Threats and Security on the Internet II
28.1 Personal Privacy
Collection of Personal Data
The Personal Data (Privacy) Ordinance and Privacy Policy
28.2 Privacy threats on the Internet
impersonation: pretend another person.
28.3 Ways to maintain Privacy
Anonymity on the Internet
28.4 Encryption technologies
TELNET, FTP, HTTP send data in plain text, it is easily intercept during transmission.
Symmetric key encryption
Public and private key encryption systems
28.5 Access Control - Authentication and authorization (Directory Server)
Authentication verifies who you are.
Three factors of authentication:
- something you know (e.g. User name and password, secret questions, your ID number, your phone number, double passwords etc)
- something you have (e.g. Token used in bank, send SMS to your phone, Credit card)
- something you are (e.g. Bio-metric measures)
Authorization verifies what you are authorized to do.
28.6 Securing Transactions on the Internet
HTTPS (HTTP over SSL)
SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client
(e.g. a web server and a browser)
Encryption prevent Eavesdropping. (intercepting during data transmission)
Ensure data can not be modified during transmission.
Verify the identity of the server. The server has a digital certificate issued by a reputable certificate server e.g. Verisign
28.7 Latest Development in security measures
Intrusion Detection system / Intrusion Prevention System
Honey pots to analyse hacking activities.
Proactive (主動) monitoring
Authentication with Bio-metric measures