AASHUTOSH POUDEL

IT and Applications

Unit 9: Computer Security and Privacy

Computer security, unauthorized access, sabotage, computer crime, viruses, ethics, cyber law, network security, firewalls, and encryption.

Computer security and control

Computer security is the protection of computer systems, data, and networks from unauthorized access, damage, theft, or disruption. Security has three core goals known as the CIA triad:

  • Confidentiality — only authorised people can read the data.
  • Integrity — data is not altered without permission.
  • Availability — data and services are accessible when needed.

Unauthorized access and unauthorized use

  • Unauthorized access — gaining entry to a system without permission (e.g. cracking a password).
  • Unauthorized use — using a system you have access to in ways you are not allowed (e.g. an employee misusing company data).

Common methods attackers use:

  • Password guessing and brute force.
  • Phishing — tricking users into giving credentials.
  • Social engineering — manipulating people instead of machines.
  • Exploiting software bugs and zero-day vulnerabilities.

Protecting against unauthorized access and unauthorized use

Defences include:

  • Strong passwords — long, unique, with mix of characters.
  • Multi-factor authentication (MFA) — password plus phone code or biometric.
  • Access control — give users only the access they need (principle of least privilege).
  • Account lockout policies.
  • Regular software updates and patching.
  • Antivirus and anti-malware software.
  • Security awareness training for employees.

Computer sabotage and protection

Sabotage is the deliberate destruction or disruption of computer systems or data. Examples:

  • A disgruntled employee deletes company files.
  • An attacker plants ransomware that locks files until a ransom is paid.
  • A botnet floods a website with traffic (DDoS attack).

Protection measures:

  • Regular backups stored offline or in the cloud.
  • Disaster recovery plans.
  • Intrusion detection systems (IDS) and intrusion prevention systems (IPS).
  • Endpoint protection on every device.

Types of computer crime

Common cyber crimes:

  • Hacking — illegally accessing systems.
  • Phishing — fake emails/sites to steal credentials.
  • Identity theft — stealing personal information.
  • Online fraud — fake shopping sites, scam investments.
  • Cyber stalking and bullying.
  • Child exploitation material distribution.
  • Ransomware — encrypting victim data and demanding payment.
  • Insider threats — by employees or contractors.

Software piracy

Software piracy is the unauthorised copying, distribution, or use of software. It violates copyright law and harms developers.

Common forms:

  • Copying CDs or downloading cracked software.
  • Sharing licence keys.
  • Using one licence on multiple machines.
  • Counterfeit software in shops.

Anti-piracy

Measures used to prevent piracy:

  • Software licensing (per user, per machine, subscription).
  • Activation keys and online activation.
  • DRM (Digital Rights Management).
  • Cloud-based / SaaS models (no local install to pirate).
  • Legal action by companies and organisations like BSA.

Computer virus, worm, spyware

Different types of malware:

  • Virus — attaches itself to a file or program; spreads when run.
  • Worm — self-replicating; spreads across networks (e.g. WannaCry).
  • Trojan horse — looks like useful software but does damage.
  • Spyware — secretly collects user data.
  • Adware — shows unwanted ads.
  • Ransomware — encrypts files and demands payment.
  • Rootkit — hides deep in the OS, very hard to remove.
  • Keylogger — records every keystroke.

Famous examples: ILOVEYOU (2000), Stuxnet (2010), WannaCry (2017), NotPetya (2017).

Professionalism, ethics and morality

A professional in IT is expected to act with integrity and follow ethical principles:

  • Respect privacy and confidentiality.
  • Be honest about capabilities and limitations.
  • Avoid conflicts of interest.
  • Take responsibility for the work produced.
  • Continue learning to stay competent.

Ethical issues in computer

Common ethical dilemmas:

  • Should companies collect user data?
  • Who is responsible when AI makes a wrong decision?
  • Is it ethical to monitor employees’ computers?
  • Should bug reports be disclosed publicly?
  • How should we handle biased algorithms?
  • Use of surveillance technology by governments.

Cyber law

Cyber law is the legal framework that governs activities on the internet. Topics covered:

  • Computer crime and punishment.
  • Intellectual property rights online.
  • Privacy and data protection.
  • Electronic contracts and signatures.
  • Digital evidence in courts.

In Nepal, the Electronic Transactions Act (2008) is the main law dealing with cybercrime. Globally, important laws include GDPR (EU privacy), CCPA (California), and DMCA (US copyright).

Digital literacy

Digital literacy is the ability to use digital technology effectively and safely. It includes:

  • Knowing how to use computers, phones, and the internet.
  • Recognising fake news, scams, and phishing.
  • Understanding online privacy.
  • Being respectful and responsible online.

These laws protect creators of original work:

  • Copyright — protects literary, artistic, musical, and software works.
  • Designs — protects the visual design of an object.
  • Patents — protect inventions and processes.
  • Trademarks — protect brand names, logos, and slogans.

Most countries have their own version aligned with international treaties (Berne Convention, WIPO).

Network security

Networks face many threats and need their own protections.

Common threats:

  • Sniffing — capturing unencrypted traffic.
  • Spoofing — pretending to be another device or user.
  • Man-in-the-middle (MITM) — intercepting communication.
  • Denial of Service (DoS / DDoS) — overwhelming a server.

Defences:

  • Firewalls.
  • VPNs (Virtual Private Networks).
  • Intrusion Detection / Prevention Systems (IDS/IPS).
  • Network segmentation.
  • Strong authentication and encryption.

Hardware and software firewall

A firewall monitors and filters network traffic based on rules.

  • Hardware firewall — a dedicated physical device (used at network edges).
  • Software firewall — an application running on a computer (Windows Defender Firewall).

Both can block unwanted traffic, restrict access by port and IP, and log suspicious activity.

Data and message security

Data must be protected:

  • At rest — when stored (full-disk encryption, database encryption).
  • In transit — when moving across networks (HTTPS, VPN).
  • In use — while being processed (secure enclaves, confidential computing).

Messaging apps like Signal and WhatsApp use end-to-end encryption so even the service provider cannot read the messages.

Encryption and decryption

  • Encryption — converting plain text into unreadable form (cipher text).
  • Decryption — converting cipher text back to plain text.

Types of encryption

  • Symmetric — same key for encrypt and decrypt (AES). Fast but key sharing is hard.
  • Asymmetric — public key + private key (RSA, ECC). Slower but solves key sharing.
  • Hashing — one-way function (SHA-256). Used for passwords and integrity checks.

Common uses

  • HTTPS / TLS for secure web browsing.
  • SSH for secure remote login.
  • Password storage with hashed values.
  • Cryptocurrencies use cryptographic signatures.
  • Digital signatures for verifying authorship.