Computer and Communication Threats: Safeguarding Computers and Communication

SECURITY AND CONTROL

Computer and communication threats

Information technology (IT) can be disabled by number of occurrences

·         Errors: Human, Procedural and software errors

·         Electrochemical problems

·         Threatened by natural hazards and civil strife and terrorism

·         Criminal acts; theft of hardware and software, time and services and information

·         Crimes of malice and destruction

·         Viruses

o   Criminals may be employees, outside users, hackers, crackers and professional criminals

 

Errors and Accidents

·         Computer and communication threats Human errors: unexpected things people do with computer system

o   Failure to acquire a computer fit for one’s need

o   Emotions: abandoning the computer or throwing

·         Procedural errors: computer failures related to failure to follow procedures

·         Software errors: the “bugs” affects the performance of a program

 

Electrochemical problems

·         Mechanical and electrical systems such as circuit boards don’t always work

o   May be improperly constructed, get dirty or overheated, wear out

o   Power failures (brownouts and blackouts) can shut a system down. Power surges can burn out equipment

·         Dirty data: Keyboarding in data that is incomplete, outdated or inaccurate

 

Natural and other hazards

·         Natural hazards; fires, floods, earthquakes, tornados, hurricanes etc. which may inflict damage over wide area

·         Civil strife and terrorism; civil riots, wars and acts of terrorism

 

Crimes against computers and communication

·         Theft of hardware: shoplifting an accessory in a computer store, removing a laptop or telephone service from someone’s car, stealing shipments of microprocessor chips off a loading dock (professionals)

·         Theft of software: stealing someone’s diskette or disks with software, copying programs, counterfeiting a well-known software programs

·         Theft of time and services: using your employees computer to play games, tapping into cellular networks and dialing for free

·         Theft of information: stealing confidential personal records and selling, stealing credit information

Crimes using computers and communication

·         Worms and viruses

o   Forms of high – tech malicious

o   A worm is a program that copies itself repeatedly into memory or onto disk drive until no more space is left

o   A virus is a “deviant” program that attaches itself to computer systems and destroys or corrupts data

o   Viruses may be passed through

§  Diskettes, flash memory cards and

§  Network

Types of viruses

·         Boot – sector – virus

o   Replace the boot sector instructions with its instructions and get loaded into main memory before operating system and be in a position to infect other files. Example AntCOSMOS, AntEXE

·         File virus:

o   Attach themselves to executable files i.e. those files that begin a program. In DOS these files have extension of .com and .exe

·         Multipartite virus:

o   Hybrid of file and boot – sector – virus

o   Infect both files and boot sector hence difficult to detect it

o   Polymorphic virus, can mutate and change form

·         Trojan horse:

o   Places illegal, destructive instructions at the middle of a legitimate program

·         Logic bombs:

o   Set to go off at a certain date and time

 

Computer criminals

·         Employees: 75 – 80% of everything happens inside

o   Use IT for personal profit, or steal hardware or information for sell

o   Frauds: involves credit cards, telecommunication, employee’s personal use of computers, unauthorized access to confidential files and unlawful copying of copyrighted or licensed software

·         Outside users:

o   Suppliers and clients may gain access to a company’s information technology and use it to commit crime

·         Hackers and crackers:

o   Hackers are people who gain unauthorized access to computer or telecommunication systems for the challenge or even the principle of it

o   Crackers also gain unauthorized access to information technology but do so for malicious purposes (financial gain, shutdown hardware, pirate software or destroy data)


Safeguarding computers and communication

Identification and Access

·         Computers authenticate your identity by determining

o   What you have

o   What you know and

o   Who you are

What you have:

·         Credit, debit and cash machine cards have magnetic strips or built in computer chips that identify you to the machine, they may request you to display your signature

·         Computer rooms may be guarded by security officers

·         Keeping a lock on personal computers

What you know

·         Use of PIN (Personal Identification Number)

·         Use of passwords

·         Use of digital signature

Who you are: (The physical traits)

·         Biometric devices that read fingerprints (computerised), voice, blood vessels in the back of the eyeball, the lips, one’s entire face

 

Encryption

·         Altering of data so that it is not usable unless the changes are undone

·         Use of encryption programs such as PGP (pretty good privacy)

·         Useful in some organizations especially concerned with trade secrets, military matters etc.

 

Protection of software and Data

·         Control of Access

o   Access to online files is restricted only to those who have a legitimate right to access. Example, some organizations have a transaction log that notes all accesses or attempted accesses to data

·         Audit controls

o   Many networks have audit controls that track which programs and servers were used, which files opened. Creates audit trails, record of how a transaction was handled from input through processing and output

·         People controls:

o   Screening of job applicants

o   Separate employees functions


o   Manual and automated controls

0 comments for "Computer and Communication Threats: Safeguarding Computers and Communication"

Back To Top