Informative Essay on Computer Risk
Introduction
Online Banking also known as Internet Banking or e-banking, is an electronic payment system that manages the details of accounts, internet banking, transaction, balance, and statements. Some of the banks rely completely on Internet Banking. Online Banking also has become so popular around the world. There is no doubt that Online Banking also become one of the most sensitive tasks for Internet users. Although banks encourage people to use Online Banking because it will make us easier and advertise it as being safe and secure, apparently, it does not true. There are four main types of attacks that are prevalent when you use Online Banking services. There are Phishing, Identity Theft, Keylogging, and Pharming.
Phishing is one of the tactics that were used by hackers to trick somebody into clicking a link in an email message. The link often downloads software on a computer and shares sensitive information about the users such as passwords. Once get there, the link will ask for confidential information and this will allow the hackers to get our personal details easily.
Identity Theft is hacker will duplicate personal information and create a new profile. Identity Theft also can occur in many ways. For example, offline, your identity can be stolen by stealing your wallet to get your confidential information.
Keylogging is a program that records the keystrokes on a computer. It does this by monitoring a user’s input and keeping a log of all keys that are pressed. The log may be saved or to be sent to another machine over a network or Internet.
Pharming is creating a fraudulent website that is identical to the original website and asking the users to key in their personal details to the website.
1.1 Definition of Computer Security Risks
Computer security, cybersecurity, or information technology security (IT security) is the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. (Computer Security, n.d.)
A computer security risk is anything that can negatively affect the confidentiality, integrity, or availability of data. Examples of computer risks would be misconfigured software, unpatched operating systems, and unsafe habits that cause vulnerabilities. (What is a computer risk, n.d.)
Computer security risk includes any behavior that can result in damage to computer hardware, loss of data, software with bugs, poor performance ( such as slow or freezing), and disabling functionalities. (Yew Kwang Hooi, COMPUTER SCIENCE for MATRICULATION, SEMESTER 1, 2014)
1.2 Types of Security Risks
1.2.1 Malicious Codes
Malicious code is the term used to describe any code in any part of a software system or script that is intended to cause undesired effects, security breaches, or damage to a system. Malicious code is an application security threat that cannot be efficiently controlled by conventional antivirus software alone. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, Trojan horses, backdoors, and malicious active content.
1.2.1.1 Virus
Viruses are malware that is attached to other files in your system and may be used to destroy your data. Viruses have many capabilities, but, unlike worms, they usually require human interaction to spread from system to system, even if the user is unaware they are spreading it.
1.2.1.2 Worm
Worms are like viruses, but, they have the ability to spread themselves from computer to computer, all on their own. They know how to attach themselves to portable storage devices, like USB drives or removable hard drives, or to move through the network by automatically moving to connected machines.
1.2.1.3Trojan Horse
Spyware is malware that steals your data and may be used to spy on you by using your webcam or microphone without your knowledge. Once spyware is installed, it may steal your sensitive data by recording the login information you use or looking for sensitive files on your computer, then sending that data back to an attacker. In recent months, hackers have been able to access the webcam and microphone of computers and use pictures, video, or audio recordings to blackmail their victims.
1.2.2 Unauthorized Access and Use
Unauthorized access is when someone gains access to a website, program, server, service, or other system using someone else’s account or other methods. For example, if someone kept guessing a password or username for an account that was not theirs until they gained access, it is considered unauthorized access. Unauthorized access could also occur if a user attempts to access an area of a system they should not be accessing. When attempting to access that area, they would be denied access and possibly see an unauthorized access message.
1.2.3 Hardware Theft
Hardware theft is the unauthorized taking of computer hardware. In some cases, corporate or government hardware is stolen to be sold, but in other cases, personal items are targeted. The popularity of smartphones and tablets has made hardware theft a common crime in major cities.
1.2.4 Software Theft
Software theft means the unauthorized or illegal copying, sharing, or usage of copyright-protected software programs. Software theft may be carried out by individuals, groups, or, in some cases, organizations who then distribute the unauthorized software copies to users.
1.2.5 Information Theft
Information theft is a crime in which an imposter obtains key pieces of personally identifiable information, such as Social Security or driver’s license numbers, in order to impersonate someone else. The information can be used to obtain credit, merchandise, and services in the name of the victim, or to provide the thief with false credentials. In addition to running up debt, in rare cases, an imposter might provide false identification to police, create a criminal record or leave outstanding arrest warrants for the person whose identity has been stolen.
1.3 Definition of Security Measures
The term security measures is referring to techniques for ensuring that data stored in a computer cannot be read or compromised by any individuals without authorization. Most computer security measures involve data encryption and passwords. Data encryption is the translation of data into a form that is unintelligible without a deciphering mechanism. A password is a secret word or phrase that gives a user access to a particular program or system. (Security Measure, n.d.)
Security measure (IT security) is the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. (Security Measure, n.d.)
Security measure also means to prevent missing or lost resources. (Yew Kwang Hooi, 2014)
1.4 Types of Security Measures
1.4.1 Data Backup
Data Backup is a program for file duplication. Backups of data applications are necessary so that they can be recovered in case of an emergency. After performing data backup, the device should be placed in a safe place. The backed-up files can be restored when necessary. Depending on the importance of the information, daily, weekly, or biweekly backups from a hard disk can be performed.
1.4.2 Cryptography
Cryptography is a process of hiding information by altering the actual information into different representations. The traditional type of cryptosystem used on a computer network is called a symmetric secret key system. The data will be encrypted first before it is sent through the network to prevent exposure of data it is retrieved by an unauthorized person.
1.4.3 Anti-Virus
An antivirus program protects a computer against viruses by identifying and removing any computer viruses found in the computer’s memory, storage media, or incoming e-mail files. An antivirus program scans for programs that attempt to modify the boot program, the operating system, and other programs that normally are read from but not modified.
1.4.4 Anti-Spyware
Spyware is a program placed on a computer without the user’s knowledge. It secretly collects information about the user. The spyware program communicates information to an outside source. An anti-spyware application program sometime called tracking software or a Spybot is used to remove spyware. Examples of anti-spyware are SpyHunter, SpyShelter, and SPYWAREfighter.
1.4.5 Firewall
A firewall is a piece of hardware or software that functions in a networked environment to prevent some communications forbidden by the security policy. The firewall implements a security policy. It might permit limited access from in or outside the network perimeters or from certain users or for certain activities. Popular firewall software is Norton Personal Firewall, Tiny Personal Firewall, and Zone Alarm Pro.
1.4.6 Physical Access Control
Physical access controls are mechanisms that are designed to minimize the risk of injury. A simple example is a good fit on the door lock, which will discourage many potential thieves. The installation of biometric sensors, such as iris scanning or fingerprint recognition, can make even the most determined intruder falter while trying to gain access to a guarded place. Sometimes all that is needed to resolve the issue is a mechanism to provide enough time to contact the appropriate authorities. But the door is not the only object that should be closed.
1.4.7 Human Aspect: Awareness
Human aspects refer to the user and also the intruder of a computer system. The most common problem is the lack of achieving a good information security procedure. Various utility programs can help users to performs full scanning of the system, to clear up unwanted icons on the desktop. In addition, the users should use a safeguard by locking them when they leave the devices unattended on the table. Other than that, users should always keep their password devices secret.
2.0 Scenario of the Problem: Online Banking Security
Refer to the attached question.
2.1 Security Risk 1: Information Theft
Based on the scenario, A total of 92 phishing cases were reported to the Malaysian Computer Emergency Response Team (MyCERT,www.mycert.org.my) in 2004. The modus operandi of this activity is to use spoofing techniques to gain the names and passwords of account holders. In this case, the theft uses personal information to get their own benefit. Stealing passwords and the personal information of a particular person can be referred to as the term spoofing.
2.2 Security Risk 2: Malicious Code
Based on the scenario, it states that the victims reported being deceived into going to a fake website. We called it Trojan House. All this can happen when users visited certain websites or downloaded a program. When they’re doing all that, key logger programs also do the same things without our knowledge. When someone or users want t login into the bank website or account all the information keyed will be sent to the attacker by the key logger.
2.3 Security Risk 3: Unauthorized access and use
From the scenario, the victims reported that perpetrators stole their usernames and passwords and later use the information for the perpetrators’ own advantage. Unauthorized access and use is when someone gains access to a website, program, server, service, or other system using someone else’s account or other methods. For example, if someone kept guessing a password or username for an account that was not theirs until they gained access, it is considered unauthorized access.
2.4 Security measure 1: Anti-virus
One of the security measures that we can use to protect our information data is anti-virus. Anti-virus is a computer program used to prevent, detect, and remove malware. It can protect users from malicious code such as worms, trojan horses, browser hijackers, and viruses. So, antivirus users do not need to worry that their computers will be infected by viruses through fake websites created by programmers. Antivirus software was made basically to intended and ensure complete protection for computers against virus infections.
2.5 Security measure 2: Firewall
Other than that, the firewall is one of the security measures that we can use it. A firewall is a technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts. When a private network is connected to the internet it allows the people to access information from external sources. When the network is connected to the internet it also allows external users to enter the private network and steal information from the network. To prevent unauthorized access organizations has firewalls to protect them.
2.6 Security Measure 3: Cryptography
Last but not least, the security measure that we can use is cryptography. Cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Cryptography also is valuable for protecting sensitive data online. For example, an increasing number of systems are connected and vulnerable to outside attacks. It is also a valuable tool for authentication. Cryptography has a major role in banks and other financial service firms to ensure that all their important various data transactions are processed securely.
3.0 Conclusion
In conclusion, we can know that online banking is an electronic payment system that manages the details of accounts. Online banking, has a lot of security risks that we can see and find on it. We need to be more careful and make sure our information data keep in safe. So, to make our information safer, we can use security measures. For example, data backup, cryptography, anti-virus, anti-spyware, firewall, physical access control, and human aspects. In this way, our information will be confirmed safe and we don’t need to worry.