Security Mechanisms

CAPES NOTES

Objective #14 & 15: Compare various security mechanisms & Explain the meaning of

terms related to the security of Information Technology Systems

Physical Access Control-

This is a security measure that is used to protect a computer system from being physically
accessed by people. For example, the computers in the computer lab are physically protected
when an authorized person is present or when the lab is properly closed.

1. Fire/water proof cabinets - These are used to keep valuable files, money and other important
items safe, in the event of a fire. These cabinets are also designed to protect the stored valuables
from water damage.

2. Archiving- This is when data that is no longer being used or active, is moved to a different
location from files currently being used. An example would be removing old mails in Gmail or
yahoo account and storing them in a place or location by themselves.

3. Backup and recovery procedures – This is when a copy is made of important data, in the
case of something going wrong on a computer system (machine no longer works) or files
become lost.

4. Propriety data and software- This is when data can be stored in formats that may not be
compatible with another software. These types of software are normally copyrighted and has a
Security Mechanisms

limitation to the extent to which it may be used. For example, Microsoft word may give users to
ability to use Microsoft Office Word 2013 to an extent as a trial version.

Logical Access Control Measures

1. Passwords – refers to a serious of characters (letters, numbers, and symbols) that enables
a user to gain access to a file/document, computer or a program. Passwords are used to
protect data from being accessed by unauthorized persons. For example: entering of
Facebook passwords, emails or logging into the school’s computer.

Characteristics of effective password

 Not obvious
 Length
 Mixed cases
 Alphanumeric

2. Encryption- Encryption is when data is converted or translated into a secret code. The
scrambled data can only be accessed by someone who has the right encryption key (code) or
password.
3. Authentication- The process of verifying or identifying a user of a device, usually based on a
username and password.
4. Swipe/Key card- Refers to a plastic card which gives access to an individual to proceed
through electronically powered doors. These cards normally contain magnetically encoded
information, which when read, provides access/ entrance into a location. Swipe cards are
normally read by swiping it into a prescribed slot; whereas, a keycards or normally put closed to
the sensor or access spot to allow access.
5. Biometric- Biometric systems is a technological system that uses information about a person,
such as voice, fingerprints, facial recognition, among others.
6. Data integrity- This refers to the accuracy and consistency (validity) of data over its lifecycle.

7. Data Corruption- Data corruption refers to errors in computer data that happens as a result of
writing, reading, storing, processing or transmitting, which introduces unintended changes to
original data.
Security Mechanisms

Objective # 16: Describe the structure of the World Wide Web (WWW) as interconnected
hypertext documents;
Hyperlinks
Hyperlink is a reference to data that a user can click, tap or hover over in order to access an
internal or external file or page.
Home page
The homepage refers to the default page on which a webpage/websites normally loads. It is the
first page and often give details of what the webpage/website is about and contains.

Web page versus web site

A webpage is a single document or file that can be found on the WWW. A group of Web pages
that follow the same theme and are connected together with hyperlinks is called a "Web site."
Web sites and Web pages are written in a coding language that makes it possible to add pictures,
sound and interactivity to plain old text, making people's reading experience more exciting.

Hypertext Transfer Protocol (HTTP)

Hypertext Transfer Protocol (HTTP) is the set of rules for transferring files on the World Wide
Web.

Universal Resource Locator (URL)

Universal Resource Locator is a Web address on the World Wide Web. A URL is the fastest way
to reach a specific Web page; it's easier to find Microsoft by typing in "www.Microsoft.com"
than it is to search for "Microsoft" through a search engine.

Hypertext Markup Language (HTML)

Hypertext Markup Language is a markup language for describing or creating web pages.

Extensible Markup Language (XML)

XML refers to a flexible markup language similar to HTML, which was designed to store and
transport data. XML describes the content in terms of what data is being described. For example:
the word ‘phonenum’ placed within markup tags could indicate that the data that followed was a
phone number.

IP address versus domain name

An Internet Protocol (IP) address is an identifier or numerical label for a computer or device on a
TCP/IP network and its unique for each device and no two devices can have the same IP address.
A domain name on the other hand, is a name that identifies one or more IP address.
Security Mechanisms

Objective #17: Discuss Internet standards in terms of Specifications, guidelines, software

and tools

Hypertext Transfer Protocol (HTTP)

A protocol is a set of rules that governs the communications between computers on a network
(client and server). These rules include guidelines that regulate the following characteristics of a
network: access method, allowed physical topologies, types of cabling, and speed of data
transfer. HTTP is the web’s application-layer protocol for transferring various forms of data
between server and client including: plain text, hypertext, images, videos and audios. The
structure of HTTP includes the client sending a request for something (for example: connection
to yahoo) and then the server returning a reply (supplying the connection to yahoo). HTTP can
support multiple request-reply exchanges over a single TCP connection.

Transmission Control Protocol/Internet Protocol (TCP/IP)

This is the standard communications protocol required for internet computers. TCP/IP
(Transmission Control Protocol/Internet Protocol) technology transmits data by breaking it up
into small pieces, or packets and are commonly used for Internet transmissions.
TCP offers reliable delivery for messages of arbitrary size and it defines a robust delivery
mechanism for all kinds of data across a network. Internet Protocol manages the routing of
network transmissions from sender to receiver, along with issues related to the network and
computer addresses, and much more. Together, TCP/IP transport the vast bulk of data that moves
across the internet, even though they represent only a tiny fraction of the total TCP/IP protocol
collection.