Security (cont) & Ethics
Authentication
- Verify that data comes from a trusted source:
- User authenticates themselves to a system (login)
- Website authenticates itself to prove it is legitimate
Think Pair Share
- What does it mean by user authenticate to a system?
- How do you authenticate yourself to a computer system?
User authentications
- Username and password
- Biometrics
- Use of unique characteristics in human body to authenticate
- For examples:
- ...
How hackers crack your password
Hackers use "brute-force" algorithm to test every combination of the password in order to crack the password.
Strong password is a password that is difficult to crack.
Write down the rules that makes password strong?
HowSecureIsMyPassword.net
Think Pair Share
Share your experience of biometric authentications.
Have you face any problem with that?
Digital certificate
- Digital certificate is for website to authenticate itself
- Help user to see if data is from authentic website
- Usually it is issued by a third-party authority
- Modern web browser may warn if there's problem with certificate
Encryption
- Encode data (plain text) into meaningless code (cypher text) so that only authorized party can access
- It involves encryption key - a particular pattern/method to encode and decode the message
- Hackers can still steal the message, but hard to retrieve the data
Symmetric key encryption
- Sender use a key to encode the message
- Receiver receive the cypher text
- Use the same key to decode the message
- i.e. Sender and receiver share the same key
Think Pair Share
For symmetric key encryption, sender/receiver needs to share the same key. What is the issue for this kind of process, if we use it in a website?
Asymmetric key encryption
- There are two keys - public and private key
- The receiver creates a private key, and generate the public key based on the private key
- Receiver sends the sender the public key
- Sender encodes the message using public key
- Receiver gets the cypher text and decode using private key
Asymmetric key (cont)
- The key for encode and decode is different
- Public key can ONLY encode, but cannot decode
- Only the private key can decode
Firewall
- In computing, a firewall is a network securitysystem that monitors and controls the incoming and outgoing network traffic based on predetermined security rules
Firewall
- Protects LAN from security threats
- Examines data packets to and from LAN
- Base on predefined rules, either allow or block the packets from passing through
- Rules can based on:
- IP Address and port
- Content type
- Application etc.
- Can be software or hardware
Proxy Server
- Act as intermediary between user and web server
- Proxy can:
- Filter request based on predetermined rules
- Keeping user's IP address secret
- Cache the data (improve speed in loading webpages)
- Act as firewall
Security Protocol
- SSL (Secure Sockets Layer)
- TLS (Transport Layer Security)
- Both are secure protocol for transferring data in Internet (encrypted data)
- TLS is the successor of SSL, which SSL is being obsoleted (i.e. most website and browser are using TLS)
Ethics
Think Pair Share
- What is the difference between ethics and legal?
- Give some example.
Discuss the followings about if it is ethical.
Copyright and Software
Copyright - Legally protected such that creator has exclusive right to distribute the work.
Piracy - Unauthorised use / reproduction of one's work
Plagiarism - Stealing the work of another without making reference to the source where it was obtained
Opensource
Free software
- Sometimes called "Opensource"
- Source code is available to public
- Free to modify, distribute, use, as long as original authors are credited
Properitary
- Source code is "closed"
- Prohibited to
- modify the code
- Copy/distribute
- Reverse engineering
Freeware
Proprietary software, but they are free (of charge)
Shareware
Proprietary software, free to use in either:
- a certain period of time
- a certain subset of functions
| Properitary | Open | |
|---|---|---|
| Price | ||
| Source code | ||
| Redistribution | ||
| Examples | ||