DATA PROTECTION

Threats to data
It is a malicious act that seeks to damage data, steal data or disrupt digital life.
some common threats the computer user faces are :
 virus, worms, Trojan
 spyware
 adware
 spamming
 pc intrusion : Denial of service, sweeping, password guessing
 phishing

Computer Virus
These are malicious codes/programs that cause damage to data and files on a system. Virus gets itself attached
to the file and replicates itself when the infected file is executed. virus may enter to a computer by email
attachment, during file download, by visiting a contaminated website.

Damage caused by Virus

1.virus may delete or damage your documents, program file or operating system file
2.slows down your computer
3.invade your e-mail program
4.Erratic computer behavior
5.Frequent computer crashes

Worms
A worm is a self replicating program which eats up the entire disk space or memory. A worm keeps on creating its
copies until all the disk space or memory is filled.

Trojan Horse
It is a program that appears harmless/friendly but actually performs malicious functions such as deleting or
damaging files

Spyware
It is a software which is installed on your computer without the user’s knowledge and steals and gathers
information about the user or organization and relays it to its advertisers or external users in a way that harms
the user

Damages caused by spyware

1.It monitors the information about your computing habits such as what website you visit or record the
keystrokes which in the end leads to identity theft.
2.some form of spywares alters computer settings like home page setting, placement of your icon which is
very annoying
3.slows down your PC

Adware
These are the programs that delivers unwanted ads to your computer (generally in form of pop-ups). They
consume your network bandwidth. They are similar to spyware but installed with users consent.

Damages caused by Adware

1.It tracks information just like spyware
2.Displays arrays of annoying advertising
3.slows down your PC
Spamming
It refers to sending of bulk mail to a large no. of internet users by a known or unknown source in malicious
form. The attacker keeps on sending bulk mail until the mail server runs out of disk space.

Damage caused by spamming

1.Spam can disrupt the mail delivery, degrades system performance and reduces overall productivity.
2.Spam eats up your time as deleting spam mails waste our time.
3.Spam messages may contain offensive or fraudulent materials and can even be used to spread virus.

PC Intrusion
PC intrusions occur when someone tries to gain access to any part of your computer system. It can occur in
following form :
1.Sweeper Attack – This type of attack by the hackers sweeps away/ delete all the data from the system
2.Denial of service - This type of attack eats up all resources of a system and the application come to a halt
3.Password guessing – Most hackers cracks or guess password of system account and gain entry to the
remote computer and may cause damage to the system.

Eavesdropping
Eavesdropping is a passive attack in which attacker secretly gains accesss to any digital communication that is
carried out through phone calls, emails, instant messaging or any other internet services and gets information
from it.

Eavesdropping do not affect normal operation of transmission & communication , thus both sender and receiver
are unaware that data has been stolen or intercepted.
Eavesdropping happens when we send sensitive information or un-encrypted information over insecure
protocols like HTTTP

Phishing
It is the criminally fraudulent process of acquiring sensitive information such as username, password, credit card
information , account data etc and then used for cybercrime. Phishing involves tricking the user to enter
personal information via a fake website that appears genuine.
Example- E-mail from your bank (that appears genuine) asking to update bank details by clicking at a specified
link.

Pharming
It is an attack in which hacker attempts to redirect a website’s traffic to another fake website that looks
real/actual site. Here you enter personal information and unknowingly give it to someone with malicious intent.
In this process the hacker redirects you to another website even if the URL is typed correctly.

Cookies
Cookies are small text files sent to your computer by a website you visit. Cookies get stored in the user’s hard
drive and helps tracking user’s browsing session. Usually it contains information about your visit, yur user name,
password, your preferred language and other settings that can make your next visit easier
However there are some security concerns associated with cookies such as :
i) cookies themselves aren't harmful. but some cyber attackers can hijack cookies and enable access to
your browsing sessions.
 ii) Although cookies encrypt information they store but somebody may acquire them using encryption
key.
Data Protection Solution
There are 2 categorize of solutions to protect data against threat :
i) Active Protection – installing and properly using antivirus software that protects against threats
ii) Preventive Measures - always be careful while using/browsing internet to prevent these issues ever
rising.

Solutions to Virus, Adware, Spyware

Active Protection-
i) Use anti virus or anti spyware software to detect and eliminate any malware
ii) download updates regularly- For this you can set the program update automatically
iii) Run full system scan frequently i.e once a month

preventive Measures –
i) Keep your system up-to-date – Install the available update for your OS so that there will be no
security holes in your system
ii) Use caution while downloading files on the internet – always download files from a secured website
usually indicated by a padlock sign
iii) Handle E-mail carefully - i.e never click on the link provided or open the attachment you receive
from un-trusted source
iv) Disable the cookies if possible

Solutions to Spam, Eavesdropping

Active Protection-
i) Use anti-spam software. The spam software uses two methods to get rid of spam
a) sender filtering – It allows only the messages of approved senders (having digital certificate &
digital signature) to the inbox
b) Keyword filtering – It allows only those messages which contains certain keywords or phrases
which are defined by you or others.

preventive Measures –
i) Keep your email address private. Before giving out your email address on an online form check if
the website has a privacy policy.
ii) Use encrypted connection for sending sensitive information for better security. Encryption is
possible through protocols like HTTPS & SSH
iii) Install firewall on computers to check incoming and outgoing information
iv) Avoid conducting online transactions over public network or wifi

Digital Certificate
A Digital Certificate is an electronic "password" that allows a person, organizaion to exchange data securely over
the Internet using pair of electronic encryption keys, (one public and one private), that can be used to encrypt
and sign information digitally.

(A digital certificate is issued by a Certification Authority (CA). Eg. Verisign, Entrust, etc.

Digital Signature
It is like a handwritten signature that authenticate the identity of the creator or producer of digital information. It
is used in some legal processes such as buying and selling online or signing legal contracts

Firewall
firewall is a network security system that monitors and controls incoming and outgoing network traffic based on
predetermined security rules. A firewall typically establishes a barrier between a trusted network and an
untrusted network, such as the Internet.

Solutions to PC Intrusion
Active Protection-
i) Check for authorization by asking the user to provide a valid login id
ii) Check for authentication by asking the user to provide a valid password
iii) Install Firewall to prevent unauthorized users to access your private network.

preventive Measures –
i) Use proper File access permission (Read, write or execute a file) when sharing files on the internet.
File access permission are given to 3 types of users : owner, group, others.
ii) Disconnect from the internet when you are not working.

Solutions to Phishing and Pharming attack

(Phishing is obtaining someone’s personal or financial information fraudulent way (secretly).
Pharming refers to redirecting someone to an illegitimate (unauthorized) website.)

Active Protection-
i) Disconnect from internet when not in use
ii) Keep back up of all sensitive irreplaceable data in your hard drive
iii) Change the password or cancel credit card in case you are a victim of phishing or pharming. Donot
use the same computer system because the installed key logger may record your new password as
well.
iv) Run an antivirus from a professional expert in malware removal.
v) contact credit agencies that operate and manage the credit cards to report any possibilities of
identity theft.
Preventive Measures –
i) Don’t open e-mail or click link you get from unknown source.
ii) Check the security guidelines of websites to distinguish a legitimate or a bogus email.
iii) Type the link instead of clicking on the link.
iv) When in doubt, do not click.

Firewall
It is network security system, either a hardware or a software that controls incoming and outgoing information
of your computer based on a set of rules. It is designed to protect your computer from data & viruses that you
do not want. Firewall can be implemented in two forms :
i) Software firewall – It is a piece of computer program
ii) Hardware firewall