s5 cit l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
S5 CIT PowerPoint Presentation
Download Presentation
S5 CIT

Loading in 2 Seconds...

play fullscreen
1 / 43

S5 CIT - PowerPoint PPT Presentation


  • 304 Views
  • Uploaded on

S5 CIT Internet Security Computer Virus (Malicious Software) Attack E-mail viruses moves around in e-mail messages, usually replicates itself by automatically mailing itself to dozens of people in the victim’s e-mail address book. Computer Virus (Malicious Software) Attack Worms

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'S5 CIT' - HarrisCezar


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
s5 cit

S5 CIT

Internet Security

computer virus malicious software attack
Computer Virus (Malicious Software)Attack
  • E-mail viruses
    • moves around in e-mail messages,
    • usually replicates itself by automatically mailing itself to dozens of people in the victim’s e-mail address book.
computer virus malicious software attack4
Computer Virus (Malicious Software)Attack
  • Worms
    • a small piece of software that uses computer networks and security holes to replicate itself
    • A copy of the worm scans the network for another machine that has a specific security hole.
    • It copies itself to the new machine using the security hole, and then starts replicating from there, as well.
computer virus malicious software attack6
Computer Virus (Malicious Software)Attack
  • Trojan Horses
    • simply a computer program
    • claims to do one thing, for example it may claim to be a game program
    • Instead it may allow hackers to view or steal files inside your computer
    • Trojan horses cannot replicate automatically.
unauthorized access hacking and cracking
Unauthorized Access(Hacking and Cracking)
  • Breaking into computer networks
  • Defacing or damaging websites
unauthorized access hacking and cracking9
Unauthorized Access(Hacking and Cracking)
  • DoS (Denial of Service) attack on a website or network
unauthorized access hacking and cracking10
Unauthorized Access(Hacking and Cracking)
  • stealing valuable information such as password and credit card data
privacy infringement and identification problem
Privacy Infringement and Identification problem
  • Privacy
    • You want your message to be read only by the intended receipt but not someone else.
  • Identification
    • You want to confirm that the sender or the receipt is really the person or organization.
    • You want the person or organization to prove themselves with a recognized identity.
avoid computer virus attack
Avoid Computer Virus Attack
  • Do not accept files from high-risk sources such as
    • floppy disk from unknown people
    • pirated CDs
    • files downloaded from unknown sites
    • e-mail attachment from unknown people or with strange title.
    • Never run executable file (eg: .exe, .com) from e-mail attachment
avoid computer virus attack13
Avoid Computer Virus Attack
  • If the suspected file must be used, install an anti-virus program to check the file is safe.
  • Update the virus definition table regularly
  • Scan for computer virus regularly. You may schedule the scanning process each week.
  • Use the function of virus shielding to check each file for virus when executed.
avoid computer virus attack16
Avoid Computer Virus Attack
  • Set the BIOS so that your computer does not boot from a floppy disk or CD-ROM drive
prevent unauthorized access
Prevent Unauthorized Access
  • User ID and Password
    • User ID and Password should be kept secret.
    • Password should be
      • difficult to guess
      • consist of numbers and alphabet (Both upper and lower case letters)
      • never use word from a dictionary or birthday to be a password.
prevent unauthorized access18
Prevent Unauthorized Access
  • Never enable “Auto Complete” function in public computer when you are logging in a system
prevent unauthorized access19
Prevent Unauthorized Access
  • Remember to log off the system before you leave.
  • Password should be changed regularly.
prevent unauthorized access20
Prevent Unauthorized Access
  • Authentication Device
    • Magnetic card
    • Smart card
prevent unauthorized access21
Prevent Unauthorized Access
  • Biometric authentication device like eye, fingerprint, face and voice recognition
prevent unauthorized access22
Prevent Unauthorized Access
  • Firewall
    • can be implemented in software and hardware
    • located at a network gateway that protects the resources of a private network from users from other networks
    • checks the incoming and outgoing data of the computer to ensure there is no unauthorized access
prevent unauthorized access23
Prevent Unauthorized Access
  • record all the transmission in and out of the network and alert the network administrator if there is any intrusion (入侵)
prevent unauthorized access24
Prevent Unauthorized Access
  • a school firewall can be set like this:
    • Allow traffic from the HTTP protocol, ie: port 80
    • Allow remote access through the FTP protocol, ie: port 20 and 21
    • Deny users access the web site “http://hk.games.yahoo.com/”
    • Deny all others transmission
prevent unauthorized access25
Prevent Unauthorized Access

How to we strike a balance

between security and convenience

when setting up firewall?

tackling privacy infringement and identification problem
Tackling Privacy Infringement and Identification Problem
  • Encryption (加密)
    • the conversion of readable data into a form of unreadable characters to prevent unauthorized people accessing the data.
tackling privacy infringement and identification problem27
Tackling Privacy Infringement and Identification Problem
  • A key is needed during the encryption process.
  • Using a key, the encrypted data can be decrypted (解密) back into its original form.
tackling privacy infringement and identification problem28
Tackling Privacy Infringement and Identification Problem
  • Encryption
    • ensures Confidentially (機密性) as it can make sure the message is not leaked out during the transmission of data.
    • ensures Data Integrity (完整性) as it can make sure the message is not altered during the transmission of data.
tackling privacy infringement and identification problem29
Tackling Privacy Infringement and Identification Problem
  • PKI (Public Key Infrastructure)
  • Data locked by the Public Key 

unlocked by the corresponding Private Key

tackling privacy infringement and identification problem30
Tackling Privacy Infringement and Identification Problem
  • Data locked by Private Key 

unlocked by the corresponding Public Key

tackling privacy infringement and identification problem31
Tackling Privacy Infringement and Identification Problem
  • Everybody can get the Public Key from the web site of a specific company, while the private key should be kept secretly.
tackling privacy infringement and identification problem32
Tackling Privacy Infringement and Identification Problem
  • Digital Certificate
    • a digital document that includes the name, the public key and expiry date of a person or organization
    • issued by a Certificate Authority like The Hong Kong Post
    • identifies a person or organization on the Internet and ensure Authentication (身份鑑定).
tackling privacy infringement and identification problem33
Tackling Privacy Infringement and Identification Problem
  • Digital Signature
    • A digitally signed document carries a digital certificate and is partially encrypted using a private key
    • This partially encrypted part is called digital signature.
tackling privacy infringement and identification problem34
Tackling Privacy Infringement and Identification Problem
  • Digital Signature ensures Non-repudiation

(不能否定性)

    • ie: both the sender and the receiver cannot deny an transaction if both of them use digital signature.
  • Eg: When A want to send a document to B:
    • A sign the document by his private key
    • Document is sent to B with A’ digital certificate
    • B opens the document using A’s public key
  • As Only A have A’s private key
  • So B can verify that the document is sent from A.
tackling privacy infringement and identification problem35
Tackling Privacy Infringement and Identification Problem
  • Everybody can apply for a digital certificate.
  • One will get a private key (a 16-digit password) and software to install your digital certificate into your computer.
  • To further increase the security, the user can insert the Smart-ID card into the computer for verification of the identification.
tackling privacy infringement and identification problem37
Tackling Privacy Infringement and Identification Problem
  • Secure Socket Layer (SSL)
    • a protocol that provides secure data transmission via the Internet.
    • A web site that provides SSL must have a digital certificate,
    • and the user must use an Internet browser which supports SSL, like Internet Explorer.
tackling privacy infringement and identification problem38
Tackling Privacy Infringement and Identification Problem
  • The customer can send their personal information to the website as SSL ensure the web site is genuine and the transmission is secure as it is encrypted
  • Web sites that uses SSL will begin the URL by “https://”,eg: https://www.ebank.hsbc.com.hk/
backup and recovery
Backup and Recovery
  • computer disaster like fire or failure of hardware may caused data loss, to protect our data,
    • regular backup should be done to ensure a computer system
    • data can be recovered after a computer disaster.
    • if data is lost, the backup copy is used to resume the operation of the computer system. This process is called Recovery.
    • Hardware used: CD-R, DVD-R, Magnetic Tape, MO
backup and recovery41
Backup and Recovery
  • Recovery can also be done without a backup
    • By software
      • Data Recovery Software
    • By hardware
      • Directly read the data from the disk inside the hard disk