Computer security

What is Computer Security?

Computer Security is a number of techniques developed to protect single computers and network-linked computer systems from accidental or intentional harm. The harm can include destruction of computer hardware and software, physical loss of data, deception of computer users and so on.

A variety of simple techniques can prevent computer crime. For example, any user can prevent access to confidential information. They can destroy printed information, protect computer screens from observation, keep printed information and computers in locked cabinets, and clear desktops of sensitive documents. However, there are some more sophisticated methods to prevent computer crimes. We would like to describe some of them.

One technique to protect confidentiality is encryption. Information can be scrambled and unscrambled using mathematical equations and a secret code called a key. Two keys are usually employed, one to encode and the other to decode the information. The key that encodes the data, called the private key, is possessed by only the sender. The key that decodes the data, called the public key, may be possessed by several receivers. The keys are modified periodically, further hampering unauthorized access and making the encrypted information difficult to decode or forge.

Another technique to prevent computer crime is to limit access of computer data files to approved users. Access-control software verifies computer users and limits their privileges to view and alter files. Records can be made of the files accessed, thereby making users accountable for their actions. Military organizations give access rights to classified, confidential, secret, or top secret information according to the corresponding security clearance level of the user.

Passwords are confidential sequences of characters that give approved users access to computers. To be effective, passwords must be difficult to guess. Effective passwords contain a mixture of characters and symbols that are not real words. To thwart imposters, computer systems usually limit the number of attempts to enter a correct password.

Tokens are tamper-resistant plastic cards with microprocessor chips that contain a stored password that automatically and frequently changes. When a computer is accessed using a token, the computer reads the token’s password, as well as another password entered by the user, and matches these two to an identical token password generated by the computer and the user's password, which is stored on a confidential list. Sometimes passwords and tokens may be reinforced by biometrics, identification methods that use unique personal characteristics, such as fingerprints, retinal patterns, skin oils, deoxyribonucleic acid (DNA), voice variations, and keyboard-typing rhythms.

Computer networks, multiple computers linked together, are particularly vulnerable to computer crimes. Information on networks can be protected by a firewall, a computer placed between the networked computers and the network. The firewall prevents unauthorized users from gaining access to the computers on a network, and it ensures that information received from an outside source does not contain computer viruses, self-replicating computer programs that interfere with a computer’s functions.

We use computers for everything from banking and investing to shopping and communicating with others through e-mail or chat programs. Although you may not consider your communications “top secret,” you probably do not want strangers reading your e-mail, using your computer to attack other systems, sending forged e-mail from your computer, or examining personal information stored on your computer (such as financial statements).

1. Who is this e-mail from (i.e. an employee, IT specialist, customer etc)? 2. Who is the e-mail to? 3. What is the basic problem being discussed? 4. What will the rest of the e-mail be about? 5. What kind of ideas might be in the rest of the e-mail?

From: Rupert Hills-Jones

To: All employees

Subject: Data Security

Dear All,

Unfortunately there have been several instances recently of data falling into the wrong hands. I have been a victim of ID theft and we have lost a few company laptops and memory sticks containing sensitive trading information. The following rules around data and data security are mC11datory and failure to abide by these will result in disciplinary action up to and including dismissal. I am sorry for the stern tone but this is a very serious issue for us all.

a) Ideally this should contain both letters and numbers.

b) Only company-provided and approved software may be used.

c) At the end of each day, ensure that your desks are clear and all documentation or storage devices are in locked drawers.

d) Do not leave them where they can be seen on the back seat of a car.

e) IT will be running a webcast on how to do this next Tuesday 25^th.

f) Any documentation found lying around after the trading day will be destroyed. You have been warned.

Clear Your Desk. With immediate effect we will be running a Clear Desk Policy in the office. 1. …

Shred. All unwanted printouts, photocopies, notes etc. must be put into the shredders that have been installed in each office 2. ….

Use Passwords. All systems must be accessed using a password. 3. …. This password is secret to you and should not be shared with any other individuals.

Change Passwords. All passwords must now be changed on a monthly basis. If you think that your password has been compromised, call the IT Helpdesk immediately.

Don’t Download. All laptops are to be scanned on a monthly basis by IT to check for spyware or malware. Under no circumstances should any programs be downloaded from the internet onto company laptops. 4. ….

E-mails. Do not open email attachments unless you know the originator of the mail personally and you are expecting an attachment of that type and name.

Keep Secure. All laptops taken out of the office either to clients· offices or to work from home must be kept secure at all times. 5. ….

Memory Sticks. All memory sticks are now numbered. The IT Department will keep a list of memory sticks and who is responsible for them.

Encrypt. All data stored on memory sticks must be encrypted. 6. ….

And on a personal note if anybody sees my wallet, could you please pop it into my office.

Regards, Rupert.

Confidential. Internet communications are not secure and therefore London Investments does not accept legal responsibility for the contents of this message. This e-mail and any attachments may be confidential. They may contain privileged information and are intended for the named addresses only. They must not be distributed without our consent. If you are not the intended recipient please notify us immediately and delete the message and any attachments from your computer. Do not disclose, distribute or retain this e-mail or any part of it. We believe but do not warrant this e-mail or any attachments are virus free. You must therefore take full responsibility for virus checking.

1. Why can it be dangerous to … if you don't know who sent it? 2. Why is it important to … like a bank statement that contains personal information, and not just throw it away? 3. How often should you … or a desktop for spyware and malware? 4. Why can it be harmful to … from the internet and run it on your computer? 5. Why is it a good idea to … regularly even if there’s no evidence it has been compromised? 6. What are the advantages of … as opposed to having training seminars? 7. Have you ever … of ID fraud?

1. Why is security so important on the Internet? 2. What security features are offered by Mozilla Firefox? 3. What security protocol is used by banks to make online transactions secure? 4. How can we protect our e-mail and keep it private? 5. What methods are used by companies to make internal networks secure? 6. In what ways can a virus enter a computer system? 7. How does a worm spread itself?