17.3 electronic infection types of electronic infection 1. computer viruses 3. trojan horses2. worms
TRANSCRIPT
17.3 Electronic Infection
Types of Electronic Infection
1. Computer viruses
3. Trojan horses2. Worms
• A program that attaches itself to a real program
• Each time the user’s program runs, the virus runs too
• Can corrupt a computer system
• Can replicate itself to infect other computer systems
17.3 Electronic Infection
1.Computer virus
17.3 Electronic Infection
spreading through e-mail messages
Spread via the Internet
Spread through storage media
1.Computer virus
Most common way of virus transmission
Computers usually infected through e-mail attachments
Virus replicates itself by automatically mailing itself to people in victim’s e-mail address book
virus
Spread through e-mail messages
17.3 Electronic Infection
1.Computer virus:
Source of viruses Good practice to scan suspicious downloads
17.3 Electronic Infection
Spread via the Internet
1.Computer virus:
Spread through Storage Media
Storage Media: Floppy Disks, CD- ROM etc… NOT the major sources for spreading computer
viruses nowadaysFiles in a disk may be infected with virus
downloaded from the Internet or attached to e-mails
17.3 Electronic Infection
1.Computer virus:
• A computer program that uses computer networks and security loopholes to spread out and replicate itself.
17.3 Electronic Infection
2.Worms
Method of spreadingA copy of the worm scans the network for another machine with a specific security loopholeThe worm copies itself to the new computer using the security loophole.
• A computer program that intends to perform malicious or destructive actions
• Hide well or looks like real programs• Running these programs the Trojan horse enters
without any notice• Hackers, with Trojan horses, can
– Steal sensitive information such as passwords and credit card numbers
– Remotely control the victim’s computer• NOT a virus as there is NO REPLICATION
17.3 Electronic Infection
3.Trojan Horses
1. Antivirus software• Examine files stored on disk or downloaded
from the Internet
• Determine whether they are infected
• Disinfect the files if necessary
• Scan for virus signatures to identify a known virus
17.3 Electronic Infection
Avoiding Virus Attacks
2. Measures to prevent infection• Do not accept files from high-risk sources• Install updated antivirus software • Update virus signatures regularly• Scan computer at regular intervals to ensure
that it is free from virus• Scan all incoming files before opening• Backup programs and data regularly• Change passwords at regular intervals
17.3 Electronic Infection
Avoiding Virus Attacks
1. What is an Encryption?
17.4 Securing Internet Transaction
• The process of converting readable data (plaintext) into unreadable characters (ciphertext)• Can prevent unauthorized access• Read the encrypted file → Decryption → Readable form• The reverse process is called decryption• The encryption process generally requires -Algorithm -A mathematical formula -Encryption key -A string of numbers and characters
• Symmetric Key Encryption– BOTH the sender and the recipient use the SAME key to
encrypt and decrypt data
– Problem• Need one key for each partner → problem of key
management and storage when a lot of people need to communicate
17.4 Securing Internet Transaction
2. Symmetric Key Encryption & Public Key Encryption
• Public Key Encryption– Two keys (Public Key & Private Key)
• Public Key
–Used for encryption
–Known to every person and placed on a public-key server
• Private Key
–Used for decryption
–Should be kept confidential
17.4 Securing Internet Transaction2. Symmetric Key Encryption & Public Key Encryption
– Guarantees the identity of a user involved in a transaction – Also called a public-key certificate– Issued and verified by a certificate authority (CA)– Typically contains
• Holder’s name• Holder’s public key• Expiration date• Issuing CA’s name and signature• Serial number of certificate
17.4 Securing Internet Transaction
3. Digital Certificate
– A protocol that provides secure data transmission between web servers and browser
– A web site providing SSL must have a digital certificate– Web sites use them to transmit confidential information
like passwords and credit card numbers– Web pages that use SSL typically begin with https://
instead of http://
17.4 Securing Internet Transaction
4. Secure Sockets Layer (SSL)
17.4 Securing Internet Transaction
4. Secure Sockets Layer (SSL)
– An e-mail message passes through a number of servers before reaching the recipient.
– Messages can be read by everyone if pried intentionally.
– Messages containing confidential information should be encrypted before being sent.
17.4 Securing Internet Transaction
5. Securing E-mail Messages
– A digital code attached to a message
– Used to identify the sender and verify that the received message has not been altered during transmission
– Generation process of digital signatures relies on public key method
17.4 Securing Internet Transaction
6. Digital Signature