Security and Ethics

(Unhu/
Ubuntu/ Vumunhu
Introduction
• Keeping data safe is extremely important for a number of reasons. It
may be personal data that you want to keep within your family or
your close friends, or commercial data, such as passwords and bank
account details, which need to be kept safe to protect your money.
• Data can be corrupted or deleted either through accidental damage
or through a malicious act.
Syllabus Objectives
1 Privacy and Data Integrity
2 System security
3 Cybercrime
4 Data backup
5 Disaster recovery plan
 Subtopics
• Privacy
• • Data Integrity
• - Verification
• - Validation
• • System security
• • Cybercrime
• - Spoofing
• - Sniffing
• - Fraud
• • Hacking
Security and Ethics
• Data security refers to the means of protecting data from
unauthorised access and from deliberate or accidental loss. It
includes the safety of data from any form of hazard like floods, theft
of the computer, fire, etc.
Ethics
• Defined as moral principles that governs a person’s or a groups
behavior.
• Ethical behavior does not necessarily relate to law.
• Computer Ethics – is concerned with the standards of conduct
applying to the use of computers.
• Computer Ethics is defined as the branch of ethics which studies and
analyses social and ethical impact of information technology.
Privacy and Data Integrity

• Whether a user is working on an off-line computer or on a computer

connected to the internet, keeping data safe is very important.
• Data is threatened by malicious software, hackers or accidental
damage.
• This section covers a number of different security risks and considers
ways to overcome or minimize them.
Privacy and Data Integrity
• Privacy is when there is no unauthorized access, alteration of data or
information stored in a computer.
• Privacy is when there is data integrity.
• Privacy is lost through poor security technics or lack of security

• Data Integrity- refers to the completeness and correctness of data

held in a computer.
• Data integrity is lost trough data corruption.
Data security

Security can be enforced physically through

1. Locking the computer room.
2. Employing security guards.
3. Installing burglar bars on windows.
4. Use of screen gates.
5. Creating backups which will be stored at different locations (File
Generations)
Data security…
• Installing an electric fence around the computer room.
• Constructing a durawall around the computer room.
• Installing fire extinguishers inside the room.
• Building the computer room on higher grounds to avoid flooding.
• Installing a generator to avoid data loss through power cuts.
• Installing an Uninterruptible Power Supply (UPS) to prevent data
loss through power cuts:
Data security (Non Physical)

• Use of data encryption methods before sending (data encryption is

the scrambling/coding of data before sending, for security reasons
and can only be understood once decoded).
• Use of user names and strong passwords.
• Use of firewalls.
• Biometrics: e.g. -use of iris, fingerprints and palm recognition
systems.
• Log users for computer use.
• Use call back facility for incoming information.
Privacy

• Privacy is when there is no illegal access or alteration of data. Ie data

integrity and security.
Privacy can lost through
• Unauthorized Access to data e.g hacking
• Accidental disclosure of information through inappropriate
procedures or actions like leaving a computer screen visible to visitors
• Deliberate discloser through malicious action.
Data Corruption
• Data corruption refers to errors in computer data that occur during writing,
reading, storage, transmission, or processing, which introduce unintended
changes to the original data
Causes [Prevention]
• A computer hardware/ software/ network error [data backup, cloud back up ]
• Viruses [Updated anti viruses, Firewalls]
• Unauthorized access [use of strong passwords and usernames]
• Incorrect/ malicious action of unauthorized user [use of strong passwords and
usernames, user views ]
• Incorrect operation of the computer [Use of User views/ Workshops]
• Power loss [UPS/Generator]
Data Integrity
• This refers to the correctness and accurateness of data held in the
computer .
• Data Integrity is best achieved by
Data Validation & Verification
• Data integrity can never be absolutely guaranteed but the chances
are improved if appropriate measures are taken when data originally
enters a system or when it is transmitted from one system to another.
Validation
• A process done by the computer to detect if data entered is valid,
correct, complete, sensible and reasonable.
• For instance the height of a person entered as 12 metres is incorrect,
is not sensible, neither is it reasonable, and therefore the computer
should reject this.
• Validation is a process of checking if data satisfies certain criteria
when input i.e. falls within accepted boundaries. Validation is done by
the computer.
Validation
• There are a number of different types of check that can be made.
Typical examples are:
• • a presence check to ensure that an entry field is not left blank
• • a format check, for example a date has to be dd/mm/ yyyy
• • a length check, for example with a telephone number
• a range check, for example the month in a date must not exceed 12
• • a type check, for example only a numeric value for the month in a
date
Validation
• Consistence (Cross Field) Check: this checks if fields correspond with
the other, e.g. if one enters ‘MR’ on Title field, the Sex field must
contain ‘Male’ or ‘M’. If one enters the title as Mr and then on sex
enters Female, there is no correspondence on the two fields and
therefore the computer must reject this.
• Spell Checkers: These are validation checks that determine if accurate
text has been entered especially in word processing. Spell checkers
use custom dictionaries to check spelling mistakes in documents. If a
word is typed in, it is checked if it is in the custom dictionary, if not, it
is treated as an error. Spell checkers cannot be used in case of names
of people, places, computer jargon, new slang words, etc.
Validation
• Limit Check: this is similar to a range check except only ONE of the
limits (boundaries) is checked e.g. input data must be > 10.
Verification
• Verification: Involves checking whether what has been entered into the
computer is similar to what is on the input document.
• Verification of data means confirming what has been entered correctly. The
most common example is when a user is asked to supply a new password.
There will always be a request for the password to be re-entered .
• Also done data is copied from one medium to another, e.g. from paper to
disk. Verification is done manually by the user of the computer. Verification
is carried out to determine errors that cannot be detected by the
computer.
• NB:-Verification can also be used to determine if data has been correctly
transferred from one place to other
Verification Methods
• Double entry
• Visual Checking
• Parity Checking
Verification Methods
• Double entry:
• In this method, data is entered twice (using two different people); the data
is only accepted if both versions are similar.
• Double entry is often used to verify passwords by asking them to be typed
in again by the same person twice.

Visual Checking
• This is checking for errors by comparing entered data with the original
document (NOTE: this is not the same as proof reading!!). If the entered
data is similar with the source document, then it has been entered
correctly.
Verification Methods
• (c) Parity Checking
• This is used in determining whether data has been correctly transmitted between
computer devices or on a network. It uses parity bits to verify correctness of transmitted
data.
• Parity Bits: A parity bit is an extra bit (1 or 0) that is appended to the left of a byte to
make it even or odd depending on the method of parity checking being used. It is used in
checking for errors in a group of bits transferred within or between computers. Parity bits
are also used to determine if a block of data has been correctly transmitted over a
communication channel. It works in the following way:
• Using Odd Parity: The letter C is transmitted as 1000011. Since there are three 1s in
this byte, a 0 is added to the left so that the total for 1s is odd, thus making it 01000011.
The first 0 (underlined) is used as the parity bit.
• Using even parity: In even parity, a 1 would be appended to the left of the byte so that
the total number of ones is even, thus making it 1 1000011
Cybercrime
Cybercrime
• are any crime where a computer is the tool or target or both.
• In some cases, the computer may have been used in order to commit
the crime, and in other cases, the computer may have been the target
of the crime.
Syllabused Crimes
• - Spoofing
• - Sniffing
• - Fraud
Spoofing
Spoofing
• Spoofing is a type of cybercrime where an intruder attempts to gain
unauthorized access to a user's system or information by pretending
to be the user.
• Spoofing refers tricking or deceiving computer systems or other
computer users. This is typically done by hiding one's identity or
faking the identity of another user on the Internet.
• takes place when the attacker pretends to be someone else (or
another computer, device, etc.) on a network in order to trick other
computers, devices or people into performing legitimate actions or
giving up sensitive data
Types of Spoofing…
Type of Spoofing : Email Spoofing
• Email spoofing (or phishing), used by dishonest advertisers and
outright thieves, occurs when email is sent with falsified “From:”
entry to try and trick victims that the message is from a friend, their
bank, or some other legitimate source.
•
Email Spoofing
Sniffing
• Sniffing refers to the process used by attackers to capture network
traffic using a sniffer.
• Once the data being transferred is captured using a sniffer, the
contents can be analyzed. Sniffers are used by hackers to capture
sensitive network information, such as passwords, account
information etc.
Sniffing
Fraud
• Computer fraud is defined as any act using computers, the Internet,
Internet devices, and Internet service to take or alter electronic data, or to
gain unlawful use of a computer. (To commit Cybercrime)
• Examples of fraud include :
Distributing hoax emails
Accessing unauthorized computers
Engaging in data mining via spyware and malware
Hacking into computer systems to illegally access personal information,
such as credit cards or Social Security numbers
Sending computer viruses or worms with the intent to destroy or ruin
another party's computer or system.
Hacking
Hacking
• Is an act of obtaining unauthorised accessed to protected and secure
computer systems or network, usually using intelligent methods like
cracking passwords
• acking is identifying weakness in computer systems or networks to
exploit its weaknesses to gain access
Configuring a Firewall
Digital Signatures
Digital signatures allow us to verify the author, authenticate the message contents of a
digital document sent over a network.
Reasons or Benefits of Digital Signatures
• Authentication
• Digital signatures help to authenticate the sources of messages. For example, if a bank’s
branch office sends a message to central office, requesting for change in balance of an
account. If the central office could not authenticate that message is sent from an
authorized source, acting of such request could be a grave mistake.
• Integrity
• Once the message is signed, any change in the message would invalidate the signature.
• Non-repudiation
• By this property, any entity that has signed some information cannot at a later time deny
having signed it.
Digital Certificates
• Digital certificates, similar to identification cards, are electronic credentials
that are used to certify the online identities of individuals, organizations,
and computers. Certificates are issued and certified by CAs. PKIX-compliant
public key infrastructures support industry standard X.509 version 3
certificates.
• Functions Like a Traditional Identification Card
• Digital certificates function similarly to identification cards such as
passports and drivers' licenses. Identification cards are issued by
recognized government authorities. When someone requests an
identification card, a government authority verifies the identity of the
requester, certifies that the requester meets all requirements to receive
the card, and then issues the card.
• Benefits or importance in security(Similar To Digital Signatures)
Data Backup
Data Backup
• backups which is a process of saving data that can be over a network
or a computer.
• The main purpose is to recover the lost data from an unpredictable
event like deletion by mistake or file corruption which in many cases
is caused by a virus or natural disasters like fire or floods. An example
is Ransomware, which encrypts all your data when your computer
gets infected and the second is to roll back the data at a specific time
you want.
Backing Up - Secondary storage
media
• CD and DVD, Blue-Rays − They are used for home/personal usage
where people can store their documents, mainly personal or office
related documents because they have small capacities varying from
750MB to 50GB..
• Removable Devices − They are again for home usage (data,
documents, music, photos, movies) which can be a Removable USB or
external hard disks. Their capacities lately have increased a lot, they
vary from 2 GB to 2 TB
Secondary storage Media
Online Backup or Cloud Storage
Online Backup or Cloud Storage
• One of the biggest trend is online storage where the companies and users
can store their data somewhere in the cloud, and it is cheaper as well
rather than doing it all by yourself.
• There is also no need for any backup infrastructure and maintenance.

• Cloud backup or online back is a method of offsite data storage in which

files, folders, or the entire contents of a hard drive are regularly backed up
on a remote server or computer with a network connection.
• The purpose behind online backup is simple and straightforward: To
protect the information or data from the risk of loss associated with fire,
theft, hacking, viruses or any other kind of technological disasters
Examples of Cloud services
• Microsoft offers OneDrive for storage of personal files and can store
up to 5GB in their cloud and it has an interface for different Operating
Systems.
• The second is the Google Drive, which is a product by google, wherein
the files synchronizes automatically.
• DropBox
Advantages of Online Back up or storage
• Convenience
• Online backup is accessible from anywhere, so long as there is internet connectivity; information is saved automatically as it streams in. You do not
have to proactively save, label and track information.
• Rather, the convenience of online backup allows for you to concentrate solely on your work without worrying about data loss.
• Safety
• As your data is stored in the Cloud, you are not subject to the typical threats of fire, flooding or theft. In fact, data that is stored in the Cloud is
generally stored on secure, encrypted servers and systems, which minimizes the risks your data can incur.
• Ease of Recovery
• Due to multiple levels of redundancy, if data is lost or deleted, most likely through individual user error or deletion, backups are available and easily
located. Multiple levels of redundancy means that your online backup service stores multiple copies of your data in locations independent of each
other.
• Ease of Access
• As the Cloud has no singular physical location, remote access is also a simple and feasible benefit to online backup. So long as you can connect to the
remote server, you have access to all the data that you have stored in the Cloud, without having to do anything differently.
• Affordability
• Cloud-based back up can be less expensive than the cost of tape drives, servers, or other hardware and software elements necessary to perform the
back up; the media on which the backups are stored; the transportation of media to a remote location for safekeeping; and the IT labor required to
manage and troubleshoot backup systems.
• Security- of course
Disaster Recovery
• Disaster recovery is generally a planning process and it produces a
document which ensures businesses to solve critical events that
affect their activities. Such events can be a natural disaster
(earthquakes, flood, etc.), cyber–attack or hardware failure like
servers or routers.
Disaster recovery Plan