SAFETY AND SECURITY

Prepared by: Motiur

PHYSICAL SAFETY

2
E-SAFETY
▪ E-safety refers to the safety of data and personal information while using the internet.
▪ E-safety is required to make sure a user’s personal information is not made vulnerable and even leaked to
hacker’s for e.g., which can lead to identity fraud, bank A/C issues, etc.
Personal Data
▪ Any data regarding a living person who can be identified against the data or the data along with any other
information.
▪ Examples of personal data:
▪ Full Name
▪ Home Address
▪ Banking details (A/C no, pin, etc.)
▪ Medical history (suffered from depression, etc.)
▪ Personal data like ethnic origin, political views, criminal activity, mental health history,
▪ Sexual orientation and religion can be used to blackmail victims of data breaches

3
E-SAFETY
Personal Data
▪ If personal data is leaked (data breach), the following can occur:
▪ Identity theft
▪ Bank fraud
▪ Damages to personal property
▪ Kidnapping (if kidnappers get access to the victim’s address.
▪ Etc.

▪ To prevent the above, it is essential that personal data is protected.

▪ Personal data can be leaked intentionally and unintentionally. Electronic data is at risk due to: hacking, viruses,
spyware, phishing, pharming, Smishing, vishing, ransomware (A malicious program that encrypts data on a
computer system and demands for a ransom to provide and decrypt the data), spam, moderated and un-moderated
forums, cookies, etc.
▪ If a student shares a photograph of themselves in their school uniform on social media, then paedophiles, child
predators, kidnappers, etc. can physically reach the student. This should not be done

4
E-SAFETY
Internet Safety
▪ To keep personal data safe, one must:
▪ Not give unknown people (on the internet) personal
information or send pictures of oneself to them.
▪ Maintain privacy settings to control which cookies are on
their computer
▪ Use learner-friendly search engines and websites
recommended by your educational institution, e.g.znotes.org
▪ The website being accessed is from a trusted source, or has a
padlock symbol/ https protocol (s for secure):

5
E-SAFETY
Email Safety
▪ Open emails from known sources, and do not click on an emails with
hyperlinks without confirming with the sender of the email. Think before
opening an email from an unknown person, never send any other sensitive
information (picture in school uniform, credit card PIN, etc.)
▪ Ask their ISP to enable email filtering to classify spam emails as spam.

6
E-SAFETY
Social Media Safety
▪ Block and report users who seem suspicious or use inappropriate language
▪ Never use your real name, only use a nickname
▪ Use appropriate language
▪ Do not enter private chat rooms, as users can lure you into giving personal information by
seeming too nice.
▪ Do not meet anyone off the internet for the first time on your own, or at least speak to a
trusted adult first.
▪ Do not misuse images (of someone to blackmail them, for e.g.)
▪ Respect the confidentiality of other users

7
E-SAFETY
Online Games
▪ Similar measures apply to that taken when using social media.
▪ Additionally, players should be careful about:
▪ In-game violence
▪ Cyber bullying
▪ Keeping their webcams off (other potentially dangerous players have direct access to your
image)
▪ Predators may use voice masking technology to lure a user to reveal their age, sex, etc.
▪ Cyber-attacks involving viruses, ransomware, etc.

8
SECURITY OF DATA
Hacking
▪ Hackers are people who get into your computer system without having the rights. It can lead to corruption or
loss of data, or a data breach. Some prove that a system is vulnerable – maybe employed to test(ethical
hacking)
▪ Some want to steal data
▪ Alter or destroy data
▪ For fun or a challenge

▪ Prevention:
▪ Protect with authentication techniques (user ID and password, etc.)
▪ Have a backup of data in case of damage
▪ Firewalls

9
SECURITY OF DATA
User IDs Passwords
▪ To log on to a network, a user must type in a user ID ▪ After typing in the user ID, the user will be requested to
type in their password
▪ User ID assigns user privilege once user logs in
▪ Generally, it is a combination of letters and numbers
▪ The top-level privilege for a network is an administrator:
▪ Able to set passwords and delete files from the server ▪ Passwords are shown as stars (***) so nobody overlooking
etc. can see it

▪ User privilege may only allow access to their own work ▪ Many systems ask for a password to be typed in twice as a
area verification check in case of input errors
▪ To help protect the system, user has a finite number of
attempts
▪ If a password is forgotten, the administrator must reset it

▪ If a password is forgotten on a website, it will be sent to

your email.
10
SECURITY OF DATA
Biometric Data
▪ Uses features of the human body unique to every individual, such as fingerprints, retina, iris, face, and voice recognition.
It is used in authentication techniques as it is very difficult/impossible to replicate.

Advantages Disadvantages
▪ Usernames and passwords don’t have to be remembered ▪ The readers are expensive

▪ Almost impossible to replicate body parts. ▪ Damages in fingerprints can deny access

▪ Somebody else can’t gain access, like with a stolen card ▪ Some people worry about their personal information
being stored
▪ They can’t be forgotten, like a card

11
SECURITY OF DATA
Digital Certificate ▪ Web browser requests that the web server identify itself
▪ Web server responds by sending a copy of its SSL certificate
▪ A digital certificate is an electronic passport used in the
security of data sent over the internet. ▪ Web browser checks if certificate is authentic
▪ Sends signal back to web browser
▪ They can be attached with mails so that the receiver can
▪ Starts to transmit data once connection is established
know that the mail is sent from a trusted source.
▪ If not secure, the browser will display an open padlock
Secure Socket Layer (SSL)
Features of a Secure Web Page
▪ Type of protocol that allows data to be sent and received
securely over the internet ▪ Webpage URL: If the webpage is secure, it will start with
‘https’ instead of ‘http’
▪ When a user logs onto a website, SSL encrypts the data
▪ Padlock sign
▪ https or padlock in the status bar

▪ When a user wants to access a secure website:

▪ User’s web browser sends a message so it can connect with
the required website, which is secured by SSL

12
SECURITY OF DATA
Phishing
▪ Phishing is a fraudulent operation involving the use of emails
▪ The creator sends out a legitimate-looking email hoping to gather personal and financial information from the
recipient of the email
▪ The message appears to be from a legitimate source (e.g. a famous bank)
▪ When the user clicks on the link, they are sent to a spoof website
▪ They will be asked for personal info e.g. credit card details, PINs
▪ This could lead to identity theft
▪ ISPs attempt to filter out phishing emails

13
SECURITY OF DATA
Pharming
▪ Pharming is a scam in which malicious code is installed on a computer hard disk or a server

▪ This code can misdirect users to fraudulent websites without their knowledge

▪ Phishing requires an email to be sent to every person who has been targeted, while pharming does not require emails to
be sent out to anyone
▪ Pharming can target a larger group of people more easily

How pharming works:

▪ A hacker will infect the computer with a virus, either by sending an email or installing software on their computer when they first
visit their website
▪ Once infected, the virus sends user to a fake website that looks identical to the one they wanted to visit
▪ Personal info. from the user’s computer can be picked up by the pharmer/hacker
▪ Anti-spyware, anti-virus software or anti-pharming software can be used to identify this code and correct the corruption

14
SECURITY OF DATA
Smishing
▪ An attempt to extract a user’s confidential information via SMS(short message service) by tricking the user into downloading a Trojan
horse (a virus that masks itself).
▪ It is phishing via SMS.

Preventing Phishing, Pharming, & Smishing to meet in real life or acting suspicious, they should be reported
to cyber security agencies, or one’s parents/guardians.
▪ User education
▪ Websites/pop-ups can be made to mimic legitimate ones, or
▪ Set up anti-malware and anti-spyware software seem too good to be true, for e.g. lotrei.net instead of
lottery.com
▪ Enabling protocols such as SPF and DKIM
▪ Banks and organisations will never ask for a PIN to be entered
▪ Do not download random .exe (executable file formats), .php,
on a website like this.
.bat,.com etc.
▪ Users should be alert and look out for clues when being
redirected to other websites.
▪ Therefore, technology enables unauthorised users to gain
access to otherwise inaccessible information.
▪ If a person on the internet is asking for personal information, or
15
SECURITY OF DATA
Effects of phishing, pharming, and Smishing on a
user
▪ Personal and sensitive information is lost, which
can be used for previously stated purposes.
Moderated & Unmoderated Forums
▪ Online forums are places on the internet where
people can join discussions on almost any topic and
also add their views.
▪ There are two types of forums:

16
SECURITY OF DATA
Spam
▪ Spam is electronic junk mail and is a type of advertising from a company sent out to a target mailing list
▪ Harmless but can clog up networks and slow them down
▪ It is more of a nuisance than a security risk
▪ Many ISPs are good at filtering out spam, and preventing the user from getting these spam emails.
▪ It is often necessary to put a legitimate email address into a contact list to ensure wanted emails are not
filtered out by mistake

17
SECURITY OF DATA
Encryption
▪ The conversion of data to code by encoding it

▪ Done by using encryption software

▪ Since data is encoded, it appears meaningless to a hacker

▪ This technique prevents illegal access

▪ Necessary to use decryption software to decode the data

▪ Used to protect sensitive data e.g. banking details

▪ Encryption keys are complex algorithms which make codes almost unbreakable

18
SECURITY OF DATA
Computer Viruses
▪ It is a malicious program that replicates itself and is designed to cause harm to a computer system. They
spread through downloadable files, external storage media (e.g. pen drives, etc.)
▪ May cause the computer to crash
▪ Loss of files, corruption of the data

▪ Viruses infect computers through email attachments, illegal software or downloaded files
▪ Prevention of Viruses
▪ Antivirus software - Detects and then removes or isolates and uses firewalls
▪ Do not use illegal software
▪ Only download from reputable sites

19
SECURITY OF DATA
The threats of using credit cards online and
prevention:
▪ Phishing, pharming, and Smishing:
▪ Key logging/spyware: records the keys pressed on ▪ They trick you into revealing card and personal details as
a keyboard. response to messages or emails.
▪ It can be used to obtain credit card details, passwords, and ▪ Open attachments only from trusted sources.
personal information. ▪ Install anti-spyware software.
▪ Use virtual keyboards to type in passwords.
▪ Install anti-spyware software.
▪ Hacking into secure sites to obtain the details:
▪ Encrypting the details will make it of no use to the hacker.
▪ Bogus sites: sites that look exactly like the original ▪ Use strong passwords.
sites but aren’t. ▪ Use firewalls.
▪ They can steal your card details and personal information
when you make purchases. ▪ Tapping into wireless networks:
▪ Always type in URLs; sometimes, links in emails can be of ▪ Always use a password-protected Wi-Fi since it is relatively
bogus sites. hard to tap into a secured Wi-Fi

*ALL PREVENTION TECHNIQUES WRITTEN HERE ALSO APPLY TO THE THREATS IN GENERAL (NOT SPECIFIC TO CREDIT CARDS)*

20
SECURITY OF DATA
Cloud Storage
▪ Your data is stored remotely and not on your computer, so you don’t have control over the physical security of your data.

▪ Some of the data stored may be personal data, which are open to hackers and have to be encrypted in order to prevent hackers from
obtaining them.
▪ The company providing the storage may go out of business. In this case, what has to be done to the data will have to be considered.

▪ The company providing the storage will have to put in all its efforts and safety measures in order to keep your data safe.

▪ If the company providing the storage doesn’t back up your data, you may lose it in case of power cuts or fires, etc.

Firewalls
▪ A firewall sits between the user’s computer and an external network (internet) and filters information in and out of the computer

▪ Tasks carried out by firewall:

▪ Examining ‘traffic’
▪ Checking whether incoming or outgoing data meets criteria
▪ If data fails the criteria, the firewall blocks traffic.
▪ Firewall can keep a list of all undesirable IP addresses
▪ Helping to prevent viruses or hackers from entering the user’s computer

21
SECURITY OF DATA

Methods of Internet Security

22
23