Security & Ethics {{ currentPage ? currentPage.title : "" }}

Malware

Malware is a computer program that damages or disrupts a computer system and the files that are stored on it.

Some types of malware are:

Virus

A computer program that can copy (replicate) itself with the intention of deleting or corrupting files, or cause the computer to malfunction.

Spyware

What is it?

What are the latest spywares?

Find a real scenario where a spyware has made some damage.

How this (these) company (ies) were hit by a spyware and how did they recover from the damage?

Ransomware

What is it?

What are the latest ransomware?

What companies were hit badly by a ransomware lately?

How this (these) company (ies) were hit by a ransomware and how did they recover from the damage?

Cyberattacks

Denial of service attacks

What is it?

What are the latest viruses?

What companies were hit badly by a virus lately?

How this (these) company (ies) were hit by a virus and how did they recover from the damage?

Phishing

What is it?

What companies were hit badly by phishing?

How this (these) company (ies) were hit by phishing and how did they recover from the damage?

Pharming

What is it?

What companies were hit badly by phishing?

How this (these) company (ies) were hit by phishing and how did they recover from the damage?

What are the latest pharming news?

Hacking

Cracking

In this lesson you will research about the concepts listed above:

Year 11B - Investigation

Students:

Gracie - Virus

Yeray - Hacking

Tatum - Spyware

Frank - Ransomware

Jorge - DoS

Tony - Phishing

Julietta - Pharming

Israel - Phishing

Jeremy - Ransomware

Year 11 A

Virus - Geena, Tegan

Hacking, Carlos, Mika

Spyware - Douglas

Ransomware - Lucas & Andra

Denial of Service attack - Anna

Phishing - Hugo, Harry

Pharming - Kim, Yaiza

Loss of data and data corruption

Accidental loss of data

Because accidental loss of data might happen, it is important:

  • the use of backups

  • to save data on a regular basis

  • use of passwords and user ids to restrict access to authorised users only

Hardware fault

What precautions should you take:

  • use of backups in case data is lost or corrupted through the hardware fault

  • use of UPS (uninterruptable power supply) to prevent power loss causing hardware malfunction

  • save data on a regular basis

  • use of parallel systems as backup hardware

Software fault

Precautions:

  • use of backups in case data is lost or corrupted through the software fault

  • Save data on a regular basis in case the software suddenly freezes or crashes whilst the user is working on it

Incorrect computer operation

  • use of backups in case data is lost or corrupted through wrong operation

  • correct training procedures so that users are aware of the correct operation of hardware

Encryption

Encryption is used to protect the confidentiality of data in case it has been hacked.

Encryption does NOT prevent hacking, it makes the data meaningless unless the recipient has the key to decrypt the message.

Keywords:

  • plaintext

  • cypertext

  • encryption

  • decryption

  • key

Caesar cipher

How to crack it:

- Brute force.

- Frequency analysis.

Symmetric encryption

It uses the same key to encrypt and decrypt a message.

The problem with symmetric encryption is how to send the key to the receiver and at the same time avoid it from being intercepted.

Firewalls

A firewall can be either software or hardware.

The firewall hardware is located between the computer and the internet connection. It is often referred as a Gateway.

The firewall software is installed on a computer; in some cases this is part of the operating system.

A firewall filters information in and out of the computer.

Tasks carried out by a firewall include:

  • examining the traffic between the user’s computer (or internal network) and a public network.

  • checking whether incoming or outgoing data meets a given set of criteria.

  • if the data fails the criteria, the firewall will block the traffic and give the user a warning that there may be a security issue.

  • logging all incoming and outgoing traffic to allow later interrogation by the user (or network manager)

  • criteria can be set to prevent access to certain undesirable sites; the firewall can keep a list of all undesirable IP addresses.

  • helping to prevent viruses or hackers entering the user’s computer (or internal network).

  • warning the user if some software on their system is trying to access an external data source (e.g. automatic software upgrade); the user is given the option of allowing it to go ahead or requesting that such access is denied.

There are certain circumstances where the firewall can’t prevent potential harmful traffic.

  • it cannot prevent individuals, on internal networks, using their own modems to bypass the firewall.

  • employee misconduct or carelessness cannot be controlled by firewalls (e.g. control of passwords or use of accounts)

  • users on stand-alone computers can choose to disable the firewall, leaving their computer open to harmful traffic from the internet.

Proxy servers

Act as an intermediary between the user and a web server.

Functions of proxy servers include:

  • allowing the internet traffic to be filtered; they can block access to a website if necessary (similar type or reaction as a firewall)

  • by using the feature known as a cache, they can speed up access to information from a website; when the website is first visited, the home page is stored on the proxy server; when the user next visits the website, it now goes through the proxy server cache instead, giving much faster access.

  • keeping the user’s IP address secret (this clearly improves security).

Security protocols

Secure Sockets Layer (SSL)

It is a type of protocol (a set of rules used by computers to communicate with each other across a network). This allows data to be sent and received securely over the internet.

When a user logs onto a website, SSL encrypts the data - only the user’s computer and the web server are able to make sense of what is being transmitted. A user will know if SSL is being applied when they see https or the small padlock in the status bar at the top of the screen.

What happens when a user wants to access a secure website and receive and send data to it?

  1. The user’s web browser sends a message so that it can connect with the required website which is secured by SSL.

  2. The web browser then requests that the web server identifies itself.

  3. The web server responds by sending a copy of its SSL certificate to the user’s web browser.

  4. If the web browser can authenticate this certificate, it sends a message back to the web server to allow communication to begin.

  5. Once this message is received, the web server acknowledges the web browser, and the SSL-encrypted two-way data transfer begins.

Transport Layer Security (TLS)

It is similar to SSL but is a more recent security system. TLS is a form of protocol that ensures the security and privacy of data between devices and users when communicating over the internet. It is essentially designed to provide encryption, authentication and data integrity in a more effective way than its predecessor SSL.

Only the most recent web browsers support both SSL and TLS which is why the older SSL is still used in many cases.

Difference between both protocols:

  • It is possible to extend TLS by adding new authentication methods.

  • TLS can make use of session caching which improves the overall performance compared to SSL

  • TLS separates the handshaking process from the record protocol which holds all the data.

Ethics

COMPUTER ETHICS is a set of principles set out to regulate the use of computers.

Three factors are considered:

• INTELLECTUAL PROPERTY RIGHTS – this covers, for example, copying of software without the permission of the owner

• PRIVACY ISSUES – this covers, for example, hacking or any illegal access to another person’s personal data

• Effect of computers on society – this covers factors such as job losses, social impacts and so on.

Use of the internet has led to an increase in plagiarism – this is when a person takes another person’s idea/work and claims it as their own. Whilst it is perfectly fine to quote another person’s idea, it is essential that some acknowledgement is made so that the originator of the idea is known to others. This can be done by a series of references at the end of a document or footnotes on each page where a reference needs to be made. Software exists that can scan text and then look for examples of plagiarism by searching web pages on the internet.

The ACM (Association for Computer Machinery) and IEEE (Institute of Electrical and Electronics Engineers) have published the following code of ethics:

  1. to accept responsibility in making decisions consistent with the safety, health and welfare of the public, and to disclose promptly the factors that might endanger the public or the environment;

  2. to avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist;

  3. to be honest and realistic in stating claims or estimates based on available data;

  4. to reject bribery in all its forms;

  5. to improve the understanding of technology; its appropriate application, and potential consequences;

  6. to maintain and improve our technical competence and to undertake technological tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations;

  7. to seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others;

  8. to treat fairly all persons and to not engage in acts of discrimination based on race, religion, gender, disability, age, national origin, sexual orientation, gender identity, or gender expression;

  9. to avoid injuring others, their property, reputation, or employment by false or malicious action;

  10. to assist colleagues and co-workers in their professional development and to support them in following this code of ethics.

Free software, freeware and shareware

Apart from the usual commercial software (such as spreadsheets and word processors) which are all sold in shops for a profit, there is a group of software which causes much confusion among many users. This group consists of:

free software

freeware

shareware.

 

  • Free software

Users have the freedom to run, copy, change or adapt free software. Examples include: Gimp (image editing software), Scribus (DTP) and Abiword (word processor).

The originators of this type of software stress this is based on liberty and not price. This means that a user is guaranteed the freedom to study and modify the software source code in any way to suit their requirements.

Essentially a user is allowed to do the following:

  • run the software for any legal purpose they wish

  • study the source code and modify it as necessary to meet their needs

  • pass the software (in either original or modified form) on to friends, family or colleagues.

    A user of the software doesn’t need to seek permission to do any of the above actions since it isn’t protected by any copyright restrictions. However, it is important to realise that there are certain rules that need to be obeyed. The user cannot add source code from another piece of software unless this is also described as free software

    • cannot produce software which copies existing software subject to copyright laws

    • cannot adapt the software in such a way that it infringes copyright laws protecting other software

    • may not use the source code to produce software which is deemed offensive by third parties.

  • Freeware

Freeware is software a user can download from the internet free of charge. Once it has been downloaded, there are no fees associated with using the software.

Unlike free software, freeware is subject to copyright laws and users are often requested to tick a box to say they understand and agree to the terms and conditions governing the software. This basically means that a user is not allowed to study or modify the source code in any way.

  • Shareware

In this case, users are allowed to try out some software free of charge for a trial period. At the end of the trial period, the author of the software will request that you pay a fee if you like it. Once the fee is paid, a user is registered with the originator of the software and free updates and help are then provided. Very often, the trial version of the software is missing some of the features found in the full version, and these don’t become available until the fee is paid.

Obviously, this type of software is fully protected by copyright laws and a user must make sure they don’t use the source code in any of their own software.

Permission needs to be obtained before this software is copied and given to friends, family or colleagues.

 

{{{ content }}}