UNIT 1: COMPUTER SECURITY
Key Unit Competency:
To be able to enumerate various security threats and ensure security of computer.
INTRODUCTORY ACTIVITY
A. Apply the following scenario.
1. In the school computer lab, some computers have been damaged by humidity, some computer screens that have been broken and other computers are not password protected. In groups, respond to the following questions. What is wrong with such A computer lab?
2. Identify the risks of an unsecured computer
3. Describe how this computer lab can be secured
4. Describe how data stored in a computer can be protected
5. What are the measures that can be considered to protect the computer lab physically and logically?
Describe what you see on the picture bellow.
1. Is this computer lab well organized?
2. Identify the security risks.
3. Propose solutions to improve the security of material inside this computer lab
1.1 Why computer security?
ACTIVITY 1.1
Visit the school computer lab and answer the following questions?
1. In the school computer lab, are all computers secured? If yes, describe how they are secured. If not, what to do to enhance the security of computers?
2. Describe the simple measures that can be taken to protect the computers in the school computer lab
Introduction
Nowadays, computers become an indispensable tool in the life of human beings. They are used in banking, in shopping, in communicating between people through emails and chats, etc. However, some intruders are joining the conversations and try to read emails of others without permission. Most of the time, they misuse their computers by attacking other systems, sending forged emails from computers, or examining personal information stored in others’ computers.
Computer security refers to techniques developed to safeguard information and systems stored on computers.
The protection of data (information security) is important. It reduces the probability of hardware and software problems and it increases the security of data stored in computers.
Why is computer security important?
Computer security is important for many reasons:
Computer security helps to keep safely data and equipment functioning properly and provide access only to appropriate people.
Computer security prevent unauthorized persons to enter in others computers without their consents.
Computer security helps to keep healthily computers against viruses, malware and other unintentional soft wares that can prevent computers to run smoothly.
Computer network need to be protected because Cyber criminals, hackers, and identity thieves present real and dangerous threats to any online system.
APPLICATION ACTIVITY 1.1
1. By using simple words, define computer security?
2. In pairs, discuss and write a brief report on importance of computer security at your school, in Rwanda and in the whole world.
3. Write down some cases of computer security break that have happened in Rwanda and in the world?
1.2 Computer threats
LEARNING ACTIVITIES 1.2
A hard disk is connected into a broken computer system case like the one below. When the computer is switched on, it shows that something is wrong. The user cannot work on it properly. It is very difficult to send a document to hard disk.
1. Describe what is happening to make the computer not functioning correctly.
2. Propose solutions to this problem
1.2.1 Threat definition
A threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system. A threat is an activity/ attack/ situation that may happen, with the potential to cause serious damage. Threats can lead to attacks on computer systems, networks and more.
1.2.2 Threat categories
Knowing how to identify computer security threats is the first step in protecting a computer. The threats could be intentional, accidental or caused by natural disasters. Computer threats are categorized in two categories; physical threats and logical threats:
Physical threats
Digital storage media and hardware are subject to numerous internal and external forces that can damage or destroy their readability. Below are some cases of physical threats:
•Improper storage environment (temperature, humidity, light, dust),
•Over use (mainly for physical contact media),
•Natural disaster (fire, flood, earthquake),
•Infrastructure failure (plumbing, electrical, climate control),
•Inadequate hardware maintenance,
•Hardware malfunction
Logical threats
Are events or attacks that remove, corrupt, deny access, allow access, or steal information from a computer without physical presence of somebody. These include viruses, worms, Trojans, spyware, adware, SQL injection etc.
Threats to information systems can cause:
•Hardware failure: A malfunction within the electronic circuits or electro mechanical components (disks, tapes) of a computer system. Example: a CPU socket damaged.
•Software failure: The inability of a program to continue processing due to erroneous logic. Example: a crash of a computer program.
•Electrical problems: are faults caused by electric like a low-resistance connection between two points in an electric circuit through which the current tends to flow rather than along the intended path.
•User errors: is an error made by the human user of a computer system in interacting with it. Example: a system file deleted unintentionally by a user.
•Telecommunication problems. Example: when the antenna are not working
•Program changes; modifications made to program. Example: a simple modification in a program can affect the whole software.
•Theft of data, software, services and equipment. When a physical or logical component of a system is stolen, the whole system stops. Example: a computer cannot run without a RAM or cannot run with a corrupted software
APPLICATION ACTIVITY 1.2
1. Discuss the difference between logical and physical threats and give examples for each?
2. Explain the difference between hardware and software failure
3. Explain how a computer user can cause the errors to information system.
4. In the school computer lab, take one computer and remove the RAM. What is happening to the system?
5. After analyzing the school computer lab, enumerate the different threats that are existing with the computer
1.3 Computer attacks
LEARNING ACTIVITY 1.3.
Suppose that yesterday when students were using computers in the school computer lab, everything worked well. They brought from outside different storage devices like flash disks and external hard disks used to copy various documents to the computers. Today morning, when the Lab attendant switched on the computers, most of them displayed suspected messages.
Discuss in groups what may be the cause of such behaviors. How the problem can be addressed in the laboratory?
In computer and computer networks an attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset. An attack can be active or passive.
An “active attack” attempts to alter system resources or affect their operation.
A “passive attack” attempts to learn or make use of information from the system but does not affect system resources.
The different kinds of attacks are summarized in the following image:
However, the frequent computer attacks are virus, worms, Trojan, spyware, Shoulder Surfing, Denial-of-Service, eavesdropping, social engineering and cyber crimes
1.3.1 Virus
A virus is a self-duplicating computer program or piece of code that is loaded onto a computer without the user’s knowledge and runs against his/her wishes.Viruses can spread themselves from computer to computer, interfering with data and software. A virus is attached to small pieces of computer code, software, or documents. The virus executes when the software is run on a computer. If the virus is spread to other computers, those computers could continue to spread the virus.
Some viruses work by hiding on the first sector of a disk and loaded into memory. Other viruses insert themselves onto program files that start applications. Those files have the extension of .exe and .com the last category of viruses are viruses which infect programs that contain powerful macro languages like programming languages.
The common viruses are:
a. Worms
A worm is a computer program that sits in the computer memory, duplicates itself continuously until the system runs out of memory and crashes. Worms infect networks by replicating themselves and transmitting their multiple copies to all the nodes connected on the network.
b.Trojan
A Trojan may appear to be something interesting and harmless, such as a game, but when it runs it may have harmful effects. Unlike worms, Trojans do not replicate themselves but they are destructive.
Trojan are used by hackers to gain access into a machine without the permission of the user.
Normally when someone visits some websites which are malicious in nature, the trojan gets downloaded or may come from an infected source.
The Trojan gets installed in the computer and later on helps the hackers to gain access into that computer.
1.3.2 Denial of Service (DoS)
When a denial of service (DoS) attack occurs, a computer or a network user is unable to access resources like e-mail and the Internet. An attack can be directed at an operating system or at the network.
1.3.3 Spyware
Just like virus, Spyware also comes under that category of malware attacks, which means that it is a code or program written for doing some damage to the computer.
Although the working of spyware is different from the other types of malware mentioned, Spyware as the name suggests is used to spy into a system.
The job of the spyware is to silently sit inside the host system and observe the activities of the system.It may also come from other sources like detachable storage devices. Spyware sits quietly in the system and copies all the relevant information being input and processed.
Example of how spyware work:
Suppose a user is logging on to any bank.
Once the website of the bank opens, the user id and login password is input.
After that if the user wants to do a financial transaction, the transaction password has to be entered. All this information is quietly registered by the spyware. Then the spyware sends all the information recorded from the user’s computer to its parent i.e. probably a hacker somewhere on the Internet. The information may be transmitted even while the user is using the system.
Once the hacker has the user’s information, like bank name, login id and password, nothing can stop him/her from transferring the money from that account to anywhere else.
APPLICATION ACTIVITY 1.3a
1. What is a computer attack? Differentiate active attack to passive attack.
2. Explain the difference between worms and Trojan
3. Explain briefly how virus are categorized?
1.3.3 Social Engineering
A Social Engineer is a person who is able to gain access to equipment or a network by tricking people into providing him/her the necessary access information. Often, the Social Engineer gains the confidence of an employee and convinces him/her to divulge username and password information.
A Social Engineer may pose as a technician to try to gain entry into a facility. Once inside, he/she may look over shoulders to gather information, seek out papers on desks with passwords, or obtain a company directory with e-mail addresses.
So, Social Engineering is a technique/method used by someone by trying to socialize with someone else with the purpose of picking/getting his/her credentials or user name and password with intention to use them during his/her absence. A user never feels that revealing his/her credentials to someone that he/she trusts is wrong.
Example:
•A husband gives his credentials to her wife and vice versa.
•An Administrative Assistant gives his/her credentials to his/her boss.
•Etc
1.3.4 Shoulder Surfing
In computer security, shoulder surfing is a type of social engineering technique used to obtain information such as personal identification number, password and other confidential data by looking over the victim’s shoulder. This attack can be performed either from a closer range by directly looking over the owner of information.
1.3.5 Eavesdropping
Eavesdropping refers to the unauthorized monitoring of other people’s communications. It can be conducted on ordinary telephone systems, emails, instant messaging or other Internet services.
1.3.6 Cybercrimes
Cybercrime, also called computer crime, is any illegal activity that involves ICT tools such as a computer or network-connected device, such as a mobile phone.
Different types of cybercrimes:
•Cyberbullying
Cyberbullying is bullying that takes place using electronic technology. Electronic technology includes devices and equipment such as cell phones, computers, and tablets as well as communication tools including social media sites, text messages, chat, and websites.
Examples of cyberbullying include text messages, rumors sent by email or posted on social networking sites, and embarrassing pictures, videos, websites, or fake profiles, posting hurtful images, making online threats, and sending hurtful emails or texts.
Example: when someone tweets or posts on social media:
Today, the president of United States resigns because he failed to supply laptops in schools.
•Sexting
Sexting is the sending and receiving of text, photo or video messages of children and young people that are inappropriate and sexually explicit.
These images are mostly self-generated and shared through mobile phone MMS, Skype and social networking sites where images can be posted and shared such as Facebook, WhatsApp, Twitter, Tumblr, Flickr, YouTube, Instagram, Snapchat etc.
•Grooming
“Grooming” is the way sexual predators get from bad intentions to sexual exploitation. Sometimes it involves flattery, sometimes sympathy and other times offers of gifts, money, transportation, or modeling jobs.
1.3.7 Website hacking
1.3.7.1 Definitions
Hacking
Hacking is a term used to describe actions taken by someone to gain unauthorized access to a computer belonging to other people. It is the process by which cyber criminals gain access to your computer. After entering in that computer, a hacker can find weaknesses (or preexisting bugs) in the security settings and exploit them in order to access available information. He/she can also install a Trojan horse, providing a back door for hackers to enter and search for your information.
1.3.7.2 Website hacking techniques
Most of the information belonging to different individuals or institutions either private or public bring attention of outsiders who may want to break inside. The use of this information differ according to the interest of its users. The owners or administrators of websites should then put in place measures to protect their information and the users. There exist different techniques used by hackers and hence, there are many tools to deal with many kinds of theft and protect the websites.
Rwanda Information Society Authority (RISA) has pledged stronger cooperation with the public in enhancing cyber security for all computers in Rwanda amid an alert over an outbreak of a security attack that has affected over 150 countries. According to a statement, the cyber security attack is known as ransomware and bears different variations like WannaCrypt, WannaCry, WannaCryptor or Wcrya. The broad based ransomware attack has appeared in at least eight Asian nations, a dozen countries in Europe, Turkey and the United Arab Emirates and Argentina and appears to be sweeping around the globe, researchers said. The cyber-attack mostly affects computers that run Microsoft Operating Systems, by automatically encrypting the files and blocking the user’s access to the entire system. Over the last decade Rwanda’s strong growth through ICT promotion has brought untold opportunities and prosperity in the country. And as we globally face this challenge in cyber security, as a country we strongly believe that an integrated strategy to ensure effective regulation to our cyber security is significant at this point.
To mitigate this outbreak, RISA gave a set of actions to ensure lasting national prevention and protection:
1. Users are required to maintain daily backups of critical data including application, databases, mails systems, and user’s files. Backups should be regularly tested for data restoration.
2. All computers should be installed with latest security updates (specifically including MS17-010. Patch)
3. Until the security patch is applied, the Server Message Block v1 (SMB v1) should be disabled on all computers.
4. The LAN perimeter firewall should be configured with a rule to block all incoming SMB traffic on port 445.
5. All computers should be upgraded to Windows 10 to benefit from the latest protection from Microsoft. The Windows Defender Antivirus, which can detect the above malware, should also be enabled on all Windows systems.
6. Ensure your Antivirus signatures are up to date as major vendors are all working to deliver updated signatures to detect/ prevent this.
7. All users are advised not to open any suspicious email especially one that has an attachment, furthermore all users are advised not to download any files that they are not sure of the source.
Comprehensive action to strengthen our information and communication Technology sector countrywide is taken. However, in case of any compromise or attack, RISA advises that the affected computer/PC must be removed from the network and the incident must also be reported to Rwanda Computer Security Incident Response team with immediate effect.
WannaCry exploited a vulnerability in the Windows operating system and was among a large number of hacking tools and other files that a group known as the Shadow Brokers released on the internet. Shadow Brokers said that they obtained it from a secret NSA server.
The identity of Shadow Brokers is unknown though many security experts believe the group that surfaced in 2016 is linked to the Russian government.
1.3.8 Unwanted content
During the use of internet, some webmasters through the usage of cookies and other applications had managed that when someone is navigating in a given website, unwanted webpages are opened. This happens mostly for advertising of other products or services rendered by other institutions or companies that contracted the webmasters. Or, it happens by itself with malicious software.
1.3.9 Pornography and violence
1.3.9.1 Pornography
These are images and video whose focus is on n sex or sexual arousal either directly or indirectly. In that group of videos, many films on pornography are produced and sold all over the world. This kind of films hurts adults, children, couples, families, and society.
Families, Non-Government Organizations and government institutions in charge of education and social welfare need to fight seriously against it malpractice which addict our society and hence affect the whole development.
In Rwanda, the institutional and national ICT policies contain articles prohibiting to watch pornographic film in offices. The selling of these films is also officially banned.
1.3.9.2 Cyber violence
Cyber violence is defined as online behavior that constitutes or leads to assault against the well-being (physical, psychological, emotional) of an individual or group.
What distinguishes cyber violence from traditional off-line forms of violence is that in the former case, some significant portion of the behavior takes place online, although it may even be carried out in offline contexts. There exist four basic types of cyber violence namely online contact leading to off-line abuse, cyber stalking, online harassment, degrading representations.
1.3.10. Hate media and unwanted content
The hate media is a form of violence, which helps to demonize and stigmatize people that belong to different groups of society. This type of media has incited haters among citizens and in some cases influenced most of the genocide that the world has known.
APPLICATION ACTIVITY 1.3 b
1. Which types of computer attacks had happened your school computer lab or in Rwanda or in sub region?
2. How to recognize that a document in a computer is infected by virus?
3. Explain what is social engineering in computer security;
4. Explain the difference between social engineering and Shoulder Surfing techniques;
5. Explain the different types of cybercrimes
1.4 Sources of virus and other attacks
LEARNING ACTIVITIES 1.4
In the school computer lab, when one student inserted a flash disk in one computer, he/she gets a virus detection message and all files are immediately deleted and the flash disk becomes empty
Another student discovers that when he/she opens a document in my MS Word, the content is displayed in unknown characters.
The last students gets a message that looks like the one below:
In groups, discuss what should be the causes for such problems.
Source of viruses
Virus infection in computers can be contacted through different means. Below are the common causes of computer virus attack.
A. Internet
It can not be denied that internet is one of the common sources of virus infection. This fact is not a real surprise and there is no point to stop using internet henceforth. Majority of all computer users are unaware as when viruses attack computer systems. Almost every computer user click/download everything that comes their way and therefore, unknowingly, invites the possibility of virus attacks.
B. Downloadable Programs
One of the possible sources of virus attacks is downloadable programs from the web. Unreliable sources and internet newsgroups are one of the main sources of computer virus attacks. Downloadable files are one of the best possible sources of virus. Any type of executable program including games, freeware, screen savers as well as executable files are one of the major sources of computer virus attacks.
C. Cracked Software
Cracked Software proves to be yet another source of virus attacks. Most people who download cracked and illegal versions of software online are unaware of the reality that they may contain virus sources as well. Such cracked forms of illegal files contain viruses and bugs that are difficult to detect as well as to remove.
D.Email Attachments
Email attachments are one of the other popular sources of computer virus attacks. Hence, you must handle email attachments with extreme care, especially if the email comes from an unknown sender. Installation of a good antivirus is necessary if one desires to eliminate the possibility of virus attacks.
E. Removable media
Removable media such as CDs, USB flash disks,... can be a source of viruses when the files they contain which may have been taken from other electronic devices, have been infected.
F. Bluetooth Transfer
Viruses can be contacted through a transfer of documents via a Bluetooth, once one of the computers is infected with a virus or the document to be transferred is infected.
APPLICATION ACTIVITY 1.4
1. Describe different ways of how internet is a virus source
2. Explain how CD is a source of virus in computer
1.5 Damage caused by Threats
LEARNING ACTIVITIES 1.5
From the previous lessons in this unit, different kinds of threats have been studied with their characteristics and their modes of contamination.
Discuss in groups the possible damages that they could cause in a computer, a school computer laboratory and in any network.
The consequences of the damages may vary according to the specific type of malware and the type of device that is infected plus the nature of the data that is stored on or accessed the device.
Whereas in some cases the results of a malware infection may be invisible to the user, in other cases the damage can have serious consequences.
Damages caused by threats:
For home users
-It can infect a computer if the user clicks on an infected banner or if he/she downloads and opens an attachment from a spam email or if he/she ends up on an infected website
-Harvest user’s data and send it to cyber criminal servers to use it in future attacks
-Destroy user’s data, it happens when the encryption key was not downloaded correctly and won’t work when trying to decrypt your data
-Hide from being detected by antivirus products because of its communication mechanisms
-Enlist your computer in a botnet and use its resources to launch attacks on other victims.
-Performance dropped when the user is not doing anything heavy.
On corporate network
-Web efacements and Semantic Attacks are used to propagate false information by changing the web page content subtly.
-In Domain Name Server (DNS) Attacks, when the user requests for a particular website to the DNS server, then he/she is diverted to an unwanted website because of a wrong Internet Protocol (IP) address generated by the DNS server (DHCP).
-Distributed Denial of Service (DDoS) Attacks involves high volume of communications to the targeted computers. It is the strategy that cyber attackers use to slow down those targeted computers.
-There are compound attacks whereby attackers can combine a number of attacks and make a series out of them which can destroy everything by leaving no possibility of recovery.
APPLICATION ACTIVITY 1.5
1. List and explain damages caused by virus in a computer system
2. List what damages caused by threats for home users
3. Enumerate other damages caused by virus that are not listed above
4. Use an example, explain how virus damage can reduce the production of any institution
1.6 Threats protection and precaution
ACTIVITY 1.6
In the school computer laboratory, to enter in a secured computer with password, someone needs to be given that password. If it has been forgotten, it becomes impossible to work with that computer. In groups, answer to the following questions:
1. What is the importance of login to computer with password?
2. List other security measures that can be used to protect a computer.
3. Explain how data stored in computer can be protected from damage?
As with any business asset, hardware, software, networks, and data resources need to be protected and secured to ensure quality, performance, and beneficial use.
They are four simple ways of protecting a computer:
1. To install antivirus software
2. To install firewall.
3. To install anti-spyware software.
4. To use complex and secure passwords.
Effective security measures can reduce errors, fraud, and losses.
1.6.1 Antivirus
i. Definition
Antivirus software are computer programs that attempt to identify, neutralize or eliminate harmful softwares. The term “antivirus” is used because the earliest lessons were designed to combat a wide range of threats, including worms, trojan and other malware. Antivirus software typically uses three different approaches to accomplish their tasks:
- The first way is to examine file looking like kwon viruses that match virus definition in virus dictionary
-The second way is to try and to recognize unusual behavior from a program which might signify a threat
-The last way is to prevent the execution of all computer codes which has not been identified as truth worthy
ii. Virus detection
An antivirus needs to scan the system in order to detect a security threat such as a virus. There exist 3 possible actions, depending to the user’s choice, when a virus has been found in a file:
• Move to quarantine: the infected file will be moved in protected repertory. It will thus be inaccessible and the code of the virus will not be executed.
• Repair/ Disinfect: the antivirus can also try to repair an infected file, i.e. to remove the code of the virus from the file. This is needed especially for program files.
• Delete: in this case, if the infected file cannot be repaired, there is no other alternative rather than deleting it. It is especially useful when this file is not essential to system, especially if it is not a program file.
After scanning an internal or external storage device, a report is generated in form of an interface. An example is shown below.
iii. Anti-Virus installation
In this case Kaspersky 2017 is going to be used as an example of how to install an antivirus.
Before the installation of Kaspersky 2017 on a computer, the following preparation has to be made:
•Make sure that the software is on external storage device or on another computer is a network;
•Check if the computer meets the requirements of Kaspersky Anti-Virus 2017;
•Make sure no antivirus software of Kaspersky Lab or other vendors is installed on your computer;
•Check if there is any incompatible software, remove it;
•Close all running applications;
Check if it is Kaspersky Anti-Virus 2017 installation under Windows 10, then click on the Desktop tile on the start screen.
Standard Installation:
1. Download the installation file from Kaspersky Lab website and run it. Then, the user follows the instructions given by the system.
2. If the antivirus Kaspersky installation file is saved in another computer of the same network, connect to that computer and run the executive file from it or displace it using a removable storage. The instructions will be followed as in the point above
3. Insert the disc into the CD/DVD drive if it contains the Kaspersky installation file. If the installation does not start automatically, run the installation file manually. Click Install.
4. Read the License Agreement in the window that appear afterward by clicking on the respective link. Accept its terms to install the application. Respond to other windows that may display in halfway during the installation
5. Wait until installation is completed. Make sure the Start Kaspersky Anti-Virus check box is selected, then click Finish.
Updating an antivirus
As mentioned above, new viruses are created every day. But if an antivirus is not aware of the signature of the newly developed virus, it will not know it and this enables the virus to attack the computer. It is important to regularly update the list of signatures of antivirus and if possible every day or at least after 3 days. These signatures are offered by the company which has developed the antivirus used. Signatures of viruses are kept in a database created by the company that created the antivirus. The steps to go through while updating an anti virus software depends on the type of that anti virus.
1.6.2 Anti spyware
Anti-spyware software is a type of program designed to prevent and detect unwanted spyware program installations and to remove those programs if installed. Detection may be either rule based or based on downloaded definition files that identify currently active spyware programs. Notice that most anti-virus software such as AVG contain inbuilt anti spyware software.
There exist many anti spyware software but the most popular are the following: AVG Anti Spyware, CheckFlow Anti Spyware 2005, CounterSpy, NoAdware, Avast and ScanSpyware
1.6.3 Firewall
Computers connected to communication networks, such as the internet, are particularly vulnerable to electronic attack because so many people have access to them. These computers can be protected by using firewall computers or firewall software placed between the networked computers and the network. The firewall examines, filters, and reports on all information passing through the network to ensure its appropriateness.
1.6.4 Parental Control
(Family Safety for any user)
The Parental Controls feature is a valuable tool for controlling the amount of time the children spend on the computer and the programs they’re using. Parental controls can filter the web, blocking inadvertent access to inappropriate websites.
1.6.5 Access control
Access control is a security technique that can be used to regulate who or what can view or use resources in a computing environment.
The access control model used by some operating systems ensures authorized use of its objects by security principles. Security principles include users and groups. Security principles perform actions on objects, which include files, folders, printers, registry keys and Active Directory.
Username and Password
The user can protect the access to the operating system. The administrator defines the passwords of users who are allowed to use the computer. If users do not enter the valid credentials (Username and Password), access will be denied.
•New account and password creation
1. From your current account, go to Settings > Accounts > Other People.
1. Click Add someone else to this PC.
2. That dialog box wants you to enter the email address associated with a Microsoft account. Ignore that box and instead click I don’t have this person’s sign-in information.
3. The previous option opens a new dialog box that encourages you to create a new Microsoft account, which is not your goal. Ignore the fields at the top of this dialog box and instead click Add a user without a Microsoft account.
4. Now create that local user account, entering a short descriptive user name, a password you’ll be able to remember, and a password hint (which is mandatory).
1.6.6 Identification
Identification occurs when a user (or any subject) claims or professes an identity. This can be accomplished with a username, a process ID, a smart card, or anything else that can uniquely identify a subject. Security systems use this identity when determining if a subject can access an object.
In computer security, general access control includes authentication and authorization. Authentication and access control are often combined into a single operation, so that access is approved based on successful authentication, or based on an anonymous access token. Authentication methods and tokens include passwords, biometric scans, physical keys, electronic keys and devices.
*Authentication
Authentication is a process in which the credentials provided are compared to those on file in a database of authorized users’ information on a local operating system or within an authentication server. If the credentials match, the process is completed and the user is granted authorization for access. The permissions and folders returned define both the environment the user sees and the way he can interact with it, including hours of access and other rights such as the amount of allocated storage space.
Therefore, Authentication verifies the identity and authentication enables authorization
*Authorization
Authorization is the process of giving someone permission to do or have something. In multi-user computer systems, a system administrator defines for the system which users are allowed access to the system and what privileges of use (such as access to which file directories, hours of access, amount of allocated storage space, and so forth).
1.6.7 Biometric authentication
Biometric authentication is a security process that relies on the unique biological characteristics of an individual to verify that he/she is who is says he/she is. Typically, biometric authentication is used to manage access to physical and digital resources such as buildings, rooms and computing devices.
Types of biometric authentication technologies:
Retina scans produce an image of the blood vessel pattern in the light-sensitive surface lining the individual’s inner eye.
Iris recognition is used to identify individuals based on unique patterns within the ring-shaped region surrounding the pupil of the eye.
Finger scanning, the digital version of the ink-and-paper fingerprinting process, and works with details in the pattern of raised areas and branches in a human finger image.
Finger vein ID is based on the unique vascular pattern in an individual’s finger.
Facial recognition systems work with numeric codes called face prints, which identify 80 nodal points on a human face.
Voice identification systems rely on characteristics created by the shape of the speaker’s mouth and throat, rather than more variable conditions
1.6.8 Encryption and Decryption
Definition of Key Terms
Cryptography means “secret writing.” However, the term is used to refer to the science and art of transforming messages to make them secure and immune to attacks.
Encryption is the process of encoding a message or information in such a way that only authorized parties can access it. Encryption does not of itself prevent intervention, but denies the intelligible content to a would-be interceptor.
To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text; encrypted data is referred to as cipher text.
Decryption is the process of taking encoded or encrypted text or other data and converting it back into text that you or the computer can read and understand. This term could be used to describe a method of un encrypting the data manually or with un encrypting the data using the proper codes or keys. It is reversing encryption process
Cryptosystem: A combination of encryption and decryption methods
Cleartext or Plaintext: The original message, before being transformed, is called plaintext. After the message is transformed, it is called ciphertext. An encryption algorithm transforms the plaintext into ciphertext; a decryption algorithm transforms the ciphertext back into plaintext.
1.6.9 Data Backup and recovery point
a. Data backup
Just as the system restore points allow the restoration of operating system configuration files, backup tools allow the recovery of data. The user can use the Microsoft backup tool to perform backups as required.
Storing backup copies of data and having backup computer capabilities are important basic safeguards because the data can then be restored if it was altered or destroyed by a computer crime or accident. Here are some considerations for data backups:
•Computer data should be backed up frequently
•Should be stored nearby in secure locations.
•Transporting sensitive data to storage locations should also be done securely.
By using MS windows 10, the backup is done in this way:
1. Open control panel.
2. Click on system and security.
3. Click on backup and restore (windows 7).
5. Under “where do you want to save the backup?” choose location.
6. Using the “on a hard disk” drop-down menu, select the storage to save the backup and click on start back up button
b. Recovery point
i. Fix problems with system restore
Microsoft Windows Operating System helps to recover from problems that might stop it from working properly, but there may come a time when it needs some manual intervention. Microsoft’s latest operating system has a similar set of recovery tools as easier versions for this, but not all work in the way you would expect and there are some new options at your disposal, too.
ii. System restore on windows 10
As with earlier versions of windows, system restore allows to ‘rewind’ windows installation to an earlier working state, without affecting the documents inside the computer. This is possible because windows automatically saves restore points when something significant happens, such as installing a windows update or a new application the idea being that if it goes wrong, the last restore point (or an even earlier one) can be returned back and get things performing as they were previously. The problem is that system restore is disabled by default in windows 10 and should therefore be enabled before benefiting from its features. Here is how to enable it:
•Open system restore
Search for system restore in the windows Operating System search box and select create a restore point from the list of results. When the system properties dialog box appears, click the system protection tab and then click the configure button. The following interface is coming from Microsoft Windows 10 Operating System.
•Enable system restore
Click to enable turn on system protection and then use the max usage slider to determine how much of your hard drive to use to store restore points — 5% to 10% is usually sufficient — and click OK. If you ever need to create a restore point manually, return to this dialog box and click the Create button, otherwise Microsoft windows 10 will create them automatically.
•Restore your PC
Whenever you want to return to a restore point, open the system properties dialog box again (see step 1), click the system protection tab and then click the System restore button. Follow the on-screen instructions and select the desired restore point when prompted. You can also click the scan for affected programs button before going any further, to see what might change on your PC afterwards. When you’re happy to proceed, click next.
a. If system restore doesn’t work event
Some serious windows problems can prevent you from rewinding to a restore point with system restore, but all is not lost. All you need to do is start windows 10 in safe mode. This bare bones windows mode only runs the essential parts of windows, which means any problematic apps, drivers or settings will be disabled. System restore will then usually be successful.
1. Open advanced start-up
Go to start > settings > update & security > recovery and click restart now below advanced start-up.
2. Start system restore in safe mode
Windows will then restart and display a choose an option menu. Select troubleshoot > advanced options > system restore and use system restore in the usual way.
b. Recovering from more serious problems
System restore won’t always rescue your PC from very serious problems, but windows 10 still has extra trick up its sleeve. It can restore windows to a factory fresh state without affecting your documents, although everything else (including apps) are removed. Even so, you should make sure you have a back up of your important files before using this option, just in case.
1. Open reset this PC
Go to start > settings > update & security > recovery and click get started below reset this PC.
2. Reset windows 10, but save your files
On the next screen, click keep my files and follow the on-screen instructions to reset windows 10. You’ll see a list of apps that will be removed and be asked to confirm your choice before going any further.
3. Reset this PC from safe mode
As with system restore, serious windows 10 problems can prevent reset this PC from working, but you can also run it from safe mode to bypass this. Follow step 1 under if system restore won’t work above, but instead choose troubleshoot > reset this PC > keep my files under step 2.
APPLICATION ACTIVITY 1.6
1. By using clear example, compare access control and parental control
2. In a bank, any customer can create and use an identity (e.g., a user name and password) to log into that bank's online service but the bank's policy must ensure that the user can only access to his/her individual ac-count online once his/her identity is verified.a. Identify which type of security is used in this bank?b. Why is it important?
3. What is the purpose of creating different computer users?
4. After anti-virus installation, where do you place the unusable CD and CD box?
5. At your school, the anti-virus used or installed in computers it was for haw many users?
Suppose that, the anti-virus keys are stolen by someone else to use it on network. What can be the consequences for that anti-virus users in that school? How the computer users can avoid that illegal action?
6. In the computer lab, configure the firewall
END UNITY ASSESSMENT
Part 1. Written
1. What is computer security? What is the purpose of computer security?
2. With an example, explain how you can protect a computer from physical threats?
3. Use three characters in an information exchange scenario; we use computers called Mulisa, Ndoli, and Kamana. Mulisa is the person who needs to send secure data.Ndoli is the recipient of the data. Kamana is the person who somehow disturbs the communication between Mulisa and Ndoli by intercepting messages to uncover the data or by sending her own disguised messages.
a. In the scenario, identify to whom belong clear text, plain text and ciphertext
b. Differentiate cipher tex to plaintext
4. Explain the difference between finger scanning and finger vein ID
5. By using example, explain access control in authorization
6. Which type of attack that enable a computer user to access his/her e-mail address?
7. What do you understand by social engineering technique? Give examples
8. It is heard that some web site become hacked by unknown people. Which strategies can be used to avoid young Rwandan programmers to engage in that action?
9. Using an arrow match the following in Group A with their corresponding in B
Part 2 Practice
In school computer lab, every student takes a computer and do the following activities:
1. With one external hard disk, make a backup of the local disk drive C
2. Update the anti-virus found on the computers
3. Add a new user on the computer