6 - security, privacy and data integrity

Question 1

how to prevent data loss / restrict access

Answer 1

user accounts
passwords
firewalls
antivirus software
antispyware software
encryption
biometrics

Question 2

user accounts

Answer 2

authenticate a user - control access rights

Question 3

passwords

Answer 3

• should be hard to crack and changed frequently - run antispyware software - mix of cases, numbers, keyboard characters

Question 4

firewalls

Answer 4

sits between the comp and a network and filters info in/ out - software or hardware or both
- Examines traffic
- Checks if data going in/out meets criteria
- Blocks traffic if it fails the criteria and warns of security issue
- Logs all incoming/ outgoing traffic
- Prevents access to undesirable sites (keeps a list of IPs)
- Helps prevent viruses/ hackers
- Warns the user if software is trying to access an external data source

Question 5

antivirus software

Answer 5

• Checks software before its opened on comp
• Compares possible viruses against a database of known viruses
• Carries out heuristic checking
• Quarantines possible infected files

Question 6

antispyware software

Answer 6

• detects and removes spyware programs that have been illegally installed

Question 7

encryption

Answer 7

• if a hacker accesses data without the encryption keys it cant decode the data

Question 8

biometrics

Answer 8

• rely on unique human features eg fingerprints - compares ridges/valleys, retina scans - compare blood vessels in the retina

Question 9

risks to data security

Answer 9

hacking
phishing
pharming
malware
- viruses
- worms
- logic bombs
- Trojan horses
- bots
- spyware

Question 10

malicious vs ethical hacking

Answer 10

Malicious hacking - illegal access to a comp system without users permission or knowledge - intent of deleting altering, corrupting files or to gain personal details
Ethical hacking - authorised by companies to check their security and how robust the system is

Question 11

virus

Answer 11

• replicate themselves with the intent to delete or corrupt files causing malfunction

Question 12

worm

Answer 12

can replicate themselves with the intent of spreading to other comps - use networks to find weak comps

Question 13

logic bomb

Answer 13

embedded in a program on a comp - when conditioned are met they are activated to delete files or send data to hackers

Question 14

trojan horses

Answer 14

disguised as legitimate software

Question 15

bots

Answer 15

Not always harmful- can search automatically for an item on the internet- can cause harm by taking control over a computer system and launching attacks

Question 16

spyware

Answer 16

gathers information by monitoring then sending it back to the hacker eg key presses

Question 17

phishing

Answer 17

• Someone sends legitimate emails
• May contain links
• Take user to fake website
• Trick user into entering personal data

Question 18

phishing - how to prevent

Answer 18

○ Make users aware of new scams
○ Don’t click unsafe links
○ Run anti-phishing toolbars on web browsers
○ Look for https in address
○ Check accounts and change passwords regularly
○ Keep browser security up to date
○ Block pop ups

Question 19

pharming

Answer 19

• Malicious code on users comp / server - can be stored on HDD without the user knowing
• Redirects the user to a fake website (without knowing- don’t take an action unlike phishing where they have to click)
• The hacker can then gain personal data
• Website appears to be trusted

Question 20

pharming - how to prevent

Answer 20

○ Antivirus software
○ Use browsers that alert to attacks
○ Check website URL spelling
○ Check for https

Question 21

data integrity

Answer 21

should be accurate consistent and up to data

Question 22

compromising data integrity

Answer 22

Can be compromised
- During data entry/ transmission
- By malicious attacks
- By accidental loss (hardware issues)
Mitigated by - validation and verification

Question 23

validation

Answer 23

• check if data entered is reasonable and within a given criteria
  Eg type, range, format, length, presence, existence, limit check, consistency check, uniqueness check

Question 24

verification

Answer 24

• way of preventing errors when data is entered manually

Question 25

verification during entry

Answer 25

• Double entry - entered twice using 2 diff people + compared
• Visual check - compared to original document
• Check digits- additional digit added to a number eg barcodes/ VINs - ensures correct numbers have been entered

Question 26

verification during transfer

Answer 26

• Checksums
• Parity checks
• ARQ - automatic repeat request

Question 27

checksums

Answer 27

• Data is sent in blocks
• An additional value (checksum) is sent at the end of the block

Question 28

parity checks

Answer 28

• A byte of data is allocated a parity bit
• Even parity - have an even no. 1s
• Odd parity - have an odd no. 1s
• Before transfer users agree on the type of parity (protocol)
  If the received data isn’t the correct type an error has occurred - cant know which bit is the error but know there is one (can fix this by using parity blocks)

Question 29

parity blocks

Answer 29

○ A block of data is sent and the no. 1s are totalled horizontally and vertically (a parity check is done in both directions)
○ So can identify there is an error and where the error is

Question 30

AQR - automatic repeat request

Answer 30

• Uses acknowledgment (message to receiver to say its been sent) and timeout (interval to allow for acknowledgment)
• When the receiving device detects an error- asks packet to be resent
• If no error a positive acknowledgment will be sent
• Sending device will resend
  ○ If receives a request to resend
  ○ A timeout occurred
• Continuous until packet is correctly received or until the AQR limit is reached

Question 31

data privacy

Answer 31

the privacy of personal info or other info stored on a comp that should not be accessed by unauthorised parites

Question 32

data security

Answer 32

methods to prevent unauthorised access to data and to recover lost data

Question 33

data protection laws

Answer 33

data must be
- fairly and lawfully processed
- can only be processed for stated purpose
- adequate relevant and not excessive
- accurate
- not kept for longer than needed
- processed in accordance with the data subjects rights
- kept secure
- not transferred to over countries without adequate protection

Question 34

data recovery

Answer 34

• use back ups in case data is lost
• save data regularly

Question 35

type check

Answer 35

checks if non numeric data has been input into a numeric onyl field

Question 36

range check

Answer 36

he is if data is in the right range

Question 37

format check

Answer 37

checks if it’s in the agreed format eg dd/mm/yy

Question 38

length check

Answer 38

checks where data has required number of characters

Question 39

presence check

Answer 39

checks field is not empty

Question 40

existence check

Answer 40

checks if data in a file/ a file name actually exists

Question 41

limit check

Answer 41

checks one limit eg upper or lower

Question 42

consistency check

Answer 42

checks whether data in 2 or more fields match

Question 43

uniqueness check

Answer 43

checks that each value entered is unique

Question 44

modulo-11

Answer 44

example of a check digit
- each digit is giving a weighting 7-1 left to right
- multiplied by weighting then added to make a total
- total divided by 11 and remainder is subtracted from 11
- check digit in the value generated

Question 45

how checksums work

Answer 45

• the sun of the bits / 256
• round down to nearest whole number
• times by 256
• calc difference between this and the sum
• this value is checksum