Information and Communication Technology (0417) | Security of data

ICT 0417 Study Notes: Security of Data (Section 8.3)

Hello future ICT experts! Welcome to one of the most vital chapters in the syllabus: Security of Data. Think of your data—your photos, essays, and bank details—as valuable treasures. This chapter teaches you how to build the biggest, strongest safe possible to protect those treasures from digital thieves. Let’s learn the threats and the solutions!

Quick Review: Why is Data Security Important?

Data security is about keeping information confidential (only authorised people can see it) and ensuring its integrity (it hasn't been tampered with). Without strong security, businesses lose money, and individuals risk identity theft.

Part 1: Threats to Data (The Digital Dangers)

The first step in defense is knowing your enemy. Here are the main threats that can compromise your data:

1. Hacking (Unauthorized Access)

Definition: Hacking is when an individual gains unauthorised access to a computer system or network, usually with malicious intent (to steal, damage, or misuse data).

Analogy: A hacker is like a burglar breaking into your locked house (the network) to steal items (the data).

Protection Measures against Hacking:

• Use strong passwords and change them regularly.
• Install a firewall (see Part 2).
• Use encryption to make stolen data unreadable (see Part 2).
• Install anti-malware software.

2. Malicious Software (Viruses and Malware)

Definition: Malware (Malicious Software) is a broad term for programs designed to disrupt system operations, steal information, or gain unauthorized access. A Virus is a type of malware that self-replicates and attaches itself to other files.

Preventative Action against Viruses from Downloaded Files:

You need to be careful when downloading anything from the internet or transferring files using portable media (like a USB stick).

1. Scanning when Downloading: Always have up-to-date anti-malware/anti-virus software running. This software scans files in real-time as they are downloaded and blocks known threats.
2. Scanning Storage Media: If you plug in a USB stick, make sure your anti-virus software scans the storage media before you open any files on it.
3. Removing/Quarantining: If malware is detected, the software will either quarantine (isolate) the suspicious file or remove (delete) it completely.

3. Social Engineering Threats (The 'Phishing' Family)

These threats trick users into giving up personal information, rather than breaking into the system directly.

1. Phishing: Fraudulent communication (usually email) pretending to be from a trustworthy entity (like a bank or social media site) to steal sensitive data (usernames, passwords, credit card details). Analogy: A fisherman (the criminal) casts a wide net (the mass email) hoping to catch a victim.
2. Pharming: Redirecting a user to a fraudulent website, even if they typed the correct URL. This is done by poisoning DNS records.
3. Smishing: Phishing conducted via SMS (text messages).
4. Vishing: Phishing conducted via voice call (Voice phishing), often using automated systems that prompt you to enter card details.

How to Prevent Social Engineering Attacks:

• Never click on links or open attachments from unknown senders.
• If an email looks suspicious, check the sender’s address carefully.
• If prompted for login details, go directly to the company's official website (don't use the link in the email).
• Use up-to-date anti-spyware software.

4. Card Fraud

This involves the illegal use of payment cards (credit/debit cards).

• Shoulder Surfing: Physically looking over someone's shoulder (e.g., at an ATM or checkout) to steal their PIN or password. Prevention: Be discreet, shield the keypad.
• Card Cloning (Skimming): Copying the magnetic stripe data from a card, usually using a device secretly fitted to an ATM or POS terminal. Prevention: Check ATMs for unusual attachments, use chip and PIN where possible.
• Key Logging: Using software or hardware to record every keystroke made on a computer, capturing passwords, card numbers, and other sensitive information. Prevention: Use virtual keyboards for sensitive data entry, keep anti-malware updated.

Key Takeaway for Part 1: The threats are Hacking (system breaches), Malware (harmful software), Social Engineering (tricking users), and Card Fraud (stealing physical card details). Defence requires both technical tools and user awareness.

Part 2: Protection of Data (Building the Digital Safe)

We use various methods—often layered together—to ensure only authorised users access data, and that data remains safe even if it falls into the wrong hands.

1. Authentication Methods

User ID and Password

Purpose and Function: These are the most basic forms of security. The User ID identifies the user, and the password verifies that the user is who they claim to be. They increase security by limiting system access to only those who know the secret credentials.

To increase security, passwords must be strong (long, mixed case, numbers, symbols) and should be changed regularly.

Biometrics

Characteristics and Use: Biometrics use unique physical characteristics of a person (biometric data) to verify their identity.

Examples include: fingerprint recognition, iris/retina scanning, facial recognition, and voice recognition.
They are often used for high-security access control or unlocking mobile devices because they are much harder to fake than a password.

Two-Factor Authentication (2FA)

Purpose and Function: Two-factor authentication (2FA) requires a user to provide two different types of verification before gaining access.

Example: To log into your bank account, you might enter:
1. Something you know (Password)
2. Something you have (A unique, temporary code sent to your mobile phone).
Function: This significantly increases security because even if a hacker steals your password (Factor 1), they cannot access the account without also having your phone (Factor 2).

2. Data Security Measures

Encryption

Purpose: Encryption is the process of scrambling data into an unreadable format called ciphertext, using a complex key. Only those with the correct key can decrypt and read the original data (plaintext).

Encryption is essential for the protection of data in many places:

• Hard Discs: Protecting files stored on your computer if the device is lost or stolen.
• Email: Ensuring the contents of the email cannot be read by interceptors during transmission.
• Cloud Storage: Protecting data stored on remote servers.
• HTTPS Websites: Ensuring secure transmission over the internet (see SSL below).

Firewall

Purpose and Function: A firewall acts as a barrier (a digital wall) between a private network (like your home computer or school network) and external networks (like the Internet).

Function: It examines all incoming and outgoing network traffic based on a set of predetermined rules. It blocks unauthorized access and prevents harmful data packets from entering or leaving the system.

Secure Socket Layer (SSL) and Digital Certificates

When you browse the web securely, you will see 'HTTPS' and a padlock icon. This indicates security measures are in place.

1. Secure Socket Layer (SSL): This is the protocol that provides an encrypted link between the server (the website host) and the client computer (your web browser). It ensures that all data passed between them remains private and integral.
2. Digital Certificate: Before SSL can establish the encrypted link, the server presents a Digital Certificate.

Digital Certificate Purpose and Contents: The certificate acts like a digital passport, confirming that the website is legitimate.

Contents of a Digital Certificate include:

• The certificate holder's public key.
• The certificate holder's name and organisation.
• The certificate’s serial number and expiry date.
• The digital signature of the issuing authority (Certificate Authority).

Did you know? SSL has mostly been replaced by its successor, TLS (Transport Layer Security), but the name SSL is still widely used to describe the overall security process.

Congratulations! You now know the major threats to data and the powerful strategies used to keep information secure. Make sure you use these security measures in your own digital life!