Most organisations have numerous security measures
http://www.telecitygroup.com/data-centres/data-centre-security.htm


Passwords can be cracked using software that runs a program that tries many combinations to guess your password.
How strong is your password. check here

Jurassic Systems - a fun example of hacking

AuthenticationAuthentication requires users to prove their identity so a system knows they are genuine, authorised users. Authentication techniques can be divided into three catogories:
1. Something you know - passwords & PIN's
Passwords are currently one of the most common ways of securing data, hardware, and systems from unauthorised access.
Rules for selecting passwords:* use more than 12 characters
Biometric Authentication: How it works

2. Something you have - keys, security tokensexternal image Screen%20Shot%202014-03-05%20at%2008.50.34.png
A security token is a small hardware device that the owner carries to authorize access to a network service. The device may be in the form of a smart card or may be embedded in a commonly used object such as a key fob. Security tokens provide an extra level of assurance through a method known as two-factor authentication: the user has a personal identification number (PIN), which authorizes them as the owner of that particular device; the device then displays a number which uniquely identifies the user to the service, allowing them to log in.Advantages
Unlike a password, a security token is a physical object. A key fob, for example, is practical and easy to carry, and thus, easy for the user to protect. Even if the key fob falls into the wrong hands, however, it can't be used to gain access because the PIN (which only the rightful user knows) is also needed.
Article: Hackers tackle secure ID tokens - BBC Tech news March 2011
HSBC Security token demo

3. Something you are - biometrics
Finger print locks - biometrics (Video)





Biometric enrolment
Before they can be used biometric systems need to collect data during a process known as biometric enrolment. This involves collecting biometric samples from users along with their identity. When say the system takes a sample of a fingerprint, it does not store an image of the fingerprint. Instead the computer analyses the fingerprint, looking for key features and measurements, and produces a biometric template containing these values. See diagram below:
external image Screen%20Shot%202014-03-04%20at%2010.52.12.png


click image for full size


Biometric identification and National Identity cards

According to Google these are the definitions for "Biometrics" and "National Identity Cards"

Biometrics: A branch of biology that studies biological phenomena and observations by means of statistical analysis
National Identity Cards: A card that shows proof of age and nationality

Pros and Cons of Biometrics

Pros
Stops security threats such as terrorism in the country
Easily identifiable people
Can help to cut down crime
Can help to keep kids in school

Cons
You don't need permission to take someones Biometrics (LINK)
It is a massive invasion of privacy (Link)
Once the biometrics are taken the company that took them can sell them off to other company's
If misused can cause dangers to peoples health

Pros and cons link
Forget PINs - now you can withdraw cash with your VEINS: Hitachi rolls out biometric scanning technology for ATMs 1,730 cash machines in Poland are to be given 'Finger Vein' technology. This lets people scan their finger and withdraw money from an ATM.


National Identity Card

A national Identity card is a small plastic card that you carry around with you, it is used for identification of age and name.
they have been recently implemented in many different countries, for example the UK

NID cards

There is a social and ethical problem with using NID cards, for example..
If someone does not get a NID card then they can get arrested without bail until they have acquired the card.
If someone steals the card from you, you are without identification and therefore can be arrested.
It can cut down the crime rate in the country as everyone will be identifiable.
it is a gateway to more technological identification.

TASK,

You are to choose one news article / that you have researched regarding the various security aspects that we have covered thus far.
=

BIOMETRIC SECURITY=

Split into 3 groups and each group choose 1 of the biometric examples below

hand.jpegfingerprint.pngbody.jpeg

Find at least 5 measurements that a biometric system might take from this part of the bodyWhat problems might arise with this system in the short term?What problems might arise with this system in the long term?How unique is each measurement likely to be?What might appropriate places to use this system?


Paper 2 style question



Further reading* Buckeye Secure (Ohio State University guide to security)


Encryption


We will now learn about the next step in protecting data, by means of encryption. Make any enquiry about computer security, and you will almost immediately fall over the terms cryptography and encryption (and also decryption), but what exactly is meant by this? The Oxford English dictionary, defines cryptography as hidden writing. It has been around for a very long time.The Ancient Egyptians, the Arabs and the Romans developed their own encryption systems.

external image Screen%20Shot%202014-02-10%20at%2008.29.36.png?height=108&width=320The most famous encryption machine invented was the Enigma (see picture on the left),
used in the Second World War to send military messages and estimated to shorten the war by 2 years!



History of the Enigma machine Part 2 here
How the Enigma machine code worksHow the code was brokenEnigma simulator
How does cryptography & Encryption work?
One of the best examples of early cryptography is the Caesar cipher, named after Julius Caesar because he is thought to have used it even if he didn't actually invent it.
It works like this. Take a piece of paper and write along the top edge the alphabet. Take another piece of paper and do the same thing. You should then have two lines of letters like this:

ABCDEFGHIJKLMNOPQRSTUVWXYZ
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Now write your message. SEND MONEY TONIGHT

Move one of your pieces of paper along to the right one or more letters so that they no longer line up. That should look like this:

ABCDEFGHIJKLMNOPQRSTUVWXYZ
YZABCDEFGHIJKLMNOPQRSTUVWX
Now every time you see a letter of your message in the top line, write down instead the letter on the bottom line.

SEND MONEY TONIGHT becomes
QCLB KMLCW RMLGEFR

What you have done is performed a cryptographic transformation (encrypted) your message. In a real life scenario encryption keys are much more complex in order to prevent computers being used to crack the code. Very sophisticated algorithms are used which make the codes almost unbreakable




Encryption - How stuff works
Encryption - Try it for yourself


Secret or symmetric key encryption
The method described above, where the same key is used for both encryption and decryption, is known as secret key encryption (also called symmetric key encryption or single key encryption). A fundamental problem with this approach is that the key used for encryption and decryption must be kept secret. If someone discovers the key they could:
  • decrypt our private messages
  • decrypt messages with our key pretending to be us
  • external image Screen%20Shot%202014-03-03%20at%2011.06.18.png?height=173&width=320
In secret key encryption, the encryption key must be transported to the recipient, which is risky

Public and Private key encryption
A much better approach is public key encryption (also called asymmetric key encryption). This uses a key pair: a public key which is used only for encryption, and a private key which is used only for decryption.external image Screen%20Shot%202014-03-03%20at%2011.06.07.png?height=107&width=200


Digital signing & digital certificates
When Bob receives a message from Alice, how can he be sure it was really Alice who sent the message?

A digital certificate can be used to authenticate the sender of the message. Alice uses her private key to digitally sign her message. When Bob receives the message he can use Alice's public key to verify that Alice was the real sender.

However, how does Bob know that the message is from the correct Alice? An imposter could have claimed to be Alice and given Bob her own public key. To solve this problem , Bob can use Certificate Authority (CA) to verify the owner of the public key. Certificate authority's are resposibe for issuing digital certificates (key pairs) to organisations, after checking their identity.

We will first learn the basics on cryptography from the Encryption Tutorial. Another simple source is What is Cryptography? at WiseGeek.

Encryption ethics
Encryption is essential to many industries, including e-commerce and banking. Without encryption it would be too risky to purchase anything online.

However, strong encryption effectively guarantee that nobody without the encryption key can view the plaintext - including law enforcement officials. Different solutions have been suggested. The USA has proposed key escrow, where an authorised authority holds users' encryption keys, and reveals them to law enforcement if requested. In the year 2000, the UK passed the controversial Regulation of Investigatory Powers Act (RIPA) which required users to reveal their encryption keys when requested by authorities. Failure to do so could result in a two year prison sentence.

Read the following three articles which discuss the potential problems caused both by criminal and terrorist use of encryption, and by attempts to control the use of such technology:

Crypto kids - puzzles explanations

Yosemite offer encryption by default

TASK

Encryption Questions
(Use your book - page 106 onwards)

1. What is Encryption?
2. Encryption Ethics - Why is Encryption important?
See page 110 and come up with your own other example.

3. What is Symmetric encryption?
4. What is public key encryption? Asymmetric Encryption
5. What is a Digital Certificate?
6. Describe: TSL, SSL, WEP

Suppose you are an IT security consultant, and one of your clients asks you to review for him the various options (free and paid) that exist for encrypting sensitive data in his hard drive. Answer the following questions:

- Identify at least one piece of software for encrypting sensitive data.
- Write a sequence of instructions as to how to effectively encrypt the data.




Resources:





Hacking

http://computernetworkingnotes.com/network-security-access-lists-standards-and-extended/types-of-attack.html


We shall now look at the subculture of hacking, its potential threats and implications for individuals and societies.
Hacking refers to gaining unauthorised access to computer systems. This is usually done by exploiting weakenesses in the target system's security, such as problems with network security or vulnerabilities in specific software being used on the system.

We will start by watching the following video:
The History of Hacking, produced by the Discovery Channel


We will then read an article on the 15 Greatest Hacking Exploits.





Can you solve this!!! Puzzlers World - Hacker Puzzle

News
http://www.telegraph.co.uk/technology/news/9257405/Teenager-arrested-over-TeamPoison-hacking-attacks.html
http://www.itgsnews.com/2012/09/social-engineering-using-social-networks-to-hack.html

Task, Open a google doc, and create notes on the following, (in your 1.2 folder)

What is hacking?

What are the different ways someone can hack?

How can you protect yourself against hackers?




Viruses, Spam, Phishing and Pharming

Investigate computer crime
investigate software sabotageCrime prevention & software sabotage techniques

An example fishing letter I received
Mikko Hypponen: Fighting viruses defending the Net - TED Talks - July 2011
//Ted direct link//


An example of how a social engineering scam works:
Using social media to launch a cyberattack (Washington Post)


TASK 1 - create a google doc. Work as a group and include an example of each

Describe each of the following:

Phishing & pharming
Keystroke monitoring, botnets
Spyware, adware & spam
Viruses, worms, trojans


Research the following infamous computer viruses and worms
  • CIH/Chernobyl (1998)
  • Melissa (1999)
  • I love you (2000)
  • Code Red (2001)
  • Slammer (2003)
  • Zeus (2009)
  • Stuxnet (2010)

TASK 2 - (3 minute presentation) using Prezi

Include the following:
- Explanation of the internet threat
- Identify the ways users can be tricked into falling for this scam
- Describe the steps users can take to prevent this crime / scam
- Describe how computer security relates to personal privacy issues
- Extra - create your own scam!


Think you can outsmart the Internet scammers - Take the Phishing Quiz
Passed that one? OK, then try the Pharming Quiz


Resources
*