Module 2 Part 4
Threats to Computer Systems and Control Measures
Concepts of threats: Virus, hacking, phishing, spyware, spam, physical threats (fire, flood,
earthquake, vandalism), Concepts of security measures: firewall, encryption.
Concepts of threats:
Security Threat is defined as a risk that can potentially harm computer systems and
organization. The cause could be physical such as fire, flood, earthquake, vandalism. The cause
could also be non-physical such as a virus attack.
Different Types of Computer Threats
Virus - It is a malicious program where it replicates itself and aim to only destroy a
computer. The ultimate goal is the computer will never be able to operate properly. First
computer virus name is “Brian”.
Hacking - Hacking is a type of computer crime in which the offender enters into a computer
system (generally by breaking the security) for the sake of stealing information.
Phishing - A fake website or email which is designed to look almost like the actual website is
a form of phishing attack. purpose is stealing the identity of the victim.
Spyware - designed to spy on the victim’s computer. Such as if you browse on football for a
week every day, the attacker will try to come out with a football scam to cheat on your money.
Spam - more common methods of both sending information out and collecting it from
unsuspecting people.
Malware - Malicious software that infects your computer, such as computer viruses, worms,
Trojan horses, spyware, and adware.
Trojan - It has the ability to hide itself from antivirus detection & and steal important data.
Worms - program designed only to spread, it will use up your computer hard disk space due
to the replication. “Morris” was one of the first computer worm distributed via the internet.
Adware - Is a form of threat it will start popping out a lot of advertisement. It gathers and
transfer to its distributor personal information of the user.
Scareware - programs designed to trick a user into buying and downloading unnecessary and
potentially dangerous software.
Botnet - something which is installed by a BotMaster to take control of the system via botnet
infection.
C&C - A command and control server (C&C server) is the centralized computer that
issues commands to a botnet.
Ransomware - Ransomware is a type of malware that restricts access to your computer. It
displays an image that prevents you from accessing your computer or encrypts files on your
system's.
Module 2 Part 4 1
�Key logger - keeps a record of every keystroke you made on your keyboard. It’s mainly used
to steal people’s login credential such as username and password.
Backdoor - attacker will be able to bypass all the regular authentication service.
Dropper - designed to drop into a computer and install something useful to the attacker such
as Malware or Backdoor. It immediately drops and install to avoid Antivirus detection.
Another is, it will only drop a small file, it will auto trigger a download process to download
the Malware.
Spoofing - An email address may even include your own name, or the name of someone you
know.
Concepts of security measures:
Firewall
A firewall is a system that prevents unauthorized access to or from a private network. It
examines each message entering and leaving the network, and allows only those authorized
message to pass through. It can be implemented in hardware and software or both. A firewall
helps to keep a computer more secure. It restricts information that comes to your computer
from other computers, giving more control over the data on the computer and providing a line
of defense against people or programs.
Importance
1. It allows only authorized access to inside network.
2. It prevents insider stacks on critical systems.
3. A firewall as a barrier, check information coming from the internet or a network and
allow it to pass through to your computer, depending on your firewall settings.
4. It provides the ability to control access to site system. It can greatly improve network
security and reduce risk to hosts on the subnet by filtering inherently insecure
services.
Types of firewalls
1. Application Gateways: the first firewalls were application gateways, and are
sometimes known as proxy gateways. These are sun with special software to act as a
proxy server.
2. Packet filtering: packet filtering is a techniques where by routers have ACLs(Access
Control Lists) turned on. By default, a router will pass all traffic sent it, and will do so
without any sort of restrictions.
3. Hybrid Systems: in an attempt to marry the security of the application layer gateways
with the flexibility and speed of packet filtering, some vendors have created systems
that use the principles of both.
Encryption
Encryption is a form of data security in which information is converted to ciphertext. Only
authorized people who have the key can decipher the code and access the original plaintext
information. In even simpler terms, encryption is a way to render data unreadable to an
unauthorized party.
Module 2 Part 4 2
�How Encryption works
Encryption (and decryption) process in brief
Encryption takes plain text, like a text message or email, and scrambles it into an unreadable
format called ciphertext. This helps protect the confidentiality of digital data either stored on
computer systems or transmitted through a network like the internet.
When the intended recipient accesses the message, the information is translated back to its
original form. This is called decryption.
To unlock the message, both the sender and the recipient have to use a "secret" encryption
key – a collection of algorithms that scramble and unscramble data back to a readable format.
Types of encryption
There are two main types of encryption systems:
Symmetric encryption and
Asymmetric encryption
Symmetric encryption
Symmetric encryption uses a single secret password or key to encrypt and decrypt data.
Symmetric encryption algorithms are the simplest and most used form of encryption.
They are available in two forms:
Block algorithms: Encrypt a group of plain text symbols as one block.
Stream algorithms: Convert one symbol of plain text directly into ciphertext.
Asymmetric encryption
Asymmetric encryption – also known as public key cryptography – uses two keys for
encryption and decryption. A public key, which is shared among users, can either encrypt or
decrypt the data. A private key can also encrypt or decrypt data, but it's not shared among
users. The key you choose to encrypt or decrypt depends on the security measure you’re
trying to employ:
Encrypting with the public key: ensures only the intended recipient can use the
corresponding private key to decrypt the message, even if the information was
breached during transit
Encrypting with the private key: allows the recipient of the information to verify the
sender’s identity, since they won’t be able to decrypt data that’s been tampered with
by an unauthorized user
Module 2 Part 4 3