The American University in Cairo
School Of Business,Economics And Communication

1. What is computer security?

2. Who would want to break into my computer ?

3. Exactly what security risks are we talking about?

4. What is ActiveX? Does it pose any risks?

5. What are “Cookies” and do "Cookies" Pose any Security Risks?

6 . What is a protocol?

7. What is IP?

8.What is an IP address?

9.Actions home users can take to protect their computer systems:


1.  What is computer security?

Computer security is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (also known as "intruders") from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.

2.  Who would want to break into my computer at home?

Intruders (also referred to as hackers, attackers, or crackers) may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems. Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data.

3.  Exactly what security risks are we talking about?

There are basically three overlapping types of risk:

  1. Bugs or misconfiguration problems in the Web server that allow unauthorized remote access

  2. Browser-side risks, including:

  • Active content that crashes the browser, damages the user's system, breaches the user's privacy, or merely creates an annoyance.

  • The misuse of personal information knowingly or unknowingly provided by the end-user.

  • Interception of network data sent from browser to server or vice versa via network eavesdropping. Eavesdroppers can operate from any point on the pathway between browser and server.

It's important to realize that "secure" browsers and servers are only designed to protect confidential information against network eavesdropping. Without system security on both browser and server sides, confidential documents are vulnerable to interception.


4 .  What is ActiveX? Does it pose any risks?

ActiveX is a technology developed by the Microsoft Corporation for distributing software over the Internet. Like Java Applets, an ActiveX "control" can be embedded in a Web page, where it typically appears as a smart interactive graphic.
ActiveX places no restrictions on what a control can do. Instead, each ActiveX control can be digitally "signed" by its author in such a way that the signature cannot be altered or repudiated using a system called "Authenticode." The digital signatures are then certified by a trusted "certifying authority", such as VeriSign, to create the equivalent of a shrink-wrapped software package. This security model places the responsibility for the computer system's security squarely on the user's head. Before the browser downloads an ActiveX control that hasn't been signed at all, or that has been signed but certified by an unknown certifying authority, the browser presents a dialog box warning the user that this action may not be safe. The user can elect to abort the transfer, or may continue the transfer and take his chances.
ActiveX can be turned off completely from the Internet Options->Security pages of Microsoft Internet Explorer. Choose the "High Security" setting to disable ActiveX completely, or "Medium Security" to prompt you before downloading and executing ActiveX controls. If you do allow a control to run, read its Authenticode certificate carefully, and then carefully commit its name, publisher, date and the time of download to hardcopy. Don't store this information on disk, since that medium can easily be altered or destroyed by the control itself! The "Low Security" option allows any ActiveX control to run, signed or not, and is not recommended.
IE 4.0 allows you to customize the behavior of ActiveX controls depending on whether they are coming from a site on the Internet, a site on the local area network, or a site on specially-prepared lists of trusted and untrusted sites.

5.  What are “Cookies” and do "Cookies" Pose any Security Risks?

A cookie is a small piece of information, often no more than a short session identifier, that the HTTP server sends to the browser when the browser connects for the first time. Thereafter, the browser returns a copy of the cookie to the server each time it connects. Typically the server uses the cookie to remember the user and to maintain the illusion of a "session" that spans multiple pages. Because cookies are not part of the standard HTTP specification, only some browsers support them: currently Microsoft Internet Explorer 3.0 and higher, and Netscape Navigator 2.0 and higher. The server and/or its CGI scripts must also know about cookies in order to take advantage of them.

Cookies And Privacy

Cookies cannot be used to "steal" information about you or your computer system. They can only be used to store information that you have provided at some point.
However cookies can be used for more controversial purposes. Each access your browser makes to a Web site leaves some information about you behind, creating a gossamer trail across the Internet.

Cookies and System Security

In addition to the privacy issues, cookies carry security implications as well. Many sites use cookies to implement access control schemes of various sorts. For example, a subscription site that requires a user name and password might pass a cookie back to your browser the first time you log in. Thereafter, the site will give you access to restricted pages if your browser can produce a valid cookie, basically using the cookie as an admission ticket. This can have several advantages for the site, not the least of which is that it can avoid the overhead of looking up your user name and password in a database each and every time you access a page.
However, unless this type of system is implemented carefully, it may be vulnerable to exploitation by unscrupulous third parties. For instance, an eavesdropper armed with a packet sniffer could simply intercept the cookie as it passes from your browser to the server, using it to obtain free access to the site.

6.  What is a protocol?

A protocol is a well-defined specification that allows computers to communicate across a network. In a way, protocols define the "grammar" that computers can use to "talk" to each other.

7.  What is IP?

IP stands for "Internet Protocol". It can be thought of as the common language of computers on the Internet. An overview of TCP/IP can be found in the TCP/IP Frequently Asked Questions (FAQ) at

8.  What is an IP address?

IP addresses are analogous to telephone numbers – when you want to call someone on the telephone, you must first know their telephone number. Similarly, when a computer on the Internet needs to send data to another computer, it must first know its IP address. IP addresses are typically shown as four numbers separated by decimal points, or “dots”. For example, and are IP addresses.
If you need to make a telephone call but you only know the person’s name, you can look them up in the telephone directory (or call directory services) to get their telephone number. On the Internet, that directory is called the Domain Name System, or DNS for short. If you know the name of a server, say, and you type this into your web browser, your computer will then go ask its DNS server what the numeric IP address is that is associated with that name.
Every computer on the Internet has an IP address associated with it that uniquely identifies it. However, that address may change over time, especially if the computer is
- dialing into an Internet Service Provider (ISP)
- connected behind a network firewall
- connected to a broadband service using dynamic IP addressing.


9.  Actions home users can take to protect their computer systems

The CERT/CC ( recommends the following practices to home users:

  1. Use virus protection software
  2. Use a firewall
  3. Don’t open unknown email attachments
  4. Don’t run programs of unknown origin
  5. Disable hidden filename extensions
  6. Keep all applications (including your operating system) patched
  7. Turn off your computer or disconnect from the network when not in use
  8. Disable Java, JavaScript, and ActiveX if possible
  9. Disable scripting features in email programs
  10. Make regular backups of critical data
  11. Make a boot disk in case your computer is damaged or compromised



    The American University in Cairo
       Updated 16th January 2005 | Site Feedback