Computer Security

Computer Security Risks

• any event or action that culd cause a loss of or damage to computer hardware, software, data, information or processing capability
• accidental and deliberate
• common security risks include viruses, worms, trojan horses, unauthorised access and use, hardware theft, software theft, information theft and system failure

Viruses, Worms and Trojan Horses

• How Stuff Works and you textbook give excellent descriptions about the differences between each of these and how businesses can safeguard their network against them

Unauthorised Access

• use of a computer network without permission
• hackers/crackers are those individuals who access a computer or network illegally
• common safeguards include firewalls, IDS, access controls

1. Firewalls may be hardware or software systems that restrict incoming and outgoing traffic. (Mr McWilliam will show you a short animated movie about this)
2. IDS stands for intrusion detection software. This is a type of software that analyzes all network traffic and notifies network administrators of any suspected system breaches.
3. Access controls limit internal and external access to data and systems. The most common access control is the use of user names and passwords. Access to data and systems should be limited to only those individuals who require it to limit accidental or intentional security breaches. Example: Census Bureau EBay customer database . Access controls can specify who can read, write or modify based on user name. Other access controls include possessed objects, biometric devices and call back systems.

Hardware Theft

• stealing of computer equipment
• can result in the loss of data as well. example: Florida dept of tranportation
  
• controls include mostly physical controls such as locked doors, locked windows, cables

Software Theft

• organisations need to ensure that all software used in the organisation is covered by a license agreement. Generally most licenses are for only a single user. However, some software manufacturers offer site licenses.

Information Theft

• theft of personal or confidential information
  
• one of the top threats facing corporate America
• Encryption is the best safeguard. Encryption converts readable data to unreadable data.
• A common form of encryption is public key (asymmetric) encryption which allows senders to encrypt using a public key and receivers decrypt using a private key. Pretty Good Privacy (PGP) is a common public key encryption service and is used for things like email.
  
• TrueCrypt is a nice open source symmetric key encryption system that can be used to encrypt storage devices like hard drives. (If a corporate hard drive is stolen, customer private data can not be read from the drive)
• Encryption is used extensively on the internet to protect data traveling over the public network. Examples include Virtual Private Networks to create secure connections, digital certificates to authenticate users, SSL and SHTTP which encrypt data between a client and server,