Computer f1 Internet
Computer f1 Internet
Computer f1 Internet
Chapter outline
5.1 Introduction.
5.2 Definition of the internet.
5.3 Development of the internet.
5.4 Importance of the internet.
5.5 Internet connectivity requirement.
5.6 Internet services.
5.7 Accessing the internet.
5.8 Electronic mail.
5.9 Accessing information on emerging issues.
Introduction
Computers can be connected together using data transmission media like cables, to
communicate with one another. Communication in this case will be in the form of
exchange of data and information. Such interconnection of computers to achieve message
transfer is called networking. This is because the computers are linked to form a net.
In most cases computer networks are unique to an organization. For example the
computers in your computer laboratory may be networked. Such a network is local in
nature hence it is usually called a local area network (LAN).
Because of the flexibility of Internet technology, many organizations are creating their
own private networks using the technology of the Internet. In this book we shall refer to
the Internet (with capital letter I) as the information superhighway and the internet (with
lower case letter (i) to refer to smaller networks.
5.3
By 1981, many people had seen the importance of computer networking and the Internet.
ARPAnet formed the backbone on which many organizations started connecting to, hence
expanding it. The American military also became a big user of the Internet because they
could communicate and tap into the resources available on the net. Next, the American
Government decided to access the Internet for commercial purposes hence greatly
increasing the traffic. By this time, for every twenty days, a new host computer was
connected to the net.
By 1987, the Internet boasted of 10 000 host computers. However, its access was largely
limited to the United States of America and some nations in Europe. As the importance of
the Internet grew, businesses spent billions of dollars to improve it in order to offer better
services to their clients. Fierce competition arose among software and hardware
manufacturers as they came up with new technology to meet internetworking needs. The
result was a great increase in message transmission capacity (bandwidth) and it became
cheaper to work with the Internet.
By 1994, 3 million computers were connected to the Internet. Today, the Internet has
grown and covered the whole world. Governments, private organizations and individuals
are using the Internet in all spheres of daily life to send messages and conduct business.
Importance of Internet
The Internet is an extensive system of interlinked yet independent networks. It has
evolved from a specialised communication network previously only used for military and
academic purposes to a public network that is changing the way people carry out their
daily activities.
The Internet is playing a very important role in all aspects of life, leading to the
emergence of an elite society called the information society. The Internet's importance
can be between through its contribution to research, news and information dissemination,
leisure and communication, a place to do business and many other profitable activities.
Telecommunication facilities
The Internet heavily relies on telecommunication facilities like the telephone lines,
telephone exchange stations and satellite transmission in order to cover the whole wide
world. Indeed, without these facilities, the Internet is as good as dead.
Therefore, a computer is connected to the external world through a telephone line and has
to dial a remote computer on the net to establish a connection for data transfer. Dial-up
connections, however, are quickly being replaced by dedicated digital data transmission
telephone lines called dedicated digital leased lines. A leased line connection ensures
constant and quick connection to the Internet unlike the dial-up that you need to dial
every time you need to access the Internet.
For transfer to the destination computer. Figure 5.1 shows a simple logical illustration of
the Internet.
Modems
A computer needs a special digital to analog and vice versa interface card called a modem
that enables it to send and receive data on telephone lines. Remember that voice
transmission on telephone lines is analog in nature while computers work with digital
data. However, digital telephone lines make it possible for computers to transmit and
receive digital data without a modem.
The word modem is short form for modulator - demodulator. During modulation, the data
to be transmitted is changed from digital to analog so that it can be transmitted on the
telephone lines. At the receiving end, the data is changed from analog to digital for the
computer to understand it through a process called demodulation.
In most cases a modem is bought separately and plugged in one of the expansion slots on
the motherboard. Some modems are external hence the computer may be connected to
them through a network interface card. Most computers today come with an internal
modem permanently fixed on the motherboard called an onboard modem.
For the Internet, the most common protocol is the Transmission control
Protocol (TCP) and Internet protocol (IP). As its name suggests, TCP governs how data
is transferred from one place to the next, while IP determines the addressing system on
the Internet. For example, each network and computer on the Internet is recognised by a
special number called the IP address that enables data to be sent and received by it. These
two are combined to form the TCP/IP protocol suite that is needed by any computer that
needs to be connected to the Internet.
Internet services
The Internet has become very popular in today's world because of the diverse but very
important services that it offers to people. It is "seductive" i.e. once a person connects to
it they find themselves falling in love with its power to provide information and services.
The temptation is to continue using the Internet again and again.
To enable easier access to information and data on the Internet, a standard method of
preparing documents to be put on the Internet was developed. This method uses a special
language such as hypertext markup language (HTML) to prepare documents called web
pages that are attractive and can be accessed on the Internet. HTML can be combined
with other web page production tools to achieve wonderful websites. Individuals and
organizations establish sites where their web documents can be placed
2for easy access by the external world. Such sites are called websites and each has a
special address called a uniform resource locator (URL) that can be used to access them.
For example, one common URL address is:
http://www.yahoo.com
The first part (http) stands for hypertext transfer protocol which is a protocol that
transfers hypertext. www is the name of the Internet server (web server) on which the
webpage resides. yahoo.com is usually called the domain name of the local area network.
It uniquely identifies a particular local area network. On the Internet, two networks may
have the same web server name but never the same domain.
One advantage of e-commerce is that a company can access customers all over the world
and is not limited by space and time. Hence, small companies that establish websites to
auction their goods and services not only reduce operating costs but increase their sales.
For example, most vehicle importers buy vehicles directly from international dealers by
accessing their websites and placing orders.
However, the major challenges that face e-commerce are that people deal with each other
without ever meeting physically and there is lack of proper laws to govern such business.
Internet fax
The Internet provides you with complete fax facilities from your computer. You can
configure fax settings, send and receive faxes, track and monitor fax activity, and access
archived faxes. Using fax, you can choose to send and receive faxes with a local fax
device attached to your computer, or with a remote fax device connected to fax resources
located on a network.
Therefore before accessing the Internet, a person must start the browser software. This
book will use Internet Explorer for demonstration,
1. The back button returns the browser to the immediate former webpage.
2. The next button moves the browser to the next web page in case a person had clicked
the back button.
3. The stop button tells the browser to stop searching/loading a website.
4. The refresh button tells the browser to try accessing a web site address again after
failure
5. The search button enables a person to search for words on the website.
6. Clicking the favorites button displays all web addresses in the’ favorites" folder.
7. The history button displays the website addresses that were visited in the recent past.
8. The mail button enables a person to view and send mail and WebPages to links.
9. The print button enables a person to print the web pages.
10. The Go button tells the browser to load the current web page whose address is in the
address bar.
11. The address bar allows the user to type the address of a website to be accessed.
12. The home button moves the user to the first page of the website.
Log in/sign in
To access a website, type the full address of the website in the address bar then press the
Enter key on the keyboard. If the Internet connection is working properly, the browser
will start connecting to the requested web site or URL. Notice that the status bar will be
reading something like "connecting to site www.yahoo.com "
Some web sites allow free access to all their pages by all visitors. However, others
require people to be members hence a new visitor has to register (sign up) by filling some
on-line forms. The registration process gives the visitor a user name and password that
can be used to sign in or log on the website for each successive visit. This is very
common for e-mail account providers like at www.mail.yahoo.com.
Websites that give users a chance to log in are better especially if the services offered
need some degree of privacy and customizing for
Individual customers e.g. it would be a gross mistake to have everybody accessing the
other's e-mail account.
Surf/browse
Surfing or browsing is the process of accessing Internet resources like web pages and
websites. This is done by either typing the URL address of a site in the address bar of the
browser or by following special links that lead to web pages called hyperlinks.
The Internet is a big forest of web pages and websites. Searching for particular materials
or resources can be a nightmare because of the massive volumes of available documents
and resources. To make the work a bit easy, special websites that maintain lists of
hyperlinks are available. These websites are called search engines. They have special
programs called robots or spiders that traverse the web from one hyperlink to the next
and when they find new material, they add them to their indexes or databases. Figure 5.4
below shows one of the most common search engines called Google found at
www.google.com
The user searches for a word by typing a few key words in the search field of the engine
then clicking the search button. The engine searches its database for links to the
information requested and displays a list of links from which the user can now access
information by clicking them to open web pages.
NB: If you download a file whose application is not currently installed on the computer,
then you may not be able to view its contents. For example, if you download a file that
was created in Microsoft Word then you can only open it in the same application.
To print a file, open it in the application in which it was created then send it to the printer
for printing. You can also print a web page directly from the browser window by clicking
File then Print.
E-mail software
E-mail software falls under a special group of application packages called communication
SoftArt. It is specially designed and developed to help a person to read and send
individual text documents on the Internet as long as both the sender and receiver have an
e-mail address.
Like the normal postal address, an e-mail address directs the computers on the Internet on
where to deliver the e-mail message. A typical e-mail address would look like this:
[email protected]
1. chemwex is the user name and is usually coined by the user during
E-mail account registration.
2. @ is the symbol for Hat" which actually separates the user name from the rest of the
address.
3. Yahoo. Com is the name of the host computer in the network i.e. the computer on
which the e-mail account is hosted.
4. The period H. " is read as dot and is used to separate different parts of the e-mail
address.
5. Com identifies the type of institution offering a particular service(s) and is called the
domain, meaning it is a commercial institution. Other common domains include:
Domain Type
Sometimes another two letter extension is added after the domain name to show the
country where the site is located e.g. [email protected], .uk stands for United
Kingdom. Other countries domain name includes .ke (Kenya) .ug (Uganda, :tz
(Tanzania), .jp (Japan), .au (Australia) etc.
E-mail facilities
Basically all e-mail software packages provide the user with ability to receive messages,
display them, reply to the messages, compose new ones and store received messages.
'
Mails
1. Checking mail In order to check mail the user has to open the email account by
providing the correct user name and password. While
In the e-mail account, click the Inbox command to view a link list of all the mails that
you have received. To view a message, simply click its link and it opens on the screen for
reading.
2. To compose a message, click the Col11posebutton. The e-mail software opens a blank
screen on which you can type the new message. Figure.5.5 shows a typical e-mail screen
for composing a message.
3. To send mail, type the correct e-mail address of the recipient in the to: text box. Type a
subject in the subject box e.g. if it is a letter to a friend, type "Hi". Finally click the Send,
or send / receive button, and your message will be sent.
4. Forwarded messages can be read and sent on to other people. Most of such messages
are fun pages, poems, e-cards etc. After reading,
Simply click the Forward button and then provide the addresses of the recipients. Click
the Send button to send.
5. An e-mail message can be saved using the normal procedure for saving e.g. Click File,
Save as then provide the name of the file and click save button.
6. To print e-mail, select the text to be printed then click the File - Print command. In the
print dialog box select the options for the page size, orientation etc. then click the Print
button.
File attachment:
E-mail software also enables a person to attach other files like pictures, music and movie
clips to an e-mail for sharing with friends before sending. The recipient can then
download the attached files or simply view them on the screen. A good example where
people use attachments is on-line job applications where a person attaches curriculum
vitae to an e-mail message. To attach a file:
1. Start the e-mail software i.e. Microsoft outlook express.
2. Click File then New or open a composed e-mail.
3. Specify the recipients address and the subject.
4. Click the Insert menu then File attachment. A dialog box appears where you chose the
file you want to attach.
5. Select the file then click the Attach button.
6. An attachment bar is inserted in the e-mail window with a name of the file you chose.
7. Click Send to send the e-mail.
NB: You can also attach a file by simply clicking the attach button.
On-line meetings
It is possible to hold on-line meetings with people by sending mail to them. For example,
on-line interviews may involve a person sending electronic mail composed of interview
questions to a recipient who can read and answer back immediately. This method may
not be as effective as a face to face interview or discussion but it is very useful in
situations where traveling may be impossible or too expensive.
Telephone messages
Because of integration between mobile telephony and the Internet technology, it is
possible to send e-mail to a mobile handset and a mobile message to e-mail account. This
mobile computing is made possible by a special Internet access protocol called wireless
access protocol (WAP) and wireless markup language (WML).
Contact management
Most mail programs allow the user to develop an address book which holds 'contact
information like e-mail addresses of different people along with other necessary
information. The e-mail software usually provides a simple way of accessing these
contacts when required. To create a new contact:
5.9
Accessing information on emerging issues
The Internet is a storehouse for all types of information, presented in the form of text
documents, pictures, sound and even video. Many emerging
Issues in the world today may not be properly documented in terms of hardcopy
textbooks and journals but the Internet has a wide range of information concerning the
issues. Emerging issues in this context refer to HIV/AIDS, drug abuse, environmental
issues and moral issues.
Therefore, it is already evident that before embarking on finding any information on the
web, a person needs to carefully plan their search to
Avoid wasting a lot of time wading through "junk" or useless material.
I
Chapter outline
Data security also includes all the measures that will be taken to detect, document and
counter the threats to data and information.
Viruses
A computer virus is a destructive program that attaches itself to other files and installs
itself without permission on the computer when the files are opened for use. The virus
may cause havoc on the computer system, for example, it may delete data on storage
devices or interfere with the proper functioning of the computer system.
Unauthorized access
Data and information is always under constant threat from people who may want to
access it without permission. Such persons will usually have a bad intention either to
commit fraud, steal the information and destroy or corrupt the data. Unauthorized access
may take the following forms:
Eavesdropping
This is tapping into communication channels to get information. Hackers mainly use
eavesdropping e.g. to obtain numbers of credit cards.
Surveillance (monitoring)
This is where a person may keep a profile of all computer activities done
By another person or people. The information gathered may be used for one reason or the
other e.g. spreading propaganda or sabotage. Many websites keep track of your activities
using special programs called cookies.
Industrial espionage
Spying on your competitor to get information that you can use to counter or finish the
competitor. This is mostly done with an aim to get ideas on how to counter by developing
similar approach or sabotage.
Errors and accidental access to data and information may be as a result of people
experimenting with features they are not familiar with. For example, a person may
innocently download a file without knowing that it is self-installing and it is dangerous to
the system.
Theft
The threat of theft to data and information is a real one. Some information is so valuable
that business competitors or some governments can pay a fortune to somebody who can
steal the information for them to use. Therefore the following control measures should be
taken to prevent theft of hardware, software and information.
Computer crimes
6.3 Trespass
The term trespass here refers to two things. One is the illegal physical entry to restricted
places where computer hardware, software and backed up data is kept. The other form
would be accessing information illegally
Bon a local or remote computer over a network. Trespass is not allowed at all and should
be discouraged.
Hacking
A hacker is a person who intentionally breaks codes and passwords to gain unauthorized
entry to computer system data and information files. The hacker therefore violates the
security measures put in place such as breaking through passwords or finding weak
access points in software.
There are various motivations for hacking. One is that some people like the challenge and
they feel great after successful hacking, while some do it for computer and software
producer companies that want to secure their systems by reducing weaknesses discovered
after professional hacking. The most vulnerable computers to this crime are the
networked computers faced with hackers working remotely.
Tapping
In this case, a person sends an intelligent program on a host computer that sends him
information from the computer. Another way is to "spy" on a networked computer using
special programs that are able to intercept messages being sent and received by the
unsuspecting computer.
Cracking
Cracking usually refers to the use of guesswork over and over again by a person until
he/she finally discovers a weakness in the security policies or codes of software.
Cracking is usually done by people who have some idea of passwords or user names of
authorized staff.
Another form of cracking is trying to look for weak access points in software. For
example, Microsoft announced a big weakness in some versions of Windows software
that could only be sealed using a special corrective program prepared by them. Such
corrective programs are called patches. It is advisable therefore to install the latest
patches in software.
Piracy
Piracy means making illegal copies of copyrighted software, information or data.
Software, information and data are protected by the copyright law. There are several
ways of reducing piracy:
I. Enact laws that protect the owners of data and information against. Piracy.
2. Make software cheap enough to increase affordability.
3. Use licenses and certificates to identify originals.
4. Set installation passwords that deter illegal installation of software.
Fraud
Computer fraud is the use of computers to conceal information or cheat other people with
the intention of gaining money or information. Fraudsters can be either employees in the
company or outsiders who are smart enough to defraud unsuspecting people. Some fraud
may involve production and use of fake documents.
An example of fraud is where one person created an intelligent program in the tax
department that could credit his account with cents from all the tax payers. He ended up
becoming very rich before he was discovered.
Sabotage
This is the illegal destruction of data and information with the aim of crippling service
delivery or causing great loss to an organization. Sabotage is usually carried out by
disgruntled employees or those sent by competitors to cause harm to the organization.
Alteration
This is the illegal changing of data and information without permission with the aim of
gaining or misinforming the authorized users. Alteration is usually done by those people
who wish to hide the truth. To avoid this, do not give data editing capabilities to just
anybody without vetting. Secondly, the person altering data may be forced to sign in
order for the system to accept altering the information.
Alteration of data compromises the qualities of good data like reliability, relevance and
integrity.
6.4
Audit trial
This is a careful study of an information system by experts in order to establish or find
out all the weaknesses in the system that could lead to security threats and weak access
points for crimesters. An audit of the information system may seek to answer the
following questions:
1. Is. the information system meeting all its originally intended design objectives?
2. Have all the security measures been put in place to reduce the risk of computer crimes?
3. Are the computers secured in physically restricted areas?
4. Is there backup for data and information of the system that can ensure continuity of
services even when something serious happens to the current system?
5. What real risks face the system at present or in future?
Data encryption
Data on transit over a network faces many dangers of being tapped, listened to or copied
to unauthorized destinations. Such data can be protected by mixing it up into a form that
only the sender and receiver can be able to understand by reconstructing the original
message from the mix. This is called data encryption. The message to be encrypted is
called the plain text document. After encryption using a particular order called algorithm
or key, it is sent as cyphertext on the network. The recipient receives it and decrypts it
using a reverse algorithm to the one used during encryption called a decryption key to get
the original plain text document. Hence without the decryption key nobody can be able to
reconstruct the initial message. Figure 6.1 is a flow diagram showing how a message can
be encrypted and decrypted to enhance message security.
The most dangerous aspect in this case is when genuine users lose or give their
passwords to unauthorized users.
Firewalls
A firewall is a device or software system t at filters the data and information exchanged
between different networks by enforcing t e host networks access control policy. The
main aim of a firewall is to monitor and control access to or from protected networks.
People who do not have permission (remote requests) cannot access the network and
those within cannot access firewall restricted sites outside the network.
Therefore, countries are encouraged to develop a data and information handling legal
framework that will protect people's data and information.
DATA SECURITY AND CONTROL
Introduction
Data & Information must be protected against unauthorized access, disclosure,
modification or damage. This is because; it is a scarce & valuable resource for any
business organization or government. It is mostly used in transactions, it can be shared,
and has high value attached to it.
Data & Information security:
Data security is the protection of data & information from accidental or intentional
disclosure to unauthorized persons.
Data & Information privacy:
Private data or information is that which belongs to an individual & must not be
accessed by or disclosed to any other person, without direct permission from the owner.
Confidential data or information – this is data or information held by a government or
organization about people. This data/information may be seen by authorized persons
without the knowledge of the owner. However, it should not be used for commercial
gain or any other unofficial purpose without the owner being informed.
Review Questions
1. Differentiate between private and confidential data.
2. Why is information called a resource?
3. (a) Explain the term ‘Information security’.
(b) Recently, data and information security has become very important. Explain.
4). THEFT
The threat of theft of data & information, hardware & software is real. Some
information is so valuable such that business competitors or some governments can
decide to pay somebody a fortune so as to steal the information for them to use.
Review Questions
1. Explain any three threats to data and information.
2. Give two control measures one would take to avoid unauthorized access to data and
information.
3. Explain the meaning of ‘industrial espionage’.
4. (a) Define a computer virus.
(b) Give and explain two types of computer viruses.
(c) List three types of risks that computer viruses pose.
(d) List and explain five sources of computer viruses.
(e) Outline four symptoms of computer viruses.
(f) Explain the measures one would take to protect computers from virus attacks
5. How can one control the threat of user’s errors to data and information?
COMPUTER CRIMES
A computer crime is a deliberate theft or criminal destruction of computerized data.
The use of computer hardware, software, or data for illegal activities, e.g., stealing,
forgery, defrauding, etc.
Committing of illegal acts using a computer or against a computer system.
Sabotage.
Sabotage is the illegal or malicious destruction of the system, data or information by
employees or other people with grudges with the aim of crippling service delivery or
causing great loss to an organization.
Sabotage is usually carried out by discontented employees or those sent by competitors to
cause harm to the organization.
The following are some acts of saboteurs which can result in great damage to the
computer centres:
Using Magnets to mix up (mess up) codes on tapes.
Planting of bombs.
Cutting of communication lines.
Alteration.
Alteration is the illegal changing of stored data & information without permission with
the aim of gaining or misinforming the authorized users.
Alteration is usually done by those people who wish to hide the truth. It makes the data
irrelevant and unreliable.
Alteration may take place through the following ways:
a). Program alteration:
This is done by people with excellent programming skills. They do this out of
malice or they may liaise with others for selfish gains.
b). Alteration of data in a database:
This is normally done by authorized database users, e.g., one can adjust prices on
Invoices, increase prices on selling products, etc, and then pocket the surplus
amounts.
Security measures to prevent alteration:
i) Do not give data editing capabilities to anybody without vetting.
ii) The person altering the data may be forced to sign in order for the system to accept
altering the information.
Theft of computer time.
Employees may use the computers of an organization to do their own work, e.g., they
may produce publications for selling using the computers of the company.
Theft of data (i.e., commercial espionage).
Employees steal sensitive information or copy packages and sell them to outsiders or
competitors for profit.
This may lead to a leakage of important information, e.g., information on marketing
strategies used by the organization, research information, or medical reports.
Review Questions
1. (a) Define the term ‘Computer crime’.
(b) State and explain various types of computer crimes.
2. Differentiate between Hacking and Cracking with reference to computer crimes.
3. What is a program patch? Why are patches important?
4. Give two reasons that may lead to computer fraud.
5. How can piracy be prevented in regard to data and information.
6. What is data alteration? Explain its effects on data.
7. Explain the meaning of Tapping while dealing with computer crimes.
Review Questions
1. What do the following control measures against computer crimes involve?
(i) Audit trail.
(ii) Data encryption.
(iii) Log files.
(iv) Firewalls.
2. Give four rules that must be observed to keep within the law when working with data
and information.
COMPUTER SECURITY
What is Computer security?
Safeguarding the computer & the related equipments from the risk of damage or
fraud.
Protection of data & information against accidental or deliberate threats which might
cause unauthorised modification, disclosure, or destruction.
A computer system can only be claimed to be secure if precautions are taken to safeguard
it against damage or threats such as accidents, errors & omissions.
The security measures to be undertaken by the organization should be able to protect:
i) Computer hardware against damage.
ii) Data, information & programs against accidental alteration or deletion.
iii) Data & information against hazards.
iv) The computer against unauthorised use.
v) Data, information & programs against piracy or unauthorised copying.
vi) Data & programs used by the computer system against illegal or unauthorised
modification.
vii) Storage media, e.g., diskettes, tapes, etc against accidental destruction.
viii) Policies of the organization.
ix) Buildings.
x) Accidental interruption of power supply or communication lines.
xi) Disclosure of confidential data or information.
xii) Ensure that both hardware & software have longer life span.
1). Fire.
Fire destroys data, information, software & hardware.
Security measures against fire:
Use fire-proof cabinets & lockable metal boxes for floppy disks.
Use of backups.
Install fire fighting equipments, e.g., fire extinguishers.
Have some detectors.
Training of fire-fighting officers.
Observe safety procedures, e.g., avoid smoking in the computer rooms.
Have well placed exit signs.
Contingency plans.
2). Water, floods & moisture.
This causes rusting of the metallic components of the computer.
Security measures against water, floods & moisture:
Set up computer rooms on higher grounds to avoid floods & humidity.
Avoid installing computer components in the basement.
There should be adequate drainage system.
Use water-proof ceilings & floors.
3). Lightening, electricity & electrical storms.
This causes power failure that can cause damage to data, which has not been
transferred to permanent storage devices.
Security measures:
Install facilities to control power fluctuations, e.g., use of Uninterrupted power
source (UPS)
Use power stabilizers.
Have standby power generators/sources.
Have lightening arresters in the building.
4). Excessive Heat or Temperature.
Excessive heat or temperature from the computer itself or from the surrounding
environment can destroy computer storage media or devices.
Security measures:
There should be efficient ventilation system.
Use a cooling system in the computer rooms, e.g., cooling fans & air conditioners.
5). Computer virus attack.
A virus is a rogue software program that spreads rampantly through computer
systems, destroying data or causing the system to break down.
Security measures against computer virus:
Make backup copies of software, and store the copies off-site.
Restrict access to programs & data on a ‘need-to-use’ basis.
Check all programs regularly for change of size, as this could be a sign of virus
infiltration.
Be careful with ‘Shareware’ and ‘Freeware’ programs, as they are the major entry
points for viruses.
Make sure all purchased software is in its original sealed-disk containers.
6). Smoke and Dust.
Dust and Smoke particles settle on storage devices and may scratch them during
Read/write operation.
Security measures:
Have dust mats or carpets to prevent entry of dust.
Fit the computer room with special Curtains to reduce entry of dust particles.
Cover the devices with Dust covers when cleaning the room.
Remove shoes before entering the room to prevent dust.
7). Terrorist attack.
This includes activities such as:
Political terrorists,
Criminal type of activities,
Individuals with grudges, or
People intending to cause general destruction.
Security measures:
Hiring of security guards to control physical access to the building housing the
computer room.
Activities that can cause terrorism should be avoided, e.g., exploitation of workers.
Have double door & monitoring devices.
Use of policies.
System auditing / use of log files.
Use of passwords.
Punitive measures.
Encryption of data.
Use of firewalls.
Consult & co-operate with the Police and Fire authorities on potential risks.
8). People.
People threats include:
Carelessness.
Clumsiness.
Accidental deletion of data, information or programs.
Vandalism, i.e., theft or destruction of data, information or programs & hardware.
Piracy of copyrighted data & software.
Security measures against Carelessness & Clumsiness:
Better selection of personnel.
Have a good office layout.
Improve employee training and education.
Limit access to data and computers.
Regular backups.
Use of Undelete & Unformat utilities.
Security measures against Vandalism:
Should have a sensitive attitude to office behaviour.
Tighten security measures, e.g., install alarm systems, burglar-proof
doors/windows, & roofs).
Limit access to sensitive company information.
Use Keyboard lock on terminals used by authorised users.
Use of disk locks.
Punitive measures.
9). Earthquakes.
Review Questions
1. (a) What is Computer security?
(b) Mention various threats to computer security.
2. Discuss the environmental problems affecting the operation of computers.
2. Computer viruses:
A computer virus destroys all the data files & programs in the computer memory by
interfering with the normal processes of the operating system.
Precautions against computer viruses:
a) Anti-virus software.
Use Antivirus software to detect & remove known viruses from infected files.
Some of the commonly used Antivirus software are: Dr. Solomon’s Toolkit,
Norton Antivirus, AVG Antivirus, PC-Cillin, etc
NB: The best way to prevent virus is to have a memory-resident antivirus
software, which will detect the virus before it can affect the system. This can be
achieved by installing a GUARD program in the RAM every time the computer
boots up. Once in the RAM, the antivirus software will automatically check
diskettes inserted in the drives & warn the user immediately if a disk is found to
have a virus.
For an antivirus to be able to detect a virus, it must know its signature. Since
virus writers keep writing new viruses with new signatures all the time, it is
recommended that you update your antivirus product regularly so as to
include the latest virus signatures in the industry.
The Antivirus software installed in your computer should be enabled/activated
at all times.
You should also perform virus scans of your disks on a regular basis.
Evaluate the security procedures to ensure that the risk of future virus attack is
minimized.
Review Questions
1. Describe two ways of preventing data loss due to power outage.
2. (a) What is a Computer virus?
(b) What are Anti-viruses? Explain how they detect and remove viruses.
3. Accidental erasure:
Commands such as DELETE & FORMAT can be dangerous to the computer if used
wrongly.
Both commands wipe out the information stored on the specified secondary storage
media, e.g., formatting the Hard disk (drive C:) will destroy all the software on that
system.
Precautions against Accidental erasure:
a) Use of Undelete utilities.
Use the Undelete facilities in case you accidentally delete your files.
There are two Undelete facilities depending on the operating system you are
using.
MS-DOS 6.0 Undelete facility:
To undelete at the DOS prompt, change to the drive & directory whose files
were deleted, then type, e.g.,
C:\>UNDELETE <directory that contain the deleted file>
A list of all deleted files will be displayed with the first letter missing. Type
in the first letter and the file will be recovered.
Norton utilities & PC Tools:
Norton utilities & PC Tools also have an undelete facility, which is similar to
the DOS Undelete facility.
Windows Recycle Bin:
The Recycle Bin temporarily stores all deleted files & can be used to recover
your files.
1. Double-click the Recycle Bin on the desktop.
2. Click on the files you want to undelete.
3. Click on File, choose Restore.
The Recycle Bin will restore all selected files to their original folders and
disks.
NB: If you delete a file accidentally, don’t copy any files or install any
applications to the disk that contains the deleted file. If you write anything to the
disk, you might destroy parts of the deleted file, making it unrecoverable.
b) Use of Unformat utilities.
MS-DOS 6.0 has an Unformat facility which can be used to recover information
stored on disks that have been accidentally formatted.
c) Use of Backups.
All data must be backed up periodically either on diskettes, tapes or CDs so that
in case of any accidental loss, the backed up copy can be used to recover the
data.
For small files, use the Copy command to make a copy of the data on a diskette.
For larger amounts of data, use the Backup command to copy the data to several
diskettes or to a tape drive.
Review Questions
1. Name two commands that can erase the information from a disk.
2. Define ‘Data backup’ and state its importance.
4. Crashing of hard disks:
When a hard disk crashes, the data or information on the disk cannot be accessed.
The effect is the same as formatting the hard disk.
Crashing of a hard disk can occur due to the following reasons:
i) Mishandling of the computer system, e.g.,
Moving the system unit while the computer is on.
Accumulation of dust.
ii) Computer virus attack.
iii) Physical damage to the System unit caused by dropping or banging when being
moved.
Precautions against crashing of Hard disks:
a) Use of Backups.
All data must be backed up regularly. In addition, all application programs &
operating system software should also be kept safely so that in case of a complete
system crash, everything can be re-installed/restored.
b) Use of Recovery tools.
System tools such as Norton Utilities, PC Tools, QAPlus, etc can be used to
revive a disk that has crashed.
Review Questions
1. List two possible causes of a hard disk crash.
5. Unauthorised access:
Unauthorised access refers to access to data & information without permission.
Computer criminals can do the following harms:
Steal large amounts of funds belonging to various companies by transferring them
out of their computer accounts illegally.
Steal or destroy data & information from companies, bringing their operations to a
standstill.
Spread destruction from one computer to another using virus programs. This can
cripple the entire system of computer networks.
Spread computer worm programs. Worm programs are less harmful in the
beginning, but render the computer almost useless in the long-run.
Precautions against Unauthorised access:
a) Restrict physical access.
Physical access to computer systems should be restricted to ensure that no
unauthorised person gets access to the system.
Some of the ways of restricting physical access include:
Locking of doors.
Use of personal identification cards.
Use of fingerprint identification.
Use of special voice-recorders. They analyse the voice of a trespasser &
checks against the database containing the voice patterns of valid users.
b) Password protection.
Install a password to restrict access to the computer system.
A Password is a secret code that can be used to prevent unauthorised access of
data in a computer.
Passwords can be put in at various levels:
At the point of switching on the computer – to restrict access to the computer.
On folders/directories – to restrict access to entire folders/directories.
On files – to restrict access to individual files within a directory.
On database systems – to restrict access to individual data elements.
When a valid password is entered, the user gets access to the computer system.
Usually, the user is allowed three (3) attempts to get the password correct. If an
invalid password is entered, access is denied after the 3 attempts.
Some computer security systems may generate an alarm if someone tries to use a
fake password.
NB: You should never use passwords that can easily be linked to you, e.g., your
name, birth date, or names of people close to you.
Review Questions
1. State and discuss four causes of data loss in a computer system.
2. (a) Discuss two methods used to restrict unauthorised access to computer systems.
(b) What is a Password? Give its main importance.