Chapter 8 – Security and Ethics

 

Name of the security risk Description Effects of the risk Methods to prevent this
Malware Malware is short for malicious software, it’s a term used for when a person has illegally harmed or attempt to harm your device. This also generally comes in forms of computer viruses, spyware and many more ‘malwares’.  It can take the form of executable code, scripts. This usually is done by the victim not knowing. Install anti virus softwares and firewall softwares. Keep your device up to date. Avoid pop up ads.
Phishing The creator sends out a legitimate looking email and if the receiver click on the link/attachment the user is sent to a fake website. By doing this the creator can gain personal data such as bank account numbers from users when they visit the fake website. You can prevent this by just being cautious, use your instincts or more effectively, download ISP’s because ISPs filter out phishing emails
Pharming Malware code is installed on the user’s hard drive or on the web server therefore the code will redirect the user to a fake bogus website without their knowledge. The creator can gain important personal details such as bank details Anti-spyware softwares can prevent this
Denial of Service (DOS) DOS attack occurs when multiple systems flood the resources of a targeted system, usually one or more web servers Such an attack is often the result of multiple compromised systems flooding the targeted system with traffic Install anti virus software, firewall protection. Be cautious about pop up ads.
Wardriving The act of locating and using wireless internet connections illegally; it only requires a laptop (or other portable device) a wireless network card and an antenna to pick up wireless signals This makes it possible to steal a user’s internet time by downloading large files. It’s also possible to hack into the wireless network and steal a user’s password and other personal details To prevent this you can use a wired equivalent privacy encryption (WEP). Protect use of the wireless device by having complex passwords before the internet can be accessed. Use firewalls to prevent outside users from gaining access
Spyware/key-logging software Software that gathers information by monitoring key presses on the user’s keyboard, the information is then sent back to the person who sent the software The harm and effects in this includes: gives the originator access to all data entered using a keyboard on the user’s computer. The software is able to install other spyware, read cookie data and also change a user’s default web browser The user should always be alert and look out for clues that their keyboard activity is being monitored. Using a mouse to select characters from passwords rather than typing them
  • Bio-metrics – Facial recognition, finger print, retina scan, voice recognition. These are safer as your personal features are unique and invaders are less likely to be able to access your data.
  • 2 step verification/authentication – A more secure and safe way when accessing different accounts.  It’s basically when an app/account sends you a text or an e-mail and you have to verify it by clicking on the link or entering a pin number into the website.
  • Firewall – hardware of software based security layer that is positioned between the internet and network/user device. Firewalls can examine incoming/outgoing traffic, identifies suspicious files/phrases and notifies administrator if anything is flagged.
  • Whitelists – allows you to access websites/applications
  • Blacklists – blocks you from certain websites/applications
  • Proxy sever – A link type piece of hardware between network/user. It remembers websites and/or apps that the user has recently/commonly use(s). When the proxy server remembers this it will load up the commonly used website faster than others. Similar to firewall but proxy servers have limited functions. Proxy servers are also designed to protect your identity/IP address.
  • VPN – Virtual Private Network. It changes your IP address, allowing you to watch/stream videos, films from other countries.
  • Complex passwords – by creating long, meaningless passwords this decreases the chance of invaders being able to guess your password. If a person knows you personally and attempts to break into your accounts, by having meaningless, complicated passwords they are unlikely to be able to get into any of your accounts. Having different passwords for each account is also helpful as if a person has gain one of your passwords for one of your accounts, they will be unable to access other accounts.

Security Protocols:

  • Secure Socket Layer(SSL) – a type of protocol (a set of rules used by computers to communicate with each other across a network). This allows data to be sent and received securely over the internet. Encrypts data when the user login.  Only the user’s computer and the web server are able to make sense of what is being transmitted. A user will know if SSL is being applied when they see https or the small padlock in the status bar at the top of the screen.

Image result for small green padlock

  • Transport Layer Security (TLS) – similar to SSL but is more of an advanced system. TLS is a form of protocol that ensures the security and privacy of data between devices and users when communicating over the internet. It is essentially designed to provide encryption, authentication and data integrity in a more effective way than its predecessor SSL. When a website and user communicate over the internet, TLS is designed to prevent a third party hacking into this communication causing problems with data security.
  • Only the most recent web browsers support both SSL and TSL which is why the older SSL is still used in many cases.

Encryption:

  • Cryptography and quantum cryptography.

 

  • Free Software – Users have the freedom to run, copy change free software for example google chrome.
  • Freeware – A software users can download from the internet for free of change. But it can contain restrictions for example Skype, they have restrictions and copyright laws about not allowing users to use codes that make up Skype to duplicate another website.
  • Shareware – Users are allowed to download this free of charge but there’s a limited time for how long you can access this/ a free trial like Microsoft word and adobe. Once the time limit/trial has ran out you usually have to buy the app in order to continue using it.