Safety and Security Chapter 8 PDF
Document Details
Uploaded by Deleted User
OCR
Tags
Summary
This document discusses safety and security in computer rooms and online activities. It covers physical safety issues, data protection, e-safety, and common threats to data. The document includes important aspects of computer risk and safety, and explores various cybersecurity concepts.
Full Transcript
Chapter 8 Safety and security This computer room is full of hazards. How many can you find? 2 Objectives Know and understand physical safety issues. Know and understand data protection act. Know and understand personal an...
Chapter 8 Safety and security This computer room is full of hazards. How many can you find? 2 Objectives Know and understand physical safety issues. Know and understand data protection act. Know and understand personal and sensitive data. Know and understand e-safety when using the Internet. Know and understand threats to data. Know and understand protection of data. 3 8.1 Physical safety issues Physical safety is different to health risks (discussed in Chapter 5). Health safety is how to stop people becoming ill, or being affected by daily contact with computers, while physical safety is concerned with the dangers that could lead to serious injuries or even loss of life. The following summarises some of these physical safety risks: 4 Don't risk spilling a drink on your PC! Don't overload and know the limit! 5 Trailing cables can be tidied up to prevent them becoming a hazard 6 8.2 eSafety 8.2.1 Data Protection Most countries have a Main principles of data protection acts data protection act (DPA) 1. Data must be fairly and lawfully processed. that is designed to govern 2. Data can only be processed for the stated purpose. the collection and storage of personal data. 3. Data must be adequate, relevant and not excessive. 4. Data must be accurate. While these acts are different in each country, 5. Data must not be kept longer than necessary they all have the same 6. Data must be processed in accordance with the data subject's rights. common principles: 7. Data must be kept secure. 8. Data must not be transferred to another country unless they also have adequate protection. 7 There are also guidelines to stop data bring obtained unlawfully: o Do not leave printed data lying around on a desk o Always lock filing cabinets o Log off from a computer when it is not attended o Always use passwords and user IDs that are difficult to crack and change them regularly 8 8.2.2 Personal data Personal data refers to data that can be used to identify a person directly from the data itself or in conjunction with other data. The following diagram lists data items regarded as being personal: 9 Some personal data is extremely sensitive and disclosure could lead to personal harm (e.g. blackmail or refusal to give somebody a job). Extra care needs to be taken of sensitive personal data. The following diagram lists data items regarded as being sensitive data: 10 8.2.3 eSafety e-Safety refers to benefits, risks and responsibilities when using ICT, for example when using the Internet, sending and receiving emails and messages, using social media or being involved in online gaming. e-Safety is intended to prevent online threats which include: bullying/cyberbullying, inappropriate behaviour or content, emotional abuse and data theft. e-Safety when using the Internet: 11 e-Safety when using email: It is important to have an awareness of the risks when opening emails and how to deal with emails from unknown sources. 12 e-Safety using social media: There are many different social networking sites where you can share information with others and make comments, including sites specially for sharing photographs. Problems that may arise include: o Cyberbullying o Catfishing is a kind of online deception where a person creates a fake persona on social networks called a 'sock puppet' for the purpose of luring someone into a relationship in order to get money, gifts or attention. o Make a false/abusive statement/comment about other people that could damage their reputation. o If personal profile can be accessed by public, personal details could be stolen. o People using social networks may not be aware that the sites can be searched. The data trail you leave is called your digital footprint and is a public record of: what you said, what was said about you, where you are or have been, what you liked, retweeted or shared. 13 Before disclosing your personal data (such as name, address, the name of your school or an image of yourself in school uniform), ask yourself these questions: o Who is collecting this information? o Why is it necessary? o What will be done with it? o What will the outcome be for me? 14 Playing games on the internet: Current technology and high-speed internet connections have made it possible for online gaming to become very popular. 15 8.3 Security of data 8.3.1 Data threats Security of data is about keeping data safe and unchanged by restricting access to it. Security of data also concerned with the recovery of data if it has been damaged. There are a number of security risks to data held on a computer (or other devices with an internet connection) or to data being transferred around a network: o Hacking o Phishing o Pharming o Vishing and smishing o Computer viruses and malware o Card fraud Always keep your personal data safe from threats 16 Hacking Hacking is malicious (intending to do harm) damage caused by people who get unauthorised access to computer systems. People who do this are called hackers. Identity theft is a type of fraud where personal information is stolen and used to impersonate that person. 17 Phishing, smishing, vishing Phishing is when fraudsters send out legitimate-looking emails claiming to be from a bank or society e-commerce site in order to find out your personal and financial details. How to recognise phishing emails? o Urgency: they want you to respond quickly, without thinking o Careless use of language: they sometimes contain spelling errors o Impersonal: you may not be addressed personally but only as 'Dear customer' o False links: you are asked to click on a link that leads to fake website. o Attachments: sometimes you are asked to open programs or documents sent with the email; these attachment may contain spyware. Does the email ask you for personal information? If it does, do not reply. Smishing uses SMS system of mobile phones to send out fake text messages to hoax victims. The text message will probably have a URL or a telephone number. Vishing is a combination of 'voice' and 'phishing'. It uses voicemail messages to trick users to obtain their personal details. 18 Smishing uses mobile phone text messages to lure people into returning their call or to click on a link in the text message. Vishing is a combination of 'voice' and phishing, it is when fraudsters obtain personal details of a victim through their landline telephone. 19 20 21 Pharming In a Pharming attack, a hacker can install some malicious code on a computer or server that will redirect you to a different, fake site, where you may be tricked into providing personal information such as a bank account number or password. The user should always look out for clues that they are being connected to a secure website; they should look out for https:// in the URL or use of the padlock symbol 🔒 22 Viruses and malware Malware are software designed to gain unauthorised access to a computer system in order to disrupt its functioning or collect information without the user's knowledge. 23 The most common examples of malware are shown in the table below: Backing up files won't guard against the effect of viruses; the virus may have already attached itself to the files that are being copied to the backup system; when the files are then copied back to the computer, the virus is simply reinstalled. 24 25 Types of malware. Click to watch. 26 Card Fraud Card Fraud is the illegal use of credit/debit cards. It can be initiated by shoulder surfing, card cloning or keylogging software: 27 8.3.2 Protection of data Authentication is used to verify that data comes from a secure and trusted source. Together with encryption, this makes data very secure when transferred across the internet. The most common ways to protect data and to provide secure access to areas include: o biometrics o digital certificates o Secure Sockets Layer o encryption o firewalls o two-factor authentication o user ID and password 28 Biometrics Biometrics uses technologies that analyse unique personal characteristics as a form of identification. Examples include: fingerprint scans, signature recognition, retina scans, iris recognition, face recognition and voice recognition. 29 30 Fingerprint pattern Face recognition 31 Digital certificates A digital certificate is a digital form of identification, like a passport, used to guarantee that a website is genuine and that communication between the client computer and the server is secure. A website with a digital certificate has a small padlock icon you see in the bottom right of your web browser. Digital certificates are issued by certificate authorities (or CAs). There are about 50 Cas around the world, including Verisign, Comodo and Symantec. What makes up a digital certificate? o The sender's email address o The name of the digital certificate owner o A serial number o An expiry date o A public key o A digital signature of CA 32 Secure Sockets Layer (SSL) The Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TSL), are protocols that allow data to be sent and received securely over the Internet. SSL uses encrypted links to provide a secure channel for communication between the two devices when they are using the HTTPS. Using https: SSL is used in the following areas: o Online banking o Online shopping/commerce o Sending and receiving emails o Using cloud storage facilities o Intranets and extranets o Instant messaging o VoIP when carrying out video chatting o Use of a social networking site 33 Encryption Encryption is used to protect data from being read if intercepted by a third party or hacked. It uses a secret key to scramble the data, making it unreadable without this secret key to decrypt it again. The secret key is called an encryption key; to decrypt message a decryption key is used. When a message undergoes encryption, it is known as ciphertext and the original message is known as the plaintext. Click to watch a video about encryption. 34 Firewalls A firewall sits between the user's computer and the internet/external connection. A firewall can be a software program or a hardware device. Firewalls carry out the following tasks: o examine the traffic between the user's computer and a public network (the Internet) o check whether incoming or outgoing data meets a given set of criteria o block the traffic and give the user a warning that there may be a security issue if the data fails the criteria o prevent access to certain undesirable sites using set criteria; the firewall keeps a list of all undesirable IP addresses o help to prevent viruses or hackers entering the user's computer (or internal network) 35 Two-factor authentication Two-factor authentication makes use of physical and electronic tokens. It is a type of authentication for logging onto a secure website. Users are only allowed access after successfully presenting at least two pieces of evidence to prove who they are: usually a password and user ID at stage 1 of the log on and then an additional eight-digit one-time password (OTP) or PIN is sent to a mobile phone linked to the user. The authentication factors are: o Knowledge factors: consisting of information that the user possesses, such as personal identification number (PIN), a user name or a password o Possession factors: items that the user has with them, typically a hardware device such as security token or a mobile phone. o Inheritance factors: such as fingerprints or iris (biometric authentication). 36 User IDs and passwords Passwords are used to restrict access to data or systems. They should be hard to break and changed frequently. Passwords can also take the form of biometrics. Passwords are frequently used when accessing the internet, for example: o when accessing email accounts o when carrying out online banking or shopping o when accessing social networking sites It is important that passwords are protected. Some ways of doing this are: o regularly changing passwords o running anti-spyware software to make sure that passwords are safe o not using your favourite colour, name of a pet or favourite rock group o making a password strong but also easy to remember (strong passwords should contain at least one numerical value, a capital letter and one other keyboard character, such as @,*,& etc.) 37 You should know … How to describe common physical safety issues. How to describe the principles of a typical data protection act. How to explain what is meant by personal data, why it should be kept confidential and protected. How to explain e-Safety strategies to minimise danger when using the internet, sending emails, using social media and playing online games. How to discuss the threats to data and understand what measures should be taken to protect your data. 38 THE END 39