Chapter 5 (5.3 B) Auth and Verification Flashcards
What are access levels
system allowing a hierarchy of access levels depending on
user’s level of security
2 Anti-malware softwares
Anti-virus
Anti-spyware
What is an anti-spyware software
how does it identify
software that detects and removes spyware programs installed on a system; Identifies spyware based on typical spyware rules or known file structures
General features of anti-spyware
name 4
» detect and remove spyware already installed on a device
» prevent a user from downloading spyware
» encrypt files to make the data more secure in case it is ‘spied’ on
» encryption of keyboard strokes to help remove the risk posed by the keylogging aspects of some spyware
» blocks access to a user’s webcam and microphone (the software stops the spyware taking over the control of a user’s webcam and microphone which can be used to collect information without the user’s knowledge)
» scans for signs that the user’s personal information has been stolen and warns the user if this has happened.
What is Authentication
the 3 questions
the process of proving a user’s identity by using:
>something they know
>something they have
>something unique to them
Char of a strong password
use special characters
use numbers
use upper and lowercase
What are biometrics
type of authentication that uses a unique human characteristic, such as fingerprints, voice or retina blood vessel pattern
Adv and disadv of fingerprint
Adv:
Easy to use
Relatively small storage requirements
Disadv:
Can be intrusive since its related to criminal identification
Inaccurate if skin is dirty or damaged
Adv and disadv of retina
Adv:
very high accuracy
no known way to replicate a person’s retina
disadv:
very intrusive
expensive to install and set up
Adv and disadv of face recog
Adv:
non-intrusive method
relatively inexpensive tech
Disadv:
Can be affected by changes in lighting, wearing glasses or a mask etc
Adv and disadv of Voice recognition
Adv:
Non-intrusive method
Verification takes less than 5 seconds (is quick)
relatively inexpensive tech
Disadv:
Low accuracy
Recordings of the person’s voice can be played to bypass
What is two factor auth
a type of authentication that requires two methods of verification to prove the identity of a user
What are patches
an update for software that is developed to improve the software and/or to remove any bugs
What all do you check in an email
Spellings
Tone of the email - shldnt be rushing
email address
misspelled domain names
suspicious links
what is typo squatting
Subtle spelling errors in website addresses used to trick users into visiting their fake websites
What is a firewall
software or hardware that sits between a computer and an external network and monitors and filters all incoming and outgoing traffic
Functions of firewall
name 4
examine the ‘traffic’ between user’s computer
checks whether incoming or outgoing data meets a given set of criteria
Firewall blocks any traffic that fails to meet the criteria
Log all incoming and outgoing traffic
can prevent viruses or hackers from entering
What can a firewall not control
Can’t prevent individuals on internal networks using their own devices from bypassing the firewall
can’t stop a user from disabling the firewall, leaving their computer susceptible to harmful traffic on the internet.
What is a proxy server
what does it make use of to do what
a server that acts as an intermediary server through which internet requests are processed
it often makes use of cache memory to speed up web page access
Features of a proxy server
Internet can be filtered
Helps prevents DOS since if an attack is launched it hits the proxy server
Can act as firewalls
Webserver is allowed or denied if traffic is valid or invalid
What are privacy settings
Controls that allow users to limit who can access their profile or what they are allowed to see on social networking sites.
Privacy settings features
‘do not track’ setting; the intention here is to stop websites collecting and using browsing data which leads to improved security
website advertising opt-outs;
safer browsing; an alert is given when the browser encounters a potentially dangerous website
What is SSL
secure sockets layer (SSL) – a security protocol used when sending data over a network
Steps of SSL
The user’s browser sends a message so that it can connect with the required website which is secured by SSL
Browser asks the web server to identify itself
Web server responds with its SSL certificate
Browser authenticates this certificate, a message is sent to the server to allow communication
After the message is received, the web server acknowledges the web browser and SSL-encrypted 2-way data transfer begins.
What is an SSL certificate
a form of digital certificate which is used to authenticate a website; Once the SSL certificate is auth, data exchange between browser and server are secure.
3 examples of where ssl are used
» online banking and all online financial transactions
» online shopping/commerce
» when sending software out to a restricted list of users
» sending and receiving emails
» using cloud storage facilities
» intranets and extranets (as well as the internet)
» Voice over Internet Protocols (VoIP) when carrying out video chatting and/or
audio chatting over the internet
» used in instant messaging
» when making use of a social networking site.
How to ensure passwords are protected
run anti-spyware software to make sure that your passwords aren’t being relayed back to whoever put the spyware on your computer
change passwords on a regular basis
Use strong passwords
