Computer f1 Internet

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 35

INTERNET AND E-MAIL

Chapter outline

5.1 Introduction.
5.2 Definition of the internet.
5.3 Development of the internet.
5.4 Importance of the internet.
5.5 Internet connectivity requirement.
5.6 Internet services.
5.7 Accessing the internet.
5.8 Electronic mail.
5.9 Accessing information on emerging issues.

Introduction
Computers can be connected together using data transmission media like cables, to
communicate with one another. Communication in this case will be in the form of
exchange of data and information. Such interconnection of computers to achieve message
transfer is called networking. This is because the computers are linked to form a net.

In most cases computer networks are unique to an organization. For example the
computers in your computer laboratory may be networked. Such a network is local in
nature hence it is usually called a local area network (LAN).

Definition of the Internet


The term Internet can be broken down into two words, inter and net which implies that
there is an interconnection of networks. Internet is therefore a large network of networks
that covers the whole world and enables millions of computers from different
organizations and people
To communicate globally. Because of its large size and great volume of information that
passes through it, it is sometimes called the information superhighway.

Because of the flexibility of Internet technology, many organizations are creating their
own private networks using the technology of the Internet. In this book we shall refer to
the Internet (with capital letter I) as the information superhighway and the internet (with
lower case letter (i) to refer to smaller networks.

5.3

Development of the Internet


In 1969, a research body in the USA called Advanced Research Projects Agency (ARP )
set up a computer network that connected four universities and was given the name
ARPAnet. This network is viewed as the forerunner of today's Internet. The aim was to
allow sharing of data and information between computers. The main benefit was that
there was fast communication between researchers through electronic mail or e-mail.
ARPA's goal was to allow multiple users to send and receive information at the same
time. The network used a special data transmission technique called packet switching
which was later adopted for the Internet. A computer would send a packet that contained
data, destination address information, error detection control information and packet
sequencing information. By 1973 e-mail was the most common service on the Internet. It
was not until 1979 that the first media companies connected to the Internet.

By 1981, many people had seen the importance of computer networking and the Internet.
ARPAnet formed the backbone on which many organizations started connecting to, hence
expanding it. The American military also became a big user of the Internet because they
could communicate and tap into the resources available on the net. Next, the American
Government decided to access the Internet for commercial purposes hence greatly
increasing the traffic. By this time, for every twenty days, a new host computer was
connected to the net.

By 1987, the Internet boasted of 10 000 host computers. However, its access was largely
limited to the United States of America and some nations in Europe. As the importance of
the Internet grew, businesses spent billions of dollars to improve it in order to offer better
services to their clients. Fierce competition arose among software and hardware
manufacturers as they came up with new technology to meet internetworking needs. The
result was a great increase in message transmission capacity (bandwidth) and it became
cheaper to work with the Internet.

By 1994, 3 million computers were connected to the Internet. Today, the Internet has
grown and covered the whole world. Governments, private organizations and individuals
are using the Internet in all spheres of daily life to send messages and conduct business.

Importance of Internet
The Internet is an extensive system of interlinked yet independent networks. It has
evolved from a specialised communication network previously only used for military and
academic purposes to a public network that is changing the way people carry out their
daily activities.

The Internet is playing a very important role in all aspects of life, leading to the
emergence of an elite society called the information society. The Internet's importance
can be between through its contribution to research, news and information dissemination,
leisure and communication, a place to do business and many other profitable activities.

Internet connectivity requirements


For a computer to be able to connect to the Internet, there are several requirements one of
them is to connect to a telecommunication service provider in order to transmit data over
a wide region. This section seeks to discuss some minimum requirements for Internet
connectivity to be achieved.

Telecommunication facilities
The Internet heavily relies on telecommunication facilities like the telephone lines,
telephone exchange stations and satellite transmission in order to cover the whole wide
world. Indeed, without these facilities, the Internet is as good as dead.

Therefore, a computer is connected to the external world through a telephone line and has
to dial a remote computer on the net to establish a connection for data transfer. Dial-up
connections, however, are quickly being replaced by dedicated digital data transmission
telephone lines called dedicated digital leased lines. A leased line connection ensures
constant and quick connection to the Internet unlike the dial-up that you need to dial
every time you need to access the Internet.

Transmission of data on land takes the form of telephone exchange to telephone


exchange until the data reaches the destination. However, intercontinental transfer of data
is achieved by having satellite base stations transmitting g the data through a wireless
uplink channel to the satellite. The satellite then sends the data signal to the base station
on another continent where it is picked up and sent to telephone exchanges

For transfer to the destination computer. Figure 5.1 shows a simple logical illustration of
the Internet.
Modems
A computer needs a special digital to analog and vice versa interface card called a modem
that enables it to send and receive data on telephone lines. Remember that voice
transmission on telephone lines is analog in nature while computers work with digital
data. However, digital telephone lines make it possible for computers to transmit and
receive digital data without a modem.

The word modem is short form for modulator - demodulator. During modulation, the data
to be transmitted is changed from digital to analog so that it can be transmitted on the
telephone lines. At the receiving end, the data is changed from analog to digital for the
computer to understand it through a process called demodulation.

In most cases a modem is bought separately and plugged in one of the expansion slots on
the motherboard. Some modems are external hence the computer may be connected to
them through a network interface card. Most computers today come with an internal
modem permanently fixed on the motherboard called an onboard modem.

Internet service providers (ISP's)


These are companies that offer internet services to end users. For example, in Kenya,
until recently, the sole gateway to the Internet for a long time was Telkom's Jambonet.
However, because Jambonet cannot meet the service needs for all users in Kenya, they
lease some of their stake to Internet service providers like Africaonline@ and
Swiftkenya@ who can now provide Internet services to the end users at a fee.
Internet software
The Internet interconnects millions of computers and telecommunication devices that
have different configurations for hardware and software. Therefore, to achieve
communication between these otherwise incompatible devices, special software called
protocol is needed. A protocol is a set of rules that governs how two computers can send
and receive data on the network.

For the Internet, the most common protocol is the Transmission control
Protocol (TCP) and Internet protocol (IP). As its name suggests, TCP governs how data
is transferred from one place to the next, while IP determines the addressing system on
the Internet. For example, each network and computer on the Internet is recognised by a
special number called the IP address that enables data to be sent and received by it. These
two are combined to form the TCP/IP protocol suite that is needed by any computer that
needs to be connected to the Internet.
Internet services
The Internet has become very popular in today's world because of the diverse but very
important services that it offers to people. It is "seductive" i.e. once a person connects to
it they find themselves falling in love with its power to provide information and services.
The temptation is to continue using the Internet again and again.

The World Wide Web (www)


The World Wide Web can be viewed as a vast virtual space on the Internet where
information pages called websites are installed. Most local area networks have a special
computer called a server that stores information and data for others on the same network
to access. In order to connect a network to the internet, the local area network needs an
Internet server. This server is usually given the name world wide web (www) and has all
the information that others on the Internet access. Hence, www is created by a network of
Internet servers!

To enable easier access to information and data on the Internet, a standard method of
preparing documents to be put on the Internet was developed. This method uses a special
language such as hypertext markup language (HTML) to prepare documents called web
pages that are attractive and can be accessed on the Internet. HTML can be combined
with other web page production tools to achieve wonderful websites. Individuals and
organizations establish sites where their web documents can be placed

2for easy access by the external world. Such sites are called websites and each has a
special address called a uniform resource locator (URL) that can be used to access them.
For example, one common URL address is:
http://www.yahoo.com
The first part (http) stands for hypertext transfer protocol which is a protocol that
transfers hypertext. www is the name of the Internet server (web server) on which the
webpage resides. yahoo.com is usually called the domain name of the local area network.
It uniquely identifies a particular local area network. On the Internet, two networks may
have the same web server name but never the same domain.

Electronic mail (e-mail)


This is the exchange of electronic letters, data and graphics on the Internet.
Electronic commerce (e-commerce)
Many companies are increasingly using the Internet to sell and buy goods and services.
This new business strategy where goods and services are sold over the internet is called
electronic commerce (e-commerce).

One advantage of e-commerce is that a company can access customers all over the world
and is not limited by space and time. Hence, small companies that establish websites to
auction their goods and services not only reduce operating costs but increase their sales.
For example, most vehicle importers buy vehicles directly from international dealers by
accessing their websites and placing orders.

However, the major challenges that face e-commerce are that people deal with each other
without ever meeting physically and there is lack of proper laws to govern such business.

Electronic learning (e-Iearning)


Apart from the fact that academic materials for all levels of education are readily
available on the Internet (web), the Internet has opened the door for those who would like
to do distance education programs and home schooling. Learning through interaction
with special programs on the computer is called electronic learning (e-Iearning).

Internet fax
The Internet provides you with complete fax facilities from your computer. You can
configure fax settings, send and receive faxes, track and monitor fax activity, and access
archived faxes. Using fax, you can choose to send and receive faxes with a local fax
device attached to your computer, or with a remote fax device connected to fax resources
located on a network.

Other Internet services


1. News media on the net. All major media houses post their daily news on the Internet
for their clientele to access. Hence information about an event can be sent right round the
globe within a very short time.
2. Health information on the net. The Internet provides latest medical news and
research findings for practitioners and scholars.
3. Music and entertainment on the net. It is possible to listen to music on the web and to
watch video clips if your computer is a multimedia machine.
4. Chatting on the net. People can sign into a chat room and exchange ideas freely through
discussion. Chat rooms are a common feature and usually put together people of common
interest to exchange ideas. For example, if you sign into a chartroom for politics, then
you can exchange political views with otherwise unknown Internet friends who can read
your typed comments as you view theirs. Try accessing www. Try. Com to see listings of
chat topics that you can participate in on-line. However, you need to be careful in
selecting the people to chat with on the web because some people who use the chat rooms
have intentions of harming others.
Accessing the Internet
There are many applications that enable a person to access the Internet. Such applications
are called web browsers. Some of them have text interface while the most popular have
graphical user interface. Perhaps, the most common browsers in the world today are
Netscape Navigator and Internet Explorer.

Therefore before accessing the Internet, a person must start the browser software. This
book will use Internet Explorer for demonstration,
1. The back button returns the browser to the immediate former webpage.
2. The next button moves the browser to the next web page in case a person had clicked
the back button.
3. The stop button tells the browser to stop searching/loading a website.
4. The refresh button tells the browser to try accessing a web site address again after
failure
5. The search button enables a person to search for words on the website.
6. Clicking the favorites button displays all web addresses in the’ favorites" folder.
7. The history button displays the website addresses that were visited in the recent past.
8. The mail button enables a person to view and send mail and WebPages to links.
9. The print button enables a person to print the web pages.
10. The Go button tells the browser to load the current web page whose address is in the
address bar.
11. The address bar allows the user to type the address of a website to be accessed.
12. The home button moves the user to the first page of the website.

Log in/sign in
To access a website, type the full address of the website in the address bar then press the
Enter key on the keyboard. If the Internet connection is working properly, the browser
will start connecting to the requested web site or URL. Notice that the status bar will be
reading something like "connecting to site www.yahoo.com "

Some web sites allow free access to all their pages by all visitors. However, others
require people to be members hence a new visitor has to register (sign up) by filling some
on-line forms. The registration process gives the visitor a user name and password that
can be used to sign in or log on the website for each successive visit. This is very
common for e-mail account providers like at www.mail.yahoo.com.

Websites that give users a chance to log in are better especially if the services offered
need some degree of privacy and customizing for
Individual customers e.g. it would be a gross mistake to have everybody accessing the
other's e-mail account.

Surf/browse
Surfing or browsing is the process of accessing Internet resources like web pages and
websites. This is done by either typing the URL address of a site in the address bar of the
browser or by following special links that lead to web pages called hyperlinks.

Hyperlinks and search engines


A hyperlink is a text or picture on an electronic document, especially web page that
causes other web pages to open when the link is clicked. A hyperlink can be identified by
the fact that the mouse pointer changes to look like a palm having four folded fingers
with the index finger not folded but pointing outwards.

The Internet is a big forest of web pages and websites. Searching for particular materials
or resources can be a nightmare because of the massive volumes of available documents
and resources. To make the work a bit easy, special websites that maintain lists of
hyperlinks are available. These websites are called search engines. They have special
programs called robots or spiders that traverse the web from one hyperlink to the next
and when they find new material, they add them to their indexes or databases. Figure 5.4
below shows one of the most common search engines called Google found at
www.google.com
The user searches for a word by typing a few key words in the search field of the engine
then clicking the search button. The engine searches its database for links to the
information requested and displays a list of links from which the user can now access
information by clicking them to open web pages.

Example of search engines include: www.google.com, www.hotmail.com and


www.yahoo.com.

Downloading/saving/printing web content


After searching and finding information on the Internet, you may want to save the
information locally on your computer for future reference. The process of transferring
information from a remote computer to a local storage is called downloading. To
download a file, the following procedure is followed:
1. Right click the hyperlink to the file.
2. On the shortcut menu, click the Save target as command.
3. After some searching the browser displays the save as dialog box. Specify the folder or
drive where the file is to be saved then type a unique name for the file in the name box.
4. Click the Save button and the download progress dialog appears on the screen. Unless
otherwise selected, the download dialog will notify the user at the end of the download
process.
Pen the file in its application to view it.

NB: If you download a file whose application is not currently installed on the computer,
then you may not be able to view its contents. For example, if you download a file that
was created in Microsoft Word then you can only open it in the same application.

To print a file, open it in the application in which it was created then send it to the printer
for printing. You can also print a web page directly from the browser window by clicking
File then Print.

Electronic mail (e-mail)


Electronic mail refers to the sending and receiving of electronic letters and documents on
the Internet. This feature serves to popularize the Internet even among non-technical
people. For many, gone are the days when paper mail (of late called snail mail) would be
sent and the recipient had to wait for long before receiving it. E-mail is fast because it
takes
Only a few seconds to reach the recipient regardless of where they are in the world.

E-mail software
E-mail software falls under a special group of application packages called communication
SoftArt. It is specially designed and developed to help a person to read and send
individual text documents on the Internet as long as both the sender and receiver have an
e-mail address.

Like the normal postal address, an e-mail address directs the computers on the Internet on
where to deliver the e-mail message. A typical e-mail address would look like this:
[email protected]
1. chemwex is the user name and is usually coined by the user during
E-mail account registration.
2. @ is the symbol for Hat" which actually separates the user name from the rest of the
address.
3. Yahoo. Com is the name of the host computer in the network i.e. the computer on
which the e-mail account is hosted.
4. The period H. " is read as dot and is used to separate different parts of the e-mail
address.
5. Com identifies the type of institution offering a particular service(s) and is called the
domain, meaning it is a commercial institution. Other common domains include:

Domain Type

.edu Educational institution


.gov Government institution
.org Non-profit making organization
.mil Military organization
.co Commercial institution

Sometimes another two letter extension is added after the domain name to show the
country where the site is located e.g. [email protected], .uk stands for United
Kingdom. Other countries domain name includes .ke (Kenya) .ug (Uganda, :tz
(Tanzania), .jp (Japan), .au (Australia) etc.

E-mail facilities
Basically all e-mail software packages provide the user with ability to receive messages,
display them, reply to the messages, compose new ones and store received messages.
'

Mails
1. Checking mail In order to check mail the user has to open the email account by
providing the correct user name and password. While
In the e-mail account, click the Inbox command to view a link list of all the mails that
you have received. To view a message, simply click its link and it opens on the screen for
reading.
2. To compose a message, click the Col11posebutton. The e-mail software opens a blank
screen on which you can type the new message. Figure.5.5 shows a typical e-mail screen
for composing a message.

3. To send mail, type the correct e-mail address of the recipient in the to: text box. Type a
subject in the subject box e.g. if it is a letter to a friend, type "Hi". Finally click the Send,
or send / receive button, and your message will be sent.
4. Forwarded messages can be read and sent on to other people. Most of such messages
are fun pages, poems, e-cards etc. After reading,
Simply click the Forward button and then provide the addresses of the recipients. Click
the Send button to send.
5. An e-mail message can be saved using the normal procedure for saving e.g. Click File,
Save as then provide the name of the file and click save button.
6. To print e-mail, select the text to be printed then click the File - Print command. In the
print dialog box select the options for the page size, orientation etc. then click the Print
button.

File attachment:
E-mail software also enables a person to attach other files like pictures, music and movie
clips to an e-mail for sharing with friends before sending. The recipient can then
download the attached files or simply view them on the screen. A good example where
people use attachments is on-line job applications where a person attaches curriculum
vitae to an e-mail message. To attach a file:
1. Start the e-mail software i.e. Microsoft outlook express.
2. Click File then New or open a composed e-mail.
3. Specify the recipients address and the subject.
4. Click the Insert menu then File attachment. A dialog box appears where you chose the
file you want to attach.
5. Select the file then click the Attach button.
6. An attachment bar is inserted in the e-mail window with a name of the file you chose.
7. Click Send to send the e-mail.

NB: You can also attach a file by simply clicking the attach button.

On-line meetings
It is possible to hold on-line meetings with people by sending mail to them. For example,
on-line interviews may involve a person sending electronic mail composed of interview
questions to a recipient who can read and answer back immediately. This method may
not be as effective as a face to face interview or discussion but it is very useful in
situations where traveling may be impossible or too expensive.

Telephone messages
Because of integration between mobile telephony and the Internet technology, it is
possible to send e-mail to a mobile handset and a mobile message to e-mail account. This
mobile computing is made possible by a special Internet access protocol called wireless
access protocol (WAP) and wireless markup language (WML).

Contact management
Most mail programs allow the user to develop an address book which holds 'contact
information like e-mail addresses of different people along with other necessary
information. The e-mail software usually provides a simple way of accessing these
contacts when required. To create a new contact:

1. Start the e-mail software i.e. Microsoft express.


2. From the tools menu, click Address book or simply click the address book button.
3. From the address book window click File then: Contact.
4. Click the Name tab and enter the contact details.
5. Click the Add button and add the contact into the contact list.
6. Close the contact window then the address book.

5.9
Accessing information on emerging issues
The Internet is a storehouse for all types of information, presented in the form of text
documents, pictures, sound and even video. Many emerging
Issues in the world today may not be properly documented in terms of hardcopy
textbooks and journals but the Internet has a wide range of information concerning the
issues. Emerging issues in this context refer to HIV/AIDS, drug abuse, environmental
issues and moral issues.

Therefore, it is already evident that before embarking on finding any information on the
web, a person needs to carefully plan their search to
Avoid wasting a lot of time wading through "junk" or useless material.
I

Steps for searching


1. Plan for your search. You must develop a search strategy. Consider the following
questions before starting to search for information: (a) what would be the best place to
find the information required? (b) What tool best suits the work at hand?
(c) What key words can best describe the search problem?
2. There is always the best place to start the search. One of the best places is on websites
of leading media houses like www.cnn.com and www.nationaudio.co.ke because you are
likely to get links to the latest research discoveries in your area of interest.
3. after checking out on the news houses, you can now open some search engines and
type the key words in the search field. Use different search engines to look for
information on all the emerging issues mentioned above because different search engines
give different search results.
DATA SECURITY AND CONTROLS

Chapter outline

6.1 Introduction and definition.


6.2 Security threats and control measures. 6.3 Computer crimes.
6.4 Detection and protection
6.5 Laws governing protection of information.

6.1 Introduction and definition


Computer information systems are becoming more and more important in daily life.
Governments, private enterprises and individuals have found the need to protect data and
information that is in their custody against unauthorized access, disclosure or damage.
This is because of the rise of the information age and society leading to the subsequent
view of information as a scarce valuable resource. This has posed threats to data and
information both from known and unknown sources.

Data and information security Data security involves:


1. Protection of data and information against unauthorized access or
Modification.
2. Denial of data and information to unauthorized users.
3. Provision of data and information to authorized users.

Data security also includes all the measures that will be taken to detect, document and
counter the threats to data and information.

Data and information privacy


Private data or information is that which belongs to an individual and must not be
accessed by or disclosed to any other person unless with direct permission from the
owner. On the other hand, the data or information held by a government or organization
about people is confidential data. This data and information may be seen by many
authorized persons without the knowledge of the owner. However, it should not be used
for commercial gain or any other unofficial purpose without the owner being informed.
This data must also be protected against unauthorized access or disclosure.

6.2 Security threats and control measures

Viruses
A computer virus is a destructive program that attaches itself to other files and installs
itself without permission on the computer when the files are opened for use. The virus
may cause havoc on the computer system, for example, it may delete data on storage
devices or interfere with the proper functioning of the computer system.

Types of computer viruses include:


1. Boot sector viruses - they destroy the booting information on storage devices.
2. File viruses - attach themselves to files.
3. Hoax viruses - Come as e-mail with an attractive subject and launches itself when e-
mail is opened.
4. Trojans - they appear to perform necessary functions but perform other undesirable
activities in the background without user knowledge.
5. Worms - viruses that stick in the computer memory.
6. Backdoors - may be a Trojan or a worm that allows hidden access to a computer
system.
Control measures against viruses
1. Install the latest versions of anti-virus software on the computers.
Make sure that you continuously update the anti-virus software with new virus definitions
to counter the new viruses that are being manufactured on a daily basis.
2. Avoid foreign diskettes in the computer room. If they have to be used, they must first
be scanned for viruses.
3. Avoid opening mail attachments before scanning them for viruses.

Unauthorized access
Data and information is always under constant threat from people who may want to
access it without permission. Such persons will usually have a bad intention either to
commit fraud, steal the information and destroy or corrupt the data. Unauthorized access
may take the following forms:

Eavesdropping
This is tapping into communication channels to get information. Hackers mainly use
eavesdropping e.g. to obtain numbers of credit cards.

Surveillance (monitoring)

This is where a person may keep a profile of all computer activities done
By another person or people. The information gathered may be used for one reason or the
other e.g. spreading propaganda or sabotage. Many websites keep track of your activities
using special programs called cookies.

Industrial espionage
Spying on your competitor to get information that you can use to counter or finish the
competitor. This is mostly done with an aim to get ideas on how to counter by developing
similar approach or sabotage.

Also unauthorized access can be as follows:


1. An employee who is not supposed to view or see sensitive data by
mistake or design gets it.
2. Strangers who may stray into the computer room when nobody is using the computers.
3. Forced entry into the computer room through weak access points.
4. Network access in case the computers are networked and connected to the external
world.

Control measures against unauthorized access


1. Enforce data and information access control policies on all employees.
2. Encrypt the data and information during transmission (data encryption is discussed in
details later in the chapter).
3. Keep the computer room closed when nobody is using it.
4. Reinforce the weak access points like doors and windows with metallic grills and
burglar alarms.
5. Enforce network security measures.
6. Use files passwords to deter any persons who may get to the electronic files.
Computer errors and accidental access
Sometimes, threats to data and information come from people making mistakes like
printing sensitive reports and unsuspectingly giving them to unauthorized person(s).
Also, if end users have too much privilege that allows them to change or access sensitive
files on the computer then accidental access mistakes may occur.

Errors and accidental access to data and information may be as a result of people
experimenting with features they are not familiar with. For example, a person may
innocently download a file without knowing that it is self-installing and it is dangerous to
the system.

Control measures against computer errors and accidents


1. Give various file access privileges and roles to the end users and technical staff in the
organization i.e. denies access permissions to certain groups of users for certain files and
computers.
2. Set up a comprehensive error recovery strategy in the organization.

Theft
The threat of theft to data and information is a real one. Some information is so valuable
that business competitors or some governments can pay a fortune to somebody who can
steal the information for them to use. Therefore the following control measures should be
taken to prevent theft of hardware, software and information.

Control against theft


1. Employ guards to keep watch over data and information centers and
Backups.
2. Burglar proofs the computer room.
3. Reinforce weak access points like the windows, door and roofing
With metallic grills and strong padlocks.
4. Create backups in locations away from the main computing centre.

Computer crimes
6.3 Trespass
The term trespass here refers to two things. One is the illegal physical entry to restricted
places where computer hardware, software and backed up data is kept. The other form
would be accessing information illegally
Bon a local or remote computer over a network. Trespass is not allowed at all and should
be discouraged.

Hacking
A hacker is a person who intentionally breaks codes and passwords to gain unauthorized
entry to computer system data and information files. The hacker therefore violates the
security measures put in place such as breaking through passwords or finding weak
access points in software.

There are various motivations for hacking. One is that some people like the challenge and
they feel great after successful hacking, while some do it for computer and software
producer companies that want to secure their systems by reducing weaknesses discovered
after professional hacking. The most vulnerable computers to this crime are the
networked computers faced with hackers working remotely.

Tapping
In this case, a person sends an intelligent program on a host computer that sends him
information from the computer. Another way is to "spy" on a networked computer using
special programs that are able to intercept messages being sent and received by the
unsuspecting computer.

Cracking
Cracking usually refers to the use of guesswork over and over again by a person until
he/she finally discovers a weakness in the security policies or codes of software.
Cracking is usually done by people who have some idea of passwords or user names of
authorized staff.

Another form of cracking is trying to look for weak access points in software. For
example, Microsoft announced a big weakness in some versions of Windows software
that could only be sealed using a special corrective program prepared by them. Such
corrective programs are called patches. It is advisable therefore to install the latest
patches in software.

Piracy
Piracy means making illegal copies of copyrighted software, information or data.
Software, information and data are protected by the copyright law. There are several
ways of reducing piracy:

I. Enact laws that protect the owners of data and information against. Piracy.
2. Make software cheap enough to increase affordability.
3. Use licenses and certificates to identify originals.
4. Set installation passwords that deter illegal installation of software.

Fraud
Computer fraud is the use of computers to conceal information or cheat other people with
the intention of gaining money or information. Fraudsters can be either employees in the
company or outsiders who are smart enough to defraud unsuspecting people. Some fraud
may involve production and use of fake documents.

An example of fraud is where one person created an intelligent program in the tax
department that could credit his account with cents from all the tax payers. He ended up
becoming very rich before he was discovered.

Sabotage
This is the illegal destruction of data and information with the aim of crippling service
delivery or causing great loss to an organization. Sabotage is usually carried out by
disgruntled employees or those sent by competitors to cause harm to the organization.

Alteration
This is the illegal changing of data and information without permission with the aim of
gaining or misinforming the authorized users. Alteration is usually done by those people
who wish to hide the truth. To avoid this, do not give data editing capabilities to just
anybody without vetting. Secondly, the person altering data may be forced to sign in
order for the system to accept altering the information.

Alteration of data compromises the qualities of good data like reliability, relevance and
integrity.

6.4

Detector and protection against computer crimes


After seeing the dangers that information systems are faced with due to threats to data
and information and perpetration of computer crimes, it is important to look at some
measures that can be taken to detect, prevent computer crimes and seal security
loopholes.

Audit trial
This is a careful study of an information system by experts in order to establish or find
out all the weaknesses in the system that could lead to security threats and weak access
points for crimesters. An audit of the information system may seek to answer the
following questions:
1. Is. the information system meeting all its originally intended design objectives?
2. Have all the security measures been put in place to reduce the risk of computer crimes?
3. Are the computers secured in physically restricted areas?
4. Is there backup for data and information of the system that can ensure continuity of
services even when something serious happens to the current system?
5. What real risks face the system at present or in future?

Data encryption
Data on transit over a network faces many dangers of being tapped, listened to or copied
to unauthorized destinations. Such data can be protected by mixing it up into a form that
only the sender and receiver can be able to understand by reconstructing the original
message from the mix. This is called data encryption. The message to be encrypted is
called the plain text document. After encryption using a particular order called algorithm
or key, it is sent as cyphertext on the network. The recipient receives it and decrypts it
using a reverse algorithm to the one used during encryption called a decryption key to get
the original plain text document. Hence without the decryption key nobody can be able to
reconstruct the initial message. Figure 6.1 is a flow diagram showing how a message can
be encrypted and decrypted to enhance message security.

6.5 Log files


This is special system files that keep a record (1og) of events on the use of the computers
and resources of the information system. This is because each user is assigned a user
name and password or account. The information system administrator can therefore
easily track who accessed the system, 'when and what they did on the system. This unto
second information can help monitor and track people who are likely to violate system
security policies.

The most dangerous aspect in this case is when genuine users lose or give their
passwords to unauthorized users.

Firewalls
A firewall is a device or software system t at filters the data and information exchanged
between different networks by enforcing t e host networks access control policy. The
main aim of a firewall is to monitor and control access to or from protected networks.
People who do not have permission (remote requests) cannot access the network and
those within cannot access firewall restricted sites outside the network.

Laws governing protection of information


Although most countries do not have laws that govern data and information handling, the
awakening has started and the laws are being developed. The "right to privacy" is
expected by all people. For example, the data protection law may have the following
provisions:
1. Data is not transferred to other countries without the owner's permission.
2. Data and information should be kept secure against loss or exposure.
3. Data and information should not be kept longer than necessary.
4. Data and information should be accurate and up to date.
5. Data and information be collected, used and kept for specified lawful purposes.

Therefore, countries are encouraged to develop a data and information handling legal
framework that will protect people's data and information.
DATA SECURITY AND CONTROL
Introduction
Data & Information must be protected against unauthorized access, disclosure,
modification or damage. This is because; it is a scarce & valuable resource for any
business organization or government. It is mostly used in transactions, it can be shared,
and has high value attached to it.
Data & Information security:
Data security is the protection of data & information from accidental or intentional
disclosure to unauthorized persons.
Data & Information privacy:
Private data or information is that which belongs to an individual & must not be
accessed by or disclosed to any other person, without direct permission from the owner.
Confidential data or information – this is data or information held by a government or
organization about people. This data/information may be seen by authorized persons
without the knowledge of the owner. However, it should not be used for commercial
gain or any other unofficial purpose without the owner being informed.
Review Questions
1. Differentiate between private and confidential data.
2. Why is information called a resource?
3. (a) Explain the term ‘Information security’.
(b) Recently, data and information security has become very important. Explain.

SECURITY THREATS TO DATA & INFORMATION


1). COMPUTER VIRUSES
 A computer virus is a destructive program that attaches itself to other files when
the files are opened for use, and installs itself on the computer, without the
knowledge of the user.
 A computer virus is a program designed specifically to damage other programs or
interfere with the proper functioning of the computer system.
A virus is a computer code usually designed to carry out 2 tasks:
(a) To copy itself from one computer system to another.
(b) To locate itself within a computer system enabling it to amend/destroy program
& data files, by interfering with the normal processes of the operating system.
Types of computer viruses.
1. Boot sector viruses – they destroy the booting information on storage devices.
2. File viruses – they attach themselves to files either erasing or modifying them.
3. Hoax viruses – they come as e-mails with an attractive subject & activate
themselves when the e-mail is opened.
4. Trojans – they appear to perform necessary functions, but perform other
undesirable activities in the background without the knowledge of the user.
5. Worms – viruses that stick in the computer memory.
6. Backdoors – may be a Trojan or Worm that allows hidden access to a computer
system.

Types of destructions/damages caused by a virus attack.


 Delete or modify data, information & files on storage devices (disks) or memory
during normal program execution, e.g., may attack the format of a disk making any
program or data on it impossible to recover.
 Systematically destroy all the data in the computer memory.
 Might lock the keyboard.
 Can change keystroke values or data from other I/O devices, e.g., change the effect
of SHIFT key.
 Delete characters displayed on a visual display.
 Uses up computer memory/space, hence slowing down its performance or causing
the system to crash.
 Changes colour of the display.
 Cause boot failure.
Sources of viruses.
a) Contact with contaminated systems:
If a diskette is used on a virus infected computer, it could become contaminated.
If the same diskette is used on another computer, then the virus will spread.
b) Use of pirated software:
Pirated software may be contaminated by a virus code or it may have been
amended to perform some destructive functions which may affect your
computer.
c) Infected proprietary software:
A virus could be introduced when the software is being developed in
laboratories, and then copied onto diskettes containing the finished software
product.
d) Fake games:
Some virus programs behave like games software. Since many people like
playing games on computers, the virus can spread very fast.
e) Freeware and Shareware:
Both freeware & shareware programs are commonly available in Bulletin board
systems.
Such programs should first be used in controlled environment until it is clear that
the program does not contain either a virus or a destructive code.
f) Updates of software distributed via networks:
Viruses programs can be spread through software distributed via networks.

Symptoms of viruses in a computer system.


The following symptoms indicate the presence of a virus in your computer:
 Boot failure.
 Files & programs disappearing mysteriously.
 Unfamiliar graphics or messages appearing on the screen, e.g., the virus might flash
a harmless message such as “Merry Christmas” on the computer terminal.
 Slow booting.
 Gradual filing of the free space on the hard disk.
 Corruption of files and programs.
 Programs taking longer than usual to load.
 Disk access time seeming too long for simple tasks.
 Unusual error messages occurring more frequently.
 Frequent read/write errors.
 Disk access lights turning on for non-referenced devices.
 Computer hags anytime when running a program.
 Less memory available than usual, e.g., Base memory may read less than 640KB.
 Size of executable files changing for no obvious reason.

Control measures against viruses.


i). Install up-to-date (or the latest) antivirus software on the computers.
ii). Restrict the movement of foreign storage media, e.g., diskettes in the computer
room.
If they have to be used, they must be scanned for viruses.
iii). Avoid opening mail attachments before scanning them for viruses.
iv). Write-protect disks after using them.
v). Disable floppy disk drives, if there is no need to use disks in the course of normal
operation.
vi). Backup all software & data files at regular intervals.
vii). Do not boot your computer from disks which you are not sure are free from
viruses.
viii). Avoid pirated software. If possible, use the software from the major software
houses.
ix). Programs downloaded from Bulletin Boards & those obtained from computer
clubs should be carefully evaluated & examined for any destructive code.

2). UNAUTHORIZED ACCESS


Data & information is always under constant threat from people who may want to
access it without permission. Such persons will usually have a bad intention, either to
commit fraud, steal the information & destroy or corrupt the data.
Unauthorized access may take the following forms:
a). Eavesdropping:
This is tapping into communication channels to get information, e.g., Hackers
mainly use eavesdropping to obtain credit card numbers.
b). Surveillance (monitoring):
This is where a person may monitor all computer activities done by another
person or people.
The information gathered may be used for different purposes, e.g., for spreading
propaganda or sabotage.
c). Industrial espionage:
Industrial espionage involves spying on a competitor so as to get or steal
information that can be used to finish the competitor or for commercial gain.
The main aim of espionage is to get ideas on how to counter by developing
similar approach or sabotage.
d). An employee who is not supposed to see some sensitive data gets it, either by
mistake or design.
e). Strangers who may stray into the computer room when nobody is using the
computers.
f). Forced entry into the computer room through weak access points.
g). Network access in case the computers are networked & connected to the external
world.

Control measures against unauthorized access.


i). Enforce data & information access control policies on all employees to control
access to data.
ii). Keep the computer room closed when nobody is using it.
iii). Reinforce weak access points, e.g., doors & windows with metallic grills &
burglar alarms.
iv). Use file passwords to prevent any person from getting access to the electronic
files.
v). Enforce network security measures, e.g., use of firewalls.
vi). Encrypt the data & information during transmission.
vii). Perform frequent Audit trails to identify threats to data & information.

3). COMPUTER ERRORS & ACCIDENTAL ACCESS


Errors and accidental access to data & information may be as a result of:
 Mistakes made by people, e.g., one may print sensitive reports & unsuspectingly
give them to unauthorized persons.
 People experimenting with features they are not familiar with. E.g., a person may
innocently download a file without knowing that it is self-installing or it may be
dangerous to the system.

Control measures against computer errors & accidents.


i). Restrict file access to the end-users and technical staff in the organization, i.e.,
deny access of certain files & computers to certain groups of end-users.
This is because; accidental access mistakes occur if the end-users have too much
privilege that allows them to access or change sensitive files on the computer.
ii). Set up a comprehensive error-recovery strategy in the organization.

4). THEFT
The threat of theft of data & information, hardware & software is real. Some
information is so valuable such that business competitors or some governments can
decide to pay somebody a fortune so as to steal the information for them to use.

Control measures against theft of information, hardware, & software.


i). Create backups & store them in locations away from the main computing centre.
ii). Reinforce weak access points, e.g., the windows, doors, & roofing with metallic
grills and strong padlocks.
iii). Put burglar proofs in the computer room.
iv). Employ guards to keep watch over data & information centres and backups.

Review Questions
1. Explain any three threats to data and information.
2. Give two control measures one would take to avoid unauthorized access to data and
information.
3. Explain the meaning of ‘industrial espionage’.
4. (a) Define a computer virus.
(b) Give and explain two types of computer viruses.
(c) List three types of risks that computer viruses pose.
(d) List and explain five sources of computer viruses.
(e) Outline four symptoms of computer viruses.
(f) Explain the measures one would take to protect computers from virus attacks
5. How can one control the threat of user’s errors to data and information?

COMPUTER CRIMES
 A computer crime is a deliberate theft or criminal destruction of computerized data.
 The use of computer hardware, software, or data for illegal activities, e.g., stealing,
forgery, defrauding, etc.
 Committing of illegal acts using a computer or against a computer system.

Types of computer crimes.


The following are the major types of computer crimes:
1. Trespass.
2. Hacking.
3. Tapping.
4. Cracking.
5. Piracy.
6. Fraud (Theft of money)
7. Sabotage.
8. Alteration of data.
9. Theft of computer time / Theft of service.
10. Theft of data, information or programs.
11. Damage of software.
Trespass.
 Trespass refers to the illegal physical entry to restricted places where computer
hardware, software & backed up data is kept.
 It can also refer to the act of accessing information illegally on a local or remote
computer over a network.
Trespass is not allowed and should be discouraged.
Hacking.
Hacking is an attempt to invade the privacy of a system, either by tapping messages
being transmitted along a public telephone line, or through breaking security codes &
passwords to gain unauthorized entry to the system data and information files in a
computer.
Reasons for hacking.
 To copy or corrupt the information.
 As a hobby to test their expertise. Some people like the challenge & they feel great
after successful hacking.
 Some do it for computer & software producing companies that want to secure their
systems by reducing weaknesses discovered after professional hacking.
Hacking is done by skilled programmers referred to as Hackers. Hacker is a person who
gains unauthorised access to a computer network for profit, criminal mischief, or personal
gain.
Such people are able to break through passwords or find weak access points in software.
They are involved in propagating computer viruses.
Tapping.
Tapping involves listening to a transmission line to gain a copy of the message being
transmitted.
Tapping may take place through the following ways:
a) A person may send an intelligent program to a host computer that sends him/her
information from the computer.
b) Spying on a networked computer using special programs that are able to intercept
messages being sent & received by the unsuspecting computer.
Cracking.
Cracking is the use of guesswork by a person trying to look for a weakness in the
security codes of a software in order to get access to data & information.
These weak access points can only be sealed using sealed using special corrective
programs called Patches, which are prepared by the manufacturing company.
A program patch is a software update that when incorporated in the current software
makes it better.
NB: Cracking is usually done by people who have some idea of passwords or user names
of the authorized staff.
Piracy.
Software, information & data are protected by copyright laws. Piracy means making
illegal copies of copyrighted software, data, or information either for personal use or for
re-sale.
Ways of reducing piracy:
i) Enact & enforce copyright laws that protect the owners of data & information
against piracy.
ii) Make software cheap enough to increase affordability.
iii) Use licenses and certificates of authenticity to identify originals.
iv) Set installation passwords that prevent illegal installation of software.
Fraud.
Fraud is the use of computers to conceal information or cheat other people with the
intention of gaining money or information.
Fraud may take the following forms:
a). Input manipulation:
Data input clerks can manipulate input transactions, e.g., they can create dummy
(ghost) employees on the Salary file or a ghost supplier on the Purchases file.
b). Production & use of fake documents:
E.g., a person created an intelligent program in the Tax department that could credit
his account with cents from all the tax payers. He ended up becoming very rich
before he was discovered.
Fraudsters can either be employees in the company or outsiders who are smart enough to
defraud unsuspecting people.
Reasons that may lead to computer fraud.
 For economic gain (i.e., to gain money or information).
 To gain respect (self-worth)
Security measures to prevent fraud:
i) Careful recruitment of staff.
ii) Set up a clear & firm management policy on crimes & frauds.
iii) Restrict access to computer room or terminal.
iv) Use transaction & fill logs to monitor access to sensitive areas of the system.
v) Monitor & investigate error logs and reports on regular basis.
vi) Carry out risk analysis to examine the exposure of the organization to possible
fraud.

Sabotage.
Sabotage is the illegal or malicious destruction of the system, data or information by
employees or other people with grudges with the aim of crippling service delivery or
causing great loss to an organization.
Sabotage is usually carried out by discontented employees or those sent by competitors to
cause harm to the organization.
The following are some acts of saboteurs which can result in great damage to the
computer centres:
 Using Magnets to mix up (mess up) codes on tapes.
 Planting of bombs.
 Cutting of communication lines.
Alteration.
Alteration is the illegal changing of stored data & information without permission with
the aim of gaining or misinforming the authorized users.
Alteration is usually done by those people who wish to hide the truth. It makes the data
irrelevant and unreliable.
Alteration may take place through the following ways:
a). Program alteration:
This is done by people with excellent programming skills. They do this out of
malice or they may liaise with others for selfish gains.
b). Alteration of data in a database:
This is normally done by authorized database users, e.g., one can adjust prices on
Invoices, increase prices on selling products, etc, and then pocket the surplus
amounts.
Security measures to prevent alteration:
i) Do not give data editing capabilities to anybody without vetting.
ii) The person altering the data may be forced to sign in order for the system to accept
altering the information.
Theft of computer time.
Employees may use the computers of an organization to do their own work, e.g., they
may produce publications for selling using the computers of the company.
Theft of data (i.e., commercial espionage).
Employees steal sensitive information or copy packages and sell them to outsiders or
competitors for profit.
This may lead to a leakage of important information, e.g., information on marketing
strategies used by the organization, research information, or medical reports.

Review Questions
1. (a) Define the term ‘Computer crime’.
(b) State and explain various types of computer crimes.
2. Differentiate between Hacking and Cracking with reference to computer crimes.
3. What is a program patch? Why are patches important?
4. Give two reasons that may lead to computer fraud.
5. How can piracy be prevented in regard to data and information.
6. What is data alteration? Explain its effects on data.
7. Explain the meaning of Tapping while dealing with computer crimes.

DETECTION & PROTECTION AGAINST COMPUTER CRIMES


The following measures can be taken to detect & prevent computer crimes, and also seal
security loopholes.
Audit trails
This is a careful study of an information system by experts in order to establish (or, find
out) all the weaknesses in the system that could lead to security threats or act as weak
access points for criminals.
An audit of the information system may seek to answer the following questions: -
1. Is the information system meeting all the design objectives as originally intended?
2. Have all the security measures been put in place to reduce the risk of computer
crimes?
3. Are the computers secured in physically restricted areas?
4. Is there backup for data & information of the system that can ensure continuity of
services even when something serious happens to the current system?
5. What real risks face the system at present or in future?
Data encryption
Data being transmitted over a network faces the dangers of being tapped, listened to, or
copied to unauthorized destinations.
To protect such data, it is mixed up into a form that only the sender & the receiver can be
able to understand by reconstructing the original message from the mix. This is called
Data encryption.
The flow diagram below shows how a message can be encrypted and decrypted to
enhance security.

Black Cyphertext Black


panther kcalB panther
rehtn Black
ap panth
Plain text er Plain text
Encryption key Decryption key
The message to be encrypted is called the Plain text document. After encryption using a
particular order (or, algorithm) called encryption key, it is sent as Cyphertext on the
network.
After the recipient receives the message, he/she decrypts it using a reverse algorithm to
the one used during encryption called decryption key to get the original plain text
document.
This means that, without the decryption key, it is not possible to reconstruct the original
message.
Log files
These are special system files that keep a record (log) of events on the use of the
computers and resources of the information system.
Each user is usually assigned a username & password or account. The information
system administrator can therefore easily track who accessed the system, when and what
they did on the system. This information can help monitor & track people who are likely
to violate system security policies.
Firewalls
A Firewall is a device or software system that filters the data & information exchanged
between different networks by enforcing the access control policy of the host network.
A firewall monitors & controls access to or from protected networks. People (remote
users) who do not have permission cannot access the network, and those within cannot
access sites outside the network restricted by firewalls.
LAWS GOVERNING PROTECTION OF INFORMATION
Laws have been developed that govern the handling of data & information in order to
ensure that there is ‘right of privacy’ for all people.
The following rules must be observed in order to keep within the law when working with
data and information.
1. Data & information should be kept secure against loss or exposure.
2. Data & information should not be kept longer than necessary.
3. Data & information should be accurate and up-to-date.
4. Data & information should be collected, used & kept for specified lawful purposes
(i.e., it should not be used for unlawful gain).
5. The owner of the data has a right to know what data is held by the person or
organization having it.
6. Data should not be transferred to other countries without the owner’s permission.
7. Do not collect irrelevant and overly too much information for a purpose.

Review Questions
1. What do the following control measures against computer crimes involve?
(i) Audit trail.
(ii) Data encryption.
(iii) Log files.
(iv) Firewalls.
2. Give four rules that must be observed to keep within the law when working with data
and information.

COMPUTER SECURITY
What is Computer security?
 Safeguarding the computer & the related equipments from the risk of damage or
fraud.
 Protection of data & information against accidental or deliberate threats which might
cause unauthorised modification, disclosure, or destruction.
A computer system can only be claimed to be secure if precautions are taken to safeguard
it against damage or threats such as accidents, errors & omissions.
The security measures to be undertaken by the organization should be able to protect:
i) Computer hardware against damage.
ii) Data, information & programs against accidental alteration or deletion.
iii) Data & information against hazards.
iv) The computer against unauthorised use.
v) Data, information & programs against piracy or unauthorised copying.
vi) Data & programs used by the computer system against illegal or unauthorised
modification.
vii) Storage media, e.g., diskettes, tapes, etc against accidental destruction.
viii) Policies of the organization.
ix) Buildings.
x) Accidental interruption of power supply or communication lines.
xi) Disclosure of confidential data or information.
xii) Ensure that both hardware & software have longer life span.

Environmental threats to computers & Information systems.

1). Fire.
Fire destroys data, information, software & hardware.
Security measures against fire:
 Use fire-proof cabinets & lockable metal boxes for floppy disks.
 Use of backups.
 Install fire fighting equipments, e.g., fire extinguishers.
 Have some detectors.
 Training of fire-fighting officers.
 Observe safety procedures, e.g., avoid smoking in the computer rooms.
 Have well placed exit signs.
 Contingency plans.
2). Water, floods & moisture.
This causes rusting of the metallic components of the computer.
Security measures against water, floods & moisture:
 Set up computer rooms on higher grounds to avoid floods & humidity.
 Avoid installing computer components in the basement.
 There should be adequate drainage system.
 Use water-proof ceilings & floors.
3). Lightening, electricity & electrical storms.
This causes power failure that can cause damage to data, which has not been
transferred to permanent storage devices.

Security measures:
 Install facilities to control power fluctuations, e.g., use of Uninterrupted power
source (UPS)
 Use power stabilizers.
 Have standby power generators/sources.
 Have lightening arresters in the building.
4). Excessive Heat or Temperature.
Excessive heat or temperature from the computer itself or from the surrounding
environment can destroy computer storage media or devices.
Security measures:
 There should be efficient ventilation system.
 Use a cooling system in the computer rooms, e.g., cooling fans & air conditioners.
5). Computer virus attack.
A virus is a rogue software program that spreads rampantly through computer
systems, destroying data or causing the system to break down.
Security measures against computer virus:
 Make backup copies of software, and store the copies off-site.
 Restrict access to programs & data on a ‘need-to-use’ basis.
 Check all programs regularly for change of size, as this could be a sign of virus
infiltration.
 Be careful with ‘Shareware’ and ‘Freeware’ programs, as they are the major entry
points for viruses.
 Make sure all purchased software is in its original sealed-disk containers.
6). Smoke and Dust.
Dust and Smoke particles settle on storage devices and may scratch them during
Read/write operation.
Security measures:
 Have dust mats or carpets to prevent entry of dust.
 Fit the computer room with special Curtains to reduce entry of dust particles.
 Cover the devices with Dust covers when cleaning the room.
 Remove shoes before entering the room to prevent dust.
7). Terrorist attack.
This includes activities such as:
 Political terrorists,
 Criminal type of activities,
 Individuals with grudges, or
 People intending to cause general destruction.
Security measures:
 Hiring of security guards to control physical access to the building housing the
computer room.
 Activities that can cause terrorism should be avoided, e.g., exploitation of workers.
 Have double door & monitoring devices.
 Use of policies.
 System auditing / use of log files.
 Use of passwords.
 Punitive measures.
 Encryption of data.
 Use of firewalls.
 Consult & co-operate with the Police and Fire authorities on potential risks.
8). People.
People threats include:
 Carelessness.
 Clumsiness.
 Accidental deletion of data, information or programs.
 Vandalism, i.e., theft or destruction of data, information or programs & hardware.
 Piracy of copyrighted data & software.
Security measures against Carelessness & Clumsiness:
 Better selection of personnel.
 Have a good office layout.
 Improve employee training and education.
 Limit access to data and computers.
 Regular backups.
 Use of Undelete & Unformat utilities.
Security measures against Vandalism:
 Should have a sensitive attitude to office behaviour.
 Tighten security measures, e.g., install alarm systems, burglar-proof
doors/windows, & roofs).
 Limit access to sensitive company information.
 Use Keyboard lock on terminals used by authorised users.
 Use of disk locks.
 Punitive measures.
9). Earthquakes.

Review Questions
1. (a) What is Computer security?
(b) Mention various threats to computer security.
2. Discuss the environmental problems affecting the operation of computers.

CAUSES OF DATA LOSS IN COMPUTERS


1. Power failure:
Momentary interruptions or fluctuations of electrical power may cause:
 Crashing of computers.
 Loss of data or information that had not been saved before the power disruption.
 Damage to computer’s secondary storage media. This may result to loss of data &
Application software stored on the media.
The main cause of power disruptions are:
 Amplitude fluctuations,
 Power line noise,
 Low voltage sages,
 High voltage surges,
 Voltage outages,
 Voltage spikes,
 Waveform distortions,
 Power frequency variations.
Precautions against data loss due to Power failure:
a) Regular saving of documents.
Frequent saving of documents ensures that minimum data is lost in case of any
power failure.
Some application packages have an AutoSave feature, which should be activated
to automatically save work after a specified time interval.
b) Use of Uninterruptible Power Supply (UPS).
To eliminate any power quality defects or fluctuation, use power correction
equipment such as a Stabilizer or Uninterruptible Power Supply (UPS). These
equipments ensure a steady flow of input power to the computer system.

2. Computer viruses:
A computer virus destroys all the data files & programs in the computer memory by
interfering with the normal processes of the operating system.
Precautions against computer viruses:
a) Anti-virus software.
Use Antivirus software to detect & remove known viruses from infected files.
Some of the commonly used Antivirus software are: Dr. Solomon’s Toolkit,
Norton Antivirus, AVG Antivirus, PC-Cillin, etc
NB: The best way to prevent virus is to have a memory-resident antivirus
software, which will detect the virus before it can affect the system. This can be
achieved by installing a GUARD program in the RAM every time the computer
boots up. Once in the RAM, the antivirus software will automatically check
diskettes inserted in the drives & warn the user immediately if a disk is found to
have a virus.
 For an antivirus to be able to detect a virus, it must know its signature. Since
virus writers keep writing new viruses with new signatures all the time, it is
recommended that you update your antivirus product regularly so as to
include the latest virus signatures in the industry.
 The Antivirus software installed in your computer should be enabled/activated
at all times.
 You should also perform virus scans of your disks on a regular basis.
 Evaluate the security procedures to ensure that the risk of future virus attack is
minimized.
Review Questions
1. Describe two ways of preventing data loss due to power outage.
2. (a) What is a Computer virus?
(b) What are Anti-viruses? Explain how they detect and remove viruses.

3. Accidental erasure:
Commands such as DELETE & FORMAT can be dangerous to the computer if used
wrongly.
Both commands wipe out the information stored on the specified secondary storage
media, e.g., formatting the Hard disk (drive C:) will destroy all the software on that
system.
Precautions against Accidental erasure:
a) Use of Undelete utilities.
Use the Undelete facilities in case you accidentally delete your files.
There are two Undelete facilities depending on the operating system you are
using.
 MS-DOS 6.0 Undelete facility:
To undelete at the DOS prompt, change to the drive & directory whose files
were deleted, then type, e.g.,
C:\>UNDELETE <directory that contain the deleted file>
A list of all deleted files will be displayed with the first letter missing. Type
in the first letter and the file will be recovered.
 Norton utilities & PC Tools:
Norton utilities & PC Tools also have an undelete facility, which is similar to
the DOS Undelete facility.
 Windows Recycle Bin:
The Recycle Bin temporarily stores all deleted files & can be used to recover
your files.
1. Double-click the Recycle Bin on the desktop.
2. Click on the files you want to undelete.
3. Click on File, choose Restore.
The Recycle Bin will restore all selected files to their original folders and
disks.

NB: If you delete a file accidentally, don’t copy any files or install any
applications to the disk that contains the deleted file. If you write anything to the
disk, you might destroy parts of the deleted file, making it unrecoverable.
b) Use of Unformat utilities.
MS-DOS 6.0 has an Unformat facility which can be used to recover information
stored on disks that have been accidentally formatted.
c) Use of Backups.
All data must be backed up periodically either on diskettes, tapes or CDs so that
in case of any accidental loss, the backed up copy can be used to recover the
data.
For small files, use the Copy command to make a copy of the data on a diskette.
For larger amounts of data, use the Backup command to copy the data to several
diskettes or to a tape drive.
Review Questions
1. Name two commands that can erase the information from a disk.
2. Define ‘Data backup’ and state its importance.
4. Crashing of hard disks:
When a hard disk crashes, the data or information on the disk cannot be accessed.
The effect is the same as formatting the hard disk.
Crashing of a hard disk can occur due to the following reasons:
i) Mishandling of the computer system, e.g.,
 Moving the system unit while the computer is on.
 Accumulation of dust.
ii) Computer virus attack.
iii) Physical damage to the System unit caused by dropping or banging when being
moved.
Precautions against crashing of Hard disks:
a) Use of Backups.
All data must be backed up regularly. In addition, all application programs &
operating system software should also be kept safely so that in case of a complete
system crash, everything can be re-installed/restored.
b) Use of Recovery tools.
System tools such as Norton Utilities, PC Tools, QAPlus, etc can be used to
revive a disk that has crashed.
Review Questions
1. List two possible causes of a hard disk crash.
5. Unauthorised access:
Unauthorised access refers to access to data & information without permission.
Computer criminals can do the following harms:
 Steal large amounts of funds belonging to various companies by transferring them
out of their computer accounts illegally.
 Steal or destroy data & information from companies, bringing their operations to a
standstill.
 Spread destruction from one computer to another using virus programs. This can
cripple the entire system of computer networks.
 Spread computer worm programs. Worm programs are less harmful in the
beginning, but render the computer almost useless in the long-run.
Precautions against Unauthorised access:
a) Restrict physical access.
Physical access to computer systems should be restricted to ensure that no
unauthorised person gets access to the system.
Some of the ways of restricting physical access include:
 Locking of doors.
 Use of personal identification cards.
 Use of fingerprint identification.
 Use of special voice-recorders. They analyse the voice of a trespasser &
checks against the database containing the voice patterns of valid users.
b) Password protection.
Install a password to restrict access to the computer system.
A Password is a secret code that can be used to prevent unauthorised access of
data in a computer.
Passwords can be put in at various levels:
 At the point of switching on the computer – to restrict access to the computer.
 On folders/directories – to restrict access to entire folders/directories.
 On files – to restrict access to individual files within a directory.
 On database systems – to restrict access to individual data elements.
When a valid password is entered, the user gets access to the computer system.
Usually, the user is allowed three (3) attempts to get the password correct. If an
invalid password is entered, access is denied after the 3 attempts.
Some computer security systems may generate an alarm if someone tries to use a
fake password.
NB: You should never use passwords that can easily be linked to you, e.g., your
name, birth date, or names of people close to you.
Review Questions
1. State and discuss four causes of data loss in a computer system.
2. (a) Discuss two methods used to restrict unauthorised access to computer systems.
(b) What is a Password? Give its main importance.

You might also like