Digital Thinking and Innovation

CT109-3-1

Digital Security
 Introduction

This topic introduces digital security

and the preventive methods

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 2

 Learning Outcomes of the Lecture

At the end of this section you will be able to:

• Define digital security risks and types of Malware
• Describe types of Internet and network attacks and
explain ways to safeguard against these attacks
• Describe digital signatures and digital certificates

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 3

 Content

• Types of Digital Security Risks

• Computer Crime, Cybercrime
• Malware
• System Failure
• Digital Signature

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 4

 Key Terms

• Digital Security Risks

• Computer Crime, Cybercrime
• Malware
• System Failure
• Digital Signature

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 5

 Mind Map

System Failure

Digital Digital Types of Digital

Signature Security Security Risks

Malware
CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 6
 Learning Outcomes of the Lecture

At the end of this section you will be able to:

• Define digital security risks and types of Malware
• Describe types of Internet and network attacks and
explain ways to safeguard against these attacks
• Describe digital signatures and digital certificates

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 7

 Digital Security Risk
• Digital Security Risk - an event that could cause
loss of or damage to a computer or mobile device
hardware, software, data, information or
processing capability
• Computer Crime - any illegal act involving the use
of a computer or related devices
• Cybercrime – online or Internet-based illegal act
• Information transmitted over
networks has a higher
degree of security risk than
information kept in
organizations
CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 8
 Malicious Software (Malware)

Virus is a Worm Trojan Payload

copies Horse hides (destructive
potentially itself
damaging within event) that is
repeatedly, or looks like delivered
computer using up
legitimate when
program resources
and program you open file,
possibly until run infected
Can spread triggered program or
shutting Does not
and damage down replicate boot computer
files computer itself on with infected
or network other disk
computers
CT109-3-1 Digital Thinking and Innovation Digital Security
in disk drive
SLIDE 9
 Learning Outcomes of the Lecture

At the end of this section you will be able to:

• Define digital security risks and types of Malware
• Describe types of Internet and network attacks and
explain ways to safeguard against these attacks
• Describe digital signatures and digital certificates

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 10

 Internet and Network Attacks
Type Description
A program that displays an online advertisement in a banner, pop-up window, or
Adware
pop-under window on webpages, email messages, or other Internet services.
A program that blocks or limits access to a computer, phone, or file until the user
Ransomware
pays a specified amount of money.
A program that hides in a computer or mobile device and allows someone from a
Rootkit
remote location to take full control of the computer or device.

A program placed on a computer or mobile device without the user’s knowledge that
secretly collects information about the user and then communicates the information
Spyware
it collects to
some outside source while the user is online.

Trojan A program that hides within or looks like a legitimate program. Unlike a virus or
Horse worm, a trojan horse does not replicate itself to other computers or devices.

A potentially damaging program that affects, or infects, a computer or mobile device

Virus negatively by altering the way the computer or device works without the user’s
knowledge or permission.

A program that copies itself repeatedly, for example in memory or on a network,

Worm
using up resources and possibly shutting down the computer, device, or network.
CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 11
 Internet and Network Attacks

1. Botnet - group of compromised computers or mobile

devices connected to a network
2. Zombie PC - compromised computer or device
3. Denial of service attack (DoS) - disrupts computer
access to an Internet service
4. Distributed DoS attack (DDoS attack) – larger
scale of a DoS
5. Backdoor - program or set of instructions in a
program that allow users to bypass security controls

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 12

 Internet and Network Attacks
Also called DoS attack
An assault to disrupt computer
access to the Internet e.g. Web
or email
Distributed DoS (DDoS) attack
is more devastating, extensive in
which multiple computers
attack multiple networks.
Websites that have been
affected: Yahoo! eBay,
Amazon.com, CNN.com
p. 587
CT109-3-1 Digital Thinking and Innovation
Hacker uses unsuspecting
computer, called zombie, to send
an influx of confusing data
messages to execute attack on
other systems
Computer Emergency
Response Team Coordination
Center (CERT/CC) assists
with DDoS attacks
Digital Security SLIDE 13
 Attack with Virus
Step 1. Unscrupulous
programmers create a virus Step 2. They use the
program. They hide the Internet to send the e-
virus in a Word document mail message to
and attach the Word thousands of users
document to an e-mail around the world.
message.

Step 3a. Some Step 3b. Users who do not

users open the recognize the name of the
attachment and sender of the e-mail
message do not open the
their computers
e-mail message. Instead
become infected they delete the e-mail
with the virus. message. These users’
computers are not infected
with the virus.
CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 14
 Macro Virus
• Macro virus – malicious code written in word programs
• Protection -

1. Set macro security level in applications that allow

you to write macros
2. At medium security level warning
displays that a document
contains macro
• Macros - instructions saved in an
application, such as word
processing or spreadsheet
program
CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 15
15
 Antivirus

• Antivirus software was originally developed to

detect and remove computer viruses
• Also protects against worms and Trojan horses

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 16

 Virus Signature
• Specific pattern of virus
code
• The binary pattern of the
machine code of a particular
virus
• Also called virus definition
• Antivirus programs look for
virus signatures to identify
the presence of a virus

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 17

 How Antivirus Inoculates

Uses information to detect if

virus has tampered any files

Records information about the

files such as file size and
creation

Attempts to remove any detected

virus

Quarantines infected files that it cannot

remove

Keeps files in separate

area of hard disk
CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 18
 Preventive Measures
1. Never start a
computer with a 1. Install an antivirus
removable media. program on all of Never open
2. Set the macro your computers e-mail
security in 2. Set the macro attachment
programs so you security to enable or unless it is from
can enable or disable macros
disable macros a trusted
If the antivirus source
program flags Check all
an downloaded
e-mail attachment programs for 1.Install a
viruses, worms, personal
as infected, delete firewall program
or Trojan 2. Scan all
the attachment horses removable media
immediately
CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 19
 System Failure

Prolonged malfunction Can cause loss of hardware,

of computer software or data

Caused by aging hardware,

natural disasters, or electrical
power disturbances
Noise—unwanted Overvoltage or
electrical signal power surge—
Undervoltage—drop significant increase
in electrical supply in electrical power

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 20

 Surge Protector

• Protects computer and equipment from

electrical power disturbances
• Uninterruptible power supply (UPS) - surge
protector that provides power during power
loss

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 21

 Learning Outcomes of the Lecture

At the end of this section you will be able to:

• Define digital security risks and types of Malware
• Describe types of Internet and network attacks and
explain ways to safeguard against these attacks
• Describe digital signatures and digital certificates

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 22

 Digital Signature

• Digital Signature – encrypted code that a software

attaches to an electronic message to verify the identity of
the message sender

Secure site
is Web site that uses encryption to
Many Web secure data
browsers
use encryption Digital certificate is notice that
guarantees a user or website is
legitimate
CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 23
 Certificate Authority (CA)

• Authorized company issues and verifies digital

certificates
• Users apply for digital certificate from CA
• Stores info such as user’s name, issuing CA’s
name/signature, serial number of the certificate
• Digital certificate is encrypted

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 24

 Secure Socket Layer (SSL)

• Provides encryption of all data that passes between

client and Internet server Web addresses beginning
with “https” indicate secure connections
• Provides encryption and requires the client to have
a digital cert. Prevents illegal tampering of data

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 25

 Backup

Backup – to duplicate file, program or disk

Selective
Selective
Full
Full Backup
Backup
backup
Backup
Backup
backupALL ALLfiles
files select
in select which
which files
files
in the
the computer
computer to
to back
back up
up

In case of system failure or corrupted files,

restore files by copying to original location

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 26

 Disaster Recovery Plan

• What is a disaster recovery plan?

1. Disaster Recovery Plan - written plan for restoring

computer operations in the event of a disaster
2. Emergency Plan - steps to be taken immediately
after disaster
3. Backup Plan - how backup files and equipment would
be used to resume information processing
4. Recovery Plan - actions to be taken to restore full
information processing operations
5. Test Plan - simulates various levels of disasters and
records the ability to recover
CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 27
 Summary

• Digital security risks and types of Malware

• Types of Internet and network attacks and
explain ways to safeguard against these
attacks
• Digital Signature and Digital Certificate
• Backup

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 28

 Review Questions

1. Explain digital security risks and types of

Malware
2. Describe the types of Internet and network
attacks and explain ways to safeguard against
these attacks
3. Explain Digital signature and Digital certificate

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 29

 Questions and Answer

Q&A

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 30

 Next Lecture

Digital Ethics

CT109-3-1 Digital Thinking and Innovation Digital Security SLIDE 31