Transcription
COMPUTER SECURITYAND ETHICSUnit5
96SLOsŸŸŸŸŸŸExplain the importance of computer security in dailylifeDe ne various terms related to computer securityExplain computer crimes by giving real-life examplesDescribe Cyber-Attacks and how to prevent themDiscuss Cyber- Harassment and what to do in caseof becoming a victimExplain how to seek help against Cyber-Crime5.15.1 COMPUTER SECURITYThe computer has become an important part of our life. We storeimportant data on our computers in the shape of documents, pictures,programs, etc. Therefore, we expect that all our information must remainsafe and our computer runs properly without any problem. Few threatscan cause problems for our computers. These threats may be differenttypes of viruses or unauthorized use of a computer. To prevent ourcomputer from such threats, we need to abide by computer security.Computer security is the protection against theft or damage to ourcomputer hardware, software and information present on it.5.1.1 Importance of Computer SecurityComputer security is important for our computer's overall health. Itkeeps our information protected and helps prevent viruses and malware,which allows programs to run quicker and smoother. It safeguardscon dential and sensitive information.The advancement in science and technology has changed the wayswe live and carry out day to day activities. We rely on computers andmobile phones to carry out many activities. While using computers andmobile phones we access a lot of information which we do not want toshare with others. This information may include our passwords, bankingdetails, contacts, pictures, etc. To protect this information we need tomake our devices secured that no one can damage or access thisinformation without our consent.
97Computer Security is important as it enables people to perform their workin safe environments. It helps in the execution of essential businessprocesses. Here are a few reasons why computer security should be takenseriously.5.1.2 Cybercrime:As communication, trade, and services are relying more oncomputers and networks, the cybercrimes are growing too. Cybercrime isthe crime that is committed through a computer and network.Cybercriminal uses devices to gain unauthorized access to importantinformation. Stealing passwords and important information, hackingsocial media accounts, accessing anyone else's account and makingtransactions, committing online frauds are some of the examples ofcybercrime. Cybercrime is illegal and also punishable. According toPakistan's Cybercrime Law, any offender who interrupts the privacy of aperson or organization and harms their repute may be sent to jail for threeto ve years including a heavy ne.(i)Hackers:Hacker can be a person who has in-depth knowledge of computersystems, networks, and programs. Hacker maybe someone who uses hisor her extensive skills to identify and overcome a network loophole.Hackers constantly seek further knowledge and freely share what theyhave discovered. Hackers are generally considered as bad people however,hackers can also help us to improve the data and network security.Government and business organizations are now hiring ethical hackers,also known as white hat hackers, to prevent data theft.(ii)CrackersCrackers are persons who gain unauthorized access to anothersystem. They bypass passwords or licenses of computer programs,change source code or intentionally breach computer security. They do itwith negative intentions. Crackers can also make targeted systemunavailable or non-functional. They commit these activities generally formoney but they may do it for fame or just for challenge or fun.
985.1.3 Computer Crime in Real LifeAs technology is growing the data security has become so crucial.We can be a victim of computer crime at any time. Computer crime canrange from an international data security threat to a personal offense. In2013, hackers managed to hack 1 billion email accounts of the users.Likewise, in 2017, the WannaCry virus attacked the National HealthService in the United Kingdom which made the whole system nonfunctional for several days. As far as personal offenses are concerned,hacking the social media and mail accounts are so common. There aremany genres of computer crime or now called cyber-crimes. Someexamples of such crimes in real life are discussed here.(i)HackingHacking is perhaps the most common crime in the computer world.Hackers can steal our WiFi, email or social media accounts' passwords.Hackers also attack a website and take it down. However, the scope ofhacking is much wider. The hackers can also steal sensitive informationfrom government and business organizations, make fraudulenttransactions and erase data on the cloud or network computers.(ii)Credit and Debit Card ScamKeeping debit or credit cards is a common practice but insecure useof these cards can be dangerous. If a person has information about ourdebit or credit card he or she can make fraudulent transactions. There arevarious ways to get this information. One way is through scamming.Scammers set small machines inside an ATM or credit card machine.These machines copy the data which is then misused by the scammers.Debit and credit cards are also secured with PIN codes. User has to keepthis code secret otherwise any person can use the card for online shoppingand other purposes. All he or she needs to know our credit card number,PIN and security code printed on the back of the cards.(iii)PhishingPhishing is a method of trying to gather personal information usingfalse e-mails and websites. In Phishing, perpetrators contact the target
99person through email, telephone or text message and pose as a legitimateand trusted individual. He or she asks the target to provide sensitive datasuch as personally identi able information, banking and credit carddetails and passwords for different reasons. The information is then usedto access different accounts and can result in identity theft and nancialloss.(iv)ClickjackingHave you ever seen any video tagged as “OMG? You won't believewhat this boy has done!” or did you nd a button on a website that askedto click to claim a reward you had never applied for? This is a kind of fraudwhich is called Clickjacking. Usually, culprits target children or noviceinternet users to click on a link containing malware or trick them intosharing private information via social media sites.(v)Cyber Bullying or HarassmentElectronic means like a computer, mobile phone or internet are alsoused for online bullying or harassment. Harmful bullying behavior caninclude posting rumors, threats, passing inappropriate remarks, leakingpersonal information, blackmailing and committing hate speech. Theperpetrator does it with the intent to cause harm to the victim. Victimsmay experience lower self-esteem, intent to commit suicide and a varietyof negative emotional responses, including being scared, frustrated, angryand depressed.5.1.4 Cyber AttackCyber-attacks occur when a cybercriminal uses computer or anydevice to launch attacks to other single or multiple computer networks.The culprit tries to enter in a computer system and network throughcracking, scam links, phishing or any other method. Generally cyberattacks are committed for getting any bene t or causing harm to victimcomputer, network or websites. A cyber-attack either disables thetargeted computer, deletes information or knocks it of ine. It may alsosteal information from the computer or network.
1005.1.4 What to do? In Case of Becoming a VictimThe perpetrator of cyber crime always asks tokeep his or her contact secret otherwise the victimmay face heavy loss. The response of the victim ofcyber crime, bullying or harassment is very crucial.There are ways to get rid of such miseries. Firstthing is to report such incidents to the trustedpeople that are highly likely parents and teachers.Fig: 5.1 Cyber RescueHelplineThe government has also taken measures to curb cybercrimesespecially cyber bullying and harassment. In Pakistan, the NationalResponse Centre for Cyber Crimes has been set up to help the victims ofcybercrimes. An online complaint can be launched through the formavailable on the website or help may be sought by calling helpline 9911which is available 24/7.SLOsDe ne computer virus and how to prevent themDe ne and differentiate various types of viruses:Malware , Virus, Worm, Adware and SpywareŸ Identify that a virus, worm, adware, spyware andMalware can spread through different waysŸ Recognize that the antivirus software like Avast,Norton, MacAfee and others can help to safeguardagainst virusesŸŸ5.25.2 MALWAREThe term malware is the contraction of malicious software. Malwareis a broad term that encompasses computer viruses, worms, spyware,adware and others. Malware is a program that is written generally tocause a mess. They can be so dangerous that they can also damagedevices. However commonly malware encrypt, steal or delete data, hijackcore functions of computing and disturb different activities.
1015.2.1 Different MalwareTypes of malware can include computer viruses, worms, adware,and spyware.(i)Computer VirusA computer virus is a computer program that can spread acrosscomputers and networks by making copies of itself, usually without theuser's knowledge. It can also modify other computer programs, insert itsown code and change computer settings. Viruses are harmful. They canrange from displaying irritating messages to make all the documentsinaccessible or even delete them. Viruses generally latch on a host le andwhen they execute they infect other les or programs. Boot Sector,Resident, Macro Viruses and File Infector are some examples of viruses.(ii)WormA computer worm spreads copies of itself from computer tocomputer. A worm can replicate itself without any human interaction. Itdoes not need to attach itself to a le or program to cause damage. It cando several malicious tasks, such as dropping other malware, copying itselfonto devices physically attached to the affected system, deleting les, andconsuming internal storage and memory resources.(iii)AdwareAdware is advertising-supported software. They present endlessads and pop-up windows that could potentially consume memory andprocessing resources. Adware can also change the different settings ofinternet browsers like homepage and default search engine. Normally,these are not as dangerous as other malware. However, Adware annoysthe user and slows down the processing. The advertisements produced byadware are sometimes in the form of a pop-up or sometimes in littlewindows that may not be closed. Adware programs include games,desktop toolbars or utilities. Commonly, adware is web-based and collectsweb browser data to target advertisements, especially pop-ups.
102(iv)SpywareSpyware is a malware that monitors a device and steals importantinformation about a person or organization without their consent andsends such information to another person or organization. Spyware takescontrol over a mobile phone or computer without the user's knowledge.They capture information like web browsing history, e-mail messages,usernames and passwords and online payment information. Spyware cancome through cookies or even when we install software without reading itsterms and conditions. System monitors, cookies trackers, rootkits andkey-loggers are few examples of Spyware.5.2.2 Ways of viruses spreadA computer virus is just like a u virus. It is designed to spread fromone device to another device and can replicate itself. Any device that isinfected from a virus can infect other devices. It means that viruses comefrom outside. How do they come? Here are some ways:(i)USB Flash Disk and CDsUSB Flash Disks are the most common media to transfer les. Aninfected computer can spread a virus to a clean USB ash disk that isinserted and likewise, an infected USB can transmit the virus onto a cleancomputer. The AutoRun function in Windows OS launches installers andother programs automatically when a ash drive or CD is inserted. Thisaction can initiate a virus spreading process onto the computer. Copyinginfected les from the USB or CD can also infect the computer.TeacherNoteSLOsTeacher should provide the information of viruses likeTrojan horses, Rootkit, Backdoors, and Bots. This maybe given as an assignment.
103(ii)Internet DownloadsComputer viruses also spread through les or software downloadsfrom the Internet. They can be attached to software or les that wedownload. The viruses come from the internet can also make ourcomputer accessible to hackers. Though, almost every antivirus softwareprovides a shield against malicious downloads,it is highly recommendedthat the software and les must be downloaded from trusted sources.(iii)Computer NetworkUsers must be careful because les picked from a Local AreaNetwork (LAN) may be infected and cause damage to our computer oroperating system. The same can happen to transfer les from one mobiledevice to another mobile device via Bluetooth etc.(iv)Email AttachmentsEmail attachments have been a popularmedium to spread viruses. Viruses can easilybe transferred from one computer to anotherthrough email attachments. The infectedemails may come from an unknown or fakeemail address. Perpetrators who spread theseviruses use either fake email or change a fewletters in a trusted email address. People inour contact list may also send us infected lesas they may not be aware of it themselves.Users must check the origin of the email beforeopening the attached les or clicking any linkthat is given in the email. Especially spammails must be checked carefully beforeclicking on its attachment.Fig: 5.2 Viruses canspread through emails5.2.3 AntivirusAntiviruses are utility software designed to protect computers fromany potential threats of data or hardware loss. It is highly recommendedthat the user must install an antivirus on an operating system like
104Windows. Antivirus software works in the background and monitors everysoftware that is running and the emails or data coming from the internet.In case of any suspicious activity, antivirus alerts the user and asks foraction. Normally, antivirus tries to clean the les and if not succeeded itquarantines the infected le. This is highly recommended that the usershould update the antivirus regularly. Many antivirus software can befound on the internet and most of them are generally free. However, in thefree version of antivirus, some advanced features are not available. Paidcustomers are called premier users and they get advance securityfeatures.The most common antiviruses are:(i)AvastAvast is one of the largest securitycompanies in the world. Avast's managementclaims that they are using next-gentechnologies to ght cyber-attacks in realtime. They also claim that Avast has animmense cloud-based machine learningengine that receives a constant stream of datafrom hundreds of millions of users. Thisfacilitates learning at extraordinary speedsand makes arti cial intelligence enginesmarter and faster to stop viruses.NortonNorton antivirus has been a popularantivirus utility since 1991. This is a part of alarge family of security and other utilitysoftware by Symantec Corporation. NortonAntivirus is easy to use, has the con gurationoptions that experts need, comes highly ratedby the testing labs and is exactly designed tohave the least possible impact on your systemperformance.Fig: 5.3 Avast Antivirus(ii)Fig: 5.4 Norton Antivirus
105(iii)McAfeeMcAfee claims that it provides acombination of antivirus, privacy and identitytools and features. This enables users to stayprotected against the latest virus, malware,ransomware and spyware attacks while keepingtheir identity and privacy protected and personal.5.2.4 Safeguard against MalwareKeeping ourselves safe frommalware and viruses is mostly in ourhands. More than 90% of computers areinfected due to the user's mistake. Ourcomputers have caught a virus if theystart slowing down, behave unusually,crash during processes or restart severaltimes, show annoying messages andsome of our documents disappear orbecome inaccessible. We must avoid thissituation to be created. Some simplemeasures can prevent our system frommalware and viruses.ŸŸŸŸŸŸŸŸŸFig: 5.5 McAfee AntivirusFig: 5.6 Schedule scan cansafe from data lossInstall anti-virus software and keep it updated.Run scheduled scans regularly with your anti-virus software.Keep your operating system updated.Do not click on internet links which have unusual labels, images orcaptions.Do not open email attachments or click on hyperlinks fromunknown senders.Scan USB ash drive, SD cards and mobile phones before opening.Use your spam blocking or ltering tools to block unsolicited emails,instant messages and pop-ups.Only download les and programs from trusted sources on theinternet.Never use an open WiFi.
1065.2.5 Keeping the Backup of DataBesides this, we should also take some measures to recover datafrom any potential loss. Some steps in this regard are:Ÿ Create a system restore point regularly and check if it is notdisabled.Ÿ Write important data on CDs or DVDs. Since they are writeprotected, they do not catch viruses.Ÿ Have the back-up of important les at more than one place.Ÿ You can also save documents on cloud storage like Google Drive andMicrosoft OneDrive.SLOsŸŸŸDescribe the authentication mechanismList out the different authentication mechanismsDifferentiate between username and password,personal identi cation number and biometricauthentication mechanisms5.35.3 AUHENTICATION MECHANISMThe authentication mechanism is the hardware or software-basedmechanism that forces users to prove their identity before accessing dataon a device. The process makes sure the only authenticated user getsaccess to data or devices.5.3.1 Types of Security MechanismThere are many ways a computer security system may authenticatea user. Some of them are:(i)Username and Password:A username and password are the pair of keywords known by theuser. They are presented to the computer to authenticate the user.Usernames and passwords are the default authentication mechanism on
107the web today. However, recent large scale computer attacks have madeusernames and passwords an unacceptable authentication mechanism.Additional authentication mechanisms are needed to fully authenticate.(ii)Personal Identi cation NumberPIN stands for PersonalIdenti cation Number. It is asecurity code for verifying youridentity. Similar to a password, yourPIN should be kept secret because itallows access to important servicessuch as nancial transactions andcon dential emails. The PIN providessecurity when a credit/debit card islost or stolen because the PIN mustbe known before making moneywithdrawal or transfer.(iii)Fig: 5.7 PIN Identi cationBiometric Veri cationUnlike authentication processes, biometrics veri cation makessure that the real person gets access to the data or device. Biometricauthentication relies on the unique biological characteristics of a person.Biometric authentication systems captures data in real-time and compareit with existing data in database. If both samples of the biometric datamatch, authentication is con rmed. Scanning ngerprints are the mostcommon way of biometric. However, some other advance ways includeretinal scans and iris, facial and voice recognitions.Fig: 5.8 Iris and thumb impression veri cations
108ŸSLOsŸŸŸŸŸExplain the importance of professional ethics incomputer eldDe ne information accuracyExplain various types of intellectual property rights:Patents, Copyright and TrademarksExplain software piracy and its impactsDescribe the information privacyDiscuss plagiarism5.4 PROFESSIONAL ETHICS IN COMPUTER FIELDProfessional ethics involve the personal and corporate principlesand rules that guide behavior within the context of a profession. The roleof a professional code of ethics is to clarify values and rules and can beused as a framework for discipline. Computing professionals' actionschange the world. To act responsibly, they should re ect upon the widerimpacts of their work, consistently supporting the public good. Here aresome guiding principles:Ÿ Contribute to society and human well-being, acknowledging that allpeople are stakeholders in computing.Ÿ Be honest and trustworthy.Ÿ Respect the equipment.Ÿ Avoid causing any harm.Ÿ Be fair and act not to discriminate, bully or harass.Ÿ Respect the work required to produce new ideas, inventions,creative works, and computing artifacts.Ÿ Respect privacy and maintain con dentiality.Ÿ Maintain high standards of professional competence, conduct, andethical practice.Ÿ Create opportunities for other individuals or groups to grow asprofessionals.Ÿ Manage personnel and resources to enhance the quality of work life.Ÿ Ensure that the public good is the central concern during allprofessional computing work.Ÿ Access computing and communication resources only whenauthorized.Ÿ Foster public awareness and understanding of computing, relatedtechnologies and their consequences.
1095.4.1 De ne Information AccuracyThe information accuracy is the type ofmeasurement that assures the information iscorrect and true. It is also necessary that theinformation should not be generated from themalicious data. For information accuracy, thedata must be from reputable sources.In the era of information explosion, we need tobe more careful while using or disseminatinginformation. The use of unreliable sourcesresults in inaccurate information. Especially, Fig: 5.9 Ensuring informationAccuracy is necessarythe accuracy of information shared on socialmedia is often questionable.5.4.2 Intellectual Property RightWhen any person develops software, writes a book or researchpaper or invents any method or the machine, it becomes the intellectualproperty of that person. Intellectual property is intangible creations of thehuman intellect. Just like other property the intellectual property can bestolen. To prevent theft or illegal use or spread of intellectual property,Intellectual Property Right is exercised. Through these rights, intellectualproperty is protected with the help of copyrights, patents, andtrademarks. They allow creators orowners of patents, trademarks orcopyrighted works to bene t fromtheir work or investment. Underthese rights, no other person ororganization can copy or reproduceany other's intellectual property.Intellectual property rights areacclaimed worldwide. In Pakistan,Intellectual Property OrganizationFig: 5.10 Intellectual Property(IPO) regulates the mattersshould be regardedregarding intellectual property rights.
110(i)PatentA patent is a grant of exclusive rights for aninvention to make, use and sell the invention for alimited period, in Pakistan 20 years. Owning a patentgives the patent holder the right to stop someone elsefrom making, using or selling his or her inventionwithout permission. To protect students and scholars,the Higher Education Commission also offers supportto get patents registered with Intellectual PropertyOrganization (IPO). The patentable process orinvention must be novel, possess inventive steps andcan be used in industries.(ii)CopyrightCopyright is a legal instrument that provideslegal rights to the creator of artwork, literature, or awork that conveys information or ideas. In simplewords, copyright is the right of copying. Copyrightgives control over how the work is used. Copyrightintends to advance the progress of knowledge bygiving an author of a work an economic incentive tocreate new works. The sign is also often displayedon copyrighted objects.(iii)Fig: 5.11 PatentFig: 5.12CopyrightTrademarkTrademark identi es a product or serviceand distinguishes it from other products andservices. Trademarks are protected by intellectualproperty rights which identi es that the productor service belongs to a speci c organization. It canbe an easily recognizable word, phrase, logo, orsymbol and often mentioned as TM (Trade Mark).Trademark helps organizations to market theirproducts and services locally and globally.Developing trademarks is creative work and canbe done professionally. There are many softwareavailable for developing Trademarks.Fig: 5.13Trade Marks Registry
1115.4.3 Software PiracySoftware piracy is referred to the illegal use, copying or distributionof copyrighted software. Software piracy is a huge threat to the softwareindustry. It causes a signi cant loss of revenue for developers andvendors. Because of piracy, vendors have fewer resources to devote toresearch and development of new products. Since they earn less pro t,they are forced to pass these costs on to their customers.Software companies have tried various techniques to stop softwarepiracy but most of them have remained unsuccessful. They applied forcopy- protection which demands the user to enter certain keys orcredentials. Today, most software require registration which is mainlyonline. However, these measures could not stop software piracy.Using pirated software is also risky for users. Aside from the legalconsequences of using pirated software, users of pirated software losesome practical bene ts as well. Pirated software may not work properly orstop working at any time. Furthermore, pirated software users cannotaccess customer support, upgrades, technical documentation, training,and bug xes.5.4.4 PlagiarismPlagiarism is presenting someone else's work or ideas as your ownwithout full acknowledgment to the author or conceiver. Academichonesty demands that the users of any ideas, words and data shouldacknowledge the originators. Plagiarism is unethical and can have seriousconsequences. Colleges and universities encourage students to submittheir original work and cite the ideas and words borrowed from any othersources. Failing to this may cause serious penalties. There are onlineservices to check and x the plagiarism issues. Academic organizationshire the plagiarism detection service. One of the most used services isTurnitin.
112SUMMARYw Computer security is the protection against damage or theft ofcomputer hardware, its software, and information present on themfrom threat of viruses or unauthorized use.w Cybercrime is the crime that is committed through a computer andnetwork.w Hacker uses his or her skills to identify and overcome a networkloophole.w Crackers are persons who gain unauthorized access to anothersystem.w Phishing is a method of trying to gather personal information usingfalse e-mails and websites.w Electronic means like a computer, mobile phone or internet are alsoused for online bullying or harassment and giving threats.w Cyber-attack is done when a cybercriminal uses computer or anydevice to enter or attacks to other single or multiple computernetworks.w Cyber-attack or cyber harassment victim should report to the trustedpeople and government authorities.w The malware or malicious software is a broad term that encompassescomputer viruses, worms, spyware, adware, and others that is writtengenerally to cause a mess.w Viruses or malware can be spread from USB Flash Disks and CDs,Internet Downloads, Computer Networks and Email Attachments.w Antiviruses are utility software designed to protect computers from anypotential threats of data or hardware loss from viruses or malware.w For data safety, the back-up of important les should be made at morethan one place.w The authentication mechanism is the hardware or software-basedmechanisms that make sure the only authenticated user gets access todata or devices.w Professional ethics involve the personal and corporate principles andrules that guide behavior within the context of a profession.w The information accuracy is the type of measurement that assures theinformation is correct and true.
113w Intellectual property is intangible creations of the human intellect. Toprevent theft or illegal use or spread of intellectual property,Intellectual Property Right is exercised. Through these rights,intellectual property is protected with the help of copyrights, patents,and trademarksw Software piracy is the illegal use, copying or distribution of copyrightedsoftware.w Plagiarism is presenting someone else's work or ideas without fullacknowledgment of the author or conceiver.EXERCISEA.Choose the right answer:1. The broad term that encompasses different harmful software is:a) Virusb)Malwarec) Adwared)Spyware2. The authentication mechanism that only allows the real person toaccess data or device is:a) Username and Passwordb)PINc) Biometricd)Scan Code3. Software are mostly protected under:a) Patentsb)c) Trademarksd)CopyrightsLogos4. The professional ethics in computer eld is important because:a) It is necessary by law.b) Violation can cause serious penalties.c) It is useful for nancial bene ts.d) It creates healthy and positive work environment.5. Free Antivirus Software oftena) Expire after sometimesc) Cannot be updatedb)d)Offer only limited serviceCannot be purchased
1146. Copying and pasting some texts from internet without acknowledgingthe real author is an example of:a) Plagiarismb)Illegal use of patentc) Information Piracyd)Copyright Violation7. Since it does not harm or steal data, the least harmful malware is:a) Virusb)Adwarec) Spywared)Trojan8. The malware that replicates itself and doesn't need to attach with any les is:a) Virusb)Adwarec) Spywared)Worm9. Through which virus spreads?a) Email Attachmentsc) Flash Disks and Cdsb)d)Internet DownloadsAll of them10. “Click this link and win a 5 voucher at McDonald's”. This is anexample of:a) Scamb)Phishingc) Clickjackingd)HackingB.Respond the following:1. Why is computer security important? Write any three reasons.2. Explain Cyber Bullying with an example.3. Why is information accuracy important?4. What is Ethical Hacking?5. Your friend has become a victim of cyber harassment. What two adviceswill you give him or her?6. Write any two measures to avoid email account hacking.7. How is software piracy harmful
Ÿ Discuss Cyber- Harassment and what to do in case of becoming a victim Ÿ Explain how to seek help against Cyber-Crime SLOs Computer Security is important as it enables people to perform their work in safe environments. It helps in the execution of essential business processes. Here are a few reasons w
