8. Security and ethics Flashcards
What is hacking?
The act of gaining illegal access to a computer
What are viruses?
Program or program code that can replicate itself with the intention of deleting or corrupting files or cause the computer to malfunction.
What is phishing?
The creator sends out a legitimate looking email in order to obtain confidential information.
What is pharming?
Code installed on the user’s hardware or on the web server that redirects the user to a fake website without their knowledge.
What is wardriving?
Act of locating and using wireless internet connections illegally.
What is spyware/key-logging software?
Software that gathers information by monitoring key presses on the user’s keyboard; the information is then sent back to the person who sent the software
What are the possible effects of hacking?
Identity theft
Data can be deleted, changed or corrupted
What are the possible effects of viruses?
Can cause the computer to crash, stop functioning normally or become unresponsive
Data can be deleted, changed or corrupted
What are the possible effects of phishing?
Sender can gain info such as bank account numbers
Identity theft
Fraud
What are the possible effects of pharming?
Can gain info such as bank account numbers
Identity theft
Fraud
What are the possible effects of wardriving?
Possible to steal a user’s internet time to download large files
Can steal a user’s password and personal information
What are the possible effects of spyware?
Can gain info such as bank account numbers
Able to install other spyware, read cookie data and change default web browser
What methods can be used to prevent hacking?
Firewalls
Strong passwords and user ids
Anti-hacking software
(Encryption wont stop hacking but will make the data useless to the hacker)
What methods can be used to prevent viruses?
Anti-virus software
Not using software from unknown sources
Being careful when opening email attachments
What methods can be used to prevent phishing?
ISPs often filter out phishing emails
Being careful when opening email attachments
What methods can be used to prevent pharming?
Anti-spyware software
Be alert and look for clues that the website is not legitimate e.g. https
What methods can be used to prevent wardriving?
Use wired equivalent privacy (WEP) encryption
Use strong passwords
Firewalls
What methods can be used to prevent spyware?
Anti-spyware software
Use a mouse to select keys for passwords
What are cookies?
Packets of data that collect information about the user’s habits.
Why are cookies used?
So that companies can display adverts that may be of interest to the user.
How can you prevent accidental loss of data?
Backups
Save data regularly
Use passwords to restrict access to authorised users only
How can you prevent data loss through hardware fault (such as head crash on HDD)
Backups
Save data regularly
Use uninterruptable power supply
How can you prevent data loss through software fault?
Backups
Save data regularly
How can you prevent data loss due to incorrect computer operation?
Backups
Good training procedures
What does a firewall do?
Check whether data meets a set of criteria and if doesn’t block the traffic and give the user a notification
Logging all traffic to allow later interrogation
Keep a list of undesirable IP addresses created by the user
Helping prevent viruses and hacking
What does a proxy server do?
Acts as a firewall
Keeps IP address secret
Uses a cache so that the user can connect to a website faster
How does SSL work?
The web browser sends a message to the server requesting that it identifies itself
The server responds by sending a copy of its SSL certificate
If the web browser can authenticate the certificate it sends a message to the server to allow communication to begin
One this message is received the server acknowledges the browser and the data transfer can begin
What is the purpose of TLS?
Provides encryption and authentication to prevent hacking.
What are the two layers of TLS?
Record protocol - contains the data being transferred over the internet
Handshake protocol - allows the website and the user to authenticate each other and use encryption algorithms
What are the differences between TLS and SSL?
Possible to extend TLS by adding new authentication methods
TLS makes use of session chaching
TLS separates the handshaking process from the record layer
What is the advantage of using session caching?
Opening a TLS session requires a lot of computer time but caching allows the user to start or resume a session which is faster.
What is symmetric encryption?
Uses 2 secret keys, 1 to encrypt and 1 to decrypt
What is a problem with symmetric encyption?
Key distribution problem - keys could be interpreted by a user
How can the key distribution problem be solved using symmetric encryption?
Algorithms which create a key using random numbers chosen by the sender and receiver
How does asymmetric encryption work?
User A applies a symmetric key
The symmetric key is encrypted using the public key
User a sends the message with the encrypted key
User B decrypts the symmetric key by applying their private key
The symmetric key is used to decrypt the message sent by A
How can the user increase the security of encryption?
Increase the length of the key - lots more possible keys
What is authentication?
Used to verify that data comes from a trusted source
Examples of authentication
Passwords, digital signatures, biometrics
How do digital signatures work?
User writes a message
Message put through hashing algorithm
The hash number is encrypted using a private key
The message and hash number are sent over the internet
The hash number is decrypted using a public key
The hash number is compared with the message to see if the message has been altered
Types of biometric
Fingerprint scans, retina scans, face recognition, voice recognition
What is a denial of service attack?
An attempt to prevent users from accessing part of a network by repeatedly bombarding the server with requests
What effects can a DOS attack have?
Prevent a user from accessing emails, websites or online services
How can a user guard against DOS attacks?
Use up to to data malware checking software
Use a firewall
Apply email filters
Signs a DOS is happening
Slow network performance
Unavailability of a website
Large amounts of spam email
Ways a bank protects customers’ information
10-12 digit code Input random numbers from pin/password Card reader - generates a code from an internal clock and the PIN Insert password using drop down boxes Ask for personal data
What is free software?
Users can copy, change or adapt it.
What is freeware?
Software a user can download for free without further charges but they cannot study or modify the source code.
What is shareware?
A free trial of a software which, after a period of time, the user will be asked to pay for.
What can a user do with free software?
Run it for any legal purpose
Study the source code and modify it to meet their needs
Pass the software in original or modified form to other people
