Security Risks and Precautions

Computer Misuse Act

The Computer Misuse Act (1990) is designed to prevent the following:

Unauthorised access to computer material.

Accessing files or data belonging to someone else without permission.
Penalty of up to six months in prison and/or a fine.

Unauthorised access with intent to commit a further offence.

Accessing files or data belonging to someone else without permission with the intention of doing something illegal.
Often referred to as hacking.
Possible reasons could be to:
- steal money from a bank account
- impersonate someone online
- discover private information about an organisation or an individual
Possible methods could include:
- guessing login details by trial and error
- spyware / keylogging software
- phishing
Penalty of up to five years in prison and/or a fine.

Unauthorised modification of programs or data on a computer.

This offence relates to:
- hacking and deleting / modifying files or data
- creating viruses
- knowingly spreading viruses to other computer systems
Penalty of up to five years in prison and/or a fine.

Security Risks

Tracking Cookies

Small data files created when a user accesses a website.
Store details which are then sent back to the cookie's author.
Log the actions a user has carried out online.
Can track data such as location, device information, purchase history, IP address and search history.
Can be used to gather marketing data or target personalised ads.

DOS Attacks

A Denial of Service attack is when someone attempts to prevent legitimate users from accessing an online service. The attacker will bombard a server or online resource with excessive network messages, with the intention of keeping it busy and preventing others from accessing it.

Symptoms

Slow performance of the website or service.
The inability to access data held on the website or service.

Effects

Disruption to users - unable to access the service.
Disruption to businesses - their customers cannot access their service.

Costs

Lost revenue - users unable to purchase products or services.
There will be a labour cost to fix the fault.

Type of fault

Bandwidth consumption - using all of the website's available bandwidth.
Resource starvation - an attempt to use enough server resources to make the system unresponsive.
DNS attack - modification of DNS record settings to point to a rogue DNS server.

Reasons

Financial - bringing down a commercial website will cost that company money.
Political - prevent access to the website of a political rival.
Personal - the attacker may have a personal grudge against the owner of the website.

Encryption

Public and Private Keys

Public-key encryption uses a pair of keys.
A public key is known by everyone and is used to encrypt data.
A private key is known only to the recipient and is used to decrypt data.

Bob Encrypts, Alice Decrypts

Alice encrypts, Bob decrypts

Digital Certificates

Authenticates a person, allowing them to exchange data over the Internet using a public key.
Issued only by trusted entities.

Digital Signatures

- A digital signature is created when a message is sent using a private key.
- The recipient can be confident that the sender is who they say they are.
- The recipent can be confident that the message was not altered in transit.