Breaking the Kubernetes Kill Chain: Host Path Mount
Basiccomputer
1. Basic Computer course book
Free University of Bolzano Bozen – Dr. Paolo Coletti ‐ Edition 7.0 (8 October 2012)
Introduction
This book contains course’s lessons held at the Free University of Bolzano Bozen. It contains only the first
part of the courses, namely the lessons on:
computer introduction,
Microsoft Windows,
computer networks,
computer dangers and security.
It does not contain the parts on Microsoft Word, Microsoft Excel, financial functions, Microsoft Access,
computer algorithms, SPSS, Visual Basic for Applications, which are very well covered by the respective
courses’ suggested books.
This book is usually updated every year, please take a look at the edition date.
Disclaimers
This book is designed for very novice computer users. It often contains oversimplifications of reality and
every technical detail is purposely omitted. Expert users will find this book useless and, for certain aspects,
partially wrong.
This book supposes that the user is using Microsoft Windows 7 operating system in English language.
However, most of the book is perfectly readable with other Windows versions, while some menus and
instructions can be rather different if the language is not English (Windows language may be changed on
multi‐language installations: see page 6 for further information).
The novice user in this book is, for simplicity, always considered male. This is not meant to be gender
discrimination.
Table of Contents
Introduction .......................................................... 1
1. Computers .................................................... 2
1.1. Storage ......................................................... 2
1.2. Software ....................................................... 3
2. Microsoft Windows ...................................... 5
2.1. Versions and editions ................................... 5
2.2. Regional and language settings .................... 6
2.3. File system .................................................... 7
3. Computer networks ................................... 13
3.1. Technical aspects........................................ 13
3.2. Communication .......................................... 14
3.3. Internet connections ................................. 17
4. Computer security ..................................... 18
4.1. Encryption ................................................. 18
.
4.2. Passwords .................................................. 21
4.3. Viruses ....................................................... 23
4.4. Emails ........................................................ 24
.
4.5. Navigation ................................................. 26
.
4.6. Attacks from outside ................................. 27
4.7. Backup ....................................................... 28
Index .................................................................. 31
2. Dr. Paolo Co
oletti
Basic
c Computer course book
k
1. Com
mputer
rs
This chapte
er presents w
with a brief d
description of computer m
main compo
onents, of the
e most comm
mon devices
s
and of the t
typical softw
ware components for nov
vice user.
1.1. Sto
orage
1.1.1. Me
easures
Before star
rting with the compute descriptio it is use
er
on,
eful to beco
ome proficie with th data size
ent
he
e
terminology
y, which will often be use
ed in this book.
Computers have a very elementary
y way to stor
re data: they
y can remem
mber only 0 o
or 1. A value
e of 0 or 1 is
s
called bit an
nd all compu
uter data are
e stored as se
equences of bits. A sequence of 8 bit
ts is called a byte, which
h
is a quantity
y large enough to store u
usually a letter or a digit (even though sometimes 2 bytes are
e necessary).
.
Modern co
omputers are able to deal with en
e
normous qua
antity of by
ytes, forcing us to intro
oduce other
r
quantities:
Kilo
obyte (KB), approximately
y 1,000 byte
es,
Megabyte (MB)
), approximately 1,000 KB or one million bytes,
Gigabyte (GB), a
approximate
ely 1,000 MB
B or one billio
on bytes,
Terabyte (TB), a
approximately 1,000 GB o
or one trillio
on bytes.
Usually the unformatte
ed text of a w
whole book can fit in so
ome KB, while for an ima
age in a good resolution
n
(let’s say ready to be pr
rinted on A4 paper) or fo
or a modern song some M
MB are required, while a
a film in high
h
quality need
ds some GB.
1.1.2. Mo
oore’s law
Over the la 40 years, computer hardware h been con
ast
has
ntinuously im
mproving its performances with an
s
n
exponential growth. This growth is summarized
d by the famous Moore’s
s law which says that the
e number of
f
transistors in a process doubles every 18 mo
sor
onths. This l
law can be extended to almost every aspect of
e
f
hardware a we may say that the performan (be it speed or capa
and
e
nce
acity) of hard
dware doubles every 18
8
months, thus leading to a general exponentia growth. U
t
al
Unfortunately software’s performanc does not
y
s
ce
t
increase wit
th the same rate.
1.1.3. De
evices
The compu
uter uses sev
veral devices to perman
nently store and move data, which vary a lot in terms of
h
f
capability, c
cost, speed a
and portabilit
ty.
The most used is
s the interna
al hard disk, w
which usuall
ly is inside th
he computer
r box and
can not be move
ed. Its size cu
urrently rang
ges from 500
0 GB to 2 TB. On the othe
er hand, an
exte
ernal hard disk is outside the comput
ter, has the s
same size and obviously c
can be
mov
ved. Its only disadvantage is being slightly slower
r.
SSD Solid State Disks are sta
arting to slow
wly invade the market. T
They are not
t disks at all,
,
but very lar
rge memory cards shape like an hard disks wh
y
ed
hich can ent
tirely replace
e the interna
al hard disk.
.
Their main advantages are that not
t having mov
ving parts (they do not r
rotate at hig
gh speed like
e hard disks)
)
are more ro
obust and th in most situation they are faste than hard disks (up to 10 times fa
hat
er
o
aster). Their
r
disadvantag
ge is the limited size whic
ch currently is 250 GB an
nd their high price.
Page 2 of 32
2
Edition 7.0 (0
E
08/10/2012)
)
3. Basic Comp
puter course book
Paolo Coletti
i
Dr. P
CD and DVD are the
e two moder
rn ways to st
tore data. Th
hey contain a
about 700 M
MB and 4 GB,
,
respect
tively. They a
are divided in
nto R which may only be
e written onc
ce and RW w
which may be
e
written are re‐writt
ten several times. They r
require a CD‐reader or a DVD‐reader
r to be read,
,
which a
are available on most com
mputers, and
d a CD‐writer or DVD‐writer to be wr
ritten, which
h
are ava
ailable only on some computers. A new generation of high capacit discs has
c
h
ty
s
appeared
d on the market, the Blu‐ray with 25 GB size.
Memory
y stick or USB
B pen drive is
s the most us
sed way to temporary st
tore and mov
ve data. Its
size is no
ow up to 64 G
GB, however
r its reliabilit
ty is not perfect, therefor
re it
is used m
mostly to mo
ove data.
mon ways to store and m
move data are
e through a memory card, used by
Other comm
external dev
vices such as
s photo cameras, cellular
r phones or m
music player
rs.
1.2. Sof
ftware
Software ca
an be divided
d into three b
big categorie
es: operating
g systems, pr
rograms and data.
The operati
ing system ta
akes care, th
hrough the p
processor and the mothe
erboard, of c
controlling th
he computer
r
hardware and the huma
an‐computer
r interaction. There are c
currently three widely us
sed operating
g systems:
Mic
crosoft Wind
dows (with it
ts versions XP, Vista and Windows 7), which is the
e market lea
ader,
Linux/Unix (it i a family o very simila operating systems), w
is
of
ar
g
which is the new costles operating
ss
g
sys
stem,
Ma
acintosh com
mputers have
e their own o
operating sys
stem Mac OS
S X.
Programs are software which is use
ed to do particular tasks, e.g. Word
d for docume
ent writing, Explorer for
r
Internet nav
vigation, the
e Calculator f
for mathema
atical operations.
Data is ever
rything whic
ch is produce
ed either by the user or by programs
s (sometime
es even by th
he operating
g
system) to store inform
mation, e.g. a
a document file produce
ed by Word is data, a downloaded web page is
s
data.
1.2.1. Sof
ftware lice
enses
Software ca
an be divided
d, from a com
mmercial po
oint of view, using two fe
eatures: the cost and the
e permission
n
to be modif
fied.
by cost is:
Subdivision
free
eware, softw
ware which is completely
y costless. T producer of this software are e
The
rs
either public
c
inst
titutions such as universities, or developers who
o do it for pe
ersonal inter
rest or adver
rtisement or
r
priv
vate compan who do it for dum
ny
mping reason Some ex
ns.
xamples are Skype com
e
mmunication
n
pro
ogram or Linu
ux operating system;
shareware, soft
tware which is initially costless but a
after a certa
ain period the user is ask
ked to pay a
a
fee or delete it; or softw
ware which has two versions: a free one, b incomple or with
f
but
ete
h
adv
vertisement banners, and
d a complete
e advertisem
ment‐free on
ne, for which
h the user must pay. The
e
most famous ex
xample is WinZip compre
ession progra
am;
com
mmercial, so
oftware for w
which the user has to p a license to use it. Common ex
pay
e
xamples are
e
Mic
crosoft Wind
dows operating system or Photoshop
p image editin
ng program;
Edition 7.0 (08/10/2012
2)
Page 3 of 32
2
4. Dr. Paolo Coletti
Basic Computer course book
private, software uniquely built, under payment, for a specific customer to fit his needs. Only the
costumer may use it. A typical example is the university’s students‐courses‐exams‐professors
database system.
The permission to be modified can seem a trivial question for the novice user, however for program
developers and computer experts being authorized to modify a software is a great advantage since it can
be improved, checked for errors and tailored to specific needs. The “open source versus proprietary
software” is a strong ethical and economical debate in the computer scientists’ community. Subdivision by
permission to modify is:
open source software may be studied, used and especially modified by anyone. The software
developers at the same time legally authorize any modifications and they distribute the source of
the software to put other developers in a condition to easily modify it. Open source software is also
automatically freeware. The most typical example is Linux operating system.
copyleft software is open source but carries the restriction that any modification must be
distributed as open source and copyleft, thus impeding that software becomes, after a
modification, proprietary. The most famous copy left contract license is the GNU Public License (see
http://www.gnu.org/licenses/gpl.html).
proprietary software is distributed (costless as Adobe Acrobat Reader, or as a shareware as WinZip,
or most often sold as commercial software as Microsoft Office) with the explicit legal warning not
to modify it and technically locked to prevent other developers to see or modify its source.
1.2.2. Software naming
Software is usually identified by a name, for example “Linux” or “Microsoft Office”, sometimes by a
distribution/edition name “Linux Ubuntu”, “Microsoft Office Professional” and very often by a version
number, a sequence of numbers, points and letters (sometimes, as for Windows, commercial names) which
distinguishes the changes made by developers with time, such as “Linux Ubuntu 12.10” or “Microsoft Office
Professional 2010”. Obviously the version numbers of open source software changes rapidly, due to the
many developers working on them.
1.2.3. Data format licenses
Data need to be saved with a certain structure, called formats. For example, a plain text file may be simply
saved as a sequence of letters and symbols, which corresponds to the TXT format. More complex
structures, such as images, videos, but also formatted texts, need more elaborated formats to be stored.
These formats may be:
closed proprietary, a format owned by a software company and kept as a trade secret. In this way
only programs build by that company can use those data files and no other company is able to
endanger its monopoly. A famous example is DOC format which, until 2007, was kept secret by
Microsoft, thus preventing competitors from building alternatives to Microsoft Word program.
open proprietary,, a format publicly available but whose improvements and control are under the
ownership of a software company. A typical example is the new Word format DOCX.
open, a publicly available format which follows official standards whose control is under ownership
of public organizations, such as American ANSI, German DIN or Italian UNI. Typical examples are
image’s format GIF or formatted text’s format PDF or web page’s format HTML.
Page 4 of 32
Edition 7.0 (08/10/2012)
5. Basic Computer course book
Dr. Paolo Coletti
2. Microsoft Windows
Microsoft Windows is currently the market leader operating system, it is the usual interface which appears
when the user turns a personal computer on.
2.1. Versions and editions
Microsoft released Windows XP in 2001 and for many years it has been the main Microsoft operative
system. In May 2012 it is still installed on approximately 30% of computers (source gs.statcounter.com).
Windows Vista was released in 2007 and it was not a market success.
Currently it is installed on less than 10% of computers.
Microsoft released Windows 7 in 2009, which is the currently default
Microsoft operative system. It is installed on approximately 50% of
computers. Its editions are:
Starter and Home Basic, cheap versions with severe limitations, used
mostly on small notebooks;
Home Premium, home user’s edition;
Professional, personal business’ edition which includes more
network programs;
Enterprise/Ultimate, Professional edition with more network utilities
available to companies/individual users. Enterprise edition is
currently (June 2012) installed at UNIBZ
Starter
Home Basic
Home Premium
Professional
Enterprise/Ultimate
2.1.1. Computer locking problem
Microsoft Windows sometimes becomes unstable: it can unpredictably, without any warning and when the
user does not expect it and typically when he is doing something very important and urgent, lock and
refuse to respond to user’s actions. When this happens, it is usually caused by the program that was used
and therefore the first thing to do is to try to close the current program. If this does not improve the
situation, the only other solution left is to turn off the computer. The list of operations to try until the
computer answers to user’s commands is:
1. if the mouse works, click the X button on the
program window or otherwise press ALT+F4;
2. press CTRL+SHIFT+ESC; select the program from the
list and press End Program;
3. press CTRL+ALT+DEL and, from the bottom right icon,
choose Shut Down;
4. press the computer on/off button;
5. unplug the electric power.
In any case all the current unsaved work will be lost; in the
last two cases the operating system can sometimes be
damaged but very often it will repair by itself the next time
the computer is turned on. Therefore it is always a very
good idea to save very often the current work, especially
when it is important, urgent, or difficult to redo.
Edition 7.0 (08/10/2012)
Page 5 of 32
6. Dr. Paolo Coletti
Basic Computer course book
2.2. Regional and language settings
With a multilanguage Windows installation, keyboard settings or menus’ languages may be changed
clicking on the Start icon”, choosing “Control panel”, then “Clock, Language and Region”, then “Change
Display Language”, and modifying the appropriate setting.
Another interesting
option, available on
every
Windows
installation, is the
numbers’ and dates’
formats. When in
“Clock, Language and
Region”, choosing
“Region
and
Language”
and
clicking on “Formats”
then on “Additional
Settings” the user is
able to change the
format of numbers,
especially
the
decimal separator,
the currency and the
date
format,
especially the English
(month‐day)
and
European
(day‐
month) formats.
While the keyboard settings can be adjusted from this menu, it is easier to adjust it directly from the right
side of the application bar, simply clicking on keyboard icon and selecting the appropriate one.
2.2.1. Keyboards and languages
Before starting this section it is necessary to take a close look at your keyboard. Locate these keys since
they will be used in the rest of this manual and are very useful in many programs:
English keyboard German keyboard Italian Keyboard
CTRL
ALT
ALTGR
F1 to F12
DEL
INS
HOME or
END
PG and PG
Page 6 of 32
STRG
ALT
ALTGR
F1 to F12
ENTF
EINFG
POS1
ENDE
BILD and BILD
Main function
CTRL
ALT
ALTGR
Produce character on the key’s right left
F1 to F12
CANC
Delete next character
INS
Toggle insert/overwrite mode
Go to beginning
FINE
Go to end
PAG and PAG
Go one page up or down
Edition 7.0 (08/10/2012)
8. Dr. Paolo Co
oletti
Basic
c Computer course book
k
Choosing th “Change your view” menu of a d
he
directory windows will p
provide the user with fi different
ive
t
ways to loo
ok at files and directories
s, the most important way being the
e Details whi
ich can show
w interesting
g
information
n on files and
d directories such as their size and da
ate of last mo
odification.
Each file an
nd directory can be univo
ocally identified by its ab
bsolute path
h or address. For directo
ories it is the
e
path which appears on the address bar of th directory window, while for files it is the path of their
n
he
s
r
containing directory fo
ollowed by “” and the file name. For examp the abso
e
ple,
olute path of directory
y
“Common” in “HP” directory in “Program Files” dire
n
ectory in the C: hard disk is “
t
d
“C:Program
m
FilesHPCo
ommon” as c
can be seen from the ad
ddress bar. W
While, the HP
PeDiag.dll fil
le has the ab
bsolute path
h
“C:Program
m FilesHPC
Common HP
PeDiag.dll”.
Note that, f
for Windows
s operating sy
ystem, capital or small ca
aps letters in
n paths are p
perfectly equ
ual.
A special an
nd tricky obje
ect is the link or shortcut
t. Although i
its icon looks
s like a file ic
con,
the small cu
urved arrow
w on the left corner clear
rly indicates that this ob
bject is a link
k. A
link is simpl
ly an address
s to a file or directory, it is not a real
l file or direc
ctory. When the
user clicks o
on the link, the comput behaves exactly as if
ter
f the user is clicking on the
real file or directory (if Windows ca
an find the r
real one, wh
hich is not th
he case if in the
meantime s
somebody deleted or m
d
moved it). However, any copy/move operation on the link will simply
y
e
k
y
copy/move the link and
d not the real file or direc
ctory; especi
ially copying/moving the
e link to anot
ther disk will
l
probably ca
ause it to malfunction. Th
herefore it is a good idea
a for novice u
users to avoid using links
s at all.
2.3.2. Files’ operat
tions
When doub clicking on a file, W
ble
Windows usu
ually starts a program. The user is totally una
s
aware of an
n
important d
difference:
double clicking on a
a program ru
uns the progr
ram which w
was double clicked
double clicking on a
a file calls the program a
associated w
with that file and runs it, at the same
e time telling
g
the pro
ogram to ope the file. If no program is associa
en
ated with that file type, Windows as the user
sks
r
which p
program should open the
e file.
Copying a f means reproducing it to anothe location o to the same location with a diffe
file
er
or
erent name.
.
Copying a d
directory me
eans reproducing it to a
another loca
ation, or to the same lo
ocation with a different
h
t
name, toge
ether with it entire tree of subdire
ts
e
ectories and files. To
copy a file or directory windows offers several methods, t most
y
the
used being:
Page 8 of 32
2
Edition 7.0 (0
E
08/10/2012)
)
9. Basic Comp
puter course book
Dr. P
Paolo Coletti
i
drag the object to the destination. If a p
plus symbol does
not appear, pr
t
ress CTRL ke to have it appear w
ey
while
dragging. Release the objec
ct in the destination;
sele the obje and clic the right mouse button.
ect
ect
ck
Sele “copy”. Point the mouse to the destination and
ect
n
click the right mouse but
tton. Select “paste”. If the
f
des
stination is th
he original lo
ocation, the f
file name cha
anges to “co
opy of …”;
sele the object and press CTRL+C. Po the mou to the destination a press CT
ect
s
oint
use
d
and
TRL+V. If the
e
des
stination is th
he original lo
ocation, the f
file name cha
anges to “co
opy of …”.
Moving a fi
ile means moving it to a
another location losing t
the file in the original place. Moving
g a directory
y
means mov
ving it to ano
other location together w
with its entir
re tree of sub
bdirectories and files. To
o move a file
e
or directory
y windows of
ffers several methods, th
he most used
d being:
drag the object to the destination. If a p
plus or a link symbol does appear, press CTRL or S
SHIFT key to
o
rem
move it. Relea
ase the object in the des
stination;
sele the obje and click the right mouse button. Select “
ect
ect
k
“cut” and th icon
he
bec
comes lighte Point the mouse to the destinat
er.
e
t
tion and clic the right mouse
ck
but
tton. Select “
“paste”;
sele the obje and pre CTRL+X and the ico becomes lighter. Po
ect
ect
ess
on
s
oint the mo
ouse to the
e
des
stination and
d press CTRL+
+V.
To create a link to a file or directory
y:
drag the object
t to the dest
tination of th
he link. If a link symbol does not ap
ppear, press CTRL+SHIFT
T
unt
til it appears.
. Release the
e object in th
he destination;
sele the obje and click the right mouse butto Select “c
ect
ect
k
m
on.
create short
tcut”. A link is
k
crea
ated in the s
same directo
ory.
Deleting a f
file means o
often putting
g it into the trash can w
where it can be recuperated unless t
the
trash can is
s emptied. D
Deleting a dir
rectory mean putting it t
to the trash can togethe
er with its entire tree of
f
subdirector
ries and file Pay spec attentio since no always th trash ca works co
es.
cial
on,
ot
he
an
orrectly and
d
sometimes files are del
leted withou
ut passing th
hrough the t
trash can. To
o delete a file or directo
ory windows
s
offers sever
ral methods, the most us
sed being:
drag the object to the trash can and rele
ease it;
sele
ect the objec
ct and click th
he right mou
use button. S
Select “delete”;
sele
ect the objec
ct and press DEL key.
To rename a file or directory, simp
ply select the
e object, clic
ck on the na
ame and rety
ype it. Usually Windows
s
accepts eve name, b novice u
ery
but
users should stick with letters and numbers a
d
and spaces, since other
r
characters m
may be forbi
idden.
To create a new directo
ory, simply ri
ight click the
e mouse and
d choose
“New” and “Folder”. Aft
ter the creat
tion, rename
e it.
S
Sometimes files occupy a
a lot of space
e and need to be reduced
d to save dis
sk space or to
o be sent by
y
e
email; other times files m
must be put i
in a package
e to remain together or t
to be sent as
s a single file
e
v email. Th
via
hese two op
perations are accomplish compressing a set of files and directories,
e
hed
,
which mean
ns using a sp
pecial program (WinZip o
or IZArc or th
he operative system itself) to reduce (from 0% to
o
90% depending on the file type) the file size an
nd produce a
a new single
e file called z
zip‐archive co
ontaining all
l
the selected
d files and di
irectories.
Edition 7.0 (08/10/2012
2)
Page 9 of 32
2
10. Dr. Paolo Co
oletti
Basic
c Computer course book
k
To compres
ss a set of file
es and direct
tories:
1. sele
ect the files a
and directori
ies all togeth
her,
2. click the right m
mouse key,
3. sele “IzArc” o the installed compre
ect
or
ession progra and sele somethin like “Add to Archive
am
ect
ng
d
e
File
e…”,
4. a di
ialog box app
pears asking you to choo
ose the zip‐ar
rchive name and its dest
tination;
5. in this dialog bo
ox you must also choose the compre
ession metho
od, which is s
strongly sugg
gested to be
e
ZIP to be compa
atible with other program
ms;
6. in this dialog an
n encryption method (see section 4.1
1 on page 18
8) may be ch
hosen. If your zip‐archive
e
sho
ould be open
ned by anybo
ody, then ch
hoose “None
e”: Otherwis
se, if you wa
ant the zip‐archive to be
e
unc
compressed only by peop
ple knowing a proper pa
assword, cho
oose any of t
the encryptio
on methods,
,
such as “AES 12
28 bit”, and p
provide the p
password.
Other files o
or directorie
es may be ad
dded later to
o the zip‐arch
hive simply d
dragging them on the zip
p‐archive file
e
(this is a cop
py and not a move opera
ation) if it is not encrypte
ed.
To extract f
files from a z
zip‐archive fi
ile, simply click the right
t mouse key on the file a
and from the
e drop‐down
n
menu choo the appr
ose
ropriate extr
ract option: the content will appea in the location you have chosen,
t
ar
,
together wi
ith all its dire
ectories’ stru
ucture.
When doub
ble clicking o
on a compres
ssed file, if th
he compress
sion program
m is properly
y installed, it will open in
n
a window a
as if it were a directory. But it is not a normal di
irectory, it is
s simply a window, prod
duced by the
e
compression program, with the list of the zip‐archive’s content: the user should not open file from this
t
u
es
s
window sin it is a ve unreliable way to modify files! F
nce
ery
Files can be copied from this windo to a real
m
ow
l
directory si
imply draggi them to the directo When the entire co
ing
o
ory.
ontent of th zip‐archive has to be
he
e
extracted o when the user wants to preserve the origina tree struc
or
e
al
cture, it is be
etter to use the Extract
t
button of th
his special window.
2.3.3. File types
Windows id
dentifies a file type by its
s extension, w
which is ever
rything after
r the last dot
t in the filena
ame. Usually
y
it is a 3 or 4
4 character acronym. Us
sing the file extension, W
Windows kno
ows the file type and de
ecides which
h
program wi
ill open that file. If the file extension
n does not sh
how up, follo
ow the instru
uctions at se
ection 2.3 on
n
page 7. The
e most impor
rtant file type
es are:
File type
Typical
l programs that open it
Typical ext
tensions
Program
m
its
self
.exe .com
m .bat
Compressed
WinZip
p / IZArc
.zip
p
Text
Not
tepad
.txt
Documen
nt
Word / Acroba
W
at / Powerpo
oint
.docx .doc .rt
.
tf .pdf .ppt
Sheet
Ex
xcel
.xlsx .xls .csv
Image
Explor
rer / Picture Fax Viewer /
/ Paint /
Office Pictu
ure Manager
r
f .bmp .png
.jpg .jpeg .gif
Video
Media
a Player
.avi .mov .m
mpg .mpeg
Typica
al icons
Page 10 of 3
32
Edition 7.0 (0
E
08/10/2012)
)
11. Basic Comp
puter course book
Dr. P
Paolo Coletti
i
Audio
p
Media Player / WinAmp
.mp3 .
.wav
Web pag
ge
Exp
plorer
.html .
.htm
2.3.4. File permissions
For each fil Windows 7 operative system use a permiss
le
e
es
sion.
Click the rig button o the mous on a file o directory and
ght
of
se
or
select “Pro
oprieties” an “Security The secu
nd
y”.
urity dialog box
shows the l
list of users or groups of
f users who may access this
ot access it. For each use
object, whil
le not listed users may n
er or
group this dialog box displays t
x
the permiss
sions, the m
most
important b
being:
read permission
n, to copy an
nd open the o
object;
read and execute, same as read, plus ru
un the object
t if it
is a program;
list content (for
r directories), to see the c
content;
writ permissio (for direc
te
on
ctories), to create files and
sub
bdirectories;
modify permiss
sion (also cal
lled, when re
eferred to a file,
writ permissio
te
on), same a read and execute, plus
as
d
dele
ete, move, re
ename, save
e modificatio
ons;
full control, sam
me as modify
y, plus change permission
ns.
The owner of the file u
usually has f control on it and m change p
full
may
permissions or add new authorized
w
d
groups or u
users. A spe
ecial group is the Admin
s
nistrators gro (contain
oup
ning the use involved in technical
ers
l
administrat
tion of computers) which
h has full con
ntrol on every
y object.
2.3.5. Ne
etwork fold
ders at UNIBZ
On UNIBZ L
LAN there are shared hard disks on w
which comm
mon informat
tion is stored
d, so that it is accessible
e
from every computer. T
These are called network
k folders. Som
me of them a
are:
ubz01fstcour
rsescourse_
_coletti whic contains u
ch
utility files that will be used during the course.
.
The files mus never be opened dou
ese
st
uble‐clicking from here, otherwise t
they will be locked (see
e
sect
tion 2.3.4 on
n page 11); th
hey should b
be copied on each user’s desktop bef
fore opening
g them;
ubz01fstcour
rsesexam_c
coletti, follo
owed by user’s login nam
me or the us
ser’s last nam
me and first
t
nam
me, which wi
ill contain ex
xam files and
d which is acc
cessible only
y by the user
r;
ubz01fststud
dents, follow by year, faculty an user’s login name, c
wed
nd
contains a copy of the
e
stud
dent’s disk F
F, desktop, an
nd configuration.
2.3.6. Ro
oaming use
er profile a
at UNIBZ
Whenever t user log in on a ne compute usually he should find a complet new profile (Desktop,
the
gs
ew
er,
e
d
te
,
icons, Docu
uments, conf
figuration), w
which is obviously very annoying. In o
order to let him find alw
ways his stuff
f
as it has bee
en left on the last compu
uter used, whenever the user logs of
ff all his profi
ile is copied on directory
y
ubz01fst
students, followed by year, facult and user login nam (for example, for D
f
ty
r’s
me
Diana Pfeifer
r
enrolled in 2012 it is ubz01fsts
studentsUser2012Eco
dpfeifer). Whenever he logs in ag
W
e
gain on any
y
university’s computer, t
that compute
er retrieves all his profile
e’s stuff from
m this directo
ory.
Edition 7.0 (08/10/2012
2)
Page 11 of 32
2
13. Basic Computer course book
Dr. Paolo Coletti
3. Computer networks
This part of the book is dedicated to computer networks from a user’s perspective. Nowadays a computer
is very likely to belong to some company’s network, or to be connected to the Internet via an Internet
provider, and is therefore exposed to all the typical network problems. Without entering into technical
details, this section will explore the situations in which a novice user can find himself in troubles and how
he can try to survive dialoguing with network administrators in their own strange technical language.
3.1. Technical aspects
A computer network is a set of devices which communicate and share resources. These devices are mostly
computers, and sometimes stand‐alone hard disks, telephones, printers and terminals (processorless
computers which must rely on other computers to work).
3.1.1. Server and client
A computer network interaction is based on the client server architecture. When considering a single
interaction, one computer is the server and the other one is the client. The server is the computer which is
offering its resource, usually programmed to wait until someone asks for its resource. The client is the
computer which uses the resource, which sends the request to a waiting server.
For example, when sending a document to the printer, the user’s computer is the client while the printer is
the server; when retrieving personal emails, the user’s computer is the client which connects to the
mailserver asking for available emails. When talking to a friend on an Internet chat, the interaction is
composed of two different interactions: the user’s computer as a client is connected to the chat room’s
computer acting as a server, and the friend’s computer does the same interaction.
The same computer may be the client for a service and the server for another service. For example, a
library computer may have a CD inside its reader shared to the network (server for the CD) and may be at
the same time used by a user to print his own documents (client for the printer).
3.1.2. Areas
Computer networks are commonly divided into three categories:
Local Area Network (LAN or Intranet), usually the network of computers in the same building or
belonging to the same owner. Inside the LAN every computer is well identified and usually every
user is known. It is considered a trusted area.
Wide Area Network (WAN or Internet), which is everything which connects LANs. Computers’ and
users’ identification is very hard and anonymity is possible. It is considered a dangerous area.
Virtual Private Network (VPN) is a way to recognize a computer outside the LAN as a trusted
computer: the user is identified with a password and his computer, even though connected via
Internet, will be considered as part of the LAN, for as long as it remains connected. VPN is typically
required to identify portable computers connected via wireless connection.
3.1.3. Transfer speed
The network connecting components are the cables, which determine the speed of the LAN. Cables have a
speed measure in bps (bits per second) which indicates how many bits can flow through the cable in one
second.
Edition 7.0 (08/10/2012)
Page 13 of 32
14. Dr. Paolo Co
oletti
Basic
c Computer course book
k
Ethernet cables
s have a speed of 10 Mb
bps and can thus carry 1
1.25 MB each
h second, meaning that,
,
for example, a 600 MB mov
vie can be tr
ransferred in
n 8 minutes f
from one co
omputer to a
another one,
,
sup
pposing no o (neither users nor c
one
r
computers) is using that network tract for other purposes
s
dur
ring the trans
sfer.
Fast
t Ethernet ca
ables have a speed of 10
00 Mbps.
Giga Ethernet cables have a
a speed of 1 G
Gbps.
A w
wireless netw
work, a cable
eless networ
rk where computers use
e radio signa
als to communicate, has
s
usu
ually a speed around 30‐8
80 Mbps, depending on t
the wireless generation.
To find out how much time does it take to transfer a f with a s
t
h
s
file
size expressed in bytes, divide the
e
connection speed in bps by 8 to find
d out the byte rate per s
second and t
then divide t
the file size b
by the speed
d
to find out the numbe of seconds it takes fo the file tr
er
or
ransfer. For example, to transfer a 600 MB file
o
e
through an Fast Ethern connecti
net
ion, find out the speed of 12.5 MB per second (12,500,00 bytes per
t
B
d
00
r
second) and
d then divide
e 600 MB (o
or 600,000,00
00 bytes) by
y 12.5 (or by 12,500,000) to find out
t the time of
f
48 seconds.
.
3.2. Com
mmunic
cation
Inside a com
mputer netw
work many co
ommunicatio
on programs
s are installe
ed on Intrane
et computers
s to connect
t
to the Internet or even to internal computers.
3.2.1. We
eb browse
er
A web brow
wser is a client program t
to navigate t
the WWW a
and retrieve web pages.
It runs directly on the u
user’s computer as a client and con
nnects to ext
ternal web‐
servers, ide
entified with the www. prefix in th Internet n
h
he
name, to re
etrieve web
pages. The market leader (about 35% of uses according to recent s
statistics) is
Microsoft In
nternet Explo
orer, a freew
ware proprietary softwar
re. Its main c
competitors
are Mozilla Firefox, an open source
e software, Chrome, the browser fr
e
rom Google
and Safari, t
the browser for Mac OS X,
3.2.2. Ma
ail reader
A mail read is a clien program to send and retrieve emails. It run directly on the
der
nt
d
ns
user’s computer as a client and c
connects to a mail‐serv
ver, a progr
ram in char of
rge
collecting and dispatchi
ing emails. T
The market le
eader is Mic
crosoft Outlo
ook, a comm
mercial
proprietary
software. It
t has many c
competitors,
, the most fa
amous being
g the open source
Mozilla Thu
underbird.
Another wa
ay to read an
nd send ema
ails is throug
gh webmail s
systems, whi
ich are webs
sites where t
the user can
n
enter and read his re
eceived ema and send new ones acting dir
ail
rectly on th mail‐serv
he
ver, without
t
downloadin them nor using any client. It ca be useful for various reasons: it does not require the
ng
r
an
i
e
installation of a mail rea
ader program
m; old receiv
ved emails are always av
vailable on th
he website a
and can thus
s
be accessed from home office and while trave
d
e,
d
eling, even w
without a pe
ersonal lapto the mails
op;
server takes
s
care of ema
ails backup. B
But on the other hand it requires a continuous fa
ast connectio
on even to w
write a single
e
long email, which can b
be costly and
d, in some situations, im
mpossible and usually the
e email spac
ce is limited.
.
The most fa
amous webs interface are the Microsoft Outlook Web A
site
es
M
App, where the web interface looks
s
exactly like Microsoft Outlook, an the Web
e
nd
bmail interfa
ace, used a
and persona
alized by mo Internet
ost
t
providers.
Page 14 of 3
32
Edition 7.0 (0
E
08/10/2012)
)
15. Basic Computer course book
Dr. Paolo Coletti
3.2.3. Posta Elettronica Certificata PEC
When sending an email, the sender has no proof that it has been sent, for example to be used in a court of
justice, and no guarantee that the email has been dispatched. Some mail readers use a receipt system, but
the receiver is not obliged to send back the receipt.
In order to overcome these problems, many solutions have been proposed. The Italian Posta Elettronica
Certificata (PEC) system has become one of the most widespread solutions, thanks to law Decreto
Ministeriale 6 May 2009 which guarantees a free PEC email address to every citizen and thanks to law
82/2005 which determines that PEC receipts are legal proves.
When an email is sent from a PEC address to another PEC address, the sender receives two receipt: the first
one is a proof that the email has been sent with date and time, while the second one is a proof that the
email has been dispatched to the mailbox of the receiver. This does not represent a proof that the email
has been actually read, but from the moment the email is dispatched to the mailbox it is the receiver’s
responsibility to read it. Under this circumstances, it is perfectly equivalent to “raccomandata con ricevuta
di ritorno”. Emails can be send also from a PEC address to a non‐PEC address, and in this case the receiver
gets only the sent proof but not the dispatched proof, like the “raccomandata semplice”. When an email is
sent from a non‐PEC address to a PEC address, no receipt is produced and this is equivalent to a standard
letter.
Moreover, even though it is not officially required, PEC to PEC also guarantees that content be not altered
and that sender’s email address is the indicated one. However, it is important to note that PEC alone does
not guarantee that the sender is really the person who claims to be and that content remains unread until
it reaches destination. In order to overcome these last two problems, encryption and digital signature (see
section 4.1 on page 18) must be used.
3.2.4. Voice over IP programs
Voice over IP (VoIP) programs are able to use the computer connection as a substitute for standard
telephone. Equipped with either microphone and headphones or with a real telephone‐like device, the user
can send his voice through the Internet to remote computers or even to real remote telephones, thus
saving on telephone bills.
VoIP requires a subscription to a VoIP’s website, the most famous being Skype, who decides the telephone
fares. Typically calling other VoIP’s users is free all over the world, while calling fixed telephones depends
only on the destination country and is independent from the caller’s country, with a fare which is
comparable to the standard local telephone call (about 2 €cent/minute in June 2012). On the other hand,
calling mobile telephones is, for the moment, still very expensive (about 30 €cent/minute in June 2012); for
this reason, special VoIP telephones, which can be programmed to automatically decide between VoIP and
the standard telephone line according to the dialed number, are appearing on the market.
3.2.5. Search engines
A search engine is a special program running on a website which offers to the user the possibility of
searching other websites for specific web pages. The user needs to connect to the search engine website
and digit the keywords, or sometimes even a complete question, and the website returns the list of
relevant web pages.
Search engines use a crawler technique: they continuously go through the known web pages memorizing
their content and trying to discover other web pages through the contained links. In this way they are able
to memorize most of the WWW’s pages (more than 8 billion pages), even though some not linked websites
can remain unknown to search engines.
Edition 7.0 (08/10/2012)
Page 15 of 32
16. Dr. Paolo Co
oletti
Basic
c Computer course book
k
The most po
opular searc
ch engines ar
re Google, th
he current market leader
r, Yahoo!
and Bing. In
n order to ch
hoose the order in which
h web pages are displaye
ed to the
user, search engines u scoring system. The most famo one is G
use
e
ous
Google’s
which relie on the id that a linked page is very important and useful;
es
dea
d
therefore a web page re
eceives a sco
ore proportio
onal to the number of we
eb pages
which put a
a link to it. A
According to recent resea
arches, the p
percentage o
of use of
these engin
nes are Goog
gle 83%, Yaho
oo 6%, and B
Bing 4%.
There are m
many tricks to
o speed up the web sear
rch and arrive
e quickly to t
the right result:
most novice users search t
the WWW using only a s
single keywo
ord, which o
often produc
ces the right
t
resu
ult but in some cases can result in lo
ong lists of w
wrong results
s, for example when look
king for Java
a
Island using sim
mply “java”. Using as ma keyword as possible often avo wrong r
any
ds
oids
results, even
n
tho
ough sometim
mes returns n
no pages if too many wo
ords are used
d;
put
tting some w
words betwe quotation marks fo
een
orces the se
earch engine to look fo the exact
e
or
t
phr
rase, i.e. exac
ctly for those
e words in th
hat order and
d with no wo
ords in between;
in the advanced
d search men
nu often there are very g
good options
s, such as the
e search of p
pages only in
n
a sp
pecified language or only
y in a specifie
ed format, fo
or example .d
doc or .pdf;
whe
en looking simply for some images, it is more co
onvenient to
o use the spe
ecific search rather than
n
trying to find web pages con
ntaining them
m.
Page 16 of 3
32
Edition 7.0 (0
E
08/10/2012)
)
18. Dr. Paolo Co
oletti
Basic
c Computer course book
k
4. Com
mputer
r secur
rity
Being connected to the Internet m
e
means giving anybody access to the computer. Despite the traditional
g
e
e
l
novice user
r’s belief tha
at he is the o
one who goe
es outside, i
it is instead the Internet
t world whic
ch is coming
g
inside, with all its benef
fits and dang
gers. Knowing a little bit of security is
ssues is nowadays necessary even to
o
the non‐exp
pert user, to avoid being lured into tr
raps or adop
pting potentia
ally dangerous behaviors
s.
Moreover, t
the recent It
talian law 19
96/2003 on p
privacy issues contains in
n the Allegato
o B the minimal security
y
techniques which must be adopted by system a
administrato
ors but also b
by normal us
sers. Every user who has
s
access to pe
ersonal data protected b
by privacy mu
ust take care
e of these pro
ocedures, in particular:
eac user must be authent
ch
t
ticated by a personal us
sername and a passwor or a biom
d
rd
metric device
e
(fingerprint, han
nd shape, ey
ye);
eac user has its own pe
ch
ermissions, limited only to the data he needs for his wo
ork, and the
e
per
rmissions mu
ust be revoke
ed when the user does not need them
m anymore;
use
ers must rece
eive specific training to b
be able to us
se their auth
hentication a
and to be aw
ware of their
r
resp
ponsibilities,
, duties and t
the possible dangers;
a firewall (see section 4.6.1 on page 27) and an a
2
antivirus (see section 4. on page 2 must be
.3
23)
e
present, either installed ei
ither on eac computer (as usually the antivir
ch
r
y
rus, and som
metimes the
e
firewall, are) or at the LAN e
entrance (as usually the f
firewall is);
soft
tware used t
to handle da
ata must be updated at least every year and se
ecurity softw
ware at least
t
eve
ery 6 months
s;
all d
data must be
e backed up (see section 4.6 on page
e 27) at least every week;
;
sensitive data r
receive special care: the
ey must be s
stored and tr
ransmitted u
using encryp
ption and, in
n
case
e of loss, mu
ust be restore
ed within 7 d
days.
4.1. Enc
cryption
n
Encryption is a text masking technique, derived
d from milita
ary use, whic
ch transform
ms informatio
on in such a
a
way that it may be corr
rectly read only with a sp
pecial passw
word called ke
ey. It uses tw
wo keys, a public key for
r
encrypting, usually know
wn only to o
one compute
er or person, and a privat
te key for de
ecrypting, us
sually known
n
by all the c
computers or people wh
hich legitimately may rea the information. The size of thes keys, and
ad
e
se
d
thus the difficulty to be guessed, i expressed in bits, with 128 bits being the typically most secure size
is
b
t
e
used.
The two fol
llowing sche
emas illustrat
tes how B, C
C and D can send secret messages using A’s pub
blic key
.
.
The sent messages are encrypted a
and later dec
crypted by A
A with his private key
. In case so
omebody
intercepts a
a message, h
he is unable t
to decrypt it
t correctly sin
nce he does not have A’s private key
y
is known on
nly to A. Even
n when some
ebody
, which
h
us
ses the publi
ic key to dec
crypt, it does
s not work.
The same p
process happens whenever a browser
r tries to sen
nd a passwor
rd or secret information t
to a website
e
using a secu
ure connection (see sect
tion 4.5 on p
page 26): the
e website tells the brows
ser its public key and the
e
browser use
es it to encry
ypt information which ca
an be read on
nly by the arriving websit
te.
Page 18 of 3
32
Edition 7.0 (0
E
08/10/2012)
)
19. Basic Comp
puter course book
message 1
Dr. P
Paolo Coletti
i
encr
rypt
message 2
encry
ypt
message 3
encry
ypt
G#4hg!
G
decrypt
messa 1
age
f@çd*s
f
decrypt
messa 2
age
È^£(iw,
È
decrypt
messa 3
age
message 1
encr
rypt
message 2
encry
ypt
message 3
encry
ypt
G#4hg!
G
decrypt
Trb:-ò°
°§
f@çd*s
f
decrypt
Dr4^|ò
ò9
È^£(iw,
È
decrypt
%$&/ò
òL
ge of encryption is to ma
ake stored da
ata unreadab
ble except by
y the owner. In this case
e
Another analogous usag
d
pt
on
ryption proc
cess is done
e
private and public keys coincides and are kep secret. The encryptio and decr
automatically by a prog
gram (PDF c
creation prog
grams or compression programs can do it, see page 10 for
p
n
r
instructions
s how to do it) or even b
by the opera
ative system (if the entir
re disk is enc
crypted), wh
hich asks the
e
password to
o the user ev
very time.
secret
t
data
enc
crypt
D(£ò§
*+]dH
decrypt
sec
cret
da
ata
secret
t
data
enc
crypt
D(£ò§
*+]dH
decrypt
%£)(“84
jhgd
ds?ì
Edition 7.0 (08/10/2012
2)
Page 19 of 32
2
20. Dr. Paolo Co
oletti
Basic
c Computer course book
k
4.1.1. Dig
gital signa
ature
A digital sig
gnature, or e
electronic sig
gnature, is an
n encryption
n technique f
for documen
nts which gu
uarantees, at
t
the same ti
ime, the doc
cument’s author’s identity and that the docume
ent’s conten has not be altered.
nt
een
.
According to Italian law
w 82/2005, digital signature is equivalent to handw
written signa
ature.
The two fo
ollowing sche
emas illustra instead the usage o encryptio for digital signature. A wants to
ate
of
on
o
publish a publicly availa
able docume
ent with its signature. It
t is sufficient
t for A to en
ncrypt it with
h his private
e
d
. If the result of decryption is
s
key
and all the users can try to decrypt it with A’s public key
something readable, it means that t
the document was really
y encrypted with A’s priv
vate key and thus comes
s
from A; on the other hand, if the result is unreadable, it means that encryption was not do with A’s
h
t
one
s
private key.
. In this way,
, digital signa
ature used in
n combinatio
on with PEC can guarante
ee also send
der’s identity
y
and email’s content.
docum
ment
document
t
encr
rypt
G#4$h
G
&à?‐2y
&
decrypt
docum
ment
docum
ment
2?=zx:-ki
false
document
t
encr
rypt
Y&”:ò[
Y
fgj?’^d
f
decrypt
2?=zx:-ki
2?=zx
x:-ki
While encry
yption to rec
ceive secret m
messages or to hide information simply requires the user or t
the program
m
to create it own coup of private and public keys (programs, for ex
ts
ple
e
c
xample brow
wsers, do this operation
n
automatically without the user’s int
tervention), f
for digital sig
gnature it is n
not so simple. Since ever
rybody must
t
be sure tha the public key is really the aut
at
thor’s public key, digita signature requires a certification
c
al
n
authority to
o distribute private and public keys. Even thoug
gh theoretica
ally a simple password is
s enough, to
o
t the user do
be sure that
oes not give the private p
password around, the ce
ertification authority give
es him, after
r
having iden
ntified him th
hrough a gov
vernmental i
identity card
d, a password together w
with a smart card which,
,
when used together, correspond to his priv
d
vate key. An automatic signature program takes care of
n
c
f
automatically encryptin
ng document
ts.
Page 20 of 3
32
Edition 7.0 (0
E
08/10/2012)
)
21. Basic Comp
puter course book
Dr. P
Paolo Coletti
i
nstitutions ar
re now using
g the national health care card
Several Italian public in
sing it as cer
rtification of user’s ident
tity, offer access to
as a smart card and, us
hough they do not offe yet the d
er
digital signat
ture of
many services, even th
ocuments. The service to digitally sign documents is offe
T
ered by
personal do
private cer
rtification co
ompanies, w
with prices currently a
affordable also by
a
private users and with alternative devices suc as OTP de
ch
evices (see section
s
4.2.1 on pag
ge 22).
4.1.2. Ke
eys expirat
tion
The major d
drawback of
f encryption keys is that if a computer is put to
t
o work trying
g to encrypt
t a text with
h
in sequence
many private keys
e and then t
to decrypt it
t with the co
orrect public
c key
, w
within some
e
years it will manage to find the righ
ht private key
y which lead
ds to a correc
ct encryption
n‐decryption
n. Therefore,
,
each couple of private
e‐public keys has a tim limited d
me
duration, usu
ually some years, after which it is
s
necessary to
o change the
em and encrypt again all the past doc
cuments.
Documents for which it is import
tant to dete
ermine the exact date of the signa
ature have moreover a
a
temporal m
mark signed d
directly by th
he certificatio
on authority.
.
4.1.3. Comparison with hand
dwritten si
ignature
Who can ve
erify
Digital sign
nature
Needs keys from certif
fication authority
and proper tools
Everybody
y (with prope
er tools)
Verification
n reliability
Sure for so
ome years
Temporal duration
Some year
rs (can be ren
newed)
Mass signat
tures
Some seco
onds for all documents (w
with
proper too
ols)
me seconds p
per documen
nt
Som
Date reliabi
ility
Objective i
if temporal m
mark
Base
ed on other s
subjective el
lements
(pap
per’s and ink
k’s age)
Who can sig
gn
Han
ndwritten sig
gnature
rybody instantly
Ever
Handwriting ana
alysts
Subj
jective in dubious cases, no time
limit
t
Unti
il other reliable signature
es are
avai
ilable
4.2. Pas
sswords
s
On the Intra
anet the use
er is identifie
ed only by his username,
, known to e
everybody, and his passw
word, known
n
only to him. The password is what makes an un
nknown pers
son an authe
enticated use
er, with all h
his privileges
s
and his ide
entity’s respo
onsibilities. I somebody else uses t right use passwor for the Intranet this
If
y
the
er’s
rd,
s
other perso
on is exactly the user. Law 196/2003
3 explicitly fo
orbids users from giving their passwo
ord to other
r
users, even when they are absent from work. These are some, often underestim
n
y
t
n
mated, malig actions a
gn
a
passwords’ thief can do
o:
stea
al personal in
nformation: the thief can
n read the us
ser’s emails a
and persona
al information;
stea privacy pr
al
rotected dat the thief can gain ac
ta:
f
ccess to data about oth people p
her
protected by
y
priv
vacy, or read
d emails rece
eived from other people.
. The legal re
esponsible of this privacy
y violation is
s
the thief as well as the user
r who did not
t protect oth
her people’s data;
stea money: t thief can find the u
al
the
n
user’s bank account nu
umbers and passwords, sometimes
s
dire
ectly from th
he user’s web
b browser’s h
history;
Edition 7.0 (08/10/2012
2)
Page 21 of 32
2
22. Dr. Paolo Co
oletti
Basic
c Computer course book
k
dele
ete and mod
dify data: the thief can d
delete user’s
s important data, or eve
en worse he
e can modify
y
these data with
hout the use knowled (bank nu
er’s
dge
umbers, friend’s email addresses, de
a
egree thesis
s
con
ntent, add ille
egal pictures
s);
stea
al identity: for the comp
puter the thief is now th
he user, and therefore he can act to the outside
e
wor exactly as if it were the user, f example answering to emails, subscribing t websites,
rld
a
e
for
s
to
,
withdrawing fro
om exams;
star illegal act
rt
tivities: anyb
body who wants to star an illegal Internet act
w
rt
tivity will ob
bviously use
e
som
mebody else identity, so he will not get into troub
bles when th
he activity is d
discovered.
Therefore it
t is absolute
ely necessary
y to keep passwords secret.
However, th
here are som
me ways to d
discover easy passwords
s by
trial: specia automatic programs a able to try one mill
al
c
are
lion
passwords each seco
ond, and t
they usually start try
y
ying
combinations of words and numbe (the com
ers
mplete set of all
f
Italian, Germ
man and Eng
glish words can be tried in less than
n 30
seconds). Law 196/200 explicitly requires tha password do
03
at
have some features:
cha
ange the pass
sword often,
, at least eve
ery six month
hs;
avo
oid words related to your
rself, such as
s names, birt
th dates, birt
th places and
d addresses;
use
e minimum 8
8 characters.
Moreover, o
other good p
procedures a
are:
use
e as password
d a good mix
x of number
rs, strange ch
haracters, sm
mall caps and
d capital lette
ers, avoiding
g
any
y common word (other people’s names or words which can b
be found in a dictionary);
use different passwords fo different purposes. Unfortunate every we
e
p
or
ely
ebsite asks the user to
o
register with a password an
nd users who
o use always
s the same p
password are
e giving it aw
way to every
y
web
bsite they register, even untrustwo
orthy ones. It is a good procedure to have at least three
d
e
pas
sswords: one
e for importa
ant use (bank
k account), a
a second one
e for everyda
ay use and a last one for
r
unimportant us
se (registering to unknow
wn websites o
or to service
es that will no
ot be used anymore).
bew
ware of passw
words stored
d in program
ms: mail read
ders, Internet
t Explorer an
nd many other programs
s
stor your pas
re
ssword masked with as
sterisks. The
ey
seem to be un
nreadable, b compute experts ca
but
er
an
reve them ins
eal
stantly. Stor passwords in program
re
ms
only
y if that com
mputer has a single user (i.e. the hom
me
com
mputer or the personal la
aptop) or if a
access to tha
at computer is on a usern
name basis, but never in
n
pub
blic places su
uch as an Inte
ernet café.
4.2.1. On
ne Time Pa
assword de
evice
An OTP device is a modern password system which c
consists of a
a
very sm electronic device which display a password changing
mall
ys
g
every fe seconds. The system is perfectly time‐aligned with the
ew
m
y
e
OTP dev
vice and each password is accepted only if entered in those
e
seconds. Therefore, even if a pa
assword is intercepted or guessed, it
t
expires afte
er a few seco
onds.
Obviously this system w
works in com
mbination wit
th another st
tandard pass
sword that the user mus
st memorize,
,
to avoid tha
at the physic
cal loss or the
eft of the OT
TP device results in a com
mpletely secu
urity breach.
Page 22 of 3
32
Edition 7.0 (0
E
08/10/2012)
)
23. Basic Computer course book
Dr. Paolo Coletti
4.3. Viruses
From the Internet many unauthorized connection attempts arrive. Some of these are mistakenly authorized
and manage to reach the Intranet or at least to come in contact with programs which are behind the
firewall. If these connections carry malign intentions, usually their aim is to explore and use the Intranet
computers, to destroy Intranet data or to stop some Intranet services (which is a dangerous attack if these
services are managing stock trades or telephone calls). Defense against these kinds of attacks is in charge
system administrators.
While normal external attacks do not involve normal users, the virus is a special attack which arrives
directly on the user’s computer and must be prevented and stopped by him. The virus is a little program
which has this name because its life cycle is the same of a biological organism: survive and duplicate.
1. It arrives on the computer through email attachments, downloaded files, CDs and floppy disks or
directly from the Intranet. It is often hidden inside other good files or programs, which are called
infected.
2. As soon as the user mistakenly runs it (often trying to run the good program or to open the good
file), the virus orders the computer to run itself every time the computer is turned on, thus assuring
its survival.
3. It starts duplicating itself, infecting other files, CDs and floppy disks, and trying to send itself around
by email or on the Intranet.
4. Most viruses are programmed to do damage to the computer and to the user, altering or deleting
files, sending emails with user’s personal data, preventing firewalls and antiviruses from running, or
turning the computer off. No viruses are known to be able to damage hardware.
Many names are used for viruses’ types according to their different behaviors.
trojan horse is a virus which looks like a good program and, when downloaded and run by the user,
it performs the user’s wanted task but at the same time does other actions;
key logger is a virus which records keyboard’s activity and then sends the keystrokes to its creator,
mostly to get user’s passwords;
back door is a virus which opens a port on the computer to let external users in;
adware is a virus which displays advertisement;
spyware is a virus which spies user’s activity to get passwords or to target the user with specific
advertisement;
dialer is a virus which dials expensive numbers using the PSTN modem.
These types are not exclusive: for example a Trojan horse which is at the same time a spyware and an
adware.
An infected computer can be recognized by some symptoms. These are the most frequent ones:
when the computer is turned on, unwanted programs start, advertisement appears, and the
desktop presents some new bars or features which were not present nor installed before;
the computer starts very slowly and unknown programs give strange operating system errors;
commercial or pornographic web pages appear on the web browser without the user’s consent;
the analogical modem makes typical connection noises even when the computer is not connected
or the operating system asks the user to stop the current connection and start a new one to a
strange telephone number;
the Task Manager window (see page 5) presents unknown programs.
Edition 7.0 (08/10/2012)
Page 23 of 32
24. Dr. Paolo Coletti
Basic Computer course book
Most of the time, a responsible user’s behavior it the best weapon against viruses: it protects him from
getting viruses, helps him removing them and prevents him from diffusing them. Responsible behavior
means:
never open downloaded files and email attachments, especially when they come from a friend with
a text such as “please open it, urgent!”, since simulating to be a user’s friend is a typical virus
tactics. To open these files, save them on the desktop, check them with an antivirus and then open
them;
do not insert in your computer CDs, DVDs and USB pendrives coming from other people or which
were inserted in other computers, unless you have an antivirus running or unless you scan them
immediately with an antivirus;
avoid visiting strange websites, especially pornographic or hackers’ website, or websites which
open a lot of pop‐up windows;
have an antivirus always running or at least run an updated antivirus on your whole hard disks
every week (while Italian law currently prescribes minimum every 6 months); keep your antivirus
always up to date: more than 50 new viruses appear every week;
keep communication programs and Microsoft products up to date. Microsoft and most software
companies offer free updates and automatic updating tools.
To check the computer for viruses and to try to remove viruses from the computer, the user can run a
special program called antivirus. The antivirus basically has three possible different actions:
it can scan all the storage devices (hard disks, the floppy disk inside the computer, the CD or DVD
inside the reader) for viruses. If a virus is found, it tries to remove it and to repair damaged files.
Some files can be unrecoverable. Complete devices scanning takes usually some hours;
it can scan a single file or an entire directory for viruses. If there is an infected file, it tries to delete
the virus and repair it. Some files can be unrecoverable. Single file scanning takes some seconds;
it can be always running. In this case, whenever a virus or a suspect file is run, the antivirus
prevents it from running and warns the user.
A lot of antivirus programs, free and commercial, exist. Their most important feature is obviously the
possibility to be constantly updated through the Internet.
4.4. Emails
4.4.1. Attachments
For viruses, email attachments are a first class way of traveling, since they are very often opened by users
without any precaution. Sometimes viruses hide inside files which were really sent by the sender, unaware
of having an infected computer. Other times a virus takes control of the mail reader program and sends
itself to the whole address book, counterfeiting the sender address (often using an address taken from the
address book) in order to avoid that the real infected computer be identified and to gain the thrust of the
receiver, and writing in the email text smart sentences pretending to be a regular friend of the receiver. The
arrival of this kind of email usually creates havoc, since the receiver is sure that the fake sender has a virus,
while the original infected computer is another one.
The basic rule is never open any attachment from the mail reader program. Save the attached files on the
desktop and run an antivirus program to check these files before opening them. Even when the email
comes from a friend: he cannot know that to have got a virus, or he can not be the real sender.
Page 24 of 32
Edition 7.0 (08/10/2012)
25. Basic Comp
puter course book
Dr. P
Paolo Coletti
i
4.4.2. Spa
am
Spam messages are uns
solicited unw
wanted bulk emails. They
y are unsolic
cited, meaning that the user did not
t
ask to recei
ive them, the
ey are unwanted, meani
ing that the user did not
t want to rec
ceive them, a
and they are
e
bulk, meani
ing that they
y are sent to millions of a
addresses. Th
hey are used
d mainly for f
four different purposes:
adv
vertisement emails are the most innocuous
e
vers
sion. The em messag contains commercial
mail
ge
info
ormation us
sually on medicines, po
ornography,
soft
tware or investment
ts. Sometim
mes these
mes
ssages are p
purposely wr
ritten with o
orthographic
mis
stakes or with strange ch
haracters, to avoid being
inte
ercepted by a
antispam pro
ograms;
cha letters a electron versions of letters
ain
are
nic
s
circ
culating in th XX centu They pro
he
ury.
omise good
luck
k to anyone resending it and bad luck to anyone
tras
shing it, or th
hey contain a
a sad story o
of an ill child
des
siring postca
ards or an u
urgent warni about a
ing
terr
rible virus: th
heir content is probably false or too
old, and a search on the WWW will reveal this
,
imm
mediately. Se
ending it aro
ound will probably cause
com
mplains from
m other users
s;
frau
uds are usua
ally long lette
ers proposing
g the user a
sem
mi‐legal bargain or a big lottery prize
e. Their only
aim are to ge the user’s bank coor
ms
et
s
rdinates for
furt
ther illicit ac
ctivities and to lure him into paying
sma expenses hoping t get the promised
all
to
e
ima
aginary mone
ey;
Edition 7.0 (08/10/2012
2)
Page 25 of 32
2
26. Dr. Paolo Co
oletti
Basic
c Computer course book
k
phis
shing emails look as c
completely p
plausible
ema from ba
ails
anks and cre card com
edit
mpanies,
asking the user to enter the
eir website to
o update
his passwords or credit card numbe They
er.
ofte
en carry real
l bank logos,
, seem to ad
ddress to
the correct ban
nk’s website and even cite the
e
real bank’s ant
ti‐phishing c
campaign! H
However,
this
s website address is a tra
ap, and the user will
be sent to a fa
alse website who looks exactly
e,
s
like
e the bank’s one, whose only scope is to get
his passwords o credit car number. Phishing
or
rd
has
s become a b
big problem for Internet banking
syst
tem, and the user’s best defen
t
nses are
entering the ba
ank’s websit always typing the
te
add
dress directl in the w
ly
web browser (never
clicking on addresses conta
ained in emails) and
calling immedia
ately the bank at the te
elephone
whe
enever belie
eving of hav
ving been v
victim of
phis
shing.
The best be
ehavior to ad
dopt against spam messa
ages is to ign
nore them. C
Complaining is worthless
s, since their
r
sender address is alway
ys false; click
king on their links, especially if they s
suggest to click there to be removed
d
from their lists, usually has the only effect of letting the s
y
spammer know that the user’s addr
e
ress is really
y
read by som
meone.
The best w
ways to def
fend from s
spammers a to avoid giving the user’s real email add
are
d
e
dress during
g
registration
n in forums, n
newsgroups and unnecessary websit
tes, and to av
void publishing it on the
e personal or
r
the compan
ny’s website. These are t
the places w
where spamm
mers get their millions of
f addresses. If it is really
y
necessary, a
a good strate
egy is to have an alternat
tive email ad
ddress for registrations, w
which will re
eceive all the
e
spam.
There are antispam pro
ograms, whic
ch put the su
upposed spam messages
s in a separat
te junk emai
il folder, but
t
they are no
ot completely
y reliable and sometimes they trash even good messages. These programs relies on
n
analysis of the email’s content and on black
s
klists, which contains the Internet mailservers which are
h
s
e
supposed to let spamm
mers send th emails; it may happ that a g
heir
pen
good mailser
rver ends up into those
p
e
blacklists an
nd that emails send from
m customers
s or employe
ees of that Internet site are marked as spam by
y
other sites.
4.5. Nav
vigation
n
Navigation is the second most dang
gerous Intern
net activity. It has more or less the s
same danger
rs as emails:
:
the user’s c
computer can get viruses if he does not run an antivirus before opening downloade
ed files, and
d
the user can be lured in
nto phishing
g websites if he does not
t type perso
onally the bank’s address
s in the web
b
browser. M
Moreover, the
e computer c
can get virus
ses even when simply visiting some websites, an
nd therefore
e
two good s
suggestions a
are to avoid visiting stra
ange (pornog
graphic websites, websit
tes with a lo
ot of pop‐up
p
windows an illegal websites) or untrustwort websites and to kee Internet Explorer an Windows
nd
thy
s
ep
nd
s
operating sy
ystem alway
ys up to date.
The other security prob
blem while navigating is d
data interception. When
n connecting to a website
e, the user’s
s
data travels long distances, passin through a large number of comp
s
ng
a
puters (to connect from unibz.it to
m
o
Page 26 of 3
32
Edition 7.0 (0
E
08/10/2012)
)
27. Basic Comp
puter course book
Dr. P
Paolo Coletti
i
a go to Padu
ua, Milan an
nd Bologna p
passing throu
ugh at least 13 compute
ers). Data on
n
www.athesia.it the data
et
hout any pro
otection, any computer administrato can read them. There
y
or
efore, when
n
the Interne travel with
sending pas
sswords and other privat
te data to a website, the
e user should take speci
ial care that the address
s
in the addre
ess bar start
ts with https
s:// (instead of http://) a
and on some
e browser a lock icon ap
ppears in the
e
lower right part of the windows, while on o
t
e
others the address bar becomes gr
reen with a lock: these
e
indications mean that th
he connectio
on is secure (
(SSL) since data are trave
eling encrypt
ted. Beware that the SSL
L
connection guarantees only that d
data are not intercepted and that t user is connected t the same
t
d
the
to
e
website from which he started the c
connection, w
while it does
s not guaranteed this we
ebsite is the r
right one.
4.6. Attacks fro
om outside
Any compu
uter attached to the Int
d
ternet, eithe directly th
er
hrough a mo
odem or ind
directly insid a LAN, is
de
s
subject to a
attacks from
m the outside
e WAN. The typical attac
ck consists in external computers tr
rying to gain
n
access to t compute using ope
the
er
erating syste known p
em
problems or hoping tha the user is currently
r
at
y
running pro
ograms whic open som computer’s parts to outside connections. Fr
ch
me
rom the user’s side, the
e
best defens is keeping the compu
se
g
uter’s progra always u
am
up‐to‐date, e
especially the operating system and
d
communica
ation program
ms (as suggested in section 4.5 on pa
age 26).
The most fa
amous attac from outs
ck
side, and the
e one from w
which it is v
very difficult to have an appropriate
e
defense, is the DoS Denial of Ser
rvice attack. It is an at
.
ttack which does not st
trike private users, but
e
t
companies offering serv
vices over th
he Internet. It consists in sending millions of incoming connec
ctions which
h
pretend to use the serv
vice but stay
y simply conn
nected, in su
uch a way to
o overcrowd the server a
and drain all
l
its resource (bandwidt speed, m
es
th,
memory) unt the server crashes. Th attacker clearly does not use his
til
r
he
s
own computer to carr on a DoS
ry
attack, otherwise his compute
er
would probably crash before the
server, bu uses computer o
ut
of
unaware users around the world
d
d,
called zom
mbies, which have been
h
hacked in the past days
s. In this way
the attack
ker has the power o
e
of
several dozen compute
ers connected
from many different parts of the
y
world and at the sam time it i
me
is
difficult to trace the responsibility
up to him.
4.6.1. Fir
rewall
Often prog
grams’ secur
rity breache
es
once discov
vered need s
some days to
be fixed and somebody can take
benefit of t
them in this short time
s
e,
before the security update i
is
installed on the user’ computer
’s
r.
Therefore o every LA usually in
on
AN,
Edition 7.0 (08/10/2012
2)
Page 27 of 32
2
28. Dr. Paolo Coletti
Basic Computer course book
the point where the LAN connects to the Internet, or more often on every computer a special program
called firewall is running. The firewall examines all the incoming and outgoing traffic, using the following
analysis techniques:
which internal program is originating/receiving the traffic,
from/to which external address is the traffic originated/directed,
what amount of traffic is passing from/to the same program to/from the same external address,
which kind of data are passing.
Making an analysis of these data clearly slows down the connection but lets the firewall stop potential
unauthorized connection, putting them in a wait state until the user’s gives his approval or denial.
Windows Seven operating system comes with a firewall preinstalled, which lets the user customize which
kind of programs are allowed to make or receive connections and determine rules to approve or deny
automatically connections.
4.7. Backup
Backup is the process of copying important data to another location to prevent their loss. Sometimes
programs and even entire operating systems are copied, to be able to immediately continue working even
when a computer breaks. There are three very good reasons to do regular backups:
against the user, who can accidentally delete some files or who can modify files and then change
his mind. Having a recent backup handy can often save hours of work;
against the system, which can suddenly break due to hardware or software problems. Even hard
disks tend to be unreliable after some years of continuous activity. A recent backup saves the user
from redoing all the work of the previous months;
against viruses and other users, which can delete and alter files: a backup can save a user coming
back from vacations.
Usually the operating system’s and the programs’ backup are done by system administrators: law 196/2003
explicitly requires an instantaneous backup for all sensitive data and that data are restored within 7 days in
case of loss. However, there are some files which should be taken in charge by the user himself:
personally created data files, including all documents and images created by the user, and any
other file which is a result of the user’s personal work;
the address book and the emails (mail readers usually offer a way to save them into files to be used
for backup), and for strong navigators also web browser’s configuration;
some programs require a lot of configuration and store their configuration in configuration files,
which are usually in the program’s directory;
all the stuff which is difficult to find again, such as documents from other people or downloaded
from forgotten websites.
The place where the files are copied determines the reliability of the backup. It should be a large, cheap
and fast storage device. It should also be handy, since the typical problem with backup is that the user does
not takes time to do it regularly and, when the backup is too old, it is worthless. For home or simple office
users, the Friday morning backup is a good timing solution. Good storage devices to be used are:
a second hard disk, used only for backup, which is very fast and very large and always ready to be
used;
Page 28 of 32
Edition 7.0 (08/10/2012)
29. Basic Comp
puter course book
Dr. P
Paolo Coletti
i
online backup s
systems, whe
ere user’s da
ata are uploa
aded and are
e ready from
m anywhere in the world
d
(giv
ven a broadband conne
ection), with Dropbox, Mozy, Sugarsync being the most f
h
famous and
d
offe
ering some G
GB of space f
for free;
four sets of rew
writable DVDs
s, to be used
d in circle (on
ne for each m
month’s week, for examp
ple);
USB
B pen drive, t
to be used o
only in emerg
gency when no other app
propriate sto
orage device is available;
big companies u
usually have special tape
e devices for backups.
4.7.1. RA
AID
A very popu
ular backup s
solution is R
RAID (Redund
dant Array of Independe
ent Disks) tec
chnology, wh
hich consists
s
of several i
identical har disks. There are different types of RAID implementatio
rd
ons, which v
vary a lot in
n
functionalit
ties and secu
urity.
JBOD (Just a Bunch Of Disks) is a primitive fo
f
orm of RAID in
which all th disks are seen by th user simp as disks on
he
e
he
ply
which they can write as usual. T
y
The advantag is that t
ge
the
available sp
pace is the sum of the space of all the disks,
however th
here is no for
rm of data p
protection: if
f a disk breaks,
anything on
n that disk is lost.
disk 1
file
user d
decides
disk 2
RAID0 uses two identica
al disks which are seen b
by the user as a
single disk. Every time h
he writes a f
file, the first part of the f
file
is written o the first disk while t second o the seco
on
the
on
ond
this. This st
trategy has the big advantage that writing spe
eed
doubles, wi
ith a total av
vailable spac
ce which is t
the sum of t
the
size of the two disks. B if a disk breaks, all the content of
But
t
both disks is lost, since t
the user will lose half of all the files.
fil
le
par
rt 1
file
f
pa
art 2
disk 1
disk 2
RAID1 is the most com
mmon implem
mentation of RAID. It us
ses
two identic disks but the user se only the first one. T
cal
ees
The
second disk is simply an identical a instanta
k
and
aneous copy of
the first on The disadvantage is that the sp
ne.
peed does n
not
improve an the availa
nd
able space is the size of one disk on
s
nly,
but in case a disk break
ks, no file is lost since th
he other one
e is
its identica copy. This is a very good backu solution to
al
s
up
protect data against ph
hysical failure
e, especially suited for 2
24h
services. Ho
owever, it is not a backu
up solution a
against virus
ses
or user’s in
ncidental can
ncellations, since any m
modification on
the first disk is immedia
ately perform
med on the second one.
Edition 7.0 (08/10/2012
2)
disk 1
file
e
disk 2
Page 29 of 32
2