Chapter (8)

Safety and Security

Safety and Security
1. Physical security
2. E-safety
3. Security of data
1. Physical Security
•Health aspects
•Safety aspects
Health Aspects
Health risk

Back and Neck Repetitive strain

Eyestrain
problem injury

Headache Ozone irritation

Health risk: Ways of eliminating risks
• Back and neck problems
• Use adjustable chairs
• Use foot-rest to reduce posture problems
• Use screens that can be tilted to ensure the neck is at the correct
angle
• Repetitive strain injury (RSI)
• Ensure correct posture is maintained
• Make proper use of a wrist rest when using a mouse
• Make use of ergonomic keyboards
• Use voice-activated software
Health risk: Ways of eliminating risks
• Eyestrain
• Change to LCD screens
• Take regular breaks
• Make use of anti-glare screens
• Eye Tested on a regular basic
• Headaches
• Use an anti-glare screen
• Take regular breaks
• Eye tested on a regular basic
• Ozone irritation
• Proper ventilation should exist to remove the ozone gas
• change to other types of printer
• Prepare designated printer room
Safety Aspects
Safety risks

Electrocution Tripping hazard

Personal injury Fire hazard

Safety Risks: Cause
• Electrocution
• Drinks on electric equipment
• Unsafe electrical equipment
• Unsafe electrics in the office
• Exposed wires
• Tripping hazard
• Trailing wires on the floor
• Damaged carpets and other flooring
Safety Risks: Cause
• Personal injury
• Heavy equipment unstable or falling from desks
• Desks collapsing under weight
• Fire hazard
• Overloaded wall sockets
• Overheating of computer equipment
• Exposed wires causing a short circuit
Safety Risks: Ways of eliminating risks
• Electrocution
• Use a residual current breaker (RCB)
• Check insulation on wires regularly
• Don't allow drinks near computers
• Check equipment on a regular basic
• Tripping hazard
• Use cable ducts to make the wires safe
• Cover wires
• Use wireless connections
• Fix wires along walls
Safety Risks: Ways of eliminating risks
• Electrocution
• Use a residual current breaker (RCB)
• Check insulation on wires regularly
• Don't allow drinks near computers
• Check equipment on a regular basic
• Tripping hazard
• Use cable ducts to make the wires safe
• Cover wires
• Use wireless connections
• Fix wires along walls
Safety Risks: Ways of eliminating risks
• Personal injury
• Use strong desks
• Use large desks and tables
• Fire hazard
• Use fire extinguisher
• Don't cover equipment vents
• Ensure good ventilation in the room
• Don't overload sockets
2. E-safety
• E-safety - the benefits, risks and responsibilities when using ICT
Personal Data
• Personal data refers to any data concerning a living person who can be
identified from the data itself or from the data in conjunction with
other information.
eg. name
address or email address
an ID card number/passport number
E-safety issues that can be encountered by users
Don’t give out any personal information to people

Don't send people photos of yourself

Always maintain your privacy settings on whatever device

When accessing the internet make sure the websites being visited can be trusted (check https is used)

Only use websites recommended by teachers

Only open emails from known sources

Only email people you know

It is important to be vigilant when using social networking and instant messaging

How to be careful when using Social networking site
1. Block or report anybody who acts suspiciously
2. Be very careful with the language used in chat rooms
3. Always use a nickname and never your real name
4. Keep private and personal data secret
5. Don't enter private chat rooms and stay public
6. Never arrange to meet anyone for the first time on your own
7. Always tell an adult first and meet the person in a public place
8. Avoid misuse of images
9. Always use appropriate language
10. Always respect people's confidentiality
How to be careful when using online game
• Violence in the game itself, which can lead to violent behavior in reality
• Predators (people who prey on others)
• Cyber bullying (the use of electronic communication to bully a person)
• Use of webcams
• Voice-masking technology
3. Security of data
• Hacking
• Phishing
• Vishing
• smishing
• Pharming
• Viruses
• Malware
• Card fraud
Hacking
The act of gaining unauthorized access to a computer system.

This can lead to identity theft or misuse of personal

information.

Data can be deleted, changed or corrupted.

Use of firewalls
How to protect: Use of strong password
Use of intrusion detection software
Phishing
The attacker sends out legitimate email to target users.

If the recipient clicks on a link in the email, it is redirected to fake

website.

The attacker can gain personal data such as bank account and credit card
number and can lead to identity theft.

Use Email Filtering

How to protect: Be caution when opening email
Don't click on executable attachment from unknown sender
Smishing

Short for SMS phishing Uses the SMS system of mobile phone to If the recipient click the message, it is
send out fake text messages redirected to fake website or ask to make
a telephone call.
Vishing
• This uses a voice mail message to trick the
user into calling the phone number
contained in the message.
Pharming
• This is malicious code installed on a user's
computer, the code will redirect the user to
a fake website without their knowledge
Viruses
 Viruses

• This is a program code or software that can replicate/copy itself with

the intention of deleting or corrupting files on a computer
• Virus can cause the computer to crash and stop functioning
• The virus can delete files or data on a computer
• The virus can corrupt operating system files and making the computer
run slowly
• Install anti-virus software and update it regularly
• Don't use software from unknown sources
Worms
• Worms are a type of stand-alone virus that can self-replicate.
• is to spread to other computers and corrupt whole networks; unlike
viruses, they do not need an active host program to be opened in order
to do any damage
Trojan horse
• Trojan horse is a malicious program which is often disguised as some
legitimate software, but contains malicious instructions embedded
within it.
• Trojan horse replaces all or part of the legitimate software with the
intent of carrying out some harm to the user’s computer system.
Key-logging software (Spyware)

This is software that gathers data by monitoring key presses on user's keyboard.

Spyware gives the originator access to all data entered using a keyboard.

The software is able to install others spyware

Use anti-spyware software to reduce the risk

Adware
• It will attempt to flood an end-user with unwanted advertising.
• Adware can:
» highlight weaknesses in a user’s security defences
» be hard to remove
» hijack a browser and create its own default search requests
Ransomware
• Ransomware are programs that encrypt data on a user’s computer and
‘hold the data hostage’.

References: Table 8.2

Card fraud
• the illegal use of a credit or debit card
• can be due to:
» shoulder surfing when using the card on any device that requires
keyboard entries
» card cloning
» key logging software
Shoulder surfing
• is a form of data theft where criminals steal personal information from
a victim when they are using a cash dispensing machine when paying
for goods/services using a handheld point-of-sale (POS) device or even
when paying using a smartphone
Card cloning
• is the copying of a credit or debit card which uses a magnetic stripe.
• Cloning of this type of card employs an electronic device known as a
skimmer.
Why does online credit fraud happen?
• Hackers gaining access to user’s computer through the use of
spyware, phishing or phaming, it can lead to unauthorised purchases
or transfer of money from one account to another
• The breaking of passwords if the passwords are weak or no
encryption is used.
• User is accessing and visiting fake websites
• If user is using wireless, it is easy to tap in to wireless networks
without password protection.
Protecting against credit fraud
• Always use varied and complex passwords
• Check accuracy of bank accounts
• Only provide personal information on sites that have ”https”
• Don’t provide personal information to any unsolicited requests
• Don’t open emails or attachments from unknown senders
• Delete any messages from your spam folder
• Report any suspicious phishing activity
• Only download software from sites that can be trusted
 Spam

• Spam or junk email is sent out to a recipient who is on a mailing list.

• Spam clogging up the bandwidth on the internet.
• Spam can be linked to phishing attacks.
• Spam Prevention
• Make sure the junk mail filter is kept up to date
• Block images in HTML messages
• Do not sign up to commercial mailing lists
• Do not reply to an email from a mailing list
 Cookies

• Cookies are small files that are stored on a user's computer.

• They are sent by a web server to a user's computer.
• The data gather by cookies doesn't contain personal data such
as passwords or credit card number.
• Cookies are a very efficient way of carrying data from one website
sessions to another.
Protection of data
➢biometrics
➢digital certificates
➢secure sockets layer (SSL)
➢encryption
➢firewalls
➢two-factor authentication
➢user ID and password
Authentication

Authentication is used to verify that data comes from a secure and

trusted source.

It works with encryption to strengthen internet security.

Digital Certificates
Authentication Method: Passwords
Biometrics
Biometrics
• Fingerprint scans
• Signature recognition
• Retina scans
• Iris recognition
• Face recognition
• Voice recognition
Fingerprint scanning techniques
Advantages
• Fingerprints are unique
• Other security devices (such as
magnetic cards) can be lost
• It would be impossible to ‘sign
in’ for somebody
• Fingerprint can’t be misplaced
Disadvantages
• Relatively expensive to install
and setup
• If fingers are damaged, it can
effect on scanning accuracy
• Some people may regard it as
and infringement of civil liberties
Signature recognition
Advantages
• Non-intrusive
• Require very little time to verify
• Relatively low-cost technology
Disadvantages
• High error rate
• If individuals do not sign their
name in a consistent manner
there may be problems with
verification
Retina scans
• Retina scans use infrared light to scan the unique pattern of blood
vessels in the retina.
• It is very secure as nobody has yet found a way to duplicate blood
vessels patterns.
Retina Scans
Advantages Disadvantages
• Very high accuracy • It is very intrusive
• There is no way to replicate a • It can be relatively slow to verify
person’s retina • Very expensive to install and
setup
Iris recognition
Advantages Disadvantages
• Very high accuracy • Very intrusive
• Verification times is less than • Uses a lot of memory for the
five seconds data to be stored
• Very expensive to install and
setup
Face recognition
Advantages Disadvantages
• Non-intrusive method • It is affected by changes in
• Inexpensive technology lighting, the person’s hair, age,
and if the person is wearing
glasses
Voice recognition
Advantages
• Non-intrusive method
• Verification takes less than five
seconds
• Inexpensive technology
Disadvantages
• A person’s voice can be recorded
easily and used for unauthorised
access
• Low accuracy
• An illness, such as cold, can
change voice, making
identifcation difficult
Digital certificates
• A digital certificate is a pair of files stored on a user's computer -
these are used in the security of data sent over the internet.
• Each pair of files is divided into:
• a public key (which is known by anyone)
• a private key (known to the computer user only).
Digital certificates
• The digital certificate is made up of six parts:
• the sender's email address
• the name of the digital certificate owner
• a serial number
• expiry date (the date range during which the certificate is
valid)
• public key (used for encrypting messages and for digital
signatures)
• digital signature of certificate authority
 Security protocols
• Security Protocols:
• Sets of rules used by computers to communicate with each other across
a network when using the internet
• Secure Sockets Layer (SSL)
• SSL allows data to be sent and received securely over the Internet.
• HTTPS (or) small padlock in the status bar
• Transport Layer Security (TLS)
Communication across a network using SSL
1. The user's web browser sends a message to web server by SSL
2. The user's web browser request that the web server identifies itself
3. The web server responds by a copy for SSL certificate to user's web browser
4. If the web browser can authenticate this certificate, web server allow to
communicate
5. The web server acknowledges the web browser and SSL data transfer begins

request that the web server identifies itself​

responds by a copy for SSL certificate

User's web Web Server
browser authenticate this certificate

acknowledges
Transport layer security (TLS)

• TLS is a form of protocol that ensures the security and privacy of

data between devices and users when commutating over the
internet.
• It is designed to provide encryption, authentication and data
integrity.
• TLS is formed of two layers:
• Record Protocol: Communication can be used with or without
encryption
• Handshake Protocol: To permit the user and web site to
authenticate each other
Encryption

• Encryption is used to protect data in case it has been hacked or

accessed illegally.
• It makes the data meaningless unless the recipient has the
necessary decryption.
• Encryption uses a secret key that has the capability of altering the
characters in a message.
• If the key is applied to a message, its contents is changed.
• Which then makes it unreadable unless the recipient has the same
secret key.
Encryption

The original message is known as plain text

The key used to encrypt the message is known as the encryption key

The key used to decrypt the message is known as the decryption key

When a message undergoes encryption is known as cypher text

Encryption key
Encryption process Cypher text
Plain text
Original plain text: Hello
Encryption Key: 123
Cypher text: Hello+123 > #$%^123456*(&)_^%xxxx34568

Decryption Key: 123

#$%^123456*(&)_^%xxxx34568 > Hello
Firewalls
• A firewall can be either software or hardware
• It sits between the user's computer and an external network.

Firewall
User's Computer Internet
(Software or Hardware)
Tasks carry out by firewall
• To examine the traffic between a user's computer and a public network
• Checks whether incoming or outgoing data meets a given set of criteria
• If data fails the criteria, the firewall will block the traffic and give the user a
warning that there may be a security issue
• The firewall can be used to log all incoming and outgoing traffic
• Firewall prevents access to certain undesirable sites
• Firewalls help prevent virus or hackers entering the user's computer
network
• Firewall prevents hackers gaining access to user's computer
Two-factor authentication
• is a form of verification which requires two methods of
authentication to verify who a user is
Password
• Should be a combination of letters and numbers that would be difficult for
somebody else to guess
• Strong passwords should contain upper case and lower-case characters, as
well as numbers and other keyboard symbols, for example: Rn5K;2mL/8.
• To help protect the system, users are only allowed to type in their
password a certain number of times
• Usually, three times is the maximum number of tries allowed
• The password is never shown on the computer screen for reasons of
security.
• Passwords should be changed on a regular basis in case they become
known to another user or even a hacker.
• it is important to prevent other people gaining access to your password by
way of spyware or viruses