Topic 8- security and ethics Flashcards
What is hacking?
illegally gaining access to a computer system
illegally gaining access to a computer system in known as
hacking
Why do people hack (5)
- Curiosity
- Financial Gain
- Malicious
- Hacktivism
- Military
Curiosity,Financial Gain,Malicious,Hacktivism,Military are all reasons to___?
Hack
Cracking is
Changing a program’s source code to be used for another use (illegal)
Changing a program’s source code to be used for another use illegally is known as
Cracking
What is spyware
Software which tracks keylogs and through this can find out passwords.
Software which tracks keylogs and through this can find out passwords. Is known as
Spyware
How is Spyware prevented
Antispyware
Antispyware prevents___?
Spyware
Spyware (5)
- User clicks on a link from an email or website
- When clicked spyware is downloaded
- Monitors users activity and relays it back to author
- Keypresses can be analysed to find passwords
- Common key logs allow password to be found
Viruses (3)
- Program that replicates itself
- Deletes or corrupts files
- Ransomware a new form of virus
Phishing (5)
- Fake email sent that looks legitimate
- User clicks on link in the email
- User redirected to fake website
- Often used to try and steal financial details
- How to avoid – Don’t click on links from unknown emails
Pharming (3)
- Malicious code stored on a computer
- Redirects user to fake website to steal users data
- How to avoid – check the URL is as expected
Cookies (4)
- Message given to browser by webserver
- Stored in a text file
- Stores detail about users preferences on a website
- Message sent back to server each time that page is requested
Cookies uses (5)
- Enable logon information to be kept
- Provide customized pages for the user
- Enable target adverts
- Enable one-click purchasing with shopping carts
- Be able to distinguish between new and repeat visitors
Causes of data loss (5)
- Accidental Deletion
- Malicious – virus
- Hardware failure
- Software failure
- Natural disaster
Data loss prevention (4)
- Set data to read only
- Use correct shut down procedures
- Use correct procedures when removing portable storage devices
- Backup
Firewalls(5)
- Prevents unauthorized access
- Acts as a filter for incoming/outgoing data
- Checks data meets criteria
- Logs incoming and outgoing traffic
- Blocks access to specified IP addresses
Antivirus (2)
- Compares virus signature against a database of known virus signatures
- Removes any viruses
Proxy servers (3)
- Keeps user IP address secret
- Prevents direct access to a web server
- Filters traffic
Biometrics examples (3)
- Voice recognition
- Facial Recognition
- Thumbprint
Text v Biometric (2)
- Text passwords easier to hack than biometrics
- Biometric passwords are unique and can’t be shared
Security methods (2)
- Encryption
- SSL
SSL (5)
- Uses encryption
- Uses SSL
- Uses digital certificates – contains public key
- Makes use of public and private keys
- Data is meaningless without the key
How can we tell a website is using SSL(3)
- Protocol end in s e.g. https
- Padlock on some browsers
- Colour of address bar changes
SSL process (5)
- Web browser connects to the website
- Web browser requests web server to identify itself
- Web server sends browser a copy of its SSL certificate
- Browser checks the certificate is trustworthy and sends message back to server
- Server acknowledges message and SSL session begins
TLS layers (2)
- Record
- Handshake
Record layer (2)
- Contains the data being transferred
- Can be used with or without encryption
Handshake layer (2)
- Website and client authenticate each other
- Encryption algorithms used to establish secure session
Differences between TLS and SSL (3)
- Possible to extend TLS using new authentication methods
- TLS can make use of session caching
- TLS separates handshake and record protocol
How does encryption work on text (6)
- Before encryption it is plain text
- Text encrypted using an algorithm
- Text encrypted using a key
- Encrypted text called cypher text
- Key transmitted separately from text
- Key used to decrypt the cypher text
Assymetric(5)
- Private key and Public key needed
- Public key given to everyone
- Private key only known by the computer user
- Encryption keys generated using a hashing algorithm
- Different keys
Plain text & Cyper text
- Text encrypted using encryption algorithm
- Text encrypted using a key
- Key transmitted separately from the text
- Key used to decrypt the text
Authentication (1)
-Used to verify that data comes from trusted source
Symmetric Encryption (1)
-Uses the same key to encrypt and decrypt data
Hashing algorithm (4)
- Takes message or key and translates it into string of characters
- Usually shown in hex notation
- Length depends on algorithm used
- Same hashing algorithm needed to decrypt
DoS Attacks (4)
- Large number of requests sent to server at once
- Designed to flood a server with useless traffic
- Server will come to a stop trying to deal with the traffic
- Prevents users gaining access to the web server
Ethics (1)
-Set of laws that regulate computers
Misuse of ethics (5)
- Hacking/Malware
- Copyright
- Stealing personal Information
- Addiction or health issues
- E waste
Types of softaware(3)
- Free software
- Freeware
- Shareware
Free software (4)
- Can use for any legal purpose you wish
- Can study and change the source code
- Can pass on to other people
- Must not be used to infringe copyright laws by copying existing software
Freeware(2)
- Can download and use free of charge
- Cannot view or modify the source code e.g. Skype
Shareware (5)
- Can use for a trial free of charge
- Need to pay once the trial is over
- Often trial version missing key features
- Protected fully by copyright laws
- Cannot modify code or distribute the software
