Sunday, February 22, 2009

Form 4: 1.3.1.1 - Define computer security

COMPUTER SECURITY

DEFINITION OF COMPUTER SECURITY
Computer security means protecting our computer systems and the information they contain against unwanted access, damage, destruction or modification.

We need to protect our computer from any intruders such as hackers, crackers and script kiddie.
We do not want strangers to read our e-mail, use our computer to
attack other systems, send forged e-mail from our computer, or examine personal information stored on our computer such as financial statements.

  • TYPES OF COMPUTER SECURITY
    Three types of computer security are:

    a) hardware security
    b) software security/data security
    c) network security


    a) HARDWARE SECURITY
    Hardware security refers to security measures used to protect the hardware specifically the computer and its related documents.

    The examples of security measures used to protect the hardware include PC-locks, keyboard-locks, smart cards and biometric devices.

    b) SOFTWARE AND DATA SECURITY
    Software and data security refers to the security measures used to protect the software and the loss of data files.

    Examples of security measures used to protect the software are activation code and serial number.

    An example of security measure used to protect the loss of data files is the disaster recovery plan method. The idea of this plan is to store data, program and other important documents in a safe place that will not be affected by any major destruction.

    c) NETWORK SECURITY
    The transfer of data through network has become a common practice and the need to implement network security has become significant.

    Network security refers to security measures used to protect the network system. One example of network security measures is firewall. With firewall, network resources can be protected from the outsiders.

    PERSONAL COMPUTER SECURITY CHECKLIST
    In order to make sure our computers are secured, here are the computer
    security checklist to follow.

    ü Do not eat, drink or smoke near the computer
    ü Do not place the computer near open windows or doors
    ü Do not subject the computer to extreme temperatures
    ü Clean the equipment regularly
    ü Place a cable lock on the computer
    ü Use a surge protector
    ü Store disks properly in a locked container
    ü Maintain backup copies of all files
    ü Stores copies of critical files off sites
    ü Scan a floppy disk before you open it
    ü Do not open any unknown email received

    1.3.2.1 - Explain briefly the different threats to computer
    security :
    Malicious code
    Hacking
    Nature/environment
    Theft


    INTRODUCTION COMPUTER THREATS

    The computer is a great tool to store important information. In certain cases, the information is very vital that losing it will harm the computer system.

    Computer threats can come from many ways either from human or natural disasters. For example, when someone is stealing your account information from a trusted bank, this threat is considered as a human threat. However, when your computer is soaked in heavy rain, then that is a natural disaster threat.

    MALICIOUS CODE
    Malicious code is also known as a rogue program. It is a threat to computing assets by causing undesired effects in the programmer’s part. The effect is caused by an agent, with the intention to cause damage.

    The agent for malicious code is the writer of the code, or any person who causes its distribution. There are various kinds of malicious code. They include virus, Trojan horse, logic door, trapdoor and backdoor, worm and many others.


    a) VIRUS
    · a program that can pass on the malicious code to other programs by modifying them

    · attaches itself to the program, usually files with .doc, .xls and .exe extensions

    · destroys or co-exists with the program

    · can overtake the entire computing system and spread to other systems

    b) TROJAN HORSE
    · a program which can perform useful and unexpected action

    · must be installed by users or intruders before it can affect the system’s assets

    · an example of a Trojan horse is the login script that requests for users’ login ID and password

    · the information is then used for malicious purposes

    c) LOGIC BOMB
    · logic bomb is a malicious code that goes off when a specific condition occurs.

    · an example of a logic bomb is the time bomb

    · it goes off and causes threats at a specified time or date

    e) TRAPDOOR OR BACKDOOR
    · a feature in a program that allows someone to access the program with special privileges

    f) WORM
    · a program that copies and spreads itself through a network


    HACKER
    Hacking is a source of threat to security in computer. It is defined as unauthorised access to the computer system by a hacker.

    Hackers are persons who learn about the computer system in detail. They write program referred to as hacks. Hackers may use a modem or cable to hack the targeted computers.

    NATURAL AND ENVIRONMENTAL THREATS
    Computers are also threatened by natural or environmental disaster. Be it at home, stores, offices and also automobiles.Examples of natural and environmental disasters:
    Flood
    Fire
    Earthquakes, storms and tornados
    Excessive Heat
    Inadequate Power Supply

Primary Differences Between Worms And viruses


Worm
Operates through the network
Spreads copies of itself as a standalone program


Virus
Spreads through any medium
Spreads copies of itself as a program that attaches to other
programs

THEFT
Two types of computer theft:

1) Computer is used to steal money, goods, information and resources.
2) Stealing of computer, especially notebook and PDAs.

Three approaches to prevent theft:

1) prevent access by using locks, smart-card or password
2) prevent portability by restricting the hardware from being moved
3) detect and guard all exits and record any hardware transported






















THEFT
Two types of computer theft:

1) Computer is used to steal money, goods, information and resources.
2) Stealing of computer, especially notebook and PDAs.

Three approaches to prevent theft:

1) prevent access by using locks, smart-card or password
2) prevent portability by restricting the hardware from being moved
3) detect and guard all exits and record any hardware transported

Wednesday, February 18, 2009

Form4 : 1.2.3.1 Exercise

1. What is controversial content?
2. What Is pornography?
3. What Is slander?
4. State the 3 impact of controversial content on the Malaysian society
a)Pornography
b)Slander
5. State the method of controlling access to the internet
6. Explain briefly about each method of controlling access to the internet
7. What is Cyber Law?
8. Explain about the act below:
a)DIGITAL SIGNATURE ACT 1997
b)COMPUTER CRIMES ACT 1997
c)TELEMEDICINE ACT 1997
d)COMMUNICATIONS AND MULTIMEDIA ACT 1998
9. What is computer crime?
10.State 4 computer crime
11.Explain briefly of each computer crime

Form 4: 1.2.3.1 - List effects of controversial contents on society (Pornography and Slander)



LESSON 12

CONTROVERSIAL CONTENT

A controversial content is information that causes disagreement in opinions and may cause the disruption of peace because different people or culture will have different views about the contents.

ISSUES ON CONTROVERSIAL CONTENTS

The issues on controversial contents are always focusing on pornography and slander. Malaysia considers pornography and slander as illegal.

Pornographic and slanderous activities can be in the forms of plots and actions displayed on video games, controversial rhythm or lyrics of music, controversial contents of books and controversial issues on religion and philosophy.

Pornography Creative activity (writing or pictures or films etc.) of no literary or artistic value other than to stimulate sexual desire.

Slander Oral communication of false statements injurious to a person's reputation.

A false and malicious statement or report about someone.

PORNOGRAPHY

What is pornography? Why is pornography considered “negative” content?

DEFINITION OF PORNOGRAPHY

The definition of pornography is any form of media or material (like books or photographs) that depicts erotic behaviour and is intended to cause sexual excitement.

Pornography tends to exploit men, women and children in a distasteful manner.

SLANDER

Slander is another example of controversial content.

Slander is a legal term for false and malicious statement (meaning knowing that it is false, or “reckless disregard” that it was false) about someone.

Examples :

You wrote an e-mail that a fellow classmate was having an affair with a teacher, even though it was not true. You then sent it to five other friends.

Ahmad is a muslim. One day, he received a “spam” e-mail stating that his favourite soda drink “Soda Moda” uses non-halal food colouring, but he does not know if the source of the content is credible or true. He decides to forward the e-mail to 50 of his friends.

Chin Wei spreads a rumour that a Government Minister is receiving bribes from an enemy government.


IMPACTS ON MALAYSIAN SOCIETY

What can you conclude about the impact of controversial content on the Malaysian society?

Pornography

  • can lead to criminal acts such as exploitation of women and children
  • can lead to sexual addiction or perversion
  • can develop low moral value towards other men, women or children
  • can erode good religious, cultural and social beliefs and behaviour

Slander

  • can develop into a society that disregards honesty and truth
  • can develop bad habit of spreading untruths and rumours
  • can lead to unnecessary argument
  • can cause people to have negative attitudes towards another person


1.2.3.2 - Describe the process of filtering to control access to

controversial contents.


THE PROCESS OF INTERNET FILTERING

Is our responsibility to ensure that the teenagers are protected from these corruptions of the mind by filtering access to the Internet.Internet filtering is a process that prevents or blocks access to certain materials on the Internet.

It is our responsibility to ensure that the teenagers are protected from

these corruptions of the mind by filtering access to the Internet.

What is Internet filtering?

Internet filtering is a process that prevents or blocks access to certain

materials on the Internet. Filtering is most commonly used to prevent

children from accessing inappropriate material and to keep employees

productive on the Internet.

CONTROLLING ACCESS TO THE INTERNET

Controlling access to the internet by means of filtering software has become a growing industry in Malaysia and elsewhere. Its use has increase as the mandatory response to the current plague of society, namely internet pornography, politically incorrect site, hatred, violence, hate and in general anything viewed to be unpleasant or threatening.

The current preferred method of choice to limit access on the Internet is to filter content either by:

keyword blocking

site blocking

web rating systems

These methods require software to be installed at a client of server level.

KEYWORD BLOCKING

One of the strategies is by using the keyword blocking method.This method uses a list of banned words or objectionable terms.

As the page is downloading, the filter searches for any of these words. If found, it will block the page completely, stop downloading the page, block the banned words and even shut down the browser.

SITE BLOCKING

  • software company maintains a list of ‘dubious Internet sites’
  • the software prevents access to any sites on this list
  • ‘denial lists’ regularly updated
  • some software provides control over what categories of information you block
  • Who decides what goes on the ‘denial list’ and what criteria are they using?
  • can you keep track of the whole of the Internet?
  • filters can use both site blocking and word blocking

WEB RATING SYSTEMS

Web sites are rated in terms of nudity, sex, violence and language. The Recreational Software Advisory Council (RSACI) is responsible for the rating of the websites on the content on the internet.

ratings done either by the web page author or by the independent bureau.

browsers set to only accept pages with certain levels of ratings.



1.2.4.1 - Explain the need for Cyber Law.


What is Cyber Law?

Cyber law refers to any laws relating to protecting the Internet and other online communication technologies.

NEEDS FOR CYBER LAW

In the recent years, many concerns and issues were raised on the integrity and security of information, legal status of online transactions, privacy and confidentiality of information, intellectual property rights and security of

government data placed on the Internet.



These concerns and issues clearly indicate why cyber laws are needed in online activities.

THE CYBER LAW ACTS IN MALAYSIA

The Malaysian Government has already passed several cyber laws to control and reduce the Internet abuse.

These cyber laws include:

Digital Signature Act 1997

Computer Crimes Act 1997

Telemedicine Act 1997

Communications and Multimedia Act 1998

Beside these cyber laws, there are three other cyber laws being drafted.

Private Data Protection Bill

Electronic Government Activities Bill

Electronic Transactions Bill

DIGITAL SIGNATURE ACT 1997

The Digital Signature Act 1997 secures electronic communications especially on the Internet.

Digital Signature is an identity verification standard that uses encryption techniques to protect against e-mail forgery. The encrypted code consists of the user’s name and a hash of all the parts of the message.

By attaching the digital signature, one can ensure that nobody can eavesdrop, intercept or temper with transmitted data.

COMPUTER CRIMES ACT 1997

The Computer Crimes Act 1997 gives protection against the misuses of computers and computer criminal activities such as unauthorised use of

programmes, illegal transmission of data or messages over computers and hacking and cracking of computer systems and networks.

By implementing the Computer Crimes Act 1997, users can protect their rights to privacy and build trust in the computer system. At the same time, the government can have control at a certain level over cyberspace to reduce cyber crime activities.


TELEMEDICINE ACT 1997

The Telemedicine Act 1997 ensures that only qualified medical practitioners can practice telemedicine and that their patient's rights and interests are protected.

These act provides the future development and delivery of healthcare in Malaysia.

COMMUNICATIONS AND MULTIMEDIA ACT 1998

The implementation of Communication and Telecommunication Act 1998 ensures that information is secure, the network is reliable and the service is affordable all over Malaysia.

This Act also ensures high level of user's confidence in the information and communication technology industry.



1.2.4.2 - Explain briefly the computer crimes below :

  • Fraud
  • Copyright Infringement
  • Theft
  • Attacks


COMPUTER CRIMES

A computer crime is defined as any criminal activity that is related to the use of computers. These activities include computer fraud, copyright infringement, computer theft and computer attack.

COMPUTER FRAUD

Computer fraud is defined as having an intention to take advantage over or causing loss to other people, mainly on monetary basis through the use of computers.

There are many forms of computer fraud which include e-mail hoaxes, programme fraud, investment schemes, sales promotions and claims of expertise on certain fields.

Students need to be aware of other computer frauds such as health frauds, scams and hacking. Students will also most likely get false information while researching information on the Internet.

COPYRIGHT INFRINGEMENT

Copyright infringement is defined as a violation of the rights secured by a copyright. Copyright infringement involves illegal copy or reproduction of copyrights material by the black market group. The open commercial sale of pirated item is also illegal.

With the current technology, the most perfect copy of the original copy can be downloaded from the internet.

COMPUTER THEFT

Computer theft is defined as the unauthorised use of another person’s property with the intention to deny the owner the rightful possession of that property or its use.

Examples of computer theft include:

transfer of payments to the wrong accounts

tap into data transmission lines on database at no cost

divert goods to the wrong destination

COMPUTER ATTACK

Computer attack may be defined as any activities taken to disrupt the equipment of computer systems, change processing control or corrupt stored data.

Computer attack can be in the forms of:

  • physical attack that disrupt the computer facility or its transmission lines.
  • an electronic attack that uses the power of electromagnetic energy to overload computer circuitry.
  • a computer network attack that uses a malicious code to exploit a weakness in software, or in the

computer security practices of a computer user



Friday, February 6, 2009

Loading...

Loading....as a Teacher and Wife.... :)