Monday, January 26, 2009

L19: RELATIONSHIP BETWEEN SECURITY THREATS AND SECURITY MEASURES

SECURITY THREADS

Security threats may come from in many forms. For example, when someone is invading your account information from a trusted bank, this act is considered as a security threat.

Security measures can be used to prevent this invader from getting the account information. For example, the bank can use a firewall to prevent
unauthorised access to its database.

MALICIOUS CODE THREATS VS. ANTIVIRUS AND ANTI-SPYWARE
Security threats include virus, Trojan horse, logic bomb, trapdoor and backdoor, and worm.

Antivirus and anti-spyware can be used to protect the computer from the threats by:
 limiting connectivity
 allowing only authorised media for loading data and software
 enforcing mandatory access controls
 blocking the virus from the computer program

HACKING VS. FIREWALL
Hacking is an unauthorised access to the computer system done by a hacker. We can use firewall or cryptography to prevent the hacker from accessing our computers.

A firewall permits limited access to unauthorised users or any activities from the network environment. Cryptography is a process of hiding information by changing the actual information into different representation, for example, an APA can be written as 7&*.


NATURAL DISASTER VS. DATA BACKUP
The natural and environmental disasters may include:
• flood
• fire
• earthquakes
• storms
• tornados

The backup system is needed to backup all data and applications in the computer. With the backup system, data can be recovered in case of an emergency.

THEFT VS. HUMAN ASPECTS
Computer theft can be of two kinds:
 can be used to steal money, goods, information and computer resources
 the actual stealing of computers, especially notebooks and PDAs

Measures that can be taken to prevent theft:
 prevent access by using locks, smart-card or password
 prevent portability by restricting the hardware from being moved
 detect and guard all exits and record any hardware transported

BE SUPSPICIOUS OF ALL RESULTS

There are many instances where non-programmers develop applications which are not built with proper understanding of software engineering practices. Data produced by such applications may not be correct and may risk corrupting data received from other sources that are not compatible with the application.

No comments: