カテゴリー 全て - phishing - encryption - transaction

によって priyusha tollimalli 5年前.

578

SECURITY AND ETHICS

The provided text explains various key concepts related to internet security and software. It details that freeware is software available for free download but does not allow users to modify its source code.

SECURITY AND ETHICS

Shareware >software can be used for a trial period >this type pf software is fully protected by copyright laws and a user must make sure they don't the source code in any of their own software

Freeware >a software a user can download from the internet free of charge.User is not allowed to study or modify the source code in any way.

Free software >This type of software is based on liberty and not price.

a user can do the following: >run the software for any legal purposes. >study and modify the source code to meet the user`s needs. >share the software.

A set of principles set out to regulate the use of computers. The three factors are: >intellectual property rights:this avoids technical plagiarism. >privacy issues:illegal access to another persons information. >effect of computers on society.

some of the ways are: >each banker has their own 10-12 unique digit code. >may be asked to input 3-4 random numbers from your Pin or password. >some systems use a hand held device or a OTP. >some banking systems ask the customer to key in parts of their password using drop-down boxes. >some systems ask for personal data questions.

>Encryption is used to protect bankers banking details.

Denial of Service Attacks: >a security event that occurs when an attacker prevents legitimate users from accessing specific computer systems, devices, services or other IT resources.By flooding the network with useless network so that the web server wont be able to service the users legitimate request.

Authentication: >verification if the data came from trusted source.

Plain Text: >the text or normal representation of data before it goes through an encryption algorithm. Cypher Text: >the output from an encryption algorithm.

Asymmetric encryption: > a form of encryption where a pair of keys are responsible for encrypting and encrypting data. >Asymmetric encryption uses a special pairing of keys: Public key – anyone can ask for a copy Private key – remains private on the computer, never sent. >Only public key is needed to encrypt because both keys are needed to decrypt, it doesn’t matter who sees the public key – all they can do is encrypt data with it! >Encryption keys are often generated by using a HASHING ALGORITHM.

Symmetric encryption: >a secret combination of characters. >unreadable unless recipients have the key >sender and receiver have to have the same KEY DISTRIBUTION PROBLEM. >An Encryption Algorithm produces a message which appears meaningless unless the same key is applied to 'unlock ' the original message.

>a process in which information is converted into a form which cannot be understood by unauthorized user.

Session Caching,TLS session requires a lot of computer time,session caching avoids so much comp time for connection.

Transport Layer Security (TLS) >ensures the security an privacy of data between devices and users when communicating over the internet.Essentially designed to provide encryption,authentication and data integrity.Designed to prevent third party hacking a communication.

formed of two layers: >record protocol(normal transfer of data) >handshake protocol(a secure session between client and website is established)

Secure Sockets Layer(SSL) >a protocol in which a set of rules are used for computers to communicate across a network which allows the inter-transaction of information. SSL basically encrypts data so that only the web server and users computer understand.

transaction of data: >users web browser sends a message so that it can connect with the required website which is secured by SSL. >web browser is requested to identify itself. >web server responds by sending a SSL certificate to users web browser. >if web browser can authenticate the certificate,a message indicating communication to be approved is sent. >once web server receives message,the SSL-encrypted two-way data transfer begins.

acts as an intermediary between the user and a web server.

>can be both software or hardware. software-is between the users comp and an external network.filters information in and out of the computer. hardware-interface that is located between the computer and the internet connection.

WARDRIVING >using a laptop,wireless network card and antenna to pick up wireless network illegally. EFFECTS: >possible to steal a users network time. >possible to hack into network password and steal users personal details. REMOVAL: >use of wired equivalent privacy encryption. >use complex passwords when entering into wireless passwords. >use firewalls to prevent outsiders from gaining access to your network.

KEY-LOGGING SOFTWARE >the act of gaining information by monitoring the pattern in which the keys are pressed. EFFECTS: >gives the originator access to the data entered using a keyboard on the users computer. >the software is able to install other spyware.

HACKING >the act of gaining illegal access to a computer system. EFFECTS: >leads to identity theft. >data can be changed or corrupted. REMOVAL: >firewalls >usage of strong passwords and id.

PHARMIMG >a malicious code is installed on a web server or hard drive that redirects the user to a bogus website without their knowledge. EFFECTS: >the creator can gain personal data. >this can lead to fraud or identity theft. REMOVAL: >some anti-software can identity and remove pharming code. >the user should be alert and look out for clues of a fake website.

PHISHING >the creator send a legitimate looking email that send the receiver to a bogus website when clicked. EFFECTS: >the creator can gain personal data.this can lead to fraud or theft. REMOVAL: >many IPS filter out phishing emails. >Receiver should be careful when opening emails.

VIRUSES >when the program copies itself causing the computer to malfunction . EFFECTS: >can cause the computer to crash. >can delete files. >can corrupt files. REMOVAL: >install antivirus software. >refrain from usage of unknown software. >be careful when opening email/attachments from unknown sources.

SECURITY AND ETHICS

COOKIES Cookies are text files.They are stored on a user’s computer by a web browser(chapter), at the request of the web server(book).A cookie is limited to a small amount of data and can only be read by the website that created it. Cookies form an ANONYMOUS USER PROFILE that doesn't contain any personal information.

LOSS of DATA and DATA CORRUPTION

Incorrect computer operation: >use of back-up >correct training so that users know how to use a computer
Software fault: >use of back-up >save data on daily basis
Hardware default: >use of back-up >use of uninterruptible power supply so that hardware doesn't malfunction when power is stopped.
Accidental loss of data: >use of back-up >save data on regular basis >use of passwords to restrict access.

FIREWALLS and PROXY SERVERS

PROXY SERVERS
acts as a firewall.
keeps the users IP address secure.
using cache,the speed up access to information on a website.
allowing the internet "traffic" to be filtered
FIREWALL
users on stand alone comps can disable firewall
carelessness or misconduct cannot be controlled.
firewall cannot prevent bypass of firewall when in use of modems.
gives choice to user whether comp should upgrade or not.
keeps track of undesirable IP addresses and blocks them
helps to prevent hackers and viruses entering the computer.
logging in all interactions for later interrogation.
if data fails to meet criteria,firewall blocks it.
checking data incoming or outgoing meets a set of security criteria.
examining the traffic between users comp and public network

ENCRYPTION

APPLICATIONS:

SECURITY PROTOCALS

SECURITY and DATA INTEGRITY

FREE SOFTWARE,FREEWARE and SHAREWARE

COMPUTER ETHICS: