Please enable JavaScript.
Coggle requires JavaScript to display documents.
8 // Security and Ethics (Security and data integrity (Phishing
sending…
8 // Security and Ethics
-
Encryption
- to protect data in case it has been hacked
- does not prevent hacking
Symmetric encryption
- use of a secret key which can be a combination of characters
Asymmetric encryption
- public key known to everyone
- private key only known to the user
Cypher text
- the output from an encryption algorithm
Plain text
- the text before it goes through an encryption algorithm
Authentication
- the process to verify that data comes from a trusted source
Denial of service attack (DOS)
- an attempt at preventing users from accessing part of a network
- flood the network with useless traffic; server gets overload by requests
Prevent a user from:
- accessing their mails
- accessing websites
- accessing online services such as banking
Guard against DOS attack:
- using an up-to-date malware/virus checker
- firewall to restrict traffic
- email filters
signs:
- slow network performance
- inability to access particular websites
- large amount of spam mail
Firewalls/proxy servers
Firewalls
- either software or hardware that sits between user's computer and an external network
Tasks
- examining traffic between computer and a public network
- checking if incoming/outgoing data meets a given criteria
- block traffic and give warnings to user if failed to meet the criteria
- logging traffic for later interrogation by the user
- preventing access to some undesirable websites
- preventing virus and hacking
- warning when some software are trying to access an external data source
Where Firewalls can't prevent harmful traffic
- individuals on internal networks using their own modems to bypass the firewall
- employee misconduct or carelessness
- users on stand-alone computers can disable firewalls
Proxy Servers
- an intermediary between the user and a web server
Tasks
- filter internet traffic; block access to a website
- Cache: speed up access to information from a website; user's next visit goes through the proxy server's cache instead
- keeping IP address secret
- acting as a firewall
Security protocols
- protocol: a set of rules used by computers to communicate with each other across a network #
SSL (Secure Sockets Layer)
- SSL encrypts the data; only user's computer and web server can make sense of data
- https or padlock sign
- web browser sends a message to connect with the website
- browser request the server to identify itself
- server send a copy of its SSL certificate
- if browser can authenticate the certificate, it sends a message to the server to allow communication
- server then acknowledges browser, then SSL-encrypted data transfer begins
TLS (Transport Layer Security)
- ensures the security and privacy of data
- provide encryption, authentication, and data integrity in a more effective way than SSL
- prevent a third party hacking
Record protocol
- contains the data being transferred
- can be used with/without encryption
Handshake protocol
- permits the websites and the user to authenticate each other and to use encryption algorithms
Softwares
Freeware
- software that user can download for free
- subject to copyright law
- cannot study or modify the source code
Shareware
- free trial and pay for it
- fully protected by copyright law
- needs permission to pass the software to the others
Free software
- users have the freedom to run, copy, change or adapt free software
Can dos
- run the software for any legal purposes
- study source code modify
- pass the software, either the original or modified form
Don'ts
- any addition, changes and adaptation that infringes copyright laws protecting other software
Cookies
- a packet of info sent by a web server to a browser
- user tracking, maintain user preference, etc.
- info gathered: anonymous user profile that contain no personal info
Data corruption
Hardware fault
- back up files
- save data regularly
- UPS (uninterrupted power supply) to prevent power loss causing hard drive malfunction
- parallel systems as back-up hardware
Software fault
- back up files
- save regularly in case software 'freezes'
- back up files
- save data regularly
- passwords+ids to restrict access to authorised users only
-
Computer ethics
- a set of principles set put to regulate the use of computers
-
effect of computers on society
-
Difference between SSL and TLS
- possible to extend TLS by adding new authentication methods
- TLS makes use of session caching which improves overall performance
- TSL separates handshaking from the record layer
Session caching
- resume an existing session can save computer time
Hacking and Cracking
- Hacking is breaking into a system without owner's consent/knowledge
- Cracking is always totally illegal and potentially very damaging. It is editing a source code so it is exploited for a specific malicious purposes.
- encryption won't work since hackers are still able to delete the data
- backing up files won't work since the virus may have attached to the back-up files
Hashing algorithm
- generate the encryption key
- take a message/key and translates it into a string of characters shown in hex notation
- makes the message or key impossible to read