Additional Security of data Online • Firewalls • Security protocols • Encryption FIREWALLS
• Firewall can be software or hardware. It sits
between user's computer and an external network(internet) and filters information coming in and out of the user’s computer. Tasks carried out by firewalls
• To examine the traffic between a user’s computer (internal
network) and a public network(internet). • Checks whether incoming or outgoing data meets a given a set of given criteria, if the data fails the criteria, the firewall block the traffic. • It can be used to log all incoming and outgoing traffic to allow later interrogation by the network manager. • Criteria can be set so that the firewall prevents access to certain undesirable sites. • It is possible for firewall to help prevent hackers gaining access to the user’s computer or network. • The user is warned if some software on their system is trying to access an external data source(automatic software upgrade). • The firewall can be a hardware interface that is located somewhere between the computer and the internet connection, in which case is often referred to as GATEWAY. • Alternately, the firewall can be software installed on a computer, in some cases it is part of the operating system(Windows firewall). Certain circumstances where the firewall can’t prevent potential harmful traffic. • It cannot prevent individuals, on the internal networks using their own modems to bypass the firewall. • Employee misconduct or carelessness cannot be controlled by firewalls e.g control of passwords or user accounts). • Users on stand-alone computers can choose to disable the firewall. Security Protocols • Communicate with one another over the internet requires these two forms of security protocols (set of rules used by computers) 1) Secure Socket Layer (SSL) 2) Transport Layer Security (TLS) Secure Socket Layer (SSL)
Secure Socket Layer (SSL): is a type of protocol that
allows data to be sent and received securely/safely over the internet. • When a user logs on to a website, SSL secures and encrypts the data – only the user’s computer and the web server are able to make sense of what is being transmitted. • A user will know if SSL is being applied when they see https (as part of the web address) or a small padlock in the status bar at the top of the screen. Secure Socket Layer (SSL) • SSL is used on (e-commerce) websites where we use bank or credit card details in order to make purchases. • Examples: Secure websites start with https and have an icon of a padlock. Non-secure websites start with http. • Buying products over the internet is known as e- commerce. Examples of e-commerce websites include Amazon, Ebay, Jumia, Konga, Walmart e.t.c. How to identified secure and non-secure websites Transport Layer Security • Transport Layer Security (TLS): is similar to SSL, but is more recent security system. • TLS is a form of protocol that ensures the security and privacy of a data between devices and users when communicating over the internet. • It is essentially designed to provide encryption, authentication and data integrity. Layers of Transport Layer Security (TLS)
• Record Protocol: This part of communication
can be used with or without encryption. It is also responsible for securing application data and verifying its integrity and origin/source) • Handshake protocol: this permits the website and the user to authenticate each other and to make use of encryption algorithms (a secure session between user and website is established). Differences between SSL and TLS • TLS is possible to be extended by adding new authentication method. • TLS make use of session caching, which improves the overall performance compared to SSL. Session caching • Session caching: when opening a TLS session, it requires a lot of computer time due to the complex encryption key being used. • The use of session caching can avoid the need to utilize so much computer time for each connection. • TLS can either establish a new session or attempt to resume an existing session. ENCRYPTION • Encryption is used to protect data in case it has been hacked and accessed illegally. • Encryption doesn’t prevent hacking, it makes the data meaningless or un-readable unless the recipient has the necessary decryption tools. • Whenever you use a computer device that is connected to the internet, you are potentially vulnerable to hackers. Encryption turns data into scrambled and unreadable nonsense. An example of encryption • Bob wants to send a personal message to Mary. • Bob wants to encrypt the message so that it can only be read by Mary. • Go to the next slide to see the encryption process. The example below explains how the encryption process works 1) Bob first needs to create an encryption key. The key will usually be a very long random number.
2) Bob will now give Mary a copy of the
encryption key.
3) Bob can now encrypt (lock) the personal
message using encryption software and the encryption key. Once encrypted, the message will just look like scrambled nonsense.
4) Bob can now send the encrypted message to Mary
via the internet. 5) When Mary receives the message, she will use her copy of the encryption key to decrypt (unlock) the message.
6) Mary can now read the message sent by Bob
When should you use encryption? It is a good idea to use encryption and stop unauthorised people from reading your data in the following circumstances. • Any files containing bank account or credit card data. • When buying items on the internet using credit/bank cards • Any data containing confidential medical records • Emails that you wish to remain private. • Any data that could be used to commit identity fraud (social security numbers, insurance numbers etc.).