Malware and Computer Security: Cc101 - Introduction To Computing

Malware and
Computer Security
CC101 - INTRODUCTION TO COMPUTING

LESSON 12-13 MALWARE AND COMPUTER SECURITY
LEARNING OUTCOMES:
At the end of the session, the students should be
able to:
1. Understand malware and computer security.
2. Learn how to Install different anti-virus software.
3. Implement a simple computer security measures
against malware.
CC101 – INTRODUCTION TO COMPUTING

2
Introduction to
Computer Security

3
What is Computer Security?

•Computer security is refers to techniques for ensuring that
data stored in a computer cannot
be read or compromised by any individuals without
authorization.
•Most computer security measures involve data encryption
and passwords.
•The purpose of computer security is to device ways to
prevent the weaknesses from being
exploited.
•We are addressing three important aspects of any
computer-related system such as confidentiality, integrity,
and availability.
4
These are the

three goals in
computing
Security.
1.Confidentiality
2.Integrity
3.Availability

5
THREE GOALS IN COMPUTING

SECURITY
One of the challenges in building a secure system is finding the right
balance among the goals, which often conflict.
•Confidentiality: ensures that computer-related
assets are accessed only by authorized parties.
Confidentiality is sometimes called secrecy or
privacy.
•Integrity: it means that assets can be modified only
by authorized parties or only in authorized ways.
•Availability: it means that assets are accessible to
authorized parties at appropriate times.
6
Security Concepts

7
VULNERABILITY
•Vulnerability is a weakness in the security system.
•Weaknesses can appear in any element of a
computer, both in the hardware, operating system,
and the software.
The types of vulnerabilities we might find as they
apply to the assets of hardware, software, and data.
•These three assets and the connections among
them are all potential security weak points.

8
HARDWARE VULNERABILITY
•Hardware is more visible than software, largely
because it is composed of physical objects.
•it is rather simple to attack by adding devices,
changing them, removing them, intercepting the
traffic to them, or flooding them with traffic until
they can no longer function.

9
SOFTWARE VULNERABILITY
• Software can be replaced, changed, or destroyed
maliciously, or it can be modified, deleted, or
misplaced accidentally. Whether intentional or not,
these attacks exploit the software’s vulnerabilities.

10
SOFTWARE VULNERABILITY
• Sometimes, the attacks are obvious, as when the
software no longer runs. More subtle are attacks in
which the software has been altered but seems to
run normally.

11
DATA VULNERABILITY
• a data attack is a more widespread and serious
problem than either a hardware or software attack.
• data items have greater public value than hardware
and software because more people know how to
use or interpret data.

12
Threats to Computer
System

13
THREATS
• An interception means
that some
unauthorized party has
gained access to an
asset. The outside
party can be a person,
a program, or a
computing system.

14
THREATS
• In an interruption is an
asset of the system
becomes lost,
unavailable, or
unusable.

15
THREATS
• If an unauthorized
party not only accesses
but tampers with an
asset, is called as a
modification.

16
THREATS
• An unauthorized party
might create a
fabrication of counterfeit
objects on a computing
system.
• The intruder may insert
spurious transactions to
a network
communication system
or add records to an
existing database.
17
THREATS
What are the major threats to system security?
Here's a list of the top 10 security threats you should be aware of.
1. Privilege Escalation 6. Spam

2. Virus 7. Adware
3. Worm 8. Rootkits
4. Trojan 9. Botnets
5. Spyware 10.Logic Bomb

18
How to Arm Yourself Against

These Threats
• The list of system security threats is extensive and
growing. A defense strategy that includes anti-virus
software, system patching and timely software
updates are key to combating the problem. For system
administrators and end-users alike, understanding the
differences between these threats are the first step
towards being able to eradicate them.

19
Potential Losses during

attacks

20
Mapping cyber incidents to

potential losses
SOMETIMES, it’s easy to understand
the concept of cybercrime and
cybersecurity but difficult to really
picture how exactly a hacker can cause
you damage – and the extent of your
damage.

21
3rd party data confidentiality breach

This is a scenario where you give out information about your
clients or customers, with personally identifiable information.
There are some stellar examples out there, including Uber and
Equifax, that made headlines for weeks. For Equifax, the “hack”
event cost its CEO his job.
• Potential losses:
• Incident response costs
• Breach of privacy compensation
• Reputational damage
• Regulatory and legal defense costs
• Fines and penalties
• Directors and officers liability

22
Own data confidentiality breach

This is usually a case where a hacker steals information
and “knowledge” stored in a company’s computer.
Sometimes, the ramifications can be severe.
• Intellectual property theft

23
Operational technology malfunction

A lot of the technology in your office and factory is
electronic – and controlled with a command from a
nearby computer. In short, they’re programmable. If
hacked, they could cause significant damage to your
staff and even your customers.
• Business interruption
• Fines and penalties
• Physical asset damage
• Bodily injury and death
• Director and officers liability

24
Network communication malfunction

With a lot of internal and external business relationships
dependent on networks, their malfunctioning can cause
severe damage to the company and its business.
• Business interruption
• Reputational damage

25
Inadvertent disruption of a 3rd party system

Now this is something that’s easy to understand. Imagine owning a
device that you use to connect with a key supplier or client. Say, a
direct link to their software that allows you to query their inventory
and plan your purchases or sales.
• Network security failure liability

26
Disruption of an external service provider

Again, an easy one to understand. Imagine relying on a CRM
or an ERP package that’s delivered to you as a service, via
the cloud. Now, imagine that the cloud and the provider are
hacked. It could potentially damage your workflow and
disrupt “bus
Potential losses: Contingent business interruptioniness as
usual” for a while.

27
Disruption of an external service provider

Again, an easy one to understand. Imagine relying on a CRM
or an ERP package that’s delivered to you as a service, via
the cloud. Now, imagine that the cloud and the provider are
hacked. It could potentially damage your workflow and
disrupt “bus
Potential losses: Contingent business interruptioniness as
usual” for a while.

28
Deletion or corruption of data

Getting your computer or corporate network infected with
malware not only risks your data but might also corrupt or
delete it. This data, whether on your own computer or on
another computer on your network, might be sensitive and
critical to your business operations.
• Data and software loss
• Product liability
29
Deletion or corruption of data

Getting your computer or corporate network infected with
malware not only risks your data but might also corrupt or
delete it. This data, whether on your own computer or on
another computer on your network, might be sensitive and
critical to your business operations.
• Data and software loss
• Product liability
30
Encryption of data
The most popular of the lot, this cyber incident
encompasses all the ransomware out there that infects
your computer, locks your data, and forces you to pay a
price for ignoring the threats in the cyberworld.
It’s affected everyone – from employees at government
organizations to private citizens running small businesses.
• Cyber ransom and extortion

31
Cyber fraud or theft

Finally, everyone’s nightmare – having your account hacked
and all your money stolen. Whether of personal or
company accounts, it can have severe ramifications and
cause a lasting impact.
In most cases, unfortunately, the monies are difficult to
recover.
• Financial theft and/or fraud
• Directors and officers’ liability

32
What makes a
system secure?

33
HOW TO SECURE THE COMPUTER

There are two ways
1.Physical secure
2.Other secure methods

34
PHYSICALLY SECURE COMPUTERS

• Obtain physical
computer locks for all
your computers

35

• Attach mobile
proximity alarms to
your computers.

36

• Store computers in an
area with secure
access.
•Or place the computers
in a locked room

37
SECURE THE COMPUTER

• Choose a web
browser based on its
security and
vulnerabilities
because most
malware will come
through via your web
browser

38
SECURE THE COMPUTER

• When downloading
software (including
antivirus software),
get it from a trusted
source

39
SECURE THE COMPUTER

• install good antivirus
software because
Antivirus software is
designed to deal with
modern malware
including viruses,
Trojans, key loggers,
rootkits, and worms.

40
SECURE THE COMPUTER

• Download and install
a firewall

41
SECURE THE COMPUTER

• Close all ports.
Hackers use port
scanning (Ubuntu
Linux has all ports
closed by default)

42
LABORATORY ACTIVITY
• Each group should have at least one terminal.
• Install latest Anti-virus Software
• Describe the functions of each antivirus software

43
LESSON 5- EVOLUTION OF COMPUTER
References
• https://www.pluralsight.com/blog/it-ops/top-10-
security-threats
• https://techwireasia.com/2018/03/mapping-cyber-
incidents-potential-losses/

44
THANK YOU
HAVE A
SECURED
WORLD
45
END
CC101 - INTRODUCTION TO COMPUTING

Malware and Computer Security: Cc101 - Introduction To Computing

Enviado por

Dados do documento

Descrição original:

Título original

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Malware and Computer Security: Cc101 - Introduction To Computing

Enviado por

Direitos autorais:

Formatos disponíveis

Malware and

CC101 - INTRODUCTION TO COMPUTING

CC101 – INTRODUCTION TO COMPUTING

CC101 – INTRODUCTION TO COMPUTING

What is Computer Security?

These are the

CC101 – INTRODUCTION TO COMPUTING

THREE GOALS IN COMPUTING

CC101 – INTRODUCTION TO COMPUTING

CC101 – INTRODUCTION TO COMPUTING

CC101 – INTRODUCTION TO COMPUTING

CC101 – INTRODUCTION TO COMPUTING

CC101 – INTRODUCTION TO COMPUTING

CC101 – INTRODUCTION TO COMPUTING

CC101 – INTRODUCTION TO COMPUTING

CC101 – INTRODUCTION TO COMPUTING

CC101 – INTRODUCTION TO COMPUTING

CC101 – INTRODUCTION TO COMPUTING

1. Privilege Escalation 6. Spam

CC101 – INTRODUCTION TO COMPUTING

How to Arm Yourself Against

CC101 – INTRODUCTION TO COMPUTING

Potential Losses during

CC101 – INTRODUCTION TO COMPUTING

Mapping cyber incidents to

CC101 – INTRODUCTION TO COMPUTING

3rd party data confidentiality breach

CC101 – INTRODUCTION TO COMPUTING

Own data confidentiality breach

CC101 – INTRODUCTION TO COMPUTING

Operational technology malfunction

CC101 – INTRODUCTION TO COMPUTING

Network communication malfunction

CC101 – INTRODUCTION TO COMPUTING

Inadvertent disruption of a 3rd party system

CC101 – INTRODUCTION TO COMPUTING

Disruption of an external service provider

CC101 – INTRODUCTION TO COMPUTING

Disruption of an external service provider

CC101 – INTRODUCTION TO COMPUTING

Deletion or corruption of data

Deletion or corruption of data

CC101 – INTRODUCTION TO COMPUTING

Cyber fraud or theft

CC101 – INTRODUCTION TO COMPUTING

CC101 – INTRODUCTION TO COMPUTING

HOW TO SECURE THE COMPUTER

CC101 – INTRODUCTION TO COMPUTING

PHYSICALLY SECURE COMPUTERS

CC101 – INTRODUCTION TO COMPUTING

PHYSICALLY SECURE COMPUTERS

CC101 – INTRODUCTION TO COMPUTING

PHYSICALLY SECURE COMPUTERS

CC101 – INTRODUCTION TO COMPUTING

SECURE THE COMPUTER

CC101 – INTRODUCTION TO COMPUTING

SECURE THE COMPUTER

CC101 – INTRODUCTION TO COMPUTING

SECURE THE COMPUTER

CC101 – INTRODUCTION TO COMPUTING

SECURE THE COMPUTER

CC101 – INTRODUCTION TO COMPUTING