5. The internet and its uses Flashcards
How do DOS attacks work?
Large number of requests sent to server at once
Useless traffic floods the server
Server will come to a stop trying to deal with the traffic
Prevents users gaining access to the web server
What do cookies do?
Saves log-in information
Provides customized page for user
Enables target advertisements
One-click purchasing
3 functions of browsers
− Allows user to view web pages
− Renders HTML
− Allows user to bookmark/favourite web pages
− Provides navigation features
− Allows (multiple) tabs
− Stores cookies
− Records history of pages visited
− Has a homepage
− Runs active script
− Allows files to be downloaded from website/internet
− Sends a request to the IP address/web server (to obtain the contents of a web page)
− Sends URL to DNS
− Manages HTTP/HTTPS protocol
Physical security
Data needs to be kept physically safe from intruders, in large companies by…
Issuing staff with ID
Having all visitors sign in on arrival and having escorts around the office
Keeping sensitive areas locked
Security cameras
Security guards
Physical Security and Biometrics
Locks on doors
Security Guards
Biometrics:
- Fingerprint recognition
- Retina scanner
- Iris recognition
- Voice recognition
Audit trails and logs
Audit trail maintains a record of all activity on a computer system
The time and date a user accesses the system will be logged as well as their activity
Assists in detecting security violations
Help system admin ensure the system has not been harmed by hackers, insiders or technical problems
Acceptable use policies (AUP)
Many businesses and educational facilities require employees or students to sign an AUP before being given a network ID
Secure passwords
Minimum of 8 characters
Mixture of numbers, lowercase and uppercase characters
Include symbols
Do not include name, DOB or personal details
Phishing
A phishing email is one that tricks you into handing over your personal or sensitive information
You receive an email leading you to a bogus site to enter your details from where they are captured by phishers
What to look out for:
Generalised impersonal greeting
Sender’s address, variation from original
Forged link, roll mouse over link to check
Request personal information, legit sites do not do this
Sense of urgency
Poor spelling and grammar
Pharming attacks
Similar to phishing but instead of using a fake link in email, pharming redirects victims to bogus sites despite entering the legit website
Detecting pharming attacks:
ISPs filter out bogus redirects as soon as an attack is detected
Check the URL once loaded has not changed
Before entering sensitive information check that http has changed to https
Trojan Horse Email
Offers something tempting to look at like an attachment or link eg. funny video
When you open the attachment or click the link it installs a virus on your computer which may:
- record your keystrokes and send them to the attacker
- Provide someone else with access to your files
- Use your computer to send spam to everyone in your
address book
Virus generated emails
Appear to be sent from a friend
Usually means your friend’s email has been infected and sent to their entire address book
Typically includes product or shop recommendation and asks for emergency cash
Encourages you to click a link to a sales website or transfer cash
Encryption
Encryption is the encoding of data so that it can no longer be easily understood to safeguard the data if intercepted.
Terminology:
Plaintext: original message
Ciphertext: encrypted message
Encryption: the process of converting plaintext into ciphertext
Key: a sequence of numbers used to encrypt or decrypt, often data using a mathematical formula.
Encryption algorithm: the formula for encrypting the plaintext
Encryption techniques:
Private key (symmetric encryption)
A single key used to encrypt and decrypt a message and must be given to the recipient of your message to decrypt the data
Public key (asymmetric encryption)
Two keys are used, one to encrypt and one to decrypt
This is more secure as you never have to send or reveal your decryption key
Caesar shift cipher
Earliest known substitution cipher invented by Julius Caesar
Each letter is replaced by n positions further in the alphabet
n is the key used to encrypt and decrypt the message - symmetric encryption
Cryptanalysis
The objective of cryptanalysis is to decode the ciphertext - typically by finding the secret key
Methods include:
Brute-force attack
every possible key is tried
Non-brute-force attack (cryptanalysis)
Key strength
5 bits would enable 2^5 key combinations so it could be said that you are using 5 bit encryption
Increasing the number of bits used for a key increases encryption strength.
Algorithmic security
Ciphers are based on computational security
keys determined using computer algorithm
given enough computer power and time any key can be cracked.
Strong and weak encryption
Encryption can be considered “strong” when the useful lifetime of the encrypted data is less than the time needed to crack it
Weak encryption means that the encryption can be cracked while the encrypted data is still in its lifetime
Other methods of data protection
Passwords
SSL (security protocol)
TSL (security protocol)
Firewalls
HTTPS
Proxy server
A proxy server is a computer that acts as an intermediary between a web browser and the internet.
It helps to improve web performance by storing a copy of frequently accessed web pages.
A proxy server may act as a firewall
can help to improve security by filtering out some web content like malware
responds to input packets by blocking and allowing some
gateway from one network to another
HTTPS
s in https stands for secure
this means a security protocol is used to ensure a trusted encrypted data connection
Secure Sockets Layer and Transport layer security
SSL is a protocol for transferring private documents via the internet
it uses asymmetric encryption to encrypt data before transmission
many websites use SSL to receive confidential information like credit card details
TSL is a more recent upgrade to SSL. Like SSL it uses public key to encrypt.
Process of getting web page from webserver
Web browser sends request to IP address or web server to identify itself by providing certificate
Web page sent from web server to browser
Browser renders HTML to display web pages
HTTPS used to secure data
Benefits of USB connection
Universal connection
High transmission speeds
No incorrect connections
Can be inserted both ways
Backwards compatible
Fast data transfer speed
Inexpensive to purchase