2.2 Security Aspects Flashcards
Features of a strong password
- Mixture of uppercase and lowercase letters
- Combination of letters, numbers and special symbols
- At least 8 characters
Virus
How to minimise the risk
- Software that replicates itself
- Intends to delete or alter data stored on a computer
- Can make the computer “crash”/run slow
Minimise risk:
- use of anti-virus software
- do not download software/data from unknown sources
Spyware
How to minimise the risk
- Software that gathers information by recording key presses on a user’s computer/keyboard and relays the information back to the person who sent the software
- User activity/key presses can be analysed to find sensitive data eg. passwords
- a common pattern/word in the key logs could allow a password to be identified
Minimise risk:
- use anti-spyware software
- use data entry methods such as drop-down boxes
Hacking
How to minimise the risk
The act of gaining illegal access to a computer system without the owner’s consent/permission
Minimise risk:
- use of passwords / user IDs
- use of firewalls
- encrypt data
How does anti-virus software protect the user?
- Scans computer system for viruses
- Removes any viruses found from computer
- Checks data before it is downloaded, and stops download if virus found / warns you may contain virus
Firewall
Software that filters data coming from the Internet, to stop malware and hackers and block unsuitable content
5 ways that data could be accidentally damaged or accidentally lost
- human error eg. accidentally deleting a file
- hardware failure
- physical damage eg. fire/flood
- power failure
- misplacing a storage device
Methods to prevent data entry errors that can accidentally cause data corruption
- Using checks on data entry such as check digits, range checks, etc.
- Entering data twice
Explain what is meant by a denial of service (DoS) attack.
- designed to deny people access to a website
- a large number of requests is sent to a server all at the same time
- the server is unable to respond to ALL the requests
- the server fails/times out as a result
Proxy server
A computer that acts as an intermediary between a web browser and the Internet
Advantages of a proxy server
- Helps to improve web performance by storing a copy of frequently used web pages
- Can help improve security by filtering out some web content and malware
Transport Layer Security (TLS)
The TLS security protocol checks that the website you are using is real and then establishes a private link between two devices that are communicating, using encryption
Secure Sockets Layer (SSL)
SSL security protocol has different methods of encryption to TLS and is less secure; uses public and private keys, uses https
*purpose is the same as TLS (check authentication of website, establish private communication between devices using encryption)
Encryption
The process of converting plain text into cypher text
Decryption
The process of converting cypher text into plain text
Symmetric VS Asymmetric encryption
Symmetric encryption
- Uses the same encryption key to encrypt and decrypt a message (1 key)
- The secret key has to be sent over the Internet before encryption can begin, so anyone who finds out the key can decrypt the messages
Asymmetric encryption
- 2 keys: a public key and a private key
- The public key is shared with any computer that needs to send a message
- The private key is kept secret on your computer. Only your computer can use it to decrypt the messages sent to you
- slower than symmetric, but safer
What will increase the strength of the encryption?
+ explain
Increasing the length of a key and making it more complex
- will generate more possibilities for key
Phishing
How to minimise the risk
- Legitimate-looking emails sent to a user
- As soon as recipient clicks on link in the email the user is directed to a fake website (without their knowledge)
- To obtain personal/financial information
Minimise risk:
- do not open emails/attachments from unknown sources
- some firewalls can detect fake websites
Pharming
How to minimise the risk
- Malicious code installed on a user’s computer/actual web server
- This code redirects user to a fake website (without their knowledge)
- To obtain personal/financial information
Minimise risk:
- only trust secure websites, eg. look for https
- check the URL matches the intended site
4 examples of biometrics
- fingerprint scanner
- face recognition software
- retina scanner/iris scanner
- voice recognition software
Cracking
How to minimise the risk
- The act of illegally changing the source code of a program so that it can be exploited for another use
Minimise risk:
- set strong passwords
- encrypt data
6 ways of preventing ACCIDENTAL loss or corruption of data
- back up files on a regular basis to another device / to the cloud
- set data to read only to prevent accidental editing
- save data on a regular basis to prevent loss/corruption of data in unexpected shutdown/failure
- use correct shut down / start up procedures to prevent damage to components/stored files
- use correct procedures before disconnecting portable storage device to prevent damage to device/data corruption
- keep storage device in a safe place away from fire hazards
5 tasks carried out by a firewall
- Examines traffic to and from a user’s computer and the Internet
- Checks whether incoming and outgoing traffic meets a given set of criteria
- Firewall blocks traffic that doesn’t meet the criteria
- CAN prevent viruses and hackers gaining access
- Blocks access to specified IP addresses/websites
How does anti-spyware software work?
- scans the computer for spyware
- removes any spyware that is found
- can prevent spyware from being downloaded
Describe how data are encrypted.
- an encryption algorithm is used
- …to scramble data
- the original data is called the plain text
- a key is used to encrypt the data
- the key is applied to the plain text
- plain text is encrypted into cypher text
Explain what is meant by spam.
- junk/unwanted emails
- sent to large numbers of people
- used for advertising / spreading malware
- fills up mail boxes
