8.1 Security
Contents of this topic:
* Maintain privacy and integrity of data
* Safety risks and how to remove them
Privacy and integrity of data
- Privacy of data: Should only be vied or accessed by authorized users;
To maintain the privacy of data:- Firewalls
Placed between the computer and the internet, to filter information passing through.- Functions:
- Check whether the information fills criteria (protects malware)
- Logs information in and out
- Functions:
- Access levels / Authorization
Ensures that the user has a correct permission to use the system.For example, in the SCIE school network, you could only your information (Grades, course timetable, etc), but teachers could view everyone’s information.
Therefore, the teachers have a higher access level than you, since They could gain access to more information.The authorization could be checked by:- Digital signatures
- Biometrics
- Password / Smart card readers, etc.
- Firewalls
- Encryption of data
- Symmetric encryption:
- Use same algorithm for encryption and decryption
- Less secure but faster
- Asymmetric encryption
- Consists of Private key and Public key
- More secure
- Symmetric encryption:
- Security protocols
- Secure Socket Layer (SSL)
Requires the server to identify itself, by sending an SSL certificate to the user.
A connection will not be established unless the certificate has been verified by the user’s browser. - Transport Layer Security (TLS): The upgraded version of SSL. It has two layers: Handshake Layer and Record Layer.
- Secure Socket Layer (SSL)
- Integrity of data: The Correctness of data
To prevent data corruption, we can do all sorts of fancy stuff, like
Transmission level:- Data AuthenticationTo make sure that it is from a trusted source
- Parity check
- Echo check
You should have learned those in your G1 lessons. See the data transmission topic for more.Unless your teacher is Jeff Stroud lol
- Back-up regularly
- Use strong passwords to prevent hackers from gaining access easily
Ban the command ofsudo rm -rf\\*
Security risks
- DENIAL OF SERVICE ATTACK (DOS)Yes, this is the attack our server had suffered in December 2018.
To learn more about this attack, visit our Post-attack report - WARDRIVINGUsing others internet without permission (i.e. 蹭网)
- HACKINGThe process of gaining Unauthorized access to computers systems and tampers hardware/software.Effect:
- Gets your (sensitive) data.
- Fraud your friends for money
- Provide information for spamming
- Use strong passwords, and never tell them to others
- Encrypt sensitive information
- Use firewalls
- MALWARE
- VirusA malware that does self-replication, inserting copies of itself into programs.
Spyware, Adware and Rootkits have the same effect - WormA malware that does self-replication, embedding into memory.
- Trojan HorseA malware that looks ligament, but actually does harm to the computer.
Unlike a virus, it does not reproduce itself, but hackers could take control of the computer.
- System failure
- Data leaked to hackers / Corruption
- Computer slows down
- Install anti-virus software
(Don’t install 360 though) - Download only reliable softwares (Support Steam games or wait to be hacked!!!)
Use Apple Macs
- VirusA malware that does self-replication, inserting copies of itself into programs.
Phishing and Pharming
Phishing | Pharming | Spam | |
---|---|---|---|
Vectors | E-mails | Maleware | E-mails |
Principle | Ask user to click onto a link, which directs to a fake website | Redirect user access to a fake website | Send user unsolicited e-mails |
Phishing and Pharming both have the same objective: Ask user to enter sensitive information. (It’s like stealing it)
Precautions include:
- Set up firewalls
- Do not click / respond to unknown e-mails
- Contact the company via other vectors (e.g. phone) if required