Unit 4 Security And Ethics Flashcards
Describe how the SSL works
− Browser / client sends request to webserver for identification
− Web server sends its digital / security certificate
− Browser authenticates certificate
− If authentic connection, is established any data sent is encrypted
− Using public and private key to do this
Describe how the TSL works
− Handshake and record protocols
− Client/Browser requests secure connection to web server
− Browser requests server to identify itself
− Web server then provides digital certificate after identification
− Browser validates certificate
− Browser sends signal to web server to begin transmission
− Session key generated
− Encryption method is agreed on
The handshake protocol is used to exchange all the information needed by both computers in order to establish a secure SSL/TLS connection
The record protocol handles the actual data and it’s encryption
Describe how a browser accesses a web page
- Browser sends URL to DNS using HTTP
- DNS find matching IP address for URL and sends it to the browser
- Browser requests web server for web pages
- Web pages are then sent from web server to the web
browser - Browser then renders the HTML to display web pages
- Security certificates authenticated, SSL and TSL used to
encrypt data sent to and fro
Describe how a proxy server works
− Acts as mediator between the user’s computer and web server
− Allows internet traffic to be filtered
− Speed access to information on website using cache
Describe encryption
− Encryption key used − Key uses algorithm to scramble data − Data before encryption is plain text − After encryption it is known as cypher text − Same key used to decrypt data
Describe symmetric encryption
− Key is kept secret, only sender and receiver know
− Sender uses same key to encrypt and decrypt
− Key has to be sent over internet, can be intercepted
− Less safe but fast
Describe asymmetric encryption
− Public and private key mathematically linked
− Public key used to encrypt, anyone can see
− Private key not transmitted, used to decrypt
− Safer process but slower
Describe a Denial of Service attack
− Webserver is sent multiple requests, requests flood the webserver at the same time
− Webserver crashes / runs slow
− Designed to prevent access to e.g. a website // Stops legitimate requests being processed/serviced
Describe copyright, plagiarism
Copyright
− law/legislation that requires permission to use intellectual property / other people’s work
Plagiarism
− To claim other’s work as your own
− To use other people’s work without consent / acknowledgement
− Theft of intellectual property
Accidental loss of data and prevention
Lost from
- Human error, accidentally deleting file
- Hardware failure
- Power failure or surge
- Physical damage, fire or flood
- Misplacing storage device
Prevention
- Back up data regularly
- Use surge protection and UPS
- Keep data in protective case
- Use verification method for deleting file
- Follow and educate on correct procedure of ejecting files, saving, etc.
Internet risks
- Phishing
- Pharming
- Spyware
- Dos
- Malware
- Viruses
- Worm
- Rootkit
- Backdoor
How to minimise risk of spyware
Anti-spyware
- Scans computer for spyware
- Removes/quarantines any spyware found
- Prevent spyware from being installed
Onscreen keyboard
- Key-logger can’t collect data of key press
- Can’t relay useful info to 3rd party
2 Factor Authentication
- Extra data sent to device
- Harder for hacker to obtain data
- Data has to be entered into same system if entered from remote location not accepted
Firewall
- Can be software or hardware based
- Monitors incoming and outgoing traffic
- Allows criteria to be set
- Blocks access to signal that do not meet criteria
- Restricts access to specific applications
How to minimise risk of virus
Anti-virus
- Scans computer for viruses daily
- Has a record of known viruses
- Removes/Quarantines any virus found
- Warns user of virus
- Checks data before downloaded
- Prevents download of virus found
Firewall/Proxy server
- Monitors incoming and outgoing traffic
- Allows setting of criteria
- Checks if traffic meets criteria
- Blocks traffic that does not meet criteria
How to minimise risk of hacking
Firewall/Proxy server
- Monitors incoming and outgoing traffic
- Allows setting of criteria
- Checks if traffic meets criteria
- Blocks traffic that does not meet criteria
Passwords
- Use long and more random passwords
- Change it regularly
- Lock after a set attempts
Biometrics
- Data needed to enter is unique to individual
- Hard to replicate
- Lock after set attempts
2 Factor Authentication
- Extra data sent to device
- Hard for hacker to obtain
- Data entered needs to be in the same system, if attempted from remote location it’s not accepted
Describe Phishing and Pharming
Phishing
− Legitimate looking email sent to user
− encourages user to click a link that directs user to a fake website
− User encouraged to enter personal details into a fake website // designed
to obtain personal details from a user
Pharming
− Malicious code/malware is downloaded without users’ knowledge
− That re-directs user to fake website (when legitimate URL entered)
− User encouraged to enter personal details into a fake website
− Designed to obtain personal and sensitive details from a user
