Slides badge

Security precautions

Learning Intentions

  • Describe the implications of the Computer Misuse Act

  • Describe the purpose and pros and cons of cookies

  • Describe the use of encryption in electronic communication

Success Criteria

  • I can describe how a firewall operates and how it can help improve security of a system
  • I can describe the purpose of tracking cookies and discuss their pros and cons
  • I can describe how encryption is used to protect data and content in a electronic communication

The Computer Misuse Act

  • The Computer Misuse Act (1990) deals with the misuse of computing technology to hack into confidential data and to send destructive viruses to other people’s computers.

  • Hacking has been around as long as the internet

  • It is illegal to: 
    • Gain unauthorised access to computer material
    • Gain unauthorised access with intent to commit a further offence
    • Make unauthorised modifications to programs or data on a computer

Unauthorised Access to Computer Material

  • This is the lowest level of offence and can come with a 6 month jail  sentence/large fine

  • This relates to any steps someone takes to gain access to a computer system.

  • For example:

    • Trying to guess someone’s password to gain access to their computer to look at stored data

    • Using a trojan horse that allows remote access the search someone’s hard drive over a network

    • Using a keylogger to steal a password for a co-worker or manager to view data that you are not allowed to see

    • Logging on with someone else’s password to a computer system
       

Unauthorised Access to Computer Material

  • Unauthorised access with intent to commit a further offence is even more serious. This builds on the previous offence. The key difference here is the addition of “intent to commit”

  • It therefore includes guessing or stealing a password and using that to access for example someone’s bank account and transferring money

Unauthorised Modification of Programs or Data

  • This part of the act deals with actions that can cause changes or damage to the computer’s programs and data

  • Originally this was intended to deal with offences where people had deliberately destroyed data or deliberately spread a computer virus. Nowadays it includes “impairing” the operation of a computer to include ransomware and DOS attacks

  • Penalty of 5 years in jail and/or fine

Examples

  • Deliberately spreading a computer virus (writing a virus is not an offence but prosecutors would have to prove the intent to cause harm)

  • Gaining access to a computer system and deleting contents as part of a revenge attack

  • Deploying ransomware to encrypt data and ask for a sum of money to provide the key

Examples

  • Deliberately spreading a computer virus (writing a virus is not an offence but prosecutors would have to prove the intent to cause harm)

  • Gaining access to a computer system and deleting contents as part of a revenge attack

  • Deploying ransomware to encrypt data and ask for a sum of money to provide the key

Past Paper Questions

A participant manages to access a file and change their own score.

State two different offences the participant has committed under the Computer Misuse Act 1990.

 

2 marks

SQP Q18 c)

  • Unauthorised access to computer material
  • Unauthorised access with intent to commit a further offence
  • Unauthorised modification of data on a computer

Research a real life example of someone being charged under the Computer Misuse Act 1990. Discuss:

  • What happened?
  • What were the consequences?

Task

Tracking cookies

  • A cookie is a small data file that is created when you access a website

  • These can be used to store your personal preferences or login details so you don’t need to re-enter them

  • Cookies are stored on the client device rather than server as they are personal to you

Tracking cookies

  • Tracking cookies allow your data to be recorded and transmitted back to the cookie’s author

  • Tracking cookies  are used to gather marketing information, which can help target personalised ads

  • They can also be obtained by a hacker or malicious piece of software, allowing them to log into a website as you very easily

Pros and cons of cookies

  • Have you ever noticed the option that says something like Remember Me? when you sign in? This uses a cookie to remember your details.

  • Specifically, a cookie like this often stores a hash of your username and password as well as a unique code. Every time you visit the website, this cookie is transmitted and you are able to login. If another person gets hold of this cookie, they can simply login as you. 

  • Other cookies such as tracking cookies are used to keep counts of how many unique visitors come to a website, but they also can be used to monitor your own unique browsing habits. Google Analytics is one such system that does this. Look for the _ga cookie on your browser to see if the website uses Analytics.

Pros and cons of cookies

  • Cookies can also hold personal information, though not much since cookies are limited to 4096KB of data.

  • Paul Hibbert, a smart home enthusiast on YouTube, was hacked in January 2023 as he opened a file which collected cookies from Google Chrome. The hacker then added the cookie to their own device and was able to log into his accounts straight away.

That's Paul by the way!

Past Paper Questions

Tracking cookies can be created and used when browsing a website.

Describe a security risk associated with tracking cookies.

1 mark

2017 Q5

  • Unauthorised access to personal data (sent to third parties through the tracking cookie)

DNS

  • Domain Name Service (DNS) is basically the phonebook of the internet. 
  • DNS translates a web address (such as ka-net.org.uk) into an IP address (77.72.1.27).

Denial of Service (DOS) attacks

  • A Denial of Service (DoS) attack is when a network, server, or a resource is put under so much pressure that the network cannot provide its normal services to legitimate users.

  • DoS Attacks involve attackers bombarding the network with a high volume of data is a short period of time so that the network cannot cope.

  • For example, an attack was launched in 2022 by several computers across Russia to attempt to take down several servers across the world.

Denial of Service (DOS) attacks

  • A Denial of Service (DoS) attack is when a network, server, or a resource is put under so much pressure that the network cannot provide its normal services to legitimate users.

  • DoS Attacks involve attackers bombarding the network with a high volume of data is a short period of time so that the network cannot cope.

  • For example, an attack was launched in 2022 by several computers across Russia to attempt to take down several servers across the world.

Denial of Service (DOS) attacks

  • The symptoms of a DoS attack are that the performance of the website or system becomes slow or grinds to a halt and prevents the users from accessing data held on the website or system.

    • For example, when too many people are trying to access a service at the one time.

  • Denial of Service causes major disruption to users and businesses; users are unable to access the services they need and business lose money due to the inability of their users to access the systems.

  • The costs of DoS attacks are:

    • Loss of business during downtime

    • The cost of repair and response to the attack

    • Loss of confidence of users

Types of Denial of Service (DOS) attacks

  • There are three main types of DoS attack:

    • Bandwidth consumption - sending a large number of packets over a short period of time, effectively swamping a server (most servers can have 2 million open connections at once)

    • Resource starvation - this is when an attack consumes other resources in order to bring the server down or make it unresponsive. For example, with certain free online applications you can save to the cloud and this type of DoS attack aims to save as much as possible to the server so that it runs out of space.

    • DNS attacks flood the domain name server with several requests from a fake IP address. It is essentially a DNS attack on a DNS server.

Reasons for Denial of Service (DOS) attacks

  • Financial – Bringing down a commercial website will cost that company money

  • Malicious – Individuals think that it’s good fun to bring down an organisation’s network

  • Political – DoS attacks can be politically motivated such as an attack on a government network or to prevent access to the website of a political rival

  • Personal – Disgruntled employees who have a grudge might use a DoS attack as revenge

Past Paper Questions

A theme park is aware that their website might be subjected to a DoS attack.

 

State the effect on customers of a DoS attack.

 

1 mark

2019 Q19 d)

  • Slow performance
  • Inability to access website

What is encryption?

  • Most data sent on a network is sent in the form of text files. This data can be easily intercepted and read. 

  • Encryption is the process of turning plain text files into a form that only authorised people can read.

  • Unauthorised people will just see a meaningless string of letters and numerals (known as cipher text)

Hello

kgnnq

Encrypt

What is encryption?

  • There are two types of encryption.

    • Symmetric Encryption

    • Asymmetric Encryption

  • Symmetric Encryption uses a single ‘key’ to both encrypt and decrypt a file. Once that ‘key’ is found all messages sent this way can be read or fake ones sent (as used by the Enigma machines in WWII)

What is encryption?

Encryption

  • Encryption ‘keys’ are based on extremely large prime numbers chosen at random.

  • With symmetric key encryption only one key needs to be created – this can eventually be ‘guessed’ by ‘brute force’ software

  • With asymmetric encryption, two keys (the ‘private’ key and the ‘public’ key) are created that are mathematically linked together.

  • With this it is also impossible (or infeasible), that, if someone knows one of the keys, they could work out the other
     

Asymmetric encryption

  • Asymmetric Encryption is where the sender uses one ‘key’ to create the ciphertext (encrypt the data) and the receiver uses a different ‘key’ to decipher it.
  • The two keys are different but mathematically linked to work with each other
  • The private key is used to decrypt the messages that were encrypted with the public key.
  • When you are using a ‘secure’ website (URL starts ‘HTTPS://’ rather than ‘HTTP://’) all data collected in web page form (for example) is encrypted using a private key.
  • The receiver then uses their public key to decrypt the data sent back

Public and private keys

  • A public key is used to encrypt personal data and the private key is used to decrypt the data.

  • Everyone has access to the public key

  • Only you have access to the private key

  • Security of this encryption relies on the secrecy of the private key

Steps taken in asymmetric encryption

  1. Jamie is going to send Beth a message.

  2. Jamie uses Beth’s Public Key to encrypt the message

  3. The message is then sent to Beth

  4. When Beth gets the message she takes her private key (that only she can see) and decrypt the message from Jamie

Key points

  • Public keys – everyone can see and are used to encrypt a message.

  • Private keys – only you can see and are used to decrypt a message.

  • Keys work as a pair. You can only use Private Key A to unlock a message encrypted with Public Key A.

Past Paper Questions

When people make  donations their payments must be kept secure. 

Describe how encryption is used to ensure the secure transmission of data

 

2 marks

2019 Q13 (e)

  • Public key encrypts the data (1 mark)
  • Private key decrypts the data (1 mark)

Digital certificates

  • A digital certificate is an electronic document that contains a digital signature, which confirms the name and identity of a person or organisation

  • Digital certificates authenticate a person, allowing them to exchange data over the internet using a public key

  • Digital certificates are issued by trusted entities called certificate authorities

  • A digital certificate is exceptionally hard to forge and can be trusted as it will have been issued by a trusted agency.

  • A digital certificate contains the name of the certificate holder, serial number, expiry dates, public key for encrypting messages and the digital signature of the certificate issuing authority

Google will rank websites without a certificate lower in search results

Past Paper Questions

Tomek is planning to sell band merchandise through his website. 

Explain why the presence of a digital certificate will improve customer confidence when buying from the website

 

2 marks

2016 Q19 (e)

  • Digital signature / encryption
  • Site is authenticated e.g. certificate issued by (certification) authority
  • Site is regulated

Digital signatures

  • A digital signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and ensure that the original content of the message or document has not been tampered with

  • Digital signatures are easily transportable, cannot be forged by someone else, and can be automatically time stamped.

  • Digital Signatures are supported by a wide variety of software packages used by business. This ensures that legally important messages arrive intact, are timestamped and can be trusted to be genuinely from the sender.

Past Paper Questions

An online bank uses digital signatures when sending financial documents. 

Describe the purpose of a digital signature when sending documents

 

2 marks

2021 Q5

  • Authenticates the sender
  • Guarantees the integrity of the sent item / sent item has not been altered

One mark for each bullet or one bullet and second mark for describing the mechanism for how it is used

Try the following past paper questions:

 

SQP Q3, Q12

2016 Q11 (e)

2017 Q6

2018 Q2

2021 Q5

Try it yourself

Presentation Overview
Close
JB
Security Precautions
© 2020 - 2024 J Balfour
15:45 | 23-05-2024
Join Live Session
Start Remote
Save Progress
Slideshow Outline
Presenter Mode
Widget Screen
Canvas Controls
Random Selector
Timer
Volume Meter
Binary Converter
Python Editor
Show Knox 90
Provide Feedback
Help
!
Keywords
    DragonDocs Management
    Random selector
    Sections
      Binary conversion
      Denary to binary conversion
      Binary to denary conversion
      Feedback 👍
      Accessibility

      Apply a filter:

      ×
      All slideshow files