Data Security

Keeping data safe is extremely important for a number of reasons. Data can be corrupted or
deleted either through accidental damage or through a malicious act. There are many ways to
keep data safe and some of the methods available will be covered in this chapter.

Security and data integrity

Whether a user is working on an off-line computer or on a computer connected to the internet,

keeping data safe is very important. Data is threatened by malicious software, hackers or
accidental damage.

POTENTIAL SECURITY THREATS WHILE USING THE INTERNET

1. Denial of Service Attack (DoS)

-a large number of requests are sent to the network/server all at once

-designed to flood a network/server with useless traffic/requests

-the network/server will come to a halt/stop trying to deal with all the traffic/requests

-prevents users from gaining access to a website/server

2. Viruses

-software that replicates

-causes loss/corruption of data computer may “crash”/run slow

-designed to amend/delete/copy data and files on a user’s computer without their consent

-protection by use of /run anti-virus (software)

-do not download software or data from unknown sources

3. Hacking/Cracking

-illegal/unauthorized access to a system/data and changing it e.g. source code of an app

-protection by use of passwords/user ids. use of firewalls, encryption

4. Phishing

-creator of code sends out a legitimate-looking email

-in the hope of gathering personal and financial data from the recipient

-it requires the email or attachment to be opened first

-protection by do not opening emails/attachments from unknown sources

-some firewalls can detect fake/bogus websites

5. Pharming

-malicious code installed on user’s hard drive / computer

-user is redirected to a fake website (where personal data may be obtained)

-without their consent and knowledge to steal their personal data

6. Spyware

-software that gathers information by monitoring key presses

-on a user’s computer and relays the information

-back to the person who sent the software

-protection by installing anti-spyware and anti-virus

7. Spam

- Junk / unwanted email

– Sent to large numbers of people

– Used for advertising / spreading malware

– Fills up mail boxes

WARDRIVING

COOKIES

Definition

-Data / files, stored in a text file

-Downloaded to a user’s computer when a website is visited

-Stored on a user’s computer

-Stored by a browser
-Detected by the website when it is visited again

Use

-To store personal information/data

-To store login details

-To save items in an online shopping basket

-To track/save internet surfing habits to track website traffic

-To carry out targeted advertising

-To store payment details

-To customize a webpage to store user preferences

-Store progress in online games/quizzes

DATA LOSS

a) Accidental loss of data e g deletion of file

-to avoid this use backups, save data regularly and use passwords to restrict unauthorized users.

b) Hardware faults e g hard drive crashing.

-use backups, UPS in case of power cuts, save data regularly.

c) Software fault e.g. software glitches

- use backups, save data regularly.

d) Incorrect computer operation e.g. incorrect shutdown procedure or incorrect

removal of memory stick.

- use backups, proper training of staff.

WAYS OF PROTECTING DATA WHILE SENDING OVER A NETWORK

1. Encryption

-Encryption is the process of converting data to an unrecognizable or form

-It is used to protect sensitive information so that only authorized parties can view it.

-There are two types of Encryptions symmetric (private key), asymmetric (private, public key)

-convert the plaintext to cipher text and send it

-decrypt the cipher text on the other end to receive the original message

How to send an encrypted message using Symmetric Encryption

-Personal message before encryption is the plain text

-The plain text is encrypted using an encryption algorithm

-The plain text is encrypted using a key

-The encrypted text is cipher text

-The key is transmitted separately from the text

-The key is used to decrypt the cipher text after transmission

Method to increase the level of security of Encryption:

-Increase length / more bits used for key

-will generate more possibilities for key

-less chance of decryption by brute force method

2. Secure Socket Layer Protocol (SSL Protocol)

-cryptographic protocol, to provide security over a computer network using encryption

-Encryption is asymmetric / symmetric / both

-Makes use of public and private keys

-Data is meaningless without decryption key, if intercepted

-Used for Online banking, Online shopping, Email, Cloud based storage, Intranet /extranet.

Stages through which a user accesses a secured website with SSL deployed

OR

How a browser identifies whether a website is Secured or Not

- the web browser attempts to connect to a web site which is secured by SSL

- the web browser requests the web server to identify itself

- the web server sends the web browser a copy of its SSL certificate

- the web browser checks whether the SSL certificate is trustworthy

- if it is then the web browser sends a message back to the web server

- the web server will send back acknowledgement the SSL encrypted session to begin

- the encrypted data is then shared securely between web browser and server

3. Transport Layer Security (TLS)

-It is a security protocol

-It encrypts data sent over the web/network

-It is the updated version of SSL

-It has two layers, a handshake layer and a record layer

-Used for Online banking, Online shopping, Email, Cloud based storage, Intranet/extranet
4. Firewall

-examines/monitors traffic to and from a user’s computer and a network/Internet

-checks whether incoming and outgoing traffic meets a given set of criteria/rules

-firewall blocks/filters traffic/website that doesn’t meet the criteria/rules

-logs all incoming and outgoing traffic

-can prevent viruses or hackers gaining access

-can be both software and hardware

-blocks/filters access to specified IP addresses/websites

-warns of attempted unauthorized access to the system

5. Proxy Server

-Prevents direct access to the webserver, sits between user and webserver

-If an attack is launched it, hits the proxy server instead

-can be used to help prevent DDOS (Distributed Denial of Service) hacking of webserver

-Used to direct invalid traffic away from the webserver

-Traffic is examined by the proxy server

-If traffic is valid the data from the webserver will be obtained by the user

-If traffic is invalid the request to obtain data is declined

-Can block requests from certain IP addresses

6. Password protected / biometrics

-To help prevent unauthorized access

7. Anti-Virus software

-Helps prevent data corruption or deletion

-Identifies / removes a virus in the system

-Scans a system for viruses

8. Spyware checking software

-Helps prevent data being stolen/copied/logged

-Scans a system for spyware

9. Drop-down input methods / selectable features

-To reduce risk of spyware / key logging

-can stop key presses being recorded

-can stop key presses being relayed

-drop down boxes cannot be recorded as key presses

10. Physical methods

-Locked doors / cctv timeout / auto log off, to help prevent unauthorized access

11. Network / company policies training employees

-To educate users how to be vigilant

12. Access rights

-Allows users access to data that they have permission to view

-Maintain a hierarchy of levels of users, each having different levels of access e.g. admin,
employee, and guest

TYPES OF PASSWORDS TO SECURE DATA

Text based password

-Minimum number of characters that can be typed using a keyboard

-Can be changed by the user

Biometric password

-A stored physical measurement e.g. fingerprint, retina scan, voice/face recognition

-That is compared to a previously scanned human measurement

Difference between Text and Biometric password

-Text based passwords are easier to hack than biometric passwords

-Biometric passwords are unique to that person/cannot be shared

COMPUTER ETHICS

WHY ETHICS ARE IMPORTANT WHILE USING COMPUTERS

-Help stop the misuse of computers

-The use of computers needs to be governed

-Help keep users safer when using computers

-Provides rules for using computers

-Help stop intellectual property theft

-Helps prevent the misuse of personal information

ETHICAL ISSUES TO BE CONSIDERED WHILE USING COMPUTERS

-follow Data Protection laws

-not create or distribute malware/description of malware

-not hack/crack other computers/description of hacking

-protect our own computers against malware/hacking

-consider privacy issues (when using social networking)

-That we consider anonymity issues (when using social networking)

-consider environmental impacts when using computers

-Loss/creation of jobs from use of computers/robotics

-We should follow codes of practice for creation of code e.g. ACM/IEEE

Plagiarism:

-Taking another person’s work from the Internet

-and claiming it as your own is called

Copyright:

-Copyright is a legal right

-That grants the creator of an original work exclusive rights

-To determine whether, and under what conditions, this original work may be used by others

FREE SOFTWARE vs FREEWARE vs SHAREWARE

Free Software:

-It’s a software that allows a person to share, copy and change software freely

-Users have the freedom to pass on the software to friends and family as they wish.

Freeware:

-Freeware is any copyrighted software

-May be freely downloaded, installed, used and shared

-Free by default but premium features need to be bought

-Freeware differs from free software, as the latter allows a user to modify source code for
republishing or integration with other software

Shareware:

-Software that has a license allowing free use for a trial period

-Need to buy the full version once the trial expires

DIFFERENCES BETWEEN A FREEWARE AND SHAREWARE

-Freeware needs owner’s permission to share/amend while free software doesn’t need it

-Freeware’s owner retains copyright whereas free software’s owner releases copyright

-Freeware’s additional features may not be free where as Free Software is totally free

-Freeware is distributed without the source code but free software includes the source code

-Freeware can be restricted in use e.g. non-commercial whereas free software can be used
without restriction