Table of Contents
Easy Level Questions:
Why is keeping data safe extremely important (security and ethics)?
– It may be personal data that you only want to keep within family or close friends like passwords and bank account details.
– An accidental damage or malicious act can cause data to be deleted or corrupted.
When must we keep data safe?
– When a we use the computer offline or connected to the internet.
What is data threatened by?
– Malicious software
– Hackers
– Accidental damage
What is hacking?
– Hacking is breaking into a computer system to steal personal data without the owner’s consent or knowledge.
Possible effect of hacking?
– Lead to identity theft or gaining personal information.
– Data can be deleted, changed or corrupted.
Methods to remove hacking?
– Firewalls
– Use strong passwords and user ids
– Use anti-hacking software
Difference between cracking and hacking?
– Hacking is breaking into a computer system to steal personal data without the owner’s consent or knowledge.
– Cracking is where someone edits a program source code done for a malicious purpose.
Which is more harmful: hacking or cracking?
– Hacking isn’t necessarily harmful.
– Cracking is ALWAYS totally illegal and is potentially very damaging.
What is viruses?
– Program or program code that can replicate itself with the intention of deleting or corrupting files, or cause the computer to malfunction.
Possible effect of viruses?
– Can cause the computer to crash, stop functioning normally or become unresponsive.
– Can delete files/data.
– Can corrupt files/data.
Methods of removing viruses?
– Install anti-virus software.
– Don’t use software from unknown sources.
– Be careful when opening emails/attachments from unknown senders.
What is phishing?
– The creator sends out a legitimate-looking email.
– As soon as the recipient clicks on a link in the email, the user is sent to a fake website.
Possible effect of phishing?
– The creator of the email can gain personal data such as bank account numbers from the users when they visit the fake website.
– This can lead to fraud or identity theft.
Methods to remove phishing?
– Many ISPs filter out phishing emails.
– The user should always be cautious when opening emails or attachments.
What is pharming?
– Malicious code installed on a user’s hard drive or on the web server.
– The code will redirect the user to a fake website without their knowledge.
Possible effect of pharming?
– The creator of malicious code can gain personal data such as bank account numbers from users when they visit the fake website.
– This can lead to fraud or identity theft.
Methods of removing pharming?
– Some anti-spyware software can identify and remove the pharming code from the hard drive.
– The user should always be alert and look out for clues that they are being redirected to another website.
What is wardriving?
– The act of locating and using wireless internet connections illegally.
– Only requires a laptop, a wireless network card and an antenna to pick up wireless signals.
Possible effect of wardriving?
– Possible to steal a user’s internet time or allocation by downloading large files.
– Possible to hack into wireless network and steal a user’s password and other personal details.
Medium Level Questions:
Methods to remove wardriving?
– Use of wired equivalent privacy (WEP) encryption
– Protect use of the wireless device by having complex passwords before the internet can be accessed.
– Use of firewalls to prevent outside users from gaining access.
What is spyware or key-logging software?
– Software that gathers information by monitoring key presses on the user’s keyboard.
– The information is then sent back to the person who sent the software.
Possible effect of spyware or key-logging software?
– Gives the originator access to all data entered using a keyboard on the user’s computer.
– The software is able to install other spyware, read cookie data and also change a user’s default web browser.
Methods to remove spyware or key-logging software?
– Use of anti-spyware software.
– The user should always be alert and look out for clues that their keyboard activity is being monitored.
– Using a mouse to select characters from passwords rather than typing them in using a keyboard can help reduce the risk.
What is cookies?
– A packet of information sent by a web server to a web browser.
When are cookies generated?
– Generated each time the user visits the website.
What happens when a user visits a website with cookies?
– A message is frequently displayed saying “cookies are required to access this site”.
– Every times a user visits the website, cookies will have collected some key information about the user.
What can cookies carry out?
– They are able to carry out user tracking and also maintain user preferences.
– Example: when a user buys a CD on a music website, the cookies will have remembered the user’s previous buying habits and a message like this often follows: “Customers who bought items in your Recent History also bought: YYYY”
Are cookies programs?
– No.
– They simply pieces of data.
– They can’t perform any operations.
– They only allow the detection of web pages viewed by a user on a particular website and store user preferences.
What is anonymous user profile?
– The information gathered by cookies forms an anonymous user profile.
– It doesn’t contain personal information like credit card numbers or passwords.
– Because of the information they do collect, they are subject to privacy and security concerns.
What security issues lead to loss of data or the corruption of data?
– Accidental mal-operation.
– Hardware malfunction.
– Software malfunction.
How to prevent accidental loss of data (ex: the accidental deletion of a file)?
– Use of back-ups in case data is lost or corrupted through an accidental operation.
– Save data on a regular basis.
– Use of passwords and user ids to restrict access to authorised users only.
Mastery Level Questions:
How to prevent hardware fault (ex: head crash on the hard disk drive)?
– Use of back-ups in case data is lost or corrupted through the hardware fault.
– Use of UPS (uninterruptible power supply) to prevent power loss causing hardware malfunction.
– Save data on regular basis.
– Use of parallel systems as back-up hardware.
How to prevent software fault (ex: incompatible software installed on the system)?
– Use of back-ups in case data is lost or corrupted through the software fault.
– Save data on a regular basis in case the software suddenly ‘freezes’ or ‘crashes’ whilst the user is working on it.
How to prevent incorrect computer operation (ex: incorrect shutdown procedure or incorrect procedure for the removal of a memory stick)?
– Use of back-ups in case data is lost or corrupted through wrong operation.
– Correct training procedures so that users are aware of the correct operation of hardware.
What is a firewall?
– A firewall can be either software or hardware.
– It sits between the user’s computer and an external network and filters information in and out of the computer.
Tasks carried out by firewall?
– Examining the ‘traffic’ between the user’s computer and a public network like the internet.
– Checking whether incoming or outgoing data meets a given set of criteria.
– If the data fails the criteria, the firewall will block the ‘traffic’ and give the user a warning that there may be a security issue.
– Logging all incoming and outgoing ‘traffic’ to allow later interrogation by the user.
– Criteria can be set to prevent access to certain undesirable sites, the firewall can keep a list of all undesirable IP addresses.
– Helping to prevent viruses or hackers entering the user’s computer.
– Warning the user if some software on their system is trying to access an external data source, the user is given the option of allowing it to go ahead or requesting that such access is denied.
What is a Gateway?
– The firewall can be a hardware interface which is located somewhere between the computer and internet connection.
– It is often called as Gateway.
What other way to install firewall?
– By installing the software on the computer.
– In some cases this becomes part of the operating system.
What are the circumstances where the firewall can’t prevent potential harmful ‘traffic’?
– It cannot prevent individuals, on internal networks, using their own modems to bypass the firewall.
– Employee misconduct or carelessness cannot be controlled by firewalls like control of passwords or use of accounts.
– Users on stand-alone computers can chose to disable the firewall, leaving their computer open to harmful ‘traffic’ from the internet.
What do the circumstances where the firewall can’t prevent potential harmful ‘traffic’ require?
– Require management control or personal control to ensure firewall is allowed to do its job effectively.
What is proxy server?
– A proxy server is a server that sits between a client application, such as a Web browser, and a real server. It intercepts all requests to the real server to see if it can fulfill the requests itself. If not, it forwards the request to the real server.
How does proxy server work?
– A proxy is a program or a device that protects and improves access to a site. To do so, it creates a barrier between the local network and the Internet and, therefore, avoid direct communications between the client and the server, so that no external user can see the network (only the IP of the proxy server will be visible).
Functions of proxy servers include?
– Allowing the internet ‘traffic’ to be filtered; they can block access to a website if necessary
– By using the feature CACHE, they can speed up access to information from a website; when the website is first visited, the home page is stored on the proxy server; when the user visits the website, it now goes through the proxy server cache instead, giving much faster access.
– Keeping the user’s IP adress secret – this clearly improves security
– Acting as a firewall.
What are the two forms of security protocols?
– Secure sockets layers (SSL)
– Transport layer security (TLS)
What is secure sockets layer (SSL)?
– A type of protocol.
– This allows data to be sent and received securely over the internet.
What does SSL do when a user logs onto a website?
– It encrypts the data.
– Only user’s computer and the web server are able to make sense of what is being transmitted.
– An SSL is used when the user sees https or small padlock in the status bar.
What is transport layer security (TLS)?
– Similar to SSL but is more recent security system.
– Form of protocol that ensures the security and privacy of data between devices and users when communicating over the internet.
– Designed to provide encryption, authentication and data integrity in a more efficient way than SSL.
What happens when a website and client communicate over the internet?
– The TLS is designed to prevent a third party hacking into this communication causing problems with data security.
What are the two layers of TLS?
– Record protocol – this part of the communication can be used with or without encryption (it contains the data being transferred over the internet)
– Handshake protocol – this permits the website and the client to authenticate each other and to make use of encryption algorithms (a secure session between client and website is established)
Why is older SSL is still used in many cases?
– Because only the most recent web browsers support both SSL and TLS.
Difference between SSL and TLS?
– It is possible to extend TLS by adding new authentication methods.
– TLS can make use of SESSION CACHING which improves the overall performance compared to SSL.
– TLS separates the handshaking process from the record protocol which holds the data.
Why is session caching used in TLS?
– Because when opening a TLS session, it requires a lot of computer time.
– This session caching can avoid the need to utilise so much computer time for each connection.
– TLS can either establish new session or attempt to resume an existing session.
– Using the latter can boost system performance.
What is use of encryption?
– Used to protect data in case it has been hacked.
– It won’t prevent hacking.
– Makes data meaningless unless user is able to decrypt it with necessary tools.
Two types of encryption?
– Symmetric.
– Asymmetric or public key.
What is symmetric encryption?
– A secret key made from a combination characters.
– When applied to a message, its content is changed to be unreadable until the recipient has decryption key.
What is needed to decrypt symmetric encryption?
– One secret key is needed to encrypt another same one to decrypt the message.
– It uses a secret key that can either be a number, a word or a string of random letters. It is a blended with the plain text of a message to change the content in a particular way. The sender and the recipient should know the secret key that is used to encrypt and decrypt all the messages.
Risk of having the same encryption and decryption key?
– The sender has to supply the key to the recipient.
– This key could be intercepted by a hacker.
– This makes the encrypted message at security risk.
– This situation is referred as key distribution problem.
What is encryption algorithm?
– Messages are put through an encryption algorithm to produce a message in a encrypted form.
– This algorithm uses an encryption key to produce a message which appears meaningless unless the same key unlocks the original message.
– This is key is the encryption and decryption key depending on its use.
What is asymmetric encryption?
– A more secured method of encryption.
– Also known as public key.
– This encryption method needs private key and public key.
What is public key?
– Made available to everybody.
What is private key?
– Only known by the computer user.
What is hashing algorithm?
– Encryption key often generated by using hashing algorithm.
– Very different to encryption algorithm.
– Takes a message or key and translates it into a string of characters shown in a hex notation.
– Makes the message or key impossible to read.
– If intercepted by hacker, the same hashing algorithm has to be applied at both ends (sender and receiver) for the message or key to be understood.
What is plain text?
– The text or normal representation of data before it goes through an encryption algorithm.
What is cypher text?
– The output from an encryption algorithm.
What is authentication?
– Used to verify that data come from a trusted source.
– It works with encryption to strengthen internet security.
Explain passwords?
– User id or name and passwords are used to log on to many systems.
– Both of those things are checked against a secure file to confirm a person is who they claim to be.
– If incorrect, then access is denied.
Explain biometrics?
– Relies on the unique characteristics of human beings.
– Fingerprint scans, retina scans, face recognition and voice recognition.
Describe fingerprint scans?
– Images of fingerprints are compared to the ones scanned before and stored in the database.
– If match, access is allowed.
– If not, access is denied.
– System compares the patterns of ridges and valleys which are fairly unique.
– Accuracy 1 in 500
Describe retina scans?
– Use infra-red to scan the unique pattern of blood vessels in the retina.
– Unpleasant technique as person must sit for 10 to 15 seconds while scanning.
– Very secure as no one has found a way to duplicate the blood vessel patterns.
– Accuracy is 1 in 10 million.
What is denial of service attack?
– This is an attempt at preventing users from accessing part of a network, notably an internet user.
– This is temporary but damagings act of a breach of security.
– It not only affects networks but an individual can also be a target for such an attack.
The attack may prevent the user from doing the following:
– Accessing their emails
– Accessing websites
– Accessin online services
How does flooding the network with useless traffic cause this problem?
– This is a method of attack.
– When a user types or clicks a URL of a website, a request is sent to the internet server which contains the website.
– The server can only handle a finite numbers of request. If it becomes overloaded by an attacker sending thousands of requests, it won’t be able to service the user’s legitimate requests.
– This is effectively a denical of service.
How does flooding the network with useless traffic happen in emails?
– The attacker can send out many spam messages to a person’s email account.
– Internet Service Providers (ISPs) only allow a specific data quota for each user.
– Thus, if the attacker does what was described, it will quickly get clogged up and the user won’t be able to receive legitimate emails.
How can an individual or website guard against these attacks?
– Using an up to date malware/virus checker
– Setting up a firewall to restrict traffic to and from the internet server or user’s computer
– Applying email filters to manage unwanted traffic or spam emails
Signs of service attacks?
– Slow network performance when opening files or accessing certain websites
– Unavailability or inability to access particular websites
– Large amounts of spam mail reaching the users email account
How do banks protect the customer’s personal details when the customer logs on to a banking website and carries out a transaction?
– Encryption is used.
– SSL
– Virus scanner
What is computer ethics?
– Is a set of principles set out to regulate the use of computers.
Factors of computer ethics?
– Intellectual property – covers the copying of software without the permission of the owner.
– Privacy issues – covers the hacking or any illegal access to another person’s personal data.
Effect of computers on society?
– Lead to increase in plagiarism – people take other’s idea and make it as their own.
– Fine to quotes someones idea if it has proper acknowledgement.
– Done by using references at the end of foot notes of the document.
– Some software are created to spot plagiarism.
What is free software?
– Type of software where people have freedom to run, copy, change or adapt.
– Ex: F-spot, Scribus, Abiword
Creator of free software stress on what?
– Liberty not price.
– User is guaranteed the freedom to study and modify the software source code in any way
User cannot do what to free software?
– Cannot add sources code from other software that is not free software.
– Cannot produce software which copies other software with copyright laws.
– Cannot adapt software in way that infringes the copyright laws protecting other software.
– Cannot use the source code to produce software which is deemed offensive by third parties.
What is freeware?
– Software where user can download from the internet for free.
– No fees after download.
– Ex: Skype, media players
How is freeware different to free software?
– Subject to copyright laws.
– Requires used to tick a box where they agree to terms and conditions governing the software.
– User not allowed to study of modify the source code.
What is shareware?
– Software where user is allowed to try out software for free for a trial period.
– At the end of trial period, the author of software requests the user to pay a fee if they like it.
– Once paid, user is registered with the originator and free updates are provided.
– Trial versions always come without the complete features.
How is shareware different to free software?
– Like freeware, subject to copyright laws the user must comply to.
– Cannot study or modify source code.
– Permission is need to share shareware to families and friends.
Other types of safeguard that might be encountered when a customer logs on to a banks’s website?
– Many banks use a 10 or 12 digit code unique to the customer.
– You may be asked to input three random numbers from a four digit PIN and three characters from a 10 character password.
– A handheld device can be used where the customer inserts their card. They will then enter their pin. This device will generate and 8 digit code which the customer types into the webpage of the banks. This code is generated from an internal clock and PIN. The bank’s server and time are both synchronised with the hand held device. The bank server also stores the pin so it will know if the code is correct. Each code is only valid for a few minutes before it is redone. This system beats hackers and spyware since code will change every-time customer logs into the bank’s website.
– May ask the customer to key in parts of their password using drop down boxes to attempt to defeat spyware or key-logging software. Each of the requested characters from the password are entered by selecting a character from drop down menu using mouse, so no need for keyboard.
– Once all these stages have been passed, some systems will ask for personal data that only the person knows.
– After the customer has successfully went through all of this security ‘hurdle’, they will be sent to a home page on the website. Only use the bank’s navigation tools not the ones at the top of the screen. If not you will be logged out and must do the whole process again.
Read more IGCSE Computer Science revision guides by Prodat here!