Embedded Files
INTRODUCTION
INTRODUCTION
Keeping data safe is very important for many reasons, you should not give your passwords, bank account details and addresses. Data can be corrupted or deleted either through accidental damage or on purpose. This chapter shows you how to be safe from:
Hacking Cracking Pharming Viruses Phishing Wardriving Spyware Accidental
Reducing the wider risk of malicious actions through the internet
Reducing the wider risk of malicious actions through the internet
Install anti-virus/anti-malware/anti-hacking software
Keep all software, including operating systems, up to date
Use strong passwords and vary these for different websites
Don’t download software from unknown sources
Be careful when opening email attachments and don’t click suspicious links
Make sure you are protected by a firewall
Watch out for the clues, like poor system performance
Download the security attacks, their definitions, effect of the attacks and how to prevent it form HERE
Cookies [2018, 2019]
Cookies [2018, 2019]
Cookies are text files. They are stored on a user’s computer by a web browser, at the request of the web server.
A cookie is limited to a small amount of data and can only be read by the website that created it.
To avoid the size limitations of cookies, some websites will store a unique identification code in a cookie, and the remainder of the data in their own databases.
Cookies are generally used to:
Store and maintain user preferences on a website
Track user behaviour (analytics)
Store items in shopping baskets
Help advertisers show relevant website adverts
Cookies are not programs. They cannot perform any operations, they are not viruses or malware.
Cookies can be disabled in your browser settings, however this could make some websites unusable (e.g. e-commerce).
Describe how cookies can be used to store and automatically enter a user’s payment details. [2021]
Webserver sends (cookie) file to user’s browser
User’s payment details stored in encrypted text file // data is encrypted to be stored
Cookie file is stored by browser/on user’s HDD/SSD
When user revisits website, webserver requests cookie file // webserver can access the data stored in the cookie file (to automatically enter details) and browser sends cookie file back to webserver (to automatically enter the details)
Explain why a user may be concerned about their personal data and online browsing habits being stored in cookies. [2021]
User does not see what information is stored // might collect data that user does not know about. So, users may feel their privacy is affected
A profile could be built about the user that could expose a user’s identity // lead to identity theft
Sensitive information stored in cookies could be intercepted in transmission
Other websites could gain access to the cookies stored on a user’s computer
Computer could be hacked to obtain data stored in cookies. So, payment information could be stolen and used by a third party
LOSS OF DATA AND DATA CORRUPTION
LOSS OF DATA AND DATA CORRUPTION
State ways that the data stored could be accidentally damaged or accidentally lost? [2019]
Human error e.g. accidentally deleting a file
Hardware failure
Physical damage e.g. fire/flood
Power failure // power surge
Misplacing a storage device
Give methods that we could use to keep data safe from accidental damage or accidental loss.? [2019]
Back data up
Use surge protection
Keep data in a fireproof / waterproof / protective case
Use verification methods (for deleting files)
Following correct procedure e.g. ejecting offline devices / regularly saving
Reducing the risk of accidental damage or malicious actions on a local level
Reducing the risk of accidental damage or malicious actions on a local level
Setting suitable access rights/user permissions, e.g. only allow staff to read/edit/delete the files that are required for their job
Password protecting individual files
Running regular backups, to another device or the cloud
Quality staff training
Monitoring of staff computer activity
Locking workstations when unattended
Sensible naming of files
Limiting the use of USB ports and email attachments
Saving work on a regular basis in case of unexpected shutdown
Use correct shutdown and start up procedures
Keep storage devices in a safe place
Set data to read only to prevent accidental editing
WAYS TO PREVENT HACKING
WAYS TO PREVENT HACKING
You can prevent hacking by using bio metrics such as fingerprints, retina scan and voice recognition.
Two-step authentication
Firewalls
Strong passwords, such as random characters
FIREWALLS [2019, 2020]
FIREWALLS [2019, 2020]
Hardware or software based security layer that is positioned between the internet and network/user device.
Examines incoming/outgoing traffic
Identifies suspicious file/phrases and notifies administrator if anything is flagged
Acts as a gateway to the internet
White lists/blacklists websites/applications are blocked
All the administrator to monitor/limit bandwidth
Tasks:
Tasks:
Examining traffic
Weather incoming/outgoing data meets criteria
Prevents hackers/viruses
PROXY SERVER [2018]
PROXY SERVER [2018]
Intermediary piece of hardware between network/user and the internet that CACHES (remembers) commonly viewed websites which can speed up the user experience of a website.
Filters internet traffic
Keeps the user’s IP hidden
Acts as a firewall if a firewall isn’t present on a network (limited functionality)
Using Proxy servers and Firewalls, we can prevent DoS attacks or Web server hacking
SECURITY PROTOCOLS
SECURITY PROTOCOLS
There are 2 types of security protocols:
Secure Sockets Layer (SSL)
It is a computing protocol that ensures the security of data sent via the Internet by using encryption.
A user will know if SSL is being applied when they see https or the small padlock in the status bar at the top of the screen.
Transport Layer Security (TLS)
It is a more effective version of its predecessor, SSL. TLS is designed to prevent third party hacking when a website is communicating with a client.
TLS is formed of two layers:
Record Layer: this part of the communication can be used with or without encryption.
Handshake Layer: this permits the website and the client to authenticate each other and to make use of encryption algorithms.
Describe the purpose of the handshake layer? [2020]
− Carries out authentication of server and client
− Handles encryption algorithms / keys
Only the most recent browsers use TLS and SSL.
The stages when accessing a secure website: [2019, 2020]
The stages when accessing a secure website: [2019, 2020]
The web browser attempts to connect to a web site which is secured by SSL
The web browser requests the web server to identify itself
The web server sends the web browser a copy of its SSL certificate
The web browser checks whether the SSL certificate is trustworthy; if it is then a message is sent back to the web server to confirm this
The web server will then send back some form of acknowledgement to allow the SSL encrypted session to begin
The encrypted data is then shared securely between the web browser and the web server
Applications of SSL/TLS
Applications of SSL/TLS
Online banking
Online shopping//online payment systems
Email
Cloud based storage
Intranet/extranet
VPN
How to identify a secure website [2020]
How to identify a secure website [2020]
Protocol is HTTPS
Padlock icon is locked
Can view website certificate
Authentication
Authentication
Passwords (used to log on to many systems, usernames, and passwords are verified/checked (if either of them is incorrect access is denied)
Digital Signatures (Uses Public Key Encryption, ensuring that and electronic document is authentic
Biometrics [2020] (relies on the unique characteristics of human beings (fingerprint scans, retina scans, face recognition, voice recognition), these are compared against previously stored data in the database
APPLICATIONS (ONLINE BANKING AND SHOPPING)
APPLICATIONS (ONLINE BANKING AND SHOPPING)
They use encryption
SSL is applied
Banks use 10 to 12 digit unique code for the customers
Use of 4 to 10 digits PIN (for payment authentications), E.g. ATMs, Internet Banking
Use of drop-down boxes to enter each character of the passwords (to defeat Spywares/Key-logging software)
Use of security/personal questions data ("What is your best friends name", "Which is your favorite book", etc.) for authentications
COMPUTER ETHICS [2019]
COMPUTER ETHICS [2019]
Computer Ethics is a set of principles set out to regulate the use of computers. Three factors are considered:
Intellectual Property Rights : this covers copying of software without permission of owners
Privacy Issues : this covers hacking and illegal access of another person’s personal data
Effect of computers on society – this covers factors such as job losses and social impacts
Copyright: A law/legislation that requires permission to use intellectual property / other people’s work [2020]
Plagiarism: [2020]
To claim other’s work as your own
To use other people’s work without consent / acknowledgement
Theft of intellectual property
Free Software /Freeware [2019]/Shareware
Free Software /Freeware [2019]/Shareware
In Free Software users have the freedom to run, copy and adapt free software (like Linux), study and modify the Source codes and distribute it further.
Freeware allows the user can download from the internet for free (like Skype, Facebook), no fees are charged, no source code is available, and subject to copyright laws
Shareware allows a trial for free then you will need to pay (like Netflix), once the fee is paid the user is registered. Shareware are fully protected by Copyright laws
A music company wants to send a new music file to many radio stations. It will send the music file the day before the release date so that the radio stations can store the file ready for release. The music company does not want the radio stations to be able to open the music file until 09:00 on the release date.
Identify two security measures and describe how each measure can be used to make sure the music file cannot be opened until the release date? [2019]
Password protection
Password is released on the release date
Encryption
Encryption key is released on the release date
Give the methods to secure data? [2019]
Firewall
Password
Proxy Server
Physical methods (E.g. CCTV, Locks)
Access Rights
Asymmetric Encryption
Disconnect from Network
Security methods that could be used to make online banking safer
Security methods that could be used to make online banking safer
Strong password
– To make it difficult to hack an account
Biometric device
– To use data that is difficult to fake as a password
SSL/TLS (Encryption)
– To make data meaningless if intercepted
– To encrypt data that is exchanged (TLS only)
– More secure than SSL (TLS only)
Anti-spyware (software)
– To find and remove any spyware that is installed on a computer
– To help stop key loggers recording key presses
Firewall
– To help prevent unauthorised access to an account
– Blocks any requests that do not meet/match the criteria
Authentication (card reader at home)/mobile security code app/two-step verification
– To add another level of identification of the user
Use of drop-down boxes (or equivalent)
– So key loggers cannot record the key presses
Proxy server
– To divert an attack away from the main system
Explain the difference between free software and shareware? [2021]
Free software is distributed with the source code whereas shareware is not distributed with the source code
Free software allows modification of the application whereas shareware cannot be modified
Free software is often available free of charge whereas shareware normally has a charge after trial period
Shareware normally allows a trial period for the end user and shareware has limited features to start with
shareware has charge to access all features
shareware makes you sign-up/register after trial period
shareware makes you sign-up/register to access all features
Page updated
Report abuse