Unlock the full potential of your projects.
Exibir mapa completo
Copiar e editar mapa Copiar

SECURITY AND DATA ETHICS

Educação
uhmmm it'sleilarrr

Computer Science: Security and Ethics

Começar. É Gratuito
ou inscrever-se com seu endereço de e-mail
Mapas mentais semelhantes Esboço do mapa mental
SECURITY AND DATA ETHICS por Mind Map: SECURITY AND DATA ETHICS

1. Security and data integrity

1.1. Data is threatened by malicious software, keeping it safe is very important

1.2. Hacking

1.2.1. The act of gaining illegal access to a computer system

1.2.2. This can lead to identity theft or gaining personal information, data can be deleted or changed

1.2.2.1. Use of stop passwords, firewalls and anti hacking software can protect data

1.3. Viruses

1.3.1. program(code) that can replicate/copy itself with the intention of deleting or corrupting files, or cause the computer to malfunction

1.3.2. Can cause the computer to crash, become unresponsive, stop functioning normally. Can delete files/data and corrupt files/data.

1.3.2.1. Anti-virus software. not using software from unknown sources and being careful when opening emails and attachments from unknown senders can protect data.

1.4. Phishing

1.4.1. The creator sends out a legitimate- looking email that when clicked on sends the user to a bogus/fake website.

1.4.2. Creator can gain personal data and this can lead to fraud or identity theft

1.4.2.1. Many ISPs filter out phishing emails and being cautious when opening emails or attachments can protect data.

1.5. Pharming

1.5.1. Malicious code installed on user's hard drive or on the web server; the code redirects user to a fake/bogus website without their knowledge,

1.5.2. Creator can gain personal data and this can lead to fraud or identity theft

1.5.2.1. Some anti-spyware can identify and remove the pharming and being alert and looking out for clues that you are being redirected can protect data

1.6. Wardriving

1.6.1. The act of locating and using connections illegally; it only requires a laptop(or other potable device), a wireless network card and an antenna to pick up wireless signals.

1.6.2. Internet time and allocation can be stolen by downloading large files and wireless networks can be hacked into and the user's details can be stolen.

1.6.2.1. Use of wired WEP encryption and having complex passwords as well as using a firewall prevent an outside user from gaining access.

1.7. Spyware/key-logging software

1.7.1. Software that gathers information by monitoring key presses on the user's keyboard; the information is then sent back to the creator.

1.7.2. creator has all data entered using the keyboard and software is able to install other software, read cookie data and change the user's default web browser.

1.7.2.1. anti-spyware, being alert and looking out for clues and using a mouse to select characters from passwords can help reduce risk.

2. Cookies

2.1. They can carry out user tracking and maintain user preferences e.g on music sites. Information gathered by cookies on forms an anonymous user profile but does not contain personal data.

2.1.1. A packet of information sent by a web server to a web browser, generated each time the user visits this website(not programs, are pieces of data). Users are often alerted that a site users cookies. Cookies will have collected some key information about the user.

3. Security Protocols

3.1. SSL: Secure Sockets Layer

3.1.1. A type of protocol that allows data to be sent and received securely over the internet. SSL encrypts data when a user logs into a website. SSL makes a padlock or 'https' appear in the status bar.

3.1.2. Process: User's web browser sends a message so that it can connect with the required website which is secured by SSL.

3.1.3. Web browser then requests that the web server identifies itself.

3.1.4. Web server responds by sending a copy of its SSL certificate to the user's web browser.

3.1.5. If the web browser can authenticate the certificate, a message is sent back to the web server, allowing communication to begin.

3.1.6. Once the message is received, the web server acknowledges the web browser and the SSL encrypted communication begins.

3.2. TLS: Transport Layer Security

3.2.1. TSL is similar to SSL but is a more recent security system.

3.2.2. TLS is formed by of two layers:

3.2.2.1. Record protocol; part of the communication that can be used with or without encryption.

3.2.2.2. Handshake protocol: permits the website and the client to authenticate each other and make us of encryption algorithms.

3.3. Differences between TLS and SSL

3.3.1. TLS can be extended by adding new authentication methods.

3.3.2. TLS can make use of session caching which improves the overall performance.

3.3.3. TLS separates the handshaking process from the record protocol.

3.4. Session caching

3.4.1. the use of session caching can avoid the need to utilize so much computer time for 3each connection, TSL can either establish a new session or attempt to resume an existing session: the best option with can boost performance.

4. Encryption

4.1. Encryption is used to primarily protect data in case it has been hacked

4.2. EXAMPLES OF ENCRYPTION

4.2.1. Symmetric encryption

4.2.2. asymmetric or public key encryption

4.3. Authentication is used to verify that data comes from a trusted source.

4.4. Denial of service attack(DoS) is an attempt to prevent users from accessing part of a network by sending thousands of requests to a sever. Attacker may be able to prevent to access emails, websites and online services.

4.5. Plain text is normal representation of data before it goes through the encryption algorithm, Cypher text is the output.

5. Loss of data and data coruption

5.1. Accidental mal-operation

5.1.1. e,g accidental deletion of a file. Use of back ups in case data is lost of corrupter accidentally, saving data regularly and use of passwords and user ID's to restrict access to authorised users only can prevent this.

5.2. Hardware malfunction

5.2.1. e.g head crash on the hard disk drive. Use of backs up, UPS (uninterrupted power supply), saving data on a regular basis and use of parallel systems for backup can prevent loss of data.

5.3. Software malfunction

5.3.1. e.g incompatible software installed on the system. Use of back ups and regularly saving data in case of freezes or crashes can prevent the loss of data

5.4. Incorrect computer operation

5.4.1. e.g incorrect shutdown procedure or removal of memory stick. Use of back ups and correct training procedures can prevent loss of data caused ny incorrect operation

6. Firewall and proxy servers

6.1. A firewall can either be software or hardware. It sits between the user's computer and an external network and filters information in and out of the computer.

6.1.1. takes carried out by a firewall include: examining the traffic.

6.1.2. checking whether incoming or outgoing data meets a given set of criteria.

6.1.3. If the data fails the criteria, the firewall will block the "traffic" and give a warning of a security issue.

6.1.4. logging all incoming and outgoing "traffic" to allow later interrogation by the user.

6.1.5. criteria can be set to prevent access to certain undesirable sites(can keep a list of all undesirable sites)

6.1.6. Helping to prevent viruses of hackers entering the user's computer.

6.1.7. warning the user's if some software on their software on their system is trying to access an external data source

6.1.8. but Firwalls cannot prevent individuals, using their own modems to bypass the firewall

6.1.9. employee misconduct or carelessness cannot be controlled by afirewalls.

6.1.10. usars on stand-alone computers can chose to disable the firewall.

7. Application

7.1. Online banking and shopping are at risk from many security issues mentioned. We will consider how the bank protects its customers from online fraud in addition to SSL, virus scanners and many other ways.

7.2. Many banks use a 10-12 digit code unique to the customer.

7.3. You maybe be asked to enter three random numbers from a four digit pin (varies from bank to bank)

7.4. Some system use a hand held device that generates an eight digit pin from the physical card. is it the internal clock and the pin. The sever also stores the pin. It is only valid for a few minutes.

7.5. Some systems ask the customer to key in parts of their passwords using drop-down boxes, an attempt to defeat spyware.

7.6. Some systems also ask for personal data e.g "You last logged into the system on 15th September. Is that correct?"

7.7. If the customer successfully passes all these stages they will be sent to the home page. Using the navigation tools at top at the screen will log the user out.

8. Computer ethics

8.1. A set of principles set our to regulate the use of computers, three factors considered:

8.1.1. Intellectual property rights; e.g copying software without the permission of the owner.

8.1.2. Privacy issues: e.g hacking or any illegal access to another person's personal data.

8.1.3. Effect of computers on society: e.g job losses, social impact etc.

8.2. Use of internet has led to increase in plagiarism, references are a way to give credit to the originator. Software exists that can scan text and then look for examples of plagiarism on the internet.

8.2.1. ACM and IEEE have published the following code of ethics:

8.2.1.1. to accept responsibility in making decisions consistent with the safety, health and welfare of the public.

8.2.1.2. to avoid real or perceived conflicts of interest whenever possible.

8.2.1.3. to be honest and realistic in stating claims or estimates based on available data.

8.2.1.4. to reject bribery in all forms.

8.2.1.5. to improve the understanding of technology, its appropriate application and potential consequences.

8.2.1.6. to maintain and improve our technical competence and undertake technological tasks only if qualified by training or experience.

8.2.1.7. to seek, accept and offer honest criticism of technical work.

8.2.1.8. to treat everyone fairly.

8.2.1.9. to avoid injuring others, their property, reputation or employment by malicious action.

8.2.1.10. to assist colleagues and co-workers and to support them.

9. Free software, freeware and shareware

9.1. Free ware;

9.1.1. run software for any legal purpose

9.1.2. study and modify the source code.

9.1.3. pass modified or original code to other people.

9.1.4. user cannot add source code from other software.

9.1.5. can not produce software which copies existing software due to copyright laws.

9.1.6. may not produce source code deemed offensive by third parties.

9.2. Freeware:

9.2.1. Software a user can download off the internet free of charge e.g Adobe and Skype.

9.2.2. user is not allowed to study or modify the source code in any way.

9.3. shareware:

9.3.1. users are allowed to try out the software, free for a trail period. Once paid a user is registered with the originator of the software and free updates and help.

9.3.2. fully protected by copyright laws and source code cannot be used in user's own software.

9.3.3. permission needs to be obtained before this software is copied and shared.