Lecture №8 . Cybersafety.

Plan:
1.Security risks of information and their classification. Industry of cybersafety.
2.Cybersafety and control of the Internet. Malicious applications. Measures and means of
information protection.
3.Standards and specifications in information security field. The acts of the Republic of
Kazakhstan governing legal relations in the sphere of information security. Digital signature.
Encoding.
Aim of the lecture: to give an idea of legal regulation that covers the information security.
Having studied this session the student will be able to:

Identify the types of computer threats that you may meet with the software and
hardware of your computers
Take safety precautions to minimize threats to your computer
Identify and solve privacy issues
Understand what copyright is
Avoid using computers illegally
Understand the other legal regulations related to computers

1.Security risks of information and their classification. Industry of cybersafety.

Introduction to Information Security
Information security is the practice of defending information from unauthorized access, use,
disclosure, disruption, modification, perusal, inspection, recording or destruction.

Wikipedia

In the other words, Computer Security is the protection of computing systems and the data
they store or access. Here, it is required to assure that your information are protected in terms of
Confidentiality, Integrity, and Availability as illustrated in the Figure 22 below.

Figure 22: Information Security

Importance of Information Security

Information security plays a major role in your computing system, especially when the
computer is connected to the internet or any other network. Due to being attacked, an
unprotected computer can become infected or compromised within a few seconds after it is
connected to the
network. In the other hand it can be a case for the other computers which are available in its
network.
 Possible attacks
Following is a list of attacks that may arise with your computer if not proper security
measures taken. In other words, following are the ways that your computer may behave due to
being hacked.

 Record keystrokes and steal passwords.

 Send spam and phishing emails.
 Harvest and sell email addresses and passwords.
 Access restricted or personal information on your computer or other systems that you
have access to.
 Illegally distribute music, movies and software.
 Distribute child pornography.
 Infect other systems.
 Hide programs that launch attacks on other computers.
 Generate large volumes of traffic, slowing down the entire system.

Security measures
The following steps can be followed to prevent being attacked.
 Use good, cryptic passwords that can‟t be easily guessed. And keep your passwords
secret.
 Make sure your computer‟s operating system and applications are protected with all
necessary security “patches” and updates.
 Make sure your computer is protected with up-to-date anti-virus and anti-spyware
software.
 Don‟t click on unknown or unsolicited links or attachments, and don‟t download
unknown files or programs onto your computer.
 Remember that information and passwords sent via standard, unencrypted wireless are
especially easy for hackers to intercept.
 Look for “https” in the URL before you enter any sensitive information or a password
(The “s” stands for “secure”).
 Also avoid standard, unencrypted email and unencrypted Instant Messaging (IM) if
you‟re concerned about privacy.

Forms of software threats

In the previous section you learnt what type of attacks may arise with your computer. We
call that the cause of such attacks could be due to a Computer Virus, a Worm, or any other form
of other harmful program. Let us discuss more about such software threats with some examples.
What is a computer virus?
We all get affected by viral infection deceases it is difficult to find a cure for a viral
infections. Computer virus is a harmful computer program developed by a person that disrupts
operations of a computer in various ways. It can be either malfunction of a program or set of
programs, it can be a program which generates e-mails in thousands, it can be a program that
damages important files such as documents beyond recovery, a program just simply destroys the
files system of computer making it completely unusable or simply a harm less program which
displays a message in a taskbar or a title bar. Definitely you need to know that computer viruses
do not infect any human being.
The Creeper virus was first detected on ARPANET, the forerunner of the Internet in the
early 1970s. Creeper was an experimental self-replicating program written by Bob Thomas at
BBN in 1971. Creeper copied itself to the remote system where the message, "I'm the creeper,
catch me if you can!" was displayed. The Reaper program was created to delete Creeper.
 A program called "Rother J" was the first computer virus to appear "in the wild" that is,
outside the single computer or lab where it was created. Written in 1981 by Richard Skrenta, it
attached itself to the Apple DOS 3.3 operating system and spread via floppy disk. This virus was
created as a practical joke when Richard Skrenta was still in high school. It was injected in a
game on a floppy disk. On its 50th use the Elk Cloner virus would be activated, infecting the
computer and displaying a short poem beginning "Elk Cloner: The program with a personality."
Common virus types
There are several types of computer viruses existing and basically they can be classified
according to different categories. First two categories are resident viruses and nonresident
viruses.
Boot Sector Virus
This type of virus affects the boot sector of a floppy or hard disk. This is a crucial part of a
disk, in which information on the disk itself is stored together with a program that makes it
possible to boot (start) the computer from the disk.
Examples of boot viruses include: Polyboot.B, AntiEXE.
Worms
Worms do not require user actions to spread, they move from system to system over
networks on their own. It increases network traffic, CPU utilization of computer thereby making
systems slow. Worms can do nasty actions such as creating unnecessary files inside system
folders, steal information from user‟s computers and upload to web sites, provide unnecessary
load in database servers, infect files of selected file types like script files in web servers.
Examples: Confiker, PSWBugbear.B, Lovgate.F, Trile.C, Sobig.D, Mapson
Macro Viruses
Macro viruses infect documents created by Microsoft Office programs (Word, Excel,
PowerPoint and Access). Macro viruses infect to the files that are created using certain
applications or programs that contain macros. These mini-programs (MACROS) make it
possible to automate series of operations so that they are performed as a single action, thereby
saving the user from having to carry them out one by one. A valid macro performs useful job
while illegal macro might destroy important contents of a file when executed automatically.
Examples of macro viruses: Relax, Melissa.A, Bablas, O97M/Y2K.
The functionality of virus differs from one to another. Some will increase size of certain
files when infected. Some other viruses especially worms create files inside Windows or other
folders hiding their identity by naming them in irrelevant characters or with a name that is closer
to a required system file with hidden attributes. (e.g. lsass.exe is a valid system file whereas
isass.exe is virus file). Some viruses employ polymorphic and an anti-stealth technology which
prevents them from identified and erased by virus catching programs called antivirus programs.
Other harmful programs
When people browse internet there are many web pages that displays a bogus question to
user saying that your computer is infected with some harmful program and do you wish to clean
it using their advertised program?. People are tempted to click on yes then the harmful program
is installed in the computer with user‟s permission. Then it will always nag the user to buy the
program or slows down the computer, prevent from browsing some other sites especially
antivirus (virus cleaning program) vendor‟s sites. These programs are called malware.
Common Methods of infection
Computer viruses can be infected using many methods. Before the popularity of computer
networks most of the computer viruses are written to spread through removable media like
floppies. Today most of the viruses being infected using removable media like thumb drives and
through networks and the Internet.
Today most of the computer viruses are designed to exploit some kind of an error (security
hole) or vulnerability of operating system or a program when it was programmed and try to
sneak in to computer system using the security hole.
 Resident virus always runs on computers memory and runs automatically or trigged by an
action performed by user to infect or replicate itself to new locations or files. Nonresident viruses
are activated when user performs specific activity such as accessing floppy/removable media,
starting a specific program like Microsoft Word etc.
In a computer which is affected by a worm try to infect other computers through network.
Worms run automatically and scan network shares which are not password protected or having
weak passwords and try to infect the computer.
Trojan horses programs are distributed by some kind of fancy program such as screen saver
which is intended to do some other task. The danger of Trojan horse is that it tries to damage the
security of the computer from inside and open back door for other computer viruses to sneak in
to system.
Suspecting a Virus/malware present in your computer
There are several ways to find out that a computer virus or malware program is present in
your computer. One of the good symptoms is that your computer suddenly slows down after
installing a program downloaded from internet which gives you a good impression of that.
You can always press Ctrl, Alt and Delete and get the task manger by clicking on task
manger button of your computer if it is not displayed that means you are at a problem.
If you are able to get the task manager and in performance tab CPU usage is always reaching
100% without doing any useful task then you can suspect that some kind of virus or malware is
present in your computer.
If there are always nagging messages appearing and computer gets terribly slow down or
does unnecessary things like moving mouse automatically when you working with Microsoft
Office packages then you can suspect that a macro virus or some malware present.
If you cannot eject your thumb drive without any document or program open from that
thumb drive, you are definitely infected with a virus. If you cannot see the folder options from
windows explorer or you cannot show the hidden files using folder options, you can suspect that
a computer virus might be present.
If you see that files are automatically created with unknown rubbish names it is a sign of
virus activity. If you cannot double click and access drives in My Computer it is also can be an
activity of a virus.
2.Cybersafety and control of the Internet. Malicious applications. Measures and means
of information protection.
Hardware Threats. Though you manage and protect your data with proper use of
software, your data may get lost or damaged due to hardware problems. Really, Hardware is a
common cause of data problems. While you work, all of a sudden the power can fail, you can
mistype, a repair technician can accidently damages the data, or a magnets used closer to the PC
without your knowledge can damage disks. Likewise, hardware errors are of varying types and
most of them are unpredictable. But, some of them have solutions; unfortunately some do not.
So, it is worth to have a fair knowledge about the hardware threats to your PC and the solutions
if any.
The following sections discuss the examples for possible hardware threats along with
solutions, if any.
Power Faults.
Your PC may be busy writing data to the disk and in a sudden power may go out. Obviously, you
will be afraid if it lost your data. Your will be hurried to get know for sure if anything was
damages soon after the power is back. Usually, power faults can cause data problems,
particularly if they occur when data is being written to disk. Data in memory generally does not
get corrupted by power problems; it just gets erased if the problems are serious enough.
Some other similar power related problems are briefed below.
Brownout: Lower voltages at electrical outlets. Usually they are caused by an
extraordinarydrain on the power system. Frequently you will see a brownout during a heat wave
when more people than normal have air conditioners on full. Sometimes these power shortages
will be “rolling” across the area giving everyone a temporary brownout. Maybe you‟ll get yours
just as that important file is being written to disk.
Voltage Spikes: Temporary voltage increases are fairly common. Large motors or
circuitbreakers in industry can put them on the electrical line. Sudden losses (ex; a driver hits a
power pole) can causes spikes as the circuits balance. An appliance in your home can cause a
spike, particularly with older wiring. Lightning can put large spikes on power lines. And, the list
goes on. In addition to current backups and integrity information for your software and data files,
including a hardware voltage spike protection device between the wall and your computer
hardware (don‟t forget the printer and monitor) can be very helpful.
Frequency Shifts: While infrequent, if the line frequency varies from the normal 60 Hertz
(or 50Hertz in some countries), the power supply on the computer can be affected and this, in
turn, can reflect back into the computer causing data loss.

Solution: Consider using a Combined Surge Protector (CSP) and Uninterruptible Power
Supply(UPS). See Figure 23 and 24 below for a CSP and UPS used for PCs respectively.

Figure 23: Combined Figure 24: Uninterruptable

Surge Power
Protector for a PC Supply for a PC

Age.It is not an amazing thing that as computers age they tend to fails more often.
Electronic components are stressed over time as they heat up and cool down. Mechanical
components simply wear out. Some of these failures will be dramatic; something will just stop
working.
Some, however, can be slow and not obvious. Unfortunately, it‟s not a question of “if”, but
“when” in regard to equipment failure.
Solution: Keep an eye on the specials after three to five years.
Incompatibilities
You can have hardware problems on a perfectly healthy PC if you have devices installed
that do not properly share interrupts. Sometimes problems are immediately obvious, other times
they are subtle and depend upon certain events to happen at just the wrong time, and then
suddenly strange things happen.
Solution: Make a really good backup before installing anything (hardware or software) so
youcan revert the system back to a stable state which should something crop up.
Finger Faults
Your fingers may make mistakes when using the keyboard and frequent cause of data
corruption. This commonly happens when replace one file but actually get another.
the mouse and they are too you are intending to delete or
If you are using a laptop computer or a notebook, another finger fault problem arises with
touchpads below the space bar. It‟s very easy to brush the touchpad when you are typing away
and suddenly find yourself entering characters in a screen location very different from where you
were before you touched the pad.
 Solution: Be careful and look up now and again to make certain your cursor is where you
wantit.
Malicious or Careless Damage
Someone may accidentally or purposely delete or change a file on your PC when you‟re not
around. If you don‟t keep your PC locked in a safe, then this is a risk. Sometimes, you may not
detect that something has happened to your data while you are not around. Most of this type of
damage is done unintentionally by someone you probably know. This person didn‟t mean to
cause trouble; they simply didn‟t know what they were doing when they used your PC. That may
be a person who is new to use computers.
Solution: Never run the computer as an administrative user and have guest accounts
available forothers who use the computer. Keep up-to-date backups as well.
Data carriers
One possible source for computer infections is the Customer Engineer (CE), or repairman.
When a CE comes for a service call, they will almost always run a diagnostic program from CD.
It‟s very easy for these CDs to become infected and spread the infection to your computer. Sales
representatives showing demonstrations via CDs are also possibly spreading viruses. Always
check your system after other people have placed their data carriers such as CDs, Portable Hard
disks, and USB pen drives into it. (Better yet, if you can, check their disk with up-to-date anti-
virus software before anything is run.)
Solution: Insist on testing their CD/Pen drive/portable hard disk before use or make
certainthey‟ve used an up-to-date anti-virus before coming to your location.
Magnetic Zaps
Computer data is generally stored as a series of magnetic changes on disks. While hard disks
are generally safe from most magnetic threats because they are encased within the computer
compartment, the older technology: floppy disks are highly vulnerable to magnets. You may be
happy that Floppy disks are not now in use with your PC.
The obvious threat would be to post a floppy disk to the refrigerator with a magnet. Some of
the more subtle sources of magnetism include:
Computer Monitor: Don‟t put floppy disks anywhere near the monitor; it generates a
magneticfield. (Generally applies to the older CRT displays.)
Telephone: When ringing, telephones (particularly older phones with a bell) generate a
magneticfield.
Solution: Stay away from magnets or sources of static of all kinds when working with
acomputer.
Note: There are tools to assist in recovery from disk problems, but how do you know all the
datais OK? These tools do not always recover good copies of the original files. Active action on
your part before disaster strikes is your best defense. It’s best to have a good, current backup
and, for better protection, a complete up-to-date integrity-check map of everything on your disk.

3.Standards and specifications in information security field. The acts of the Republic of
Kazakhstan governing legal relations in the sphere of information security. Digital
signature. Encoding.
Exposure in browsing Web
Sometimes, you may think that you are unidentified an unexposed to other users when you
browse web sites. But there may be a possibility of leaving information about you left behind.
However, you can reduce the amount of such information that reveals about you to other users
by following some privacy policies. Next sections will discuss how to protect your privacy when
using Web.
Information that reveals you
The following information may be automatically sent to the web sites when you visit them.
IP address of your computer: the Internet Protocol address assigned to each computer on
theinternet. It may be a static one which remains unchanged or it may be dynamic which changes
time to time as you access internet.
Domain name: the domain (division of internet) to which your user account associated
with.
Software particulars: There is a possibility for an organization of identifying the
operatingsystem used and the details of the web browser you use.
Details of pages visit: what pages and for how long you stay on a particular page, and the
factwhether you used a search engine to access that page can be identified
Other information: some non-critical information such as the web browsing pattern and
somecritical information such as passwords saved in temporary memory also can be detected if
the web site uses cookies.
Limiting the information collection
You can follow the actions mentioned below in order to reduce the amount of information
that can be collect about you.
Pay special attention when supply personal data: If you don‟t trust any site, don‟t give
yourpersonal data such as your credit card details, account details, passwords, etc.
Limiting cookies: the cookies can provide the store data about you to the attackers who
accessyour computer. You cannot limit it. But you can limit the use of cookies. Check and delete
cookies: All popular browsers let users view and delete cookies installed on their computer.
Methods vary by browser. For instance on Internet Explorer 8, go to the "Tools" menu, pull
down to "Internet Options" and under the "General" tab there are options for deleting some or all
cookies. There might be hundreds, so deleting all might be easiest. But the next time you visit a
favorite site, you may need to retype passwords or other login data previously stored
automatically by one of those cookies.
Adjust Browser Settings: Once you've deleted cookies, you can limit the installation of
newones. Major browsers let you accept some cookies and block others. To maintain logins and
settings for sites you visit regularly, but limit tracking, block "third-party" cookies. Safari
automatically does this; other browsers must be set manually.
Browse safely: If you see that the site you access is suspicious, then immediately leave the
site.Keep your virus definitions updated. Scan your computer for spyware.
Protecting your privacy
To protect your identity and prevent an attacker from easily accessing additional information
about you, you are required to avoid providing certain personal information such as your birth
date, your phone number, and social security number online. Further, the following help protect
your privacy.
Privacy Policy: You are advised to look for the privacy policy statement given in the
sitesbefore you submit your information such as e-mail address, name, phone number, etc.
Usually, the privacy policy must state how the information they request are used and whether
they are going to distribute those data to other organizations, etc.
Encrypt the information provide: Many sites use SSL (Secure Socket Layer) certificate
toencrypt the information you provide to that site so that other attacker or an organization cannot
access your information collected by the site.
Work only with trusted companies: When you do business with some sites, you are
required toassure that you trust them. You may answer yourself to the facts such as whether the
company is a reputed, well established one, is it providing assurance on privacy of information
provided, is there legitimate contact information provided that enables you decide that the
company is a trusted one.
Avoid using primary e-mail address: When performing online submissions, use an
additionale-mail address in place of your primary e-mail address to avoid accumulation of spam
or unwanted messages.
Avoid using Debit Cards for online purchasing: Your Credit card usually give the
protectionto some extents. However, the Debit cards do not give such protection and they deduct
charges immediately from your account. So, if an attacker obtains your debit card details, they
will completely use your money in the account even without giving you a time to realize it.
Use Options in providing information: You might have found that some options are there
withcertain web sites to make your work easy without concerning your security. Prompting an
option to remember your password is an example for such instances and such options may make
your data readily available for the attackers. We can take the privacy settings given to your
account in social networks such as Face book as another example. You can restrict the other
parties accessing your data by setting the privacy options to reduce the risk of attackers.
Computer Related Legal Regulations in Sri Lanka
As a person who uses the computer and the internet, it is worth to get a considerable
knowledge in the legal aspects related to the computer using to be aware and prevent any illegal
actions. The
following sessions will brief you about the premier organizations/projects developed in Sri
Lanka on this regard, the copyright law, and the data protection laws in the context of Sri Lankan
law.

Questions:
1. What is meant by Information Security?
2. Explain the possible attacks that may arise with your computer and how to prevent them.
3. What is a computer virus?
4. Give two types of computer viruses with two examples for each type.
5. What is meant by malware?
6. Briefly explain the ways to find out that a computer virus or malware program is present
in your computer.
7. Discuss the examples for possible hardware threats to your computer along with
solutions.

References
1. June J. Parsons and Dan Oja, New Perspectives on Computer Concepts 16th Edition -
Comprehensive, Thomson Course Technology, a division of Thomson Learning, Inc Cambridge,
MA, COPYRIGHT © 2014.
2. Lorenzo Cantoni (University of Lugano, Switzerland) James A. Danowski (University of
Illinois at Chicago, IL, USA) Communication and Technology, 576 pages.
3. Craig Van Slyke Information Communication Technologies: Concepts, Methodologies,
Tools, and Applications (6 Volumes). ISBN13: 9781599049496, 2008, Pages: 4288
4. Utelbaeva A.K.,Utelbaeva A.K. Study guide for lectures on discipline “Computer
science”, Shimkent 2008, 84 pages.