Computer Security

DIGITAL DEVELOPMENT
1stBACHILLERATO
Need for security.

Computer security is the set of measures aimed at protecting the

hardware, software, information, and people. Any failure can have
serious repercussions of an economic, social, or personal nature.

Big data
Internet of Increase in risks New strategies
the things

To minimize risks, when we go

to use the computer, we have to: SECURITY PLAN:
Who do we need to protect?
• Knowing how to use it. 2. What is necessary
protect it?
• Know the security tools
3. What tools
of those we have available.
Do we have that?
• Apply a set of basic rules of
security.
2. Types of security.
Active safety and passive safety.

We call active security the set of actions aimed at protecting the

computer and its contents; it is about reducing vulnerabilities as much as possible.

Passive security is the one that aims to minimize the impact of a possible
computer damage; assuming that vulnerabilities exist, it is necessary to reduce
the consequences.

Active security Passive safety

• Software installation of • Backups

security. periodicals.

• Secure passwords. • Power supply systems

uninterrupted (SAI).
• Data encryption.

• Digital certificates.
2. Types of security.
Physical security and logical security.

Physical security aims to protect hardware from potential disasters.

natural disasters (such as fires, floods,...), thefts, electrical overloads, etc.

Logical security complements physical security and aims to protect the software and the
user data.

Physical security Logical security

• Fire protection systems and • Protection of the

flood control. information regarding thefts or
losses with the techniques of
• Surveillance to prevent theft. active and passive safety.

• Systems to prevent
blackouts or overloads
electric
2. Types of security.
Personal and information systems security.

Security in information systems or threats to the machine:

it consists of protection against threats to our computer.

Personal security: it consists of protection against threats and fraud.

to the person, what is most important (damages to the machine are still
material damages, but the damage to people remains over time and
they transcend to other aspects of life.
Personal safety Security in systems
of information
• Our attitude, the best protection.
• Protection of the
• Be informed. information about thefts or
losses with the techniques of
• Use common sense. active and passive security.

• The laws protect us.

Organic Law 1/1982, of May 5, on the civil protection of the right to
honor, to personal and family privacy and to one's own image.
Organic Law 15/1999, of December 13, on data protection
carácter personal(LOPD), que se desarrolla en el RD 1720/2007.
 3. Threats in Information Systems (I).
Malware Malicious software or software
malicious encompasses the set of software created for the purposes of
malicious: viruses, trojans, worms, spyware, etc.

Virus It is a program that is installed on the computer without the user's permission with the
objective of causing damage. It can replicate itself and infect the computer.
through executable files or storage unit sectors (for
example, the boot sector of a hard drive) where the data is stored
instruction codes of the virus. To spread to other computers, viruses
They make use of portable memory, software, and the Internet itself. They are the
the most well-known threat and the most important due to its volume of risk.

Worm It is a malicious program whose purpose is to overflow the memory of

system reproducing itself.

Keylogger The key 'tecla' and logger 'registrador' is a type of software that is responsible for
obtain and memorize the keystrokes made on a keyboard. It can be used
to spy remotely, with the aim of obtaining the user's passwords.

Spyware Not all spyware is malicious. They can be considered

spyware programs with malicious code: trojans, adware and
hijackers, basically.
 3. Threats in information systems (II).
Adware (Deadvertisement software). The advertising software included in programs.
that they show after being installed. Some of them have a license.
shareware or freeware and include advertising to subsidize themselves, from
so that if the user wants an ad-free version, they can choose to pay.
the version with the registered license. The problem comes when these programs
they act as spyware, including code to collect personal information from
user (information that does not necessarily have to be used in a way
malicious, sometimes it involves knowing the tastes of the users, but it can
transfer to other entities without authorization).

Hijackers They are programs that "kidnap" other programs to use their rights or to
modify their behavior. The most common case is an attack on a browser,
modifying the homepage and redirecting the search pages without the
user consent.
Trojan It is a type of virus in which they have been introduced, disguised in another.
program, instructions aimed at destroying stored information in
the discs or to gather information. Its name refers to the
Trojan horse because these viruses are often hosted in elements
apparently harmless, like an image or a music file, and they install themselves
in the system when opening the file that contains them.
Crackers People who are dedicated to changing the operation of a commercial program or
well to create applications that obtain valid serial numbers in that type of
programs in order to use them without a license (to pirate them).
 3. Threats in information systems (III).
Hackers They are expert computer criminals who, at first, only pose challenges.
intellectuals. They should not pretend to cause harm; in fact, there exist
ethical hacking companies (white hacking), that help people and
companies to know what their level of security is against malicious hackers. The
The term hacker is sometimes confused with the computer pirate.
hacker), a person who attempts to compromise the security of systems on the Internet and
profit from it.

Pharming It is a practice of redirecting a domain name to another machine.

distinct, so that a user who enters a URL accesses the webpage
of the attacker. In this way, for example, they can impersonate the website of
a bank to obtain the victim's keys.

Cookies Text files stored on the computer via the browser

when we visit a website, so that the website can read them on subsequent visits. No
they are no threat as long as they only intend to facilitate our access to the site. Thus,
it is common, for example, that the second time we visit a website of
online purchases from the same computer that have already been completed
parameters, let's have the configuration we had selected during the visit
previously or even we have a welcome greeting, all of it for the
cookies stored on the first visit. They are therefore non-malicious spyware.
 3. Threats in information systems (IV).
Spam Email messages flooding the Network with the purpose of announcing
products, for the recipients to buy them. It has been proven that one of
every twelve million gets a positive response. It represents 80% of the traffic
of email in the world.

Hoaxes They are email chains initiated by companies to gather the

email addresses of many of the users and subsequently
sending emails (which will also constitute spam). They take advantage of the
kindness, the gullibility and superstition of people. It is a practice not
illegal nowadays. A chain starts when a company sends a
message of the type "Missing child" or "Beware, dangerous virus!" to millions of
invented addresses (those that do not give an error message exist and that's it
they can be used); some of these recipients will forward in good faith the
message and the chain will be formed like this; after many shipments, it will arrive from
new to the company that started it, along with a chain of valid addresses.
Vulnerabilities. Strengths and weaknesses.
The quality of the operating systems, applications, and programs is measured by their strengths.
and weaknesses.

Vulnerabilities are weak points of a system that can be

exploited to attack him. They are usually resolved with updates of
software.

Rating Definition
Critique It can allow the propagation of an Internet worm without the
user action
Important It may jeopardize confidentiality, integrity or
availability of user data or resources
processing.
Moderate Its impact can be largely reduced by factors
like default settings, audits... It's hard to come up with
party to said vulnerability.
Lower Vulnerability that is very difficult to exploit or whose impact is minimal.
4. Active security (I).
It involves identifying which parts of the system are vulnerable and establishing measures.
that minimize risk. The software and the elements of equipment prevention are:
Antivirus. A program that analyzes the different drives and
devices, as well as the flow of incoming and outgoing data.
Use a database with character strings
characteristics of different viruses, which is essential
that is updated. They protect against viruses, trojans and
worms and some are spyware and even filters
antispam

Firewall or firewall. Defense system that controls and

filters the incoming and outgoing traffic of a network. It is configured
to request confirmation of any program that uses the
internet connection (exceptions may apply).
Usually included in the operating systems as well, although there are.
other free or paid software.
4. Active security (II).

Proxy. Software installed on the PC that works as

gateway; it can be configured as a firewall or
as a web page limiter.

Passwords. They can help protect files, folders

or a computer within a network.
Tips for creating a secure password
• Minimum 8 characters.
• Toggle uppercase and lowercase.
• Use numbers and non-alphabetic characters.
• Words not contained in a dictionary.
• Not related to personal data (ID,
last name, relevant dates,...

Cryptography. It is the encryption of information to protect

files, communications, and keys.
Active security: weak passwords.

Most used passwords in 2015:

• 123456 • 1qaz2wsx
• password • 111111
• 12345678 • dragon
• qwerty • master
• 12345 • monkey
• 123456789 • let me in
• football • login
• 1234 • princess
• 1234567 • qwertyuiop
• baseball • alone
• welcome • starwars
• 1234567890
• abc123
Activity on 'the phonbies' page 39:[Link]
 Digital certificates (I).
Digital certificates are documents in digital format that contain
identifying data of a person or entity that can be used as
means to identify the signer. They help to prevent fraud, as they allow
access the Internet services in such a way that both parties involved can
mutually identify with the certainty that it is they who are interacting.

It is called an electronic signature the type of digital certificate that has the same validity
than the handwritten signature.

Another way to confirm our

digital identity is using the
Electronic DNI (DNIe), issued by the
Ministry of Interior.
Digital certificates (II).

How are they obtained?

1. On a computer connected to the Internet, request the certificate from a provider of
certification services (such as theNational Mint and Stamp Factory).
2. Verify your identity by physically appearing at a registration office.
3. Download the certificate from the Internet.

What are they for?

• Authenticate the user's identity to third parties.
• Electronically signing to guarantee the integrity of the transmitted data
and its origin.
• Encrypt data so that only the recipient of the document can access it.
content.

What can you do with a digital certificate?

• Process scholarships and aids.
• File the tax return.
• Consult the penalties and traffic points.
• Request certifications.
5. Passive security (I).

It consists of minimizing the impact of a possible cyber damage, assuming that,

Despite implementing active security, any system is vulnerable.
The main passive operating mechanisms are:
Uninterruptible power supplies (UPS).
They protect the equipment against power outages and spikes or
voltage drops. When there is a power outage, the UPS
provides the electrical current necessary for it to
Time to correctly turn off the equipment.

NAS devices (network area storage, systems of

network storage). Storage devices
those that are accessed through a network, so they usually go
connected to a router.
Backups allow restoration
systems or data if necessary. It is important
plan what medium they are made on, with what frequency
and of what elements of the system.
 How to know if our computer has been attacked?

The symptoms that may indicate that our computer has been attacked are:
1. The computer works excessively slow in both processes

like in the internet connection.

[Link] the available disk space (warnings that there is no space

sufficient.
[Link] programs appear that start automatically.

new home pages in the browser or unexpected messages are displayed

pop-up windows, even when the browser is not open.

4. Unknown icons appear on the desktop and are difficult to remove.

5. The keyboard and/or the mouse are doing strange things.
The hard drive works more than necessary.
7. You cannot open the antivirus or you cannot access
sitios relacionados con la seguridad.
Active and passive security: prevention measures.

1. Periodically create system backup copies that allow

restore it if necessary.

2. Use secure passwords on all devices and applications.

3. Only use open Wi-Fi networks that are trusted.

4. Have an antivirus installed and updated, and know its functions.

lim itaciones.
[Link] sar los dispositives introduced in the team.
5. Keep the operating system updated.
7. Be careful with downloads of unknown files.
from P2P (peer to peer) programs, as they may contain
virus.

8. Properly configure the firewall.

[Link] attention to free program downloads.
 6. Threats and fraud against individuals.

In security, the most important thing is to protect people, as the damage to

they remain over time and transcend to other aspects of life.

One in ten people has been harassed at some point and one in three has
participated in some form of harassment. The safety of individuals encompasses
in all ways, many areas, including postural hygiene in front of the machine or the risk
of computer addiction. Among the dangers that can threaten us are:

• Inadvertent access to illegal or harmful information.

• Identity theft, robberies, and scams. For example, thephishing

it is a type of scam that consists of acquiring information from a user through
deceptive techniques for fraudulent use. The most common example is the
from an email that arrives to the user impersonating a communication from a bank and
requesting their access keys under a false security threat.

• The loss of our intimacy or the harm to our identity or image.

• Elciberbullyingociberacoso, que consiste, básicamente, en amenazas,

Existing fraud techniques on the Internet.

Phishing Sending emails that simulate coming from known entities (usually they are from
online banking) so that the user can provide their banking details and thus be able to withdraw their
money
Phishing - Fake offers for the sale of cars at surprising prices whose purpose is to trick the user
car make a deposit payment. The user neither receives the car nor recovers the deposit.
Scam or They are deceptive telecommuting offers that only intend to obtain the bank details of the
false supposed employees. This data is often used to generate income from the
offers of phishing (money laundering obtained fraudulently). The deceived worker
Work receives money for allowing the use of their current account and sending money to other countries.
The muleteers are accused by the justice system of fraud and money laundering obtained
illegally, although they are actually another victim.

PharmingIt is about deceiving the internet user through the hijacking of the DNS server. The user believes
that are navigating through official or authentic pages and are actually fake copies to
obtain your bank details.
False Emails congratulating us for winning a grand prize in a lottery and
awards they request the bank details where to make the deposit. In this way, they access the
funds from our bank account.
False E-commerce pages filled with succulent offers for the buyer to fall for.
stores on in the deception. They do not accept various forms of payment, only card payment to obtain
our data.
 Software to protect the person.

There are programs that facilitate parental control of Internet use. They can:

Limit the searches.

Allow or block websites.
Control instant messaging programs.
Set filters based on the age of the minor.
Etc.
 Digital responsibility.
Everything we do on the Internet leaves a trace, a digital footprint that speaks about you. That
Information is your digital identity, your personal brand. It is your duty to take care of it and the
laws protect you for that purpose. We must be clear that the greatest protection lies in
ourselves, our attitude is the best protection. We must act with
digital responsibility.

FOOTPRINT IDENTITY RESPONSIBILITY

DIGITAL DIGITAL DIGITAL
 Habits oriented towards the protection of privacy and
the person (I).

1. Talk to your parents if you receive something strange or unpleasant. Report it.
2. Do not solicit or provide personal data or any other information over the Internet.
information that can identify you. Use aliases or nicknames.
Do not associate with strangers, distrust the person who wants to.
4. Turn the camera
to know towards
a lot about a blindare
you. There spot or cover
other safer it
ways to make new friends.
a sticker when you are not using it to prevent
that captures images. The webcam can be
remotely manipulated using software
malicious.
5. Don't post your photos or videos casually. Do it
always in restricted access sites and always that
Don't damage your current or future image. Don't post.
images of no one without their consent. I know
respectful towards others.
 Habits oriented towards protecting privacy and
the person (II).

Stay up to date with technology and limit your browsing time.

Internet.
Respect the minimum age to access the sites. If we accept the
terms of use without reading them we may be authorizing the owners
from the site to use our data, images, etc.
8. Get informed about the sites, on some it is not possible to 'unsubscribe'.
[Link]
Nuncain youemosnuestros
lesc ed rit mbies datusdato
privsados
parto always.
open Wi-Fi networks
be confident. Both the
administrator like some of the
connected users can use
techniques to steal your information.

Ultimately: use common sense.

 7. Internet Security.
Talking about cybersecurity is talking about security on the Internet. Most of
Threats and frauds come through the Internet.
Social networks and their security
In a social network, exchanges of different types take place: financial,
friendly, on specialized topics,... so we must keep in mind our
security and respect for other users. Otherwise, there is no need to
represent a danger, although the following aspects must be taken into account:
• Minimum age for use established.
• It is important to read both the terms of use and the policy of
privacy, to know what we authorize the owners of the social network.
• We should try not to provide personal data in the registration questionnaires.
social network, such as phone number, center where we studied, beliefs
religious, political ideology, etc.
• In some networks it is not possible to unsubscribe (you can only deactivate the account).
(account) and the data remains available to the owners forever.
What is a CAPTCHA?

When we register on any internet application, something appears.

similar to this:

It is a CAPTCHA (completely automated public Turing test to tell

computers and humans apart, fully automated Turing test and
public to differentiate computers from humans). That is to say, it is a simple
a test that demonstrates it is a human being and not a computer who is trying
access a password-protected account.
 Secure protocols (I).
The way computers communicate with each other follows a series of rules that
they constitute a protocol.

Servers

They use the HTTP (hypertext transfer protocol) to send and receive
documents through the Internet. We can find pages that use a
secure cryptographic protocol called HTTPS (Hypertext Transfer Protocol)
secure). The encryption of these pages is based on quality SSL certificates (secure.
sockets layer), creating an encoded channel that cannot be interpreted in case
that someone intercepts the connection. It is used, for example, in commerce.
electronic, banking entities and any service that requires the transmission of data
personal information or passwords.
Secure protocols (II).

Information packages

They follow the TCP/IP protocol (transfer control protocol/Internet protocol).

The latest version is the IPv6 of the IPv4 protocol (current version). It is about a
secure protocol, as it operates in an encrypted manner. If it is intercepted a
communication, the information cannot be read without first deciphering it. The IPv4
allows for about 4 billion addresses, as it assigns to each device a
series of four numbers (each between 0 and 255). IPv6 assigns eight groups
of four hexadecimal digits (thus allowing for a practically unlimited number of
directions)

Practices 8 and 9
 Intellectual property and software distribution (I).

Software, like other creations on the Internet, is protected by law.

of intellectual property. Copyright is a set of rules and
principles that regulate the moral and economic rights recognized by the law to the
authors of a published work. Intellectual property encompasses all the
author's rights over the disposition and exploitation of their creation.

Types of license
• Commercial software. Developed by a company with the
purpose of obtaining economic benefits. Its use is
limited to the user or number of licenses purchased. Not
he knows
Private its sourceThis
software. code (which
refers would make it modifiable)
to specific software and cannot by
developed
to be redistributed
programmers for a to other users.
specific user or company, who are the only ones that
they can use it. They are usually very special and customized applications (not
they exist in the market) and are needed for specific business activities and
important.
Intellectual property and software distribution (II).

• Shareware. A type of commercial software that is distributed for

free way for the user to try it out. These
versions do not have all the functionality of the program or
they stop being operational after a few days. When we buy the
usage license, all functions are activated and it does not expire the
validity period.

• Freeware. Programs whose author makes available to the

free users. Its source code is not known (for
what cannot be modified) and can be redistributed by
User's part. The authors of these programs often have
habilitados sistemas para que el usuario que lo desee realice
voluntary monetary donations and show thus their
thank you for the program. Another example of software
adware is free, which works completely and for
unlimited time, but its free nature lies in that it uses
advertising during its execution.
Intellectual property and software distribution (III).

• Open Source (open code). Programs that are delivered with

the programming code used for its operation
so that a programmer knowledgeable in the language can
adapt the program, modify it or improve it. All software of
open source is free and all free software offers its code of
programming.

• Free software. Programs that can be freely used,

modified (its source code is known) and copied to be
Within free software,
distributed among we theencounter
users. Itnumerous
does notspecial
mean licenses
that that
they are
they can be grouped into two types: with or without copyleft. The copyleft establishes that the
free.
modifications or improvements of a program redistributed by users are
obligated to comply with the same license as the original. Software licenses
The most commonly used copyleft free licenses by authors are GPL (General Public License)
General) and LGPL (Lesser General Public License).

• Semi-free software. A type of software distributed as free among users.

individuals and non-profit entities (not for businesses).
Creative Commons Licenses.

It is a type of license that emerged from copyleft and is characterized by having some
derechos reservados y marcar unas condiciones de uso. Las licencias de CC más
used are the result of the combination of the four main lines:
What is a CAPTCHA?

When we register on any internet application, something appears.

similar to this:

It is a CAPTCHA (completely automated public Turing test to tell

computers and humans apart, fully automated Turing test and
public to differentiate computers from humans). That is to say, it is a simple
a test that demonstrates it is a human being and not a computer who is trying
access a password-protected account.
File sharing: P2P networks (II).

Main characteristics of P2P networks:

• The information is sliced and sent over the network in the form of packets, which are
reconstructed when the user has received all the components.

• The exchange of large files is enabled.

• The direct exchange of information between users has facilitated the

distribution of non-free applications and content protected by the law of
intellectual property and copyright.