Security & Ethics

Name: Cimon

Specification & learning objectives

By the end of this topic you will have studied:
• Understand the need and how to keep data safe from accidental or malicious damage
• Understand the need and how to keep data safe from unauthorised users
• Show knowledge of use of passwords, firewalls, proxy servers, SSL, TLS and encryption
• Understand the risks posed by phishing and pharming
• Appreciate appropriate security safeguards when carrying out online transactions
• Understand the need and application of computer ethics

Resources
Security & Ethics

Why is keeping data safe is extremely important?

Keeping data safe is extremely important so that your

personal data or commercial data can’t be accessed
by an outsider.
Security & Ethics

Cyber Security Risks – complete the table

NAME DESCRIPTION EFFECTS PREVENTION/REMOVA
L
HACKING Breaking into a Can lead to identity • Firewalls
computer system to theft or gaining • Use of strong passwords
steal personal data personal information. • Use of anti-hacking
without the owner’s Data can be deleted, softwares
consent changed or corrupted.
VIRUSES A program code that Can cause the • Install anti-virus software
can replicate itself with computer to crash and • Don’t use softwares from
the intention of deleting unresponsive. Leading unknown sources.
or corrupting files, or to delete files and • Be careful when opening
cause computer to corrupt them. emails/attachments from
malfunction unknown senders.
PHISHING The creator sends out a The creator of the • Many ISPs filter out
legitimate looking email email can gain phishing emails.
and when the recipient personal data such as • The user should be
clicks on a link in the bank account numbers cautious when opening
email or attachment the from users when they emails or attachments
user is sent to a bogus visit the fake website
web site.
Security & Ethics
Cyber Security Risks – complete the table
NAME DESCRIPTION
PHARMING Malicious code installed
on a user’s hard drive or
on the web server; the
code will redirect the user
to a fake website without
the user’s consent.
WARDRIVIN The act of locating and
G using internet
connections illegally.
Need a laptop, phone etc.
with wifi to access
wireless signals
EFFECTS PREVENTION/REMO
VAL
The code creator can • Some anti-spyware
gain personal data software can identify
such as bank account and remove the
numbers from users pharming code from
when they visit the fake the hard drive.
web site. This can lead • Users should always
to fraud or identity be alert and look for
theft. clues that they are
being redirected to
another web site.
Can steal users • Use wired equivalent
internet time/bandwidth privacy encryption
to download large files • Use complex
such as movies. passwords to access
Can hack into a the internet.
wireless network and • Use of firewalls to
steal passwords and prevent outside user
personal details. fro, getting access
Security & Ethics

Cyber Security Risks – complete the table

NAME DESCRIPTION EFFECTS PREVENTION/REMO
VAL
SPYWARE/ Software that gathers Gives the originator • Use anti-spyware
KEY- information by monitoring access to all data software
LOGGING key presses on the user’s entered using the • The user should
SOFTWARE keyboard; the information keyboard. always be alert and
is then sent back to the The software can look out for clues that
person who sent the install other spyware, their keyboard activity
software read cookie data and is being monitored.
also change the users • Using a mouse to
default web browser. select characters from
passwords rather than
typing them an reduce
risk.
Security & Ethics

A Cookie is A COOKIE is a packet of information sent by a web server to a web

browser.

What does a Cookie do?

A cookie is generated each time the user visits the website. A

message is frequently displayed. Every time a user visits the
website, cookies will have collected some key information.
Security & Ethics

Data Loss & Data Corruption – Using the diagram on page 155 as a guide re-arrange
and link up the following:
Security & Ethics

Firewalls

A Firewall is A firewall is either a software or hardware that sits between the user’s
computer and an external network to filter the information in and out
of the computer
A Firewall can carry out the following tasks:
• Examines the ‘traffic’ between the user’s computer and a public network
• Checks whether incoming or or outgoing data meets given set of criteria
• The firewall will block the ‘traffic’ and give the user a warning if the data fails the criteria
• Helps to prevent viruses or hackers entering the user’s computer
• Warns the user if some software on their system is trying to access an external data source
• Logs all incoming and outgoing ‘traffic’ to allow later interrogation by the user
Security & Ethics

A Firewall cannot:
• A firewall cannot prevent individuals, on internal networks, using their own moderns to
bypass the firewall
• Employee misconduct or carelessness cannot be controlled by firewalls
• Users on stand-alone computers can chose to disable the firewall, leaving their computer
open to harmful ‘traffic’ from the internet.

A Proxy Server Acts as an intermediary between the user and a web server

A Proxy Server can carry

out the following tasks:
• Allows the internet ‘traffic’ to be filtered; they can block access to a website if necessary
• By using a feature known as Cache, they can speed up access to information from a
website
• Keeps the user’s IP address secret
• Acts as a firewall
Security & Ethics

What is SSL?

SECURE SOCKETS LAYER (SSL) is a type of protocol which allows the data to
be sent and received securely over the internet.

How does SSL work?

Arrange these in the
correct order.
Security & Ethics

What is TLS?
TRANSPORT LAYER SECURITY (TLS) is a form of protocol that ensures the
security and privacy data between devices and users when communicating
over the internet.

What are the two layers in TLS?

● Record Protocol
● Handshake Protocol

How does TLS improve its overall performance compared to SSL?

TLS can make use of Session Caching which improves the overall performance
compared to SSL
Security & Ethics

What is Encryption?

Encryption is used primarily to

protect data in case it has been
hacked

Describe Symmetric Encryption

SYMMETRIC ENCRYPTION is a secret key which can only be a combination of

characters. If this key is applied to a message, its content is changed which
makes it unreadable unless the recipient also has the decryption key.
Security & Ethics

Activity 8.1
Use the following
sender and
receiver values to
check that the
system described Sender Recipient
in Table 8.1 works:
x=3 y=5
The sender uses
7^3=343 7^5=16807
the value x = 3
and receiver uses
the value y = 5
Security & Ethics

How is Asymmetric Encryption used? Arrange these in the correct order.

Security & Ethics

What is a Hashing Algorithm?

HASHING ALGORITHMS takes a
message or key and translates it into a
string of characters usually shown in
hex notation

Using the internet, carry out a search for MD4 and MD5 hashing algorithm
generators (e.g. http://www.online-convert.com/).
Then try various numbers, letters and messages to see how the 128-bit code varies.
Create the MD4 hashing algorithm for your name and copy it below:

Name: Arkar

MD4 Hash: 2d2d206ba0476b0c779a25926e43f805

Security & Ethics

Authentication is
AUTHENTICATION is used to verify that data comes from a trusted source. It
works encryption to strengthen internet security

Explain authentication using a user ID and password

User ID and password is normally used to log on to many streams and they are

checked against a secure file to confirm a person who they claimed to be. The
access is denied if it is incorrect.

What is a Digital Signature?

A Digital Signature is a method used to ensure an electronic document is
authentic .
Security & Ethics

What are Biometrics?

Biometrics are physical or behavioral human characteristics to that can be used
to digitally identify a person to grant access to systems, devices or data

How do fingerprint scans work?

Images of fingerprints are compared against previously scanned fingerprints
stored in database; if they match, the access is allowed.

How do retina scans work?

Retina scans use infra-red to scan the unique pattern of blood vessels in the
retina, it is very secure as nobody has yet found a way to duplicate the blood
vessel patterns.
Security & Ethics

A DoS attack is

A Denial of Service attack (DoS) is an attempt at preventing users from accessing

part of a network, notably an internet server. It is temporary; however, it can be a
very damaging act or a big breach of security.

The following measures can be taken to guard against a DoS attack:

• Use an up-to-date malware/virus checker

• set up a firewall to restrict traffic to and from the internet server or user’s device
• Apply email filters to manage or filter out unwanted traffic or spam email
Signs that a user can look out for to see if they are a victim of one of these attacks
include:
• slow network performance
• unavailability or inability to access particular websites
• large amounts of spam mail reaching the user’s email account
Security & Ethics

When a customer logs on to a banking website and carries out a transaction,

encryption is used to protect the customer’s personal details. Banks may also
carry out a number of other procedures to give additional protection. List and
describe 3 of these procedures.

1. Many banks use a 10-12 digit code unique to the customer

2. You may then be asked to input three random numbers from a four digit PIN
and/or three characters from a 10-character password
3. Some systems use a hand-held device into which the customer inserts their
card. They will be asked to enter their PIN. The device will then generate an
eight-digit code which the customer types into the web page of the bank. This
eight-digit code is generated from an internal clock and PIN. The bank’s server
and time are both synced with the hand-held device; the server also stores the
PIN. The bank’s server will therefore know if the eight-digit code entered is
correct. Each eight-digit code is only valid for a few minutes before it has to be
redone.
4. Some banking systems ask the customer to key in parts of their password using
drop-down boxes. This is an attempt to defeat spyware/key-logging software.
Each of the requested characters from the password are entered by selecting a
character from a drop-down menu using a mouse, thus eliminating the use of a
Security & Ethics

COMPUTER ETHICS is a set of principles set out to regulate the use of computers.
Three factors are considered:
● Intellectual Property Rights
● Privacy Issue
● Effect of computers on society

PLAIGARISM is

PLAIGARISM is when a person takes another person’s idea/work and claims it as

their own
Security & Ethics

The ACM (Association for Computer Machinery) and IEEE (Institute of Electrical
and Electronics Engineers) have published the following code of ethics:

1. To accept responsibility in making decisions consistent with the safety, health and welfare of the public,
and to disclose promptly the factors that might endanger the public or the environment;
2. to avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties
when they do exist;
3. To be honest and realistic in stating claims or estimates based on available data;
4. To reject bribery in all its forms;
5. To improve the understanding of technology; its appropriate application, and potential consequences;
6. To maintain and improve our technical competence and to undertake technological tasks for others only if
qualified by training or experience, or after full disclosure of pertinent limitations;
7. To seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to
credit properly the contributions of others;
8. To treat fairly all persons and to not engage in acts of discrimination based on race, religion, gender,
disability, age, national origin, sexual orientation, gender identity, or gender expression;
9. To avoid injuring others, their property, reputation, or employment by false or malicious action;
10. To assist colleagues and co-workers in their professional development and to support them in following
this code of ethics.
Security & Ethics

Complete the comparison table for Free Software, Freeware and Shareware

Modify source
Cost Fully functional? Expires?
code?
Users have
freedom to run,
Free There may be
copy, change or Yes No
Software a charge
adapt free
softwares
Not allowed,
Free of
Freeware developer retains Usually No
Charge
copyright
No initial Depends, some
It is fully
Sharewar charge, there features may be
protected by Yes
e may be a disabled until you
copyright laws.
charge later purchase
Security & Ethics

Assessment Target: Overall grade:

Minimum expectations by the end of this unit

□ You have completed all the pages of the workbook
□ Score 80% in the end of unit test.

Feedback
Breadth Depth Understanding

□ All aspects complete □ Excellent level of depth □ All work is accurate

□ Most aspects complete □ Good level of depth □ Most work is accurate

□ Some aspects complete □ Basic level of depth shown □ Some work is accurate

□ Little work complete □ Little depth and detail provided □ Little work is accurate

Comment & action Student response

Security & Ethics

Reflection & Revision checklist

Confidence Clarification
☹😐☺ I can understand the need and how to keep data safe from accidental or malicious damage

☹😐☺ I can understand the need and how to keep data safe from unauthorised users

☹😐☺ I can show knowledge of use of passwords, firewalls, proxy servers, SSL, TLS and encryption

☹😐☺ I can understand the risks posed by phishing and pharming

☹😐☺ I can appreciate appropriate security safeguards when carrying out online transactions

☹😐☺ I can. understand the need and application of computer ethics

My revision focus will need to be: