Malware
Malware is a computer program that damages or disrupts a computer system and the files that are stored on it.
Some types of malware are:
Virus
A computer program that can copy (replicate) itself with the intention of deleting or corrupting files, or cause the computer to malfunction.
Spyware
Ransomware
Cyberattacks
Denial of service attacks
Phishing
Pharming
Hacking
Cracking
Loss of data and data corruption
Accidental loss of data
Because accidental loss of data might happen, it is important:
the use of backups
to save data on a regular basis
use of passwords and user ids to restrict access to authorised users only
Hardware fault
What precautions should you take:
use of backups in case data is lost or corrupted through the hardware fault
use of UPS (uninterruptable power supply) to prevent power loss causing hardware malfunction
save data on a regular basis
use of parallel systems as backup hardware
Software fault
Precautions:
use of backups in case data is lost or corrupted through the software fault
Save data on a regular basis in case the software suddenly freezes or crashes whilst the user is working on it
Incorrect computer operation
use of backups in case data is lost or corrupted through wrong operation
correct training procedures so that users are aware of the correct operation of hardware
Encryption
Encryption is used to protect the confidentiality of data in case it has been hacked.
Encryption does NOT prevent hacking, it makes the data meaningless unless the recipient has the key to decrypt the message.
Keywords:
plaintext
cypertext
encryption
decryption
key
Symmetric encryption
It uses the same key to encrypt and decrypt a message.
The problem with symmetric encryption is how to send the key to the receiver and at the same time avoid it from being intercepted.
Firewalls
A firewall can be either software or hardware.
The firewall hardware is located between the computer and the internet connection. It is often referred as a Gateway.
The firewall software is installed on a computer; in some cases this is part of the operating system.
A firewall filters information in and out of the computer.
Tasks carried out by a firewall include:
examining the traffic between the user’s computer (or internal network) and a public network.
checking whether incoming or outgoing data meets a given set of criteria.
if the data fails the criteria, the firewall will block the traffic and give the user a warning that there may be a security issue.
logging all incoming and outgoing traffic to allow later interrogation by the user (or network manager)
criteria can be set to prevent access to certain undesirable sites; the firewall can keep a list of all undesirable IP addresses.
helping to prevent viruses or hackers entering the user’s computer (or internal network).
warning the user if some software on their system is trying to access an external data source (e.g. automatic software upgrade); the user is given the option of allowing it to go ahead or requesting that such access is denied.
There are certain circumstances where the firewall can’t prevent potential harmful traffic.
it cannot prevent individuals, on internal networks, using their own modems to bypass the firewall.
employee misconduct or carelessness cannot be controlled by firewalls (e.g. control of passwords or use of accounts)
users on stand-alone computers can choose to disable the firewall, leaving their computer open to harmful traffic from the internet.
Proxy servers
Act as an intermediary between the user and a web server.
Functions of proxy servers include:
allowing the internet traffic to be filtered; they can block access to a website if necessary (similar type or reaction as a firewall)
by using the feature known as a cache, they can speed up access to information from a website; when the website is first visited, the home page is stored on the proxy server; when the user next visits the website, it now goes through the proxy server cache instead, giving much faster access.
keeping the user’s IP address secret (this clearly improves security).
Security protocols
Secure Sockets Layer (SSL)
It is a type of protocol (a set of rules used by computers to communicate with each other across a network). This allows data to be sent and received securely over the internet.
When a user logs onto a website, SSL encrypts the data - only the user’s computer and the web server are able to make sense of what is being transmitted. A user will know if SSL is being applied when they see https or the small padlock in the status bar at the top of the screen.
What happens when a user wants to access a secure website and receive and send data to it?
The user’s web browser sends a message so that it can connect with the required website which is secured by SSL.
The web browser then requests that the web server identifies itself.
The web server responds by sending a copy of its SSL certificate to the user’s web browser.
If the web browser can authenticate this certificate, it sends a message back to the web server to allow communication to begin.
Once this message is received, the web server acknowledges the web browser, and the SSL-encrypted two-way data transfer begins.
Transport Layer Security (TLS)
It is similar to SSL but is a more recent security system. TLS is a form of protocol that ensures the security and privacy of data between devices and users when communicating over the internet. It is essentially designed to provide encryption, authentication and data integrity in a more effective way than its predecessor SSL.
Only the most recent web browsers support both SSL and TLS which is why the older SSL is still used in many cases.
Difference between both protocols:
It is possible to extend TLS by adding new authentication methods.
TLS can make use of session caching which improves the overall performance compared to SSL
TLS separates the handshaking process from the record protocol which holds all the data.
Ethics
COMPUTER ETHICS is a set of principles set out to regulate the use of computers.
Three factors are considered:
• INTELLECTUAL PROPERTY RIGHTS – this covers, for example, copying of software without the permission of the owner
• PRIVACY ISSUES – this covers, for example, hacking or any illegal access to another person’s personal data
• Effect of computers on society – this covers factors such as job losses, social impacts and so on.
Use of the internet has led to an increase in plagiarism – this is when a person takes another person’s idea/work and claims it as their own. Whilst it is perfectly fine to quote another person’s idea, it is essential that some acknowledgement is made so that the originator of the idea is known to others. This can be done by a series of references at the end of a document or footnotes on each page where a reference needs to be made. Software exists that can scan text and then look for examples of plagiarism by searching web pages on the internet.
The ACM (Association for Computer Machinery) and IEEE (Institute of Electrical and Electronics Engineers) have published the following code of ethics:
to accept responsibility in making decisions consistent with the safety, health and welfare of the public, and to disclose promptly the factors that might endanger the public or the environment;
to avoid real or perceived conflicts of interest whenever possible, and to disclose them to affected parties when they do exist;
to be honest and realistic in stating claims or estimates based on available data;
to reject bribery in all its forms;
to improve the understanding of technology; its appropriate application, and potential consequences;
to maintain and improve our technical competence and to undertake technological tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations;
to seek, accept, and offer honest criticism of technical work, to acknowledge and correct errors, and to credit properly the contributions of others;
to treat fairly all persons and to not engage in acts of discrimination based on race, religion, gender, disability, age, national origin, sexual orientation, gender identity, or gender expression;
to avoid injuring others, their property, reputation, or employment by false or malicious action;
to assist colleagues and co-workers in their professional development and to support them in following this code of ethics.
Free software, freeware and shareware
Apart from the usual commercial software (such as spreadsheets and word processors) which are all sold in shops for a profit, there is a group of software which causes much confusion among many users. This group consists of:
• free software
• freeware
• shareware.
Free software
Users have the freedom to run, copy, change or adapt free software. Examples include: Gimp (image editing software), Scribus (DTP) and Abiword (word processor).
The originators of this type of software stress this is based on liberty and not price. This means that a user is guaranteed the freedom to study and modify the software source code in any way to suit their requirements.
Essentially a user is allowed to do the following:
run the software for any legal purpose they wish
study the source code and modify it as necessary to meet their needs
pass the software (in either original or modified form) on to friends, family or colleagues.
A user of the software doesn’t need to seek permission to do any of the above actions since it isn’t protected by any copyright restrictions. However, it is important to realise that there are certain rules that need to be obeyed. The user cannot add source code from another piece of software unless this is also described as free software
cannot produce software which copies existing software subject to copyright laws
cannot adapt the software in such a way that it infringes copyright laws protecting other software
may not use the source code to produce software which is deemed offensive by third parties.
Freeware
Freeware is software a user can download from the internet free of charge. Once it has been downloaded, there are no fees associated with using the software.
Unlike free software, freeware is subject to copyright laws and users are often requested to tick a box to say they understand and agree to the terms and conditions governing the software. This basically means that a user is not allowed to study or modify the source code in any way.
Shareware
In this case, users are allowed to try out some software free of charge for a trial period. At the end of the trial period, the author of the software will request that you pay a fee if you like it. Once the fee is paid, a user is registered with the originator of the software and free updates and help are then provided. Very often, the trial version of the software is missing some of the features found in the full version, and these don’t become available until the fee is paid.
Obviously, this type of software is fully protected by copyright laws and a user must make sure they don’t use the source code in any of their own software.
Permission needs to be obtained before this software is copied and given to friends, family or colleagues.