The ICT Lounge
 
Section 8.3:
Security of Data against Hacking
 
We often use computers to store data that could be used for identity fraud purposes. Data such as bank details, passwords, private medical records etc. should all be secured against the possibly of theft.

This section discusses the different methods we can use to protect our private data against hackers.

Key Concepts of this section:
#
Understand what is meant by Hacking.
#
Know why it is important to protect data against hackers.
#
Be able to describe the measures that can be taken to protect data against hackers.

The effects of hacking
Key Words:
Hacking, Hacker, Key logger, Identity fraud, Theft.
What is hacking?
#

Hacking is where people access computer systems without permission. These people are known as 'hackers'.

Examples:
Hacking is accessing computer systems without permission.
 
Hackers will look for sensitive data like bank account numbers and passwords.
Hackers will steal personal data.
Hackers will look for and gather millions of email addresses in order to send spam.
Hackers will break into systems and delete important data just to cause a nuisance.
#
Most of the time, hackers will try to access the computer system using the internet.

#
Hackers will usually try to break into the system by simply guessing the password or by using a key logger.

A key logger is a special type of software that is secretly sent to a computer system and then 'logs' every key press that users of the system make.

The key press log is sent back to the hacker who then looks through the log for usernames and passwords which they can then use to hack into the system.

Why do people try to hack into computer systems?
#
Hackers try to break into computers for the following reasons:
  • To cause damage to files or data by deleting or changing them
  • To commit fraud by stealing data - (bank details for example)
  • To access sensitive information
  • To simply see if they are clever enough to beat the system's security.

What are the effects of hacking?
#
The effects of hacking can be serious and some of these are described in the table below:

Identity theft
Names, addresses, social security numbers etc. can all be stored on computers and, if stolen, can be used to commit identity fraud.

Theft of money
If hackers manage to obtain bank and credit card details, they can use them to steal cash.

Stealing of customer information
If a business computer is hacked into, customer information can be stolen.

The consequences of this would depend on what data was stolen, but would probably be for identity fraud or theft of cash.

Stealing email addresses
If email addresses are stolen, they could be used for spamming purposes.

NOTE: Spamming is where the same email is sent to large numbers of people.

Loss of important information
Sometimes hackers break into computers just to cause havoc. This can involve them deleting any information that looks important.

Some videos:
#
Here are some links to videos that contain more information about hacking and hackers:

PLACE VIDEOS HERE






 

Preventing hacking
Key Words:
Authentication, User-Id, Password, Biometrics.
Authentication techniques:
#

There are various methods you can use to help stop hackers from accessing your computer files and data.

Examples:
Data can be protected and locked against hackers.
#
The best method is to just check that a person accessing a computer system or a network is allowed to do so.

This is known as 'authentication'.

#
Common authentication techniques include:
#
Each of these authorisation techniques will be discussed in detail below:

User-Id's and Passwords

#
One of the best ways to prevent unauthorised access to a computer system or a network is to use user-id's and passwords.

Examples:
User-Id's and passwords protect systems against unauthorised access.
 
User-Id's give different access levels within a system.
Input masks hide your real password with stars.
A robust password should be a combination of letter, numbers, symbols and upper/lower case.
Passwords should never be written down.
Worst passwords
Some bad examples of passwords are shown below: (click image to zoom)
#
If the correct user (correct user-id) enters the correct password, they would be given access to the computer network.

Any errors would mean they are denied access because they are
unauthorised users.

User Id's:
#
A user-Id is usually a word or a number that identifies particular users as they log onto a computer system or a network.

User-Id's are unique and no two users will have the same Id.

This makes it possible for a network manager to to keep track of what each person does whilst logged on.

#
User-Id's give people access to certain areas or files within the computer.

For example:
Students cannot access the Teacher shared area on school networks but staff can.

Passwords:
#
Passwords should be combinations of letters, numbers and symbols.

#
A password should only be known by the user who owns it.

#
To help keep passwords secret, input masks are used to hide them whilst being entered.

NOTE:
Input masks usually make each character of a password look like a star (*).

For example: If my password was 1234, the input mask would make this look like **** to anyone trying to take a peak.


Features of a good password:
#
A good password should be robust.

Robust means 'hard to guess'.

#
Robust passwords should make use of the following features:
  • Include a mixture of letters, numbers and symbols - (grj, 727, @#$)
  • Include a mixture of UPPER and lower case letters
  • Don't use personal information about yourself that would be easy to guess - (like your name)
  • Don't use obvious combinations - (abcd, 1234 etc.).

How to use a password:
  • Change your password often
  • Keep your password secret- (never tell anyone)
  • Don't write your password down anywhere.

Some videos:
#
Here are some links to videos that contain more information about user-id's and passwords:

PLACE VIDEOS HERE





Biometric Authorisation
#
This method of security is where users are authenticated using one of their body parts.

Examples:
Eye scans can be used to authenticate users.
Face scans can be used to authenticate users.
Some modern smart phones use fingerprints to authenticate the owners of the device.
Biometric security methods are almost impossible to forge.
#
Common biometric authorisation methods include:
  • Face scans
  • Iris scans
  • Fingerprint scans.
For example:
In order to access a computer system or network, a user would prove they are authorised to use the system by having their thumbprint scanned into the system.

If their thumbprint matched the authorised thumbprint, the user would be given access.

If the thumbprint did not match, they would be denied access.

#
With biometric authorisation, the user's body parts replace a user-id and password.

#
This method of authorisation is considered to be more secure than user-id's and passwords.

For example:
It is possible to guess someone's password but you cannot forge their fingerprints.

Advantages of using biometric authentication:
#
The advantages of using biometric authentication methods (body parts) instead of traditional user-id's and passwords are described in the table below:
1.
Passwords can be forgotten. You cannot forget your eyes or fingers.
2.
It is not possible to forge body parts.

(Everyone has slightly different eyes, faces and fingerprints)
3.
It is also possible to write a password down and leave it somewhere for someone to find and use. This cannot happen with body parts as they are with you always.

Some videos:
Here are some links to videos that contain more information about biometric authentication:

PLACE VIDEOS HERE

Activity!

Click the above task and answer the questions about Data Security.

   

Please add your questions/comments below:
 

Links to Theory Units:
 
Links to Practical Units:
Section 11: File Management
Section 12: Images
Section 13: layout
Section 14: Styles
Section 15: Proofing
Section 16: Graphs and Charts
Section 17: Document Production
Section 18: Data Manipulation
Section 19: Presentations
Section 20: Data Analysis
Section 21: Website Authoring