Security

 

In this section we will look at how to keep data safe and secure, and the techniques people use to jeapordise this security.

KEEPING DATA SAFE FROM ACCIDENTAL DAMAGE

Accidental damage is a huge risk to your data if you do not take measures to prevent it. It can cause the loss of important documents and files, or even entire servers of information. Accidents which affect data loss could include fires, natural, disasters like floods and accidental deletion. There are several ways to prevent accidental damage:

hddbroken

KEEPING DATA SAFE FROM UNAUTHORISED ACCESS

Perhaps an even more worrying scenario is someone getting access to your data who should have access to it. This can be a huge problem for well-known companies and government organisations who constantly find themselves the target of cyber attacks. The following steps can prevent this or at least reduce the risk:

password

THE DIFFERENT TYPES OF OPERATING SYSTEM
SSL

We've looked at keeping things safe on your own computer system, but what about if you're sending things over the internet. How can you prevent people from intercepting them? Every day millions of transactions take place online, and credit card numbers, bank account details and addresses are transferred without a thought for how they might be protected. The key to protecting these is an encryption system called SSL. SSL stands for Secure Socket Layer (although the newer version is called TSL - Transport Socket Layer).

SSL is way of 'encrypting' your data online. This means that instead of transferring your bank details, your computer turns them in to an unreadable code before it sends them using a complex system of encryption. The receiving computer knows how to unscramble the code but doesn't share this information with anyone else. They unscramble the code and use the bank details to make the transaction. This means that if someone steals the bank details on the way to their destination, they can't read them.

PUBLIC KEY AND PRIVATE KEY ENCRYPTION

To encrypt data you need to have a 'key'. A key just means the method that you use to make the code secret or to turn it back in to a readable piece of information. You may have used encryption before to create coded messages in school. A simple method is to move every letter up a certain number of times. For example, replace all Cs with Fs, all Js with Ms etc. This is called private key encryption. The way that the code is created has to be kept private otherwise someone will easily be able to unscramble the sentence. If I were to tell you the key of my code was moving all the letters up 3 places in the alphabet you'd know exactly what I was writing.

ppkeys

The problem with using private key encryption online is that as well as sending your encrypted information to the place you're buying things, you also have to send the key (the method of unscrambing the data) otherwise they won't be able to read it. This means that any hackers intercepting information will be able to get the key as you send it

To overcome this problem, SSL uses something called public key encrytion. This means that the method of encrypting your data (making it secret) is different from the method used to decrypt it (make it readable again). When you are ready to send your bank details, the receiving computer will send you a code to use to encrypt your information. This is called the public key. The public key can only be used to encryp and not decrypt. The receiving computer then uses their private key which they never give out to decrypt the bank details you sent. Imagine a door which has two keys, the public key locks the door but only the private key can unlock it.

This might sound impossible - if I replace all Fs with Js to make the code, how can it be a different system to turn it back. The answer is that public key encryption like SSL uses two keys which are mathematically linked by using prime numbers. This means that by knowing the way to encrypt the code, you don't know the way to decrypt the code. For example, I could tell you that my public key was 54 but you wouldn't know that my private key was 48+6 as it could be a large combination of possible products.

By using public key encryption it means that if someone gets hold of the public key all they can do is encrypt things. The private key is never sent out and remains safe on the server of the receiving computer.

KEY LENGTH

How strong public key encryption is is based on how long the 'key' is. The length of the key relates to how many possible combination there are.

For example, a key length of two would mean that there are only two possible combinations for the code. This obviously wouldn't take long as you only have to try a maximum of two methods to crack the code.

On computers, key sizes are measured in bits. For example, 128 bit encryption means that there are 128 0s and 1s in the key. Therefore there are 2 to the power of 128 possible combinations. This is 340,282,366,920,938,463,463,374,607,431,768,211,456 possibilities. With this many possible combinations it would take a long, long time to figure out the key just by trying different combinations.

It is possible to use massive key lengths like 1024 bit. However, it's pointless simply because a computer would never be able to figure out a key length of half that size.

HOW HACKERS WORK

hacking

The main reason we use any of the systems above is to prevent hackers. Hacking is to unlawfully gain access to a computer system, and there are many ways of doing it, as you will see. Below is a table showing the most popular methods hackers use to gain access to our information, and how you can prevent them

BRUTE FORCING

Using a program called a brute forcing bot (short for robot) to try a large combination of passwords to gain access to a system. The program has a list of possible passwords (or a dictionary) and tries each one in turn at a very high speed. This is the reason some websites as you to pass a 'captcha' when you enter a password - to prove you are not a bot program.

 

 

PREVENTION

Make sure you have a long and complicated password which contains both letters and numbers. Also, website developers can ensure they use systems like captcha to prevent bots.

captcha

PORT SCANNING

A port is a virtual connection from the internet to your computer. There are several ports which are assigned to programs so that they can have access to the internet so that they can run automatic updates and download features. Sometimes these ports are left 'open' meaning that anyone get get access to your computer using them. A port scanning program isused to find these

PREVENTION

Make sure you have a firewall installed on your computer. A firewall is a piece of software which scans each incoming and outgoing connection to a computer to make sure they are safe.

WAR DRIVING

War driving is simply the act of driving around and looking for unsecure WIFI networks. These can then be used to access the internet to hack without being traceable.

PREVENTION

Always have a complex password for your WIFI connection and change it regularly.

PASSWORD CRACKING

A website or program which asks you for a password has been programmed to do this in the code. Hackers are sometimes able to find this code and change it so that it no longer asks for password. Software cracking means finding the part of the code which gets a user to register or pay and removing it to access the software for free

PREVENTION

A firewall will again prevent people from gaining access to your computer to change things. Also make sure that you use a reputable web host to host your website who have proper security in place.

SOCIAL ENGINEERING

Some hackers are able to find poasswords and access systems without even using a computer themselves. Social engineering means to psycholoically manipulate a person in to giving you their password or network access. For example a hacker may pretend to be from technical support.

PREVENTION

Never give out your password to anyone even if they claim they have authority.

 

1) Explain the difference between public and private key encryption

2) Give two methods of hacking and explain how to prevent them