Scribd
Upload
269 views

GCSE CS (2210) / IGCSE CS (0478) P1 NOTES: by Awab Aqib

This document discusses security when using computers and the internet. It describes common security threats like denial of service attacks, viruses, hacking, phishing, and spyware. It then discusses various methods to protect data, including encryption, firewalls, passwords, anti-virus software, and physical security measures. Encryption converts data into an unreadable format except for authorized users. Firewalls monitor network traffic according to set rules. Biometric passwords based on fingerprints are harder to hack than standard text passwords.

Uploaded by

collen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
269 views

GCSE CS (2210) / IGCSE CS (0478) P1 NOTES: by Awab Aqib

This document discusses security when using computers and the internet. It describes common security threats like denial of service attacks, viruses, hacking, phishing, and spyware. It then discusses various methods to protect data, including encryption, firewalls, passwords, anti-virus software, and physical security measures. Encryption converts data into an unreadable format except for authorized users. Firewalls monitor network traffic according to set rules. Biometric passwords based on fingerprints are harder to hack than standard text passwords.

Uploaded by

collen
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

GCSE CS (2210) / IGCSE CS (0478) P1 NOTES BY AWAB AQIB

CHAPTER 1.4: SECURITY

MEANS OF DATA DAMAGE

-Human error (e.g. deleting/overwriting data)


-Physical damage
-Power failure/surge
-Hardware failure
-Software crashing

POTENTIAL SECURITY THREATS WHILE USING THE INTERNET

1. Denial Of Service Attack (DoS)


-a large number of requests are sent to the network/server all at once
-designed to flood a network/server with useless traffic/requests
-the network/server will come to a halt/stop trying to deal with all the traffic/requests
-prevents users from gaining access to a website/server
2. Viruses
-software that replicates
-causes loss/corruption of data computer may “crash”/run slow
-designed to amend/delete/copy data and files on a user’s computer without their consent
-protection by use of /run anti-virus (software)
-do not download software or data from unknown sources
3. Hacking/Cracking
-illegal/unauthorized access to a system/data and changing it e.g. source code of an app
-protection by use of passwords/user ids. use of firewalls, encryption

4. Phishing

-creator of code sends out a legitimate-looking email


-in the hope of gathering personal and financial data from the recipient
-it requires the email or attachment to be opened first
-protection by do not opening emails/attachments from unknown sources
-some firewalls can detect fake/bogus websites

5. Pharming
-malicious code installed on user’s hard drive / computer
-user is redirected to a fake website (where personal data may be obtained)
-without their consent and knowledge to steal their personal data
-protection by only trusting secure websites, e.g. look for https in URL

[email protected] https://www.youtube.com/c/awabaqib/
GCSE CS (2210) / IGCSE CS (0478) P1 NOTES BY AWAB AQIB

CHAPTER 1.4: SECURITY

6. Spyware
-software that gathers information by monitoring key presses
-on a user’s computer and relays the information
-back to the person who sent the software
-protection by installing anti-spyware and anti-virus

7. Spam
- Junk / unwanted email
– Sent to large numbers of people
– Used for advertising / spreading malware
– Fills up mail boxes

WAYS OF PROTECTING DATA WHILE SENDING OVER A NETWORK

1. Encryption

-Encryption is the process of converting data to an unrecognizable or form


-It is used to protect sensitive information so that only authorized parties can view it.
-There are two types of Encryptions symmetric (private key), asymmetric (private, public key)
-convert the plaintext to cipher text and send it
-decrypt the cipher text on the other end to receive the original message

How to send an encrypted message using Symmetric Encryption


-Personal message before encryption is the plain text
-The plain text is encrypted using an encryption algorithm
-The plain text is encrypted using a key
-The encrypted text is cipher text
-The key is transmitted separately from the text
-The key is used to decrypt the cipher text after transmission

Method to increase the level of security of Encryption:


-Increase length / more bits used for key
-will generate more possibilities for key
-less chance of decryption by brute force method

2.Secure Socket Layer Protocol (SSL Protocol)


-cryptographic protocol, to provide security over a computer network using encryption
-Encryption is asymmetric / symmetric / both
-Makes use of public and private keys
-Data is meaningless without decryption key, if intercepted
-Used for Online banking, Online shopping, Email, Cloud based storage, Intranet/extranet

[email protected] https://www.youtube.com/c/awabaqib/
GCSE CS (2210) / IGCSE CS (0478) P1 NOTES BY AWAB AQIB

CHAPTER 1.4: SECURITY

Stages through which a user accesses a secured website with SSL deployed
OR
How a browser identifies whether a website is Secured or Not

- the web browser attempts to connect to a web site which is secured by SSL
- the web browser requests the web server to identify itself
- the web server sends the web browser a copy of its SSL certificate
- the web browser checks whether the SSL certificate is trustworthy
- if it is then the web browser sends a message back to the web server
- the web server will send back acknowledgement the SSL encrypted session to begin
- the encrypted data is then shared securely between web browser and server

3.Transport Layer Security (TLS)


-It is a security protocol
-It encrypts data sent over the web/network
-It is the updated version of SSL
-It has two layers, a handshake layer and a record layer
-Used for Online banking, Online shopping, Email, Cloud based storage, Intranet/extranet

4. Firewall
-examines/monitors traffic to and from a user’s computer and a network/Internet
-checks whether incoming and outgoing traffic meets a given set of criteria/rules
-firewall blocks/filters traffic/website that doesn’t meet the criteria/rules
-logs all incoming and outgoing traffic
-can prevent viruses or hackers gaining access
-can be both software and hardware
-blocks/filters access to specified IP addresses/websites
-warns of attempted unauthorized access to the system

5. Proxy Server
-Prevents direct access to the webserver, sits between user and webserver
-If an attack is launched it, hits the proxy server instead
-can be used to help prevent DDOS (Distributed Denial of Service) hacking of webserver
-Used to direct invalid traffic away from the webserver
-Traffic is examined by the proxy server
-If traffic is valid the data from the webserver will be obtained by the user
-If traffic is invalid the request to obtain data is declined
-Can block requests from certain IP addresses

6. Password protected / biometrics


-To help prevent unauthorized access

[email protected] https://www.youtube.com/c/awabaqib/
GCSE CS (2210) / IGCSE CS (0478) P1 NOTES BY AWAB AQIB

CHAPTER 1.4: SECURITY

7. Anti-Virus software
-Helps prevent data corruption or deletion
-Identifies / removes a virus in the system
-Scans a system for viruses

8. Spyware checking software


-Helps prevent data being stolen/copied/logged
-Scans a system for spyware

9.Drop-down input methods / selectable features


-To reduce risk of spyware / keylogging
-can stop key presses being recorded
-can stop key presses being relayed
-drop down boxes cannot be recorded as key presses

10.Physical methods
-Locked doors / cctv timeout / auto log off, to help prevent unauthorized access

11.Network / company policies training employees


-To educate users how to be vigilant

12.Access rights
-Allows users access to data that they have permission to view
-Maintain a hierarchy of levels of users, each having different levels of access e.g. admin,
employee, guest

TYPES OF PASSWORDS TO SECURE DATA

Text based password


-Minimum number of characters that can be typed using a keyboard
-Can be changed by the user

Biometric password
-A stored physical measurement e.g. fingerprint, retina scan, voice/face recognition
-That is compared to a previously scanned human measurement

Difference between Text and Biometric password


-Text based passwords are easier to hack than biometric passwords
-Biometric passwords are unique to that person/cannot be shared

[email protected] https://www.youtube.com/c/awabaqib/

You might also like