Data Security GCSE ICT

Network Security Physical security means that the hardware of the network is protected from theft and kept safe. Access security means that there is a limit to the amount of access a user has to the information held on the network. Data security means that there are measures taken to prevent the loss of data held on the system.

Data Security Confidential information must be kept securely Only authorised personnel should have access to confidential information Pass ECDL4

Backing Up Data You should always back up your data on a regular basis Keep a second copy of important files on a external hard drive, zip disk, USB flash solid state drive or magnetic tape and store it separately from your PC Your data is much more valuable than your computer equipment - it’s priceless You can protect your PC equipment with insurance, but this will not replace your data! Pass ECDL4

Backing Up Data Backups should have a schedule e.g. taken every hour, every day etc State what media you will save it on State where the backups are kept Specify how data can be recovered from backup

Archiving Archiving is a backup that is taken in case the original is lost. Archives are the backups that are not needed in the immediate short term but maybe required for future reference Instead of saving these files on computer it is better to save them on backing removable storage (as mentioned previously) and store them in a fireproof building away from the main site

Protecting data from accidental destruction User errors – untrained users may accidently delete files or save work over other work Fire – use smoke alarms to detect fires early Flood damage – don’t locate computers on the ground floor Power loss – Use an auxiliary power supply that comes on when the main supply cuts out Test new software - so that it doesn’t crash the current system

Protecting data from deliberate destruction Ensure authorisation levels are in place. Access rights so that people higher up the organisation can access more data. Also the rights could be restricted to read only access, allow deletion or read/write access. User names and passwords are in place to prevent unauthorised access. Passwords should be a mix of numbers, letters and symbols and changed regularly Use CCTV Use virus checkers to check information is not corrupted Firewalls to prevent hackers from accessing data from the internet Use biometric methods e.g. fingerprinting, retina scanning, face recognition

Encrypting and monitoring Software & Transaction logs Encryption – is the process of coding files before they are sent over networks/internet to protect them from hackers. Also coding information on the pc so if the computer is stolen files cannot be read. Monitoring software monitors network usage for unusual activity e.g. entering lots of passwords to try and gain access, this would then lock them out of the network Transaction logs – they monitor usage and produce an audit trail e.g. a deleted file will have the date and time of deletion and which member of staff deleted it

Encryption Example When you put in your card or bank details the website converts these into code using an algorithm (a program written specifically to do this). So instead of transmitting your card details via your phone line to the store server it sends the encoded details instead. At the other end the receiving computers must have the same piece of software (algorithm) and a ‘KEY’. The ‘KEY’ is like a password which tells the system how to decode the information. In theory even if someone intercepts (steals) this data then they won’t be able to access your bank details as they don’t have the key.

Ways of protecting you and your computer and network There are now many company's offering users different packages to protect and prevent your computer and or network. Most of theses packages detect, quarantine and delete infected files And some monitor the websites accessed and links to other servers and or networks.

Computer Viruses Viruses are small programs which are designed to cause damage to a computer or whole networks. They can delete files, programs etc They can also spy on your online use. Examples Trojans, boot sector, key logging software tracks what you are typing e.g. a password etc Your PC can catch a virus by sharing files on disks/CDs, viewing/downloading files on the web, USB flash drives and from e-mail attachments (these may contain EXE. Files) The only protection against this is having anti-virus software installed on your machine Pass ECDL4

Protection against viruses Scan files for viruses before opening them Make sure you keep your antivirus software up to date – 300 viruses are released into the wild every month – it only takes one to wreak havoc on your computer. Run a scan regularly. If on broadband, install a firewall to keep hackers away from your personal data. These help to filter out unauthorised requests from outside users. Pass ECDL4

Malware Malicious software Programs that can alter systems software to redirect it to other sites Take over your computer remotely Programs that make your computer run slow Programs that make your computer freeze or crash Firewalls Pass ECDL4

Physical security for a network As well as security software you will need to protect your network in more conventional ways i.e. lock and key. Fire protection- fire doors, smoke doors, fire proof safes est. Alarms-rooms containing the server should be alarmed Locks-all rooms with services inside and have limited recorded access to them Visibility-avoid putting computers on ground flour and where they are visible to passes bye

Links to Progress Leisure Pre-Release From Progress Leisure pre-release material: Security methods, including two-factor authentication Policies and procedures for Internet access ‘Customers log on to the website through a web browser or smartphone app using two-factor authentication.’ ‘Before using the wireless network, customers must agree to the Progress Leisure Acceptable Use Policy.’

Policy and Security – Single-factor Authentication Single-factor authentication (SFA) is where the user can obtain access to an account or service using one factor such as a username and password. Risky if same password used for many applications Recommend using unique password for each application

Policy and Security – Two-factor Authentication Two-factor authentication is a security method by which users obtain access by providing two separate factors to identify themselves. Three different types of factors that can be used for authentication are: Knowledge factor – knowing a password / PIN number Possession factor – owning a membership card / mobile Biometric factor – human characteristic fingerprint/DNA

Policy and Security – Two-factor Authentication Bank card reader example Customer needs: PIN number (knowledge) and Debit card (possession) to log in to their account Customer places card in reader and enters PIN number. The passcode displayed on the card reader is entered into a web login page to allow the customer account access.

Policy and Security – Two-factor Authentication Mobile transaction numbers (mTANs) example Member needs: Password (knowledge) Mobile phone (possession) This simple method of two-factor authentication would be suitable for Progress Leisure, as members only need knowledge of their password and possession of one of the following: Their laptop/tablet computer and their mobile phone Their smartphone for direct login Member enters username and password into Progress Leisure login page Progress Leisure receives login request from member and texts security code to member’s mobile phone Member then enters the security code to log in to the website

Policy and Security – Two-factor Authentication Two-factor authentication benefits Greater security than simply password protection Deterrent as hackers are likely to avoid this more secure system Two-factor authentication limitations Phone or card/reader needed to log on Customers dislike the extra time taken to log on

Policy and Security – Further Security Methods Password advice Use strong passwords with a mixture of numbers, letters, symbols and lower/upper case Change passwords regularly Access rights – set up by system administrator to limit network access to relevant files only for a user Encryption – used to make stored data more secure, by making it unreadable to people who do not have the key to decode it

For a company being hacked into can have various consequences, some of which can be seen below For personal users it can be just as serious but for other reasons!!