Introduction to Information and Computer Science - PowerPoint PPT Presentation

Loading...

PPT – Introduction to Information and Computer Science PowerPoint presentation | free to download - id: 733b25-ZjUxO



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Introduction to Information and Computer Science

Description:

Introduction to Information and Computer Science Security Lecture a This material (Comp4_Unit8a) was developed by Oregon Health and Science University, funded by the ... – PowerPoint PPT presentation

Number of Views:186
Avg rating:3.0/5.0
Slides: 23
Provided by: Oreg85
Learn more at: http://media.fdtc.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Introduction to Information and Computer Science


1
Introduction to Information and Computer Science
  • Security
  • Lecture a
  • This material (Comp4_Unit8a) was developed by
    Oregon Health and Science University, funded by
    the Department of Health and Human Services,
    Office of the National Coordinator for Health
    Information Technology under Award Number
    IU24OC000015.

2
SecurityLearning Objectives
  • List and describe common security concerns
    (Lecture a)
  • Describe safeguards against common security
    concerns (Lecture b)
  • Describe security concerns for wireless networks
    and how to address them (Lecture b and c)
  • List security concerns/regulations for health
    care applications (Lecture c)
  • Describe security safeguards used for health care
    applications (Lecture c)

3
Concerns About Security
  • Loss, stolen, or compromised data
  • Identity theft and impersonation
  • Downtime for businesses
  • Loss of revenue
  • Blackmail
  • Threat to disclose medical information

4
Common Threats to Security
  • Wikipedia
  • Malware. . . (malicious software) is . . .
    designed to infiltrate a computer system without
    the owner's informed consent. (Wikipedia, 2007)
  • Types of malware include
  • Trojans
  • Viruses
  • Hoaxes
  • Worms
  • Phishing
  • Macro viruses
  • Hackers

5
Trojan Horse
  • Trojan horse?malware program that usually
    impersonates a known good file installed on
    system by replacing (deleting) \good file
  • Name comes from Greek Trojan Horse myth
  • The Trojan then does its dirty work on certain
    date, through user action or on command
  • Trojans can destroy or copy data, install adware,
    or install browser toolbar
  • Trojans can record keystrokes and send this to
    attacker and scan computer ports

6
Viruses
  • A virus is a computer program that can harm a
    computer and make it inoperable. Some viruses are
    only an annoyance.
  • Viruses usually do not replicate (make copies of)
    themselves on other computers
  • Removing a virus usually cleans computer
  • Sending a virus via email may replicate virus
  • In 2008, Fun.exe virus spread itself via email
    throughout the world and was very difficult to
    remove as it made many copies of itself on an
    infected computer

7
Macro Viruses
  • Macro viruses usually infect Microsoft Office
    files and install themselves when users click
    files.
  • A macro is a small program, usually written in
    VBA (Visual Basic for Applications)
  • Macro viruses spread when users click files in
    which the macro virus resides
  • Macro viruses may also delete files, etc. on
    infected system

8
Personal Information Attacks
  • Phishing
  • Attempt to trick user into revealing personal
    information to attacker so they can impersonate
    user
  • Pronounced like fishing attacker is fishing
    for information about user
  • User may receive email that appears to be from
    financial institution, eBay, or Amazon, asking
    for login to verify transaction.

9
Personal Information Attacks (continued)
  • Clicking link in email brings user to Web site
    that looks like real Web site
  • No reputable organization will ever ask for this
  • Report attack to organization so they are aware
    and can act
  • Most email software includes ability to monitor
    for phishing and move suspected email to
    non-functional (junk email) folder

10
Worms
  • A worm is a program that works to create lots of
    network traffic
  • Some worms are not malware as they crawl network
    searching for reporting information
  • Most worms replicate themselves, making network
    unusable
  • ILOVEYOU worm successfully attacked millions of
    computers (users who clicked attachment) in May
    2000

11
False Information
  • Hoaxes
  • Hoaxes usually a harmless attempt to convince
    user of something that is not true
  • Usually come in form of an email
  • Some hoaxes invite user to send money to someone
    in another part of world or ask for contributions
    to find missing children
  • Use search engine to determine whether emails
    message is true by entering email subject line in
    search engine
  • Result will usually indicate whether email is hoax

12
False Information (continued)
  • Uncloak hoax
  • Use trusted Internet sites to detect hoaxes
  • Snopes.com - http//www.snopes.com/
  • Urban Legends Online - http//urbanlegendsonline.c
    om/
  • Never forward email chains without verifying
    their source

13
How do Hackers Operate?
  • Packet sniffers can read Internet traffic
  • Wireshark?free protocol analyzer software tool
    that can display unencrypted network traffic on
    monitor screen.
  • www.wireshark.org
  • Install malware
  • Adware?Continuous ads on screen
  • Spyware?Reports on sites visited
  • Guess at user names and passwords
  • Dont use easy-to-guess passwords
  • Do change default usernames and passwords
    (wireless routers)

14
What is Network Security?
  • According to Wikipedia
  • In the field of networking, the specialist area
    of network security consists of the provisions
    and policies adopted by the network administrator
    to prevent and monitor unauthorized access,
    misuse, modification, or denial of the computer
    network and network-accessible resources.
  • In plain English
  • Network security is about rules set up for use of
    equipment, software, and data and how to follow
    these rules
  • Use of assets revolves around authentication,
    authorization, and providing permissions to
    network assets.
  • If user cant prove identity, he or she cant
    gain access to network, equipment, or data.

15
Authentication
  • User provides valid username and password
  • Referred to as credential
  • Computer authenticates credentials against user
    account and password database
  • If user logs in successfully, user is
    authenticated!
  • If credentials entered match what is in database,
    user is authenticated
  • Servers authenticate users using special type of
    database known as directory
  • Directory stores information about all users,
    user groups, computers, printers, and so on

16
Authorization
  • Next, authenticated users are authorized
  • Authorization means that computer indicates
    precisely what user can do
  • Print files using specified printers
  • Access specified network drives
  • View and/or change documents in folders
  • Use company email
  • Actions are usually recorded for audit

17
Permissions (Windows)
  • Authorized objects are associated with
    permissions
  • Part of authorizing object is determining
    permissions
  • Permissions determine what object can or cannot
    do on computer or network
  • Two types of permissions typically used
  • Sharing Allows one object to connect to or use
    another object over network
  • NTFS Determines what one object can or cannot do
    to another object
  • Permissions are a complex topic

18
Permissions (Windows)
  • Sharing and NTFS permissions work together
  • User creates folder on his computer so his sister
    can copy pictures he took
  • Next, he shares folder and sets his permissions
    to read
  • Lastly, he sets NTFS permissions to read so
    that she can view and copy pictures
  • Without this configuration, his sister will not
    be able to view or copy files from his computer
  • Non-Windows OS protect devices and files similarly

19
Permissions Example
  • Right-click folder and select Properties from
    menu
  • Pictures folder is shared
  • Click Advanced Sharing to configure sharing
    permissions for this folder

(2011, PD-US)
20
Permissions Example (continued)
  • Click Security tab to configure NTFS permissions
  • Group or user names are listed in ACL
  • Administrators have Full Control over this folder
    and its contents
  • This means that a user who is a member of the
    Windows Administrators group can do anything to
    this folder and its contents
  • Anything means view, add new files, delete
    existing files, change existing files, create new
    sub-folders, etc
  • (2011, PD-US)

21
SecuritySummary Lecture a
  • List and describe common security concerns

22
SecurityReferences Lecture a
  • References
  • Wikipedia. Malware. Internet. 2011 Jun cited
    2011 Nov 07. Available from http//en.wikipedia.
    org/wiki/Malware.
  • Images
  • Slide 19 Screenshot of a shared folder's
    properties window. Image source the creator of
    this presentation. (2011, PD-US)
  • Slide 20 Screen shot of the folder named Picture
    properties dialog box. Image source the creator
    of this presentation. (2011, PD-US)
About PowerShow.com