College of Computing and Informatics

CS001: Computer Essentials

Computer Essentials

Module 13

Computer Security
 1. Wireless Network Authentication

2. Summarize the danger of sharing personal information

on the Internet.

3. Explain how cookies and global unique identifiers

endanger privacy.

4. Security Threats Posed by Computer Criminals

5. Explain cybercrime and its technique.

6. Spoofing & Sniffing

Contents 7. Discuss different types of malwares.

8. Malicious Programs
 1. WLOC1: Summarize the danger of sharing
personal information on the Internet

2. WLOC2: Explain how cookies and global unique

identifiers endanger privacy.

3. WLOC3: Explain cybercrime and its technique.

4. WLOC4: Discuss different types of malwares.

5. WLOC5: How to avoid cybercrime.

Weekly Learning
Outcomes
Required Reading
1. Chapter 32 - (Introduction to Computers and Information
Technology: Preparing for IC3 Certification)

Recommended Reading
1. Chapter 15- Essential for Computing Studies, Profession And Entrance
Examinations
2. Link1:
https://lms.seu.edu.sa/bbcswebdav/pid-11200106-dt-content-rid-19926
0556_1/xid-199260556_1
• Cyber Security
 Cyber Security
Cyber security is an essential aspect of
our digital lives, requiring continuous
C effort from individuals, organizations, and
S
governments to protect against a wide
0
0 range of cyber threats.
1

8
Restricted - ‫مقيد‬
 Definition of cyber security

Cyber security:

is the practice of protecting computers,

servers,
mobile devices, electronic systems, networks, and

data from malicious attacks, damage, or

C
S
unauthorized access. It encompasses a range of
0
0
techniques and processes designed to safeguard the
1
integrity, confidentiality, and availability of

information and systems that process or store it.

9
Restricted - ‫مقيد‬
 CIA Triad

In cyber security, the term "CIA" refers to the CIA Triad, a widely-accepted

model designed to guide policies for information security within an

organization. The three elements of the CIA Triad are:

C Cyber Security
S
0
0 Confidentiality
1

CIA
Integrity Availability

10
Restricted - ‫مقيد‬
 CIA Triad

Confidentiality: This aspect of the triad seeks

to prevent sensitive information from

reaching the wrong people, while making

sure that the right people can in fact get it.

This involves encryption, two-factor

authentication, and other methods to ensure

that only authorized individuals have access

to the information. It's about keeping data

private and secure.

Restricted - ‫مقيد‬
 CIA Triad

To safeguard confidentiality, organizations use encryption.

Definition: Encryption

is the process

especially oftoconverting
prevent unauthorized access. This or
information
C Cyber Security
S involves using
data an algorithm
into ato transform
code,plain
0
0 text into an unreadable format known as
1
ciphertext. Encryption typically uses keys, which

are secret codes or algorithms used to encrypt

and decrypt the data.

12
Restricted - ‫مقيد‬
 CIA Triad

Types of Encryption:

1.Symmetric Encryption: Uses the same key for both encryption

and decryption. It's fast and efficient for large amounts of data but requires

secure
key management since the same key must be shared among users.
C Cyber Security
S
Encryption
0
0
1 Decryption

same key
13
Restricted - ‫مقيد‬
 CIA Triad

Types of Encryption:

2.Asymmetric Encryption: Utilizes a pair of keys – a public key and a private

key. The public key is shared openly, while the private key is kept secret.

C Cyber Security
Encryption Decryption
S
0
0
1

Public Private

14
Restricted - ‫مقيد‬
 CIA Triad

Integrity: data should not be altered in transit, and steps should be taken to

ensure that data cannot be altered by unauthorized people (for instance,

through access controls or version control). It's crucial for operations that rely

on accurate and reliable data, like financial services.

C Cyber Security
S
0
0
1 The data was not modified

during the sending process

15
Restricted - ‫مقيد‬
 CIA Triad

To maintain integrity, implement Hashing.

Definition: Hashing is the process of converting data (of any size) into a fixed-

size value or a hash code using a mathematical function, known as a hash

function. This hash code acts as a digital fingerprint of the data.

C Cyber Security
S
Unique Output: Ideally, each unique input will produce a unique hash. Even a
0
0
small change in the input data will result in a significantly different hash value.
1

Plain Text Hash Function Hash value

16
Restricted - ‫مقيد‬
 CIA Triad

Availability: This refers to ensuring that

information is readily available to authorized

users when needed. Measures to ensure

availability
include hardware maintenance,
C Cyber Security
S
software patching/updating, and network
0
0
optimization. Also, in the event of an issue such
1
as a power outage or hardware failure, there

should be a plan in place for recovery to restore

information and systems.

17
Restricted - ‫مقيد‬
 CIA Triad

To ensure availability, organizations rely on backup systems.

Definition: Backup creates redundant copies of

data, ensuring that if the primary data source

C Cyber
becomes Security
unavailable (due to issues like hardware
S
0 failure, software corruption, or cyber-attacks),
0
1 there is an alternative source from which the data

can be retrieved. Implementing a schedule for

regular backups (daily, weekly, monthly) to

minimize data loss.

18
Restricted - ‫مقيد‬
 Types of Cyber Threats - Malware

Malware, short for "malicious software," refers to any software intentionally

designed to cause damage to a computer, server, client, or computer network.

It is a broad term that encompasses various types of threats on the cyber

landscape. Understanding different types of malware is essential in developing

C Cyber Security
S
effective strategies to protect against them. Here's an overview:
0
0 Types of Malware
1
• Virus: A malicious code that attaches itself to

clean files and spreads throughout a computer

system, infecting files with malicious code.

19
Restricted - ‫مقيد‬
 Types of Cyber Threats - Malware

Types of Malware

• Trojan Horse: is hidden in legitimate software. It tends

to creates backdoors in your security to let other

malware in.
C Cyber Security
S
• Worm: A type of malware that spreads copies of itself
0
0
from computer to computer. A worm can replicate
1
itself without any human interaction and does not

need to attach itself to a software program to cause

damage.
20
Restricted - ‫مقيد‬
 Types of Cyber Threats - Malware

Types of Malware

• Ransomware: Designed to encrypt a user’s files

and demand payment in exchange for the key to decrypt

them.
C Cyber Security
S • Spyware: A program that secretly records what a user
0
0
does, so that cybercriminals can make use of
1
this
card details.
information. For example, spyware could capture credit
• Keyloggers: Record the keys struck on a keyboard to steal

passwords or other sensitive information.

21
Restricted - ‫مقيد‬
 Types of Cyber Threats - Malware

How Malware Spreads

• Email Attachments: Malware can be hidden in email attachments.

• Infected Software: Downloading cracked software can lead to malware

infections.
C Cyber Security
S
• Malicious Websites: Visiting malicious websites can result in malware being
0
0
downloaded and installed without the user’s knowledge.
1
• Removable Drives: USB and other removable drives can be infected and

spread malware when connected to different computers.

22
Restricted - ‫مقيد‬
 Types of Cyber Threats - Spoofing
Spoofing The attacker’s computer assumes a false Internet address in order to gain
access to a network. This type of attack used by people who do not have a legitimate
username or password to the network where the data resides. The attacker waits for a
legitimate user to log in, and then hijacks that user’s IP address and takes over.

C Cyber Security
S
0
0
1

23
Restricted - ‫مقيد‬
 Types of Cyber Threats - Sniffing
Sniffing is the capability to capture copies of data packets as they travel across
the network and decode their content. Figure below shows an extract from a
sniffing program called Wireshark. The snapshot identifies the address of the
website that the user is visiting (Google.co.uk), the operating system
(Windows), and the browser (in this case, Firefox).
C Cyber Security
S
0
0
1

24
Restricted - ‫مقيد‬
 Types of Cyber Threats - Phising

Phishing is a type of cyber attack that involves tricking individuals into

sensitive information, such as login credentials, credit card numbers, and

other personal or financial information. It's one of the most common and

effective types of cyber threats.

C Cyber Security
S Types of Phishing Attacks
0
0 • General Phishing: Generic emails sent
1
to many people, hoping for a few

responses.

25
Restricted - ‫مقيد‬
 Types of Cyber Threats - Phishing

Types of Phishing Attacks

• Spear Phishing: attacks aimed at specific

Targeted
individuals or organizations. These are often well-

researched and seem more legitimate.

C Cyber Security
S
• Whaling: A form of spear phishing targeting high-profile
0
0
individuals like senior executives.
1
• Pharming: Redirecting users from legitimate websites to

fraud ones for the purpose of extracting

confidential data.
26
Restricted - ‫مقيد‬
 Types of Cyber Threats - Phishing

Considerations to identify Phishing

Phishing emails are getting more sophisticated and harder to recognize, but here are
some considerations that will help you identify them:

• Do you actually have an account with that bank or company? If not, it’s reasonable to
assume the message is an attempt at phishing.
C Cyber Security
• Check the source of the email. Does the email address match the organization’s standard
S
0 email address? Check not only the address that appears as text in the message, but also
0 the address that appears as a ScreenTip when you point the mouse
1 at it.

• If you hover over the link to the company website with your mouse, it shows you the
true URL. Is the address correct?

27
Restricted - ‫مقيد‬
 Cyber of Cyber Threats - Phishing
Types
Security
Considerations to identify Phishing
• Are there grammar and spelling mistakes? Does the message appear in the language
you would expect? Even if the body text is in the expected language, are there
buttons or other details with text from another language? These are all indications of
a possible attempt at phishing.
• Notice that the email is from [email protected]. The address
doesn’t end in @apple.com.
C
S
0
0
1

28
Restricted - ‫مقيد‬
An example of a phishing email.
 Cyber
Types of Cyber Threats - Phishing
Security
Considerations to identify Fake credentials screen.
you would see the screen below that appears to be the Apple login
screen, as result of clicking suspected embedded links. The page may look
authentic, but the URL indicates that it is not the official Apple website.
The presence of the padlock icon is no guarantee that the page is truly
secure.

C
S
0
0
1

29
Restricted - ‫مقيد‬
Fake credentials screen.
 Types of Cyber Threats – Phishing email

Considerations to identify Email Phishing

• Remember that real companies and banks never ask for personal
information
• Legitimate banks and other companies will never send an email asking you to submit
C Cyberpersonal
sensitive Security
information online.
S
• Never click on the links in suspected emails.
0
0 • As a good Internet citizen, you should report the emails to the bank or other company
1
to make them aware of the phishing attempts.
• Recipients of phishing email should delete them without opening them. If they do
open the mail by mistack, they should not click on the embedded link.

30
Restricted - ‫مقيد‬
 Types of Cyber Threats - Malware

Prevention and Mitigation

• Antivirus Software: Use antivirus software and keep it updated.

• Software Updates: update all software, including operating systems and

applications.
C Cyber Security
S
• Email Caution: Be with email attachments and links from
0
cautious
0
1
unknown or untrusted sources.
• Backups: Regularly backup important data to recover in case of a malware

infection.

31
Restricted - ‫مقيد‬
 Types of Cyber Threats - Phishing

Prevention and Protection Strategies

• Education and Awareness: Training users to recognize and report phishing

attempts.

• Use of Spam Filters: Implementing email filtering solutions to

C Cyber
catch
Security
S
potential phishing emails.
0
0
• Regular Updates and Security Measures: Keeping systems and software
1
up-to-date with security patches.

• Two-Factor Authentication (2FA): Using 2FA can prevent unauthorized

access, even if login details are compromised.

32
Restricted - ‫مقيد‬
 Best practices in cyber security

Adopting best practices in cyber security is essential for both individuals and

organizations to protect against a wide array of cyber threats. Here's a

comprehensive list of best practices:

1. Use Strong, Unique Passwords

• Avoid common words and simple phrases.

• Use a mix of letters (both and lowercase), numbers, and

uppercase
symbols.

• Consider using a passphrase or a password manager to generate and store

complex passwords.

Restricted - ‫مقيد‬
 Best practices in cyber security

2. Implement Multi-Factor Authentication (MFA)

• Use additional verification methods beyond just passwords,

like OTPs (One-Time Passwords), biometric verification, or

security tokens.
C Cyber Security
S
3. Regular Software Updates and Patch Management
0
0
• Keep all software, including operating systems
1
and

applications, up-to-date with the latest security patches.

• Automate updates where possible to ensure
timely

application.
34
Restricted - ‫مقيد‬
 Best practices in cyber security

4. Use Antivirus and Anti-Malware Solutions

• Install reputable antivirus and anti-malware programs.

• Keep these programs updated and run regular scans.

5. Regular Backups
C Cyber Security
S
• Backup important data regularly.
0
0
• Use multiple methods, such as cloud storage
1
and
external hard drives.

• Ensure backups are secure and easily recoverable.

35
Restricted - ‫مقيد‬
 Reference
s
• Weixel, S., (2018). Introduction to Computers and Information
Technology. Pearson.
• Wepmen, F. (2014). Computing Fundamentals. (IC3 EDITION). Wiley
Thank You