Security Risks And Precautions Flashcards
What is a digital certificate?
An electronic document used to confirm the identity of a person or organisation
In symmetric encryption…
Both the key for encrypting and the key for decrypting are the same and are agreed before information is transmitted
What is data encryption?
When information is jumbled to make it unreadable
How does encryption help against hacking?
Any sensitive data intercepted by a hacker will be useless as it will be unreadable.
Any data on a stolen laptop/backing storage device is protected
What is symmetric key encryption?
A type of key based encryption which uses the same key agreed by both parties before transfer of information can begin
What is the drawback of symmetric key encryption?
The encryption key must be transmitted between two parties without it being intercepted.
Public Key Encryption: What is involved?
Both public and private key are generated to work as a pair. The private key can encrypt data which can only be decrypted by the linked public key and vice versa.
How SSL uses public key encryption on a secure website
Users browser receives websites public key
Private key remains on the server secured
Public key is used to encrypt sent data
Private key can then decrypt the message once data arrives in the server
What is a digital signature?
An electronic signature contained within a digital certificate used to prove the identity of a sender of data or the signer of a document whilst making sure that the original data remains untampered with
Who uses digital signatures in the real world?
Supported by a wide variety of software packages - helpful to those who wish to send legally important messages
Public Key infrastructure purpose
To allow companies and individuals to state that the identity information and the public key confirmed by digital signature belong together
Digital certificate contents
Digital signature
Name
Serial number
Expiration date
Digital Certificate purpose
To make use of a public key in order to bind the digital signature and identity together.
What is validation?
The process of checking data to be appropriate before processing starts
What is involved in Client-Side validation checks?
Checks are made by the users browser using a scripting language such as JavaScript
What is used in checks made in server-side validation?
All info is checked (and verified) by the server
What are the advantages of client-side validation?
Faster than server side validation - processing takes place on users computer
Saves time for info which doesn’t need to be sent between the client and the server
What are the disadvantages of client-side validation?
More prone to data interception
What are the advantages of server-side validation?
Users cannot interfere with data transfer - it is more secure, data validation cannot be disabled and centrally held data may be updated
What are the disadvantages of server-side validation?
Slower process than client-side validation
What are the advantages of using biometrics for security?
Harder to forge
Cannot lose them, unlike passwords
Cannot use them without authorisation like ID cards
Using biometrics for security purpose - Disadvantages/Concerns
Invasion of privacy, too intrusive on the public by security
How does a public key solve the problems which occur in symmetric key encryption during data transmission?
As symmetric key encryption uses one key only and thus can be intercepted during transmission.
Essentially only encrypted data is passed between users for a public key style encryption.
What is the purpose of a firewall?
To form an internal barrier between a secure network and any other network
Which act makes hacking illegal?
The computer misuse act
What is a virus?
A self replicating program which must be attached to a program
What are the differences between a virus, worm and Trojan?
A virus copies itself into other executable programs
A worm does not need to be attached to another program and does not always cause damage. It replicates itself.
A Trojan does not replicate itself.
Why might an employer use a key logger?
To check up on what their employees are doing online and keep track of their usage, Internet browsing history, how they make use of company resources
How might you identify a possible phishing email?
Spelling mistakes
Sent to someone without addressing them by name
Sender address
Request sensitive information
Describe what spyware is
Spyware is a type of malware used to gather information about a group or individual using methods such as monitoring keystrokes
Describe what phishing is?
A form of fraud in which the attacker tries to gain sensitive information such as login credentials, usually acting as a known contact and sending a scam email requesting the information
Describe what is meant by key logging?
Considered to be a type of spyware as well as software. Is capable of recording every keystroke made on a keyboard to a log file.
What is online fraud and identity theft?
Online fraud is a fraud committed online. Identity theft is when someone else uses or steals your identity, often with the aim of committing online fraud.
What is spam?
Usually refers to junk email and is often used in identity theft
What is credit card fraud?
Any kind of theft and fraud committed involving a payment card in which the attacker does not own and in which the attacker usually aims to make use of to gain funds or obtain goods without paying.
Name a type of definitely malicious software
Spyware - Installed without the users permission
What is spyware?
Monitors user activity and transmits that information in the background to someone else
Phishing
Emails or websites which trick users into entering personal details, which are then used illegally
Adware
Software product where you will be viewing sponsored advertisements until a commercial fee is paid
Type of malicious activity which is equally as dangerous to large corporations as it is to an individual user
Keylogging
Identity Theft
The crime of obtaining the personal or financial information of another person for the purpose of making purchases or transactions under their name or identity
A zombie
A computer compromised by a hacker
What is sent from the compromised computer to the attacker in a DDoS attack?
The IP address
Botnet
A group of compromised computers in a DDoS attack
Symmetric Key Encryption
Same key is used to encrypt and decrypt a message
Public Key use
Used by all people - sent to a particular individual
Less secure form or validation
Client side
More secure form of validation
Server side
Three steps involved in biometric analysis
Observation or collection of the data
Conversion and Description of the observed data using a digital representation called a template
Comparison of new data with one or more previous templates stored in a database
Technique designed to deal with spoof attacks on biometrics
Liveness detection algorithms
When a biometric scan take place a match is achieved by
The live scan being similar to the stored scan data
Degree of similarity is adjusted by system to increase or decrease strictness of the system
Denial of Service Attacks
Designed to prevent a user from accessing a computer system, server or website
Aim to create a situation where the resources of the attacked system are flooded with so many processing requests that the system can no longer carry out its intended purpose
Biometric Data Examples
Fingerprints and Retina Patterns
Used instead of passwords to gain access to systems and data