Introduction to Computer Programming IT-104 - PowerPoint PPT Presentation

View by Category
About This Presentation
Title:

Introduction to Computer Programming IT-104

Description:

Learn how to create a simple password file. ... to complicate and slow the process of hacking into ... Downloading programs from non-trustworthy sources. ... – PowerPoint PPT presentation

Number of Views:908
Avg rating:3.0/5.0
Slides: 41
Provided by: ITt87
Learn more at: http://www.afn.org
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Introduction to Computer Programming IT-104


1
Objectives
Introduction
Creating a Function
Creating a Sub
General
Code Modules
Exit
String Functons
Passing Arguments
  • Introduction to Computer Programming IT-104
  • Unit Ten Security Concepts Applications in
    Visual Basic Projects

2
Objectives
  • Discuss the concept of security as it relates to
    the computer world in general, and Visual Basic
    in particular.
  • Discuss the need to implement security in the
    modern world to control access to systems and
    data.
  • Discuss some common security measures.
  • Identify and discuss the typical internal and
    external threats to systems and data.
  • Identify and discuss some solutions to these
    threats.

3
Objectives
  • Learn how to add a password form to any Visual
    Basic project.
  • Learn how to create a simple password file.
  • Discuss network security and some common
    techniques to improve the security of any
    network.
  • Learn what encryption is.
  • Learn some common encryption techniques in use in
    todays computer environment.

4
Introduction
Home
  • Technology has allowed us to do many amazing
    things today.
  • Some of these things would have been impossible
    just a few generations ago
  • Space travel
  • The human genome project
  • Global positioning and satellite navigation
  • The Earth sciences in general

5
Introduction
  • The one thing each of the previous items had in
    common is that they all involve manipulating
    large amounts of data, and some of them require
    that data to be manipulated very rapidly.
  • This was not possible before the invention of the
    modern digital computer, and it is this device
    that has revolutionized our lives.
  • Technology is now an integral part of the human
    experience. The Internet, which was a curiosity
    a

6
Introduction
  • mere decade ago, has now become THE medium for
    moving information and communicating in general.
  • Organizations have now become dependent on
    information technology simply to survive and
    compete in the market place today.
  • Disruption of this information flow, be it by
    accident or by deliberate means, is not something
    any organization can tolerate.

7
Introduction
  • Organizations are now vulnerable as never before
    to security risks. The recent terrorist attacks
    as well as simple hardware failures (the
    northeast computer assisted power grid failure)
    have illustrated this weakness.
  • As a response to the perceived and real threats,
    software companies are developing robust software
    applications and network systems that are
    designed to complicate and slow the process of
    hacking into

8
Introduction
  • a system, and make it much more difficult to
    infect systems with viruses, bugs, and malicious
    code.
  • No system (or software package) is perfect. By
    their very nature, they will have some weakness,
    which a determined hacker or cracker will
    eventually discover and exploit, but the
    existence of these systems greatly hinder and
    slow the evil doer in the pursuit of his agenda.

9
Introduction
  • Unauthorized entry into applications, as well as
    systems is needed in todays computer world.
  • The use of validations, using accounts and
    passwords is an effective measure against
    unauthorized access and use of systems and
    software.

10
Security Measures
  • Every organization faces external threats from
    competitors as well as hackers.
  • Additionally there are internal threats as well.
  • The external threats are summarized on the next
    slide.

11
External Threats
  • A competitor could gain access to restricted or
    confidential data and gain a competitive edge or
    compromise restricted research data.
  • Hackers can gain access to client credit card
    numbers of other personal information that can be
    used for criminal purposes.
  • Hackers can take control of a computer system,
    which could be used to propagate malicious
    attacks on other computer systems. These types
    of attacks happen without the knowledge of the
    organization.
  • Hackers can gain access to the systems or
    databases of the organization, thus exposing them
    to critical information.

12
Internal Threats
  • Internal sources, such as disgruntled or
    incompetent employees, can also harm the
    organization by
  • Not keeping the anti-virus software updated on
    their systems.
  • Stopping anti-virus scanning to speed up data
    access.
  • Reading e-mail received from unknown sources.
  • Downloading programs from non-trustworthy
    sources.
  • Not installing security patches for operating
    system, e-mail clients, or Internet browsers.

13
Internal Threats
  • Using modems for data transfer from the Internet,
    without being disconnected from the LAN.
  • Revealing passwords to colleagues and friends.
  • Using new systems without installing anti-virus
    or firewall software on it.
  • Testing computers with blank password after
    connecting to the Internet.
  • Using plain text or unencrypted password to
    control devices, such as servers, routers, and
    switches.
  • Enabling file and printer sharing on the network
    without any requirement.
  • Allowing unrestricted data FTP to users.

14
Solutions
Home
  • Using password-protected systems.
  • Passwords should be a minimum of six (some think
    eight) characters, and the user should be
    required to change the password each month.
  • The users should not be allowed to re-use old
    passwords.
  • Users should be educated as to words, phrases,
    and other things to avoid when choosing passwords.

15
Solutions
Home
  • Passwords should never, never, never be given to
    users whose identity has not been thoroughly
    investigated, validated, and documented.
  • Passwords should be implemented on all e-mail,
    and some organizations even implement them on
    Internet Access.
  • Passwords should also be implemented to enforce
    control and access to sensitive, proprietary, or
    other mission-critical data and applications that
    access that data.

16
Adding a Password Form in VB
  • The password form can be added to a Visual Basic
    application just as we have added several other
    template type forms.
  • Visual Basic contains a Logon Dialog form that
    comes already pre-coded.
  • The programmer can then either plug in his own
    access file, or remove the code and supply his
    own custom coding.

17
Adding a Password Form in VB
  • To use this form, a password file should be
    created.
  • A simple text file will serve to illustrate this
    process.
  • The file should contain at least two fields,
  • UserAccount a unique string identifying the
    user.
  • UserPassword a string attached to the user
    account.
  • The file could also contain other profile
    information that would indicate the level of
    responsibility/trust that this person has to the
    organization typically the applications that he
    can access, and what his interaction with that
    software encompasses (can he add, delete, or edit
    data in addition to just browsing).

18
Adding a Password Form in VB
  • Additionally, the file should certainly have some
    encryption protection, so that if a hacker
    somehow manages to obtain a copy of this file,
    the data will be unreadable unless he also has
    access to the encryption method.
  • The next slide will illustrate a very simple
    password file for a particular application.
  • The file contains the account, password, and the
    data privileges assigned to him by the
    application administrator, who may or may not be
    the same person as the LAN administrator.

19
A Sample Password File
20
A Sample Password File
  • The first two lines of this file are simply a
    note to the person allowed to access the file.
  • The third line begins the user definitions, which
    contain the account password, and then either
    TRUE or FALSE indicating which of the five
    successive forms in the application the user is
    allowed to interact with. A TRUE value gives him
    full functionality, a FALSE value gives him
    limited browse only capability in this
    application.

21
Implementing the Password Form
  • Once a password form has been added to an
    application, it should immediately be either the
    first, or the second form that the user sees.
  • The only form that should be allowed to precede
    the password form is the Splash screen.
  • The password form should allow the user three
    tries (the standard in the computer world today)
    to correctly enter both his account and password.

22
Implementing the Password Form
  • The profiles can be used to set menu options,
    command buttons and other controls visible
    property or enabled property to control access to
    data.
  • If he doesnt succeed, he should then be locked
    out of the application, requiring an
    administrator to verify and reset his access to
    the application.
  • An example of the Visual Basic Logon Dialog form
    is shown on the next slide.

23
A Logon Dialog Form
24
Network Security
Home
  • A network can use one or more of the following
    firewall techniques
  • Packet filter scans each packet, which enters
    or leaves the network. If the packet adheres to
    the security policy defined through the firewall,
    it is allowed to pass through, other wise it is
    blocked. A packet is a piece of message
    transmitted over a packet-switching network.
    Packet-filter technique is quite effective, but
    it is quite time-consuming and difficult to
    configure.
  • Application gateway Scans data over specific
    applications such as FTP and Telnet servers.
    This gateway is very effective, but causes
    performance degradation.

25
Network Security
  • Circuit-level gateway Activates a security
    mechanism whenever a Transfer Control Protocol
    (TCP) or User Datagram Protocol (UDP) connection
    is established. TCP and UDP are protocols that
    connect between hosts on the Internet. Once the
    connection has been made, packets can flow
    between the hosts without further checking.
  • Proxy server Inspects all messages that leave
    or enter a network. As the name suggests a proxy
    server hides the true network addresses.
  • Creating a firewall is the most basic mode of
    security against any external threat. It doesnt
    solve all security problems, but serves as a
    basic preventive measure.

26
Network Security
  • Update anti-virus software regularly virus
    attacks causing huge loss of data and effort has
    become common news. Organizations are under a
    constant threat from virus attacks.
  • A virus is a parasitic program written
    intentionally to enter a computer without the
    users permission or knowledge. A virus can
    replicate itself and infect several machines over
    a network.
  • Viruses can be transmitted to a network via
    e-mail, by downloading the file from the
    Internet, or by direct copy from a removable
    media source. To prevent data against virus
    attacks, anti-virus software is used. This
    software scans the computer for any possible
    virus signatures, and it can intercept and
    isolate the virus before it creates any havoc
    within an organization.

27
Network Security
  • Deploy Web Monitoring Services tampering of an
    organizations Internet resources is a common
    form of security abuse. This leads to lost
    productivity, legal costs, and drainage of
    network resources. Over time, several Internet
    Usage Policies have emerged to deal with this
    problem. Acceptance of these policies have not
    been satisfactory. One of the popular preventive
    measures against unauthorized access to Internet
    resources is Web monitoring.

28
Network Security
  • Various organizations offer Web monitoring
    services to tackle this issue. These services
    can
  • Block or filter Web sites.
  • Report on employees usage habits.
  • Restrict access to non-business-related sites.
  • Provide different levels of access to different
    departments.
  • Provide offline and real-time alerting of
    Internet misuse.
  • Provide greater management accountability of your
    Internet resources.

29
Data Encryption
  • Passing messages so that only the sender and the
    receiver can read the message lies at the heart
    of data encryption.
  • The technique is as old as human civilization.
  • The Romans used it effectively, and one of the
    first methods documented is the so-called Caesar
    method in which he transposed the letters of the
    roman alphabet using a key. Recipients of his
    messages would be required to have a matching
    copy of the key in order to decode and read the
    message that

30
Data Encryption
  • Caesar had sent.
  • The weaknesses of this system are obvious.
  • The key could fall into the wrong hands, and then
    the message, if intercepted, could be decoded and
    read by someone other than the intended
    recipient.
  • The key could be lost or destroyed, thus
    preventing the recipient from decoding vital
    messages.
  • Those intent on defeating the system, after
    deciphering the coding scheme could then send
    false messages among participants in the network.

31
Data Encryption
Home
  • Cryptography is defined by Webster as hidden
    writing.
  • Cryptography works as in the case of the Caesar
    example to make the message from one sender to
    the recipient unintelligible unless the recipient
    has the key to decipher the message.
  • Modern computers are able to implement a number
    of excellent encryption schemes that are
    extremely difficult to defeat.

32
Data Encryption
  • Modern systems us a digital signature and digital
    timestamp to ensure that data received is from an
    authentic sender and not an intruder. This is
    referred to as authentication.
  • As mentioned previously, the advent of computer
    technology has allowed more complex cryptography
    algorithms and more secure key systems to be
    developed. Computers not only encrypt and
    decrypt huge amounts of data much faster, they
    also develop codes which are much harder to
    break. Based on the number of keys used, the
    cryptographic systems are divided into two
    categories.

33
Data Encryption
Home
  • Types of keys
  • Symmetric-key systems these encryption systems
    us a single key that both the sender and
    recipient have. The Caesar method was an example
    of such a method. Some recent examples of this
    kind of system are Rijndahl, Blowfish, RC2, RC4,
    Triple DES, and CAST. Symmetric encryption is
    very fast and easy to implement. However, it has
    one main drawback, that is, secure key
    distribution. For a sender and recipient to
    communicate securely using SE, they must agree
    upon a key and keep it secret amongst themselves.
    If they are in different physical locations,
    they need a secure communication medium to
    prevent the disclosure of the secret key during
    transmission. Anyone who overhears or intercepts
    the key in transit can later read, modify, and
    forge all information encrypted or authenticated
    with that key.

34
Data Encryption
  • Public-key systems these systems use two keys,
    a public key known to everyone, and a private
    key, which only the recipient of the message can
    use. Anyone who has a public key can encrypt
    information but cannot decrypt it. Only the
    person who has the corresponding private key can
    decrypt the information. Some examples of
    public-key encryption are PGP (Pretty Good
    Privacy), Algamal, RSA, Diffie-Hellman, and DSA.
    The primary advantage of PK systems is that it
    eliminates the need for a sender and receiver to
    share secret keys via some secure channel all
    communications involve only public keys, and no
    private key is ever transmitted or shared.

35
Some Password Dos and Donts
  • Change passwords at regular intervals.
  • Use passwords that have more than six characters.
  • Create passwords with unrelated words separated
    by non-alphabetic characters.
  • When changing a password, the new one should not
    bear any relation to the old.
  • Avoid passwords that have already been used in
    the last 12 months.
  • Avoid passwords that bear personal information,
    such as name, address, birth date, relatives,
    personal attributes, etc.
  • Change passwords on the machine immediately after
    it has been accessed by any outside engineer or
    maintenance person.
  • Use passwords auto-generated by machines (ugh!)

36
Summary
  • Discuss the concept of security as it relates to
    the computer world in general, and Visual Basic
    in particular.
  • Discuss the need to implement security in the
    modern world to control access to systems and
    data.
  • Discuss some common security measures.
  • Identify and discuss the typical internal and
    external threats to systems and data.
  • Identify and discuss some solutions to these
    threats.

37
Summary
  • Learn how to add a password form to any Visual
    Basic project.
  • Learn how to create a simple password file.
  • Discuss network security and some common
    techniques to improve the security of any
    network.
  • Learn what encryption is.
  • Learn some common encryption techniques in use in
    todays computer environment.

38
LAB Work
  • Add a Logon Dialog to your menu demo project from
    last lab session.
  • Create a simple logon file to control access to
    the application.
  • Complete any missed lab assignments from previous
    weeks.

39
Assignment
  • Study quizzes, presentations, your text book, and
    prepare for the final exam, which will be given
    next week.
  • At the beginning of the hour next week, I will
    expect someone to present to me, the CEO of the
    BigBucks Corp. your project, and to convince me
    that I must buy it.

40
Next Week
  • Your project!
  • The final exam!
  • The last of Mr. Etter (at least for this quarter)!
About PowerShow.com