Chapter 8 Safety & Security

Safety & Security

Physical Safety  Identity theft
 Bank fraud
 Damages to personal property
Safety Hazard Ways Of Eliminating Or Minimizing Hazard  Kidnapping (if kidnappers get access to the victim’s address. Etc.
ELECTROCUTION FROM  Use a residual circuit breaker (RCB)  To prevent the above, it is essential that personal data is protected.
SPILLING DRINKS  Check insulation on wires regularly  Personal data can be leaked intentionally and unintentionally. Electronic data is at
 Do not allow drinks near computers risk due to: hacking, viruses, spyware, phishing, pharming, Smishing, vishing,
 Check equipment regularly ransom ware (A malicious program that encrypts data on a computer system and
demands for a ransom to provide and decrypt the data ), spam, moderated and un-
TRIPPING OVER TRAILING  Cable ducts make wires safe
moderated forums, cookies, etc.
WIRES  Cover wires/tuck them away
 If a student shares a photograph of themselves in their school uniform on social
 Use wireless connection
media, then pedophiles, child predators, kidnappers, etc. can physically reach the
HEAVY EQUIPMENT FALLING  Strong desk/tables to support heavy hardware student. This should not be done
 Use large desks and tables so that hardware
doesn’t fall off edge Internet Safety
FIRE RISK FROM  Have a CO2 fire extinguisher nearby To keep personal data safe, one must:
OVERLOADING SOCKETS OR  Don’t cover equipment’s vents, can cause  Not give unknown people (on the internet) personal information or send pictures
EQUIPMENT OVER HEATING equipment to overheat of oneself to them.
 Make sure hardware is fully maintained  Maintain privacy settings to control which cookies are on their computer.
 Don’t over load sockets with too many items.  Use learner friendly search engines and websites recommended by your
educational institution, e.g. WWW.PEES.EDU.KW
E-Safety
 The website being accessed is from a trusted source, or has a padlock symbol/https
 E-safety refers to the safety of data and personal information while using the protocol (s for secure):
internet.
 E-safety is required to make sure a user’s personal information is not made Email Safety
vulnerable and even leaked to hacker’s for e.g., which can lead to identity fraud,  Open emails from known sources, and do not click on an emails wit hyperlinks
bank A/C issues, etc. without confirming with the sender of the email. Think before opening an email
from an unknown person, never send any other sensitive information (picture in
Personal Data
school uniform, credit card PIN, etc.)
Any data regarding a living person who can be identified against the data or the data  Ask their ISP to enable email filtering to classify spam mails as spam.
along with any other information.
Examples of personal data: Social Media Safety
 Full Name  Block and report users who seem suspicious or use inappropriate language
 Home Address  Never use you real name, only use a nickname
 Banking details (A/C no, pin, etc.)  Use appropriate language
 Medical history (suffered from depression, etc.)  Do not enter private chat rooms, as users can lure you into giving personal
 Personal data like ethnic origin, political views, criminal activity, mental health information by seeming too nice.
history,  Do not meet anyone off the internet for the first time on your own, or at least
If personal data is leaked (data breach), the following can occur: speak to a trusted adult first.
 Chapter 8 Safety & Security
 Do not misuse images (of someone to blackmail them, for e.g.)  If password is forgotten, administrator must reset it
 Respect the confidentiality of other users Biometric Data
Online Games  Uses features of the human body unique to every individual, such as fingerprints,
Similar measures apply to that taken when using social media. retina, iris, face and voice recognitions. It is used in authentication techniques as it
 Additionally, players should be careful about: is very difficult / impossible to replicate.
 In-game violence ADVANTAGES DISADVANTAGES
 Cyber bullying  Usernames and passwords don’t  The readers are expensive
 Keeping their webcams off (other potentially have to be remembered  Damages in fingerprints can deny access
 dangerous players have direct access to your image)  Almost impossible to replicate body  Some people worry about their personal
 Predators may use voice masking technology to lure a user to reveal their age, parts. information being stored
sex etc.  Somebody else can’t gain access, like
 Cyber-attacks involving viruses, ransomware, etc. with a stolen card
Security of Data  They can’t be forgotten, like a card

Hacking
Digital Certificate
Hackers are people who get into your computer system without having the rights. It
can lead to corruption or loss of data or a data breach  A digital certificate is an electronic passport used in the security of data sent over
 Some prove that a system is vulnerable – maybe employed to test (ethical hacking) the internet.
 Some want to steal data
 They can be attached with mails so that the receiver can know that the mail is sent
 Alter or destroy data
from a trusted source.
 For fun or a challenge
Prevention:  Type of protocol that allows data to be sent and received securely over the
 Protect with authentication techniques (user ID and password, etc.)
internet
 Have a backup of data in case of damage
 When a user logs onto a website, SSL encrypts the data
 Firewalls  https or padlock in the status bar
When user wants to access a secure website:
User IDs
 User’s web browser sends a message, so it can connect with required
 To log on to a network, a user must type in a user ID
website which is secured by SSL
 User ID assigns user privilege once user logs in
 Web browser requests that the web server identifies itself
 The top-level privilege for a network is an administrator:
 Web server responds by sending a copy of its SSL certificate
 Able to set passwords and delete files from server etc.
 Web browser checks if certificate is authentic
 User privilege may only allow access their own work area.
 Sends signal back to web browser
Passwords  Starts to transmit data once connection is established
 After typing in user ID, the user will be requested to type in their password  If not secure, browser will display an open padlock
 Generally, it is a combination of letters and numbers
 Passwords are shown as stars (***) so nobody overlooking can see it
 Many systems ask for password to be typed in twice as a verification check, in case Features of a Secure Web Page
of input errors
 To help protect the system, user has a finite number of attempts Webpage URL: If the webpage is secure, it will start with ‘https’ instead of ‘http’.
 Chapter 8 Safety & Security
Padlock sign  Enabling protocols such as SPF and DKIM
 Do not download random .exe (executable file formats), .php, .bat, .com etc.
Phishing  Users should when being redirected to other websites.
 Phishing is a fraudulent operation involving the use of emails  Therefore, technology enables unauthorized users to gain access to otherwise
 The creator sends out a legitimate looking email hoping to gather personal and inaccessible information.
financial information from the recipient of the email  If a person on the internet is asking for personal information, or to meet in real life
 The message appears to be from a legitimate source (e.g. a famous bank) or acting suspicious, they should be reported to cyber security agencies, or one’s
 When the user clicks on the link they are sent to a spoof website parents/guardians.
 They will be asked for personal info e.g. credit card details, PINs  Websites/pop-ups can be made to mimic legitimate ones, or seem too good to be
 This could lead to identity theft true, for e.g.lotrei.net instead of lottery.com
 ISPs attempt to filter out phishing emails  Banks and organizations will never ask for a PIN to be entered on website like this.
Pharming Effects of phishing, pharming and Smishing on a user:
 Pharming is a scam in which malicious code is installed on a computer hard disk or Personal and sensitive information is lost, which can be used for previously stated
a server purposes.
 This code can misdirect users to fraudulent websites without their knowledge
 Phishing requires an email to be sent to every person who has been targeted, while Moderated & Unmoderated Forums
pharming does not require emails to be sent out to anyone
 Pharming can target a larger group of people more easily Online forums are places on the internet where people can join discussions on almost
any topic and also add their views.
How pharming works:
• There are two types of forums:
 A hacker will infect the computer with a virus, either by sending an email or
installing software on their computer when they first visit their website MODERATED FORUMS UNMODERATED FORUMS
 Once infected, the virus sends user to a fake website that looks identical to the one Has a moderator who checks comments No moderate who checks the comments
they wanted to visit before they are posted
 Personal info. from the user’s computer can be picked up by the pharmer/hacker There will be no spams or rude and Spams, rude and offensive comments
 Anti-spyware, anti-virus software or anti-pharming software can be used to identify offensive comments present
this code and correct the corruption No diversions from the topic Diversions from topic are possible
Smishing Highly secure due to moderation Personal information can be obtained
from you
An attempt to extract a user’s confidential information via SMS (short message
Not secure due to lack of moderation
service) by tricking the user into downloading a Trojan horse (a virus that masks
itself).
 It is phishing via SMS.

Audience appreciation
Preventing Phishing, Pharming & Smishing
When planning and creating ICT solutions, it is important to consider the audience
 User education who will either use or take part in solution. The following list shows number of
 Set up anti-malware and anti-spyware software factors that should be considered.
 Chapter 8 Safety & Security
 The age of the targeted audience (children or adults)  Do not use illegal software
 The experience of the audience  Only download from reputable sites
 The expectation of the audience (older audience or group of students) The threats of using credit cards online and prevention:
 Knowledge of the audience.
After the audience is identified some research need to be done following methods are
Key logging/spywares: records the keys pressed on a keyboard.
used to find out about the target audience and their background and interests
 Can be used to obtain credit card details, passwords and personal information.
 Interviewing the target group
 Use virtual keyboards to type in password.
 Giving out questionnaires
 Install anti-spyware software.
 Carrying out market research
Bogus sites: sites that look exactly like the original sites, but aren’t.
Spam
 They can steal your card details and personal information when you make
Spam is electronic junk mail and is a type of advertising from a company sent out to a purchases.
target mailing list  Always type in URLs, sometimes links in the mails can be of bogus sites.
Harmless but can clog up networks and slow them down Phishing, pharming and Smishing:
It is more of a nuisance than a security risk  They trick you to reveal card and personal details as responses to messages or
Many ISPs are good at filtering out spam, and prevent the user from getting these mails.
spam emails.  Open attachments only from trusted sources.
It is often necessary to put a legitimate email address into a contact list to ensure  Install anti-spyware software.
wanted emails are not filtered out by mistake Hacking into secure sites to obtain the details:
 Encrypting the details will make it of no use to the hacker.
Encryption  Use strong passwords.
 The conversion of data to code by encoding it  Use firewalls.
 Done by using encryption software Tapping into wireless networks:
 Since data is encoded, it appears meaningless to a hacker  Always use a password controlled Wi-Fi since it is relatively hard to tap into a
 This technique prevents illegal access secured Wi-Fi.
 Necessary to use decryption software to decode the data *ALL PREVENTION TECHNIQUES WRITTEN HERE ALSO APPLY FOR THE THREATS IN
 Used to protect sensitive data e.g. banking details GENERAL (NOT SPECIFIC TO CREDIT CARDS) *
 Encryption keys are complex algorithms which makes codes almost unbreakable
Cloud Storage
Computer Viruses
Your data is stored remotely and not on your computer, so you don’t have control
It is a malicious program that replicates itself and is designed to cause harm to a over the physical security of your data.
computer system. They spread through downloadable files, external store media Some of the data stored may be personal data which are open to hackers, and have to
(e.g. pen drives, etc.) be encrypted in order to prevent hackers from obtaining them.
 May cause the computer to crash The company providing the storage may go out of business. In this case what has to be
 Loss of files, corruption of the data done to the data will have to be considered.
The company providing the storage will have to put in all its efforts and safety
 Viruses infect computers through email attachments, illegal software or
measures in order to keep your data safe.
downloaded files If the company providing the storage doesn’t backup your data, you may lose it in case of
 Prevention of Viruses power cuts or fires, etc.
 Anti-virus software - Detects and then removes or isolates and use firewalls Types of Cloud storage:
 Chapter 8 Safety & Security
Public cloud: PASSWORDS  Inexpensive, as nothing  Can be easily hacked
Here the client and cloud storage provider are different companies.  other than a computer is  Can be forgotten
 required
Private cloud: FINGERPRINT  Highly recognized  Intrusive (causing disruption)
Here the client and cloud storage provider operate as a single entity. (behind SCAN everywhere  Damages will prevent
company’s firewall)  Very high accuracy access
Hybrid cloud:  Easy to use
 Relatively low storage
It is the combination of the previous environments. Here some data resides on private
requirement
cloud and less sensitive data can be accessed from public cloud.
SIGNATURE  Non-intrusive  Problem occur if sign is not
Advantages: RECOGNITION  Very little time to identify consistent
 Customer can access at any time, from any device, anywhere in the world  Relatively low expensive  High error rate (one in 50)
 No need for external storage
 Provides remote backup of data obvious recovery
 Cloud system offers almost unlimited storage capacity
Disadvantages:
RETINA SCANS  Very high accuracy  Very intrusive
 Cost can be high if large storage capacity is required  No known way to replicate  Relatively slow to verify
 Slow and unstable internet connections may cause problem in downloading data person’s retina retina scans
 Failure of the cloud storage company poses risk of losing all backup data  Very expensive to install
Firewalls and setup
A firewall sits between the user’s computer and an external network (internet) and
filter information in and out of the computer IRIS  Very high accuracy  Very intrusive
Tasks carried out by firewall: RECOGNITION  Verification time is usually  Lot of memory needed for
less than 5 seconds storage
 Examining ‘traffic’
 Very expensive to install
 Checking weather incoming or outgoing data meets criteria
and setup
 If data fails the criteria, the firewall blocks ‘traffic’
 Firewall can keep a list of all undesirable IP addresses
 Helping to prevent viruses or hackers entering the user’s computer FACE  Non-intrusive  Affected by changes in
RECOGNITION  Relatively inexpensive lighting, person’s hairstyle,
age and spectacles

Methods of Internet Security

AUTHENTICATION ADVANTAGES DISADVANTAGES

Method Advantage Disadvantage