4. Networks and the effects of using them
Michael Brooke
4.2 network issues and communication
Security issues regarding data transfer
Describe the security issues surrounding the use of computer networks
Using a computer connected to a network means that…
- The computer is vulnerable to hackers
- If the network breaks, many tasks become very difficult
- Your computer can more easily be attacked by a virus
In particular, if we use a computer connected to The Internet…
- We have to be careful about revealing personal information
- We have to be careful to avoid suspect websites that might contain malware
- We have to be aware that information found on The Internet is not always accurate or reliable
Authentication
Authentication is how a user can prove who they are in order to access a system. It can be done in a number of ways the most common being username and password. There are generally three ways that are considered for authentication:
- One factor authentication
- Something the user knows
- Two factor authentication
- Something the user has
- Three factor authentication
- Something the user is
Something the user knows Typically a username/password or PIN or passphrase. | |
Something the user has This can be physical things such as a mobile phone, card with a chip, password authenticator. These are often used in addition to username/password authentication to give a more secure two factor authentication process. This is used by many services such as Google[1]. | |
Something the user is. This includes such biometric data as fingerprints, iris patterns, face shapes, voice etc. |
Passwords
In order to stay secure it is important to choose a password that is very hard to guess to keep you secure. This will help to prevent someone being able to either guess your password or to use a computer to brute force hack your password.
How to make a strong password:
- Make it long (20 characters is a strong length).
- Include both uppercase and lowercase letters.
- Include symbols and other characters.
There is more to security than just choosing a good password you should also consider:
- Do not use the same password for sites that you care about. EG consider using programs such as Keepass[2] or LastPass[3] to manage your passwords.
- Beware that your “secret question” is not easy to guess.
- If a site offers “two step” verification then you should use it. EG Google’s two step authentication. [4]
Other Authentication methods
Magnetic strips Magnetic strip cards allow the user to authenticate themselves by swiping through a reader. They are often used to unlock doors or provide access to certain areas of buildings. However the strip may be easily damaged and if stolen or lost this can cause a security issue. | |
ID Cards ID cards are used in most countries to identify a person officially. they often contain personal data such as date of birth and nationality and address. They also have signatures and pictures to confirm the person is who they say they are. They can be forged but this requires great skill to do effectively. | |
Passports Passports like ID cards are used to prove someone is who they say they are. They are recognised globally and allow people to travel into different countries. | |
Mobile phone A mobile phone is often used to authenticate as part of a two step process. For example after you use a username and password to login to a website an SMS is also sent to the phone with a code that also need to be entered to gain access. many email and social networking sites use this. | |
Password token Password tokens are often given to employees of businesses to generate one time login credentials for business systems. They are secure as the code can only be used once but if they are stolen it can be inconvenient and a security problem. |
Antivirus
There is a very wide range of products available to help computer users combat viruses and malware in general such as the ones shown below:
What is malware?
Malware is short for malicious software.
Malware is the name given to any software that could harm a computer system, interfere with a user's data, or make the computer perform actions without the owner's knowledge or permission. There are several different types of malware such as:
- Viruses
- Worms
- Trojans
- Bots
Basically malware is software that you really don't want to have on your computer![5]
How do you get malware?
There are many ways to get malware such as:
- Installing software from an untrustworthy source.
- You are not using an antivirus or antispyware solution.
- Sharing pen drives that are infected with a virus.
- connecting to a network that is infected.
- Visiting disreputable websites.
- Additional software gets installed during the install of trustworthy software.
What is a computer virus?
A computer virus is a type of malware that propagates by inserting a copy of itself into and becoming part of another program. It spreads from one computer to another, leaving infections as it travels. Viruses can range in severity from causing mildly annoying effects to damaging data or software.
For example, the virus might install some spyware (software that watches what you do with your computer), it might search your computer for credit card information, or it might install software that gives someone remote control of your computer (turning it into a 'zombie').
How do I reduce the risks of getting malware?
Keeping your operating system up to date.
Using up to date anti-virus software.
Not opening an email attachment unless you are expecting it and know the source (many email servers scan emails with anti-virus software on the user's behalf).
Not allowing other users to use their own memory stick on your system.
Only downloading files from reputable web sites.
Avoiding software from unreliable sources.
How does antivirus work?
Real Time Scanning Antivirus software runs in the background on your computer, checking every file you open. This is generally known as on-access scanning, background scanning, resident scanning, real-time protection, or something else, depending on your antivirus program. | |
Full system scanning A full system scan is helpful when you’ve just installed an antivirus program – it ensures there are no viruses lying dormant on your computer. Most antivirus programs set up scheduled full system scans, often once a week. This ensures that the latest virus definition files are used to scan your system for dormant viruses. | |
Virus definitions Your antivirus software relies on virus definitions to detect malware. That’s why it automatically downloads new, updated definition files – once a day or even more often. | |
Heuristics Antivirus programs also employ heuristics. Heuristics allow an antivirus program to identify new or modified types of malware, even without virus definition files. It looks for patterns or strange behaviour that is like a virus. |
Define encryption and describe its use
The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text.[6]
There are two main types of encryption:
- asymmetric encryption (also called public-key encryption)
- symmetric encryption
Symmetric encryption
Same password to encrypt and decrypt
Requires an algorithm and a key
Weakness how to transit password
Good for encrypting hard disk
Examples
Bitlocker[7]
Symantec Endpoint Encryption[8]
DiskCryptor[9]
Filevault[10]
Asymmetric encryption
In an asymmetric key encryption scheme, anyone can encrypt messages using the public key, but only the holder of the paired private key can decrypt. Security depends on the secrecy of the private key.
Sending emails is a good example of where asymmetric encryption is used. This is shown in the diagram below. Here are the steps:
- Bob writes and email and it is encrypted with Alice’s public key. This key is publicly available.
- Alice receives the message and is able to decrypt it with her private key which only her email account knows.
The process works because the public and private key are related and only Alice is able to decrypt the message. It is quite complicated mathematically but it is similar to the following process:
- Mr Brooke wants to send a secret message to Mr Machemer. So he writes the message and puts it in a box.
- Mr Machemer has a series of publicly available padlocks (public key) that anyone can use to lock the box.
- The box is locked with the padlock (public key) and sent to Mr Machemer.
- MR Machemer is the only person with the keys to the padlock (private key) so when he receives the box he can unlock the padlock (the public key) with his key (the private key)
List the principles of a typical data protection act
The Data Protection Act controls how your personal information is used by organisations, businesses or the government.[11]
Everyone responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
- used fairly and lawfully
- used for limited, specifically stated purposes
- used in a way that is adequate, relevant and not excessive
- accurate
- kept for no longer than is absolutely necessary
- handled according to people’s data protection rights
- kept safe and secure
- not transferred outside the UK without adequate protection
There is stronger legal protection for more sensitive information, such as:
- ethnic background
- political opinions
- religious beliefs
- health
- sexual health
- criminal records
Many countries have differnet policeis relating to data protection.
Network communication
Facsimile communication
There are two Two main methods to send faxes
- Online Fax
- Fax machine
Fax machine
Fax is short for ‘facsimile’ which means ‘copy’.
A fax machine is a device that can send a copy of a paper document over the telephone network.
- The sending fax converts the light/dark areas of the printed document into noises.
- These noises travel through the phone system and are received by another fax machine.
- The receiving fax machine converts the noises into printed marks on a piece of paper - making a copy of the original document.
Online fax
Online faxing is sending a fax using an internet connection. Many online faxing services allow you to send these faxes through your web browser, email application, online account and more.
Compare online fax and fax machine
Online Fax | Fax Machine |
Reduced cost Encrypted transfer (https) Time saving Access on the go on any device | Simple easy to use and many offices have them More costly than online fax Physical copy of fax. Storage and privacy concerns Everything needs to be in order (toner, paper, paper james, busy signals, other faxes) |
Describe email communication, including the use of attachments
What is email?
- email stand for electronic mail
- each email has its own mailbox
- emails can contain text, images, links etc.
- emails can have attachments
email advantages | email disadvantages |
Free Easy to send to groups of people Messages can be encrypted Quick Files can be attached Send at any time | Spam Can waste a lot of time in workplace Can contain viruses Have to wait for response Need email address and computer Need to know the email address of the other person |
Describe the advantages and disadvantages of using email compared with faxing
Faxes are still seen by some as more secure as they are sent from machine ot machine and as they travel in analogue signals through the phone line require specialist methods to hack. Whereas emails sent unencrypted may be easier to intercept. However these days most emails are encrypted by default and so harder to hack.
Emails can be printed from any machine but a fax will only come out in the fax machine so there is less likelihood that the fax can be seen by others. However fax machines are not always kept in secure areas.
A fax machine will automatically send confirmation of the fax being received but this is not always the case with an email. You can check if it was delivered but not read.
As the fax is printed it is in some cases more likely to be actually read rather than an email which may be deleted or ignored or worse sent to the spam folder.
Signatures can be made on faxes and sent and this provides a legal document. This cannot be done in email. However there are now many ways to make a “digital signature” on an email or other digital document that is equally binding.
Describe video-conferencing, including the hardware used
Video-conferencing is a system that allows people to have conversations and meetings with other people in different locations, but without leaving their office.
A video-conference involves people sitting in front of a camera and a microphone, whilst watching other people of a screen and listening to them through loudspeakers.
The system uses the following hardware:
- Video camera
- Monitor
- Microphone
- Loudspeakers
- High-speed network / Internet connection
Video conferencing advantages | Video conferencing disadvantages |
|
|
Describe audio-conferencing
Audio conference calls allow more than just two people to join the call.
There are several common causes of poor quality conference calls:
- People simply not showing up.
- Lack of familiarity with behaviour and protocol.
- Lack of familiarity with equipment and technology.
- Background noise and disturbances.
- Poor coordination by call-initiator.
- Lack of moderator
Describe web-conferencing and how it can be linked to either video- or audio-conferencing
Web conferencing is a form of real-time communications in which multiple computer users, all connected to the Internet, see the same screen at all times in their Web browsers. Some Web conferencing systems include features such as texting, VoIP (voice over IP) and full-motion video.
http://www.gotomeeting.com/online/[12]
https://www.anymeeting.com/[14]
Michael Brooke
[1] "Google 2-Step Verification." 2013. 31 May. 2015 <https://www.google.com/landing/2step/>
[2] "KeePass Password Safe." 2006. 18 May. 2015 <http://keepass.info/>
[3] "LastPass | The Last Password You Have To Remember." 2008. 18 May. 2015 <https://lastpass.com/>
[4] "What Is the Difference: Viruses, Worms, Trojans, and ... - Cisco." 2007. 18 May. 2015 <http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html>
[5] "What Is the Difference: Viruses, Worms, Trojans, and ... - Cisco." 2007. 18 May. 2015 <http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html>
[6] "What is Encryption? Webopedia." 2003. 18 May. 2015 <http://www.webopedia.com/TERM/E/encryption.html>
[7] "BitLocker Drive Encryption - Microsoft Windows." 2009. 18 May. 2015 <http://windows.microsoft.com/en-us/windows7/products/features/bitlocker>
[8] "Symantec Endpoint Encryption | Symantec Store." 2014. 18 May. 2015 <http://buy.symantec.com/estore/clp/productdetails/pk/endpoint-encryption>
[9] "DiskCryptor wiki." 2011. 18 May. 2015 <https://diskcryptor.net/>
[10] "Complete guide to FileVault 2 in Lion | Macworld." 2012. 18 May. 2015 <http://www.macworld.com/article/1162999/complete_guide_to_filevault_2_in_lion.html>
[11] "Data protection - GOV.UK." 2012. 18 May. 2015 <https://www.gov.uk/data-protection/the-data-protection-act>
[12] "GoToMeeting: Easy Online Meetings With HD Video ..." 2004. 18 May. 2015 <http://www.gotomeeting.com/>
[13] "Cisco WebEx Web Conferencing, Online Meetings, Desktop ..." 18 May. 2015 <http://www.webex.com/>
[14] "AnyMeeting - Video Conferencing, Web Conferencing and ..." 2011. 18 May. 2015 <https://www.anymeeting.com/>