Security Risks and Precautions
Computer Misuse Act
The Computer Misuse Act (1990) is designed to prevent the following:
Unauthorised access to computer material.
Accessing files or data belonging to someone else without permission.
Penalty of up to six months in prison and/or a fine.
Unauthorised access with intent to commit a further offence.
Accessing files or data belonging to someone else without permission with the intention of doing something illegal.
Often referred to as hacking.
Possible reasons could be to:
steal money from a bank account
impersonate someone online
discover private information about an organisation or an individual
Possible methods could include:
guessing login details by trial and error
spyware / keylogging software
phishing
Penalty of up to five years in prison and/or a fine.
Unauthorised modification of programs or data on a computer.
This offence relates to:
hacking and deleting / modifying files or data
creating viruses
knowingly spreading viruses to other computer systems
Penalty of up to five years in prison and/or a fine.
Security Risks
Tracking Cookies
Small data files created when a user accesses a website.
Store details which are then sent back to the cookie's author.
Log the actions a user has carried out online.
Can track data such as location, device information, purchase history, IP address and search history.
Can be used to gather marketing data or target personalised ads.
DOS Attacks
A Denial of Service attack is when someone attempts to prevent legitimate users from accessing an online service. The attacker will bombard a server or online resource with excessive network messages, with the intention of keeping it busy and preventing others from accessing it.
Symptoms
Slow performance of the website or service.
The inability to access data held on the website or service.
Effects
Disruption to users - unable to access the service.
Disruption to businesses - their customers cannot access their service.
Costs
Lost revenue - users unable to purchase products or services.
There will be a labour cost to fix the fault.
Type of fault
Bandwidth consumption - using all of the website's available bandwidth.
Resource starvation - an attempt to use enough server resources to make the system unresponsive.
DNS attack - modification of DNS record settings to point to a rogue DNS server.
Reasons
Financial - bringing down a commercial website will cost that company money.
Political - prevent access to the website of a political rival.
Personal - the attacker may have a personal grudge against the owner of the website.
Encryption
Public and Private Keys
Public-key encryption uses a pair of keys.
A public key is known by everyone and is used to encrypt data.
A private key is known only to the recipient and is used to decrypt data.
Bob Encrypts, Alice Decrypts
Alice encrypts, Bob decrypts
Digital Certificates
Authenticates a person, allowing them to exchange data over the Internet using a public key.
Issued only by trusted entities.
Digital Signatures
A digital signature is created when a message is sent using a private key.
The recipient can be confident that the sender is who they say they are.
The recipent can be confident that the message was not altered in transit.