges. does not contain a battery

Surge protector vs. Power strips

continued

000-209 Intro to CS. 9/Secure 8

Don’t mistake a power strip for a surge strip a power strip provides multiple outlets but cannot

protect your computer from power spikes and surges

000-209 Intro to CS. 9/Secure 9

Copying files, or the contents of am entire disk, provides the best security for your data.

Backup tips: scan for viruses before backing up make frequent backups (once a day/week) check the backups store backups away from your computer

2. Backing up your Data

000-209 Intro to CS. 9/Secure 10

Consider capacity, speed, and reliability.

What to Use for Backups

000-209 Intro to CS. 9/Secure 11

Backup Software

Norton Ghost 9.0Simply Safe Backup (free)

http://www.simplysafebackup.com/

000-209 Intro to CS. 9/Secure 12

Types of Backups

Full backup copy all the files safe but can take a long time

Differential backup copy the files that have changed since the last full backup takes less time but more complex

Incremental backup copy the files that have changed since the last backup

000-209 Intro to CS. 9/Secure 13

A computer virus is a program that attaches itself to a file, duplicates itself, and spreads to other files.

3. Computer Viruses

000-209 Intro to CS. 9/Secure 14

The following signs might mean that your computer has a virus: displays a rude, embarrassing message unusual visual or sound effects difficulty saving files files mysteriously disappear the computer works very slowly applications increase in size for no reason

Virus Warning Signs

000-209 Intro to CS. 9/Secure 15

A boot sector virus infects the system files that your computer uses.

A macro virus infects a macro. Macros are tiny programs used in word

documents, databases, spreadsheets, and many other large applications

Virus Types

000-209 Intro to CS. 9/Secure 16

Macro viruses are the most common.

Most Popular Virus Types

000-209 Intro to CS. 9/Secure 17

Do not get files from high risk sources Use anti-virus software

Computer Protection

000-209 Intro to CS. 9/Secure 18

Don't: E-mail any attachments from your machine Ignore it, hoping it will go away

Do: tell your system administrator remove it using anti-virus software keep anti-virus software updated

When a Virus Hits...

000-209 Intro to CS. 9/Secure 19

Anti-virus software

avast! 4 Home Edition (free)http://www.avast.com/

Norton AntiVirus 2005

000-209 Intro to CS. 9/Secure 20

Anti-virus software checks for a virus signature – a unique series of bytes that identifies a known virus inside another program.

Hackers keep making new viruses, with new signatures, so anti-virus software needs to be updated regularly. usually automatically via the Internet

Virus Detection Methods

000-209 Intro to CS. 9/Secure 21

A Trojan horse is a computer program that appears to do something good/useful while actually doing something bad. not a virus, but may carry a virus does not duplicate itself

Example: a free game available for download from an unknown Web site it really deletes files once it is started

A Trojan Horse

000-209 Intro to CS. 9/Secure 22

A time bomb is a program that stays in your system undetected until it is triggered by a certain event in time. e.g. on "Friday 13th" it deletes all your files usually carried as a virus or in a Trojan horse

A Logic bomb is a program triggered by changes to your files. e.g. every new Word file is deleted

Bombs

000-209 Intro to CS. 9/Secure 23

A software worm is a program designed to enter a computer system through security holes in the computer network.

Worms

000-209 Intro to CS. 9/Secure 24

Good habits: save files frequently when you are working on them backup files frequently use anti-virus software do not open documents with unknown macros

4. Keeping Data Safe

000-209 Intro to CS. 9/Secure 25

Acceptable use policy - rules that specify how a computer system should be used determined by management used by large organizations makes users aware of limits and penalties provides framework for legal action

Acceptable Use Policy

000-209 Intro to CS. 9/Secure 26

User rights - rules that limit directories and files that each user can access. erase rights create rights write rights read rights file find rights

User Rights

000-209 Intro to CS. 9/Secure 27

Keep data backups in a locked room, away from the main computing area.

Offices with computers should be locked when there is no one around.

Computers can be chained to their desks.

Restrict Physical Access

000-209 Intro to CS. 9/Secure 28

Personal identification help identify authorized users: identity badges user IDs and passwords biometrics

Personal IDs

000-209 Intro to CS. 9/Secure 29

Fingerprint scanners canconfirm your identityin less than two seconds.

Biometric Example

000-209 Intro to CS. 9/Secure 30

Scramble information so it cannot be understood until it is decrypted.

Encryption

000-209 Intro to CS. 9/Secure 31

Many Internet security problems are due to ActiveX controls developed by Microsoft to extend the power of

Internet Explorer

ActiveX controls can be part of Web pages downloaded by Internet Explorer

5. Internet Security and ActiveX

continued

000-209 Intro to CS. 9/Secure 32

ActiveX controls has full access to your computer. hackers can use ActiveX controls to cause havoc

Digital certificates identify the author of an ActiveX control controls with digital certificates should be safe, if you

trust the certificate!

Internet Explorer can be configured to reject all ActiveX controls that do not come with certificates.

000-209 Intro to CS. 9/Secure 33

Most e-commerce sites provide a secure channel for transmitting credit card data.

SSL (Secure Socket Layers) uses encryption to establish a secure connection. SSL pages start with https instead of http.

S-HTTP encrypts data one message at a time.

Electronic Commerce Security

continued

000-209 Intro to CS. 9/Secure 34

Encrypted messages ensure that credit card numbers cannot be intercepted between a computer and an e-commerce site.

During securetransactions, Internet Explorerdisplays a lockicon and Netscape Navigator displaysa key icon.