examining the traffic between users comp and public network
checking data incoming or outgoing meets a set of security criteria.
if data fails to meet criteria,firewall blocks it.
logging in all interactions for later interrogation.
helps to prevent hackers and viruses entering the computer.
keeps track of undesirable IP addresses and blocks them
gives choice to user whether comp should upgrade or not.
firewall cannot prevent bypass of firewall when in use of modems.
carelessness or misconduct cannot be controlled.
users on stand alone comps can disable firewall
PROXY SERVERS
allowing the internet "traffic" to be filtered
using cache,the speed up access to information on a website.
keeps the users IP address secure.
acts as a firewall.
LOSS of DATA and DATA CORRUPTION
Accidental loss of data: >use of back-up >save data on regular basis >use of passwords to restrict access.
Hardware default: >use of back-up >use of uninterruptible power supply so that hardware doesn't malfunction when power is stopped.
Software fault: >use of back-up >save data on daily basis
Incorrect computer operation: >use of back-up >correct training so that users know how to use a computer
COOKIES Cookies are text files.They are stored on a user’s computer by a web browser(chapter), at the request of the web server(book).A cookie is limited to a small amount of data and can only be read by the website that created it. Cookies form an ANONYMOUS USER PROFILE that doesn't contain any personal information.
VIRUSES >when the program copies itself causing the computer to malfunction . EFFECTS: >can cause the computer to crash. >can delete files. >can corrupt files. REMOVAL: >install antivirus software. >refrain from usage of unknown software. >be careful when opening email/attachments from unknown sources.
PHISHING >the creator send a legitimate looking email that send the receiver to a bogus website when clicked. EFFECTS: >the creator can gain personal data.this can lead to fraud or theft. REMOVAL: >many IPS filter out phishing emails. >Receiver should be careful when opening emails.
PHARMIMG >a malicious code is installed on a web server or hard drive that redirects the user to a bogus website without their knowledge. EFFECTS: >the creator can gain personal data. >this can lead to fraud or identity theft. REMOVAL: >some anti-software can identity and remove pharming code. >the user should be alert and look out for clues of a fake website.
HACKING >the act of gaining illegal access to a computer system. EFFECTS: >leads to identity theft. >data can be changed or corrupted. REMOVAL: >firewalls >usage of strong passwords and id.
KEY-LOGGING SOFTWARE >the act of gaining information by monitoring the pattern in which the keys are pressed. EFFECTS: >gives the originator access to the data entered using a keyboard on the users computer. >the software is able to install other spyware.
WARDRIVING >using a laptop,wireless network card and antenna to pick up wireless network illegally. EFFECTS: >possible to steal a users network time. >possible to hack into network password and steal users personal details. REMOVAL: >use of wired equivalent privacy encryption. >use complex passwords when entering into wireless passwords. >use firewalls to prevent outsiders from gaining access to your network.
>can be both software or hardware. software-is between the users comp and an external network.filters information in and out of the computer. hardware-interface that is located between the computer and the internet connection.
acts as an intermediary between the user and a web server.
Secure Sockets Layer(SSL) >a protocol in which a set of rules are used for computers to communicate across a network which allows the inter-transaction of information. SSL basically encrypts data so that only the web server and users computer understand.
transaction of data: >users web browser sends a message so that it can connect with the required website which is secured by SSL. >web browser is requested to identify itself. >web server responds by sending a SSL certificate to users web browser. >if web browser can authenticate the certificate,a message indicating communication to be approved is sent. >once web server receives message,the SSL-encrypted two-way data transfer begins.
Transport Layer Security (TLS) >ensures the security an privacy of data between devices and users when communicating over the internet.Essentially designed to provide encryption,authentication and data integrity.Designed to prevent third party hacking a communication.
formed of two layers: >record protocol(normal transfer of data) >handshake protocol(a secure session between client and website is established)
Session Caching,TLS session requires a lot of computer time,session caching avoids so much comp time for connection.
>a process in which information is converted into a form which cannot be understood by unauthorized user.
Symmetric encryption: >a secret combination of characters. >unreadable unless recipients have the key >sender and receiver have to have the same KEY DISTRIBUTION PROBLEM. >An Encryption Algorithm produces a message which appears meaningless unless the same key is applied to 'unlock ' the original message.
Asymmetric encryption: > a form of encryption where a pair of keys are responsible for encrypting and encrypting data. >Asymmetric encryption uses a special pairing of keys: Public key – anyone can ask for a copy Private key – remains private on the computer, never sent. >Only public key is needed to encrypt because both keys are needed to decrypt, it doesn’t matter who sees the public key – all they can do is encrypt data with it! >Encryption keys are often generated by using a HASHING ALGORITHM.
Plain Text: >the text or normal representation of data before it goes through an encryption algorithm. Cypher Text: >the output from an encryption algorithm.
Authentication: >verification if the data came from trusted source.
Denial of Service Attacks: >a security event that occurs when an attacker prevents legitimate users from accessing specific computer systems, devices, services or other IT resources.By flooding the network with useless network so that the web server wont be able to service the users legitimate request.
>Encryption is used to protect bankers banking details.
>Encryption is used to protect bankers banking details.
some of the ways are: >each banker has their own 10-12 unique digit code. >may be asked to input 3-4 random numbers from your Pin or password. >some systems use a hand held device or a OTP. >some banking systems ask the customer to key in parts of their password using drop-down boxes. >some systems ask for personal data questions.
A set of principles set out to regulate the use of computers. The three factors are: >intellectual property rights:this avoids technical plagiarism. >privacy issues:illegal access to another persons information. >effect of computers on society.
Free software >This type of software is based on liberty and not price.
a user can do the following: >run the software for any legal purposes. >study and modify the source code to meet the user`s needs. >share the software.
Freeware >a software a user can download from the internet free of charge.User is not allowed to study or modify the source code in any way.
Shareware >software can be used for a trial period >this type pf software is fully protected by copyright laws and a user must make sure they don't the source code in any of their own software
