1. SECURITY AND DATA INTEGRITY
1.1. HACKING
1.1.1. Meaning: The gaining of unauthorized access to data in a system or computer.
1.1.2. Effect: Can lead to identity theft or gaining personal information. Data can be deleted, changed or corrupted.
1.1.3. Remove the risk: Firewall, use of strong passwords and user id, use of anti-hacking software.
1.2. VIRUSES
1.2.1. Meaning: A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code.
1.2.2. Effect: It can make the computer stop working or stop working properly. Can delete a file.
1.2.3. Remove the risk: Install anti-virus software. Don't use unknown software
1.3. PHISHING
1.3.1. Meaning: The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
1.3.2. Effect: The creator of the email will gain the data such as bank account detail, etc.
1.3.3. Remove the risk: They can put ISP filters. Can be cautious when opening these emails.
1.4. PHARMING
1.4.1. Meaning: The fraudulent practice of directing Internet users to a bogus website that mimics the appearance of a legitimate one, in order to obtain personal information such as passwords, account numbers, etc.
1.4.2. Effect: The creator can also gain bank account numbers from visiting their fake website.
1.4.3. Remove the risk: Anti-spyware software can remove the pharming code from the hardware.
1.5. WARDRIVING
1.5.1. Meaning: Wardriving is the act of searching for Wi-Fi wireless networks by a person usually in a moving vehicle, using a laptop or smartphone.
1.5.2. Effect: possible to steal the user's internet allocation by downloading large files. Possible to hack into wireless network and steal user's passwords or other details.
1.5.3. Remove the risk: use of wired equivalent privacy (WEP) encryption.
1.6. SPYWARE/KEY-LOGGING SOFTWARE
1.6.1. Meaning: A keylogger is a program that records the keystrokes on a computer.
1.6.2. Effect: Gives the originator access to all the data that has been typed on the keyboard by user.
1.6.3. Remove the risk: use an anti-spyware software. Use a mouse to select characters from passwords rather than typing them in using a keyboard can help reduce the risk.
2. COOKIES
2.1. MEANING: a packet of data sent by an Internet server to a browser, which is returned by the browser each time it subsequently accesses the same server, used to identify the user or track their access to the server.
3. LOSS OF DATA AND DATA CORRUPTION
3.1. Accidental loss of data (for example, the accidental deletion of a file) - Uses of the back-ups in case data is lost or corrupted through an accidental operation. Save data on regular basis. Use of passwords and user ids to restrict access to authorized user only.
3.2. Hardware fault (such as head crash on the hard drive) - Use of back-ups in case data is lost or corrupted through the hardware fault. Uses of ups (uninterruptible power supply) to prevent power loss causing hardware malfunction. Save data on a regular basis. Uses of parallel systems as back-up hardware.
3.3. Software fault (e.g. incompatible software installed on the system) – Uses of back-ups in case data is lost or corrupted through the software fault. Save data on a regular basis in case the software suddenly ‘freezes’ or ‘crashes’ whilst the user is working on it.
3.4. Incorrect computer operation (e.g. incorrect shutdown procedure or incorrect procedure for the removal of a memory stick) – Uses of back-ups in case date is lost or corrupted through wrong operation. Correct training procedures so that the users are aware of the correct operation of hardware.
4. FIREWALLS
4.1. Firewalls can block ports and programs that try to gain unauthorized access to your computer, while proxy servers basically hide your internal network from the Internet.
4.2. Tasks carried out by firewalls include: • Examine the traffic between internal network and public network. • Checking whether the data meets a set of criteria. • Warning data if a third party source is trying to access into their system. The user has an option to allow or deny.
4.3. Where firewall can’t prevent: • Can’t prevent individual using their own modems to bypass the firewall.
5. SECURITY PROTOCOLS
5.1. SSL - Secure Sockets Layers. Is a standard security technology for establishing an encrypted link between a server and a client - typically a web server (website) and a browser, or a mail server and a mail client.
5.1.1. The uses of SSL are:
5.1.2. Data integrity: Data is protected from tampering.
5.1.3. Data privacy: Data privacy is ensured through a series of protocols.
5.1.4. Client-server authentication: The SSL protocol uses standard cryptographic techniques to verify the client and server.
5.2. TLS - Transport Layer Security. Is a protocol that provides communication security between client/server applications that communicate with each other over the Internet.
5.2.1. Websites can use TLS to secure all communications between their servers and web browsers. The TLS protocol aims primarily to provide privacy between two or more communicating computers.
5.3. TLS is more secure than SSL as it has stronger message authentication and other encryption algorithms. For example, TLS supports pre-shared keys, secure remote passwords, elliptical-curve keys and Kerberos whereas SSL does not.
5.4. Session caching - Session data is stored at the user level but caching data is stored at the application level and shared by all the users.
6. ENCRYPTION
6.1. Symmetric encryption - is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information.
6.2. Asymmetric encryption - uses public and private keys to encrypt and decrypt data. The keys are simply large numbers that have been paired together but are not identical (asymmetric).
6.3. Plain text – Text that is not computationally tagged, specially formatted, or written in code. Cypher text - Is the result of encryption performed on plaintext using an algorithm.
6.4. Authentication - It is used to see if data comes from a safe and trusted website.
6.4.1. Passwords
6.4.2. Digital signatures
6.4.3. biometrics
6.5. Denial of service attacks (DoS) - Is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.
6.5.1. The attacker can prevent the user from: • Accessing their emails • Accessing online services
6.5.2. The user can guard against these websites by: • Using the latest virus checker • Use of firewall to restrict traffic to and from the user • Putting filters for these spam emails
6.5.3. Signs that user should look out for: • Slow network like when opening a website • Not be able to access some websites • A lot of spam emails to the user’s email account
7. COMPUTER ETHICS
7.1. Is a set of principles set out to regulate the use of computer. Three factors are considered.
7.1.1. INTELLECTUAL PROPERTY RIGHTS - Copying the software of someone without their permission.
7.1.2. PRIVACY ISSUES - Hacking someone's personal information.
7.1.3. EFFECT OF COMPUTERS ON SOCIETY - Such as job losses or social impacts.