This is the concluding part of the two part series on Safety and Security.  In this part, we will learn about firewalls, security protocols SSL & TLS, Encryption, Digital certificates, biometrics, fingerprint scans, retina scans, credit card frauds, cloud security.

What is a Firewall?

Firewall is a device or a piece of software that is placed between your computer and the external network (where the hacker is, e.g., the internet).

If you wish to protect your whole LAN from the hacker on the internet, you would place a firewall between the LAN and internet connection.

What are the tasks carried out by a Firewall?

Firewall carries out the following tasks:

  1. Examines the 'traffic' between a user's computer (or internal network) and a public network (for example, the internet).
  2. It checks whether incoming or outgoing data meets a given set of criteria.
  3. If the data fails the criteria, the firewall will block the traffic and give the user (or network manager) a warning that there may be a security issue.
  4. The firewall logs all incoming and outgoing traffic to allow subsequent investigation by the user (or network manager).
  5. Criteria can be set so that the firewall prevents access to certain undesirable sites; the firewall can keep a list of all undesirable IP addresses.
  6. It is possible for firewalls to help prevent viruses or hackers entering the user's computer network.
  7. It is also possible for firewalls to help prevent hackers gaining access to the user's computer or network. This can be done by blocking IP addresses, but it should be pointed out that hackers can still have access to a computer or network if they are using an allowed computer.
  8. The user is warned if some software on their system is trying to access an external data source (for example, an automatic software upgrade); the user is given the option of allowing it to go ahead or request that such access is denied.

The firewall can be a hardware interface that is located somewhere between the computer and the internet connection, in which case it is often called as a gateway. Alternatively, the firewall can be software installed on a computer; in some cases this is part of the operating system.

All of these issues require management control (or personal control on a single computer) to ensure that the firewall is allowed to do its job effectively.

What are the circumstances or situations when a firewall cannot prevent potential harmful traffic?

In the following circumstances the firewall cannot prevent potential harmful traffic:

  1. Individuals on internal networks using their own modems cannot be prevented from bypassing the firewall.
  2. Employee misconduct or carelessness cannot be controlled by firewalls (for example, control of passwords or user accounts).
  3. Stand-alone computer users disabling the firewall on the machines, leaving their computer open to harmful traffic from the internet.

What is a Security Protocol?

Security Protocols are sets of rules used by computers to communicate with each other across a network — when using the internet.

Explain Secure Sockets Layer (SSL).

Secure Sockets Layer (SSL) is a type of protocol that allows data to be sent and received securely over the internet.

SSL encrypts the data when a user logs on to a website. Only the user's computer and the web server understand what is being transmitted. A user can find out whether SSL is being applied if they see https as part of the website address or the small padlock in the status bar at the top of the screen.

Explain how the communication between browser and web server takes place using SSL connection.

The user's web browser sends a message so that it can connect with the required website, which is secured by SSL.

The web browser requests that the web server identify itself. The web server responds by sending a copy of its SSL certificate to the user's web browser.

If the web server can authenticate this certificate, it sends a message back to web server to allow communication to begin. Once this message is received, the web server acknowledges the web browser and the SSI-encrypted two-way data transfer begins.

What are SSL certificates?

SSL certificates are small data files that digitally bind an encryption key to an organisation's details. When installed on a web server, it shows as the green padlock and the https protocol and ensures secure connections from a web server to a web browser.

Explain Transport Layer Security (TLS).

Transport Layer Security (TLS) is similar to SSL but is a more recent security system. TLS is a form of protocol that ensures the security and privacy of data between devices and users when communicating over the internet. It is essentially designed to provide encryption, authentication and data integrity (data integrity is maintaining the accuracy and the consistency of data) in a more effective way than its predecessor, SSL.

When a website and a user communicate over the internet, TLS is designed to prevent a third party hacking into this communication and causing problems with data security.

TLS is made up of two layers:

  1. Record Protocol: This part of the communication can be used with or without encryption. It contains the data being transferred over the internet.
  2. Handshake Protocol: This permits the website and the user to authenticate each other and to make use of encryption algorithms to establish a secure session between user and website.

Only the most recent web browsers support both SSL and TLS, which is why the older SSL is still used in many cases. But then the question arises as to what are the main differences between SSL and TLS, as both effectively do the same thing?

  1. It is possible to extend TLS by adding new authentication methods.
  2. TLS can make use of session caching, which improves the overall performance compared to SSL.
  3. TLS separates the handshaking process from the record protocol or layer, which holds all the data.

Session caching

When opening a TLS session, it requires a lot of computer time mainly due to the complex encryption keys being used. The use of session caching can avoid the need to utilise so much computer time for each connection. TLS can either establish a new session or attempt to resume an existing session; using the latter can boost system performance considerably.

Note: A cache is a collection of processed data that is kept on hand and reused in order to avoid costly repeated database queries.

What is Encryption?

Encryption is a process which converts information into a form that is meaningless to anyone except holders of the key. E.g., Email message sent by using encryption is meaningless to others without the decription key. Here, even if the message is hacked or accessed illegally, it is useless to them without the decryption key, though encryption cannot prevent hacking.

Encryption uses a secret key that has the capability of altering the characters in a message. If this key is applied to a message, its content is changed, which then makes it unreadable unless the recipient also has the same secret key. When this secret key is applied to the encrypted message, it can be read.

The key used to encrypt or encode the message is known as the encryption key; the key used to decrypt or decipher the message is known as the decryption key. When a message undergoes encryption it becomes cypher script; the original message is known as plain text.

Encryption is used by countries to protect secrets. Military use encryption to protect important messages sent to the armies. These messages are secret messages and confidentiality is needed to protect it or guard it from enemies.

Why is Authentication used?

Authentication is used to verify that data comes from a secure and trusted source. It works with encryption to strengthen internet security.

What is a Digital certificate?

A digital certificate is a pair of files stored on a user's computer. These are used in the security of data sent over the internet. Each pair of files is divided into:

  1. A public key which is known to anyone and
  2. A private key which is known to the computer user only.

For example, when sending an email, the message is made more secure by attaching a digital certificate. When the message is received, the recipient can verify that it comes from a known or trusted source by viewing the public key information which is usually part of the email attachment. This is an added level of security to protect the recipient from harmful emails. The digital certificate is made up of six parts:

  1. The sender's email address
  2. The name of the digital certificate owner
  3. A serial number
  4. Expiry date or the date range during which the certificate is valid
  5. Public key which is used for encrypting messages and for digital signatures
  6. Digital signature of certificate authority (CA) - an example of this is VeriSign.

Operating systems and web browsers maintain lists of trusted CAS.

Passwords

When logging on to a system (for example, a bank website), a user will be asked to type in their password - this should be a combination of letters, numbers and special characters that would be difficult for somebody else to guess. Strong passwords should contain upper case and lower case characters, as well as numbers and other keyboard symbols, for example: [email protected]~9=vmz

When the password is typed in, it often shows on the screen as ********* so nobody overlooking can see what the user has typed in. If the user's password doesn't match up with the user ID then access will be denied. Many systems ask for the password to be typed in twice as a verification check. To help protect the system, users are only allowed to type in their password a certain number of times - usually three times is the maximum number of tries allowed — before the system locks the user out. After that, the user will be unable to log on until the system administrator has reset their password.

For example, if a user forgets their password when using the internet, they can request that the password is sent to their email address. The password is never shown on the computer screen for reasons of security.

Passwords should be changed on a regular basis in case they become known to another user or even a hacker. In particular, it is important to prevent other people gaining access to your password by way of spyware or viruses.

It is often necessary to use a user ID or log in ID as well as a password. This gives an additional security level since the user ID and password must match up to allow a user to gain access to, for example, a bank website.

Biometrics

Biometrics relies on certain unique characteristics of human beings; examples include:

  1. fingerprint scans
  2. signature recognition
  3. retina scans
  4. iris recognition
  5. face recognition
  6. voice recognition.

Biometrics is used in a number of applications as a security device. For example, some of the latest mobile phones use fingerprint matching before they can be operated; some pharmaceutical companies use face recognition or retina scans to allow entry to secure areas.

Fingerprint scans

Images of fingerprints are compared against previously scanned fingerprints stored in a database; if they match then access is allowed. The system compares patterns of 'ridges' and 'valleys', which are fairly unique (accuracy is about one in 500). An example of its use would be as a security method for entering a building.

Advantages of fingerprint scanning applications

  1. As every person's fingerprints are unique, this technique would improve security as it is difficult to replicate a person's fingerprints.
  2. Other security devices like magnetic cards can be lost or even stolen, which makes them less effective.
  3. It would be impossible to 'sign in' for somebody else since the fingerprints would match up to one person only on the database.
  4. Fingerprints can't be misplaced; a person always has them!

Disadvantages of fingerprint scanning applications

  1. Relatively expensive to install and set up.
  2. If a person's fingers are damaged through an injury, this can have an effect on the scanning accuracy.
  3. Some people may regard it as an infringement of civil liberties.

Retina scans

Retina scans use infrared light to scan the unique pattern of blood vessels in the retina (at the back of the eye). It is a rather unpleasant technique, requiring a person to sit totally still for 10 to 15 seconds while the scan takes place. It is very secure as nobody has yet found a way to duplicate blood vessels patterns (the accuracy is about one in ten million).

Give a comparison of six common biometric techniques.

Given below is the comparison of their strengths and weaknesses of the six biometric techniques:

Biometric technique Comparative accuracy Comparative Devices needed acceptability What can interfere with the procedure
Fingerprint scans high accuracy medium scanner medium damaged fingers (e.g., cuts)
Signature recognition low accuracy medium an optical pen high signatures can change with time
Retina scans high accuracy high digital camera low irritation of the eye
Iris recognition high accuracy high digital camera low wearing of glasses
Face recognition medium-low accuracy medium digital camera high facial hair or glasses
Voice recognition medium accuracy medium microphone high background noise or person has a cold

What are the advantages and disadvantages of the six common biometric techniques?

The following are the advantages and disadvantages of the six common biometric techniques:

Biometric technique Advantages Disadvantages
Fingerprint scans 1. One of the most developed biometric techniques. 1. For some people it is very intrusive, since it is still related to criminal identification.
2. Very high accuracy. 2. It can make mistakes if the skin is damaged. (e.g., cuts).
3. Very easy to use.
4. Relatively small storage requirements for the biometric data created
Signature recognition 1. Non-intrusive. 1. If individuals do not sign their names in a consistent manner there may be problems with signature verification.
2. Requires very little time to verify (about five seconds). 2. High error rate. (one in 50).
3. Relatively low-cost technology.
Retina scans 1. Very high accuracy. 1. It is very intrusive.
2. There is no known way to replicate a person’s retina. 2. Can be relatively slow to verify retina scan with stored scans.
3. Very expensive to install and set up.
Iris recognition 1. Very high accuracy. 1. Very intrusive.
2. Verification time is generally less than five seconds. 2. Uses a lot of memory for the data to be stored.
3. Very expensive to install and set up.
Face recognition 1. Non-intrusive method. 1. It is affected by changes in lighting, the persons hair, their age, and if the person is wearing glasses.
2. Relatively inexpensive technology.
Voice recognition 1. Non-intrusive method. 1. A persons voice can be recorded easily and used for unauthorised access.
2. Verification takes less than five seconds. 2. Low accuracy.
3. Relatively inexpensive technology. 3. An illness, such as a cold, can change a person' voice, making absolute identification difficult or impossible.

How do online credit card frauds happen?

In spite of various security systems that are in place in organisations, online credit card frauds happen and are very common. The mainly happen because of the following reasons:

  1. Hackers gaining access of a user's computer through the use of spyware, phishing or pharming; any of these methods can trick a user, who is not particularly IT literate, to be tricked into giving personal and financial details, which in turn, enables the hacker to gain full access to a user's account; this can lead to unauthorised purchases or even removal of money from an account, if it remains undetected for a few days.
  2. If the passwords are weak and no encryption is in place, then it is very easy to break these passwords and gain illegal access to bank and credit card accounts.
  3. Always type in a web address or URL instead of 'copying and pasting' from an email or other websites as many a times these web addresses/URLs are altered very slightly in the email and the user ends up visiting a fake website. Once they visit the fake website it is possible that they will give personal and financial details to a fraudster without the user's knowledge.
  4. If internet access is through wireless technology, it is very important that the wireless network is password protected as it is very easy to tap into the network without the password.
  5. When using public Wi-Fi hotspots like restaurants or airports, it is important to be very vigilant as there is always the risk of somebody monitoring internet usage in the area and trying to tap in to the data that is going to and from any computer using this wireless link.
  6. Even large organisations can be subject to cybercrimes; in recent years, the cloud and some large retail companies have been the targets for hackers, which leaves customers very vulnerable. E.g. The recent hacking of servers (May 2020) of UK's low cost airline Easyjet, where 9 million travellers data was stolen by the hackers.

What are precautions that users can take to avoid online credit card frauds?

There are a number of simple precautions users can take to avoid online credit card frauds:

  1. Always use varied and complex passwords for all your accounts.
  2. Always check the accuracy of bank accounts on regular basis and resolve any discrepancies immediately.
  3. When providing any personal information on sites ensure that they have 'https' in the web address or have the 'padlock' icon in the web browser.
  4. Remember never to provide any personal information to any unsolicited requests for information as these are often signs of phishing attacks.
  5. Never open emails or attachments from unknown senders.
  6. On regular basis delete all messages from your spam folder.
  7. Report any suspicious phishing activity to the company that is used by the perpetrator.
  8. When downloading any software from websites, ensure that they can be trusted.

What is Cloud security?

Several computer, especially tablets and laptops and mobile phone manufacturers, encourage customers to store or backup their files on a medium known as the cloud. Once users purchase cloud storage, they can access all their files including photos, videos, music and e-books from any device anywhere in the world.

This has the following advantages:

  1. The need to carry memory sticks or USB drives is done away with, if you wish to access your files away from home.
  2. There is no need to pay for large storage capacity on your computer/tablet or mobile phones.
  3. The possibility of losing irreplaceable data is drastically reduced as the cloud is controlled by large specialist companies who ensure that your files are backed up regularly.
  4. The backed up files are synchronised automatically across all devices resulting in the latest version of a file saved on say, a desktop PC at home, being available on your laptop or even your smartphone.
  5. Cloud storage is also ideal for collaboration purposes; it allows several users to edit and collaborate on a single file or document — there is no need to worry about tracking the latest version or which user made the changes.

However, in spite of all these advantages, security concerns still exist about using cloud storage. The main fears are data security and data loss.

Data security

When companies transfer vast amounts of confidential data from their own systems to a cloud service provider, they are effectively relinquishing control of their own data security. This raises number of questions:

  1. The buildings where the data centres are housed what is the physical security that is available there?
  2. Are the cloud service provider's data centres adequately protected against natural disasters or power cuts?
  3. Has the cloud server provider taken adequate safeguards regarding their personnel? Can they access the confidential data and use it for monetary gains?

Data loss

There is a risk that important and irreplaceable data could be lost from cloud storage facilities. Actions from hackers (gaining access to accounts or pharming attacks, for example) could lead to loss or corruption of data. Users need to be certain sufficient safeguards exist to overcome these potentially very harmful risks.

In late September 2014, three breaches of security involving two of the largest cloud service providers showed why many of the above fears make people a little nervous of using this facility to store their important files:

  1. The XEN security threat, which forced several cloud operators to reboot all their cloud servers; this was caused by a problem in the XEN hypervisor (a hypervisor is a piece of computer software, firmware or hardware that creates and runs virtual machines).
  2. A recent case where a large cloud service provider permanently lost data during a routine backup procedure.
  3. The celebrity photos cloud hacking scandal, where over 100 'interesting' photos of celebrities were leaked; hackers had gained access to a number of cloud accounts, which enabled them to publish the photos on social networks and to sell them to publishing companies.

All of the reasons above have made individuals and companies nervous about using cloud service providers. A 'game' between hackers and owners of online service companies continues to simmer. If users are vigilant when using devices connected to the internet, the possibility of being a victim of cybercrime is considerably reduced.

This is the end of this guide. Hope you enjoyed it! Thanks for using www.igcsepro.org! We hope you will give us a chance to serve you again! Thank you!