8.1 Security

Nov 10, 2019

Contents of this topic:

* Maintain privacy and integrity of data

* Safety risks and how to remove them


Privacy and integrity of data

  • Privacy of data: Should only be vied or accessed by authorized users;
    To maintain the privacy of data:
    • Firewalls
      Placed between the computer and the internet, to filter information passing through.
      • Functions:
        • Check whether the information fills criteria (protects malware)
        • Logs information in and out
    • Access levels / Authorization
      Ensures that the user has a correct permission to use the system.For example, in the SCIE school network, you could only your information (Grades, course timetable, etc), but teachers could view everyone’s information.
      Therefore, the teachers have a higher access level than you, since They could gain access to more information.The authorization could be checked by:
      • Digital signatures
      • Biometrics
      • Password / Smart card readers, etc.
  • Encryption of data
    • Symmetric encryption:
      • Use same algorithm for encryption and decryption
      • Less secure but faster
    • Asymmetric encryption
      • Consists of Private key and Public key
      • More secure
  • Security protocols
    • Secure Socket Layer (SSL)
      Requires the server to identify itself, by sending an SSL certificate to the user.
      A connection will not be established unless the certificate has been verified by the user’s browser.
    • Transport Layer Security (TLS): The upgraded version of SSL. It has two layers: Handshake Layer and Record Layer.
  • Integrity of data: The Correctness of data
    To prevent data corruption, we can do all sorts of fancy stuff, like
    Transmission level:
    • Data AuthenticationTo make sure that it is from a trusted source
    • Parity check
    • Echo check
      You should have learned those in your G1 lessons. See the data transmission topic for more. Unless your teacher is Jeff Stroud lol
    Server level:
    • Back-up regularly
    • Use strong passwords to prevent hackers from gaining access easily
    • Ban the command of sudo rm -rf\\*

Security risks

  • DENIAL OF SERVICE ATTACK (DOS)Yes, this is the attack our server had suffered in December 2018.
    To learn more about this attack, visit our Post-attack report
  • WARDRIVINGUsing others internet without permission (i.e. 蹭网)
  • HACKINGThe process of gaining Unauthorized access to computers systems and tampers hardware/software.Effect:
    1. Gets your (sensitive) data.
    2. Fraud your friends for money
    3. Provide information for spamming
    Prevention:
    1. Use strong passwords, and never tell them to others
    2. Encrypt sensitive information
    3. Use firewalls
  • MALWARE
    • VirusA malware that does self-replication, inserting copies of itself into programs.
      SpywareAdware and Rootkits have the same effect
    • WormA malware that does self-replication, embedding into memory.
    • Trojan HorseA malware that looks ligament, but actually does harm to the computer.
      Unlike a virus, it does not reproduce itself, but hackers could take control of the computer.
    GENERAL EFFECTS OF MALWARE:
    • System failure
    • Data leaked to hackers / Corruption
    • Computer slows down
    GENERAL PREVENTION:
    • Install anti-virus software (Don’t install 360 though)
    • Download only reliable softwares (Support Steam games or wait to be hacked!!!)
    • Use Apple Macs

Phishing and Pharming

PhishingPharmingSpam
VectorsE-mailsMalewareE-mails
PrincipleAsk user to click onto a link, which directs to a fake websiteRedirect user access to a fake websiteSend user unsolicited e-mails

Phishing and Pharming both have the same objective: Ask user to enter sensitive information. (It’s like stealing it)

Precautions include:

  • Set up firewalls
  • Do not click / respond to unknown e-mails
  • Contact the company via other vectors (e.g. phone) if required
Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.