Security, Copyright

and the Law

Contents
• Computer Security
• Computer Virus
• Antivirus Software
• Data Security
• Security Threats
• Data Protection
• Privacy Issue
• Copyright
• Password
• Backup of Data
Computer Security
Q.1 What is computer security? How it is maintained on a computer?
 Computer Security
• Computer Security  Protecting a computer system and data stored in it from being
damaged or accessed by unauthorized persons
• Different methods or techniques to ensure the security of computer system
• What you have (Physical Access)?
• Unauthorized access  protected by  providing a key, token, or plastic card to authorized
• Authorized user use any of these  to gain access to server room or a building
• What you know (User ID & Password)?
• Authorized users  User-IDs & Passwords
• Must be entered to get access to system
• Only those users who know user-ID & password  access
• What you do (Confirmation of authorized user)?
• Authorized users  asked to enter signature to confirm
• What you are (Authorization through the human body)?
• Biometrics approach
Computer Virus
Q.2 What is a computer virus? How can it affect the computer?
• Causes of Viruses
• Activation of a Virus
• Types of Viruses
• Safeguarding against Viruses
 Computer Virus
• Computer virus  small computer program that affect computer system
• Damage or destroy valuable data stored in computer system
• Load into user’s computer (primary or secondary memory) without his/her knowledge
• Replicate itself  make many copies in memory or on disk
• Code for computer virus  written in programming language
• Code attached to program file
• Infected File  File containing a virus
• When infected file copied to a disk
• virus also copied & attaches to other files on disk
• Infected Disk  disk that contains virus/viruses
• Problems created by viruses
• Damage software like operating system
• Damage or corrupt important data files stored on computer
• Destroy all data stored in hard disk by formatting it
• Change boot sector' of hard disk. (If boot sector affected, computer cannot boot)
• Slow down speed of computer system
• Make resources unavailable to users
 Causes of Viruses
(i) E-Mail
• Viruses spread through e-mail messages
• Email  infected file attachment
• User opens infected email attachment
• Virus may infect computer
• Virus transferred to other computers  when email sent from infected computer
(ii) Networks
• Major source of virus  computer network (i.e. Internet)
• If computer infected by virus  infect other computers in network also
• Example
• when users access infected computer in network  then viruses transferred or copied
• when user downloads infected file  virus transferred also
• Infect files stored on computer
 Causes of Viruses
(iii) Removable Storage Media
• Removable storage media (such as USB flash drives and CDs)
• used for transferring files
• In flash drive  infected files
• When user copies infected files  viruses also transferred/copied
(iv) Pirated Software
• ‘pirated’  ‘copied illegally’
• Pirated software  software which is installed and used illegally (or without
a license)
• Major source of spreading viruses
• Software companies intentionally attach viruses with software
• When software installed illegally  viruses activated & damage computers
 Activation of a Virus
• Activation of virus  When virus performs its actions
• Different computer viruses  activated in different ways
• Example: Some viruses activation  on certain date
• Virus  Part of application programs or OS
• Application program run
• Checks system date
• If system date matches with activation date  virus activated
 Types of Viruses
(i) Boot Sector Virus
• Disk divided into  logical tracks
• Each track further divided into  sectors
• Data stored in sectors
• OS on disk  special program in its first sector boot sector
• When computer turned on  boot sector program automatically loaded into memory
• This program  loads OS into memory
• Boot sector virus  modifies program in boot sector
• Once boot sector infected  boot sector virus loaded into memory whenever computer turned on
• Attached with executable files i.e. .exe, .com & .dll files
• Files used by user  attached virus activated
• Infects other files, performs destructive activities, destroys data files
(ii) Chernobal Virus
• Chernobal  Microsoft Windows virus
• Most harmful virus
• Deletes all Microsoft Office files and other data
• Also deletes partition information from disk & corrupts system’s BIOS (Basic Input/Output System)
 Types of Viruses
(iii) Logic Bomb
• Activated  when specified conditions met
• Example:
• activated on specific date & time
• activated when special files not found
• When virus activated  important data deleted or corrupted
• Mostly attached with pirated software
• Often called Time Bomb
(iv) Trojan Horse
• Attached to some programs or other files
• Trojan virus activated  When infected programs executed (or opened)
• Affect performance of computer
• Damage data stored on hard disk
• Example of Trojan horse: FormatC
• Allows unauthorized access to a computer system
• Allow hacker to access remote computer
 Types of Viruses
(v) Redlof
• Redlof virus  polymorphic virus
• Polymorphic  "change nature with passage of time“
• Virus changes its nature with the passage of time
• Difficult to catch with antivirus program
• Written in Visual Basic Script
• Depends on Microsoft ActiveX Component to execute itself
• Execution of Virus  locates "Folder.htt" file & infects
• "Folder.htt" file  part of Windows Active Desktop feature
Some other Viruses
• viruses  detect some special information & send to other
• Information  like passwords, or any sensitive data
• Example  Virus program read password, Pin Code, or credit card number, then send to another user
• Viruses  make resources unavailable to users
• Example: virus after copying itself on all computers  affect communication activity on network
 Safeguarding against Viruses
• Always use antivirus programs with latest versions
• to detect & remove viruses
• Minimize data transfer between computers through removable storage media
• Removable storage media  USB flash drive
• Scan for viruses removable storage media
• Never open Junk or unknown e-mails
• Should not install pirated software
• Always use licensed software
• Freeware and shareware software downloaded from Internet  contain
viruses
• Scan with latest antivirus program before using them
• Always keep backup of data
• Backup of data  used if virus deletes data or modifies it
Antivirus Software
Q.6 What is antivirus software? Give some examples of antiviruses
 Antivirus Software
• Antivirus software  Software that used to detect and remove viruses from computer
• Prevents viruses from entering computer
• Available antivirus programs
• contain a list of known viruses
• contain methods for removing viruses from infected files or disks
• No single antivirus software  can remove all viruses
• Many new viruses are developing and spreading through Internet
• Latest antivirus software must be installed on computer to save computer from new
viruses
• Upgrade antivirus software and scan computer system regularly
• Examples of famous antivirus programs
• Norton antivirus
• McAfee
• Kaspersky
• AVG
Data Security
Q.7 What is data security? Describe its importance.
 Data Security
• Data Security  Protection of data
• Important data of organization  can be lost, deleted, or destroyed accidentally or intentionally
• Data is more valuable  than computer hardware & software
• Failure of hardware  replace hardware
• Software loss  re-install software
• Data loss  difficult to recover in time
• To ensure data security  Necessary arrangements must be taken
• Organization is responsible for data security
• Online services provided by organization to their customers/users
• A credit card company put data of its customers online
• A bank providing online services
• University provide facility of viewing results online, online exams (GRE, GUAT, etc.)
Importance of Data Security
• If some unauthorized user ("intruder") gains access to data of organization
• organization may suffer serious problems
• Examples:
• Unauthorized user may use credit card number of another user for shopping
• Unauthorized user may delete important data of a business or an organization
 Security Violation
• Someone may enter computer room
• Take away all storage devices on which sensitive data is stored
• Unauthorized user may take access to personal data of someone
• Gain advantages
• Example: gets access to credit card number and Pin Code,
• then use it for online shopping
• Unauthorized user may use an online mail server
• Online mail server  "mail.yahoo.com“
• May view e-mail messages of other users
• Someone can send a virus program onto a network
• Virus  slow down network
• may corrupt important data
• Unauthorized access to bank accounts
• Transfer a large amount of money from other accounts to his account
• A person may make a computer so busy by sending many requests
• Computer may become unavailable to authorized users
Security Threats
Q.9 What is meant by security threats? Discuss different threats to data security.
What are the solutions to these threats?
 Security Threats
• Threat  computer program, a person, or an event that violates (or breaks) the security
system
• Causes loss of data & attacks data privacy
• Different threats to data security
(1) Unintentional Threat
• Unintentional  "by mistake or by chance“
• Authorized user  may delete sensitive data by mistake or accidentally
• Data may be corrupted or deleted due to:
• technical failure of hardware
• sudden breakdown of electric supply
• failure of some program running on the computer
• viruses etc.
• Solutions
• Backup  Regular Backup of data
• Can be used to recover the deleted data
• Antivirus  Latest antivirus software
 Security Threats
(2) Intentional Threat
• Intentional  planned or with a purpose
• Unauthorized (or authorized) user  may delete sensitive data intentionally
• User  angry employee of an organization or any other unauthorized person
• Usually, hackers
• person who is technically a computer expert
• breaks security for deleting or modifying data
• Gets access to data through computer network  using computer software, tools, or other techniques
• Solutions
• Users Rights  Assigned proper rights to minimize intentional security threats
• Only authorized users  allowed to delete or modify data (step-by-step process)
• Password Password must be used for accessing any resource
• Log file  maintained to keep track of all activities performed on data or files
• Authorized users should change their passwords periodically
• Password should not be very short
• Common word should not be used as a password
• Encryption  Process of encoding data in such a way that only an authorized person can understand & use it
• Conversion of readable data into an unreadable format
• Sensitive data encoded  before storage or transmission over a network
• If anyone (unauthorized person) gets access to data, he may not be able to understand it
• Lock Computers and all backing storage devices should be placed in locked rooms
Data Protection
Q.10 What is meant by data protection?
 Data Protection
• Data Protection  Process of hiding personal data from unauthorized persons or
organizations
• Almost all departments and organizations collect and maintain their data on computers
• Police department  maintains records of different people
• Bank  maintains records of financial dealings
• Hospital  maintains data about disease history of different patients etc.
• Owner of personal data  person to whom it belongs
• Personal data  can be used only for purpose for which it was obtained
• Use of this data for any other purpose  against person privacy
• Example:
• Hospital  provide personal data of one or more patients to medical researchers
• Use data for research purposes or to make some other decisions
• If hospital management distributes personal data of particular patient somewhere else
• then this may disturb patient (e.g. in the case when the patient has some mental disorder or has a bad
history)
• Data protection rules  do not allow anyone (or organization) to misuse personal data of any
Privacy Issue
Q.11 What is the privacy issue? How is data privacy ensured?
 Privacy Issue
• Privacy issue  any person (an individual) has the right to see data collected
about him
• Submit an application to view personal data
• A person also has right to stop processing of his data by the organization
• No worker of organization is allowed  to disclose or use data
• If data is used without person’s permission  crime committed
• Data protection act  tries to minimize misuse of personal information
• Organization  collect necessary data
Ensuring Data Privacy
• Organization is responsible for keeping data updated
• Organization should keep data for specified period of time only
• Not keep data longer than the necessary time period
• Organization is responsible for all kinds of security of data
Copyright
Q.14 What is meant by Copyright? Briefly discuss software copyright and
copyright act.
 Copyright
• Copyright  branch of law
• Protects creative work from illegal use
• Ensure that copyrighted materials cannot be used without getting permission from
the creators
• Violation of copyright  piracy
• Categories of works that copyright protects
• software, books (or any other written material), pictures, videos or music, and many other
products etc.
Software Copyright
• Right to use software on the computer
• Software remains property of company that designed it
• Only gives a license for use of software to those who purchase it
• When commercial software purchased, pay for a license to use the software
Password
Q.15 What is password? Give some examples of using password
 Password
• Password  secret code
• consists of alphabets, digits, or a combination of both
• Protect a computer system, software, or other resources from unauthorized access
• Only persons who know password can use computer system or software
• Points about a password
• At least eight characters long
• Contain uppercase letters, lowercase letters, numbers, and different symbols
• Should be difficult to guess or crack
• Should not be a commonly used word
• Should not contain your name, your kid's name, or your company name
• Should be changed at least once a month
• New password  different from previously used passwords
• Examples
• Password setting  computer, login
• E-mail account protected with a password
Backup of Data
Q.16 What is backup of data? Why we use it? Discuss different types of backup.
 Backup of Data
• Backup of Data  Duplicate copy of data taken on secondary storage
• Regular backup
• Data lost, deleted, or corrupted due to any reason
• Backup of data  recover deleted data or corrupted data
• Storage media for backup of data  CD-ROM, USB drive, magnetic tape, etc.
Reasons for using Backup
• Storage device  hard disk, reliable storage device
• Develop problems due to voltage fluctuations or other reasons
• If hard disk damaged  all data lost, cannot retrieved
• Retrieve from data backup
• Computer stolen or fire may damage it
• In these circumstances  backup of data is used
• Accidentally delete file
• Overwrite a part or whole of an existing file
 Types of Backup
1. Complete Backup
• Backup of all data stored on the hard disk
+Copy of the entire hard disk is created
• Entire data can be restored  if damaged
- Takes more time to create a backup of the entire hard disk
2. Incremental Backup
• Backup of only new files and those files that are changed since the last
backup
• Backup software  Process performed automatically by using some software
• Backup of entire hard disk is not created
• Takes less time than complete backup