IGCSE ICT

8. SAFETY AND
SECURITY BOOKLET

Name:

Class:
Specification

8. Safety
and Security

Physical Security of
E-Safety
Security Data

Hacking
 Hacking is malicious damage caused by people who get
into computer systems.

Phishing
 • A good example of a phishing attack is when a user is sent an email saying they have ordered an item
from an online store.
• They will be asked to click on a link to see the order details.
• The link takes the user to a page that shows a product code from a well-known company.
• A message such as: ‘if this order wasn’t made by you, please fill out the following form to cancel your
order in the next 24 hours’ is given.
• The form will ask for details such as credit card number, address and so on

Smishing (SMS Phishing)

• This uses the SMS system of mobile phones to send out fake text messages. It is very similar to
phishing.

Vishing (Voice mail Phishing)

• This is another variation of phishing. This uses a voice mail message to trick the user into calling the
telephone number contained in the message.

Pharming
Spyware/Key-Logging Software

Viruses
Spam
• Spam, often referred to as junk email, is usually sent out to a recipient who is on a mailing list or
mailing group.
• Spammers obtain these email addresses from chat rooms, websites, newsgroups, and even certain
viruses that have been set up to harvest a user’s contacts list
• While spam is rarely a security risk, it can lead to denial of services, for example, by ‘clogging up’ the
bandwidth on the internet.
• Many ISPs filter out spam or junk mail. However, some of the more overactive ISPs can filter out
‘wanted’ emails that come from new sources.

Spam Prevention Techniques

• When using the ‘junk email filter’ set the protection level to high or to safe lists only. Make sure the
junk mail filter is kept up to date.
• Look out for check boxes that are already selected when items are bought online; companies
sometimes add a check box (which is already selected) to indicate that you have agreed to sell or give
your email address to third party users; make sure that this box is ‘unticked’ so that your email address
can’t be shared
• Do not sign up to commercial mailing lists
• Do not reply to an email or unsubscribe from a mailing list that you did not explicitly sign up to in the
first place

Moderated and Unmoderated Forums

• A moderated forum refers to an online discussion forum in which all the posts are checked by an
administrator before they are allowed to be posted.
• Many users prefer this type of forum, compared to an unmoderated one, as the moderator can not
only prevent spam, but can also filter out any posts that are inappropriate, rude or offensive, or even
those that wander off the main topic.
• The internet is essentially an unmoderated forum. No one ‘owns’ the internet and it essentially not
policed.
• The only real safeguards are a voluntary cooperation between the users and the network operators.
• However, most social forums or networking groups on the internet have a set of rules or protocols that
members are requested to follow or they will be deleted.
Cookies
• Cookies are small files or code that are stored on a user’s computer. They are sent by a web server to a
user’s computer.
• Each cookie is effectively a small look up table containing your data.
• These are often referred to as user preferences. For example, when a user buys a Man United top
online, the cookies remember the type of football team the use chose and the web page will then
show a message such as ‘Customers who bought the Man United home kit also bought the Man United
away kit’.

Firewalls
• A firewall can be either software of hardware. It sits between the user’s computer and an external
network and filters information coming in and out of the user’s computer.

• firewall performs a number of tasks:

• Examines the traffic between a user’s computer (internal network) and a public network
(internet)
• Checks whether incoming or outgoing data meets a given set of criteria
• Sends warnings to IT manager when data is rejected/blocked
• Can block inappropriate/unwanted websites and keeps a list of these websites
• Prevents hackers accessing a user’s computer
• The firewall can be a hardware interface that is located somewhere between the computer and the
internet connection, in which case it is often referred to as a gateway.
• Alternatively, the firewall can be software installed on a computer; in some cases this is part of the
operating system.
• However, there are certain circumstances where the firewall can’t prevent potential harmful traffic:
• Cannot prevent users using their own modem to bypass the firewall
• Users misconduct or carelessness (e.g. control of passwords)
• Users can disable firewall which leaves the device vulnerable

Secure Sockets Layer (SSL)

• SSL is a type of protocol that allows data to be sent and received securely over the internet.
 • When a user logs on to a website, SSL encrypts the data – only the user’s computer and the web server
are able to make sense of what is being transmitted.
• A user will know if SSL is being applied when they see https or the small padlock in the status bar at the
top of the screen.

• Communicating across a network using SSL

Transport Layer Security (TLS)

• TLS is similar to SSL but is a more recent security system.
• TLS is a form of protocol that ensures the security and privacy of data between devices and users when
communicating over the internet.
• It is essentially designed to provide encryption, authentication and data integrity is a more effective
way than its predecessor.
• When a website and a user communicate over the internet, TLS is designed to prevent a third party
hacking into this communication and causing problems with data security.
• TLS is formed of two layers:
• Record Protocol: this part of the communication can be used with or without encryption
• Handshake Protocol: this permits the website and the user to authenticate each other and to
make use of encryption algorithms.
• Only the most recent web browsers support both SSL and TLS, which is why the older SSL is still used in
many cases.
• But what are the main differences between SSL and TLS, since they both effectively do the same thing?
• It is possible to extend TLS by adding new authentication methods
• TLS can make use of session catching, which improves the overall performance compared to SSL
 • TLS separates the handshaking process from the record protocol which holds all the data

Encryption
• Encryption is used primarily to protect data in case it has been hacked or accessed illegally.
• While encryption won’t prevent hacking, it makes the data meaningless unless the recipient has the
necessary decryption tools.
• Encryption uses a secret key that has the capability of altering the characters in a message.
• If this key is applied to a message, its content is changed, which then makes it unreadable unless the
recipient also has the same secret key.
• When this secret key is applied to the encrypted message, it can be read.
• The key used to encrypt (or encode) the message is known as the encryption key; the key used to
decrypt (or decipher) the message is known as the decryption key.
• When a message undergoes encryption it become cypher script; the original message is known as plain
text.

Authentication
• Authentication is used to verify that data comes from a secure and trusted source.
• It works with encryption to strengthen internet security
Digital Certificates
• A digital certificate is a pair of files stored on a user’s computer – these are used in the security of data
sent over the internet. Each pair of files is divided into:
• A public key (which is known by anyone)
• A private key (known to the computer user only)
• For example, when sending an email, the message is made more secure by attaching a digital
certificate.
• When the message is received, the recipient can verify that it comes from a known or trusted source
by viewing the public key information.
• This is an added level of security to protect the recipient from harmful emails.
• The digital certificate is made up of six parts: sender’s email address, name of certificate owner, serial
number, expiry date, public key and digital signature of certificate authority

Passwords
• When logging onto a system, a user will be asked to type in their password – this should be a
combination of letters and numbers that would be difficult for somebody else to guess.
• Strong passwords should contain upper case and lower case characters, as well as numbers and other
keyboard symbols e.g. RnHiuytL86??O
• Passwords should be changed on a regular basis in case they become known to hackers
• A user ID gives an additional security level since the user ID and password match up to allow a user to
gain access to an account.

Biometrics
• Biometrics relies on certain unique characteristics of human beings:
• Fingerprint scans
• Signature recognition
• Retina scans
• Iris recognition
• Face recognition
• Voice recognition
• Biometrics is used in a number of applications as a security device. For example, smartphones using
Face ID or fingerprint scans.
Online Credit Fraud
• Despite all of the security systems covered this topic, online credit card fraud is still too common. It
happens because:
• Hackers gaining access to a user’s computer through the use of spyware, phishing or pharming.
The user can be tricked into giving personal and financial details that enable the hacker to gain
access to a user’s account.
• Breaking of passwords and no encryption
• Copy and pasting a URL/clicking on links which are not verified
• Joining unsecure networks – not password protected
• There are a number of simple precautions users can take:
• Use strong passwords and change them regularly
• Check the accuracy of bank accounts and challenge discrepancies immediately
• Only enter your personal data to website which have ‘htttps’ or the padlock in the web address
• Don’t open emails/click on links or download attachments from unknown sources
• Report spam emails and suspicious messages
• Use anti-virus software to scan downloads
Cloud Security
• Users can purchase cloud storage and access their files/data from any device anywhere in the world
with an internet connection. The benefits are:
• Don’t need to carry secondary storage devices (e.g. USB pen)
• Don’t need to buy devices with large storage capacities
• Cloud storage companies will backup your files automatically
• You can sync files/accounts to ensure all documents/files are the same updated document/file
• Ideal for collaboration purposes
• However, there are some worries about cloud services which include data security and data loss

Data Security
• Companies that transfer vast amounts of confidential data from their own systems to a cloud service
provider are effectively relinquishing control of their own data security. This raises a number of
questions:
• What physical security exists regarding the building where the data is being stored?
• How good is the cloud service provider’s resistance to natural disasters or power cuts?
• What safeguards exist regarding personnel who work for the cloud service company? Can they
use their authorisation code to access confidential data for monetary purposes

Data Loss
• There is a risk that important and irreplaceable data could be lost from cloud storage facilities.
• Actions from hackers could lead to loss or corruption of data
• Users need to be certain sufficient safeguards exist to overcome these potentially very harmful risks
Past Paper Questions