Contents of this topic:

* Maintain privacy and integrity of data

* Safety risks and how to remove them

---

Privacy and integrity of data

• Privacy of data: Should only be vied or accessed by authorized users;
  To maintain the privacy of data:
  • Firewalls
    Placed between the computer and the internet, to filter information passing through.
    • Functions:
      • Check whether the information fills criteria (protects malware)
      • Logs information in and out
  • Access levels / Authorization
    Ensures that the user has a correct permission to use the system.For example, in the SCIE school network, you could only your information (Grades, course timetable, etc), but teachers could view everyone’s information.
    Therefore, the teachers have a higher access level than you, since They could gain access to more information.The authorization could be checked by:
    • Digital signatures
    • Biometrics
    • Password / Smart card readers, etc.

• Encryption of data
  • Symmetric encryption:
    • Use same algorithm for encryption and decryption
    • Less secure but faster
  • Asymmetric encryption
    • Consists of Private key and Public key
    • More secure
• Security protocols
  • Secure Socket Layer (SSL)
    Requires the server to identify itself, by sending an SSL certificate to the user.
    A connection will not be established unless the certificate has been verified by the user’s browser.
  • Transport Layer Security (TLS): The upgraded version of SSL. It has two layers: Handshake Layer and Record Layer.
• Integrity of data: The Correctness of data
  To prevent data corruption, we can do all sorts of fancy stuff, like
  Transmission level:
  • Data AuthenticationTo make sure that it is from a trusted source
  • Parity check
  • Echo check
    You should have learned those in your G1 lessons. See the data transmission topic for more. Unless your teacher is Jeff Stroud lol
  Server level:
  • Back-up regularly
  • Use strong passwords to prevent hackers from gaining access easily
  • Ban the command of sudo rm -rf\\*

Security risks

• DENIAL OF SERVICE ATTACK (DOS)Yes, this is the attack our server had suffered in December 2018.
  To learn more about this attack, visit our Post-attack report
• WARDRIVINGUsing others internet without permission （i.e. 蹭网）
• HACKINGThe process of gaining Unauthorized access to computers systems and tampers hardware/software.Effect:
  1. Gets your (sensitive) data.
  2. Fraud your friends for money
  3. Provide information for spamming
  Prevention:
  1. Use strong passwords, and never tell them to others
  2. Encrypt sensitive information
  3. Use firewalls
• MALWARE
  • VirusA malware that does self-replication, inserting copies of itself into programs.
    Spyware, Adware and Rootkits have the same effect
  • WormA malware that does self-replication, embedding into memory.
  • Trojan HorseA malware that looks ligament, but actually does harm to the computer.
    Unlike a virus, it does not reproduce itself, but hackers could take control of the computer.
  GENERAL EFFECTS OF MALWARE:
  • System failure
  • Data leaked to hackers / Corruption
  • Computer slows down
  GENERAL PREVENTION:
  • Install anti-virus software (Don’t install 360 though)
  • Download only reliable softwares (Support Steam games or wait to be hacked!!!)
  • Use Apple Macs

---

Phishing and Pharming

	Phishing	Pharming	Spam
Vectors	E-mails	Maleware	E-mails
Principle	Ask user to click onto a link, which directs to a fake website	Redirect user access to a fake website	Send user unsolicited e-mails

Phishing and Pharming both have the same objective: Ask user to enter sensitive information. (It’s like stealing it)

Precautions include:

• Set up firewalls
• Do not click / respond to unknown e-mails
• Contact the company via other vectors (e.g. phone) if required