Cybersecurity, Web Searching, User Tracking, Social Media, and Cloud Computing (Week 13) Flashcards
What is Multi-Factor Authentication?
Authentication: to confirm the user’s identity
Typically with a password, but this is only one piece of evidence (a “knowledge factor”) that may be used to authenticate a user
Multi-factor Authentication uses other factors, such as Possession factor and Biometric factor.
Safe Computing – Important (Part 2)
Create copies (backups) of your personal data or your whole system regularly (see info at www.worldbackupday.com)
* Physically detach backup media after the backup is finished and ideally store your backup media in a separate location.
For some data, you could use cloud storage providers that immediately synchronize every change of local data to the cloud
* Some of them allow you to restore older versions of the data up to a certain period. (e.g. www.dropbox.com, www.sync.com, OneDrive)
* Be careful: you want to avoid sending very sensitive data to the cloud unencrypted – sometimes this has also legal implications
Safe Computing – Important (Part 3)
Run macros in Microsoft Office only if you really trust the source of a document
Make sure you use HTTPS for any sensitive communication, e.g. financial transactions, web shopping, hotel bookings, etc.
What is HTTPS?
HTTPS, or Hypertext Transfer Protocol Secure, is a protocol used for secure communication over a computer network, commonly the internet.
It is an extension of HTTP, with the ‘S’ standing for ‘Secure.’ HTTPS ensures that the data exchanged between a user’s web browser and a website is encrypted, enhancing security and privacy.
HTTPS - Encryption
HTTPS uses SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols to encrypt data during transmission.
This prevents eavesdropping and unauthorized access, making it difficult for attackers to intercept and manipulate the information.
HTTPS - Authentication
HTTPS verifies the ID of the website through SSL certificates. These certificates are issued by Certificate Authorities (CAs) and serve as digital passports for a website.
Users can trust that they are connecting to the intended website and not a malicious entity posing as the legitimate site.
Secure Web Communication
HTTPS-encrypted connections to servers with verified identity feature a “lock” or a similar symbol:
What does Cybersecurity mean?
Cybersecurity refers to the comprehensive set of measures and practices implemented to safeguard digital systems, networks, and data from unauthorized access, attacks, damage, or exploitation.
It encompasses the protection of information technology assets, including computers, software, networks, and the data they handle, against a wide range of cyber threats and risks.
It is critical to ensuring the confidentiality, integrity, and availability of digital resources, preventing potential disruptions, and preserving the trustworthiness of technological systems in an increasingly interconnected and digitized world.
Cybersecurity as a practice
Cybersecurity involves the development and implementation of strategies, technologies, and policies to detect, respond to, and mitigate cyber threats, thereby fortifying the resilience of engineering systems against evolving challenges in the digital landscape.
Protection: Access Privileges
Reduce user access privileges on every computer to the minimum level necessary for each individual user:
You don ́t need administrator privileges on your computer for everyday work situations
Sometimes write access to files could be revoked
Be suspicious when Windows UAC (User Account Control) asks you to grant a program admin privileges
Measures for Cautious Users
- Use “private” or “incognito” mode of your browser to reduce tracking
- Disable 3rd party cookies
- Turn off pop-ups in your browser (if not off by default)
- Use Ad-Blockers, e.g. https://ublock.org/
- Use Plug-ins or Browsers that block ads and prevent tracking
- Turn off unknown browser plug-ins as much as possible
- Disable HTML in your mail reader
- Turn off JavaScript in Adobe Reader
- Turn off all service on your machine you don ́t use, e.g. sharing of printers, remote access, etc.
- Check your “Firewall” settings
** For ordinary users, standard firewall settings should be sufficient (regardless of your OS)
What is a Firewall?
A firewall controls incoming and outgoing traffic between two network nodes (could be between hosts or networks)
Unwanted or harmful packets can be discarded based on source or destination IP address or port (filtering)
More sophisticated firewalls also check contents of packets (inspection) to decide what to do
Windows has a configurable built-in firewall
Measures of Paranoid Users (Cybersecurity)
- Turn off JavaScript and cookies in your browser
- Use text only email (disable HTML and JavaScript)
- Encrypt your computer and your phone
- Select less popular software because it is less likely to be exploited
** E.g. Opera browser, Linux OS, etc. - Use software and services to avoid tracking, e.g.
** Tor (The Onion Router) for anonymous use of Internet https://www.torproject.org/
** And many others, e.g. https://www.techradar.com/best/best-free-privacy-software
The Weakest Link (Cybersecurity)
Majority of security breaches are low tech
For users, the trade-off between security and ease of use is essential
The weakest link defines the overall level of security,
* e.g. what are strong passwords good for if users write them on post-it notes attached to the screen?
Users have the biggest impact on security
* and are usually the first choice to gain unauthorized access because other measures often require more effort
Risk Assessment Matrix
Assess threats using a matrix which charts the probability that a particular situation will occur and what its impact (cost, loss of time, etc.) would be
Focus on orange and red areas: try to mitigate using measures that reduce impact, probability or both
E.g. if the impact of a ransomware attack would be catastrophic, introduce weekly or monthly automatic backups
Data & Information - Web Search
Web searches started in 1994 (first graphic browser in 1993)
In 1997 – AltaVista: 20 million search queries per day
* “AltaVista was a Web Search Engine established in 1995. It became one of the most-used early search engines, but lost ground to Google and was purchased by Yahoo! in 2003” - Wikipedia
In 2000:
* Approx. 1 billion web pages existed
* Google: 33 million search queries per day
In 2016:
* Approx. 50 billion web pages existed
* Google: 3 billion search queries per day
In 2019 – Google: > 5.5 billion search queries per day (> 2 trillion queries per year)
In 2023 –Approximately 84 billion visits daily and roughly 2 trillion global searches annually.
How do Search Engines work?
Search engines play a crucial role in helping users navigate the vast expanse of information on the internet. It is impossible to instantly access and search every web page to find pages with certain keywords. Search Engines perform the following:
- Crawling
- Indexing
- Ranking Algorithms
What is Search Engine Crawling?
Programs (called “web crawlers” or “spiders”) continually crawl/browse through all the pages on the web.
* They systematically scan pages (old and new ones) and
* Analyze them to extract relevant contents and store the result in an index of search terms - in a page database
What is Search Engine Indexing?
The Web Crawlers visit web pages, they collect info about the page’s content. This information is organized and stored in a database, creating an index of the web.
What is a Search Engine Ranking Algorithm?
Search engines use complex algorithms to analyze the indexed information and determine the relevance of each page to specific search queries.
These algorithms take into account various factors, including keywords, content quality, page structure, and user engagement.
What is Query Processing?
When a user enters a search query, the search engine processes the query against its index. It identifies pages that are most relevant to the search terms based on the ranking algorithms.
The search engine presents the user with a list of results, typically ranked by relevance.
The goal is to provide the user with the most useful and accurate information based on their search query.
Search engines continually update their indexes to reflect changes on existing pages and to incorporate new pages that have been added to the web.
A typical search phrase might return thousands or even millions of pages. How are they prioritized?
Google ́s “PageRank” algorithm considers many attributes, e.g.
How many other sites link to this page? Popular is better!
Repetition of key words and phrases on the same page
HTML Metatags (are not visible but provide more info)
* Website Title, Content Description, Keywords, Robots on HOW to index a page etc.
Compatibility with mobile devices (Google announced their mobile-first strategy in 2016)
What is SEO?
Search Engine Optimization (SEO) aims at improving the online visibility of a web site (and is part of any decent marketing strategy)
Who pays for free services like search engines?
Search providers (and others) can offer their services free of charge for users because of advertising revenue
Users see targeted ads alongside search results; the selection of these ads is based on…
- your search phrase: your request may indicate an interest in a specific product or service
- your location revealed by your IP address => local businesses may target users residing in a specific area
- Everything else the search engine provider knows about you (search history, preferences, tracking information, assumed age group, estimated level of income, etc.)