Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 1 This material was developed by Oregon Health & Science University,

Slides:



Advertisements
Similar presentations
Let’s Talk About Cyber Security
Advertisements

Thank you to IT Training at Indiana University Computer Malware.
POSSIBLE THREATS TO DATA
Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Computer Viruses.
Security, Privacy, and Ethics Online Computer Crimes.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
Malicious Attacks. Introduction Commonly referred to as: malicious software/ “malware”, computer viruses Designed to enter computers without the owner’s.
What Are Malicious Attacks? Malicious Attacks are any intentional attempts that can compromise the state of your computer. Including but not limited to:
S EC (4.5): S ECURITY 1. F ORMS OF ATTACK There are numerous way that a computer system and its contents can be attacked via network connections. Many.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
INTERNET THREATS AND HOW TO PROTECT YOUR COMPUTER -BRIAN ARENDT.
FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
Quiz Review.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Chapter Nine Maintaining a Computer Part III: Malware.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
Introduction to Information and Computer Science Internet and the World Wide Web Lecture c This material (Comp4_Unit2c) was developed by Oregon Health.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web.
Securing Windows 7 Lesson 10. Objectives Understand authentication and authorization Configure password policies Secure Windows 7 using the Action Center.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
Detrick Robinson & Amris Treadwell.  Computer viruses- are pieces of programs that are purposely made up to infect your computer.  Examples: › Internet.
Safe Computing. Computer Maintenance  Back up, Back up, Back up  External Hard Drive  CDs or DVDs  Disk Defragmenter  Reallocates files so they use.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
Introduction to Information and Computer Science Security Lecture a This material (Comp4_Unit8a) was developed by Oregon Health and Science University,
Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.
IT security By Tilly Gerlack.
COMPREHENSIVE Windows Tutorial 5 Protecting Your Computer.
 a crime committed on a computer network, esp. the Internet.
ED 505 Educational Technology By James Moore.  What is the definition of Netiquette and how does it apply to social media sites? ◦ Netiquette is the.
IT internet security. The Internet The Internet - a physical collection of many networks worldwide which is referred to in two ways: The internet (lowercase.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.
Topic 5: Basic Security.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Computer Skills and Applications Computer Security.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Understand Malware LESSON Security Fundamentals.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
W elcome to our Presentation. Presentation Topic Virus.
Computer Crime: Identity Theft, Misuse of Personal Information, and How to Protect Yourself (Tawny Walsh, Irina Lohina, Renair Jackson, Jahmele Betterson,
Matt Broman Kodiac Gamble Devin Nichol SECTION 4.2 INFORMATION SECURITY.
Spyware, Adware & Malware JEEP HOBSON JEEP HOBSON ITE-130 ITE-130 SPRING 2007 SPRING 2007.
Any criminal action perpetrated primarily through the use of a computer.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computers Are Your Future Eleventh Edition Chapter 9: Privacy, Crime, and Security Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall1.
Page 1 Viruses. Page 2 What Is a Virus A virus is basically a computer program that has been written to perform a specific set of tasks. Unfortunately,
Remember effective ways to search +walk (includes words) Intitle:iPad Intext:ipad site:pbs.org Site:gov filetype:jpg.
Computer Security Keeping you and your computer safe in the digital world.
SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 3 This material was developed by Oregon Health & Science University,
Network System Security - Task 2. Russell Johnston.
What they are and how to protect against them
Unit 4 IT Security.
Instructor Materials Chapter 7 Network Security
Answer the questions to reveal the blocks and guess the picture.
Protect Your Computer Against Harmful Attacks!
Teaching Computing to GCSE
HOW DO I KEEP MY COMPUTER SAFE?
Computer Security.
Faculty of Science IT Department By Raz Dara MA.
Presentation transcript:

Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 1 This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number IU24OC

Unit Objectives List and describe common security concerns Describe safeguards against common security concerns, including firewalls, encryption, virus protection software and patterns, programming for security, etc. Describe security concerns for wireless networks and how to address them List security concerns/regulations for health care applications Describe security safeguards used for health care applications 2 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

Why Concerned About Security? Loss, stolen, or compromised data Identity theft & impersonation Downtime for businesses –Loss of revenue Blackmail –Threat to disclose medical information 3 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

Common Threats to Security Trojans Viruses Hoaxes Worms Phishing Macro viruses Hackers 4 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011 Wikipedia: –“Malware, short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent.” Types of malware include:

Trojan Horse A Trojan horse is a malware program that usually impersonates a known good file installed on the system by replacing (deleting) the good file. Gets its name from the Greek Trojan Horse myth. The Trojan then does its dirty work on a certain date, through a user action, or on command. Trojans can destroy or copy data, install adware, or install a browser toolbar. Trojans can record keystrokes and send this to the attacker and scan computer ports. 5 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

Viruses A virus is a computer program that can harm a computer and make it inoperable. Some viruses are only an annoyance. Viruses usually do not replicate (make copies of) themselves on other computers. Removing the virus usually cleans the computer. Sending a virus via may replicate the virus. In 2008, the Fun.exe virus spread itself via throughout the world and was very difficult to remove as it made many copies of itself on an infected computer. 6 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

Macro Viruses Macro viruses usually infect Microsoft Office files and install themselves when users click files. A macro is a small program, usually written in VBA (Visual Basic for Applications). Macro viruses spread when users click files in which the macro virus resides. Macro viruses may also delete files, etc. on an infected system. 7 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

Personal Information Attacks Phishing Phishing is an attempt to trick you into revealing personal information to an attacker so they can impersonate you. Pronounced like the word “fishing,” the attacker is fishing for information about YOU! You may receive an that appears to be from your financial institution, eBay, or Amazon, asking you to login to verify a transaction. 8 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

Personal Information Attacks (cont’d) When you click the link in the , the Web site looks as you expect it to. No reputable organization will every ask you to do this. Report the attack your organization so they are aware of the attack. Most companies will act on reported phishing attempts. Most software includes the ability to monitor for phishing and move the suspected e- mail to a non-functional (Junk ) folder. 9 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

Worms A worm is a program that works to create a lot of network traffic. Some worms are not malware as they crawl the network searching for reporting information. Most worms replicate themselves, making the network unusable. The ILOVEYOU worm successfully attacked millions of computers (users clicked the attachment) in May Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

False Information Hoaxes Hoaxes are usually harmless and attempt to convince you of something that is not true. Hoaxes usually come in the form of an . Some hoaxes invite you to send money to someone in another part of the world, others ask you to contribute to find missing children, etc. Use your search engine to determine whether the e- mail’s message is true by entering the subject line in a search engine. The result will usually indicate whether the is a hoax. 11 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

False Information (cont’d) Uncloak a Hoax Use trusted Internet sites to detect hoaxes. Snopes.com - Urban Legends Online Never forward chains without verifying their source. 12 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

How do Hackers Operate? Packet sniffers can read Internet traffic. Wireshark is a free protocol analyzer software tool that can display unencrypted network traffic on a monitor screen. Install malware. Adware – Continuous ads on your screen. Spyware – Reports on sites you visit. Guess at user names and passwords. Don’t use easy-to-guess passwords. Do change default usernames and passwords (wireless routers). 13 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

What is Network Security? According to Wikipedia: –“In the field of networking, the specialist area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources.” In plain English: –Network security is about the rules we set up for use of equipment, software, and data and how we follow our own rules. –Use of assets revolves around authentication, authorization, and providing permissions to network assets. If you can’t prove your identity, you don’t gain access to the network, its equipment, or its data. 14 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

Authentication User provides valid username & password. –Referred to as “credentials.” Computer authenticates credentials against its user account & password database. –If you log in successfully, you are authenticated! If the credentials entered match what’s in the database, user is authenticated. –Servers authenticate users using a special type of database known as a directory. –The directory stores information about all users, user groups, computers, printers, etc. 15 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

Authorization Authenticated users are next authorized. Authorization means that the computer indicates precisely what the user can do: –Print files using specified printers. –Access specified network drives. –View and/or change documents in folders. –Use company . Actions are usually recorded for audit. 16 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

Permissions (Windows Environment) Authorized objects are associated with permissions. –Part of authorizing an object is determining permissions. Permissions determine what an object can or cannot do on a computer or network. Two types of permissions are typically used: –Sharing: Allows one object to connect to or use another object over the network. –NTFS: Determines what one object can or cannot do to another object. Permissions are a complex topic. 17 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

Permissions Example (Windows Environment) Sharing and NTFS permissions work together. –You create a folder on your computer so your sister can copy pictures you took. –Next, you share the folder and set her permissions to “read.” –Lastly, you set NTFS permissions to “read” so that she can view and copy the pictures. –Without this configuration, your sister will not be able to view or copy files from your computer. 18 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

Permissions Example Right-click the folder and select Properties from the menu. The Pictures folder is shared. Click Advanced Sharing to configure sharing permissions for this folder. 19 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011

Permissions Example (cont’d) Click the Security tab to configure NTFS permissions. Group or user names are listed in what is called an access control list, or ACL. Administrators have Full Control over this folder and its contents. –This means that a user who is a member of the Windows Administrator’s group can do anything to this folder and its contents. –Anything means view, add new files, delete existing files, change existing files, create new sub- folders, etc. 20 Component 4/Unit 8-1 Health IT Workforce Curriculum Version 2.0/Spring 2011