Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security (Web Security (Encryption (Key Pair: Asynchronous encryption…
Security
Web Security
Encryption
-
TLS
Transport Layer Security is a cryptographic protocol that provides communication security over a computer network.
When securely connected, the connection is private because symmetric encryption is used to encrypt the data transmitted
The keys for this symmetric encryption is generated uniquely for each connection, and is based on a shared secret negotiated at the start of the session.
-
Firewall
A network security system (either software or hardware) that oversees incoming and outgoing network traffic. A barrier between a trusted network and an untrusted network.
Digital certificate
An attachment to an electronic message used for security purposes. Usually used to verify that a user sending a message is who they say they are and to provide the receiver with the means to encode a reply.
Hacking
White Hat
A hacker who identifies a security weakness in a computer system or network in order to help the system's owners fix the breach before someone else takes advantage of it.
Black Hat
A hacker who breaks into a computer system or network with malicious intent. May exploit the vulnerability for monetary gain (money), to steal information or shut down websites or networks.
Filtering
White list
A whitelist is a list or register of entities that provide a particular privilege, service, mobility, access or recognition.
Black list
This is the practice of indentifying entities that are denied, unrecognised or ostracised.
Spam Bot
A program designed to collect, or harvest email addresses to build a mailing list for bulk emails (spam). The email addresses are usually collected from the internet.
Consequences
-
-
Sale of data to advertisers, fraudsters, etc
-
-
-
Personal Authentication
Biometrics
Eye (iris) scan
A retinal scan is a bio-metric technique that uses the unique patterns on a person's retina blood vessels.
Finger Print scan
Security systems of bio-metric. Stored data contains information about the users fingerprint. Then it compares with the digital or the live captured image.
Facial recognition
Distance between the ears, space between eyes, length of mouth, size of nose, shape of jaw
A face recognition system is a bio-metric method of identifying an individual by comparing live capture or digital image data with the stored record for the person.
Gait analysis
Gait analysis is the systematic study of animal locomotion using the eye and the brain of observers, augmented by instrumentation for measuring body movements, body mechanics, and the activity of muscles.
Voice recognition
Computer is first notified that the voice of the user will always be the same. When the user's voice is recognized by the system, this will open whatever securing the data from
Something you remember
Password
Password can be linked to nothing. It is the user's choice to choose a password that they can remember in order to keep the login safe.
-
Pattern
Patterns on phone is made up with 9 dots, 3 by 3 making a box.
Security question
This question is a secondary password where if a user forgets their password or logins from another area, they have to answer the security question.
-
-
-
Malware & Threats
Botnet: A group or a network of interconnected zombie computers, served to perform malicious things
-
Type of Threats
Phishing: Unsolicited email contact - often pretending to be a legitimate organisation or institution - with the intent to trick users into revealing sensitive personal information such as passwords.
Smishing: A form of phishing done by SMS communication. Occurs when a fraudster sends messages asking the victim to provide billing details, and other private/personal info.
Vishing: Phishing by phone calls, video etc...
DDos
The intentional paralyzing of a computer network by flooding it with data sent simultaneously from many individual computers.
Pharming: scamming practice in which malicious code is installed on a personal computer or server, misdirecting users to fraudulent Web sites without their knowledge or consent.
DNS Poisoning
DNA poisoning is a type of attack that exploits vulnerabilities in the domain name system (DNS) to divert internet traffic (flow of data) away from legitimate servers to fake ones
Identity theft: Identity theft is the deliberate use of someone else's identity, usually as a method to gain money or other private information.
Cracking This is the process of trying to get into a computer system in order to steal, corrupt or illegitimately view data.
Dictionary Attack
An attempted illegal entry to a computer system that uses a dictionary headword list to generate possible passwords.
Keylogger
A computer program that records every keystroke made by a computer user, especially in order to gain fraudulent access to passwords and other confidential information.
Brute Force
A trial-and-error method used to obtain information such as a user password or personal identification number. In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.
Types of Malware
Spyware: Types of malicious software that aims to gather private/personal info about a person or an organization without their consent.
Trojan
Trojans are files that contain malicious codes (pay loads), which, when triggered, cause loss, theft, and deletion of data. they can only spread if they are invited onto your computer by your own fault e.g. opening mails with an attachment.
Worm: A worm is a type of malicious software (malware) that replicates while moving across computers, leaving copies of itself in the memory of each computer in its path. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it.
Virus a piece of code which is capable of copying itself and typically has a detrimental effect e.g. corrupting the system or destroying the data.
Ransom ware: Type of malicious software that aims to encrypt a victims data and blocking access to it unless he/she has paid for decrypting it.
Rootkit: A collection of software used to enable unauthorized access to a computer system, without the owners knowledge of it.
Adware A type of advertisement software that automatically renders any advertisement to generate revenue for its author. Companies usually do this to make profit.
-
-
-