Computer Science IGCSE

providing education for Computer Science

Knowledge seekers

Chapter 8 Security and Ethics

Keeping data safe is very important for many reasons. There can be very confidential details
that people want to keep safe.

Data can be corrupted or deleted either through accidental or through malicious act. There
are many ways to keep data safe.

Hacking is breaking into a computer system and stealing the users data without consent.
However there can be ethical hacking which is when a company or people hire ethical
hackers to try to break into the safety system to make sure if it is safe and if they need to
change it. Cracking is where someone edits a program source code. This is usually done for
a malicious purpose. Hacking isnt necessarily harmful whilst cracking is always illegal and
is potentially very damaging.

Passwords should be complex, different and shouldn’t be meaningful. It should be

irrelevant, something like : W23502Q@#BD9304H.

White hat hacking is ethical hacking however, Black hat hacking is illegal hacking.

Security and Data Integrity

Malware:

This is software used to gain access or damage a computer without the knowledge of the
owner. There are various types of malware including spyware, keyloggers, true viruses,
worms, or any type of malicious code that infiltrates a computer.

Disrupts operations.
Steals sensitive information.
Allows unauthorized access to system resources.
Slows computer or web browser speeds.
Creates problems connecting to networks.
Results in frequent freezing or crashing.

Install Anti-Virus & Firewall Software. Keep Software & Operating Systems Up-to-Date.
Avoid Clicking On Pop-Ups

Hacking:

Hacking is the act of gaining illegal access to a computer system. Hacking can lead to
identity theft and gain of confidential data. Data can be deleted, changed and even
corrupted. Hacking can be prevented by Firewalls, use of strong passwords and user ids
and anti-hacking software. There are two types of hacking, White Hat and Black Hat. White
hat is ethical hacking whereas Black hat is illegal hacking

Viruses:

Viruses are programs or a program code which can replicate itself with the intention of
deleting or corrupting files, or cause the computer to malfunctions. It can delete files and
data and it can corrupt them. It can also cause the device to crash and not respond. They can
be prevented by anti virus software’s, and staying alert and aware of the emails you open
and not using software’s from unknown resources.

Phishing:

Phishing is run by a person or a creator that sends out a legitimate looking email. and as
soon as the recipient clicks on the link, they are sent to a fake website. The creator of the
email can access of personal data and this can lead to fraud or identity theft. This can be
prevented by ISPs filters on emails and the user should be alert and aware when opening
unknown attachments.

Pharming:

Pharming is a code installed on a users hard drive or on the web server; the code will re
direct the user to a fake website without the user knowing. The creator can get access to
personal data and leads to fraud or identity theft. This can be prevented by anti-spyware
software and the user being alert and aware of strange emails from unknowns.

Wardriving:

The act of locating and using wireless internet connections illegally; it only requires a laptop
(or other portable device), a wireless network card and a antenna to pick up wireless signals.
This can potentially lead to the users internet time to be stolen, and it is very easy to steals a
users password and personal details. They can be prevented by the use of Wired Equivalent
Privacy (WEP) encryption. Also having a complex password before the internet can be
accessed. Use of firewalls to prevent outsiders from gaining access.
Spyware/Key-Logging software:

Software that gathers information by monitoring key presses on the user’s keyboard; the
information is then sent back to the person who sent the software. This gives access to all the
data entered using a keyboard on the user’s computer. The software is able to install other
spyware; read cookie data and also change user’s default web browser. It can be prevented
by the use of anti spyware data. Look out for clues that their keyboard activity is being
monitored. Use mouse to select characters for passwords, rather than keyboard to reduce
risk.

Cookies: is a packet of information sent by a web server to a web browser. Cookies are
generated each time the user visits the website.

Denial of Service (DOS):

An attack that floods a networks send request after request until the network itself shuts
down/cannot cope with however many requests.

Bio-metric systems: Bio-metric systems are systems that are protected with things like
facial recognition, retina scan, finger prints, etc.

Firewalls: Hardware or software based security layer that is positioned between the internet
and network/user device. It examines incoming/out coming traffic. Identifies suspicious
files/phrases and notifies administrator if anything is flagged. White-lists/blacklists
websites/applications. The administrator gets monitor. Acts as a gateway to the internet.

Proxy Server: Remember the websites you have visited, and remembers all the information
with it. It keeps the users IP hidden. Acts as a firewall if a firewall isn’t present on a network
(limited functionality).

VPN (Virtual Private Network): is a method used to add security and privacy to private
and public networks. Its is recommended to use in the dark and deep web.

Security Protocols:

Secure Sockets Layer (SSL)

Transport Layer Secuirty (TLS)

Secure Sockets Layer (SSL) is a type of protocol (a set of rules used by computers to
communicate with each other across a network). This allows data to be sent and received
securely over the internet.

When a user logs onto a website, SSL encrypts the data – only the users computer and the
web server are able to make sense of what is being transmitted. A user will know if SSL is
being applied when they see https or the small padlocks in the status bar at the top of the
screen. Padlocks suggests that it is safe and secure

What happens when a user wants to access a secure website:

1. The users web browser sends a message so that it can connect with the required website
which is secured by SSL.
2. The web browser then requests that the web server identifies itself ‘
3. The web server responds by sending a copy of its SSL certificate to the users web
browser
4. If the web browser can authenticate this certificate, it sends a message back to the web
server to allow communication
5. Once this message is received, the web server acknowledges the web browser, and the
SSL-encrypted two way data transfer begins.

Transport Layer Security (TLS) is similar to SSL but is a more recent security system. TLS is
a form of protocol that ensures the security and privacy of data between devices and users
when communicating over the internet. It is essentially designed to provide encryption,
authentication and data integrity in a more effective way.

When a website and user are communicating oover the internet, TLS is designed to prevent
a third party user or device into this communication since this causes problems with data
security.

TLS is formed of 2 layers

1. Record protocol, this part of the communication can be used with or without encryption
(it contains the data being transferred over the internet).
2. Handshake protocol: this allows the website and the user to authenticate with each other
and make use of encryption algorithms (a secure session between the website and user is
established).

Encryption:

Encryption is used to protect data in case it has been hacked. Encryption makes the data
meaningless unless it somehow gets decrypted. There are 2 types of encryption:

Symmetric Encryption
Asymmetric or Public Key Encryption

Symmetric Encryption

Symmetric Encryption is a secret key which can be a combination of different characters. If

this key is applied to a message, its contents is changed and makes it unreadable unless a
user has a decryption key which fixes the problem. Basically one key is needed to encrypt a
message and another key is needed to decrypt message.

However this key is very vulnerable to Key Distribution Problem. So the sender and
receiver have to have to same key for encryption and decryption. The sender has to send
the key to the receiver and if somehow it gets intercepted by an hacker, this can lead to a
failure in encryption and security making the contents unprotected. The hacker can easily
decrypt the file/data. There is also an encryption algorithm where you use an algorithm to
unlock the file and keep the data safe.

Asymmetric Encrption

This type of encryption is a more safer and secure method.

Public Key is a key that is made available to everybody

Private Key is a key which is only known by the computer user.

Both type of keys are needed to encrypt and decrypt messages. It works like this: First User
A applies a symmetric key to encrypt the message, then the symmetric is then encrypted
using the public key known to both A and B. User A sends the message over the internet,
User B decrypts the symmetric key by applying their known private key, the decoded
symmetric key is used to decrypt the message sent by User A.

Plain Text or Cypher Text

Plain Text is normal text/data before it goes through encryption.

Cypher text is the output from an encryption algorithm.

Authentication

Authentication is used to verify that data comes from a trusted source. It works with
encryption to strengthen internet security.

Computer Ethics

Computer Ethics is a set of principles set out to regulate the use of computers. Three factors
are considers:

Intellectual Property Rights : this covers copying of software without permission of

owners
Privacy Issues : this covers hacking and illegal access of another persons personal data
Effect of computers on society – this covers factors such as job losses and social impacts
and so on

Free Software, Freeware and Shareware

Free Software is basicslly when you download software, you can run it, copy it, change it, it
doesnt matter. Examples: Abiword, F-Spot and Scribus.

Freeware is a software a user can download from the internet free of charge. Once it has
been downloaded, there are no extra fees associated with the software. Examples:
Adobe,Skype or media players)
Shareware is a software which users are allowed to try out a software free of charge for a
trial period. Examples (Netflix, Music Apps)

Sponsored Content

Here's The New Kitchen Cabinet Trends Coming In 2023: Check now
Sponsored links
The Price Of a Home Security Camera May Surprise You (Search Here For
Options)
Search Ads

CREATE A FREE WEBSITE OR BLOG AT WORDPRESS.COM.