COMPUTER SECURITY

•Security as a condition is the degree of resistance to,

or protection from, harm. It applies to any vulnerable
and valuable asset, such as a person, dwelling,
community, nation, or organization.
Establishing or maintaining a sufficient degree of
security is the aim of the work, structures, and
processes called "security.“

•Computer security - is defined as the art

or science of protecting computer resources
from unauthorized access, use or alteration.
April 28, 2025 ABMI 1121: ICT Concepts 1
 Aspects of Computer Security
1. Computer security rests on confidentiality, integrity, and
availability. The interpretations of these three aspects vary, as do
the contexts in which they arise
- Confidentiality is the concealment of information or
resources. The need for keeping information secret arises from
the use of computers in sensitive fields such as government
and industry. Access control mechanisms support
confidentiality. Resource hiding is another important aspect of
confidentiality.
- Integrity refers to the trustworthiness of data or resources,
and it is usually phrased in terms of preventing improper or
unauthorized change. Integrity includes data integrity (the
content of the information) and origin integrity (the source of
the data, often called authentication).

April 28, 2025 ABMI 1121: ICT Concepts 2

 Aspects of Computer Security
Prevention mechanisms seek to maintain the
integrity of the data by blocking any unauthorized
attempts to change the data or any attempts to
change the data in unauthorized ways .

Availability refers to the ability to use the

information or resource desired. Availability is
an important aspect of reliability as well as of
system design because an unavailable system
is at least as bad as no system at all

April 28, 2025 ABMI 1121: ICT Concepts 3

 Types of Threats…2
1. Human Intrusion
Attackers looking to perform some sort of
damage or obtain useful information
2. “”Natural” Disasters*
 Fire
 Flood
 Earthquake/Seismic Vibrations
 Power Outages/Fluctuations

April 28, 2025 ABMI 1121: ICT Concepts 4

 The threats to computers and
communications systems…can be
summarized as ….
⁻ Errors and Accidents
⁻ Natural and Other Hazards
⁻ Crimes Against Information
Technology
⁻ Crimes Using Information
Technology
⁻ Virus

April 28, 2025 ABMI 1121: ICT Concepts 5

 Errors and Accidents

In general, errors and accidents in

computer systems may be classified
as
People Errors,
 Procedural Errors,
Software Errors,
 Electromechanical Problems,
and “Dirty Data” problems….
April 28, 2025 ABMI 1121: ICT Concepts 6
Procedural Errors

Some spectacular computer

failures have occurred because
someone didn’t follow
procedures..

April 28, 2025 ABMI 1121: ICT Concepts 7

Software Errors

We are forever hearing about

“Software Glitches” or software
bugs. A Software Bug is an
error in a program that causes it
to malfunction..

April 28, 2025 ABMI 1121: ICT Concepts 8

Electromechanical Problems

Absence of Electricity or
power failure causing the
system not to work ..

April 28, 2025 ABMI 1121: ICT Concepts 9

Dirty Data

Is Data that is incomplete,

outdated or otherwise
inaccurate that causes errors
in the computer system..

April 28, 2025 ABMI 1121: ICT Concepts 10

Natural Hazards
What ever is harmful to property
and to people, is harmful to computers
and communication system. This
certainly includes natural disasters…
………Natural Hazards can disable all the
electronic systems we take for granted…

-Civil Strife and Terrorism ??

e.g strikes & looting etc
April 28, 2025 ABMI 1121: ICT Concepts 11
 Crimes Against
Computers and
Communications
Information-technology Crime
can be of two types:
1. Illegal act perpetrated against
computers or telecommunications..

2. Use of computers or
telecommunications to accomplish
an illegal act..

April 28, 2025 ABMI 1121: ICT Concepts 12

Crimes against information
technology include theft….

1. Theft of Hardware
2. Theft of Software
3. Theft of Time and Services
4. Theft of Information
5. Theft of personal Identity

April 28, 2025 ABMI 1121: ICT Concepts 13

Crimes Using Computers and
Communications……

Computers and communications

or information technology has also
been used to solve crimes….
……..Just as a car can be used to
assist in a crime, so can a computer
or communication system..

April 28, 2025 ABMI 1121: ICT Concepts 14

Viruses
Viruses are a form of high-tech
maliciousness.
A computer virus is a program that is
loaded onto your computer without your
knowledge and runs against your wishes
Computer Viruses, therefore are are
“Deviant” programs that can cause
destruction to computers that “contract
“ them…

April 28, 2025 ABMI 1121: ICT Concepts 15

They are passed in two
ways…….

1.Via an Infected FlashDisk

2.Via a Network
3.-Downloading stuff from the
internet?

April 28, 2025 ABMI 1121: ICT Concepts 16

Some common forms of
Viruses…
Boot-sector Virus
File Virus
Worm
Logic Bomb
Trojan Horse
Polymorphic Virus
Virus Mutation Engines

April 28, 2025 ABMI 1121: ICT Concepts 17

Viruses….
Trojan horse- is a program with an overt
(documented or known) effect and a covert
(undocumented or unexpected) effect.
A polymorphic virus is a virus that changes its form
each time it inserts itself into another program.
A boot sector infector is a virus that inserts itself into
the boot sector of a disk.
A worm is a standalone malicious program which uses
computer or network resources to make complete
copies of itself. May include code or other malware to
damage both the system and the network.
Logic Bombs-Some malicious logic triggers on an
external event, such as a user logging in or the
arrival of midnight, Friday the 13th.

April 28, 2025 ABMI 1121: ICT Concepts 18

Symptoms of an infected
computer
Operating system runs much slower than usual
Available memory is less than expected
Files become corrupted
Screen displays unusual message or image
Music or unusual sound plays randomly
Existing programs and files disappear
Programs or files do not work properly
Unknown programs or files mysteriously appear
System properties change
Operating system does not start up
Operating system shuts down unexpectedly

April 28, 2025 ABMI 1121: ICT Concepts 19

 Computer
Criminals

April 28, 2025 ABMI 1121: ICT Concepts 20

What kind of people perpetrate
most of the Information
Technology crimes???

Employees
Outside Users
Hackers
Crackers
Professional Criminals
April 28, 2025 ABMI 1121: ICT Concepts 21
 TYPES OF SECURITY AND CONTROL

PHYSICAL SECURITY
Physical (Environmental) Security addresses the
threats, vulnerabilities, and involves
countermeasures that can be utilized to physically
protect an enterprise’s resources and sensitive
information. These resources include people, the
facility in which they work, and the data, equipment,
support systems, media, and supplies they utilize.
Threats to physical security include:
 Interruption of services

 Theft

 Physical damage

 Unauthorized disclosure

 Loss of system integrity

April 28, 2025 ABMI 1121: ICT Concepts 22

 TYPES OF SECURITY AND CONTROL

•Data Security- means protecting a

database from destructive forces and the
unwanted actions of unauthorized users
•Data security controls prevent unauthorised
access, change or destruction of data...when
the data is in use or being stored
•...Involves
Physical access to terminals
Password protection
Data level access controls

April 28, 2025 ABMI 1121: ICT Concepts 23

 SOFTWARE SECURITY
•Software security is an idea implemented to protect
software against malicious attacks and other hacker risks so
that the software continues to function correctly under such
potential risks. Security is necessary to provide integrity,
authentication and availability of a system.
•causes of these security problems (i.e. in
software )
1.bad software
Software bugs are a leading cause of security
vulnerabilities, web-application software, ...
solution: patching?
2.gullible & ignorant users
too easy to just blame users: if they are
gullible and stupid, they should be protected
solution : user education?
Confidentiality is the concealment of information or resources.
The need for keeping information secret arises from the use of
computers in sensitive fields; Integrity refers to the
trustworthiness of data or resources, and it is usually phrased
April 28, 2025 ABMI 1121: ICT Concepts
in terms of preventing improper or unauthorized change; 24
The “How-Tos” of Protection
Guarding the Outer Perimeter*
 Disguise
 Out of sight, out of mind
 If disguising is not possible
 High fences
 Barbed wire
 Round-the-clock security guard
 Security Cameras
 Motion Sensors

April 28, 2025 ABMI 1121: ICT Concepts 25

 The Workstations
 Workstations should ALWAYS be logged off or locked
out whenever unattended
 Screens positioned such that they cannot be seen
through the windows
 Hackers with telescopes to record keystrokes
 Workstations should be secured and physically locked
while unattended
 Steel cable that runs through the computer case and attaches to
an “anchor” to prevent the tower from being removed

April 28, 2025 ABMI 1121: ICT Concepts 26

 Safeguarding the Computer Rooms
 Keep the doors locked
 Tuck networking cables out of sight
 Keep networking cables inaccessible from outside room
 Secure items in the room according to value
 Intrusion detection systems
 Ensure walls extend to the physical ceiling versus ceiling panels
 Attackers can gain access to the room via scaling the wall
 Access Control Methods
 Biometrics
 Key Card access w/ PIN #s
 Security Guard presence at all times
 Watchdogs if the assets merit
 Security Cameras

April 28, 2025 ABMI 1121: ICT Concepts 27

 Control the flow of people in the building
 Employee and visitor badges
 Access restrictions to visitors and maintenance
 Any unscheduled drop-offs or deliveries should
be verified with vendors
 You don’t want the wrong people getting in

April 28, 2025 ABMI 1121: ICT Concepts 28

Physical Protection from “Natural” Disasters

Physical security is more than "guns, gates

and guards"

Risk Assessment
 Proper security solutions require a proper threat
assessment

April 28, 2025 ABMI 1121: ICT Concepts 29

Security Mechanisms
Fire*
Extinguishers
 Fire Detectors/Alarms

Flood/Water
 Locate sensitive equipment on the second story or above
 Don’t allow water pipes to run through or around computer room
Earthquake/Seismic Vibrations
 Airports, railroads, major thoroughfares, industrial tools, and road construction
are common sources of vibration
 Common solutions involve supporting the foundation of computers with
springs, gel-filled mats, or rubber pads.
 THE most effective solution:
 Don’t position your data center near a source of seismic vibrations

April 28, 2025 ABMI 1121: ICT Concepts 30

 Power Outages/Fluctuations
 UPS
 Large solutions available to large power consumption
 Generator
 When UPS just isn’t enough
 Extreme Temperature/Humidity
 Control must be maintained over the environment
 Larger computers run hotter and thus more susceptible to heat
in the room
 Humidity problems with moisture developing on the inside of
the machine
 Redundant HVAC unit (Heating, Ventilation, and Air
Conditioning) that can handle temperature and humidity control
of the computer room, sheltered from the weather

April 28, 2025 ABMI 1121: ICT Concepts 31

Antivirus Software
 Anti-virus software is a program or set of
programs that are designed to prevent,
search for, detect, and remove software
viruses, and other malicious software like
worms, trojans, adware etc from your
computer
 Scans a computer’s hard disk, diskettes,
and main memory to detect viruses,
and sometimes, to destroy them…..

April 28, 2025 ABMI 1121: ICT Concepts 32

Malware and Viruses Prevention
Users can take several precautions to protect their home and
work computers and mobile devices from these malicious
infections

April 28, 2025 ABMI 1121: ICT Concepts 33

 DATA AND INFORMATION SECURITY

April 28, 2025 ABMI 1121: ICT Concepts 34

Hazards to information
security
Unauthorized access resulting in a loss of computing time
Unauthorized disclosure – information revealed without
authorization
Destruction especially with respect to hardware and software
Denial of Service(DOS)-Resulting from Interference with
system operation.
Cybercrime -: hackers, Crackers, script kiddies,
Cyberterrorism, Corporate Spies
Internet and Network Attacks:- Computer Virus, Worm,
Trojan Horse, Rootkit(A rootkit is a stealthy type of software,
typically malicious, designed to hide the existence of certain processes or
programs from normal methods of detection and enable continued
privileged access to a computer)

April 28, 2025 ABMI 1121: ICT Concepts 35

Prevention Against Intrusion
Using a firewall. A firewall is hardware and/or
software that protects a network’s resources
from intrusion
Intrusion detection software
 Analyzes all network traffic
 Assesses system vulnerabilities
 Identifies any unauthorized intrusions
 Notifies network administrators of suspicious behavior
patterns or security breaches
Unauthorized access and use control
– Acceptable use policy
– Disable file and printer sharing
– Firewalls
– Intrusion detection software

April 28, 2025 ABMI 1121: ICT Concepts 36

Unauthorized Access and Use Control
Access controls define who can access a computer, when they can
access it, and what actions they can take
Two-phase processes called identification and
authentication
 User name
 Password
Use of possessed object. A possessed object is any item
that you must carry to gain access to a computer or
computer facility
 Often are used in combination with a personal identification
number (PIN)
 A biometric device authenticates a person’s identity by
translating a personal characteristic into a digital code that is
compared with a digital code in a computer
NB: Identification is the means by which a user provides a claimed identity to
the computer system.
Authentication is the means of establishing the validity of this claim.

April 28, 2025 ABMI 1121: ICT Concepts 37

 Encryption is a process of converting
readable data into unreadable characters to
prevent unauthorized access
A digital signature is an encrypted code that
a person, Web site, or organization attaches to
an electronic message to verify the identity of
the sender
 Often used to ensure that an impostor is not

participating in an Internet transaction

Web browsers and Web sites use encryption
techniques

April 28, 2025 ABMI 1121: ICT Concepts 38

 A backup is a duplicate of a file,
program, or disk that can be used
if the original is lost, damaged, or
destroyed
 To back up a file means to make a
copy of it
Offsite backups are stored in a
location separate from the
computer site

April 28, 2025 ABMI 1121: ICT Concepts 39