Maria Zotova 10B

1.2.2 Security Aspects

Cookies
It’s a packet of information (pieces of data) sent by a web server to a web browser. Cookies are
generated each time the user visits the website. They collect some key information about the user and
are able to carry out user tracking as well as maintaining user preferences. Cookies can’t perform any
operations. They only allow the detection of web pages viewed by a user on a particular website and
store user preferences.

Firewall and proxy servers

Firewalls
Can be either software or hardware. A firewall is software that will block unexpected connections
coming in to the network. Most operating systems include a firewall.

- Examines the ‘traffic’ between the user’s computer and a public network as well as checking the
information to meet a given set of criteria.
- Blocks data which fails the criteria and gives out the user a warning that there can be a security
issue
- Logs all incoming and outcoming ‘traffic’ to allow later interrogation by the user.
- Can also keep a list of all undesirable IP addresses
- Helps to prevent hackers or viruses entering the user’s computer
- Warns the user if some software on their system is trying to access an external data source
-

Proxy Servers
IP addresses can be masked by using a proxy server. Anyone can use a proxy server. Many are set up by
criminal gangs to entice people to download software with viruses, or to enter personal details about
themselves. They can also be used legitimately, e.g. by businesses to mask their internal company
network.

- Allow the internet ‘traffic’ to be filtered, blocking access (similar to firewall)

- Uses the feature CACHE which speeds up access to a known (visited) website.
- Keeps the user’s IP address secret – improves security
- Acting as a firewall

Secure Sockets Layer

Is a type of protocol, a set of rules used by computers to communicate with each other across a
network. This allows data to be sent and received securely over the internet.

When a user logs onto a website, SSL encrypts the data – only the user’s computer and the web server
are able to make sense of what is being transmitted. A user will know if SSL is being applied when they
see https or a small padlock in the status bar at the top of the screen.

Transport Layer Security (TLS)

Is similar to SSL but is a more recent security system. TLS is a form of protocol that ensures the security
and privacy of data between devices and users when communicating over the internet. Is essentially
designed to provide encryption, authentication and data integrity in a more effective way than its
predecessor SSL.

March - April 2020

Maria Zotova 10B
When a website and client (user) communicate over the internet, TLS is designed to prevent a third
party hacking into this communication causing problems with data security.

Session caching
The use of session caching can avoid the need to utilize so much computer time for each connection. TLS
can either establish a new session or attempt to resume an existing one; using the latter can
considerably boost system performance.

Encryption
Is used primarily to protect data in case it has been hacked. Whilst encryption won’t prevent hacking, it
makes the data meaningless unless the recipient has the necessary decryption tools.

Symmetric encryption
It is a secret key, a combination of characters. If this key is applied to a message, its content is changed
which makes it unreadable unless the recipient also has the decryption key.

One key = encryption Two keys = decryption

There is a risk of KEY DISTRIBUTION PROBLEM when the code is being sent or transferred from the
sender to the recipient. An ENCRYPTION ALGORITHM is used. It uses an encryption key to produce a
message which appears to be meaningless unless the same key is applied to ‘unlock’ the original
message.

Asymmetric encryption
Is a more secure method of encryption comparing to symmetric encryption. A private key (known by the
computer user) and a public key (available to everybody) are needed.

User A applies a symmetric key to encrypt the message. The symmetric key is then encrypted using the
public key known to both A and B. User A sends the message over the internet. User B decrypts the
symmetric key by applying their own private key. The decoded symmetric key is now used to decrypt
the message sent by user A.

Sometimes, a HASHING ALGORITHM is applied. It takes a message and translates it into a string of
characters usually shown in hex notation. This makes the message impossible to read if it is intercepted
by a hacker. This algorithm has to be applied at both ends – sender and receiver.

Plain text
Is described as the text or normal representation of data before it goes through an encryption
algorithm. Written as ‘plaintext’.

Cypher text
Is the output from an encryption algorithm. Written as ‘cyphertext’ or ‘ciphertext’.

Authentication
Is used to verify that data comes from a trusted source. It works with encryption to strengthen internet
security. Includes:

- Passwords
- Digital signatures
- Biometrics: fingerprint scans and retina scans.

Applications: online banking

Requires:

March - April 2020

Maria Zotova 10B
1. 10- or 12-digit code unique to the customer.
2. Three random numbers from a four-digit PIN and/or three characters from a 10-character
password.
3. A hand-held device (inserting the card)
4. Drop down boxes
5. Personal data including date of birth, phone number, etc.

Computer ethics
It is a set of principles set out to regulate the use of computers. Three factors are considered:

1. INTELLECTUAL PROPERTY RIGHTS – copying of software without the permission of the owner.
2. PRIVACY ISSUES – hacking or any illegal access to another person’s personal data.
3. Effect of computers on society – job losses, social impacts and so on.

Plagiarism – when a person takes another person’s idea/work and claims it as their own.

Free software
Users have right to run, copy, change or adapt free software. E.g. photograph manager (F-spot), DTP
(Scribus) and word processor (Abiword). The user is guaranteed freedom to study and modify the
software source code in any way to suit their requirements.

Freeware
It is a software a user can download from the internet free of charge. Once they have downloaded it,
there are no fees associated with using the software (e.g. Adobe, Skype or media players). The user is
not allowed to study or modify the source code in any way.

Shareware
It is a software which can be tried out free of charge for a trial period. At the end of the trial period, the
author of the software will request that you pay a fee if you like it. Once the fee is paid, the user is
registered with the originator of the software and free updates and help are then provided.

March - April 2020

Maria Zotova 10B
Term Definition
Hacking The act of gaining illegal
access to a computer system.
Phishing The creator sends out a
legitimate-looking email; as
soon as the recipient clicks on
a link in the
email/attachment, the user is
sent to a fake/bogus website.
Pharming Malicious code installed on a
user’s hard drive or on the
web server; the code will
redirect the user to a
fake/bogus website without
their knowledge.
Wardriving The act of locating and using
wireless internet connections
illegally; it only requires a
laptop (or other portable
device), a wireless network
card and an antenna to pick
up wireless signals.
Spyware/key-logging Software that gathers
software information by monitoring
key presses on the user’s
keyboard; the information is
then sent back to the person
who sent the software.
Denial of service attack (DoS) Is an attempt at preventing
users from accessing part of a
network, notably an internet
server.
Ways to avoid
1.Firewalls
2.Use of strong passwords
and user ids
3.Use of anti-hacking software
1.Many ISPs filter out phishing
emails
2.The user should always be
cautious when opening emails
or attachments.
1.Some anti-spyware software
can identify and remove the
pharming code from the hard
drive.
2.The user should always be
alert and look out for clues
that they are being redirected
to another website.
1.Use of wired equivalent
privacy (WEP) encryption
2.Protect use of the wireless
device by having complex
passwords before the internet
can be accessed
3.Use of firewalls to prevent
outside users from gaining
access.
1.Use of snit-spyware
software
2.The user should always be
alert and look out for clues
that their keyboard activity is
being monitored.
3.Using a mouse to select
characters from passwords
(etc.) rather than typing them
in using a keyboard can help
reduce the risk.
1.Using an up-to-date
malware/virus checker.
2.Setting up a firewall to
restrict traffic to and from the
internet server or user’s
computer.
3.Applying email filters to
March - April 2020
Maria Zotova 10B
Viruses Program or program code
that can replicate/copy itself
with the intention of deleting
or corrupting files, or cause
the computer to malfunction.
Ransomware Ransomware hijacks the data
on a computer system by
encrypting it and demanding
that the owners pay money
for it to be decrypted.
Trojans Is a piece of harmless
software, often given away for
free, that contains malicious
code hidden inside. This only
appears once the gifted
software is installed. It was
named after the Greek myth
of the Trojan horse.
Spyware Is a type of malware that
collects the activity on a
computer system and sends
the data it collects to another
person without the owner
being aware.
Adware is software that either causes
pop-ups or windows that will
not close. Generally, the pop-
ups or windows display
advertisements.
Malicious code or Malware is highlighted in yellow
manage or filter out
unwanted traffic or spam
emails.
1.Install anti-virus software
2.Don’t use software from
unknown sources
3.Be careful when opening
emails/attachments from
unknown senders.
Having up-to-date anti-virus
software and educating users
to not open suspicious
attachments will help protect
from ransomware.
Never download or install
software from a source you
don't trust completely. Never
open an attachment or run a
program sent to you in an
email from someone you
don't know. Make sure a
Trojan antivirus is installed
and running on your
computer.
Most anti-virus software will
also look for spyware in the
same way as viruses.
Specialist anti-spyware
software is also available.
Many anti-virus programs will
detect and prevent adware
infecting a computer system,
but specialist anti-adware
programs also exist.
March - April 2020