SECURITY ASPECTS

In this section we will look at the different threats there are to people using the internet, and how to preven them. You need to be able to understand thre causes, dangers and preventative measures of viruses, hacking, spyware and other types of malware

VIRUSES

A virus is something which is placed on a user's computer for malicious intent. In other words, it is put on there to cause harm. A virus replicates by itself, spreading to different parts of the user's system and causing harm by deleting files and editing settings. Viruses can be loaded on to a user's computer in several different ways. A user may open a file in an email attachement which they think is from someone trustworthy, but the file may actually be a virus which infects their computers. Getting a user to open a virus themselves is known as SOCIAL ENGINEERING. This is a popular way of getting a virus on to a system, as it eliminates the lengthy process of looking for complex ways of the virus entering the computer. A hacker may also gain access to a user's computer without them knowing and place a virus on the system.

Virsuses can have many different intentions. Some people create viruses simply to cause havoc and for no other reason. They do not gain anything by creating the virus, but simply do it to disrupt other users. Other viruses may be created specifically to target aspects of a system. One famous example of this was Stuxnet, which was a virus created to take control of the centrifuge of a nuclear reactor in a powerstation. The virus was loaded on to the centrifuge software through the technician's laptop and could make the centrifuge spin too fast and become damaged. The virus was incredibly complex and it is not widely known who created it.

PREVENTING VIRUSES
Viruses can be prevented from causing harm by users understanding them. If a user understands the dangers of opening an email file attachment or running a program from an untrustworthy source, then the risks are reduced. Users can also install anti-virus software which prevents some viruses from infecting the system. Anti virus software looks for what the files on a computer are trying to do. If a simple Word document is trying to access the internet and delete other files, the anti-virus software will remove it from the system and warn the user. The software can either perform a full scan, in which every file on the computer is checked or it can perform an on-access scan where each file is checked as it is opened by the user. Rather than deleting viruses, the software usually 'quarantines' them, which involves putting them in a special folder where they cannot access any other program.

HACKING

Hacking means to gain unauthorised access to a computer system. It has a long history, dating back as long as computer systems themselves and isn't always used to do harm. Some famous hackers have accessed systems just out of interest, to prove conspiract theories or simply to test out their hacking skills. As with viruses, there are numerous methods of a hacker gaining access to a system, some more complicated than others:

This works exactly as it does in viruses - someone persuades another person to let them have access to their computer system by using confidence trickery or some other means of making their request seem normal and harmless. For example, a person could pretend to be someone else in order to gain a password, or could get someone to install a program which gives them access. You could also persuade someone to enter their personal information by using PHISHING. This involves setting up a fake website which looks like a real one, for example for a bank or social networking account. The user thinks the website is genuine and so enters their infomation which actually goes directly to the hacker.

Brute forcing involves trying a password to a system over and over again until you get it correct. Obviously, to do this yourself could take longer than you have to live, so hackers design programs to do it for them. A program will be loaded with a dictionary or other list of words and will attempt each until it has success. This is one of the reasons it is suggested that you include a number and an uppercase letter in your password. It is also the reason we see Captcha software being used to get a user to enter a word from a scrambled picture when they log on. Creating a computer program that can read Captcha is difficult and so this reduces the chance of succesful brute-forcing.

On any internet connected computer are a number of virtual 'ports'. These ports are like doors from the internet to the computer and are set up to allow programs to access the internet without having to ask the user. For example, a program might use an open port to auto-update without having to ask the user. These ports can be used by hackers to gain access to your system. Running a 'port scanner', a hacker can find an open port on your computer which acts like a 'back door'. They can then use this open port to access your files and information.

PREVENTING HACKERS

There are a few simple steps to prevent hackers from entering your system. The first, and most simple is to choose a strong password. A strong password would be a random collection of numbers, letters and symbols with the letters being both upper-case and lower-case. This would prevent a hacker from guessing your password, and would also make it difficult for a brute forcing program to use a dictionary to guess your password. Changing it frequently is also advised.

firewall
A firewall can also be installed. A firewall acts as protection between your computer and the internet. Any information going in or out is checked to try an ensure that it is something allowed and not a hacker attempting to gain access to your computer. This makes it difficult for hackers to use open ports, as the firewall will detect this incoming connection and warn the user that it is happening.

INTERNET SECURITY

Each day, millions of transactions are made over the internet. To ensure these transactions are secure, special 'internet protocols' have been designed to prevent hackers and criminals from gaining access to the bank account information which is supplied during purchasing and transferring money. A protocol simply means 'a way of doing something'. An internet security 'protocol' is just a series of steps taken to make sure that the information you transfer online is as secure as possible.

secure

You can usually tell when you are entering in to a secure protocol as your browser will show it in some way. The HTTP may be replaced by HTTPS (The 's' standing for 'secure') or you may get a small image of a padlock in the top left corner.

In the early days of networked computing, information was encypted by using a shared 'key'. The key was a file which was sent from the receiving computer to the sending computer which gave details on what code to use to encrypt the information. This was known as the 'public key'. The sending computer would use the code to encrypt the information and then send it across. The receiving computer would use the same code to then decrypt the message. However, there was a problem with this. What if someone intercepted the public key while it was travelling from the receiving computer to the sending computer? That person would then have the method of unscrambling the data and could steal whatever was being transferred.

This problem was eventually solved with something called 'private key encryption'. Private key encryption uses two different keys. Let's say that you're buying something from Amazon and you get o the payment screen. Using private key encryption, Amazon would send your computer a copy of the public key. This key would be used to encrypt your bank details and then send them back to Amazon. Amazon however had another key which they never realesed to anyone. This key was used to decrypt the information which was sent back to it. This was called the private key. In private key encryption, the key that is transmitted can only be used to encrypt information. It cannot be used to decrypt it - only the private key can be used for that. They keys are connected mathematically but one cannot be worked out by having access to the other. This method means that if a hacker intercepts the public key it doesn't matter - they still can't unscramble the code without the private key, which is kept very secret by Amazon. Public key encryption is often called symmetric encryption because it uses the same jey whereas private key encryption is called asymmetric encryption. The diagram below gives a simple explanation of how this works. Click to enlarge.

encryption

We will take a look at two of these methods of securing your information below:

SSL stands for Secure Socket Layer. It is a secure channel of communication between one computer and another. When you visit a site using SSL the site checks that your browser can support it. If it can the site sends a certificate to prove its authenticity. Certificates are obtained by the website owner by applying to a certificate authority with their details. This ensures that the website is geniune and that the session will be truly secure. The user's browser checks the certificate and that it has been signed by a geniune authority - if everything goes OK, it open a secure channel of communication with the website server. The two computers also agree which protocol to use to encrypt the information. The user's browser then uses the public key provided by the web server to encrypt the information and send it over. The web server uses the private key to decrypt it ensuring that no one can gain access to the information.

TSL stands for Transport Layer Security. It works in exactly the same way as SSL but is a newer version and therefore has been assigned a different name. It is now the universally used method of encryption over a web server but confusingly, people still often use the term SSL when referring to this. TSL was released to patch some known security vulnerabilities in SSL.

HTTPS stands for (Hyper Text Protocol Secure). When you connect to a regular unsecure website, HTTP is used which is simply a method of transferring the web pages from the server to you. The S on the end tells the browser, and therefore the user that the current session is secure. HTTPS just means that the website is transferring information using an SSL/TLS encryption method.